#ifndef _H_CONNECTION
#define _H_CONNECTION
#include "securityserver.h"
#include "SecurityAgentClient.h"
#include <Security/osxsigning.h>
#include "process.h"
#include "key.h"
#include <string>
using MachPlusPlus::Port;
using MachPlusPlus::TaskPort;
class Session;
class Connection {
typedef Key::Handle KeyHandle;
public:
Connection(Process &proc, Port rPort);
virtual ~Connection();
void terminate(); bool abort(bool keepReplyPort = false);
Port clientPort() const { return mClientPort; }
void beginWork(); void checkWork(); bool endWork();
void useAgent(SecurityAgent::Client *client)
{ StLock<Mutex> _(lock); agentWait = client; }
void setAclUpdateTrigger(const SecurityServerAcl &object)
{ aclUpdateTrigger = &object; aclUpdateTriggerCount = aclUpdateTriggerLimit + 1; }
bool aclWasSetForUpdateTrigger(const SecurityServerAcl &object) const
{ return aclUpdateTriggerCount > 0 && aclUpdateTrigger == &object; }
Process &process;
public:
void releaseKey(KeyHandle key);
CSSM_KEY_SIZE queryKeySize(Key &key);
void generateSignature(const Context &context, Key &key, CSSM_ALGORITHMS signOnlyAlgorithm,
const CssmData &data, CssmData &signature);
void verifySignature(const Context &context, Key &key, CSSM_ALGORITHMS verifyOnlyAlgorithm,
const CssmData &data, const CssmData &signature);
void generateMac(const Context &context, Key &key,
const CssmData &data, CssmData &mac);
void verifyMac(const Context &context, Key &key,
const CssmData &data, const CssmData &mac);
void encrypt(const Context &context, Key &key, const CssmData &clear, CssmData &cipher);
void decrypt(const Context &context, Key &key, const CssmData &cipher, CssmData &clear);
void generateKey(Database *db, const Context &context,
const AccessCredentials *cred, const AclEntryPrototype *owner,
uint32 usage, uint32 attrs, Key * &newKey);
void generateKey(Database *db, const Context &context,
const AccessCredentials *cred, const AclEntryPrototype *owner,
uint32 pubUsage, uint32 pubAttrs, uint32 privUsage, uint32 privAttrs,
Key * &publicKey, Key * &privateKey);
Key &deriveKey(Database *db, const Context &context, Key *key,
const AccessCredentials *cred, const AclEntryPrototype *owner,
CssmData *param, uint32 usage, uint32 attrs);
void wrapKey(const Context &context, Key *key,
Key &keyToBeWrapped, const AccessCredentials *cred,
const CssmData &descriptiveData, CssmKey &wrappedKey);
Key &unwrapKey(Database *db, const Context &context, Key *key,
const AccessCredentials *cred, const AclEntryPrototype *owner,
uint32 usage, uint32 attrs, const CssmKey wrappedKey,
Key *publicKey, CssmData *descriptiveData);
uint32 getOutputSize(const Context &context, Key &key, uint32 inputSize, bool encrypt = true);
private:
Port mClientPort;
Mutex lock;
enum State {
idle, busy, dying } state;
SecurityAgent::Client *agentWait;
const SecurityServerAcl *aclUpdateTrigger; uint8 aclUpdateTriggerCount; static const uint8 aclUpdateTriggerLimit = 3; };
#endif //_H_CONNECTION