1/* 2 * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23#include "transit.h" 24 25using namespace Security::Tokend; 26 27 28// 29// Server inbound transition layer. 30// These are C functions in the global namespace, called by the MIG dispatch. 31// 32 33 34// 35// Probe: Examine token, determine score, and generate token uid string 36// 37kern_return_t tokend_server_probe(TOKEND_ARGS, TokenScore *score, TokenUidString uid) 38{ 39 BEGIN_IPC 40 uid[0] = '\0'; // default to no uid obtained 41 CALL(probe, (kSecTokendCallbacksDefault, score, uid)); 42 // We do not support 32 bit tokends on 10.6 and later 43 // since securityd always runs 64 bit 44 if (sizeof(int*) == 4) 45 { 46 Syslog::error("32-bit tokends not supported"); 47 CssmError::throwMe(CSSMERR_CSP_DEVICE_ERROR); 48 } 49 uid[TOKEND_MAX_UID-1] = '\0'; // enforce null termination 50 server->tokenUid(uid); 51 END_IPC(CSSM) 52} 53 54 55// 56// Establish: take securityd's information and stash it away; 57// determine MDS resources and return them. 58// 59kern_return_t tokend_server_establish(TOKEND_ARGS, 60 CSSM_GUID guid, uint32 ssid, SecTokendEstablishFlags flags, 61 const char *cacheDirectory, const char *workDirectory, 62 char mdsDirectory[PATH_MAX], char printName[PATH_MAX]) 63{ 64 BEGIN_IPC 65 mdsDirectory[0] = '\0'; // default to all resources 66 printName[0] = '\0'; // default to no print name 67 CALL(establish, (&guid, ssid, flags, cacheDirectory, workDirectory, mdsDirectory, printName)); 68 END_IPC(CSSM) 69} 70 71 72// 73// Induce termination 74// 75kern_return_t tokend_server_terminate(mach_port_t servicePort, uint32 reason, uint32 options) 76{ 77 server->termination(reason, options); 78} 79 80 81// 82// Find/retrieve interface 83// 84kern_return_t tokend_server_findFirst(TOKEND_ARGS, 85 COPY_IN(CssmQuery, query), 86 COPY_IN(CssmDbRecordAttributeData, inAttributes), 87 boolean_t getData, DATA_OUT(outData), KeyHandle *hKey, 88 COPY_OUT(CssmDbRecordAttributeData, outAttributes), 89 SearchHandle *hSearch, RecordHandle *hRecord) 90{ 91 BEGIN_IPC 92 relocate(query, queryBase); 93 relocate(inAttributes, inAttributesBase); 94 DataRetrieval interface(inAttributes, getData); 95 CSSM_HANDLE searchHandle = 0; 96 CALL(findFirst, (query, &interface, &searchHandle)); 97 interface.returnData(*hKey, *hRecord, *outData, *outDataLength, 98 *outAttributes, *outAttributesLength, *outAttributesBase); 99 /* 100 findFirst and findNext do not return an error if nothing was found. 101 Instead, hKey and hRecord are set to 0. In this case, we don't want to 102 set up a search handle 103 */ 104 if (searchHandle) 105 *hSearch = TokendHandleObject::make(searchHandle)->ipcHandle(); 106 server->releaseWhenDone(Allocator::standard(), *outAttributes); 107 END_IPC(DL) 108} 109 110 111kern_return_t tokend_server_findNext(TOKEND_ARGS, SearchHandle hSearch, 112 COPY_IN(CssmDbRecordAttributeData, inAttributes), 113 boolean_t getData, DATA_OUT(outData), KeyHandle *hKey, 114 COPY_OUT(CssmDbRecordAttributeData, outAttributes), 115 RecordHandle *hRecord) 116{ 117 BEGIN_IPC 118 relocate(inAttributes, inAttributesBase); 119 DataRetrieval interface(inAttributes, getData); 120 CSSM_HANDLE searchHandle = TokendHandleObject::findTDHandle(hSearch); 121 CALL(findNext, (searchHandle, &interface)); 122 interface.returnData(*hKey, *hRecord, *outData, *outDataLength, 123 *outAttributes, *outAttributesLength, *outAttributesBase); 124 