darlinghq/darling-SecurityTokend
1
0
Fork 0
mirror of https://github.com/darlinghq/darling-SecurityTokend.git synced 2024-11-26 22:00:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

SecurityTokend-55111

Browse Source
This commit is contained in:
Andrew Hyatt 2019-01-13 22:45:16 -05:00
parent fbcc421d75
commit 14334c0c77
27 changed files with 3917 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

367
APPLE_LICENSE Normal file
View File

@ -0,0 +1,367 @@
APPLE PUBLIC SOURCE LICENSE
Version 2.0 - August 6, 2003
Please read this License carefully before downloading this software.
By downloading or using this software, you are agreeing to be bound by
the terms of this License. If you do not or cannot agree to the terms
of this License, please do not download or use the software.
1. General; Definitions. This License applies to any program or other
work which Apple Computer, Inc. ("Apple") makes publicly available and
which contains a notice placed by Apple identifying such program or
work as "Original Code" and stating that it is subject to the terms of
this Apple Public Source License version 2.0 ("License"). As used in
this License:
1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is
the grantor of rights, (i) claims of patents that are now or hereafter
acquired, owned by or assigned to Apple and (ii) that cover subject
matter contained in the Original Code, but only to the extent
necessary to use, reproduce and/or distribute the Original Code
without infringement; and (b) in the case where You are the grantor of
rights, (i) claims of patents that are now or hereafter acquired,
owned by or assigned to You and (ii) that cover subject matter in Your
Modifications, taken alone or in combination with Original Code.
1.2 "Contributor" means any person or entity that creates or
contributes to the creation of Modifications.
1.3 "Covered Code" means the Original Code, Modifications, the
combination of Original Code and any Modifications, and/or any
respective portions thereof.
1.4 "Externally Deploy" means: (a) to sublicense, distribute or
otherwise make Covered Code available, directly or indirectly, to
anyone other than You; and/or (b) to use Covered Code, alone or as
part of a Larger Work, in any way to provide a service, including but
not limited to delivery of content, through electronic communication
with a client other than You.
1.5 "Larger Work" means a work which combines Covered Code or portions
thereof with code not governed by the terms of this License.
1.6 "Modifications" mean any addition to, deletion from, and/or change
to, the substance and/or structure of the Original Code, any previous
Modifications, the combination of Original Code and any previous
Modifications, and/or any respective portions thereof. When code is
released as a series of files, a Modification is: (a) any addition to
or deletion from the contents of a file containing Covered Code;
and/or (b) any new file or other representation of computer program
statements that contains any part of Covered Code.
1.7 "Original Code" means (a) the Source Code of a program or other
work as originally made available by Apple under this License,
including the Source Code of any updates or upgrades to such programs
or works made available by Apple under this License, and that has been
expressly identified by Apple as such in the header file(s) of such
work; and (b) the object code compiled from such Source Code and
originally made available by Apple under this License.
1.8 "Source Code" means the human readable form of a program or other
work that is suitable for making modifications to it, including all
modules it contains, plus any associated interface definition files,
scripts used to control compilation and installation of an executable
(object code).
1.9 "You" or "Your" means an individual or a legal entity exercising
rights under this License. For legal entities, "You" or "Your"
includes any entity which controls, is controlled by, or is under
common control with, You, where "control" means (a) the power, direct
or indirect, to cause the direction or management of such entity,
whether by contract or otherwise, or (b) ownership of fifty percent
(50%) or more of the outstanding shares or beneficial ownership of
such entity.
2. Permitted Uses; Conditions & Restrictions. Subject to the terms
and conditions of this License, Apple hereby grants You, effective on
the date You accept this License and download the Original Code, a
world-wide, royalty-free, non-exclusive license, to the extent of
Apple's Applicable Patent Rights and copyrights covering the Original
Code, to do the following:
2.1 Unmodified Code. You may use, reproduce, display, perform,
internally distribute within Your organization, and Externally Deploy
verbatim, unmodified copies of the Original Code, for commercial or
non-commercial purposes, provided that in each instance:
(a) You must retain and reproduce in all copies of Original Code the
copyright and other proprietary notices and disclaimers of Apple as
they appear in the Original Code, and keep intact all notices in the
Original Code that refer to this License; and
(b) You must include a copy of this License with every copy of Source
Code of Covered Code and documentation You distribute or Externally
Deploy, and You may not offer or impose any terms on such Source Code
that alter or restrict this License or the recipients' rights
hereunder, except as permitted under Section 6.
2.2 Modified Code. You may modify Covered Code and use, reproduce,
display, perform, internally distribute within Your organization, and
Externally Deploy Your Modifications and Covered Code, for commercial
or non-commercial purposes, provided that in each instance You also
meet all of these conditions:
(a) You must satisfy all the conditions of Section 2.1 with respect to
the Source Code of the Covered Code;
(b) You must duplicate, to the extent it does not already exist, the
notice in Exhibit A in each file of the Source Code of all Your
Modifications, and cause the modified files to carry prominent notices
stating that You changed the files and the date of any change; and
(c) If You Externally Deploy Your Modifications, You must make
Source Code of all Your Externally Deployed Modifications either
available to those to whom You have Externally Deployed Your
Modifications, or publicly available. Source Code of Your Externally
Deployed Modifications must be released under the terms set forth in
this License, including the license grants set forth in Section 3
below, for as long as you Externally Deploy the Covered Code or twelve
(12) months from the date of initial External Deployment, whichever is
longer. You should preferably distribute the Source Code of Your
Externally Deployed Modifications electronically (e.g. download from a
web site).
2.3 Distribution of Executable Versions. In addition, if You
Externally Deploy Covered Code (Original Code and/or Modifications) in
object code, executable form only, You must include a prominent
notice, in the code itself as well as in related documentation,
stating that Source Code of the Covered Code is available under the
terms of this License with information on how and where to obtain such
Source Code.
2.4 Third Party Rights. You expressly acknowledge and agree that
although Apple and each Contributor grants the licenses to their
respective portions of the Covered Code set forth herein, no
assurances are provided by Apple or any Contributor that the Covered
Code does not infringe the patent or other intellectual property
rights of any other entity. Apple and each Contributor disclaim any
liability to You for claims brought by any other entity based on
infringement of intellectual property rights or otherwise. As a
condition to exercising the rights and licenses granted hereunder, You
hereby assume sole responsibility to secure any other intellectual
property rights needed, if any. For example, if a third party patent
license is required to allow You to distribute the Covered Code, it is
Your responsibility to acquire that license before distributing the
Covered Code.
3. Your Grants. In consideration of, and as a condition to, the
licenses granted to You under this License, You hereby grant to any
person or entity receiving or distributing Covered Code under this
License a non-exclusive, royalty-free, perpetual, irrevocable license,
under Your Applicable Patent Rights and other intellectual property
rights (other than patent) owned or controlled by You, to use,
reproduce, display, perform, modify, sublicense, distribute and
Externally Deploy Your Modifications of the same scope and extent as
Apple's licenses under Sections 2.1 and 2.2 above.
4. Larger Works. You may create a Larger Work by combining Covered
Code with other code not governed by the terms of this License and
distribute the Larger Work as a single product. In each such instance,
You must make sure the requirements of this License are fulfilled for
the Covered Code or any portion thereof.
5. Limitations on Patent License. Except as expressly stated in
Section 2, no other patent rights, express or implied, are granted by
Apple herein. Modifications and/or Larger Works may require additional
patent licenses from Apple which Apple may grant in its sole
discretion.
6. Additional Terms. You may choose to offer, and to charge a fee for,
warranty, support, indemnity or liability obligations and/or other
rights consistent with the scope of the license granted herein
("Additional Terms") to one or more recipients of Covered Code.
However, You may do so only on Your own behalf and as Your sole
responsibility, and not on behalf of Apple or any Contributor. You
must obtain the recipient's agreement that any such Additional Terms
are offered by You alone, and You hereby agree to indemnify, defend
