1/*
2 *  Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 *  @APPLE_LICENSE_HEADER_START@
5 *
6 *  This file contains Original Code and/or Modifications of Original Code
7 *  as defined in and that are subject to the Apple Public Source License
8 *  Version 2.0 (the 'License'). You may not use this file except in
9 *  compliance with the License. Please obtain a copy of the License at
10 *  http://www.opensource.apple.com/apsl/ and read it before using this
11 *  file.
12 *
13 *  The Original Code and all software distributed under the License are
14 *  distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 *  EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 *  INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 *  FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 *  Please see the License for the specific language governing rights and
19 *  limitations under the License.
20 *
21 *  @APPLE_LICENSE_HEADER_END@
22 */
23#include "transit.h"
24
25using namespace Security::Tokend;
26
27
28//
29// Server inbound transition layer.
30// These are C functions in the global namespace, called by the MIG dispatch.
31//
32
33
34//
35// Probe: Examine token, determine score, and generate token uid string
36//
37kern_return_t tokend_server_probe(TOKEND_ARGS, TokenScore *score, TokenUidString uid)
38{
39	BEGIN_IPC
40	uid[0] = '\0';	// default to no uid obtained
41	CALL(probe, (kSecTokendCallbacksDefault, score, uid));
42    // We do not support 32 bit tokends on 10.6 and later
43    // since securityd always runs 64 bit
44    if (sizeof(int*) == 4)
45    {
46		Syslog::error("32-bit tokends not supported");
47		CssmError::throwMe(CSSMERR_CSP_DEVICE_ERROR);
48    }
49	uid[TOKEND_MAX_UID-1] = '\0'; // enforce null termination
50	server->tokenUid(uid);
51	END_IPC(CSSM)
52}
53
54
55//
56// Establish: take securityd's information and stash it away;
57// determine MDS resources and return them.
58//
59kern_return_t tokend_server_establish(TOKEND_ARGS,
60	CSSM_GUID guid, uint32 ssid, SecTokendEstablishFlags flags,
61	const char *cacheDirectory, const char *workDirectory,
62	char mdsDirectory[PATH_MAX], char printName[PATH_MAX])
63{
64	BEGIN_IPC
65	mdsDirectory[0] = '\0';		// default to all resources
66	printName[0] = '\0';		// default to no print name
67	CALL(establish, (&guid, ssid, flags, cacheDirectory, workDirectory, mdsDirectory, printName));
68	END_IPC(CSSM)
69}
70
71
72//
73// Induce termination
74//
75kern_return_t tokend_server_terminate(mach_port_t servicePort, uint32 reason, uint32 options)
76{
77	server->termination(reason, options);
78}
79
80
81//
82// Find/retrieve interface
83//
84kern_return_t tokend_server_findFirst(TOKEND_ARGS,
85	COPY_IN(CssmQuery, query),
86	COPY_IN(CssmDbRecordAttributeData, inAttributes),
87	boolean_t getData, DATA_OUT(outData), KeyHandle *hKey,
88	COPY_OUT(CssmDbRecordAttributeData, outAttributes),
89	SearchHandle *hSearch, RecordHandle *hRecord)
90{
91	BEGIN_IPC
92	relocate(query, queryBase);
93	relocate(inAttributes, inAttributesBase);
94	DataRetrieval interface(inAttributes, getData);
95    CSSM_HANDLE searchHandle = 0;
96	CALL(findFirst, (query, &interface, &searchHandle));
97	interface.returnData(*hKey, *hRecord, *outData, *outDataLength,
98		*outAttributes, *outAttributesLength, *outAttributesBase);
99	/*
100		findFirst and findNext do not return an error if nothing was found.
