tokend.defs   [plain text]


/*
 *  Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
 *
 *  @APPLE_LICENSE_HEADER_START@
 *  
 *  This file contains Original Code and/or Modifications of Original Code
 *  as defined in and that are subject to the Apple Public Source License
 *  Version 2.0 (the 'License'). You may not use this file except in
 *  compliance with the License. Please obtain a copy of the License at
 *  http://www.opensource.apple.com/apsl/ and read it before using this
 *  file.
 *  
 *  The Original Code and all software distributed under the License are
 *  distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 *  EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 *  INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 *  FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 *  Please see the License for the specific language governing rights and
 *  limitations under the License.
 *  
 *  @APPLE_LICENSE_HEADER_END@
 */
 
/*!
    @header tokend.defs
    @abstract Mach RPC interface between securityd and tokend.
 */

#include <mach/std_types.defs>
#include <mach/mach_types.defs>
#include <securityd_client/ss_types.defs>

subsystem tokend 2000;
serverprefix tokend_server_;
userprefix tokend_client_;

import "tokend.h";
import "tdclient.h";
import <SecurityTokend/tokend_types.h>;


type TokenScore = uint32_t;
type EstablishFlags = uint32_t;
type TokenUidString = c_string[*:256];	//@@@ initial guess


/*
 * Common argument profiles
 */
#define TOKEND_PORTS requestport sport: mach_port_t; \
    replyport rport: mach_port_make_send_t; \
    out rcode: CSSM_RETURN


//
// Setup and control calls
//
routine probe(TOKEND_PORTS; out score: TokenScore; out uid: TokenUidString);

routine establish(TOKEND_PORTS; in guid: Guid; in ssid: uint32;
	in state: uint32; in cacheDirectory: FilePath; in workDirectory: FilePath;
	out mdsDirectory: FilePathOut; out printName: FilePathOut);

simpleroutine terminate(requestport sport: mach_port_t; in reason: uint32; in options: uint32);


//
// DL I/O and search functions
//
routine findFirst(TOKEND_PORTS; IN_BLOB(query,CssmQuery);
	IN_BLOB(inAttributes,CssmDbRecordAttributeData);
	in getData: boolean_t; out data: Data; out hKey: KeyHandle;
	OUT_BLOB(outAttributes,CssmDbRecordAttributeData);
	out search: SearchHandle; out record: RecordHandle);

routine findNext(TOKEND_PORTS; in hSearch: SearchHandle;
	IN_BLOB(inAttributes,CssmDbRecordAttributeData);
	in getData: boolean_t; out data: Data; out hKey: KeyHandle;
	OUT_BLOB(outAttributes,CssmDbRecordAttributeData);
	out record: RecordHandle);
	
routine findRecordHandle(TOKEND_PORTS; in hRecord: RecordHandle;
	IN_BLOB(inAttributes,CssmDbRecordAttributeData);
	in getData: boolean_t; out data: Data; out hKey: KeyHandle;
	OUT_BLOB(outAttributes,CssmDbRecordAttributeData));
	
routine insertRecord(TOKEND_PORTS; in recordType: CSSM_DB_RECORDTYPE;
	IN_BLOB(attributes,CssmDbRecordAttributeData);
	in data: Data; out hRecord: RecordHandle);

routine modifyRecord(TOKEND_PORTS; in recordType: CSSM_DB_RECORDTYPE;
	inout hRecord: RecordHandle; IN_BLOB(attributes,CssmDbRecordAttributeData);
	in setData: boolean_t; in data: Data; in modifyMode: CSSM_DB_MODIFY_MODE);
	
routine deleteRecord(TOKEND_PORTS; in record: RecordHandle);

routine releaseSearch(TOKEND_PORTS; in hSearch: SearchHandle);
routine releaseRecord(TOKEND_PORTS; in hRecord: RecordHandle);


//
// Key management
//
routine releaseKey(TOKEND_PORTS; in key: KeyHandle);
routine queryKeySizeInBits(TOKEND_PORTS; in key: KeyHandle; out length: CSSM_KEY_SIZE);
routine getOutputSize(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle;
    in inputSize: uint32; in encrypt: boolean_t; out outputSize: uint32);