and hold Apple and every Contributor harmless for any liability
incurred by or claims asserted against Apple or such Contributor by
reason of any such Additional Terms.
7. Versions of the License. Apple may publish revised and/or new
versions of this License from time to time. Each version will be given
a distinguishing version number. Once Original Code has been published
under a particular version of this License, You may continue to use it
under the terms of that version. You may also choose to use such
Original Code under the terms of any subsequent version of this
License published by Apple. No one other than Apple has the right to
modify the terms applicable to Covered Code created under this
License.
8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in
part pre-release, untested, or not fully tested works. The Covered
Code may contain errors that could cause failures or loss of data, and
may be incomplete or contain inaccuracies. You expressly acknowledge
and agree that use of the Covered Code, or any portion thereof, is at
Your sole and entire risk. THE COVERED CODE IS PROVIDED "AS IS" AND
WITHOUT WARRANTY, UPGRADES OR SUPPORT OF ANY KIND AND APPLE AND
APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE" FOR THE
PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM
ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF
MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR
PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD
PARTY RIGHTS. APPLE AND EACH CONTRIBUTOR DOES NOT WARRANT AGAINST
INTERFERENCE WITH YOUR ENJOYMENT OF THE COVERED CODE, THAT THE
FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR REQUIREMENTS,
THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR
ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO
ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE
AUTHORIZED REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY.
You acknowledge that the Covered Code is not intended for use in the
operation of nuclear facilities, aircraft navigation, communication
systems, or air traffic control machines in which case the failure of
the Covered Code could lead to death, personal injury, or severe
physical or environmental damage.
9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO
EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL,
SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING
TO THIS LICENSE OR YOUR USE OR INABILITY TO USE THE COVERED CODE, OR
ANY PORTION THEREOF, WHETHER UNDER A THEORY OF CONTRACT, WARRANTY,
TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY OR OTHERWISE, EVEN IF
APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY
REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY OF
INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY
TO YOU. In no event shall Apple's total liability to You for all
damages (other than as may be required by applicable law) under this
License exceed the amount of fifty dollars ($50.00).
10. Trademarks. This License does not grant any rights to use the
trademarks or trade names "Apple", "Apple Computer", "Mac", "Mac OS",
"QuickTime", "QuickTime Streaming Server" or any other trademarks,
service marks, logos or trade names belonging to Apple (collectively
"Apple Marks") or to any trademark, service mark, logo or trade name
belonging to any Contributor. You agree not to use any Apple Marks in
or as part of the name of products derived from the Original Code or
to endorse or promote products derived from the Original Code other
than as expressly permitted by and in strict compliance at all times
with Apple's third party trademark usage guidelines which are posted
at http://www.apple.com/legal/guidelinesfor3rdparties.html.
11. Ownership. Subject to the licenses granted under this License,
each Contributor retains all rights, title and interest in and to any
Modifications made by such Contributor. Apple retains all rights,
title and interest in and to the Original Code and any Modifications
made by or on behalf of Apple ("Apple Modifications"), and such Apple
Modifications will not be automatically subject to this License. Apple
may, at its sole discretion, choose to license such Apple
Modifications under this License, or on different terms from those
contained in this License or may choose not to license them at all.
12. Termination.
12.1 Termination. This License and the rights granted hereunder will
terminate:
(a) automatically without notice from Apple if You fail to comply with
any term(s) of this License and fail to cure such breach within 30
days of becoming aware of such breach;
(b) immediately in the event of the circumstances described in Section
13.5(b); or
(c) automatically without notice from Apple if You, at any time during
the term of this License, commence an action for patent infringement
against Apple; provided that Apple did not first commence
an action for patent infringement against You in that instance.
12.2 Effect of Termination. Upon termination, You agree to immediately
stop any further use, reproduction, modification, sublicensing and
distribution of the Covered Code. All sublicenses to the Covered Code
which have been properly granted prior to termination shall survive
any termination of this License. Provisions which, by their nature,
should remain in effect beyond the termination of this License shall
survive, including but not limited to Sections 3, 5, 8, 9, 10, 11,
12.2 and 13. No party will be liable to any other for compensation,
indemnity or damages of any sort solely as a result of terminating
this License in accordance with its terms, and termination of this
License will be without prejudice to any other right or remedy of
any party.
13. Miscellaneous.
13.1 Government End Users. The Covered Code is a "commercial item" as
defined in FAR 2.101. Government software and technical data rights in
the Covered Code include only those rights customarily provided to the
public as defined in this License. This customary commercial license
in technical data and software is provided in accordance with FAR
12.211 (Technical Data) and 12.212 (Computer Software) and, for
Department of Defense purchases, DFAR 252.227-7015 (Technical Data --
Commercial Items) and 227.7202-3 (Rights in Commercial Computer
Software or Computer Software Documentation). Accordingly, all U.S.
Government End Users acquire Covered Code with only those rights set
forth herein.
13.2 Relationship of Parties. This License will not be construed as
creating an agency, partnership, joint venture or any other form of
legal association between or among You, Apple or any Contributor, and
You will not represent to the contrary, whether expressly, by
implication, appearance or otherwise.
13.3 Independent Development. Nothing in this License will impair
Apple's right to acquire, license, develop, have others develop for
it, market and/or distribute technology or products that perform the
same or similar functions as, or otherwise compete with,
Modifications, Larger Works, technology or products that You may
develop, produce, market or distribute.
13.4 Waiver; Construction. Failure by Apple or any Contributor to
enforce any provision of this License will not be deemed a waiver of
future enforcement of that or any other provision. Any law or
regulation which provides that the language of a contract shall be
construed against the drafter will not apply to this License.
13.5 Severability. (a) If for any reason a court of competent
jurisdiction finds any provision of this License, or portion thereof,
to be unenforceable, that provision of the License will be enforced to
the maximum extent permissible so as to effect the economic benefits
and intent of the parties, and the remainder of this License will
continue in full force and effect. (b) Notwithstanding the foregoing,
if applicable law prohibits or restricts You from fully and/or
specifically complying with Sections 2 and/or 3 or prevents the
enforceability of either of those Sections, this License will
immediately terminate and You must immediately discontinue any use of
the Covered Code and destroy all copies of it that are in your
possession or control.
13.6 Dispute Resolution. Any litigation or other dispute resolution
between You and Apple relating to this License shall take place in the
Northern District of California, and You and Apple hereby consent to
the personal jurisdiction of, and venue in, the state and federal
courts within that District with respect to this License. The
application of the United Nations Convention on Contracts for the
International Sale of Goods is expressly excluded.
13.7 Entire Agreement; Governing Law. This License constitutes the
entire agreement between the parties with respect to the subject
matter hereof. This License shall be governed by the laws of the
United States and the State of California, except that body of
California law concerning conflicts of law.
Where You are located in the province of Quebec, Canada, the following
clause applies: The parties hereby confirm that they have requested
that this License and all related documents be drafted in English. Les
parties ont exige que le present contrat et tous les documents
connexes soient rediges en anglais.
EXHIBIT A.
"Portions Copyright (c) 1999-2003 Apple Computer, Inc. All Rights
Reserved.
This file contains Original Code and/or Modifications of Original Code
as defined in and that are subject to the Apple Public Source License
Version 2.0 (the 'License'). You may not use this file except in
compliance with the License. Please obtain a copy of the License at
http://www.opensource.apple.com/apsl/ and read it before using this
file.
The Original Code and all software distributed under the License are
distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
Please see the License for the specific language governing rights and
limitations under the License."