101		Instead, hKey and hRecord are set to 0. In this case, we don't want to
102		set up a search handle
103	*/
104	if (searchHandle)
105		*hSearch = TokendHandleObject::make(searchHandle)->ipcHandle();
106	server->releaseWhenDone(Allocator::standard(), *outAttributes);
107	END_IPC(DL)
108}
109
110
111kern_return_t tokend_server_findNext(TOKEND_ARGS, SearchHandle hSearch,
112	COPY_IN(CssmDbRecordAttributeData, inAttributes),
113	boolean_t getData, DATA_OUT(outData), KeyHandle *hKey,
114	COPY_OUT(CssmDbRecordAttributeData, outAttributes),
115	RecordHandle *hRecord)
116{
117	BEGIN_IPC
118	relocate(inAttributes, inAttributesBase);
119	DataRetrieval interface(inAttributes, getData);
120    CSSM_HANDLE searchHandle = TokendHandleObject::findTDHandle(hSearch);
121	CALL(findNext, (searchHandle, &interface));
122	interface.returnData(*hKey, *hRecord, *outData, *outDataLength,
123		*outAttributes, *outAttributesLength, *outAttributesBase);
124	server->releaseWhenDone(Allocator::standard(), *outAttributes);
125	END_IPC(DL)
126}
127
128
129kern_return_t tokend_server_findRecordHandle(TOKEND_ARGS, RecordHandle hRecord,
130	COPY_IN(CssmDbRecordAttributeData, inAttributes),
131	boolean_t getData, DATA_OUT(outData), KeyHandle *hKey,
132	COPY_OUT(CssmDbRecordAttributeData, outAttributes))
133{
134	BEGIN_IPC
135	relocate(inAttributes, inAttributesBase);
136	DataRetrieval interface(inAttributes, getData);
137    CSSM_HANDLE recordHandle = TokendHandleObject::findTDHandle(hRecord);
138	CALL(findRecordHandle, (recordHandle, &interface));
139	interface.returnData(*hKey, hRecord, *outData, *outDataLength,
140		*outAttributes, *outAttributesLength, *outAttributesBase);
141	server->releaseWhenDone(Allocator::standard(), *outAttributes);
142	END_IPC(DL)
143}
144
145
146kern_return_t tokend_server_insertRecord(TOKEND_ARGS, CSSM_DB_RECORDTYPE recordType,
147	COPY_IN(CssmDbRecordAttributeData, attributes), DATA_IN(data),
148	RecordHandle *hRecord)
149{
150	BEGIN_IPC
151	relocate(attributes, attributesBase);
152	const CssmData dataBlob(DATA(data));
153    CSSM_HANDLE recordHandle;
154	CALL(insertRecord, (recordType, attributes, data ? &dataBlob : NULL, &recordHandle));
155    *hRecord = TokendHandleObject::make(recordHandle)->ipcHandle();
156	END_IPC(DL)
157}
158
159
160kern_return_t tokend_server_modifyRecord(TOKEND_ARGS, CSSM_DB_RECORDTYPE recordType,
161	RecordHandle *hRecord, COPY_IN(CssmDbRecordAttributeData, attributes),
162	boolean_t setData, DATA_IN(data), CSSM_DB_MODIFY_MODE modifyMode)
163{
164	BEGIN_IPC
165	relocate(attributes, attributesBase);
166	const CssmData dataBlob(DATA(data));
167    CSSM_HANDLE recordHandle;
168	CALL(modifyRecord, (recordType, &recordHandle, attributes,
169		setData ? &dataBlob : NULL, modifyMode));
170    *hRecord = TokendHandleObject::make(recordHandle)->ipcHandle();
171	END_IPC(DL)
172}
173
174
175kern_return_t tokend_server_deleteRecord(TOKEND_ARGS, RecordHandle hRecord)
176{
177	BEGIN_IPC
178    CSSM_HANDLE recordHandle = TokendHandleObject::findTDHandle(hRecord);
179	CALL(deleteRecord, (recordHandle));
180	END_IPC(DL)
181}
182
183
184kern_return_t tokend_server_releaseSearch(TOKEND_ARGS, SearchHandle hSearch)
185{
186	BEGIN_IPC
187    CSSM_HANDLE searchHandle = TokendHandleObject::findTDHandle(hSearch);
188	CALL(releaseSearch, (searchHandle));
189	END_IPC(DL)
190}
191
192kern_return_t tokend_server_releaseRecord(TOKEND_ARGS, RecordHandle hRecord)
193{
194	BEGIN_IPC
195    CSSM_HANDLE recordHandle = TokendHandleObject::findTDHandle(hRecord);
196	CALL(releaseRecord, (recordHandle));
197	END_IPC(DL)
198}
199
200
201//
202// Key management
203//
204kern_return_t tokend_server_releaseKey(TOKEND_ARGS, KeyHandle hKey)
205{
206	BEGIN_IPC
207    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