//
// Cryptographic operations
//
routine generateSignature(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle;
    in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; out signature: Data);
routine verifySignature(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle;
	in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; in signature: Data);
routine generateMac(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle;
	in data: Data; out signature: Data);
routine verifyMac(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle;
	in data: Data; in signature: Data);

routine encrypt(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; in clear: Data; out cipher: Data);
routine decrypt(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; in cipher: Data; out clear: Data);

routine generateKey(TOKEND_PORTS; IN_CONTEXT;
	IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
	in keyUsage: uint32; in keyAttrs: uint32;
	out hKey: KeyHandle; out key: CssmKeyBlob; out keyBase: CssmKeyPtr);
routine generateKeyPair(TOKEND_PORTS; IN_CONTEXT;
	IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
	in pubUsage: uint32; in pubAttrs: uint32; in privUsage: uint32; in privAttrs: uint32;
	out hPubKey: KeyHandle; out pubKey: CssmKeyBlob; out pubKeyBase: CssmKeyPtr;
    out hPrivKey: KeyHandle; out privKey: CssmKeyBlob; out privKeyBase: CssmKeyPtr);

routine wrapKey(TOKEND_PORTS; IN_CONTEXT; in hWrappingKey: KeyHandle; IN_BLOB(wrappingKey, CssmKey);
    IN_BLOB(accessCredentials,AccessCredentials);
	in hSubjectKey: KeyHandle; IN_BLOB(subjectKey, CssmKey);
	in data: Data; OUT_BLOB(wrappedKey, CssmKey));
routine unwrapKey(TOKEND_PORTS; IN_CONTEXT; in hWrappingKey: KeyHandle; IN_BLOB(wrappingKey, CssmKey);
	IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
	in hPublicKey: KeyHandle; IN_BLOB(publicKey, CssmKey); IN_BLOB(wrappedKey, CssmKey);
	in usage: uint32; in attributes: uint32; out data: Data; 
    out hKey: KeyHandle; out key: CssmKeyBlob; out keyBase: CssmKeyPtr);
routine deriveKey(TOKEND_PORTS; IN_CONTEXT; in hSourceKey: KeyHandle; IN_BLOB(sourceKey, CssmKey);
	IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
    IN_BLOB(paramInput,CssmDeriveData); out paramOutput: Data;
	in keyUsage: uint32; in keyAttrs: uint32;
	out hKey: KeyHandle; OUT_BLOB(key, CssmKey));

routine generateRandom(TOKEND_PORTS; IN_CONTEXT; out data: Data);


//
// ACL management
//
routine getOwner(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle;
	out proto: AclOwnerPrototypeBlob; out protoBase: AclOwnerPrototypePtr);
routine setOwner(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle;
	IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclOwnerPrototype,AclOwnerPrototype));
routine getAcl(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle;
	in haveTag: boolean_t; in tag: CssmString;
	out count: uint32; out acls: AclEntryInfoBlob; out aclsBase: AclEntryInfoPtr);
routine changeAcl(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle;
	IN_BLOB(accessCredentials,AccessCredentials);
	in mode: CSSM_ACL_EDIT_MODE; in handle: CSSM_ACL_HANDLE;
	IN_BLOB(aclEntryInput,AclEntryInput));

routine authenticate(TOKEND_PORTS;
	in mode: CSSM_DB_ACCESS_TYPE; IN_BLOB(accessCredentials, AccessCredentials));

routine login(TOKEND_PORTS; IN_BLOB(accessCredentials,AccessCredentials); in name: Data);
routine logout(TOKEND_PORTS);

 
//
// Miscellanea
//
routine getStatistics(TOKEND_PORTS; out statistics: CSPOperationalStatistics);
routine getTime(TOKEND_PORTS; in algorithm: CSSM_ALGORITHMS; out data: Data);
routine getCounter(TOKEND_PORTS; out data: Data);
routine selfVerify(TOKEND_PORTS);

routine cspPassThrough(TOKEND_PORTS; in id: uint32; IN_CONTEXT; in hKey: KeyHandle; IN_BLOB(key, CssmKey);
	in inData: Data; out outData: Data);
routine dlPassThrough(TOKEND_PORTS; in id: uint32; in inData: Data; out outData: Data);

routine isLocked(TOKEND_PORTS; out locked: uint32);