/*!
*/
OSStatus SecACLCopySimpleContents(SecACLRef aclRef,
CFArrayRef *applicationList,
CFStringRef *promptDescription, CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
{
BEGIN_SECAPI
SecPointer<ACL> acl = ACL::required(aclRef);
switch (acl->form()) {
case ACL::allowAllForm:
Required(applicationList) = NULL;
Required(promptDescription) =
acl->promptDescription().empty() ? NULL
: makeCFString(acl->promptDescription());
Required(promptSelector) = acl->promptSelector();
break;
case ACL::appListForm:
Required(applicationList) =
makeCFArrayFrom(convert, acl->applications());
Required(promptDescription) = makeCFString(acl->promptDescription());
Required(promptSelector) = acl->promptSelector();
break;
case ACL::integrityForm:
Required(applicationList) = NULL;
Required(promptDescription) = makeCFString(acl->integrity().toHex());
// We don't have a prompt selector. Nullify.
Required(promptSelector).version = CSSM_ACL_KEYCHAIN_PROMPT_CURRENT_VERSION;
Required(promptSelector).flags = 0;
break;
default:
return errSecACLNotSimple; // custom or unknown
}
END_SECAPI
}
OSStatus SecACLSetSimpleContents(SecACLRef aclRef,
CFArrayRef applicationList,
CFStringRef description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR *promptSelector)
{
BEGIN_SECAPI
SecPointer<ACL> acl = ACL::required(aclRef);
if(acl->form() == ACL::integrityForm) {
// If this is an integrity ACL, route the (unhexified) promptDescription into the right place
string hex = cfString(description);
if(hex.length() %2 == 0) {
// might be a valid hex string, try to set
CssmAutoData data(Allocator::standard());
data.malloc(hex.length() / 2);
data.get().fromHex(hex.c_str());
acl->setIntegrity(data);
}
} else {
// Otherwise, put it in the promptDescription where it belongs
acl->promptDescription() = description ? cfString(description) : "";
}
acl->promptSelector() = promptSelector ? *promptSelector : ACL::defaultSelector;
if(acl->form() != ACL::integrityForm) {
if (applicationList) {
// application-list + prompt
acl->form(ACL::appListForm);
setApplications(acl, applicationList);
} else {
// allow-any
acl->form(ACL::allowAllForm);
}
}
acl->modify();
END_SECAPI
}
void
KeyItem::importPair(
Keychain keychain,
const CSSM_KEY &publicWrappedKey,
const CSSM_KEY &privateWrappedKey,
SecPointer<Access> initialAccess,
SecPointer<KeyItem> &outPublicKey,
SecPointer<KeyItem> &outPrivateKey)
{
bool freePublicKey = false;
bool freePrivateKey = false;
bool deleteContext = false;
if (!(keychain->database()->dl()->subserviceMask() & CSSM_SERVICE_CSP))
MacOSError::throwMe(errSecInvalidKeychain);
SSDbImpl* impl = dynamic_cast<SSDbImpl *>(&(*keychain->database()));
if (impl == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
SSDb ssDb(impl);
CssmClient::CSP csp(keychain->csp());
CssmClient::CSP appleCsp(gGuidAppleCSP);
// Create a Access::Maker for the initial owner of the private key.
ResourceControlContext rcc;
memset(&rcc, 0, sizeof(rcc));
Access::Maker maker(Allocator::standard(), Access::Maker::kAnyMakerType);
// @@@ Potentially provide a credential argument which allows us to unwrap keys in the csp.
// Currently the CSP lets anyone do this, but we might restrict this in the future, e.g.
// a smartcard could require out of band pin entry before a key can be generated.
maker.initialOwner(rcc);
// Create the cred we need to manipulate the keys until we actually set a new access control for them.
const AccessCredentials *cred = maker.cred();
CSSM_KEY publicCssmKey, privateCssmKey;
memset(&publicCssmKey, 0, sizeof(publicCssmKey));
memset(&privateCssmKey, 0, sizeof(privateCssmKey));
CSSM_CC_HANDLE ccHandle = 0;
Item publicKeyItem, privateKeyItem;
try
{
CSSM_RETURN status;
// Calculate the hash of the public key using the appleCSP.
CssmClient::PassThrough passThrough(appleCsp);
void *outData;
CssmData *cssmData;
/* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the
* associated key blob.
* Key is specified in CSSM_CSP_CreatePassThroughContext.
