1/*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19//
20// AppleCSPSession.h - top-level session class
21//
22#ifndef _APPLE_CSP_SESSION_H_
23#define _APPLE_CSP_SESSION_H_
24
25#include <security_cdsa_plugin/cssmplugin.h>
26#include <security_cdsa_plugin/pluginsession.h>
27#include <security_cdsa_plugin/CSPsession.h>
28#include <security_utilities/threading.h>
29#include "BinaryKey.h"
30#include "AppleCSPUtils.h"
31
32class CSPKeyInfoProvider;
33
34/* avoid unnecessary includes.... */
35class AppleCSPPlugin;
36#ifdef	BSAFE_CSP_ENABLE
37class BSafeFactory;
38#endif
39#ifdef	CRYPTKIT_CSP_ENABLE
40class CryptKitFactory;
41#endif
42class MiscAlgFactory;
43#ifdef	ASC_CSP_ENABLE
44class AscAlgFactory;
45#endif
46class RSA_DSA_Factory;
47class DH_Factory;
48
49/* one per attach/detach */
50class AppleCSPSession : public CSPFullPluginSession {
51public:
52
53	AppleCSPSession(
54		CSSM_MODULE_HANDLE 	handle,
55		AppleCSPPlugin 		&plug,
56		const CSSM_VERSION 	&Version,
57		uint32 				SubserviceID,
58		CSSM_SERVICE_TYPE 	SubServiceType,
59		CSSM_ATTACH_FLAGS 	AttachFlags,
60		const CSSM_UPCALLS 	&upcalls);
61
62	~AppleCSPSession();
63
64	CSPContext *contextCreate(
65		CSSM_CC_HANDLE 		handle,
66		const Context 		&context);
67	void setupContext(
68		CSPContext * 		&cspCtx,
69		const Context 		&context,
70		bool 				encoding);
71
72	// Functions declared in CSPFullPluginSession which we override.
73
74	// Free a key. If this is a reference key
75	// we generated, remove it from refKeyMap.
76	void FreeKey(const AccessCredentials *AccessCred,
77		CssmKey &KeyPtr,
78		CSSM_BOOL Delete);
79
80	void UnwrapKey(CSSM_CC_HANDLE CCHandle,
81        const Context &Context,
82        const CssmKey *PublicKey,
83        const CssmKey &WrappedKey,
84        uint32 KeyUsage,
85        uint32 KeyAttr,
86        const CssmData *KeyLabel,
87        const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
88        CssmKey &UnwrappedKey,
89        CssmData &DescriptiveData,
90        CSSM_PRIVILEGE Privilege);
91	void WrapKey(CSSM_CC_HANDLE CCHandle,
92        const Context &Context,
93        const AccessCredentials &AccessCred,
94        const CssmKey &Key,
95        const CssmData *DescriptiveData,
96        CssmKey &WrappedKey,
97        CSSM_PRIVILEGE Privilege);
98 	void DeriveKey(CSSM_CC_HANDLE CCHandle,
99		const Context &Context,
100		CssmData &Param,
101		uint32 KeyUsage,
102		uint32 KeyAttr,
103		const CssmData *KeyLabel,
104		const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
105		CssmKey &DerivedKey);
106	void PassThrough(CSSM_CC_HANDLE CCHandle,
107		const Context &Context,
108		uint32 PassThroughId,
109		const void *InData,
110		void **OutData);
111	void getKeySize(const CssmKey &key,
112		CSSM_KEY_SIZE &size);
113
114	// add a BinaryKey to our refKeyMap. Sets up cssmKey
115	// as appropriate.
116	void addRefKey(
117		BinaryKey			&binKey,
118		CssmKey				&cssmKey);
119
120	// Given a CssmKey in reference form, obtain the associated
121	// BinaryKey.
122	BinaryKey &lookupRefKey(
123		const CssmKey		&cssmKey);
124
125	// CSP's RNG. This redirects to Yarrow.
