1/*
2 * Copyright (c) 2002-2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24//
25// KeyItem.h
26//
27#ifndef _SECURITY_KEYITEM_H_
28#define _SECURITY_KEYITEM_H_
29
30#include <security_keychain/Item.h>
31#include <Security/SecKeyPriv.h>
32
33namespace Security
34{
35
36namespace KeychainCore
37{
38
39class KeyItem : public ItemImpl
40{
41	NOCOPY(KeyItem)
42public:
43	SECCFFUNCTIONS(KeyItem, SecKeyRef, errSecInvalidItemRef, gTypes().KeyItem)
44
45	// db item constructor
46private:
47    KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
48
49	// PrimaryKey item constructor
50    KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey);
51
52public:
53	static KeyItem* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
54	static KeyItem* make(const Keychain &keychain, const PrimaryKey &primaryKey);
55
56	KeyItem(KeyItem &keyItem);
57
58	KeyItem(const CssmClient::Key &key);
59
60    virtual ~KeyItem();
61
62	virtual void update();
63	virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
64	virtual Item importTo(const Keychain &keychain, Access *newAccess = NULL, SecKeychainAttributeList *attrList = NULL);
65	virtual void didModify();
66
67	CssmClient::SSDbUniqueRecord ssDbUniqueRecord();
68	CssmClient::Key &key();
69	CssmClient::CSP csp();
70
71	const CSSM_X509_ALGORITHM_IDENTIFIER& algorithmIdentifier();
72	unsigned int strengthInBits(const CSSM_X509_ALGORITHM_IDENTIFIER *algid);
73
74	const AccessCredentials *getCredentials(
75		CSSM_ACL_AUTHORIZATION_TAG operation,
76		SecCredentialType credentialType);
77
78	bool operator == (KeyItem &other);
79
80	static void createPair(
81		Keychain keychain,
82        CSSM_ALGORITHMS algorithm,
83        uint32 keySizeInBits,
84        CSSM_CC_HANDLE contextHandle,
85        CSSM_KEYUSE publicKeyUsage,
86        uint32 publicKeyAttr,
87        CSSM_KEYUSE privateKeyUsage,
88        uint32 privateKeyAttr,
89        SecPointer<Access> initialAccess,
90        SecPointer<KeyItem> &outPublicKey,
91        SecPointer<KeyItem> &outPrivateKey);
92
93	static void importPair(
94		Keychain keychain,
95		const CSSM_KEY &publicCssmKey,
96		const CSSM_KEY &privateCssmKey,
97        SecPointer<Access> initialAccess,
98        SecPointer<KeyItem> &outPublicKey,
99        SecPointer<KeyItem> &outPrivateKey);
100
101	static SecPointer<KeyItem> generate(
102		Keychain keychain,
103		CSSM_ALGORITHMS algorithm,
104		uint32 keySizeInBits,
105		CSSM_CC_HANDLE contextHandle,
106		CSSM_KEYUSE keyUsage,
107		uint32 keyAttr,
108		SecPointer<Access> initialAccess);
109
110	static SecPointer<KeyItem> generateWithAttributes(
111		const SecKeychainAttributeList *attrList,
112		Keychain keychain,
113		CSSM_ALGORITHMS algorithm,
114		uint32 keySizeInBits,
115		CSSM_CC_HANDLE contextHandle,
116		CSSM_KEYUSE keyUsage,
117		uint32 keyAttr,
118		SecPointer<Access> initialAccess);
119
120	virtual const CssmData &itemID();
121
122	void RawSign(SecPadding padding, CSSM_DATA dataToSign, const AccessCredentials *credentials, CSSM_DATA& signedData);
123	void RawVerify(SecPadding padding, CSSM_DATA dataToVerify, const AccessCredentials *credentials, CSSM_DATA signature);
124	void Encrypt(SecPadding padding, CSSM_DATA dataToEncrypt, const AccessCredentials *credentials, CSSM_DATA& encryptedData);
125	void Decrypt(SecPadding padding, CSSM_DATA dataToEncrypt, const AccessCredentials *credentials, CSSM_DATA& encryptedData);
126
127	virtual CFHashCode hash();
128
129protected:
130	virtual PrimaryKey add(Keychain &keychain);
131private:
132	CssmClient::Key mKey;
133	const CSSM_X509_ALGORITHM_IDENTIFIER *algid;
134	CssmAutoData mPubKeyHash;
135};
136
137} // end namespace KeychainCore
138
139} // end namespace Security
140
141#endif // !_SECURITY_KEYITEM_H_
142