* Hash is allocated bythe CSP, in the App's memory, and returned
* in *outData. */
passThrough.key(&publicWrappedKey);
passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData);
cssmData = reinterpret_cast<CssmData *>(outData);
CssmData &pubKeyHash = *cssmData;
status = CSSM_CSP_CreateSymmetricContext(csp->handle(), publicWrappedKey.KeyHeader.WrapAlgorithmId, CSSM_ALGMODE_NONE, NULL, NULL, NULL, CSSM_PADDING_NONE, NULL, &ccHandle);
if (status)
CssmError::throwMe(status);
deleteContext = true;
CSSM_DL_DB_HANDLE dldbHandle = ssDb->handle();
CSSM_DL_DB_HANDLE_PTR dldbHandlePtr = &dldbHandle;
CSSM_CONTEXT_ATTRIBUTE contextAttributes = { CSSM_ATTRIBUTE_DL_DB_HANDLE, sizeof(dldbHandle), { (char *)dldbHandlePtr } };
status = CSSM_UpdateContextAttributes(ccHandle, 1, &contextAttributes);
if (status)
CssmError::throwMe(status);
// Unwrap the the keys
CSSM_DATA descriptiveData = {0, NULL};
status = CSSM_UnwrapKey(
ccHandle,
NULL,
&publicWrappedKey,
publicWrappedKey.KeyHeader.KeyUsage,
publicWrappedKey.KeyHeader.KeyAttr | CSSM_KEYATTR_PERMANENT,
&pubKeyHash,
&rcc,
&publicCssmKey,
&descriptiveData);
if (status)
CssmError::throwMe(status);
freePublicKey = true;
if (descriptiveData.Data != NULL)
free (descriptiveData.Data);
status = CSSM_UnwrapKey(
ccHandle,
NULL,
&privateWrappedKey,
privateWrappedKey.KeyHeader.KeyUsage,
privateWrappedKey.KeyHeader.KeyAttr | CSSM_KEYATTR_PERMANENT,
&pubKeyHash,
&rcc,
&privateCssmKey,
&descriptiveData);
if (status)
CssmError::throwMe(status);
if (descriptiveData.Data != NULL)
free (descriptiveData.Data);
freePrivateKey = true;
// Find the keys we just generated in the DL to get SecKeyRefs to them
// so we can change the label to be the hash of the public key, and
// fix up other attributes.
// Look up public key in the DLDB.
DbAttributes pubDbAttributes;
DbUniqueRecord pubUniqueId;
SSDbCursor dbPubCursor(ssDb, 1);
dbPubCursor->recordType(CSSM_DL_DB_RECORD_PUBLIC_KEY);
dbPubCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, pubKeyHash);
CssmClient::Key publicKey;
if (!dbPubCursor->nextKey(&pubDbAttributes, publicKey, pubUniqueId))
MacOSError::throwMe(errSecItemNotFound);
// Look up private key in the DLDB.
DbAttributes privDbAttributes;
DbUniqueRecord privUniqueId;
SSDbCursor dbPrivCursor(ssDb, 1);
dbPrivCursor->recordType(CSSM_DL_DB_RECORD_PRIVATE_KEY);
dbPrivCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, pubKeyHash);
CssmClient::Key privateKey;
if (!dbPrivCursor->nextKey(&privDbAttributes, privateKey, privUniqueId))
MacOSError::throwMe(errSecItemNotFound);
// @@@ Not exception safe!
csp.allocator().free(cssmData->Data);
csp.allocator().free(cssmData);
auto_ptr<string>privDescription;
auto_ptr<string>pubDescription;
try {
privDescription.reset(new string(initialAccess->promptDescription()));
pubDescription.reset(new string(initialAccess->promptDescription()));
}
catch(...) {
/* this path taken if no promptDescription available, e.g., for complex ACLs */
privDescription.reset(new string("Private key"));
pubDescription.reset(new string("Public key"));
}
// Set the label of the public key to the public key hash.
// Set the PrintName of the public key to the description in the acl.
pubDbAttributes.add(kInfoKeyPrintName, *pubDescription);
pubUniqueId->modify(CSSM_DL_DB_RECORD_PUBLIC_KEY, &pubDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
// Set the label of the private key to the public key hash.
// Set the PrintName of the private key to the description in the acl.
privDbAttributes.add(kInfoKeyPrintName, *privDescription);
privUniqueId->modify(CSSM_DL_DB_RECORD_PRIVATE_KEY, &privDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
// Finally fix the acl and owner of the private key to the specified access control settings.
initialAccess->setAccess(*privateKey, maker);
// Make the public key acl completely open
SecPointer<Access> pubKeyAccess(new Access());
pubKeyAccess->setAccess(*publicKey, maker);
// Create keychain items which will represent the keys.
publicKeyItem = keychain->item(CSSM_DL_DB_RECORD_PUBLIC_KEY, pubUniqueId);
privateKeyItem = keychain->item(CSSM_DL_DB_RECORD_PRIVATE_KEY, privUniqueId);
KeyItem* impl = dynamic_cast<KeyItem*>(&(*publicKeyItem));
if (impl == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
outPublicKey = impl;
impl = dynamic_cast<KeyItem*>(&(*privateKeyItem));
if (impl == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
outPrivateKey = impl;
}
catch (...)