server->releaseWhenDone(Allocator::standard(), *outAttributes); 125 END_IPC(DL) 126} 127 128 129kern_return_t tokend_server_findRecordHandle(TOKEND_ARGS, RecordHandle hRecord, 130 COPY_IN(CssmDbRecordAttributeData, inAttributes), 131 boolean_t getData, DATA_OUT(outData), KeyHandle *hKey, 132 COPY_OUT(CssmDbRecordAttributeData, outAttributes)) 133{ 134 BEGIN_IPC 135 relocate(inAttributes, inAttributesBase); 136 DataRetrieval interface(inAttributes, getData); 137 CSSM_HANDLE recordHandle = TokendHandleObject::findTDHandle(hRecord); 138 CALL(findRecordHandle, (recordHandle, &interface)); 139 interface.returnData(*hKey, hRecord, *outData, *outDataLength, 140 *outAttributes, *outAttributesLength, *outAttributesBase); 141 server->releaseWhenDone(Allocator::standard(), *outAttributes); 142 END_IPC(DL) 143} 144 145 146kern_return_t tokend_server_insertRecord(TOKEND_ARGS, CSSM_DB_RECORDTYPE recordType, 147 COPY_IN(CssmDbRecordAttributeData, attributes), DATA_IN(data), 148 RecordHandle *hRecord) 149{ 150 BEGIN_IPC 151 relocate(attributes, attributesBase); 152 const CssmData dataBlob(DATA(data)); 153 CSSM_HANDLE recordHandle; 154 CALL(insertRecord, (recordType, attributes, data ? &dataBlob : NULL, &recordHandle)); 155 *hRecord = TokendHandleObject::make(recordHandle)->ipcHandle(); 156 END_IPC(DL) 157} 158 159 160kern_return_t tokend_server_modifyRecord(TOKEND_ARGS, CSSM_DB_RECORDTYPE recordType, 161 RecordHandle *hRecord, COPY_IN(CssmDbRecordAttributeData, attributes), 162 boolean_t setData, DATA_IN(data), CSSM_DB_MODIFY_MODE modifyMode) 163{ 164 BEGIN_IPC 165 relocate(attributes, attributesBase); 166 const CssmData dataBlob(DATA(data)); 167 CSSM_HANDLE recordHandle; 168 CALL(modifyRecord, (recordType, &recordHandle, attributes, 169 setData ? &dataBlob : NULL, modifyMode)); 170 *hRecord = TokendHandleObject::make(recordHandle)->ipcHandle(); 171 END_IPC(DL) 172} 173 174 175kern_return_t tokend_server_deleteRecord(TOKEND_ARGS, RecordHandle hRecord) 176{ 177 BEGIN_IPC 178 CSSM_HANDLE recordHandle = TokendHandleObject::findTDHandle(hRecord); 179 CALL(deleteRecord, (recordHandle)); 180 END_IPC(DL) 181} 182 183 184kern_return_t tokend_server_releaseSearch(TOKEND_ARGS, SearchHandle hSearch) 185{ 186 BEGIN_IPC 187 CSSM_HANDLE searchHandle = TokendHandleObject::findTDHandle(hSearch); 188 CALL(releaseSearch, (searchHandle)); 189 END_IPC(DL) 190} 191 192kern_return_t tokend_server_releaseRecord(TOKEND_ARGS, RecordHandle hRecord) 193{ 194 BEGIN_IPC 195 CSSM_HANDLE recordHandle = TokendHandleObject::findTDHandle(hRecord); 196 CALL(releaseRecord, (recordHandle)); 197 END_IPC(DL) 198} 199 200 201// 202// Key management 203// 204kern_return_t tokend_server_releaseKey(TOKEND_ARGS, KeyHandle hKey) 205{ 206 BEGIN_IPC 207 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey); 208 CALL(releaseKey, (keyHandle)); 209 END_IPC(DL) 210} 211 212kern_return_t tokend_server_queryKeySizeInBits(TOKEND_ARGS, KeyHandle hKey, 213 CSSM_KEY_SIZE *size) 214{ 215 BEGIN_IPC 216 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey); 217 CALL(getKeySize, (keyHandle, size)); 218 END_IPC(CSP) 219} 220 221kern_return_t tokend_server_getOutputSize(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey, 222 uint32 inputSize, boolean_t encrypt, uint32 *outputSize) 223{ 224 BEGIN_IPC 225 relocate(context, contextBase, attributes, attrSize); 226 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey); 227 CALL(getOutputSize, (&context, keyHandle, inputSize, encrypt, outputSize)); 