OSStatus SecKeyImportPair( SecKeychainRef keychainRef, const CSSM_KEY *publicCssmKey, const CSSM_KEY *privateCssmKey, SecAccessRef initialAccess, SecKeyRef* publicKey, SecKeyRef* privateKey) { BEGIN_SECAPI Keychain keychain = Keychain::optional(keychainRef); SecPointer<Access> theAccess(initialAccess ? Access::required(initialAccess) : new Access("<key>")); SecPointer<KeyItem> pubItem, privItem; KeyItem::importPair(keychain, Required(publicCssmKey), Required(privateCssmKey), theAccess, pubItem, privItem); // Return the generated keys. if (publicKey) *publicKey = pubItem->handle(); if (privateKey) *privateKey = privItem->handle(); END_SECAPI }
/*! */ OSStatus SecACLCopySimpleContents(SecACLRef aclRef, CFArrayRef *applicationList, CFStringRef *promptDescription, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector) { BEGIN_SECAPI SecPointer<ACL> acl = ACL::required(aclRef); switch (acl->form()) { case ACL::allowAllForm: Required(applicationList) = NULL; Required(promptDescription) = acl->promptDescription().empty() ? NULL : makeCFString(acl->promptDescription()); Required(promptSelector) = acl->promptSelector(); break; case ACL::appListForm: Required(applicationList) = makeCFArrayFrom(convert, acl->applications()); Required(promptDescription) = makeCFString(acl->promptDescription()); Required(promptSelector) = acl->promptSelector(); break; case ACL::integrityForm: Required(applicationList) = NULL; Required(promptDescription) = makeCFString(acl->integrity().toHex()); // We don't have a prompt selector. Nullify. Required(promptSelector).version = CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION; Required(promptSelector).flags = 0; break; default: return errSecACLNotSimple; // custom or unknown } END_SECAPI }
static OSStatus _SecIdentityCopyPreferenceMatchingName( CFStringRef name, CSSM_KEYUSE keyUsage, CFArrayRef validIssuers, SecIdentityRef *identity) { // this is NOT exported, and called only from SecIdentityCopyPreference (below), so no BEGIN/END macros here; // caller must handle exceptions StorageManager::KeychainList keychains; globals().storageManager.getSearchList(keychains); KCCursor cursor(keychains, kSecGenericPasswordItemClass, NULL); char idUTF8[MAXPATHLEN]; Required(name); if (!CFStringGetCString(name, idUTF8, sizeof(idUTF8)-1, kCFStringEncodingUTF8)) idUTF8[0] = (char)'\0'; CssmData service(const_cast<char *>(idUTF8), strlen(idUTF8)); FourCharCode itemType = 'iprf'; cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecServiceItemAttr), service); cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecTypeItemAttr), itemType); if (keyUsage) cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecScriptCodeItemAttr), (sint32)keyUsage); Item prefItem; if (!cursor->next(prefItem)) return errSecItemNotFound; // get persistent certificate reference SecKeychainAttribute itemAttrs[] = { { kSecGenericItemAttr, 0, NULL } }; SecKeychainAttributeList itemAttrList = { sizeof(itemAttrs) / sizeof(itemAttrs[0]), itemAttrs }; prefItem->getContent(NULL, &itemAttrList, NULL, NULL); // find certificate, given persistent reference data CFDataRef