1/* 2 * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/*! 25 @header tokend.defs 26 @abstract Mach RPC interface between securityd and tokend. 27 */ 28 29#include <mach/std_types.defs> 30#include <mach/mach_types.defs> 31#include <securityd_client/ss_types.defs> 32 33subsystem tokend 2000; 34serverprefix tokend_server_; 35userprefix tokend_client_; 36 37import "tokend.h"; 38import "tdclient.h"; 39import <SecurityTokend/tokend_types.h>; 40 41 42type TokenScore = uint32_t; 43type EstablishFlags = uint32_t; 44type TokenUidString = c_string[*:256]; //@@@ initial guess 45 46 47/* 48 * Common argument profiles 49 */ 50#define TOKEND_PORTS requestport sport: mach_port_t; \ 51 replyport rport: mach_port_make_send_t; \ 52 out rcode: CSSM_RETURN 53 54 55// 56// Setup and control calls 57// 58routine probe(TOKEND_PORTS; out score: TokenScore; out uid: TokenUidString); 59 60routine establish(TOKEND_PORTS; in guid: Guid; in ssid: uint32; 61 in state: uint32; in cacheDirectory: FilePath; in workDirectory: FilePath; 62 out mdsDirectory: FilePathOut; out printName: FilePathOut); 63 64simpleroutine terminate(requestport sport: mach_port_t; in reason: uint32; in options: uint32); 65 66 67// 68// DL I/O and search functions 69// 70routine findFirst(TOKEND_PORTS; IN_BLOB(query,CssmQuery); 71 IN_BLOB(inAttributes,CssmDbRecordAttributeData); 72 in getData: boolean_t; out data: Data; out hKey: KeyHandle; 73 OUT_BLOB(outAttributes,CssmDbRecordAttributeData); 74 out search: SearchHandle; out record: RecordHandle); 75 76routine findNext(TOKEND_PORTS; in hSearch: SearchHandle; 77 IN_BLOB(inAttributes,CssmDbRecordAttributeData); 78 in getData: boolean_t; out data: Data; out hKey: KeyHandle; 79 OUT_BLOB(outAttributes,CssmDbRecordAttributeData); 80 out record: RecordHandle); 81 82routine findRecordHandle(TOKEND_PORTS; in hRecord: RecordHandle; 83 IN_BLOB(inAttributes,CssmDbRecordAttributeData); 84 in getData: boolean_t; out data: Data; out hKey: KeyHandle; 85 OUT_BLOB(outAttributes,CssmDbRecordAttributeData)); 86 87routine insertRecord(TOKEND_PORTS; in recordType: CSSM_DB_RECORDTYPE; 88 IN_BLOB(attributes,CssmDbRecordAttributeData); 89 in data: Data; out hRecord: RecordHandle); 90 91routine modifyRecord(TOKEND_PORTS; in recordType: CSSM_DB_RECORDTYPE; 92 inout hRecord: RecordHandle; IN_BLOB(attributes,CssmDbRecordAttributeData); 93 in setData: boolean_t; in data: Data; in modifyMode: CSSM_DB_MODIFY_MODE); 94 95routine deleteRecord(TOKEND_PORTS; in record: RecordHandle); 96 97routine releaseSearch(TOKEND_PORTS; in hSearch: SearchHandle); 98routine releaseRecord(TOKEND_PORTS; in hRecord: RecordHandle); 99 100 101// 102// Key management 103// 104routine releaseKey(TOKEND_PORTS; in key: KeyHandle); 105routine queryKeySizeInBits(TOKEND_PORTS; in key: KeyHandle; out length: CSSM_KEY_SIZE); 106routine getOutputSize(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; 107 in inputSize: uint32; in encrypt: boolean_t; out outputSize: uint32); 108 109 110// 111// Cryptographic operations 112// 113routine generateSignature(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; 114 in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; out signature: Data); 115routine verifySignature(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; 116 in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; in signature: Data); 117routine generateMac(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; 118 in data: Data; out signature: Data); 119routine verifyMac(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; 120 in data: Data; in