228 END_IPC(CSP) 229} 230 231 232// 233// Signatures and MACs 234// 235kern_return_t tokend_server_generateSignature(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey, 236 CSSM_ALGORITHMS signOnlyAlgorithm, DATA_IN(data), DATA_OUT(signature)) 237{ 238 BEGIN_IPC 239 relocate(context, contextBase, attributes, attrSize); 240 const CssmData dataBlob(DATA(data)); 241 OutputData sigData(signature, signatureLength); 242 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey); 243 CALL(generateSignature, (&context, keyHandle, signOnlyAlgorithm, 244 &dataBlob, &sigData)); 245 END_IPC(CSP) 246} 247 248kern_return_t tokend_server_verifySignature(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey, 249 CSSM_ALGORITHMS verifyOnlyAlgorithm, DATA_IN(data), DATA_IN(signature)) 250{ 251 BEGIN_IPC 252 relocate(context, contextBase, attributes, attrSize); 253 const CssmData dataBlob(DATA(data)); 254 const CssmData signatureBlob(DATA(signature)); 255 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey); 256 CALL(verifySignature, (&context, keyHandle, verifyOnlyAlgorithm, &dataBlob, &signatureBlob)); 257 END_IPC(CSP) 258} 259 260kern_return_t tokend_server_generateMac(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey, 261 DATA_IN(data), DATA_OUT(mac)) 262{ 263 BEGIN_IPC 264 relocate(context, contextBase, attributes, attrSize); 265 const CssmData dataBlob(DATA(data)); 266 OutputData macData(mac, macLength); 267 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey); 268 CALL(generateMac, (&context, keyHandle, &dataBlob, &macData)); 269 END_IPC(CSP) 270} 271 272kern_return_t tokend_server_verifyMac(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey, 273 DATA_IN(data), DATA_IN(mac)) 274{ 275 BEGIN_IPC 276 relocate(context, contextBase, attributes, attrSize); 277 const CssmData dataBlob(DATA(data)); 278 const CssmData macBlob(DATA(mac)); 279 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey); 280 CALL(verifyMac, (&context, keyHandle, &dataBlob, &macBlob)); 281 END_IPC(CSP) 282} 283 284 285// 286// Encryption/Decryption 287// 288kern_return_t tokend_server_encrypt(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey, 289 DATA_IN(clear), DATA_OUT(cipher)) 290{ 291 BEGIN_IPC 292 relocate(context, contextBase, attributes, attrSize); 293 const CssmData clearBlob(DATA(clear)); 294 OutputData cipherOut(cipher, cipherLength); 295 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey); 296 CALL(encrypt, (&context, keyHandle, &clearBlob, &cipherOut)); 297 END_IPC(CSP) 298} 299 300kern_return_t tokend_server_decrypt(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey, 301 DATA_IN(cipher), DATA_OUT(clear)) 302{ 303 BEGIN_IPC 304 relocate(context, contextBase, attributes, attrSize); 305 const CssmData cipherBlob(DATA(cipher)); 306 OutputData clearOut(clear, clearLength); 307 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey); 308 CALL(decrypt, (&context, keyHandle, &cipherBlob, &clearOut)); 309 END_IPC(CSP) 310} 311 312 313// 314// Key generation 315// 316kern_return_t tokend_server_generateKey(TOKEND_ARGS, CONTEXT_ARGS, 317 COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), 318 uint32 usage, uint32 attrs, KeyHandle *hKey, COPY_OUT(CssmKey, key)) 319{ 320 BEGIN_IPC 321 relocate(context, contextBase, attributes, attrSize); 322 relocate(cred, credBase); 323 relocate(owner, ownerBase); 324 Return<CssmKey> rKey(key, keyLength, keyBase); 