pItemRef = CFDataCreateWithBytesNoCopy(NULL, (const UInt8 *)itemAttrs[0].data, itemAttrs[0].length, kCFAllocatorNull); SecKeychainItemRef certItemRef = nil; OSStatus status = SecKeychainItemCopyFromPersistentReference(pItemRef, &certItemRef); //%%% need to make this a method of ItemImpl prefItem->freeContent(&itemAttrList, NULL); if (pItemRef) CFRelease(pItemRef); if (status) return status; // filter on valid issuers, if provided if (validIssuers) { //%%%TBI } // create identity reference, given certificate Item certItem = ItemImpl::required(SecKeychainItemRef(certItemRef)); SecPointer<Certificate> certificate(static_cast<Certificate *>(certItem.get())); SecPointer<Identity> identity_ptr(new Identity(keychains, certificate)); if (certItemRef) CFRelease(certItemRef); Required(identity) = identity_ptr->handle(); return status; }
/*! */ OSStatus SecAccessGetOwnerAndACL(SecAccessRef accessRef, CSSM_ACL_OWNER_PROTOTYPE_PTR *owner, uint32 *aclCount, CSSM_ACL_ENTRY_INFO_PTR *acls) { BEGIN_SECAPI Access::required(accessRef)->copyOwnerAndAcl( Required(owner), Required(aclCount), Required(acls)); END_SECAPI }
/*! */ OSStatus SecAccessCreateFromOwnerAndACL(const CSSM_ACL_OWNER_PROTOTYPE *owner, uint32 aclCount, const CSSM_ACL_ENTRY_INFO *acls, SecAccessRef *accessRef) { BEGIN_SECAPI Required(accessRef); // preflight SecPointer<Access> access = new Access(Required(owner), aclCount, &Required(acls)); *accessRef = access->handle(); END_SECAPI }
int DBObjTableField::Read(FILE *file, int swap) { if (DBObject::Read(file, swap) != DBSuccess) return (DBFault); if (fread((char *) this + sizeof(DBObject), sizeof(DBObjTableField) - sizeof(DBObject), 1, file) != 1) { CMmsgPrint(CMmsgSysError, "File Reading Error in: %s %d", __FILE__, __LINE__); return (DBFault); } if (swap) Swap(); if ((strcmp(Name(), "Drain") == 0) && Required()) Required(false); return (DBSuccess); }
/* Generate a private/public keypair. */ OSStatus SecKeyGeneratePair( CFDictionaryRef parameters, SecKeyRef *publicKey, SecKeyRef *privateKey) { BEGIN_SECAPI Required(parameters); Required(publicKey); Required(privateKey); CSSM_ALGORITHMS algorithms; uint32 keySizeInBits; CSSM_KEYUSE publicKeyUse; uint32 publicKeyAttr; CFTypeRef publicKeyLabelRef; CFDataRef publicKeyAttributeTagRef; CSSM_KEYUSE privateKeyUse; uint32 privateKeyAttr; CFTypeRef privateKeyLabelRef; CFDataRef privateKeyAttributeTagRef; SecAccessRef initialAccess; SecKeychainRef keychain; OSStatus result = MakeKeyGenParametersFromDictionary(parameters, algorithms, keySizeInBits, publicKeyUse, publicKeyAttr, publicKeyLabelRef, publicKeyAttributeTagRef, privateKeyUse, privateKeyAttr, privateKeyLabelRef, privateKeyAttributeTagRef, initialAccess); if (result != noErr) { return result; } // verify keychain parameter keychain = NULL; if (!CFDictionaryGetValueIfPresent(parameters, kSecUseKeychain, (const void **)&keychain)) keychain = NULL; else if (SecKeychainGetTypeID() != CFGetTypeID(keychain)) keychain = NULL; // do the key generation result = SecKeyCreatePair(keychain, algorithms, keySizeInBits, 0, publicKeyUse, publicKeyAttr, privateKeyUse, privateKeyAttr, initialAccess, publicKey, privateKey); if (result != noErr) { return result; } // set the label and print attributes on the keys SetKeyLabelAndTag(*publicKey, publicKeyLabelRef, publicKeyAttributeTagRef); SetKeyLabelAndTag(*privateKey, privateKeyLabelRef, privateKeyAttributeTagRef); return result; END_SECAPI }
