#ifndef _H_CSPSESSION
#define _H_CSPSESSION
#include <security_cdsa_plugin/CSPabstractsession.h>
#include <map>
namespace Security {
class CSPPluginSession : public PluginSession, public CSPAbstractPluginSession {
public:
CSPPluginSession(CSSM_MODULE_HANDLE theHandle,
CssmPlugin &plug,
const CSSM_VERSION &version,
uint32 subserviceId,
CSSM_SERVICE_TYPE subserviceType,
CSSM_ATTACH_FLAGS attachFlags,
const CSSM_UPCALLS &upcalls)
: PluginSession(theHandle, plug, version, subserviceId, subserviceType, attachFlags, upcalls) { }
void EventNotify(CSSM_CONTEXT_EVENT e,
CSSM_CC_HANDLE ccHandle, const Context &context);
CSSM_MODULE_FUNCS_PTR construct();
public:
class PluginContext {
public:
virtual bool changed(const Context &context);
virtual ~PluginContext();
};
public:
bool loggedIn() const { return mLoggedIn; }
bool loggedIn(bool li) { bool old = mLoggedIn; mLoggedIn = li; return old; }
template <class Ctx> Ctx *getContext(CSSM_CC_HANDLE handle)
{ StLock<Mutex> _(contextMapLock); return safe_cast<Ctx *>(contextMap[handle]); }
void setContext(CSSM_CC_HANDLE handle, PluginContext *ctx)
{ StLock<Mutex> _(contextMapLock); contextMap[handle] = ctx; }
public:
virtual PluginContext *contextCreate(CSSM_CC_HANDLE handle, const Context &context);
virtual void contextUpdate(CSSM_CC_HANDLE handle,
const Context &context, PluginContext * &ctx);
virtual void contextDelete(CSSM_CC_HANDLE handle, const Context &context, PluginContext *ctx);
private:
bool mLoggedIn;
map<CSSM_CC_HANDLE, PluginContext *> contextMap;
Mutex contextMapLock;
};
class CSPFullPluginSession : public CSPPluginSession {
public:
class CSPContext;
class AlgorithmFactory;
CSPFullPluginSession(CSSM_MODULE_HANDLE theHandle,
CssmPlugin &plug,
const CSSM_VERSION &version,
uint32 subserviceId,
CSSM_SERVICE_TYPE subserviceType,
CSSM_ATTACH_FLAGS attachFlags,
const CSSM_UPCALLS &upcalls)
: CSPPluginSession(theHandle, plug, version,
subserviceId, subserviceType, attachFlags, upcalls) { }
CSPContext *init(CSSM_CC_HANDLE ccHandle, CSSM_CONTEXT_TYPE type,
const Context &context, bool encoding = true);
CSPContext *getStagedContext(CSSM_CC_HANDLE ccHandle,
CSSM_CONTEXT_TYPE type, bool encoding = true);
static const uint32 CSSM_ALGCLASS_CRYPT = 1001;
protected:
void checkOperation(CSSM_CONTEXT_TYPE ctxType, CSSM_CONTEXT_TYPE opType);
protected:
class Writer {
public:
Writer(CssmData *v, uint32 n, CssmData *rem = NULL);
bool isExtensible() const
{ return !*vec || (remData && !*remData); }
void allocate(size_t needed, Allocator &alloc);
void put(void *addr, size_t size);
void nextBlock(void * &p, size_t &sz);
void use(size_t sz);
size_t close();
private:
CssmData *vec; CssmData *firstVec; CssmData *lastVec; CssmData *remData;
void *currentBuffer; size_t currentSize;
size_t written;
void useData(CssmData *data)
{ currentBuffer = data->data(); currentSize = data->length(); }
};
public:
static CssmData makeBuffer(size_t size, Allocator &alloc);
static size_t totalBufferSize(const CssmData *data, uint32 count);
void setKey(CssmKey &key,
const Context &context, CSSM_KEYCLASS keyClass,
CSSM_KEYATTR_FLAGS attrs, CSSM_KEYUSE use);
public:
class CSPContext : public PluginContext {