125
ChangeLog Normal file
View File

@ -0,0 +1,125 @@
# do not edit -- automatically generated by arch changelog
# arch-tag: automatic-ChangeLog--mb@apple.com--SmartCards-2004/SecurityTokend--Tiger--1.0
#
2004-07-14 00:02:03 GMT Michael Brouwer <mb@apple.com> patch-5
Summary:
Added libsecurity_tokend_client target
Revision:
SecurityTokend--Tiger--1.0--patch-5
Added libsecurity_tokend_client target.
new files:
lib/.arch-ids/=id lib/.arch-ids/tdclient.cpp.id
lib/.arch-ids/tdclient.h.id lib/.arch-ids/tdtransit.cpp.id
lib/.arch-ids/tdtransit.h.id lib/tdclient.cpp lib/tdclient.h
lib/tdtransit.cpp lib/tdtransit.h mig/.arch-ids/=id
mig/.arch-ids/mig.mk.id mig/mig.mk
modified files:
ChangeLog SecurityTokend.xcode/project.pbxproj
lib/transition.c
renamed files:
.arch-ids/SecTokend.c.id
==> lib/.arch-ids/SecTokend.c.id
.arch-ids/SecTokend.h.id
==> lib/.arch-ids/SecTokend.h.id
.arch-ids/tokend.defs.id
==> mig/.arch-ids/tokend.defs.id
.arch-ids/tokend_types.h.id
==> lib/.arch-ids/tokend_types.h.id
.arch-ids/transition.c.id
==> lib/.arch-ids/transition.c.id
SecTokend.c
==> lib/SecTokend.c
SecTokend.h
==> lib/SecTokend.h
tokend.defs
==> mig/tokend.defs
tokend_types.h
==> lib/tokend_types.h
transition.c
==> lib/transition.c
new directories:
lib lib/.arch-ids mig mig/.arch-ids
2004-06-15 19:11:08 GMT Michael Brouwer <mb@apple.com> patch-4
Summary:
Added transition.c
Revision:
SecurityTokend--Tiger--1.0--patch-4
Added transition.c. Ignore xcode .mode1 files.
new files:
.arch-ids/transition.c.id transition.c
modified files:
ChangeLog {arch}/=tagging-method
2004-06-15 00:29:53 GMT Michael Brouwer <mb@apple.com> patch-3
Summary:
Implement tokend.defs server callbacks
Revision:
SecurityTokend--Tiger--1.0--patch-3
Add callbacks server side of tokend.defs and implement stubs for
all the functions.
modified files:
ChangeLog SecTokend.c SecurityTokend.xcode/project.pbxproj
tokend.defs tokend_types.h
2004-06-05 01:32:05 GMT Michael Brouwer <mb@apple.com> patch-2
Summary:
Register my port with securityd
Revision:
SecurityTokend--Tiger--1.0--patch-2
Register a receive right with securityd
modified files:
ChangeLog SecTokend.c
2004-05-14 01:22:43 GMT Michael Brouwer <mb@apple.com> patch-1
Summary:
Added ChangeLog
Revision:
SecurityTokend--Tiger--1.0--patch-1
Switched to auto generated ChangeLog file and make default tagging method tagline.
new files:
ChangeLog
modified files:
{arch}/=tagging-method
2004-05-14 01:06:38 GMT Michael Brouwer <mb@apple.com> base-0
Summary:
Initial checkin of SecurityTokend.framework project
Revision:
SecurityTokend--Tiger--1.0--base-0
Basic private framework for writing tokend instances.
new files:
APPLE_LICENSE English.lproj/InfoPlist.strings Info.plist
SecTokend.c SecTokend.h SecurityTokend.xcode/project.pbxproj
tokend.defs tokend_types.h