int SecFDERecoveryWrapCRSKWithPubKey(const uint8_t *crsk, size_t crskLen, SecCertificateRef certificateRef, FVPrivateKeyHeader *outHeader) { BEGIN_SECAPI CssmData inBlob((unsigned char *)crsk, (size_t)crskLen); Required(certificateRef); CFRef<CFDataRef> certificateData(SecCertificateCopyData(certificateRef)); encodePrivateKeyHeader(inBlob, certificateData, Required(outHeader)); END_SECAPI }
// // Sec API bridge functions // OSStatus SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID* oid) { BEGIN_SECAPI Required(oid) = Policy::required(policyRef)->oid(); END_SECAPI }
/* new in 10.6 */ OSStatus SecKeyRawVerify( SecKeyRef key, SecPadding padding, const uint8_t *signedData, size_t signedDataLen, const uint8_t *sig, size_t sigLen) { BEGIN_SECAPI Required(key); SecPointer<KeyItem> keyItem(KeyItem::required(key)); CSSM_DATA dataInput; dataInput.Data = (uint8_t*) signedData; dataInput.Length = signedDataLen; CSSM_DATA signature; signature.Data = (uint8_t*) sig; signature.Length = sigLen; const AccessCredentials* credentials = keyItem->getCredentials(CSSM_ACL_AUTHORIZATION_ANY, kSecCredentialTypeDefault); keyItem->RawVerify(padding, dataInput, credentials, signature); END_SECAPI }
OSStatus SecCertificateRequestCreate( const CSSM_OID *policy, CSSM_CERT_TYPE certificateType, CSSM_TP_AUTHORITY_REQUEST_TYPE requestType, SecKeyRef privateKeyItemRef, SecKeyRef publicKeyItemRef, const SecCertificateRequestAttributeList* attributeList, SecCertificateRequestRef* certRequest) { BEGIN_SECAPI Required(certRequest); Required(policy); *certRequest = (new CertificateRequest(*policy, certificateType, requestType, privateKeyItemRef, publicKeyItemRef, attributeList))->handle(); END_SECAPI }
/* new in 10.6 */ OSStatus SecKeyRawSign( SecKeyRef key, SecPadding padding, const uint8_t *dataToSign, size_t dataToSignLen, uint8_t *sig, size_t *sigLen) { BEGIN_SECAPI Required(key); SecPointer<KeyItem> keyItem(KeyItem::required(key)); CSSM_DATA dataInput; dataInput.Data = (uint8_t*) dataToSign; dataInput.Length = dataToSignLen; CSSM_DATA output; output.Data = sig; output.Length = *sigLen; const AccessCredentials* credentials = keyItem->getCredentials(CSSM_ACL_AUTHORIZATION_SIGN, kSecCredentialTypeDefault); keyItem->RawSign(padding, dataInput, credentials, output); *sigLen = output.Length; END_SECAPI }
CSSM_RETURN CSSMAPI CSSM_CSP_CreateKeyGenContext (CSSM_CSP_HANDLE CSPHandle, CSSM_ALGORITHMS AlgorithmID, uint32 KeySizeInBits, const CSSM_CRYPTO_DATA *Seed, const CSSM_DATA *Salt, const CSSM_DATE *StartDate, const CSSM_DATE *EndDate, const CSSM_DATA *Params, CSSM_CC_HANDLE *NewContextHandle) { BEGIN_API HandleContext::Maker maker(CSPHandle); maker.setup(KeySizeInBits, CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH); maker.setup(Seed); maker.setup(Salt); maker.setup(StartDate); maker.setup(EndDate); maker.setup(Params); maker.make(); maker.put(CSSM_ATTRIBUTE_KEY_LENGTH, KeySizeInBits); maker.put(CSSM_ATTRIBUTE_SEED, Seed); maker.put(CSSM_ATTRIBUTE_SALT, Salt); maker.put(CSSM_ATTRIBUTE_START_DATE, StartDate); maker.put(CSSM_ATTRIBUTE_END_DATE, EndDate); maker.put(CSSM_ATTRIBUTE_ALG_PARAMS, Params); Required(NewContextHandle) = maker(CSSM_ALGCLASS_KEYGEN, AlgorithmID); END_API(CSSM) }