friend class CSPFullPluginSession;
public:
CSSM_CONTEXT_TYPE type() const { return mType; }
bool encoding() const { return mDirection; }
virtual void init(const Context &context, bool encoding = true);
virtual void update(const CssmData &data); virtual void update(void *inp, size_t &inSize, void *outp, size_t &outSize); virtual void final(CssmData &out); virtual void final(const CssmData &in); virtual void generate(const Context &context, CssmKey &pubKey, CssmKey &privKey);
virtual void generate(const Context &context, uint32,
CssmData ¶ms, uint32 &attrCount, Context::Attr * &attrs);
virtual CSPContext *clone(Allocator &); virtual void setDigestAlgorithm(CSSM_ALGORITHMS digestAlg);
virtual size_t inputSize(size_t outSize); virtual size_t outputSize(bool final = false, size_t inSize = 0); virtual void minimumProgress(size_t &in, size_t &out);
protected:
void update(const CssmData *in, uint32 inCount, Writer &writer);
void final(CssmData &out, Allocator &alloc);
void final(Writer &writer, Allocator &alloc);
void update(const CssmData *in, uint32 inCount)
{ for (uint32 n = 0; n < inCount; n++) update(in[n]); }
void checkOperation(CSSM_CONTEXT_TYPE type);
void checkOperation(CSSM_CONTEXT_TYPE type, bool encode);
CSSM_CONTEXT_TYPE mType; bool mDirection; };
protected:
virtual void setupContext(CSPContext * &ctx, const Context &context, bool encoding) = 0;
virtual void getKeySize(const CssmKey &key, CSSM_KEY_SIZE &size);
public:
class AlgorithmFactory {
public:
virtual ~AlgorithmFactory();
virtual bool setup(CSPContext * &ctx, const Context &context) = 0;
};
public:
void EncryptData(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmData ClearBufs[],
uint32 ClearBufCount,
CssmData CipherBufs[],
uint32 CipherBufCount,
CSSM_SIZE &bytesEncrypted,
CssmData &RemData,
CSSM_PRIVILEGE Privilege);
void EncryptDataInit(CSSM_CC_HANDLE CCHandle,
const Context &Context,
CSSM_PRIVILEGE Privilege);
void EncryptDataUpdate(CSSM_CC_HANDLE CCHandle,
const CssmData ClearBufs[],
uint32 ClearBufCount,
CssmData CipherBufs[],
uint32 CipherBufCount,
CSSM_SIZE &bytesEncrypted);
void EncryptDataFinal(CSSM_CC_HANDLE CCHandle,
CssmData &RemData);
void DecryptData(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmData CipherBufs[],
uint32 CipherBufCount,
CssmData ClearBufs[],
uint32 ClearBufCount,
CSSM_SIZE &bytesDecrypted,
CssmData &RemData,
CSSM_PRIVILEGE Privilege);
void DecryptDataInit(CSSM_CC_HANDLE CCHandle,
const Context &Context,
CSSM_PRIVILEGE Privilege);
void DecryptDataUpdate(CSSM_CC_HANDLE CCHandle,
const CssmData CipherBufs[],
uint32 CipherBufCount,
CssmData ClearBufs[],
uint32 ClearBufCount,
CSSM_SIZE &bytesDecrypted);
void DecryptDataFinal(CSSM_CC_HANDLE CCHandle,
CssmData &RemData);
void QuerySize(CSSM_CC_HANDLE CCHandle,
const Context &Context,
CSSM_BOOL Encrypt,
uint32 QuerySizeCount,
QuerySizeData *DataBlock);
void WrapKey(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const AccessCredentials &AccessCred,
const CssmKey &Key,
const CssmData *DescriptiveData,
CssmKey &WrappedKey,
CSSM_PRIVILEGE Privilege);
void UnwrapKey(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmKey *PublicKey,
const CssmKey &WrappedKey,
uint32 KeyUsage,