325 CSSM_HANDLE keyHandle; 326 CALL(generateKey, (&context, cred, owner, usage, attrs, &keyHandle, &rKey)); 327 *hKey = TokendHandleObject::make(keyHandle)->ipcHandle(); 328 END_IPC(CSP) 329} 330 331kern_return_t tokend_server_generateKeyPair(TOKEND_ARGS, CONTEXT_ARGS, 332 COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), 333 CSSM_KEYUSE pubUsage, CSSM_KEYATTR_FLAGS pubAttrs, 334 CSSM_KEYUSE privUsage, CSSM_KEYATTR_FLAGS privAttrs, 335 KeyHandle *hPubKey, COPY_OUT(CssmKey, pubKey), 336 KeyHandle *hPrivKey, COPY_OUT(CssmKey, privKey)) 337{ 338 BEGIN_IPC 339 relocate(context, contextBase, attributes, attrSize); 340 relocate(cred, credBase); 341 relocate(owner, ownerBase); 342 Return<CssmKey> rPubKey(pubKey, pubKeyLength, pubKeyBase); 343 Return<CssmKey> rPrivKey(privKey, privKeyLength, privKeyBase); 344 CSSM_HANDLE cssmPubKey, cssmPrivKey; 345 CALL(generateKeyPair, (&context, cred, owner, 346 pubUsage, pubAttrs, privUsage, privAttrs, 347 &cssmPubKey, &rPubKey, &cssmPrivKey, &rPrivKey)); 348 *hPubKey = TokendHandleObject::make(cssmPubKey)->ipcHandle(); 349 *hPrivKey = TokendHandleObject::make(cssmPrivKey)->ipcHandle(); 350 END_IPC(CSP) 351} 352 353 354// 355// Key wrapping and unwrapping 356// 357kern_return_t tokend_server_wrapKey(TOKEND_ARGS, CONTEXT_ARGS, 358 KeyHandle hWrappingKey, COPY_IN(CssmKey, wrappingKey), 359 COPY_IN(AccessCredentials, cred), 360 KeyHandle hSubjectKey, COPY_IN(CssmKey, subjectKey), 361 DATA_IN(descriptiveData), COPY_OUT(CssmWrappedKey, wrappedKey)) 362{ 363 BEGIN_IPC 364 relocate(context, contextBase, attributes, attrSize); 365 relocate(cred, credBase); 366 relocate(wrappingKey, wrappingKeyBase); 367 relocate(subjectKey, subjectKeyBase); 368 CssmData ddata(DATA(descriptiveData)); 369 Return<CssmKey> rKey(wrappedKey, wrappedKeyLength, wrappedKeyBase); 370 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hSubjectKey); 371 CALL(wrapKey, (&context, hWrappingKey, wrappingKey, cred, 372 keyHandle, subjectKey, descriptiveData ? &ddata : NULL, &rKey)); 373 END_IPC(CSP) 374} 375 376kern_return_t tokend_server_unwrapKey(TOKEND_ARGS, CONTEXT_ARGS, 377 KeyHandle hWrappingKey, COPY_IN(CssmKey, wrappingKey), 378 COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), 379 KeyHandle hPublicKey, COPY_IN(CssmKey, publicKey), 380 COPY_IN(CssmWrappedKey, wrappedKey), 381 uint32 usage, uint32 attrs, DATA_OUT(descriptiveData), 382 KeyHandle *hUnwrappedKey, COPY_OUT(CssmKey, unwrappedKey)) 383{ 384 BEGIN_IPC 385 relocate(context, contextBase, attributes, attrSize); 386 relocate(cred, credBase); 387 relocate(owner, ownerBase); 388 relocate(wrappingKey, wrappingKeyBase); 389 relocate(publicKey, publicKeyBase); 390 relocate(wrappedKey, wrappedKeyBase); 391 Return<CssmKey> rKey(unwrappedKey, unwrappedKeyLength, unwrappedKeyBase); 392 OutputData descriptives(descriptiveData, descriptiveDataLength); 393 CSSM_HANDLE cssmUnwrappedKey; 394 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hPublicKey); 395 CSSM_HANDLE wrapKeyHandle = TokendHandleObject::findTDHandle(hWrappingKey); 396 CALL(unwrapKey, (&context, wrapKeyHandle, wrappingKey, cred, owner, 397 keyHandle, publicKey, wrappedKey, 398 usage, attrs, &descriptives, &cssmUnwrappedKey, &rKey)); 399 *hUnwrappedKey = TokendHandleObject::make(cssmUnwrappedKey)->ipcHandle(); 400 END_IPC(CSP) 401} 402 403 404// 405// Key derivation. 