BIN
English.lproj/InfoPlist.strings Normal file
View File

Binary file not shown.

26
Info-SecurityTokend.plist Normal file
View File

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>SecurityTokend</string>
<key>CFBundleIconFile</key>
<string></string>
<key>CFBundleIdentifier</key>
<string>com.apple.securitytokend</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string></string>
<key>CFBundlePackageType</key>
<string>FMWK</string>
<key>CFBundleShortVersionString</key>
<string>4.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>${CURRENT_PROJECT_VERSION}</string>
</dict>
</plist>

5
Info-security_tokend_client.plist Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict/>
</plist>

20
Info.plist Normal file
View File

@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>SecurityTokend</string>
<key>CFBundleIdentifier</key>
<string>com.apple.SecurityTokend</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundlePackageType</key>
<string>FMWK</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>1.0</string>
</dict>
</plist>

543
SecurityTokend.xcodeproj/project.pbxproj Normal file
View File

@ -0,0 +1,543 @@
// !$*UTF8*$!
{
archiveVersion = 1;
classes = {
};
objectVersion = 45;
objects = {
/* Begin PBXBuildFile section */
18B9659B147300AF005A4D2E /* tdclient.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CAC26FF069DD074002EB81D /* tdclient.h */; settings = {ATTRIBUTES = (Public, ); }; };
18B965A41473124F005A4D2E /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B965A31473124F005A4D2E /* libsecurity_utilities.a */; };
18B965A614731276005A4D2E /* libsecurityd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B965A514731276005A4D2E /* libsecurityd_client.a */; };
18B965AA147312A3005A4D2E /* libsecurity_cdsa_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B965A9147312A3005A4D2E /* libsecurity_cdsa_utilities.a */; };
4C720FD806CC44540016CA88 /* tdtransit.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C720FD706CC44540016CA88 /* tdtransit.h */; };
4CAC271F069DD236002EB81D /* tdclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CAC26FE069DD074002EB81D /* tdclient.cpp */; };
4CAC2737069DD309002EB81D /* tokendClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CAC2734069DD309002EB81D /* tokendClient.cpp */; };
4CC46A1806A4AC0200027192 /* SecTokend.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC46A1506A4AC0200027192 /* SecTokend.cpp */; };
4CC46A1A06A4AC0200027192 /* transition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC46A1706A4AC0200027192 /* transition.cpp */; };
4CC46A1B06A4AC2C00027192 /* tokend_types.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CAC2702069DD074002EB81D /* tokend_types.h */; settings = {ATTRIBUTES = (Private, ); }; };
4CC46A3506A4AD9E00027192 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CC46A3406A4AD9E00027192 /* CoreFoundation.framework */; };
4CC46A4306A4AE2000027192 /* tdtransit.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CAC2700069DD074002EB81D /* tdtransit.cpp */; };
C20D962406D5A400000AEB0D /* tokend.h in Headers */ = {isa = PBXBuildFile; fileRef = C20D962306D5A400000AEB0D /* tokend.h */; };
C282709E06B73F8D00BE171E /* server.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C282709C06B73F8D00BE171E /* server.cpp */; };
C282709F06B73F8D00BE171E /* server.h in Headers */ = {isa = PBXBuildFile; fileRef = C282709D06B73F8D00BE171E /* server.h */; settings = {ATTRIBUTES = (); }; };
C2871EF606CC20A3009ACFA5 /* tdclient.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CAC26FF069DD074002EB81D /* tdclient.h */; settings = {ATTRIBUTES = (Private, ); }; };
C2871FEF06CC2FC4009ACFA5 /* SecTokend.h in Headers */ = {isa = PBXBuildFile; fileRef = C2871FEE06CC2FC4009ACFA5 /* SecTokend.h */; settings = {ATTRIBUTES = (Public, ); }; };
C28C0F2006D30837004CF059 /* transit.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28C0F1E06D30837004CF059 /* transit.cpp */; };
C28C0F2106D30837004CF059 /* transit.h in Headers */ = {isa = PBXBuildFile; fileRef = C28C0F1F06D30837004CF059 /* transit.h */; };
C28C736906B1DD8600E4B6B4 /* tokendServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CAC2735069DD309002EB81D /* tokendServer.cpp */; };
C2F8ED9407A6E871008FA709 /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = C2F8ED9207A6E871008FA709 /* InfoPlist.strings */; };
DCC07E771CFF50C9005C35C8 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCC07E761CFF50C9005C35C8 /* Security.framework */; };
/* End PBXBuildFile section */
/* Begin PBXContainerItemProxy section */
18B9659C147300D4005A4D2E /* PBXContainerItemProxy */ = {
isa = PBXContainerItemProxy;
containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */;
proxyType = 1;
remoteGlobalIDString = 4C09A2920557240300FED7A3;
remoteInfo = "generate mig";
};
18B9659E147300DD005A4D2E /* PBXContainerItemProxy */ = {
isa = PBXContainerItemProxy;
containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */;
proxyType = 1;
remoteGlobalIDString = 4CAC2710069DD183002EB81D;
remoteInfo = libsecurity_tokend_client;
};
/* End PBXContainerItemProxy section */
/* Begin PBXFileReference section */
1865FF881474F5B600FD79DF /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = "<group>"; };
1865FF891474F5B600FD79DF /* project.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = project.xcconfig; sourceTree = "<group>"; };
1865FF8A1474F5B600FD79DF /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = "<group>"; };
18B965A31473124F005A4D2E /* libsecurity_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_utilities.a; path = /usr/local/lib/libsecurity_utilities.a; sourceTree = "<absolute>"; };
