1/* 2 * Copyright (c) 1999-2001,2004,2011,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 * 23 * cssmkrapi.h -- Application Programmers Interface for Key Recovery Modules 24 */ 25 26#ifndef _CSSMKRAPI_H_ 27#define _CSSMKRAPI_H_ 1 28 29#include <Security/cssmtype.h> 30 31#ifdef __cplusplus 32extern "C" { 33#endif 34 35typedef uint32 CSSM_KRSP_HANDLE; /* Key Recovery Service Provider Handle */ 36 37typedef struct cssm_kr_name { 38 uint8 Type; /* namespace type */ 39 uint8 Length; /* name string length */ 40 char *Name; /* name string */ 41} CSSM_KR_NAME DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 42 43typedef struct cssm_kr_profile { 44 CSSM_KR_NAME UserName; /* name of the user */ 45 CSSM_CERTGROUP_PTR UserCertificate; /* public key certificate of the user */ 46 CSSM_CERTGROUP_PTR KRSCertChain; /* cert chain for the KRSP coordinator */ 47 uint8 LE_KRANum; /* number of KRA cert chains in the following list */ 48 CSSM_CERTGROUP_PTR LE_KRACertChainList; /* list of Law enforcement KRA certificate chains */ 49 uint8 ENT_KRANum; /* number of KRA cert chains in the following list */ 50 CSSM_CERTGROUP_PTR ENT_KRACertChainList; /* list of Enterprise KRA certificate chains */ 51 uint8 INDIV_KRANum; /* number of KRA cert chains in the following list */ 52 CSSM_CERTGROUP_PTR INDIV_KRACertChainList; /* list of Individual KRA certificate chains */ 53 CSSM_DATA_PTR INDIV_AuthenticationInfo; /* authentication information for individual key recovery */ 54 uint32 KRSPFlags; /* flag values to be interpreted by KRSP */ 55 CSSM_DATA_PTR KRSPExtensions; /* reserved for extensions specific to KRSPs */ 56} CSSM_KR_PROFILE DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER, *CSSM_KR_PROFILE_PTR DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 57 58typedef struct cssm_kr_wrappedproductinfo { 59 CSSM_VERSION StandardVersion; 60 CSSM_STRING StandardDescription; 61 CSSM_VERSION ProductVersion; 62 CSSM_STRING ProductDescription; 63 CSSM_STRING ProductVendor; 64 uint32 ProductFlags; 65} CSSM_KR_WRAPPEDPRODUCT_INFO DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER, *CSSM_KR_WRAPPEDPRODUCT_INFO_PTR DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 66 67typedef struct cssm_krsubservice { 68 uint32 SubServiceId; 69 char *Description; /* Description of this sub service */ 70 CSSM_KR_WRAPPEDPRODUCT_INFO WrappedProduct; 71} CSSM_KRSUBSERVICE, *CSSM_KRSUBSERVICE_PTR; 72 73typedef uint32 CSSM_KR_POLICY_TYPE; 74#define CSSM_KR_INDIV_POLICY (0x00000001) 75#define CSSM_KR_ENT_POLICY (0x00000002) 76#define CSSM_KR_LE_MAN_POLICY (0x00000003) 77#define CSSM_KR_LE_USE_POLICY (0x00000004) 78 79typedef uint32 CSSM_KR_POLICY_FLAGS; 80 81#define CSSM_KR_INDIV (0x00000001) 82#define CSSM_KR_ENT (0x00000002) 83#define CSSM_KR_LE_MAN (0x00000004) 84#define CSSM_KR_LE_USE (0x00000008) 85#define CSSM_KR_LE (CSSM_KR_LE_MAN | CSSM_KR_LE_USE) 86#define CSSM_KR_OPTIMIZE (0x00000010) 87#define CSSM_KR_DROP_WORKFACTOR (0x00000020) 88 89typedef struct cssm_kr_policy_list_item { 90 struct kr_policy_list_item *next; 91 CSSM_ALGORITHMS AlgorithmId; 92 CSSM_ENCRYPT_MODE Mode; 93 uint32 MaxKeyLength; 94 uint32 MaxRounds; 95 uint8 WorkFactor; 96 CSSM_KR_POLICY_FLAGS PolicyFlags; 97 CSSM_CONTEXT_TYPE AlgClass; 98} CSSM_KR_POLICY_LIST_ITEM DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER, *CSSM_KR_POLICY_LIST_ITEM_PTR DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 99 100typedef struct cssm_kr_policy_info { 101 CSSM_BOOL krbNotAllowed; 102 uint32 numberOfEntries; 103 CSSM_KR_POLICY_LIST_ITEM *policyEntry; 104} CSSM_KR_POLICY_INFO DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER, *CSSM_KR_POLICY_INFO_PTR DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 105 106 107/* Key Recovery Module Mangement Operations */ 108 109CSSM_RETURN CSSMAPI 110CSSM_KR_SetEnterpriseRecoveryPolicy (const CSSM_DATA *RecoveryPolicyFileName, 111 const CSSM_ACCESS_CREDENTIALS *OldPassPhrase, 112 const CSSM_ACCESS_CREDENTIALS *NewPassPhrase) 113 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 114 115 116/* Key Recovery Context Operations */ 117 118CSSM_RETURN CSSMAPI 119CSSM_KR_CreateRecoveryRegistrationContext (CSSM_KRSP_HANDLE KRSPHandle, 120 CSSM_CC_HANDLE *NewContext) 121 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 122 123CSSM_RETURN CSSMAPI 124CSSM_KR_CreateRecoveryEnablementContext (CSSM_KRSP_HANDLE KRSPHandle, 125 const CSSM_KR_PROFILE *LocalProfile, 126 const CSSM_KR_PROFILE *RemoteProfile, 127 CSSM_CC_HANDLE *NewContext) 128 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 129 130CSSM_RETURN CSSMAPI 131CSSM_KR_CreateRecoveryRequestContext (CSSM_KRSP_HANDLE KRSPHandle, 132 const CSSM_KR_PROFILE *LocalProfile, 133 CSSM_CC_HANDLE *NewContext) 134 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 135 136CSSM_RETURN CSSMAPI 137CSSM_KR_GetPolicyInfo (CSSM_CC_HANDLE CCHandle, 138 CSSM_KR_POLICY_FLAGS *EncryptionProhibited, 139 uint32 *WorkFactor) 140 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 141 142 143/* Key Recovery Registration Operations */ 144 145CSSM_RETURN CSSMAPI 146CSSM_KR_RegistrationRequest (CSSM_CC_HANDLE RecoveryRegistrationContext, 147 const CSSM_DATA *KRInData, 148 const CSSM_ACCESS_CREDENTIALS *AccessCredentials, 149 CSSM_KR_POLICY_FLAGS KRFlags, 150 sint32 *EstimatedTime, 151 CSSM_HANDLE_PTR ReferenceHandle) 152 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 153 154CSSM_RETURN CSSMAPI 155CSSM_KR_RegistrationRetrieve (CSSM_KRSP_HANDLE KRSPHandle, 156 CSSM_HANDLE ReferenceHandle, 157 const CSSM_ACCESS_CREDENTIALS *AccessCredentials, 158 sint32 *EstimatedTime, 159 CSSM_KR_PROFILE_PTR KRProfile) 160 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 161 162 163/* Key Recovery Enablement Operations */ 164 165CSSM_RETURN CSSMAPI 166CSSM_KR_GenerateRecoveryFields (CSSM_CC_HANDLE KeyRecoveryContext, 167 CSSM_CC_HANDLE CCHandle, 168 const CSSM_DATA *KRSPOptions, 169 CSSM_KR_POLICY_FLAGS KRFlags, 170 CSSM_DATA_PTR KRFields, 171 CSSM_CC_HANDLE *NewCCHandle) 172 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 173 174CSSM_RETURN CSSMAPI 175CSSM_KR_ProcessRecoveryFields (CSSM_CC_HANDLE KeyRecoveryContext, 176 CSSM_CC_HANDLE CryptoContext, 177 const CSSM_DATA *KRSPOptions, 178 CSSM_KR_POLICY_FLAGS KRFlags, 179 const CSSM_DATA *KRFields, 180 CSSM_CC_HANDLE *NewCryptoContext) 181 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 182 183 184/* Key Recovery Request Operations */ 185 186CSSM_RETURN CSSMAPI 187CSSM_KR_RecoveryRequest (CSSM_CC_HANDLE RecoveryRequestContext, 188 const CSSM_DATA *KRInData, 189 const CSSM_ACCESS_CREDENTIALS *AccessCredentials, 190 sint32 *EstimatedTime, 191 CSSM_HANDLE_PTR ReferenceHandle) 192 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 193 194CSSM_RETURN CSSMAPI 195CSSM_KR_RecoveryRetrieve (CSSM_KRSP_HANDLE KRSPHandle, 196 CSSM_HANDLE ReferenceHandle, 197 const CSSM_ACCESS_CREDENTIALS *AccessCredentials, 198 sint32 *EstimatedTime, 199 CSSM_HANDLE_PTR CacheHandle, 200 uint32 *NumberOfRecoveredKeys) 201 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 202 203CSSM_RETURN CSSMAPI 204CSSM_KR_GetRecoveredObject (CSSM_KRSP_HANDLE KRSPHandle, 205 CSSM_HANDLE CacheHandle, 206 uint32 IndexInResults, 207 CSSM_CSP_HANDLE CSPHandle, 208 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, 209 uint32 Flags, 210 CSSM_KEY_PTR RecoveredKey, 211 CSSM_DATA_PTR OtherInfo) 212 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 213 214CSSM_RETURN CSSMAPI 215CSSM_KR_RecoveryRequestAbort (CSSM_KRSP_HANDLE KRSPHandle, 216 CSSM_HANDLE CacheHandle) 217 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 218 219CSSM_RETURN CSSMAPI 220CSSM_KR_QueryPolicyInfo (CSSM_KRSP_HANDLE KRSPHandle, 221 CSSM_ALGORITHMS AlgorithmID, 222 CSSM_ENCRYPT_MODE Mode, 223 CSSM_CONTEXT_TYPE Class, 224 CSSM_KR_POLICY_INFO_PTR *PolicyInfoData) 225 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 226 227 228/* Extensibility Functions */ 229 230CSSM_RETURN CSSMAPI 231CSSM_KR_PassThrough (CSSM_KRSP_HANDLE KRSPHandle, 232 CSSM_CC_HANDLE KeyRecoveryContext, 233 CSSM_CC_HANDLE CryptoContext, 234 uint32 PassThroughId, 235 const void *InputParams, 236 void **OutputParams) 237 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; 238 239#ifdef __cplusplus 240} 241#endif 242 243#endif /* _CSSMKRAPI_H_ */ 244