uint32 KeyAttr,
const CssmData *KeyLabel,
const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
CssmKey &UnwrappedKey,
CssmData &DescriptiveData,
CSSM_PRIVILEGE Privilege);
void DeriveKey(CSSM_CC_HANDLE CCHandle,
const Context &Context,
CssmData &Param,
uint32 KeyUsage,
uint32 KeyAttr,
const CssmData *KeyLabel,
const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
CssmKey &DerivedKey);
void GenerateMac(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmData DataBufs[],
uint32 DataBufCount,
CssmData &Mac);
void GenerateMacInit(CSSM_CC_HANDLE CCHandle,
const Context &Context);
void GenerateMacUpdate(CSSM_CC_HANDLE CCHandle,
const CssmData DataBufs[],
uint32 DataBufCount);
void GenerateMacFinal(CSSM_CC_HANDLE CCHandle,
CssmData &Mac);
void VerifyMac(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmData DataBufs[],
uint32 DataBufCount,
const CssmData &Mac);
virtual void VerifyMacInit(CSSM_CC_HANDLE CCHandle,
const Context &Context);
virtual void VerifyMacUpdate(CSSM_CC_HANDLE CCHandle,
const CssmData DataBufs[],
uint32 DataBufCount);
virtual void VerifyMacFinal(CSSM_CC_HANDLE CCHandle,
const CssmData &Mac);
void SignData(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmData DataBufs[],
uint32 DataBufCount,
CSSM_ALGORITHMS DigestAlgorithm,
CssmData &Signature);
void SignDataInit(CSSM_CC_HANDLE CCHandle,
const Context &Context);
void SignDataUpdate(CSSM_CC_HANDLE CCHandle,
const CssmData DataBufs[],
uint32 DataBufCount);
void SignDataFinal(CSSM_CC_HANDLE CCHandle,
CssmData &Signature);
void VerifyData(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmData DataBufs[],
uint32 DataBufCount,
CSSM_ALGORITHMS DigestAlgorithm,
const CssmData &Signature);
virtual void VerifyDataInit(CSSM_CC_HANDLE CCHandle,
const Context &Context);
virtual void VerifyDataUpdate(CSSM_CC_HANDLE CCHandle,
const CssmData DataBufs[],
uint32 DataBufCount);
virtual void VerifyDataFinal(CSSM_CC_HANDLE CCHandle,
const CssmData &Signature);
void DigestData(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmData DataBufs[],
uint32 DataBufCount,
CssmData &Digest);
void DigestDataInit(CSSM_CC_HANDLE CCHandle,
const Context &Context);
void DigestDataUpdate(CSSM_CC_HANDLE CCHandle,
const CssmData DataBufs[],
uint32 DataBufCount);
void DigestDataFinal(CSSM_CC_HANDLE CCHandle,
CssmData &Digest);
void DigestDataClone(CSSM_CC_HANDLE CCHandle,
CSSM_CC_HANDLE ClonedCCHandle);
void GenerateKey(CSSM_CC_HANDLE CCHandle,
const Context &Context,
uint32 KeyUsage,
uint32 KeyAttr,
const CssmData *KeyLabel,
const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
CssmKey &Key,
CSSM_PRIVILEGE Privilege);
void GenerateKeyPair(CSSM_CC_HANDLE CCHandle,
const Context &Context,
uint32 PublicKeyUsage,
uint32 PublicKeyAttr,
const CssmData *PublicKeyLabel,
CssmKey &PublicKey,
uint32 PrivateKeyUsage,
uint32 PrivateKeyAttr,
const CssmData *PrivateKeyLabel,
const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
CssmKey &PrivateKey,
CSSM_PRIVILEGE Privilege);
void ObtainPrivateKeyFromPublicKey(const CssmKey &PublicKey,
CssmKey &PrivateKey);
void QueryKeySizeInBits(CSSM_CC_HANDLE CCHandle,
const Context *Context,
const CssmKey *Key,
CSSM_KEY_SIZE &KeySize);
