src/tempdatabase.cpp

   1 /*
   2  * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
   7  *
   8  * This file contains Original Code and/or Modifications of Original Code
   9  * as defined in and that are subject to the Apple Public Source License
  10  * Version 2.0 (the 'License'). You may not use this file except in
  11  * compliance with the License. Please obtain a copy of the License at
  12  * http://www.opensource.apple.com/apsl/ and read it before using this
  13  * file.
  14  *
  15  * The Original Code and all software distributed under the License are
  16  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  17  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  18  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  20  * Please see the License for the specific language governing rights and
  21  * limitations under the License.
  22  *
  23  * @APPLE_LICENSE_HEADER_END@
  24  */
  25
  26
  27 //
  28 // tempdatabase - temporary (scratch) storage for keys
  29 //
  30 #include <security_cdsa_utilities/cssmdata.h>
  31 #include <security_cdsa_utilities/cssmkey.h>
  32 #include <security_cdsa_client/wrapkey.h>
  33 #include "tempdatabase.h"
  34 #include "localkey.h"
  35 #include "server.h"
  36 #include "session.h"
  37 #include "agentquery.h"
  38
  39
  40 class TempKey : public LocalKey {
  41 public:
  42         TempKey(Database &db, const CssmKey &newKey, uint32 moreAttributes,
  43                 const AclEntryPrototype *owner = NULL);
  44 };
  45
  46
  47
  48 TempKey::TempKey(Database &db, const CssmKey &newKey, uint32 moreAttributes,
  49                 const AclEntryPrototype *owner)
  50         : LocalKey(db, newKey, moreAttributes, owner)
  51 {
  52         secdebug("SS adhoc", "Creating temporary (local) key"); // XXX/gh
  53         db.addReference(*this);
  54 }
  55
  56
  57 //
  58 // Create a Database object from initial parameters (create operation)
  59 //
  60 TempDatabase::TempDatabase(Process &proc)
  61         : LocalDatabase(proc)
  62 {
  63         proc.addReference(*this);
  64 }
  65
  66
  67 //
  68 // A LocalDatabase itself doesn't really have a database name,
  69 // but here's an innocent placeholder.
  70 //
  71 const char *TempDatabase::dbName() const
  72 {
  73         return "(transient)";
  74 }
  75
  76
  77 //
  78 // Invoke the Security Agent to get a passphrase (other than for a Keychain)
  79 //
  80 void TempDatabase::getSecurePassphrase(const Context &context,
  81                                                                            string &passphrase)
  82 {
  83     uint32 verify = context.getInt(CSSM_ATTRIBUTE_VERIFY_PASSPHRASE, CSSMERR_CSSM_ATTRIBUTE_NOT_IN_CONTEXT);
  84
  85     CssmData *promptData = context.get<CssmData>(CSSM_ATTRIBUTE_PROMPT);
  86     const char *prompt = NULL;
  87
  88         if (promptData)
  89                 prompt = *promptData;
  90
  91     QueryGenericPassphrase agentQuery;
  92     agentQuery.inferHints(Server::process());
  93     agentQuery(prompt, verify, passphrase);
  94 }
  95
  96
  97 void TempDatabase::makeSecurePassphraseKey(const Context &context,
  98                                                                                    const AccessCredentials *cred,
  99                                                                                    const AclEntryPrototype *owner,
 100                                                                                    uint32 usage, uint32 attrs,
 101                                                                                    RefPointer<Key> &newKey)
 102 {
 103         secdebug("SSdb", "requesting secure passphrase");
 104
 105         string passphrase;
 106         getSecurePassphrase(context, passphrase);
 107
 108         secdebug("SSdb", "wrapping securely-obtained passphrase as key");
 109
 110         // CssmKey rawKey(StringData(passphrase)) confuses gcc
 111         StringData passphraseData(passphrase);
 112         CssmKey rawKey(passphraseData);
 113         rawKey.algorithm(context.algorithm());
 114         rawKey.blobType(CSSM_KEYBLOB_RAW);
 115         rawKey.blobFormat(CSSM_KEYBLOB_WRAPPED_FORMAT_NONE);
 116         rawKey.keyClass(CSSM_KEYCLASS_SESSION_KEY);
 117
 118         CssmClient::UnwrapKey unwrap(Server::csp(), CSSM_ALGID_NONE);
 119         CssmKey cspKey;
 120         unwrap(rawKey, Key::KeySpec(usage, attrs), cspKey);
 121
 122         newKey = makeKey(cspKey, attrs & Key::managedAttributes, owner);
 123 }
 124
 125
 126 //
 127 // Obtain "secure passphrases" for the CSP.  Useful for PKCS 12.
 128 //
 129 void TempDatabase::generateKey(const Context &context,
 130                                                            const AccessCredentials *cred,
 131                                                            const AclEntryPrototype *owner,
 132                                                            uint32 usage, uint32 attrs,
 133                                                            RefPointer<Key> &newKey)
 134 {
 135         switch (context.algorithm())
 136         {
 137                 case CSSM_ALGID_SECURE_PASSPHRASE:
 138                         makeSecurePassphraseKey(context, cred, owner, usage, attrs, newKey);
 139                         break;
 140                 default:
 141                         LocalDatabase::generateKey(context, cred, owner, usage, attrs, newKey);
 142                         return;
 143         }
 144 }
 145
 146
 147 //
 148 // Make a new TempKey
 149 //
 150 RefPointer<Key> TempDatabase::makeKey(const CssmKey &newKey,
 151         uint32 moreAttributes, const AclEntryPrototype *owner)
 152 {
 153         return new TempKey(*this, newKey, moreAttributes, owner);
 154 }