OSStatus SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA* value) { BEGIN_SECAPI Required(value) = Policy::required(policyRef)->value(); END_SECAPI }
bool HTMLTextAreaElement::IsValueMissing() const { if (!Required() || !IsMutable()) { return false; } return IsValueEmpty(); }
ISymbol::ISymbol() { Parsed()=0; Visited()=0; Type()=(SymbolType) -1; ListType()=unknown_; Dimension()=0; SimpleType()=true; Required()=false; Abstract()=false; Compositor()=0; DerivedType() = XercesAdditions::DERIVATION_NONE; XercesType() = XercesAdditions::NO_DECLARATION; Global()=false; SqlCount()=0; SubstitutionGroupAffiliation().clear(); symbols.push_back(this); Variable()=NULL; SimpleContent()=false; List()=false; Atomic()=false; Level()=0; ListSize()=0; intrusive_ptr_add_ref((IExpress *) symbols.back().get()); }
OSStatus SecPolicyGetTPHandle(SecPolicyRef policyRef, CSSM_TP_HANDLE* tpHandle) { BEGIN_SECAPI Required(tpHandle) = Policy::required(policyRef)->tp()->handle(); END_SECAPI }
CSSM_RETURN CSSMAPI CSSM_CSP_CreateDeriveKeyContext (CSSM_CSP_HANDLE CSPHandle, CSSM_ALGORITHMS AlgorithmID, CSSM_KEY_TYPE DeriveKeyType, uint32 DeriveKeyLengthInBits, const CSSM_ACCESS_CREDENTIALS *AccessCred, const CSSM_KEY *BaseKey, uint32 IterationCount, const CSSM_DATA *Salt, const CSSM_CRYPTO_DATA *Seed, CSSM_CC_HANDLE *NewContextHandle) { BEGIN_API HandleContext::Maker maker(CSPHandle); maker.setup(DeriveKeyType, CSSMERR_CSP_INVALID_ATTR_KEY_TYPE); maker.setup(DeriveKeyLengthInBits, CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH); maker.setup(AccessCred); maker.setup(BaseKey); maker.setup(IterationCount); maker.setup(Salt); maker.setup(Seed); maker.make(); maker.put(CSSM_ATTRIBUTE_KEY_TYPE, DeriveKeyType); maker.put(CSSM_ATTRIBUTE_KEY_LENGTH, DeriveKeyLengthInBits); maker.put(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS, AccessCred); maker.put(CSSM_ATTRIBUTE_KEY, BaseKey); maker.put(CSSM_ATTRIBUTE_ITERATION_COUNT, IterationCount); maker.put(CSSM_ATTRIBUTE_SALT, Salt); maker.put(CSSM_ATTRIBUTE_SEED, Seed); Required(NewContextHandle) = maker(CSSM_ALGCLASS_DERIVEKEY, AlgorithmID); END_API(CSSM) }
/*! */ OSStatus SecAccessCopyACLList(SecAccessRef accessRef, CFArrayRef *aclList) { BEGIN_SECAPI Required(aclList) = Access::required(accessRef)->copySecACLs(); END_SECAPI }
CSSM_RETURN Attachment::upcallCcToHandle(CSSM_CC_HANDLE handle, CSSM_MODULE_HANDLE *modHandle) { BEGIN_API #warning Cast from CSSM_CC_HANDLE to CSSM_HANDLE Required(modHandle) = HandleObject::find<HandleContext>((CSSM_HANDLE)handle, CSSMERR_CSSM_INVALID_ADDIN_HANDLE).attachment.handle(); END_API(CSP) }
