#ifndef _APPLE_CSP_SESSION_H_
#define _APPLE_CSP_SESSION_H_
#include <security_cdsa_plugin/cssmplugin.h>
#include <security_cdsa_plugin/pluginsession.h>
#include <security_cdsa_plugin/CSPsession.h>
#include <security_utilities/threading.h>
#include "BinaryKey.h"
#include "AppleCSPUtils.h"
class CSPKeyInfoProvider;
class AppleCSPPlugin;
#ifdef BSAFE_CSP_ENABLE
class BSafeFactory;
#endif
#ifdef CRYPTKIT_CSP_ENABLE
class CryptKitFactory;
#endif
class MiscAlgFactory;
#ifdef ASC_CSP_ENABLE
class AscAlgFactory;
#endif
class RSA_DSA_Factory;
class DH_Factory;
class AppleCSPSession : public CSPFullPluginSession {
public:
AppleCSPSession(
CSSM_MODULE_HANDLE handle,
AppleCSPPlugin &plug,
const CSSM_VERSION &Version,
uint32 SubserviceID,
CSSM_SERVICE_TYPE SubServiceType,
CSSM_ATTACH_FLAGS AttachFlags,
const CSSM_UPCALLS &upcalls);
~AppleCSPSession();
CSPContext *contextCreate(
CSSM_CC_HANDLE handle,
const Context &context);
void setupContext(
CSPContext * &cspCtx,
const Context &context,
bool encoding);
void FreeKey(const AccessCredentials *AccessCred,
CssmKey &KeyPtr,
CSSM_BOOL Delete);
void UnwrapKey(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmKey *PublicKey,
const CssmKey &WrappedKey,
uint32 KeyUsage,
uint32 KeyAttr,
const CssmData *KeyLabel,
const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
CssmKey &UnwrappedKey,
CssmData &DescriptiveData,
CSSM_PRIVILEGE Privilege);
void WrapKey(CSSM_CC_HANDLE CCHandle,
const Context &Context,
const AccessCredentials &AccessCred,
const CssmKey &Key,
const CssmData *DescriptiveData,
CssmKey &WrappedKey,
CSSM_PRIVILEGE Privilege);
void DeriveKey(CSSM_CC_HANDLE CCHandle,
const Context &Context,
CssmData &Param,
uint32 KeyUsage,
uint32 KeyAttr,
const CssmData *KeyLabel,
const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
CssmKey &DerivedKey);
void PassThrough(CSSM_CC_HANDLE CCHandle,
const Context &Context,
uint32 PassThroughId,
const void *InData,
void **OutData);
void getKeySize(const CssmKey &key,
CSSM_KEY_SIZE &size);
void addRefKey(
BinaryKey &binKey,
CssmKey &cssmKey);
BinaryKey &lookupRefKey(
const CssmKey &cssmKey);
void getRandomBytes(size_t length, uint8 *cp);
void addEntropy(size_t length, const uint8 *cp);
Allocator &normAlloc() { return normAllocator; }
Allocator &privAlloc() { return privAllocator; }
#ifdef BSAFE_CSP_ENABLE
BSafeFactory &bSafe4Factory;
#endif
#ifdef CRYPTKIT_CSP_ENABLE
CryptKitFactory &cryptKitFactory;
#endif
MiscAlgFactory &miscAlgFactory;
#ifdef ASC_CSP_ENABLE
AscAlgFactory &ascAlgFactory;
#endif
RSA_DSA_Factory &rsaDsaAlgFactory;
DH_Factory &dhAlgFactory;
private:
typedef std::map<KeyRef, const BinaryKey *> keyMap;
keyMap refKeyMap;
Mutex refKeyMapLock;
Allocator &normAllocator;
Allocator &privAllocator;
BinaryKey *lookupKeyRef(KeyRef keyRef);
void DeriveKey_PBKDF2(
const Context &Context,
const CssmData &Param,
CSSM_DATA *keyData);
void DeriveKey_PKCS5_V1_5(
const Context &context,
CSSM_ALGORITHMS algId,
const CssmData &Param,
CSSM_DATA *keyData);
void DeriveKey_OpenSSH1(
const Context &context,
CSSM_ALGORITHMS algId,
const CssmData &Param,
CSSM_DATA *keyData);
void WrapKeyCms(
CSSM_CC_HANDLE CCHandle,
const Context &Context,
const AccessCredentials &AccessCred,
const CssmKey &UnwrappedKey,
CssmData &rawBlob,
bool allocdRawBlob, const CssmData *DescriptiveData,
CssmKey &WrappedKey,
CSSM_PRIVILEGE Privilege);
void UnwrapKeyCms(
CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmKey &WrappedKey,
const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
CssmKey &UnwrappedKey,
CssmData &DescriptiveData,
CSSM_PRIVILEGE Privilege,
cspKeyStorage keyStorage);
void WrapKeyOpenSSH1(
CSSM_CC_HANDLE CCHandle,
const Context &Context,
const AccessCredentials &AccessCred,
BinaryKey &unwrappedBinKey,
CssmData &rawBlob,
bool allocdRawBlob, const CssmData *DescriptiveData,
CssmKey &WrappedKey,
CSSM_PRIVILEGE Privilege);
void UnwrapKeyOpenSSH1(
CSSM_CC_HANDLE CCHandle,
const Context &Context,
const CssmKey &WrappedKey,
const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
CssmKey &UnwrappedKey,
CssmData &DescriptiveData,
CSSM_PRIVILEGE Privilege,
cspKeyStorage keyStorage);
bool setup(
CSPFullPluginSession::CSPContext * &cspCtx,
const Context &context);
CSPKeyInfoProvider *infoProvider(
const CssmKey &key);
void pkcs8InferKeyHeader(
CssmKey &key);
void opensslInferKeyHeader(
CssmKey &key);
};
#endif //_APPLE_CSP_SESSION_H_