18B965A514731276005A4D2E /* libsecurityd_client.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurityd_client.a; path = /usr/local/lib/libsecurityd_client.a; sourceTree = "<absolute>"; };
18B965A9147312A3005A4D2E /* libsecurity_cdsa_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_cdsa_utilities.a; path = /usr/local/lib/libsecurity_cdsa_utilities.a; sourceTree = "<absolute>"; };
4C24BEF7055724C300C95CD3 /* mig.mk */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = mig.mk; sourceTree = "<group>"; };
4C58E3900540C0DD00B89535 /* SecurityTokend.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; path = SecurityTokend.framework; sourceTree = BUILT_PRODUCTS_DIR; };
4C720FD706CC44540016CA88 /* tdtransit.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = tdtransit.h; path = lib/tdtransit.h; sourceTree = "<group>"; };
4CAC26FE069DD074002EB81D /* tdclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = tdclient.cpp; path = lib/tdclient.cpp; sourceTree = "<group>"; };
4CAC26FF069DD074002EB81D /* tdclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = tdclient.h; path = lib/tdclient.h; sourceTree = "<group>"; };
4CAC2700069DD074002EB81D /* tdtransit.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = tdtransit.cpp; path = lib/tdtransit.cpp; sourceTree = "<group>"; };
4CAC2702069DD074002EB81D /* tokend_types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = tokend_types.h; path = lib/tokend_types.h; sourceTree = SOURCE_ROOT; };
4CAC2708069DD094002EB81D /* tokend.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = tokend.defs; sourceTree = "<group>"; };
4CAC2718069DD183002EB81D /* libsecurity_tokend_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_tokend_client.a; sourceTree = BUILT_PRODUCTS_DIR; };
4CAC2734069DD309002EB81D /* tokendClient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokendClient.cpp; sourceTree = "<group>"; };
4CAC2735069DD309002EB81D /* tokendServer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokendServer.cpp; sourceTree = "<group>"; };
4CC46A1506A4AC0200027192 /* SecTokend.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = SecTokend.cpp; path = lib/SecTokend.cpp; sourceTree = "<group>"; };
4CC46A1706A4AC0200027192 /* transition.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = transition.cpp; path = lib/transition.cpp; sourceTree = "<group>"; };
4CC46A3406A4AD9E00027192 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = /System/Library/Frameworks/CoreFoundation.framework; sourceTree = "<absolute>"; };
C20D962306D5A400000AEB0D /* tokend.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokend.h; sourceTree = "<group>"; };
C282709C06B73F8D00BE171E /* server.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = server.cpp; path = lib/server.cpp; sourceTree = "<group>"; };
C282709D06B73F8D00BE171E /* server.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = server.h; path = lib/server.h; sourceTree = "<group>"; };
C2871FEE06CC2FC4009ACFA5 /* SecTokend.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SecTokend.h; path = lib/SecTokend.h; sourceTree = "<group>"; };
C28C0F1E06D30837004CF059 /* transit.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = transit.cpp; path = lib/transit.cpp; sourceTree = "<group>"; };
C28C0F1F06D30837004CF059 /* transit.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = transit.h; path = lib/transit.h; sourceTree = "<group>"; };
C2B6F2370B83E5A000187FD9 /* SecurityTokend.exp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.exports; name = SecurityTokend.exp; path = lib/SecurityTokend.exp; sourceTree = "<group>"; };
C2F8ED9307A6E871008FA709 /* English */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = English; path = English.lproj/InfoPlist.strings; sourceTree = "<group>"; };
DCC07E761CFF50C9005C35C8 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
4C608E2306A4A83400F1CEDD /* Frameworks */ = {
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
DCC07E771CFF50C9005C35C8 /* Security.framework in Frameworks */,
18B965AA147312A3005A4D2E /* libsecurity_cdsa_utilities.a in Frameworks */,
18B965A614731276005A4D2E /* libsecurityd_client.a in Frameworks */,
18B965A41473124F005A4D2E /* libsecurity_utilities.a in Frameworks */,
4CC46A3506A4AD9E00027192 /* CoreFoundation.framework in Frameworks */,
);
runOnlyForDeploymentPostprocessing = 0;
};
4CAC2715069DD183002EB81D /* Frameworks */ = {
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXFrameworksBuildPhase section */
/* Begin PBXGroup section */
1865FF871474F5B600FD79DF /* config */ = {
isa = PBXGroup;
children = (
1865FF881474F5B600FD79DF /* debug.xcconfig */,
1865FF891474F5B600FD79DF /* project.xcconfig */,
1865FF8A1474F5B600FD79DF /* release.xcconfig */,
);
path = config;
sourceTree = "<group>";
};
4CA1FEA7052A3C3800F22E42 = {
isa = PBXGroup;
children = (
1865FF871474F5B600FD79DF /* config */,
C2A593CE052E3A8400AF1EE3 /* lib */,
C2F8ED8F07A6E842008FA709 /* intl */,
C2A5941F052E3F2100AF1EE3 /* mig */,
4CAF734405363FE000D9DA7C /* derived_src */,
4CA1FEBF052A3C8100F22E42 /* Products */,
4CC46A3306A4AD6F00027192 /* Frameworks */,
);
sourceTree = "<group>";
};
4CA1FEBF052A3C8100F22E42 /* Products */ = {
isa = PBXGroup;
children = (
4C58E3900540C0DD00B89535 /* SecurityTokend.framework */,
4CAC2718069DD183002EB81D /* libsecurity_tokend_client.a */,
);
name = Products;
sourceTree = "<group>";
};
4CAF734405363FE000D9DA7C /* derived_src */ = {
isa = PBXGroup;
children = (
C20D962306D5A400000AEB0D /* tokend.h */,
4CAC2734069DD309002EB81D /* tokendClient.cpp */,
4CAC2735069DD309002EB81D /* tokendServer.cpp */,
);
path = derived_src;
sourceTree = BUILT_PRODUCTS_DIR;
};
4CC46A3306A4AD6F00027192 /* Frameworks */ = {
isa = PBXGroup;
children = (
DCC07E761CFF50C9005C35C8 /* Security.framework */,
18B965A9147312A3005A4D2E /* libsecurity_cdsa_utilities.a */,