208	CALL(releaseKey, (keyHandle));
209	END_IPC(DL)
210}
211
212kern_return_t tokend_server_queryKeySizeInBits(TOKEND_ARGS, KeyHandle hKey,
213	CSSM_KEY_SIZE *size)
214{
215	BEGIN_IPC
216    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
217	CALL(getKeySize, (keyHandle, size));
218	END_IPC(CSP)
219}
220
221kern_return_t tokend_server_getOutputSize(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
222    uint32 inputSize, boolean_t encrypt, uint32 *outputSize)
223{
224    BEGIN_IPC
225	relocate(context, contextBase, attributes, attrSize);
226    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
227	CALL(getOutputSize, (&context, keyHandle, inputSize, encrypt, outputSize));
228    END_IPC(CSP)
229}
230
231
232//
233// Signatures and MACs
234//
235kern_return_t tokend_server_generateSignature(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
236        CSSM_ALGORITHMS signOnlyAlgorithm, DATA_IN(data), DATA_OUT(signature))
237{
238	BEGIN_IPC
239	relocate(context, contextBase, attributes, attrSize);
240	const CssmData dataBlob(DATA(data));
241	OutputData sigData(signature, signatureLength);
242    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
243	CALL(generateSignature, (&context, keyHandle, signOnlyAlgorithm,
244		&dataBlob, &sigData));
245	END_IPC(CSP)
246}
247
248kern_return_t tokend_server_verifySignature(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
249		CSSM_ALGORITHMS verifyOnlyAlgorithm, DATA_IN(data), DATA_IN(signature))
250{
251	BEGIN_IPC
252	relocate(context, contextBase, attributes, attrSize);
253	const CssmData dataBlob(DATA(data));
254	const CssmData signatureBlob(DATA(signature));
255    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
256	CALL(verifySignature, (&context, keyHandle, verifyOnlyAlgorithm, &dataBlob, &signatureBlob));
257	END_IPC(CSP)
258}
259
260kern_return_t tokend_server_generateMac(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
261		DATA_IN(data), DATA_OUT(mac))
262{
263	BEGIN_IPC
264	relocate(context, contextBase, attributes, attrSize);
265	const CssmData dataBlob(DATA(data));
266	OutputData macData(mac, macLength);
267    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
268	CALL(generateMac, (&context, keyHandle, &dataBlob, &macData));
269	END_IPC(CSP)
270}
271
272kern_return_t tokend_server_verifyMac(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
273		DATA_IN(data), DATA_IN(mac))
274{
275	BEGIN_IPC
276	relocate(context, contextBase, attributes, attrSize);
277	const CssmData dataBlob(DATA(data));
278	const CssmData macBlob(DATA(mac));
279    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
280	CALL(verifyMac, (&context, keyHandle, &dataBlob, &macBlob));
281	END_IPC(CSP)
282}
283
284
285//
286// Encryption/Decryption
287//
288kern_return_t tokend_server_encrypt(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
289	DATA_IN(clear), DATA_OUT(cipher))
290{
291	BEGIN_IPC
292	relocate(context, contextBase, attributes, attrSize);
293	const CssmData clearBlob(DATA(clear));
294	OutputData cipherOut(cipher, cipherLength);
295    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
296	CALL(encrypt, (&context, keyHandle, &clearBlob, &cipherOut));
297	END_IPC(CSP)
298}
299
300kern_return_t tokend_server_decrypt(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
301	DATA_IN(cipher), DATA_OUT(clear))
302{
303	BEGIN_IPC
304	relocate(context, contextBase, attributes, attrSize);
305	const CssmData cipherBlob(DATA(cipher));
306	OutputData clearOut(clear, clearLength);
307    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
308	CALL(decrypt, (&context, keyHandle, &cipherBlob, &clearOut));
309	END_IPC(CSP)
310}
311
312
313//
314// Key generation
315//
316kern_return_t tokend_server_generateKey(TOKEND_ARGS, CONTEXT_ARGS,