406// 407kern_return_t tokend_server_deriveKey(TOKEND_ARGS, CONTEXT_ARGS, 408 KeyHandle hBaseKey, COPY_IN(CssmKey, baseKey), 409 COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), 410 COPY_IN(CssmDeriveData,paramInput), DATA_OUT(paramOutput), 411 CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attrs, 412 KeyHandle *hKey, COPY_OUT(CssmKey, key)) 413{ 414 BEGIN_IPC 415 relocate(context, contextBase, attributes, attrSize); 416 relocate(cred, credBase); 417 relocate(owner, ownerBase); 418 relocate(baseKey, baseKeyBase); 419 relocate(paramInput, paramInputBase); 420 if (!paramInput || paramInput->algorithm != context.algorithm()) 421 CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS); 422 Return<CssmKey> rKey(key, keyLength, keyBase); 423 CSSM_HANDLE cssmKeyHandle; 424 CALL(deriveKey, (&context, hBaseKey, baseKey, cred, owner, ¶mInput->baseData, 425 usage, attrs, &cssmKeyHandle, &rKey)); 426 *hKey = TokendHandleObject::make(cssmKeyHandle)->ipcHandle(); 427 OutputData(paramOutput, paramOutputLength) = paramInput->baseData; 428 END_IPC(CSP) 429} 430 431 432// 433// Random generation 434// 435kern_return_t tokend_server_generateRandom(TOKEND_ARGS, CONTEXT_ARGS, DATA_OUT(result)) 436{ 437 BEGIN_IPC 438 relocate(context, contextBase, attributes, attrSize); 439 OutputData results(result, resultLength); 440 CALL(generateRandom, (&context, &results)); 441 END_IPC(CSP) 442} 443 444 445// 446// ACL management. 447// Watch out for the memory-management tap-dance. 448// 449kern_return_t tokend_server_getOwner(TOKEND_ARGS, AclKind kind, GenericHandle hHandle, 450 COPY_OUT(AclOwnerPrototype, owner)) 451{ 452 BEGIN_IPC 453 Return<AclOwnerPrototype> proto(owner, ownerLength, ownerBase); 454 switch (kind) { 455 case dbAcl: 456 CALL(getDatabaseOwner, (&proto)); 457 break; 458 case keyAcl: 459 { 460 CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hHandle); 461 CALL(getKeyOwner, (tdHandle, &proto)); 462 } 463 break; 464 case objectAcl: 465 { 466 CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hHandle); 467 CALL(getObjectOwner, (tdHandle, &proto)); 468 } 469 break; 470 case loginAcl: 471 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 472 } 473 END_IPC(CSP) 474} 475 476kern_return_t tokend_server_setOwner(TOKEND_ARGS, AclKind kind, GenericHandle key, 477 COPY_IN(AccessCredentials, cred), COPY_IN(AclOwnerPrototype, owner)) 478{ 479 BEGIN_IPC 480 relocate(cred, credBase); 481 relocate(owner, ownerBase); 482 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 483 END_IPC(CSP) 484} 485 486kern_return_t tokend_server_getAcl(TOKEND_ARGS, AclKind kind, GenericHandle hObject, 487 boolean_t haveTag, const char *inTag, 488 uint32 *countp, COPY_OUT(AclEntryInfo, acls)) 489{ 490 BEGIN_IPC 491 const char *tag = haveTag ? inTag : NULL; 492 AclEntryInfo *infos; 493 switch (kind) { 494 case dbAcl: 495 CALL(getDatabaseAcl, (tag, countp, (CSSM_ACL_ENTRY_INFO**)&infos)); 496 break; 497 case keyAcl: 498 { 499 CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hObject); 500 CALL(getKeyAcl, (tdHandle, tag, countp, (CSSM_ACL_ENTRY_INFO**)&infos)); 501 } 502 break; 503 case objectAcl: 504 { 505 CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hObject); 506 CALL(getObjectAcl, (tdHandle, tag, countp, (CSSM_ACL_ENTRY_INFO**)&infos)); 507 } 508 break; 509 case loginAcl: 510 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 511 } 512 513 // package up (count, infos) as a return blob 514 Copier<AclEntryInfo> aclsOut(infos, *countp); 