18B965A514731276005A4D2E /* libsecurityd_client.a */,
18B965A31473124F005A4D2E /* libsecurity_utilities.a */,
4CC46A3406A4AD9E00027192 /* CoreFoundation.framework */,
);
name = Frameworks;
sourceTree = "<group>";
};
C28C0F1006D30781004CF059 /* Client */ = {
isa = PBXGroup;
children = (
4CAC26FF069DD074002EB81D /* tdclient.h */,
4CAC26FE069DD074002EB81D /* tdclient.cpp */,
4C720FD706CC44540016CA88 /* tdtransit.h */,
4CAC2700069DD074002EB81D /* tdtransit.cpp */,
);
name = Client;
sourceTree = "<group>";
};
C28C0F1306D3079B004CF059 /* Server */ = {
isa = PBXGroup;
children = (
4CC46A1706A4AC0200027192 /* transition.cpp */,
C28C0F1F06D30837004CF059 /* transit.h */,
C28C0F1E06D30837004CF059 /* transit.cpp */,
);
name = Server;
sourceTree = "<group>";
};
C28C0F1606D307AC004CF059 /* Plugin Driver */ = {
isa = PBXGroup;
children = (
C2871FEE06CC2FC4009ACFA5 /* SecTokend.h */,
4CC46A1506A4AC0200027192 /* SecTokend.cpp */,
C282709D06B73F8D00BE171E /* server.h */,
C282709C06B73F8D00BE171E /* server.cpp */,
C2B6F2370B83E5A000187FD9 /* SecurityTokend.exp */,
);
name = "Plugin Driver";
sourceTree = "<group>";
};
C2A593CE052E3A8400AF1EE3 /* lib */ = {
isa = PBXGroup;
children = (
C28C0F1606D307AC004CF059 /* Plugin Driver */,
C28C0F1006D30781004CF059 /* Client */,
C28C0F1306D3079B004CF059 /* Server */,
);
name = lib;
sourceTree = "<group>";
};
C2A5941F052E3F2100AF1EE3 /* mig */ = {
isa = PBXGroup;
children = (
4CAC2708069DD094002EB81D /* tokend.defs */,
4CAC2702069DD074002EB81D /* tokend_types.h */,
4C24BEF7055724C300C95CD3 /* mig.mk */,
);
path = mig;
sourceTree = "<group>";
};
C2F8ED8F07A6E842008FA709 /* intl */ = {
isa = PBXGroup;
children = (
C2F8ED9207A6E871008FA709 /* InfoPlist.strings */,
);
name = intl;
sourceTree = "<group>";
};
/* End PBXGroup section */
/* Begin PBXHeadersBuildPhase section */
4C58E38A0540C0DD00B89535 /* Headers */ = {
isa = PBXHeadersBuildPhase;
buildActionMask = 2147483647;
files = (
C2871FEF06CC2FC4009ACFA5 /* SecTokend.h in Headers */,
C282709F06B73F8D00BE171E /* server.h in Headers */,
C2871EF606CC20A3009ACFA5 /* tdclient.h in Headers */,
4C720FD806CC44540016CA88 /* tdtransit.h in Headers */,
4CC46A1B06A4AC2C00027192 /* tokend_types.h in Headers */,
C28C0F2106D30837004CF059 /* transit.h in Headers */,
C20D962406D5A400000AEB0D /* tokend.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
};
4CAC2713069DD183002EB81D /* Headers */ = {
isa = PBXHeadersBuildPhase;
buildActionMask = 2147483647;
files = (
18B9659B147300AF005A4D2E /* tdclient.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXHeadersBuildPhase section */
/* Begin PBXLegacyTarget section */
4C09A2920557240300FED7A3 /* generate mig */ = {
isa = PBXLegacyTarget;
buildArgumentsString = "-f mig/mig.mk $(ACTION)";
buildConfigurationList = C27AD1950987FCDB001272E0 /* Build configuration list for PBXLegacyTarget "generate mig" */;
buildPhases = (
);
buildToolPath = /usr/bin/gnumake;
buildWorkingDirectory = "";
dependencies = (
);
name = "generate mig";
passBuildSettingsInEnvironment = 1;
productName = "generate mig";
};
/* End PBXLegacyTarget section */
/* Begin PBXNativeTarget section */
4C58E38F0540C0DD00B89535 /* SecurityTokend */ = {
isa = PBXNativeTarget;
buildConfigurationList = C27AD1A40987FCDB001272E0 /* Build configuration list for PBXNativeTarget "SecurityTokend" */;
buildPhases = (
4C58E38A0540C0DD00B89535 /* Headers */,
C2F8ED8507A6E7F5008FA709 /* Resources */,
4C608E2206A4A82A00F1CEDD /* Sources */,
4C608E2306A4A83400F1CEDD /* Frameworks */,
);
buildRules = (
);
dependencies = (
18B9659F147300DD005A4D2E /* PBXTargetDependency */,
);
name = SecurityTokend;
productInstallPath = "$(LOCAL_LIBRARY_DIR)/Frameworks";
productName = securityd_server;
productReference = 4C58E3900540C0DD00B89535 /* SecurityTokend.framework */;
productType = "com.apple.product-type.framework";
};
4CAC2710069DD183002EB81D /* libsecurity_tokend_client */ = {
isa = PBXNativeTarget;
buildConfigurationList = C27AD19F0987FCDB001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_tokend_client" */;
buildPhases = (
4CAC2713069DD183002EB81D /* Headers */,
4CAC2714069DD183002EB81D /* Sources */,
4CAC2715069DD183002EB81D /* Frameworks */,
1865FFC214750EEE00FD79DF /* ShellScript */,
);
buildRules = (
);
dependencies = (
18B9659D147300D4005A4D2E /* PBXTargetDependency */,
);
name = libsecurity_tokend_client;
productInstallPath = /usr/local/lib;
productName = libsecurityd;
productReference = 4CAC2718069DD183002EB81D /* libsecurity_tokend_client.a */;
productType = "com.apple.product-type.library.static";
};
/* End PBXNativeTarget section */
/* Begin PBXProject section */
4CA1FEAB052A3C3800F22E42 /* Project object */ = {
isa = PBXProject;
attributes = {
};
buildConfigurationList = C27AD1AE0987FCDB001272E0 /* Build configuration list for PBXProject "SecurityTokend" */;
compatibilityVersion = "Xcode 2.4";
developmentRegion = English;
hasScannedForEncodings = 1;
knownRegions = (
en,
);
mainGroup = 4CA1FEA7052A3C3800F22E42;
productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */;
projectDirPath = "";
projectRoot = "";
targets = (
4C58E38F0540C0DD00B89535 /* SecurityTokend */,
4CAC2710069DD183002EB81D /* libsecurity_tokend_client */,
4C09A2920557240300FED7A3 /* generate mig */,
);
};
/* End PBXProject section */
/* Begin PBXResourcesBuildPhase section */
C2F8ED8507A6E7F5008FA709 /* Resources */ = {
isa = PBXResourcesBuildPhase;
buildActionMask = 2147483647;
files = (
C2F8ED9407A6E871008FA709 /* InfoPlist.strings in Resources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXResourcesBuildPhase section */
/* Begin PBXShellScriptBuildPhase section */
1865FFC214750EEE00FD79DF /* ShellScript */ = {
isa = PBXShellScriptBuildPhase;
buildActionMask = 2147483647;
