]>
git.saurik.com Git - apple/securityd.git/blob - src/dbcrypto.h
2 * Copyright (c) 2000-2001,2003-2004 Apple Computer, Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // dbcrypto - cryptographic core for database and key blob cryptography
31 #include <securityd_client/ssblob.h>
32 #include <security_cdsa_client/cspclient.h>
33 #include <security_cdsa_client/keyclient.h>
35 using namespace SecurityServer
;
39 // A DatabaseCryptoCore object encapsulates the secret state of a database.
40 // It provides for encoding and decoding of database blobs and key blobs,
41 // and holds all state related to the database secrets.
43 class DatabaseCryptoCore
{
46 virtual ~DatabaseCryptoCore();
48 bool isValid() const { return mIsValid
; }
49 bool hasMaster() const { return mHaveMaster
; }
52 void generateNewSecrets();
53 CssmClient::Key
masterKey();
55 void setup(const DbBlob
*blob
, const CssmData
&passphrase
);
56 void setup(const DbBlob
*blob
, CssmClient::Key master
);
58 void decodeCore(DbBlob
*blob
, void **privateAclBlob
= NULL
);
59 DbBlob
*encodeCore(const DbBlob
&blobTemplate
,
60 const CssmData
&publicAcl
, const CssmData
&privateAcl
) const;
61 void importSecrets(const DatabaseCryptoCore
&src
);
63 KeyBlob
*encodeKeyCore(const CssmKey
&key
,
64 const CssmData
&publicAcl
, const CssmData
&privateAcl
) const;
65 void decodeKeyCore(KeyBlob
*blob
,
66 CssmKey
&key
, void * &pubAcl
, void * &privAcl
) const;
68 static const uint32 managedAttributes
= KeyBlob::managedAttributes
;
69 static const uint32 forcedAttributes
= KeyBlob::forcedAttributes
;
72 bool validatePassphrase(const CssmData
&passphrase
);
75 bool mHaveMaster
; // master key has been entered (setup)
76 bool mIsValid
; // master secrets are valid (decode or generateNew)
78 CssmClient::Key mMasterKey
; // database master key
79 uint8 mSalt
[20]; // salt for master key derivation from passphrase (only)
81 CssmClient::Key mEncryptionKey
; // master encryption key
82 CssmClient::Key mSigningKey
; // master signing key
84 CssmClient::Key
deriveDbMasterKey(const CssmData
&passphrase
) const;
85 CssmClient::Key
makeRawKey(void *data
, size_t length
,
86 CSSM_ALGORITHMS algid
, CSSM_KEYUSE usage
);