1/* 2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18 19// 20// AppleCSPSession.h - top-level session class 21// 22#ifndef _APPLE_CSP_SESSION_H_ 23#define _APPLE_CSP_SESSION_H_ 24 25#include <security_cdsa_plugin/cssmplugin.h> 26#include <security_cdsa_plugin/pluginsession.h> 27#include <security_cdsa_plugin/CSPsession.h> 28#include <security_utilities/threading.h> 29#include "BinaryKey.h" 30#include "AppleCSPUtils.h" 31 32class CSPKeyInfoProvider; 33 34/* avoid unnecessary includes.... */ 35class AppleCSPPlugin; 36#ifdef BSAFE_CSP_ENABLE 37class BSafeFactory; 38#endif 39#ifdef CRYPTKIT_CSP_ENABLE 40class CryptKitFactory; 41#endif 42class MiscAlgFactory; 43#ifdef ASC_CSP_ENABLE 44class AscAlgFactory; 45#endif 46class RSA_DSA_Factory; 47class DH_Factory; 48 49/* one per attach/detach */ 50class AppleCSPSession : public CSPFullPluginSession { 51public: 52 53 AppleCSPSession( 54 CSSM_MODULE_HANDLE handle, 55 AppleCSPPlugin &plug, 56 const CSSM_VERSION &Version, 57 uint32 SubserviceID, 58 CSSM_SERVICE_TYPE SubServiceType, 59 CSSM_ATTACH_FLAGS AttachFlags, 60 const CSSM_UPCALLS &upcalls); 61 62 ~AppleCSPSession(); 63 64 CSPContext *contextCreate( 65 CSSM_CC_HANDLE handle, 66 const Context &context); 67 void setupContext( 68 CSPContext * &cspCtx, 69 const Context &context, 70 bool encoding); 71 72 // Functions declared in CSPFullPluginSession which we override. 73 74 // Free a key. If this is a reference key 75 // we generated, remove it from refKeyMap. 76 void FreeKey(const AccessCredentials *AccessCred, 77 CssmKey &KeyPtr, 78 CSSM_BOOL Delete); 79 80 void UnwrapKey(CSSM_CC_HANDLE CCHandle, 81 const Context &Context, 82 const CssmKey *PublicKey, 83 const CssmKey &WrappedKey, 84 uint32 KeyUsage, 85 uint32 KeyAttr, 86 const CssmData *KeyLabel, 87 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, 88 CssmKey &UnwrappedKey, 89 CssmData &DescriptiveData, 90 CSSM_PRIVILEGE Privilege); 91 void WrapKey(CSSM_CC_HANDLE CCHandle, 92 const Context &Context, 93 const AccessCredentials &AccessCred, 94 const CssmKey &Key, 95 const CssmData *DescriptiveData, 96 CssmKey &WrappedKey, 97 CSSM_PRIVILEGE Privilege); 98 void DeriveKey(CSSM_CC_HANDLE CCHandle, 99 const Context &Context, 100 CssmData &Param, 101 uint32 KeyUsage, 102 uint32 KeyAttr, 103 const CssmData *KeyLabel, 104 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, 105 CssmKey &DerivedKey); 106 void PassThrough(CSSM_CC_HANDLE CCHandle, 107 const Context &Context, 108 uint32 PassThroughId, 109 const void *InData, 110 void **OutData); 111 void getKeySize(const CssmKey &key, 112 CSSM_KEY_SIZE &size); 113 114 // add a BinaryKey to our refKeyMap. Sets up cssmKey 115 // as appropriate. 116 void addRefKey( 117 BinaryKey &binKey, 118 CssmKey &cssmKey); 119 120 // Given a CssmKey in reference form, obtain the associated 121 // BinaryKey. 122 BinaryKey &lookupRefKey( 123 const CssmKey &cssmKey); 124 125 // CSP's RNG. This redirects to Yarrow. 