securityd-55199.3.tar.gz

[apple/securityd.git] / src / localkey.cpp

diff --git a/src/localkey.cpp b/src/localkey.cpp
index 4550d60e96a502339cc6f277b69bec44fa8a2679..c8cb9fe5cf46c74db67e5401a0083b4125447ac2 100644 (file)
--- a/src/localkey.cpp
+++ b/src/localkey.cpp
@@ -3,8 +3,6 @@
  * 
  * @APPLE_LICENSE_HEADER_START@
  * 
  * 
  * @APPLE_LICENSE_HEADER_START@
  * 

- * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
- * 

  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in


@@ -36,35 +34,26 @@
 //
 // Create a Key from an explicit CssmKey.
 //
 //
 // Create a Key from an explicit CssmKey.
 //

-LocalKey::LocalKey(Database &db, const CssmKey &newKey, uint32 moreAttributes,
-       const AclEntryPrototype *owner)
-       : mDigest(Server::csp().allocator())
+LocalKey::LocalKey(Database &db, const CssmKey &newKey, CSSM_KEYATTR_FLAGS moreAttributes)
+       : Key(db), mDigest(Server::csp().allocator())

 {
 {

-       referent(db);

        mValidKey = true;
        setup(newKey, moreAttributes);
        mValidKey = true;
        setup(newKey, moreAttributes);

-       
-       // establish initial ACL; reinterpret empty (null-list) owner as NULL for resilence's sake
-       if (owner && !owner->subject().empty())
-               cssmSetInitial(*owner);                                 // specified
-       else
-               cssmSetInitial(new AnyAclSubject());    // defaulted
-    secdebug("SSkey", "%p (handle 0x%lx) created from key alg=%ld use=0x%lx attr=0x%lx db=%p",
+    secdebug("SSkey", "%p (handle %#x) created from key alg=%u use=0x%x attr=0x%x db=%p",

         this, handle(), mKey.header().algorithm(), mKey.header().usage(), mAttributes, &db);
 }
 
 
         this, handle(), mKey.header().algorithm(), mKey.header().usage(), mAttributes, &db);
 }
 
 

-LocalKey::LocalKey(Database &db)
-       : mValidKey(false), mAttributes(0), mDigest(Server::csp().allocator())
+LocalKey::LocalKey(Database &db, CSSM_KEYATTR_FLAGS attributes)
+       : Key(db), mValidKey(false), mAttributes(attributes), mDigest(Server::csp().allocator())

 {
 {

-       referent(db);

 }
 
 
 //
 // Set up the CssmKey part of this Key according to instructions.
 //
 }
 
 
 //
 // Set up the CssmKey part of this Key according to instructions.
 //

-void LocalKey::setup(const CssmKey &newKey, uint32 moreAttributes)
+void LocalKey::setup(const CssmKey &newKey, CSSM_KEYATTR_FLAGS moreAttributes)

 {
        mKey = CssmClient::Key(Server::csp(), newKey, false);
     CssmKey::Header &header = mKey->header();
 {
        mKey = CssmClient::Key(Server::csp(), newKey, false);
     CssmKey::Header &header = mKey->header();


@@ -90,6 +79,16 @@ LocalKey::~LocalKey()
 }
 
 
 }
 
 

+void LocalKey::setOwner(const AclEntryPrototype *owner)
+{
+       // establish initial ACL; reinterpret empty (null-list) owner as NULL for resilence's sake
+       if (owner && !owner->subject().empty())
+               acl().cssmSetInitial(*owner);                                   // specified
+       else
+               acl().cssmSetInitial(new AnyAclSubject());              // defaulted
+}
+
+

 LocalDatabase &LocalKey::database() const
 {
        return referent<LocalDatabase>();
 LocalDatabase &LocalKey::database() const
 {
        return referent<LocalDatabase>();


@@ -102,6 +101,7 @@ LocalDatabase &LocalKey::database() const
 //
 CssmClient::Key LocalKey::keyValue()
 {
 //
 CssmClient::Key LocalKey::keyValue()
 {

+       StLock<Mutex> _(*this);

     if (!mValidKey) {
                getKey();
                mValidKey = true;
     if (!mValidKey) {
                getKey();
                mValidKey = true;


@@ -110,13 +110,24 @@ CssmClient::Key LocalKey::keyValue()
 }
 
 
 }
 
 

+//
+// Return external key attributees
+//
+CSSM_KEYATTR_FLAGS LocalKey::attributes()
+{
+       return mAttributes;
+}
+
+

 //
 // Return a key's handle and header in external form
 //
 //
 // Return a key's handle and header in external form
 //

-void LocalKey::returnKey(Handle &h, CssmKey::Header &hdr)
+void LocalKey::returnKey(U32HandleObject::Handle &h, CssmKey::Header &hdr)

 {
 {

+       StLock<Mutex> _(*this);
+

     // return handle
     // return handle

-    h = handle();
+    h = this->handle();

        
        // obtain the key header, from the valid key or the blob if no valid key
        if (mValidKey) {
        
        // obtain the key header, from the valid key or the blob if no valid key
        if (mValidKey) {


@@ -137,6 +148,7 @@ void LocalKey::returnKey(Handle &h, CssmKey::Header &hdr)
 //
 const CssmData &LocalKey::canonicalDigest()
 {
 //
 const CssmData &LocalKey::canonicalDigest()
 {

+       StLock<Mutex> _(*this);

        if (!mDigest) {
                CssmClient::PassThrough ctx(Server::csp());
                ctx.key(keyValue());
        if (!mDigest) {
                CssmClient::PassThrough ctx(Server::csp());
                ctx.key(keyValue());


@@ -162,3 +174,21 @@ void LocalKey::getHeader(CssmKey::Header &)
 {
        assert(false);
 }
 {
        assert(false);
 }

+
+
+//
+// Form a KeySpec with checking and masking
+//
+LocalKey::KeySpec::KeySpec(CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attrs)
+       : CssmClient::KeySpec(usage, (attrs & ~managedAttributes) | forcedAttributes)
+{
+       if (attrs & generatedAttributes)
+               CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+}
+
+LocalKey::KeySpec::KeySpec(CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attrs, const CssmData &label)
+       : CssmClient::KeySpec(usage, (attrs & ~managedAttributes) | forcedAttributes, label)
+{
+       if (attrs & generatedAttributes)
+               CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+}