317	COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner),
318	uint32 usage, uint32 attrs, KeyHandle *hKey, COPY_OUT(CssmKey, key))
319{
320	BEGIN_IPC
321	relocate(context, contextBase, attributes, attrSize);
322    relocate(cred, credBase);
323	relocate(owner, ownerBase);
324	Return<CssmKey> rKey(key, keyLength, keyBase);
325    CSSM_HANDLE keyHandle;
326	CALL(generateKey, (&context, cred, owner, usage, attrs, &keyHandle, &rKey));
327    *hKey = TokendHandleObject::make(keyHandle)->ipcHandle();
328	END_IPC(CSP)
329}
330
331kern_return_t tokend_server_generateKeyPair(TOKEND_ARGS, CONTEXT_ARGS,
332	COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner),
333	CSSM_KEYUSE pubUsage, CSSM_KEYATTR_FLAGS pubAttrs,
334	CSSM_KEYUSE privUsage, CSSM_KEYATTR_FLAGS privAttrs,
335	KeyHandle *hPubKey, COPY_OUT(CssmKey, pubKey),
336	KeyHandle *hPrivKey, COPY_OUT(CssmKey, privKey))
337{
338	BEGIN_IPC
339	relocate(context, contextBase, attributes, attrSize);
340    relocate(cred, credBase);
341	relocate(owner, ownerBase);
342	Return<CssmKey> rPubKey(pubKey, pubKeyLength, pubKeyBase);
343	Return<CssmKey> rPrivKey(privKey, privKeyLength, privKeyBase);
344    CSSM_HANDLE cssmPubKey, cssmPrivKey;
345	CALL(generateKeyPair, (&context, cred, owner,
346		pubUsage, pubAttrs, privUsage, privAttrs,
347		&cssmPubKey, &rPubKey, &cssmPrivKey, &rPrivKey));
348    *hPubKey = TokendHandleObject::make(cssmPubKey)->ipcHandle();
349    *hPrivKey = TokendHandleObject::make(cssmPrivKey)->ipcHandle();
350	END_IPC(CSP)
351}
352
353
354//
355// Key wrapping and unwrapping
356//
357kern_return_t tokend_server_wrapKey(TOKEND_ARGS, CONTEXT_ARGS,
358	KeyHandle hWrappingKey, COPY_IN(CssmKey, wrappingKey),
359	COPY_IN(AccessCredentials, cred),
360	KeyHandle hSubjectKey, COPY_IN(CssmKey, subjectKey),
361	DATA_IN(descriptiveData), COPY_OUT(CssmWrappedKey, wrappedKey))
362{
363	BEGIN_IPC
364	relocate(context, contextBase, attributes, attrSize);
365    relocate(cred, credBase);
366	relocate(wrappingKey, wrappingKeyBase);
367	relocate(subjectKey, subjectKeyBase);
368	CssmData ddata(DATA(descriptiveData));
369	Return<CssmKey> rKey(wrappedKey, wrappedKeyLength, wrappedKeyBase);
370    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hSubjectKey);
371	CALL(wrapKey, (&context, hWrappingKey, wrappingKey, cred,
372		keyHandle, subjectKey, descriptiveData ? &ddata : NULL, &rKey));
373	END_IPC(CSP)
374}
375
376kern_return_t tokend_server_unwrapKey(TOKEND_ARGS, CONTEXT_ARGS,
377	KeyHandle hWrappingKey, COPY_IN(CssmKey, wrappingKey),
378	COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner),
379	KeyHandle hPublicKey, COPY_IN(CssmKey, publicKey),
380	COPY_IN(CssmWrappedKey, wrappedKey),
381	uint32 usage, uint32 attrs, DATA_OUT(descriptiveData),
382    KeyHandle *hUnwrappedKey, COPY_OUT(CssmKey, unwrappedKey))
383{
384	BEGIN_IPC
385	relocate(context, contextBase, attributes, attrSize);
386    relocate(cred, credBase);
387	relocate(owner, ownerBase);
388	relocate(wrappingKey, wrappingKeyBase);
389	relocate(publicKey, publicKeyBase);
390	relocate(wrappedKey, wrappedKeyBase);
391	Return<CssmKey> rKey(unwrappedKey, unwrappedKeyLength, unwrappedKeyBase);
392	OutputData descriptives(descriptiveData, descriptiveDataLength);
393    CSSM_HANDLE cssmUnwrappedKey;
394    CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hPublicKey);
395	CSSM_HANDLE wrapKeyHandle = TokendHandleObject::findTDHandle(hWrappingKey);
396	CALL(unwrapKey, (&context, wrapKeyHandle, wrappingKey, cred, owner,
397		keyHandle, publicKey, wrappedKey,
398		usage, attrs, &descriptives, &cssmUnwrappedKey, &rKey));
399    *hUnwrappedKey = TokendHandleObject::make(cssmUnwrappedKey)->ipcHandle();
400	END_IPC(CSP)
401}
402
403
404//
405// Key derivation.