files = (
);
inputPaths = (
);
outputPaths = (
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
shellScript = "nmedit -p \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\"\nranlib \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\"";
};
/* End PBXShellScriptBuildPhase section */
/* Begin PBXSourcesBuildPhase section */
4C608E2206A4A82A00F1CEDD /* Sources */ = {
isa = PBXSourcesBuildPhase;
buildActionMask = 2147483647;
files = (
4CC46A1806A4AC0200027192 /* SecTokend.cpp in Sources */,
C282709E06B73F8D00BE171E /* server.cpp in Sources */,
C28C736906B1DD8600E4B6B4 /* tokendServer.cpp in Sources */,
4CC46A1A06A4AC0200027192 /* transition.cpp in Sources */,
C28C0F2006D30837004CF059 /* transit.cpp in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
4CAC2714069DD183002EB81D /* Sources */ = {
isa = PBXSourcesBuildPhase;
buildActionMask = 2147483647;
files = (
4CAC271F069DD236002EB81D /* tdclient.cpp in Sources */,
4CC46A4306A4AE2000027192 /* tdtransit.cpp in Sources */,
4CAC2737069DD309002EB81D /* tokendClient.cpp in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
/* End PBXSourcesBuildPhase section */
/* Begin PBXTargetDependency section */
18B9659D147300D4005A4D2E /* PBXTargetDependency */ = {
isa = PBXTargetDependency;
target = 4C09A2920557240300FED7A3 /* generate mig */;
targetProxy = 18B9659C147300D4005A4D2E /* PBXContainerItemProxy */;
};
18B9659F147300DD005A4D2E /* PBXTargetDependency */ = {
isa = PBXTargetDependency;
target = 4CAC2710069DD183002EB81D /* libsecurity_tokend_client */;
targetProxy = 18B9659E147300DD005A4D2E /* PBXContainerItemProxy */;
};
/* End PBXTargetDependency section */
/* Begin PBXVariantGroup section */
C2F8ED9207A6E871008FA709 /* InfoPlist.strings */ = {
isa = PBXVariantGroup;
children = (
C2F8ED9307A6E871008FA709 /* English */,
);
name = InfoPlist.strings;
sourceTree = "<group>";
};
/* End PBXVariantGroup section */
/* Begin XCBuildConfiguration section */
C27AD1960987FCDB001272E0 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
};
name = Debug;
};
C27AD1990987FCDB001272E0 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
};
name = Release;
};
C27AD1A00987FCDB001272E0 /* Debug */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = 1865FF881474F5B600FD79DF /* debug.xcconfig */;
buildSettings = {
EXECUTABLE_PREFIX = "";
GCC_SYMBOLS_PRIVATE_EXTERN = NO;
HEADER_SEARCH_PATHS = (
"$(inherited)",
"$(BUILT_PRODUCTS_DIR)/derived_src",
"$(SRCROOT)",
);
PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_tokend_client;
};
name = Debug;
};
C27AD1A30987FCDB001272E0 /* Release */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = 1865FF8A1474F5B600FD79DF /* release.xcconfig */;
buildSettings = {
EXECUTABLE_PREFIX = "";
GCC_SYMBOLS_PRIVATE_EXTERN = NO;
HEADER_SEARCH_PATHS = (
"$(inherited)",
"$(BUILT_PRODUCTS_DIR)/derived_src",
"$(SRCROOT)",
);
PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_tokend_client;
};
name = Release;
};
C27AD1A50987FCDB001272E0 /* Debug */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = 1865FF881474F5B600FD79DF /* debug.xcconfig */;
buildSettings = {
ARCHS = "$(ARCHS_STANDARD_64_BIT)";
DYLIB_COMPATIBILITY_VERSION = 1;
DYLIB_CURRENT_VERSION = "$(CURRENT_PROJECT_VERSION)";
EXPORTED_SYMBOLS_FILE = "$(SRCROOT)/lib/SecurityTokend.exp";
HEADER_SEARCH_PATHS = (
"$(inherited)",
"$(BUILT_PRODUCTS_DIR)/derived_src",
);
INFOPLIST_FILE = "Info-SecurityTokend.plist";
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
VALID_ARCHS = x86_64;
};
name = Debug;
};
C27AD1A80987FCDB001272E0 /* Release */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = 1865FF8A1474F5B600FD79DF /* release.xcconfig */;
buildSettings = {
ARCHS = "$(ARCHS_STANDARD_64_BIT)";
DYLIB_COMPATIBILITY_VERSION = 1;
DYLIB_CURRENT_VERSION = "$(CURRENT_PROJECT_VERSION)";
EXPORTED_SYMBOLS_FILE = "$(SRCROOT)/lib/SecurityTokend.exp";
HEADER_SEARCH_PATHS = (
"$(inherited)",
"$(BUILT_PRODUCTS_DIR)/derived_src",
);
INFOPLIST_FILE = "Info-SecurityTokend.plist";
INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks";
VALID_ARCHS = x86_64;
};
name = Release;
};
C27AD1AF0987FCDB001272E0 /* Debug */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = 1865FF891474F5B600FD79DF /* project.xcconfig */;
buildSettings = {
};
name = Debug;
};
C27AD1B20987FCDB001272E0 /* Release */ = {
isa = XCBuildConfiguration;
baseConfigurationReference = 1865FF891474F5B600FD79DF /* project.xcconfig */;
buildSettings = {
};
name = Release;
};
/* End XCBuildConfiguration section */
/* Begin XCConfigurationList section */
C27AD1950987FCDB001272E0 /* Build configuration list for PBXLegacyTarget "generate mig" */ = {
isa = XCConfigurationList;
buildConfigurations = (
C27AD1960987FCDB001272E0 /* Debug */,
C27AD1990987FCDB001272E0 /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
C27AD19F0987FCDB001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_tokend_client" */ = {
isa = XCConfigurationList;
buildConfigurations = (
C27AD1A00987FCDB001272E0 /* Debug */,
C27AD1A30987FCDB001272E0 /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
C27AD1A40987FCDB001272E0 /* Build configuration list for PBXNativeTarget "SecurityTokend" */ = {
isa = XCConfigurationList;
buildConfigurations = (
C27AD1A50987FCDB001272E0 /* Debug */,
C27AD1A80987FCDB001272E0 /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
C27AD1AE0987FCDB001272E0 /* Build configuration list for PBXProject "SecurityTokend" */ = {
isa = XCConfigurationList;
buildConfigurations = (
C27AD1AF0987FCDB001272E0 /* Debug */,
C27AD1B20987FCDB001272E0 /* Release */,
);
defaultConfigurationIsVisible = 0;
defaultConfigurationName = Release;
};
/* End XCConfigurationList section */
};
rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */;
}