126 void getRandomBytes(size_t length, uint8 *cp); 127 void addEntropy(size_t length, const uint8 *cp); 128 129 Allocator &normAlloc() { return normAllocator; } 130 Allocator &privAlloc() { return privAllocator; } 131 132 #ifdef BSAFE_CSP_ENABLE 133 BSafeFactory &bSafe4Factory; 134 #endif 135 #ifdef CRYPTKIT_CSP_ENABLE 136 CryptKitFactory &cryptKitFactory; 137 #endif 138 MiscAlgFactory &miscAlgFactory; 139 #ifdef ASC_CSP_ENABLE 140 AscAlgFactory &ascAlgFactory; 141 #endif 142 RSA_DSA_Factory &rsaDsaAlgFactory; 143 DH_Factory &dhAlgFactory; 144 145private: 146 // storage of binary keys (which apps know as reference keys) 147 typedef std::map<KeyRef, const BinaryKey *> keyMap; 148 keyMap refKeyMap; 149 Mutex refKeyMapLock; 150 Allocator &normAllocator; 151 Allocator &privAllocator; 152 153 BinaryKey *lookupKeyRef(KeyRef keyRef); 154 void DeriveKey_PBKDF2( 155 const Context &Context, 156 const CssmData &Param, 157 CSSM_DATA *keyData); 158 159 void DeriveKey_PKCS5_V1_5( 160 const Context &context, 161 CSSM_ALGORITHMS algId, 162 const CssmData &Param, 163 CSSM_DATA *keyData); 164 165 void DeriveKey_OpenSSH1( 166 const Context &context, 167 CSSM_ALGORITHMS algId, 168 const CssmData &Param, 169 CSSM_DATA *keyData); 170 171 /* CMS wrap/unwrap, called out from standard wrap/unwrap */ 172 void WrapKeyCms( 173 CSSM_CC_HANDLE CCHandle, 174 const Context &Context, 175 const AccessCredentials &AccessCred, 176 const CssmKey &UnwrappedKey, 177 CssmData &rawBlob, 178 bool allocdRawBlob, // callee has to free rawBlob 179 const CssmData *DescriptiveData, 180 CssmKey &WrappedKey, 181 CSSM_PRIVILEGE Privilege); 182 183 void UnwrapKeyCms( 184 CSSM_CC_HANDLE CCHandle, 185 const Context &Context, 186 const CssmKey &WrappedKey, 187 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, 188 CssmKey &UnwrappedKey, 189 CssmData &DescriptiveData, 190 CSSM_PRIVILEGE Privilege, 191 cspKeyStorage keyStorage); 192 193 /* OpenSSHv1 wrap/unwrap, called out from standard wrap/unwrap */ 194 void WrapKeyOpenSSH1( 195 CSSM_CC_HANDLE CCHandle, 196 const Context &Context, 197 const AccessCredentials &AccessCred, 198 BinaryKey &unwrappedBinKey, 199 CssmData &rawBlob, 200 bool allocdRawBlob, // callee has to free rawBlob 201 const CssmData *DescriptiveData, 202 CssmKey &WrappedKey, 203 CSSM_PRIVILEGE Privilege); 204 205 void UnwrapKeyOpenSSH1( 206 CSSM_CC_HANDLE CCHandle, 207 const Context &Context, 208 const CssmKey &WrappedKey, 209 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry, 210 CssmKey &UnwrappedKey, 211 CssmData &DescriptiveData, 212 CSSM_PRIVILEGE Privilege, 213 cspKeyStorage keyStorage); 214 215 /* 216 * Used for generating crypto contexts at this level. 217 * Analogous to AlgorithmFactory.setup(). 218 */ 219 bool setup( 220 CSPFullPluginSession::CSPContext * &cspCtx, 221 const Context &context); 222 223 /* 224 * Find a CSPKeyInfoProvider subclass for the specified key. 225 */ 226 CSPKeyInfoProvider *infoProvider( 227 const CssmKey &key); 228 229 void pkcs8InferKeyHeader( 230 CssmKey &key); 231 232 void opensslInferKeyHeader( 233 CssmKey &key); 234 235}; /* AppleCSPSession */ 236 237 238#endif //_APPLE_CSP_SESSION_H_ 239