406//
407kern_return_t tokend_server_deriveKey(TOKEND_ARGS, CONTEXT_ARGS,
408	KeyHandle hBaseKey, COPY_IN(CssmKey, baseKey),
409	COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner),
410    COPY_IN(CssmDeriveData,paramInput), DATA_OUT(paramOutput),
411	CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attrs,
412	KeyHandle *hKey, COPY_OUT(CssmKey, key))
413{
414	BEGIN_IPC
415	relocate(context, contextBase, attributes, attrSize);
416    relocate(cred, credBase);
417	relocate(owner, ownerBase);
418	relocate(baseKey, baseKeyBase);
419	relocate(paramInput, paramInputBase);
420	if (!paramInput || paramInput->algorithm != context.algorithm())
421		CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS);
422	Return<CssmKey> rKey(key, keyLength, keyBase);
423    CSSM_HANDLE cssmKeyHandle;
424	CALL(deriveKey, (&context, hBaseKey, baseKey, cred, owner, &paramInput->baseData,
425		usage, attrs, &cssmKeyHandle, &rKey));
426    *hKey = TokendHandleObject::make(cssmKeyHandle)->ipcHandle();
427	OutputData(paramOutput, paramOutputLength) = paramInput->baseData;
428	END_IPC(CSP)
429}
430
431
432//
433// Random generation
434//
435kern_return_t tokend_server_generateRandom(TOKEND_ARGS, CONTEXT_ARGS, DATA_OUT(result))
436{
437	BEGIN_IPC
438	relocate(context, contextBase, attributes, attrSize);
439	OutputData results(result, resultLength);
440	CALL(generateRandom, (&context, &results));
441	END_IPC(CSP)
442}
443
444
445//
446// ACL management.
447// Watch out for the memory-management tap-dance.
448//
449kern_return_t tokend_server_getOwner(TOKEND_ARGS, AclKind kind, GenericHandle hHandle,
450	COPY_OUT(AclOwnerPrototype, owner))
451{
452	BEGIN_IPC
453	Return<AclOwnerPrototype> proto(owner, ownerLength, ownerBase);
454	switch (kind) {
455	case dbAcl:
456		CALL(getDatabaseOwner, (&proto));
457		break;
458	case keyAcl:
459		{
460			CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hHandle);
461			CALL(getKeyOwner, (tdHandle, &proto));
462		}
463		break;
464	case objectAcl:
465		{
466			CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hHandle);
467			CALL(getObjectOwner, (tdHandle, &proto));
468		}
469		break;
470	case loginAcl:
471		CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
472	}
473	END_IPC(CSP)
474}
475
476kern_return_t tokend_server_setOwner(TOKEND_ARGS, AclKind kind, GenericHandle key,
477	COPY_IN(AccessCredentials, cred), COPY_IN(AclOwnerPrototype, owner))
478{
479	BEGIN_IPC
480    relocate(cred, credBase);
481	relocate(owner, ownerBase);
482	CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
483	END_IPC(CSP)
484}
485
486kern_return_t tokend_server_getAcl(TOKEND_ARGS, AclKind kind, GenericHandle hObject,
487	boolean_t haveTag, const char *inTag,
488	uint32 *countp, COPY_OUT(AclEntryInfo, acls))
489{
490	BEGIN_IPC
491	const char *tag = haveTag ? inTag : NULL;
492	AclEntryInfo *infos;
493	switch (kind) {
494	case dbAcl:
495		CALL(getDatabaseAcl, (tag, countp, (CSSM_ACL_ENTRY_INFO**)&infos));
496		break;
497	case keyAcl:
498		{
499			CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hObject);
500			CALL(getKeyAcl, (tdHandle, tag, countp, (CSSM_ACL_ENTRY_INFO**)&infos));
501		}
502		break;
503	case objectAcl:
504		{
505			CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hObject);
506			CALL(getObjectAcl, (tdHandle, tag, countp, (CSSM_ACL_ENTRY_INFO**)&infos));
507		}
508		break;
509	case loginAcl:
510		CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
511	}
512
513	// package up (count, infos) as a return blob