{
if (freePublicKey)
CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, TRUE);
if (freePrivateKey)
CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, TRUE);
if (deleteContext)
CSSM_DeleteContext(ccHandle);
throw;
}
if (freePublicKey)
CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, FALSE);
if (freePrivateKey)
CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, FALSE);
if (deleteContext)
CSSM_DeleteContext(ccHandle);
if (keychain && publicKeyItem && privateKeyItem)
{
KCEventNotifier::PostKeychainEvent(kSecAddEvent, keychain, publicKeyItem);
KCEventNotifier::PostKeychainEvent(kSecAddEvent, keychain, privateKeyItem);
}
}
void
KeyItem::createPair(
Keychain keychain,
CSSM_ALGORITHMS algorithm,
uint32 keySizeInBits,
CSSM_CC_HANDLE contextHandle,
CSSM_KEYUSE publicKeyUsage,
uint32 publicKeyAttr,
CSSM_KEYUSE privateKeyUsage,
uint32 privateKeyAttr,
SecPointer<Access> initialAccess,
SecPointer<KeyItem> &outPublicKey,
SecPointer<KeyItem> &outPrivateKey)
{
bool freeKeys = false;
bool deleteContext = false;
if (!(keychain->database()->dl()->subserviceMask() & CSSM_SERVICE_CSP))
MacOSError::throwMe(errSecInvalidKeychain);
SSDbImpl* impl = dynamic_cast<SSDbImpl*>(&(*keychain->database()));
if (impl == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
SSDb ssDb(impl);
CssmClient::CSP csp(keychain->csp());
CssmClient::CSP appleCsp(gGuidAppleCSP);
// Generate a random label to use initially
CssmClient::Random random(appleCsp, CSSM_ALGID_APPLE_YARROW);
uint8 labelBytes[20];
CssmData label(labelBytes, sizeof(labelBytes));
random.generate(label, label.Length);
// Create a Access::Maker for the initial owner of the private key.
ResourceControlContext rcc;
memset(&rcc, 0, sizeof(rcc));
Access::Maker maker;
// @@@ Potentially provide a credential argument which allows us to generate keys in the csp. Currently the CSP let's anyone do this, but we might restrict this in the future, f.e. a smartcard could require out of band pin entry before a key can be generated.
maker.initialOwner(rcc);
// Create the cred we need to manipulate the keys until we actually set a new access control for them.
const AccessCredentials *cred = maker.cred();
CSSM_KEY publicCssmKey, privateCssmKey;
memset(&publicCssmKey, 0, sizeof(publicCssmKey));
memset(&privateCssmKey, 0, sizeof(privateCssmKey));
CSSM_CC_HANDLE ccHandle = 0;
Item publicKeyItem, privateKeyItem;
try
{
CSSM_RETURN status;
if (contextHandle)
ccHandle = contextHandle;
else
{
status = CSSM_CSP_CreateKeyGenContext(csp->handle(), algorithm, keySizeInBits, NULL, NULL, NULL, NULL, NULL, &ccHandle);
if (status)
CssmError::throwMe(status);
deleteContext = true;
}
CSSM_DL_DB_HANDLE dldbHandle = ssDb->handle();
CSSM_DL_DB_HANDLE_PTR dldbHandlePtr = &dldbHandle;
CSSM_CONTEXT_ATTRIBUTE contextAttributes = { CSSM_ATTRIBUTE_DL_DB_HANDLE, sizeof(dldbHandle), { (char *)dldbHandlePtr } };
status = CSSM_UpdateContextAttributes(ccHandle, 1, &contextAttributes);
if (status)
CssmError::throwMe(status);
// Generate the keypair
status = CSSM_GenerateKeyPair(ccHandle, publicKeyUsage, publicKeyAttr, &label, &publicCssmKey, privateKeyUsage, privateKeyAttr, &label, &rcc, &privateCssmKey);
if (status)
CssmError::throwMe(status);
freeKeys = true;
// Find the keys we just generated in the DL to get SecKeyRef's to them
// so we can change the label to be the hash of the public key, and
// fix up other attributes.
// Look up public key in the DLDB.