void FreeKey(const AccessCredentials *AccessCred,
CssmKey &KeyPtr,
CSSM_BOOL Delete);
void GenerateRandom(CSSM_CC_HANDLE CCHandle,
const Context &Context,
CssmData &RandomNumber);
void GenerateAlgorithmParams(CSSM_CC_HANDLE CCHandle,
const Context &Context,
uint32 ParamBits,
CssmData &Param,
uint32 &NumberOfUpdatedAttibutes,
CSSM_CONTEXT_ATTRIBUTE_PTR &UpdatedAttributes);
void Login(const AccessCredentials &AccessCred,
const CssmData *LoginName,
const void *Reserved);
void Logout();
void VerifyDevice(const CssmData &DeviceCert);
void GetOperationalStatistics(CSPOperationalStatistics &Statistics);
void RetrieveCounter(CssmData &Counter);
void RetrieveUniqueId(CssmData &UniqueID);
void GetTimeValue(CSSM_ALGORITHMS TimeAlgorithm, CssmData &TimeData);
void GetKeyOwner(const CssmKey &Key,
CSSM_ACL_OWNER_PROTOTYPE &Owner);
void ChangeKeyOwner(const AccessCredentials &AccessCred,
const CssmKey &Key,
const CSSM_ACL_OWNER_PROTOTYPE &NewOwner);
void GetKeyAcl(const CssmKey &Key,
const CSSM_STRING *SelectionTag,
uint32 &NumberOfAclInfos,
CSSM_ACL_ENTRY_INFO_PTR &AclInfos);
void ChangeKeyAcl(const AccessCredentials &AccessCred,
const CSSM_ACL_EDIT &AclEdit,
const CssmKey &Key);
void GetLoginOwner(CSSM_ACL_OWNER_PROTOTYPE &Owner);
void ChangeLoginOwner(const AccessCredentials &AccessCred,
const CSSM_ACL_OWNER_PROTOTYPE &NewOwner);
void GetLoginAcl(const CSSM_STRING *SelectionTag,
uint32 &NumberOfAclInfos,
CSSM_ACL_ENTRY_INFO_PTR &AclInfos);
void ChangeLoginAcl(const AccessCredentials &AccessCred,
const CSSM_ACL_EDIT &AclEdit);
void PassThrough(CSSM_CC_HANDLE CCHandle,
const Context &Context,
uint32 PassThroughId,
const void *InData,
void **OutData);
};
class KeyPool;
class ReferencedKey
{
friend class KeyPool; public:
typedef CSSM_INTPTR KeyReference;
ReferencedKey(KeyPool &session); virtual ~ReferencedKey();
KeyReference keyReference();
bool isActive() { return mKeyPool != NULL; }
template <class SubPool>
SubPool &keyPool() { assert(mKeyPool); return safer_cast<SubPool &>(*mKeyPool); }
public:
static void makeReferenceKey(Allocator &allocator, KeyReference keyReference, CSSM_KEY &ioKey);
static KeyReference keyReference(const CSSM_KEY &key);
static KeyReference freeReferenceKey(Allocator &allocator, CSSM_KEY &ioKey);
private:
void deactivate() { mKeyPool = NULL; }
KeyPool *mKeyPool;
};
class KeyPool
{
public:
friend class ReferencedKey; public:
KeyPool();
virtual ~KeyPool();
template <class Subclass>
Subclass &find(const CSSM_KEY &key) const;
void freeKey(Allocator &allocator, CSSM_KEY &key);
protected:
void add(ReferencedKey &referencedKey);
ReferencedKey &findKey(const CSSM_KEY &key) const;
ReferencedKey &findKeyReference(ReferencedKey::KeyReference keyReference) const;
void erase(ReferencedKey &referencedKey);
ReferencedKey &erase(ReferencedKey::KeyReference keyReference);
protected:
typedef map<ReferencedKey::KeyReference, ReferencedKey *> KeyMap;
KeyMap mKeyMap;
mutable Mutex mKeyMapLock;
};
template <class Subclass>
Subclass &
KeyPool::find(const CSSM_KEY &key) const
{
Subclass *sub;
if (!(sub = dynamic_cast<Subclass *>(&findKey(key))))
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE);
return *sub;
}
}
#endif //_H_CSPSESSION