src/localkey.cpp

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
   7  *
   8  * This file contains Original Code and/or Modifications of Original Code
   9  * as defined in and that are subject to the Apple Public Source License
  10  * Version 2.0 (the 'License'). You may not use this file except in
  11  * compliance with the License. Please obtain a copy of the License at
  12  * http://www.opensource.apple.com/apsl/ and read it before using this
  13  * file.
  14  *
  15  * The Original Code and all software distributed under the License are
  16  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  17  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  18  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  20  * Please see the License for the specific language governing rights and
  21  * limitations under the License.
  22  *
  23  * @APPLE_LICENSE_HEADER_END@
  24  */
  25
  26
  27 //
  28 // localkey - Key objects that store a local CSSM key object
  29 //
  30 #include "localkey.h"
  31 #include "server.h"
  32 #include "database.h"
  33 #include <security_cdsa_utilities/acl_any.h>
  34
  35
  36 //
  37 // Create a Key from an explicit CssmKey.
  38 //
  39 LocalKey::LocalKey(Database &db, const CssmKey &newKey, uint32 moreAttributes,
  40         const AclEntryPrototype *owner)
  41         : mDigest(Server::csp().allocator())
  42 {
  43         referent(db);
  44         mValidKey = true;
  45         setup(newKey, moreAttributes);
  46
  47         // establish initial ACL; reinterpret empty (null-list) owner as NULL for resilence's sake
  48         if (owner && !owner->subject().empty())
  49                 cssmSetInitial(*owner);                                 // specified
  50         else
  51                 cssmSetInitial(new AnyAclSubject());    // defaulted
  52     secdebug("SSkey", "%p (handle 0x%lx) created from key alg=%ld use=0x%lx attr=0x%lx db=%p",
  53         this, handle(), mKey.header().algorithm(), mKey.header().usage(), mAttributes, &db);
  54 }
  55
  56
  57 LocalKey::LocalKey(Database &db)
  58         : mValidKey(false), mAttributes(0), mDigest(Server::csp().allocator())
  59 {
  60         referent(db);
  61 }
  62
  63
  64 //
  65 // Set up the CssmKey part of this Key according to instructions.
  66 //
  67 void LocalKey::setup(const CssmKey &newKey, uint32 moreAttributes)
  68 {
  69         mKey = CssmClient::Key(Server::csp(), newKey, false);
  70     CssmKey::Header &header = mKey->header();
  71
  72         // copy key header
  73         header = newKey.header();
  74     mAttributes = (header.attributes() & ~forcedAttributes) | moreAttributes;
  75
  76         // apply initial values of derived attributes (these are all in managedAttributes)
  77     if (!(mAttributes & CSSM_KEYATTR_EXTRACTABLE))
  78         mAttributes |= CSSM_KEYATTR_NEVER_EXTRACTABLE;
  79     if (mAttributes & CSSM_KEYATTR_SENSITIVE)
  80         mAttributes |= CSSM_KEYATTR_ALWAYS_SENSITIVE;
  81
  82     // verify internal/external attribute separation
  83     assert((header.attributes() & managedAttributes) == forcedAttributes);
  84 }
  85
  86
  87 LocalKey::~LocalKey()
  88 {
  89     secdebug("SSkey", "%p destroyed", this);
  90 }
  91
  92
  93 LocalDatabase &LocalKey::database() const
  94 {
  95         return referent<LocalDatabase>();
  96 }
  97
  98
  99 //
 100 // Retrieve the actual CssmKey value for the key object.
 101 // This will decode its blob if needed (and appropriate).
 102 //
 103 CssmClient::Key LocalKey::keyValue()
 104 {
 105     if (!mValidKey) {
 106                 getKey();
 107                 mValidKey = true;
 108         }
 109     return mKey;
 110 }
 111
 112
 113 //
 114 // Return a key's handle and header in external form
 115 //
 116 void LocalKey::returnKey(Handle &h, CssmKey::Header &hdr)
 117 {
 118     // return handle
 119     h = handle();
 120
 121         // obtain the key header, from the valid key or the blob if no valid key
 122         if (mValidKey) {
 123                 hdr = mKey.header();
 124         } else {
 125                 getHeader(hdr);
 126         }
 127
 128     // adjust for external attributes
 129         hdr.clearAttribute(forcedAttributes);
 130     hdr.setAttribute(mAttributes);
 131 }
 132
 133
 134 //
 135 // Generate the canonical key digest.
 136 // This is defined by a CSP feature that we invoke here.
 137 //
 138 const CssmData &LocalKey::canonicalDigest()
 139 {
 140         if (!mDigest) {
 141                 CssmClient::PassThrough ctx(Server::csp());
 142                 ctx.key(keyValue());
 143                 CssmData *digest = NULL;
 144                 ctx(CSSM_APPLECSP_KEYDIGEST, (const void *)NULL, &digest);
 145                 assert(digest);
 146                 mDigest.set(*digest);   // takes ownership of digest data
 147                 Server::csp().allocator().free(digest); // the CssmData itself
 148         }
 149         return mDigest.get();
 150 }
 151
 152
 153 //
 154 // Default getKey/getHeader calls - should never be called
 155 //
 156 void LocalKey::getKey()
 157 {
 158         assert(false);
 159 }
 160
 161 void LocalKey::getHeader(CssmKey::Header &)
 162 {
 163         assert(false);
 164 }