signature: Data); 121 122routine encrypt(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; in clear: Data; out cipher: Data); 123routine decrypt(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; in cipher: Data; out clear: Data); 124 125routine generateKey(TOKEND_PORTS; IN_CONTEXT; 126 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype); 127 in keyUsage: uint32; in keyAttrs: uint32; 128 out hKey: KeyHandle; out key: CssmKeyBlob; out keyBase: CssmKeyPtr); 129routine generateKeyPair(TOKEND_PORTS; IN_CONTEXT; 130 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype); 131 in pubUsage: uint32; in pubAttrs: uint32; in privUsage: uint32; in privAttrs: uint32; 132 out hPubKey: KeyHandle; out pubKey: CssmKeyBlob; out pubKeyBase: CssmKeyPtr; 133 out hPrivKey: KeyHandle; out privKey: CssmKeyBlob; out privKeyBase: CssmKeyPtr); 134 135routine wrapKey(TOKEND_PORTS; IN_CONTEXT; in hWrappingKey: KeyHandle; IN_BLOB(wrappingKey, CssmKey); 136 IN_BLOB(accessCredentials,AccessCredentials); 137 in hSubjectKey: KeyHandle; IN_BLOB(subjectKey, CssmKey); 138 in data: Data; OUT_BLOB(wrappedKey, CssmKey)); 139routine unwrapKey(TOKEND_PORTS; IN_CONTEXT; in hWrappingKey: KeyHandle; IN_BLOB(wrappingKey, CssmKey); 140 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype); 141 in hPublicKey: KeyHandle; IN_BLOB(publicKey, CssmKey); IN_BLOB(wrappedKey, CssmKey); 142 in usage: uint32; in attributes: uint32; out data: Data; 143 out hKey: KeyHandle; out key: CssmKeyBlob; out keyBase: CssmKeyPtr); 144routine deriveKey(TOKEND_PORTS; IN_CONTEXT; in hSourceKey: KeyHandle; IN_BLOB(sourceKey, CssmKey); 145 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype); 146 IN_BLOB(paramInput,CssmDeriveData); out paramOutput: Data; 147 in keyUsage: uint32; in keyAttrs: uint32; 148 out hKey: KeyHandle; OUT_BLOB(key, CssmKey)); 149 150routine generateRandom(TOKEND_PORTS; IN_CONTEXT; out data: Data); 151 152 153// 154// ACL management 155// 156routine getOwner(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle; 157 out proto: AclOwnerPrototypeBlob; out protoBase: AclOwnerPrototypePtr); 158routine setOwner(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle; 159 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclOwnerPrototype,AclOwnerPrototype)); 160routine getAcl(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle; 161 in haveTag: boolean_t; in tag: CssmString; 162 out count: uint32; out acls: AclEntryInfoBlob; out aclsBase: AclEntryInfoPtr); 163routine changeAcl(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle; 164 IN_BLOB(accessCredentials,AccessCredentials); 165 in mode: CSSM_ACL_EDIT_MODE; in handle: CSSM_ACL_HANDLE; 166 IN_BLOB(aclEntryInput,AclEntryInput)); 167 168routine authenticate(TOKEND_PORTS; 169 in mode: CSSM_DB_ACCESS_TYPE; IN_BLOB(accessCredentials, AccessCredentials)); 170 171routine login(TOKEND_PORTS; IN_BLOB(accessCredentials,AccessCredentials); in name: Data); 172routine logout(TOKEND_PORTS); 173 174 175// 176// Miscellanea 177// 178routine getStatistics(TOKEND_PORTS; out statistics: CSPOperationalStatistics); 179routine getTime(TOKEND_PORTS; in algorithm: CSSM_ALGORITHMS; out data: Data); 180routine getCounter(TOKEND_PORTS; out data: Data); 181routine selfVerify(TOKEND_PORTS); 182 183routine cspPassThrough(TOKEND_PORTS; in id: uint32; IN_CONTEXT; in hKey: KeyHandle; IN_BLOB(key, CssmKey); 184 in inData: Data; out outData: Data); 185routine dlPassThrough(TOKEND_PORTS; in id: uint32; in inData: Data; out outData: Data); 186 187routine isLocked(TOKEND_PORTS; out locked: uint32); 188