126	void					getRandomBytes(size_t length, uint8 *cp);
127	void					addEntropy(size_t length, const uint8 *cp);
128
129	Allocator 			&normAlloc()  { return normAllocator; }
130    Allocator 			&privAlloc()  { return privAllocator; }
131
132	#ifdef	BSAFE_CSP_ENABLE
133	BSafeFactory 			&bSafe4Factory;
134	#endif
135	#ifdef	CRYPTKIT_CSP_ENABLE
136	CryptKitFactory			&cryptKitFactory;
137	#endif
138	MiscAlgFactory			&miscAlgFactory;
139	#ifdef	ASC_CSP_ENABLE
140	AscAlgFactory			&ascAlgFactory;
141	#endif
142	RSA_DSA_Factory			&rsaDsaAlgFactory;
143	DH_Factory				&dhAlgFactory;
144
145private:
146	// storage of binary keys (which apps know as reference keys)
147	typedef std::map<KeyRef, const BinaryKey *> keyMap;
148	keyMap					refKeyMap;
149	Mutex					refKeyMapLock;
150    Allocator 			&normAllocator;
151    Allocator 			&privAllocator;
152
153	BinaryKey 				*lookupKeyRef(KeyRef keyRef);
154	void 					DeriveKey_PBKDF2(
155								const Context &Context,
156								const CssmData &Param,
157								CSSM_DATA *keyData);
158
159	void					DeriveKey_PKCS5_V1_5(
160								const Context &context,
161								CSSM_ALGORITHMS algId,
162								const CssmData &Param,
163								CSSM_DATA *keyData);
164
165	void					DeriveKey_OpenSSH1(
166								const Context &context,
167								CSSM_ALGORITHMS algId,
168								const CssmData &Param,
169								CSSM_DATA *keyData);
170
171	/* CMS wrap/unwrap, called out from standard wrap/unwrap */
172	void WrapKeyCms(
173		CSSM_CC_HANDLE CCHandle,
174		const Context &Context,
175		const AccessCredentials &AccessCred,
176		const CssmKey &UnwrappedKey,
177		CssmData &rawBlob,
178		bool allocdRawBlob,			// callee has to free rawBlob
179		const CssmData *DescriptiveData,
180		CssmKey &WrappedKey,
181		CSSM_PRIVILEGE Privilege);
182
183	void UnwrapKeyCms(
184		CSSM_CC_HANDLE CCHandle,
185		const Context &Context,
186		const CssmKey &WrappedKey,
187		const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
188		CssmKey &UnwrappedKey,
189		CssmData &DescriptiveData,
190		CSSM_PRIVILEGE Privilege,
191		cspKeyStorage keyStorage);
192
193	/* OpenSSHv1 wrap/unwrap, called out from standard wrap/unwrap */
194	void WrapKeyOpenSSH1(
195		CSSM_CC_HANDLE CCHandle,
196		const Context &Context,
197		const AccessCredentials &AccessCred,
198		BinaryKey &unwrappedBinKey,
199		CssmData &rawBlob,
200		bool allocdRawBlob,			// callee has to free rawBlob
201		const CssmData *DescriptiveData,
202		CssmKey &WrappedKey,
203		CSSM_PRIVILEGE Privilege);
204
205	void UnwrapKeyOpenSSH1(
206		CSSM_CC_HANDLE CCHandle,
207		const Context &Context,
208		const CssmKey &WrappedKey,
209		const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
210		CssmKey &UnwrappedKey,
211		CssmData &DescriptiveData,
212		CSSM_PRIVILEGE Privilege,
213		cspKeyStorage keyStorage);
214
215	/*
216	 * Used for generating crypto contexts at this level.
217	 * Analogous to AlgorithmFactory.setup().
218	 */
219	bool setup(
220		CSPFullPluginSession::CSPContext * &cspCtx,
221		const Context &context);
222
223	/*
224	 * Find a CSPKeyInfoProvider subclass for the specified key.
225	 */
226	CSPKeyInfoProvider *infoProvider(
227		const CssmKey	&key);
228
229	void pkcs8InferKeyHeader(
230		CssmKey			&key);
231
232	void opensslInferKeyHeader(
233		CssmKey			&key);
234
235};	/* AppleCSPSession */
236
237
238#endif //_APPLE_CSP_SESSION_H_
239