514	Copier<AclEntryInfo> aclsOut(infos, *countp);
515	*aclsLength = aclsOut.length();
516	*acls = *aclsBase = aclsOut;
517	aclsOut.keep();
518	server->releaseWhenDone(Allocator::standard(), *acls);
519	END_IPC(CSP)
520}
521
522kern_return_t tokend_server_changeAcl(TOKEND_ARGS, AclKind kind, GenericHandle key,
523	COPY_IN(AccessCredentials, cred), CSSM_ACL_EDIT_MODE mode, CSSM_ACL_HANDLE handle,
524	COPY_IN(AclEntryInput, acl))
525{
526	BEGIN_IPC
527    relocate(cred, credBase);
528	relocate(acl, aclBase);
529	AclEdit edit(mode, handle, acl);
530	switch (kind) {
531	case dbAcl:
532		CALL(changeDatabaseAcl, (cred, &edit));
533		break;
534	case keyAcl:
535		{
536			CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(key);
537			CALL(changeKeyAcl, (keyHandle, cred, &edit));
538		}
539		break;
540	case objectAcl:
541		{
542			CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(key);
543			CALL(changeObjectAcl, (keyHandle, cred, &edit));
544		}
545		break;
546	case loginAcl:
547		CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
548	}
549	END_IPC(CSP)
550}
551
552
553kern_return_t tokend_server_authenticate(TOKEND_ARGS,
554	CSSM_DB_ACCESS_TYPE mode, COPY_IN(AccessCredentials, cred))
555{
556	BEGIN_IPC
557	relocate(cred, credBase);
558	CALL(authenticateDatabase, (mode, cred));
559	END_IPC(DL)
560}
561
562
563kern_return_t tokend_server_login(TOKEND_ARGS, COPY_IN(AccessCredentials, cred), DATA_IN(name))
564{
565	BEGIN_IPC
566	relocate(cred, credBase);
567	//CALL(login, (cred));
568	END_IPC(DL)
569}
570
571kern_return_t tokend_server_logout(TOKEND_ARGS)
572{
573	BEGIN_IPC
574	//CALL(logout, ());
575	END_IPC(DL)
576}
577
578
579//
580// Miscellaneous CSP-related calls
581//
582kern_return_t tokend_server_getStatistics(TOKEND_ARGS, CSPOperationalStatistics *statistics)
583{
584	BEGIN_IPC
585	CALL(getStatistics, (statistics));
586	END_IPC(CSP)
587}
588
589kern_return_t tokend_server_getTime(TOKEND_ARGS, CSSM_ALGORITHMS algorithm, DATA_OUT(data))
590{
591	BEGIN_IPC
592	OutputData datas(data, dataLength);
593	CALL(getTime, (algorithm, &datas));
594	END_IPC(CSP)
595}
596
597kern_return_t tokend_server_getCounter(TOKEND_ARGS, DATA_OUT(data))
598{
599	BEGIN_IPC
600	OutputData datas(data, dataLength);
601	CALL(getCounter, (&datas));
602	END_IPC(CSP)
603}
604
605kern_return_t tokend_server_selfVerify(TOKEND_ARGS)
606{
607	BEGIN_IPC
608	CALL(selfVerify, ());
609	END_IPC(CSP)
610}
611
612
613//
614// Passthrough calls (separate for CSP and DL passthroughs)
615//
616kern_return_t tokend_server_cspPassThrough(TOKEND_ARGS, uint32 id, CONTEXT_ARGS,
617	KeyHandle hKey, COPY_IN(CssmKey, key), DATA_IN(inData), DATA_OUT(outData))
618{
619	BEGIN_IPC
620	relocate(context, contextBase, attributes, attrSize);
621	relocate(key, keyBase);
622	const CssmData inDataBlob(DATA(inData));
623	OutputData outputs(outData, outDataLength);
624	CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
625	CALL(cspPassThrough, (id, &context, keyHandle, key, inData ? &inDataBlob : NULL, &outputs));
626	END_IPC(CSP)
627}
628
629kern_return_t tokend_server_dlPassThrough(TOKEND_ARGS, uint32 id,
630	DATA_IN(inData), DATA_OUT(outData))
631{
632	BEGIN_IPC
633	const CssmData inDataBlob(DATA(inData));
634	OutputData outputs(outData, outDataLength);
635	CALL(dlPassThrough, (id, inData ? &inDataBlob : NULL, &outputs));
636	END_IPC(DL)
637}
638
639kern_return_t tokend_server_isLocked(TOKEND_ARGS, uint32 *locked)
640{
641	BEGIN_IPC
642	CALL(isLocked, (locked));
643	END_IPC(DL)
644}
645