OSStatus SecPolicyCopy(CSSM_CERT_TYPE certificateType, const CSSM_OID *policyOID, SecPolicyRef* policy) { Required(policy); Required(policyOID); SecPolicySearchRef srchRef = NULL; OSStatus ortn; ortn = SecPolicySearchCreate(certificateType, policyOID, NULL, &srchRef); if(ortn) { return ortn; } ortn = SecPolicySearchCopyNext(srchRef, policy); CFRelease(srchRef); return ortn; }
/*! */ OSStatus SecAccessCopySelectedACLList(SecAccessRef accessRef, CSSM_ACL_AUTHORIZATION_TAG action, CFArrayRef *aclList) { BEGIN_SECAPI Required(aclList) = Access::required(accessRef)->copySecACLs(action); END_SECAPI }
OSStatus SessionGetDistinguishedUser(SecuritySessionId session, uid_t *user) { BEGIN_API CommonCriteria::AuditInfo session; session.get(); Required(user) = session.uid(); END_API(CSSM) }
OSStatus SecPolicySetValue(SecPolicyRef policyRef, const CSSM_DATA *value) { BEGIN_SECAPI Required(value); const CssmData newValue(value->Data, value->Length); Policy::required(policyRef)->setValue(newValue); END_SECAPI }
/*! * Create a new SecAccessRef that is set to the default configuration * of a (newly created) security object. */ OSStatus SecAccessCreate(CFStringRef descriptor, CFArrayRef trustedList, SecAccessRef *accessRef) { BEGIN_SECAPI Required(descriptor); SecPointer<Access> access; if (trustedList) { CFIndex length = CFArrayGetCount(trustedList); ACL::ApplicationList trusted; for (CFIndex n = 0; n < length; n++) trusted.push_back(TrustedApplication::required( SecTrustedApplicationRef(CFArrayGetValueAtIndex(trustedList, n)))); access = new Access(cfString(descriptor), trusted); } else { access = new Access(cfString(descriptor)); } Required(accessRef) = access->handle(); END_SECAPI }
OSStatus SecKeyGetCSSMKey(SecKeyRef key, const CSSM_KEY **cssmKey) { BEGIN_SECAPI Required(cssmKey) = KeyItem::required(key)->key(); END_SECAPI }
OSStatus SecKeychainItemGetUniqueRecordID(SecKeychainItemRef itemRef, const CSSM_DB_UNIQUE_RECORD **uniqueRecordID) { BEGIN_SECKCITEMAPI Required(uniqueRecordID) = ItemImpl::required(__itemImplRef)->dbUniqueRecord(); END_SECKCITEMAPI }
OSStatus SecKeyGetStrengthInBits(SecKeyRef keyRef, const CSSM_X509_ALGORITHM_IDENTIFIER *algid, unsigned int *strength) { BEGIN_SECAPI SecPointer<KeyItem> keyItem(KeyItem::required(keyRef)); Required(strength) = keyItem->strengthInBits(algid); END_SECAPI }
OSStatus SecKeyGetAlgorithmID(SecKeyRef keyRef, const CSSM_X509_ALGORITHM_IDENTIFIER **algid) { BEGIN_SECAPI SecPointer<KeyItem> keyItem(KeyItem::required(keyRef)); Required(algid) = &keyItem->algorithmIdentifier(); END_SECAPI }
// // The GetContextAttribute API is fatally flawed. The standard implies a deep // copy of the attribute value, but no release function exists. Instead, we // return a shallow copy (sharing structure) which you need not release, but // which becomes invalid when the source Context is destroyed. // CSSM_RETURN CSSMAPI CSSM_GetContextAttribute (const CSSM_CONTEXT *Context, uint32 AttributeType, CSSM_CONTEXT_ATTRIBUTE_PTR *ContextAttribute) { BEGIN_API CSSM_ATTRIBUTE_TYPE type = CSSM_ATTRIBUTE_TYPE(AttributeType); // CDSA defect Required(ContextAttribute) = Context::required(Context).find(type); END_API(CSSM) }