]> git.saurik.com Git - apple/securityd.git/blob - src/dbcrypto.h
securityd-55137.5.tar.gz
[apple/securityd.git] / src / dbcrypto.h
1 /*
2 * Copyright (c) 2000-2001,2003-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // dbcrypto - cryptographic core for database and key blob cryptography
27 //
28 #ifndef _H_DBCRYPTO
29 #define _H_DBCRYPTO
30
31 #include <securityd_client/ssblob.h>
32 #include <security_cdsa_client/cspclient.h>
33 #include <security_cdsa_client/keyclient.h>
34
35 using namespace SecurityServer;
36
37
38 //
39 // A DatabaseCryptoCore object encapsulates the secret state of a database.
40 // It provides for encoding and decoding of database blobs and key blobs,
41 // and holds all state related to the database secrets.
42 //
43 class DatabaseCryptoCore {
44 public:
45 DatabaseCryptoCore();
46 virtual ~DatabaseCryptoCore();
47
48 bool isValid() const { return mIsValid; }
49 bool hasMaster() const { return mHaveMaster; }
50 void invalidate();
51
52 void generateNewSecrets();
53 CssmClient::Key masterKey();
54
55 void setup(const DbBlob *blob, const CssmData &passphrase);
56 void setup(const DbBlob *blob, CssmClient::Key master);
57
58 void decodeCore(const DbBlob *blob, void **privateAclBlob = NULL);
59 DbBlob *encodeCore(const DbBlob &blobTemplate,
60 const CssmData &publicAcl, const CssmData &privateAcl) const;
61 void importSecrets(const DatabaseCryptoCore &src);
62
63 KeyBlob *encodeKeyCore(const CssmKey &key,
64 const CssmData &publicAcl, const CssmData &privateAcl,
65 bool inTheClear) const;
66 void decodeKeyCore(KeyBlob *blob,
67 CssmKey &key, void * &pubAcl, void * &privAcl) const;
68
69 static const uint32 managedAttributes = KeyBlob::managedAttributes;
70 static const uint32 forcedAttributes = KeyBlob::forcedAttributes;
71
72 public:
73 bool validatePassphrase(const CssmData &passphrase);
74
75 private:
76 bool mHaveMaster; // master key has been entered (setup)
77 bool mIsValid; // master secrets are valid (decode or generateNew)
78
79 CssmClient::Key mMasterKey; // database master key
80 uint8 mSalt[20]; // salt for master key derivation from passphrase (only)
81
82 CssmClient::Key mEncryptionKey; // master encryption key
83 CssmClient::Key mSigningKey; // master signing key
84
85 CssmClient::Key deriveDbMasterKey(const CssmData &passphrase) const;
86 CssmClient::Key makeRawKey(void *data, size_t length,
87 CSSM_ALGORITHMS algid, CSSM_KEYUSE usage);
88 };
89
90
91 #endif //_H_DBCRYPTO