/*! */ OSStatus SecACLCopySimpleContents(SecACLRef aclRef, CFArrayRef *applicationList, CFStringRef *promptDescription, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector) { BEGIN_SECAPI SecPointer<ACL> acl = ACL::required(aclRef); switch (acl->form()) { case ACL::allowAllForm: Required(applicationList) = NULL; Required(promptDescription) = acl->promptDescription().empty() ? NULL : makeCFString(acl->promptDescription()); Required(promptSelector) = acl->promptSelector(); break; case ACL::appListForm: Required(applicationList) = makeCFArrayFrom(convert, acl->applications()); Required(promptDescription) = makeCFString(acl->promptDescription()); Required(promptSelector) = acl->promptSelector(); break; case ACL::integrityForm: Required(applicationList) = NULL; Required(promptDescription) = makeCFString(acl->integrity().toHex()); // We don't have a prompt selector. Nullify. Required(promptSelector).version = CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION; Required(promptSelector).flags = 0; break; default: return errSecACLNotSimple; // custom or unknown } END_SECAPI }
OSStatus SecACLSetSimpleContents(SecACLRef aclRef, CFArrayRef applicationList, CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector) { BEGIN_SECAPI SecPointer<ACL> acl = ACL::required(aclRef); if(acl->form() == ACL::integrityForm) { // If this is an integrity ACL, route the (unhexified) promptDescription into the right place string hex = cfString(description); if(hex.length() %2 == 0) { // might be a valid hex string, try to set CssmAutoData data(Allocator::standard()); data.malloc(hex.length() / 2); data.get().fromHex(hex.c_str()); acl->setIntegrity(data); } } else { // Otherwise, put it in the promptDescription where it belongs acl->promptDescription() = description ? cfString(description) : ""; } acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector; if(acl->form() != ACL::integrityForm) { if (applicationList) { // application-list + prompt acl->form(ACL::appListForm); setApplications(acl, applicationList); } else { // allow-any acl->form(ACL::allowAllForm); } } acl->modify(); END_SECAPI }
void KeyItem::importPair( Keychain keychain, const CSSM_KEY &publicWrappedKey, const CSSM_KEY &privateWrappedKey, SecPointer<Access> initialAccess, SecPointer<KeyItem> &outPublicKey, SecPointer<KeyItem> &outPrivateKey) { bool freePublicKey = false; bool freePrivateKey = false; bool deleteContext = false; if (!(keychain->database()->dl()->subserviceMask() & CSSM_SERVICE_CSP)) MacOSError::throwMe(errSecInvalidKeychain); SSDbImpl* impl = dynamic_cast<SSDbImpl *>(&(*keychain->database())); if (impl == NULL) { CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER); } SSDb ssDb(impl); CssmClient::CSP csp(keychain->csp()); CssmClient::CSP appleCsp(gGuidAppleCSP); // Create a Access::Maker for the initial owner of the private key. ResourceControlContext rcc; memset(&rcc, 0, sizeof(rcc)); Access::Maker maker(Allocator::standard(), Access::Maker::kAnyMakerType); // @@@ Potentially provide a credential argument which allows us to unwrap keys in the csp. // Currently the CSP lets anyone do this, but we might restrict this in the future, e.g. // a smartcard could require out of band pin entry before a key can be generated. maker.initialOwner(rcc); // Create the cred we need to manipulate the keys until we actually set a new access control for them. const AccessCredentials *cred = maker.cred(); CSSM_KEY publicCssmKey, privateCssmKey; memset(&publicCssmKey, 0, sizeof(publicCssmKey)); memset(&privateCssmKey, 0, sizeof(privateCssmKey)); CSSM_CC_HANDLE ccHandle = 0; Item publicKeyItem, privateKeyItem; try { CSSM_RETURN status; // Calculate the hash of the public key using the appleCSP. CssmClient::PassThrough passThrough(appleCsp); void *outData; CssmData *cssmData; /* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the * associated key blob. * Key is specified in CSSM_CSP_CreatePassThroughContext. * Hash is allocated bythe CSP, in the App's memory, and returned * in *outData. */ passThrough.key(&publicWrappedKey); passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData); cssmData = reinterpret_cast<CssmData *>(outData); CssmData &pubKeyHash = *cssmData; status = CSSM_CSP_CreateSymmetricContext(csp->handle(), publicWrappedKey.KeyHeader.WrapAlgorithmId, CSSM_ALGMODE_NONE, NULL, NULL, NULL, CSSM_PADDING_NONE, NULL, &ccHandle); if (status) CssmError::throwMe(status); deleteContext = true; CSSM_DL_DB_HANDLE dldbHandle = ssDb->handle(); CSSM_DL_DB_HANDLE_PTR dldbHandlePtr = &dldbHandle; CSSM_CONTEXT_ATTRIBUTE contextAttributes = { CSSM_ATTRIBUTE_DL_DB_HANDLE, sizeof(dldbHandle), { (char *)dldbHandlePtr } }; status = CSSM_UpdateContextAttributes(ccHandle, 1, &contextAttributes); if (status) CssmError::throwMe(status); // Unwrap the the keys CSSM_DATA descriptiveData = {0, NULL}; status = CSSM_UnwrapKey( ccHandle, NULL, &publicWrappedKey, publicWrappedKey.KeyHeader.KeyUsage, publicWrappedKey.KeyHeader.KeyAttr | CSSM_KEYATTR_PERMANENT, &pubKeyHash, &rcc, &publicCssmKey, &descriptiveData); if (status) CssmError::throwMe(status); freePublicKey = true; if (descriptiveData.Data != NULL) free (descriptiveData.Data); status = CSSM_UnwrapKey( ccHandle, NULL, &privateWrappedKey, privateWrappedKey.KeyHeader.KeyUsage, privateWrappedKey.KeyHeader.KeyAttr | CSSM_KEYATTR_PERMANENT, &pubKeyHash, &rcc, &privateCssmKey, &descriptiveData); if (status) CssmError::throwMe(status); if (descriptiveData.Data != NULL) free (descriptiveData.Data); freePrivateKey = true; // Find the keys we just generated in the DL to get SecKeyRefs to them // so we can change the label to be the hash of the public key, and // fix up other attributes. // Look up public key in the DLDB. DbAttributes pubDbAttributes; DbUniqueRecord pubUniqueId; SSDbCursor dbPubCursor(ssDb, 1); dbPubCursor->recordType(CSSM_DL_DB_RECORD_PUBLIC_KEY); dbPubCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, pubKeyHash); CssmClient::Key publicKey; if (!dbPubCursor->nextKey(&pubDbAttributes, publicKey, pubUniqueId)) MacOSError::throwMe(errSecItemNotFound); // Look up private key in the DLDB. DbAttributes privDbAttributes; DbUniqueRecord privUniqueId; SSDbCursor dbPrivCursor(ssDb, 1); dbPrivCursor->recordType(CSSM_DL_DB_RECORD_PRIVATE_KEY); dbPrivCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, pubKeyHash); CssmClient::Key privateKey; if (!dbPrivCursor->nextKey(&privDbAttributes, privateKey, privUniqueId)) MacOSError::throwMe(errSecItemNotFound); // @@@ Not exception safe! csp.allocator().free(cssmData->Data); csp.allocator().free(cssmData); auto_ptr<string>privDescription; auto_ptr<string>pubDescription; try { privDescription.reset(new string(initialAccess->promptDescription())); pubDescription.reset(new string(initialAccess->promptDescription())); } catch(...) { /* this path taken if no promptDescription available, e.g., for complex ACLs */ privDescription.reset(new string("Private key")); pubDescription.reset(new string("Public key")); } // Set the label of the public key to the public key hash. // Set the PrintName of the public key to the description in the acl. pubDbAttributes.add(kInfoKeyPrintName, *pubDescription); pubUniqueId->modify(CSSM_DL_DB_RECORD_PUBLIC_KEY, &pubDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); // Set the label of the private key to the public key hash. // Set the PrintName of the private key to the description in the acl. privDbAttributes.add(kInfoKeyPrintName, *privDescription); privUniqueId->modify(CSSM_DL_DB_RECORD_PRIVATE_KEY, &privDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); // Finally fix the acl and owner of the private key to the specified access control settings. initialAccess->setAccess(*privateKey, maker); // Make the public key acl completely open SecPointer<Access> pubKeyAccess(new Access()); pubKeyAccess->setAccess(*publicKey, maker); // Create keychain items which will represent the keys. publicKeyItem = keychain->item(CSSM_DL_DB_RECORD_PUBLIC_KEY, pubUniqueId); privateKeyItem = keychain->item(CSSM_DL_DB_RECORD_PRIVATE_KEY, privUniqueId); KeyItem* impl = dynamic_cast<KeyItem*>(&(*publicKeyItem)); if (impl == NULL) { CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER); } outPublicKey = impl; impl = dynamic_cast<KeyItem*>(&(*privateKeyItem)); if (impl == NULL) { CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER); } outPrivateKey = impl; } catch (...) { if (freePublicKey) CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, TRUE); if (freePrivateKey) CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, TRUE); if (deleteContext) CSSM_DeleteContext(ccHandle); throw; } if (freePublicKey) CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, FALSE); if (freePrivateKey) CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, FALSE); if (deleteContext) CSSM_DeleteContext(ccHandle); if (keychain && publicKeyItem && privateKeyItem) { KCEventNotifier::PostKeychainEvent(kSecAddEvent, keychain, publicKeyItem); KCEventNotifier::PostKeychainEvent(kSecAddEvent, keychain, privateKeyItem); } }
void KeyItem::createPair( Keychain keychain, CSSM_ALGORITHMS algorithm, uint32 keySizeInBits, CSSM_CC_HANDLE contextHandle, CSSM_KEYUSE publicKeyUsage, uint32 publicKeyAttr, CSSM_KEYUSE privateKeyUsage, uint32 privateKeyAttr, SecPointer<Access> initialAccess, SecPointer<KeyItem> &outPublicKey, SecPointer<KeyItem> &outPrivateKey) { bool freeKeys = false; bool deleteContext = false; if (!(keychain->database()->dl()->subserviceMask() & CSSM_SERVICE_CSP)) MacOSError::throwMe(errSecInvalidKeychain); SSDbImpl* impl = dynamic_cast<SSDbImpl*>(&(*keychain->database())); if (impl == NULL) { CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER); } SSDb ssDb(impl); CssmClient::CSP csp(keychain->csp()); CssmClient::CSP appleCsp(gGuidAppleCSP); // Generate a random label to use initially CssmClient::Random random(appleCsp, CSSM_ALGID_APPLE_YARROW); uint8 labelBytes[20]; CssmData label(labelBytes, sizeof(labelBytes)); random.generate(label, label.Length); // Create a Access::Maker for the initial owner of the private key. ResourceControlContext rcc; memset(&rcc, 0, sizeof(rcc)); Access::Maker maker; // @@@ Potentially provide a credential argument which allows us to generate keys in the csp. Currently the CSP let's anyone do this, but we might restrict this in the future, f.e. a smartcard could require out of band pin entry before a key can be generated. maker.initialOwner(rcc); // Create the cred we need to manipulate the keys until we actually set a new access control for them. const AccessCredentials *cred = maker.cred(); CSSM_KEY publicCssmKey, privateCssmKey; memset(&publicCssmKey, 0, sizeof(publicCssmKey)); memset(&privateCssmKey, 0, sizeof(privateCssmKey)); CSSM_CC_HANDLE ccHandle = 0; Item publicKeyItem, privateKeyItem; try { CSSM_RETURN status; if (contextHandle) ccHandle = contextHandle; else { status = CSSM_CSP_CreateKeyGenContext(csp->handle(), algorithm, keySizeInBits, NULL, NULL, NULL, NULL, NULL, &ccHandle); if (status) CssmError::throwMe(status); deleteContext = true; } CSSM_DL_DB_HANDLE dldbHandle = ssDb->handle(); CSSM_DL_DB_HANDLE_PTR dldbHandlePtr = &dldbHandle; CSSM_CONTEXT_ATTRIBUTE contextAttributes = { CSSM_ATTRIBUTE_DL_DB_HANDLE, sizeof(dldbHandle), { (char *)dldbHandlePtr } }; status = CSSM_UpdateContextAttributes(ccHandle, 1, &contextAttributes); if (status) CssmError::throwMe(status); // Generate the keypair status = CSSM_GenerateKeyPair(ccHandle, publicKeyUsage, publicKeyAttr, &label, &publicCssmKey, privateKeyUsage, privateKeyAttr, &label, &rcc, &privateCssmKey); if (status) CssmError::throwMe(status); freeKeys = true; // Find the keys we just generated in the DL to get SecKeyRef's to them // so we can change the label to be the hash of the public key, and // fix up other attributes. // Look up public key in the DLDB. DbAttributes pubDbAttributes; DbUniqueRecord pubUniqueId; SSDbCursor dbPubCursor(ssDb, 1); dbPubCursor->recordType(CSSM_DL_DB_RECORD_PUBLIC_KEY); dbPubCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, label); CssmClient::Key publicKey; if (!dbPubCursor->nextKey(&pubDbAttributes, publicKey, pubUniqueId)) MacOSError::throwMe(errSecItemNotFound); // Look up private key in the DLDB. DbAttributes privDbAttributes; DbUniqueRecord privUniqueId; SSDbCursor dbPrivCursor(ssDb, 1); dbPrivCursor->recordType(CSSM_DL_DB_RECORD_PRIVATE_KEY); dbPrivCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, label); CssmClient::Key privateKey; if (!dbPrivCursor->nextKey(&privDbAttributes, privateKey, privUniqueId)) MacOSError::throwMe(errSecItemNotFound); // Convert reference public key to a raw key so we can use it // in the appleCsp. CssmClient::WrapKey wrap(csp, CSSM_ALGID_NONE); wrap.cred(cred); CssmClient::Key rawPubKey = wrap(publicKey); // Calculate the hash of the public key using the appleCSP. CssmClient::PassThrough passThrough(appleCsp); void *outData; CssmData *cssmData; /* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the * associated key blob. * Key is specified in CSSM_CSP_CreatePassThroughContext. * Hash is allocated bythe CSP, in the App's memory, and returned * in *outData. */ passThrough.key(rawPubKey); passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData); cssmData = reinterpret_cast<CssmData *>(outData); CssmData &pubKeyHash = *cssmData; auto_ptr<string>privDescription; auto_ptr<string>pubDescription; try { privDescription.reset(new string(initialAccess->promptDescription())); pubDescription.reset(new string(initialAccess->promptDescription())); } catch(...) { /* this path taken if no promptDescription available, e.g., for complex ACLs */ privDescription.reset(new string("Private key")); pubDescription.reset(new string("Public key")); } // Set the label of the public key to the public key hash. // Set the PrintName of the public key to the description in the acl. pubDbAttributes.add(kInfoKeyLabel, pubKeyHash); pubDbAttributes.add(kInfoKeyPrintName, *pubDescription); pubUniqueId->modify(CSSM_DL_DB_RECORD_PUBLIC_KEY, &pubDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); // Set the label of the private key to the public key hash. // Set the PrintName of the private key to the description in the acl. privDbAttributes.add(kInfoKeyLabel, pubKeyHash); privDbAttributes.add(kInfoKeyPrintName, *privDescription); privUniqueId->modify(CSSM_DL_DB_RECORD_PRIVATE_KEY, &privDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); // @@@ Not exception safe! csp.allocator().free(cssmData->Data); csp.allocator().free(cssmData); // Finally fix the acl and owner of the private key to the specified access control settings. initialAccess->setAccess(*privateKey, maker); if(publicKeyAttr & CSSM_KEYATTR_PUBLIC_KEY_ENCRYPT) { /* * Make the public key acl completely open. * If the key was not encrypted, it already has a wide-open * ACL (though that is a feature of securityd; it's not * CDSA-specified behavior). */ SecPointer<Access> pubKeyAccess(new Access()); pubKeyAccess->setAccess(*publicKey, maker); } // Create keychain items which will represent the keys. publicKeyItem = keychain->item(CSSM_DL_DB_RECORD_PUBLIC_KEY, pubUniqueId); privateKeyItem = keychain->item(CSSM_DL_DB_RECORD_PRIVATE_KEY, privUniqueId); KeyItem* impl = dynamic_cast<KeyItem*>(&(*publicKeyItem)); if (impl == NULL) { CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER); } outPublicKey = impl; impl = dynamic_cast<KeyItem*>(&(*privateKeyItem)); if (impl == NULL) { CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER); } outPrivateKey = impl; } catch (...) { if (freeKeys) { // Delete the keys if something goes wrong so we don't end up with inaccessible keys in the database. CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, TRUE); CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, TRUE); } if (deleteContext) CSSM_DeleteContext(ccHandle); throw; } if (freeKeys) { CSSM_FreeKey(csp->handle(), NULL, &publicCssmKey, FALSE); CSSM_FreeKey(csp->handle(), NULL, &privateCssmKey, FALSE); } if (deleteContext) CSSM_DeleteContext(ccHandle); if (keychain && publicKeyItem && privateKeyItem) { keychain->postEvent(kSecAddEvent, publicKeyItem); keychain->postEvent(kSecAddEvent, privateKeyItem); } }