DbAttributes pubDbAttributes;
DbUniqueRecord pubUniqueId;
SSDbCursor dbPubCursor(ssDb, 1);
dbPubCursor->recordType(CSSM_DL_DB_RECORD_PUBLIC_KEY);
dbPubCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, label);
CssmClient::Key publicKey;
if (!dbPubCursor->nextKey(&pubDbAttributes, publicKey, pubUniqueId))
MacOSError::throwMe(errSecItemNotFound);
// Look up private key in the DLDB.
DbAttributes privDbAttributes;
DbUniqueRecord privUniqueId;
SSDbCursor dbPrivCursor(ssDb, 1);
dbPrivCursor->recordType(CSSM_DL_DB_RECORD_PRIVATE_KEY);
dbPrivCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, label);
CssmClient::Key privateKey;
if (!dbPrivCursor->nextKey(&privDbAttributes, privateKey, privUniqueId))
MacOSError::throwMe(errSecItemNotFound);
// Convert reference public key to a raw key so we can use it
// in the appleCsp.
CssmClient::WrapKey wrap(csp, CSSM_ALGID_NONE);
wrap.cred(cred);
CssmClient::Key rawPubKey = wrap(publicKey);
// Calculate the hash of the public key using the appleCSP.
CssmClient::PassThrough passThrough(appleCsp);
void *outData;
CssmData *cssmData;
/* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the
* associated key blob.
* Key is specified in CSSM_CSP_CreatePassThroughContext.
* Hash is allocated bythe CSP, in the App's memory, and returned
* in *outData. */
passThrough.key(rawPubKey);
passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData);
cssmData = reinterpret_cast<CssmData *>(outData);
CssmData &pubKeyHash = *cssmData;
auto_ptr<string>privDescription;
auto_ptr<string>pubDescription;
try {
privDescription.reset(new string(initialAccess->promptDescription()));
pubDescription.reset(new string(initialAccess->promptDescription()));
}
catch(...) {
/* this path taken if no promptDescription available, e.g., for complex ACLs */
privDescription.reset(new string("Private key"));
pubDescription.reset(new string("Public key"));
}
// Set the label of the public key to the public key hash.
// Set the PrintName of the public key to the description in the acl.
pubDbAttributes.add(kInfoKeyLabel, pubKeyHash);
pubDbAttributes.add(kInfoKeyPrintName, *pubDescription);
pubUniqueId->modify(CSSM_DL_DB_RECORD_PUBLIC_KEY, &pubDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
// Set the label of the private key to the public key hash.
// Set the PrintName of the private key to the description in the acl.
privDbAttributes.add(kInfoKeyLabel, pubKeyHash);
privDbAttributes.add(kInfoKeyPrintName, *privDescription);
privUniqueId->modify(CSSM_DL_DB_RECORD_PRIVATE_KEY, &privDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
// @@@ Not exception safe!
csp.allocator().free(cssmData->Data);
csp.allocator().free(cssmData);
// Finally fix the acl and owner of the private key to the specified access control settings.
initialAccess->setAccess(*privateKey, maker);
if(publicKeyAttr & CSSM_KEYATTR_PUBLIC_KEY_ENCRYPT) {
/*
* Make the public key acl completely open.
* If the key was not encrypted, it already has a wide-open
* ACL (though that is a feature of securityd; it's not
* CDSA-specified behavior).
*/
SecPointer<Access> pubKeyAccess(new Access());
pubKeyAccess->setAccess(*publicKey, maker);
}
// Create keychain items which will represent the keys.
publicKeyItem = keychain->item(CSSM_DL_DB_RECORD_PUBLIC_KEY, pubUniqueId);
privateKeyItem = keychain->item(CSSM_DL_DB_RECORD_PRIVATE_KEY, privUniqueId);
KeyItem* impl = dynamic_cast<KeyItem*>(&(*publicKeyItem));
if (impl == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
outPublicKey = impl;
impl = dynamic_cast<KeyItem*>(&(*privateKeyItem));
if (impl == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
outPrivateKey = impl;
}
catch (...)
{
if (freeKeys)
{
// Delete the keys if something goes wrong so we don't end up with inaccessible keys in the database.
CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, TRUE);
CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, TRUE);
}
if (deleteContext)
CSSM_DeleteContext(ccHandle);
throw;
}
if (freeKeys)
{
CSSM_FreeKey(csp->handle(), NULL, &publicCssmKey, FALSE);
CSSM_FreeKey(csp->handle(), NULL, &privateCssmKey, FALSE);
}
if (deleteContext)
CSSM_DeleteContext(ccHandle);
if (keychain && publicKeyItem && privateKeyItem)
{
keychain->postEvent(kSecAddEvent, publicKeyItem);
keychain->postEvent(kSecAddEvent, privateKeyItem);
}
}
