1/* 2 * Copyright (c) 2000-2001,2003-2006,2013 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25// 26// dbcrypto - cryptographic core for database and key blob cryptography 27// 28#ifndef _H_DBCRYPTO 29#define _H_DBCRYPTO 30 31#include <securityd_client/ssblob.h> 32#include <security_cdsa_client/cspclient.h> 33#include <security_cdsa_client/keyclient.h> 34 35using namespace SecurityServer; 36 37 38// 39// A DatabaseCryptoCore object encapsulates the secret state of a database. 40// It provides for encoding and decoding of database blobs and key blobs, 41// and holds all state related to the database secrets. 42// 43class DatabaseCryptoCore { 44public: 45 DatabaseCryptoCore(); 46 virtual ~DatabaseCryptoCore(); 47 48 bool isValid() const { return mIsValid; } 49 bool hasMaster() const { return mHaveMaster; } 50 void invalidate(); 51 52 void generateNewSecrets(); 53 CssmClient::Key masterKey(); 54 55 void setup(const DbBlob *blob, const CssmData &passphrase); 56 void setup(const DbBlob *blob, CssmClient::Key master); 57 58 void decodeCore(const DbBlob *blob, void **privateAclBlob = NULL); 59 DbBlob *encodeCore(const DbBlob &blobTemplate, 60 const CssmData &publicAcl, const CssmData &privateAcl) const; 61 void importSecrets(const DatabaseCryptoCore &src); 62 63 KeyBlob *encodeKeyCore(const CssmKey &key, 64 const CssmData &publicAcl, const CssmData &privateAcl, 65 bool inTheClear) const; 66 void decodeKeyCore(KeyBlob *blob, 67 CssmKey &key, void * &pubAcl, void * &privAcl) const; 68 69 static const uint32 managedAttributes = KeyBlob::managedAttributes; 70 static const uint32 forcedAttributes = KeyBlob::forcedAttributes; 71 72 bool get_encryption_key(CssmOwnedData &data); 73 74public: 75 bool validatePassphrase(const CssmData &passphrase); 76 77private: 78 bool mHaveMaster; // master key has been entered (setup) 79 bool mIsValid; // master secrets are valid (decode or generateNew) 80 81 CssmClient::Key mMasterKey; // database master key 82 uint8 mSalt[20]; // salt for master key derivation from passphrase (only) 83 84 CssmClient::Key mEncryptionKey; // master encryption key 85 CssmClient::Key mSigningKey; // master signing key 86 87 CssmClient::Key deriveDbMasterKey(const CssmData &passphrase) const; 88 CssmClient::Key makeRawKey(void *data, size_t length, 89 CSSM_ALGORITHMS algid, CSSM_KEYUSE usage); 90}; 91 92 93#endif //_H_DBCRYPTO 94