515 *aclsLength = aclsOut.length(); 516 *acls = *aclsBase = aclsOut; 517 aclsOut.keep(); 518 server->releaseWhenDone(Allocator::standard(), *acls); 519 END_IPC(CSP) 520} 521 522kern_return_t tokend_server_changeAcl(TOKEND_ARGS, AclKind kind, GenericHandle key, 523 COPY_IN(AccessCredentials, cred), CSSM_ACL_EDIT_MODE mode, CSSM_ACL_HANDLE handle, 524 COPY_IN(AclEntryInput, acl)) 525{ 526 BEGIN_IPC 527 relocate(cred, credBase); 528 relocate(acl, aclBase); 529 AclEdit edit(mode, handle, acl); 530 switch (kind) { 531 case dbAcl: 532 CALL(changeDatabaseAcl, (cred, &edit)); 533 break; 534 case keyAcl: 535 { 536 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(key); 537 CALL(changeKeyAcl, (keyHandle, cred, &edit)); 538 } 539 break; 540 case objectAcl: 541 { 542 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(key); 543 CALL(changeObjectAcl, (keyHandle, cred, &edit)); 544 } 545 break; 546 case loginAcl: 547 CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); 548 } 549 END_IPC(CSP) 550} 551 552 553kern_return_t tokend_server_authenticate(TOKEND_ARGS, 554 CSSM_DB_ACCESS_TYPE mode, COPY_IN(AccessCredentials, cred)) 555{ 556 BEGIN_IPC 557 relocate(cred, credBase); 558 CALL(authenticateDatabase, (mode, cred)); 559 END_IPC(DL) 560} 561 562 563kern_return_t tokend_server_login(TOKEND_ARGS, COPY_IN(AccessCredentials, cred), DATA_IN(name)) 564{ 565 BEGIN_IPC 566 relocate(cred, credBase); 567 //CALL(login, (cred)); 568 END_IPC(DL) 569} 570 571kern_return_t tokend_server_logout(TOKEND_ARGS) 572{ 573 BEGIN_IPC 574 //CALL(logout, ()); 575 END_IPC(DL) 576} 577 578 579// 580// Miscellaneous CSP-related calls 581// 582kern_return_t tokend_server_getStatistics(TOKEND_ARGS, CSPOperationalStatistics *statistics) 583{ 584 BEGIN_IPC 585 CALL(getStatistics, (statistics)); 586 END_IPC(CSP) 587} 588 589kern_return_t tokend_server_getTime(TOKEND_ARGS, CSSM_ALGORITHMS algorithm, DATA_OUT(data)) 590{ 591 BEGIN_IPC 592 OutputData datas(data, dataLength); 593 CALL(getTime, (algorithm, &datas)); 594 END_IPC(CSP) 595} 596 597kern_return_t tokend_server_getCounter(TOKEND_ARGS, DATA_OUT(data)) 598{ 599 BEGIN_IPC 600 OutputData datas(data, dataLength); 601 CALL(getCounter, (&datas)); 602 END_IPC(CSP) 603} 604 605kern_return_t tokend_server_selfVerify(TOKEND_ARGS) 606{ 607 BEGIN_IPC 608 CALL(selfVerify, ()); 609 END_IPC(CSP) 610} 611 612 613// 614// Passthrough calls (separate for CSP and DL passthroughs) 615// 616kern_return_t tokend_server_cspPassThrough(TOKEND_ARGS, uint32 id, CONTEXT_ARGS, 617 KeyHandle hKey, COPY_IN(CssmKey, key), DATA_IN(inData), DATA_OUT(outData)) 618{ 619 BEGIN_IPC 620 relocate(context, contextBase, attributes, attrSize); 621 relocate(key, keyBase); 622 const CssmData inDataBlob(DATA(inData)); 623 OutputData outputs(outData, outDataLength); 624 CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey); 625 CALL(cspPassThrough, (id, &context, keyHandle, key, inData ? &inDataBlob : NULL, &outputs)); 626 END_IPC(CSP) 627} 628 629kern_return_t tokend_server_dlPassThrough(TOKEND_ARGS, uint32 id, 630 DATA_IN(inData), DATA_OUT(outData)) 631{ 632 BEGIN_IPC 633 const CssmData inDataBlob(DATA(inData)); 634 OutputData outputs(outData, outDataLength); 635 CALL(dlPassThrough, (id, inData ? &inDataBlob : NULL, &outputs)); 636 END_IPC(DL) 637} 638 639kern_return_t tokend_server_isLocked(TOKEND_ARGS, uint32 *locked) 640{ 641 BEGIN_IPC 642 CALL(isLocked, (locked)); 643 END_IPC(DL) 644} 645