3
config/debug.xcconfig Normal file
View File

@ -0,0 +1,3 @@
GCC_OPTIMIZATION_LEVEL = 0
GCC_PREPROCESSOR_DEFINITIONS = DEBUG=1 $(inherited)
COPY_PHASE_STRIP = NO

25
config/project.xcconfig Normal file
View File

@ -0,0 +1,25 @@
ARCHS = $(ARCHS_STANDARD_32_64_BIT)
CODE_SIGN_IDENTITY = -;
GCC_VERSION = com.apple.compilers.llvm.clang.1_0
DEBUG_INFORMATION_FORMAT = dwarf-with-dsym
SDKROOT =
CURRENT_PROJECT_VERSION = $(RC_ProjectSourceVersion)
VERSIONING_SYSTEM = apple-generic;
DEAD_CODE_STRIPPING = YES;
FRAMEWORK_SEARCH_PATHS = $(SYSTEM_LIBRARY_DIR)/PrivateFrameworks
PRODUCT_NAME = $(TARGET_NAME)
ALWAYS_SEARCH_USER_PATHS = NO
GCC_C_LANGUAGE_STANDARD = gnu99
WARNING_CFLAGS = -Wmost -Wno-four-char-constants -Wno-unknown-pragmas $(inherited)
GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO
GCC_WARN_64_TO_32_BIT_CONVERSION = YES
GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES
GCC_WARN_ABOUT_RETURN_TYPE = YES
GCC_WARN_UNUSED_VARIABLE = YES

3
config/release.xcconfig Normal file
View File

@ -0,0 +1,3 @@
GCC_PREPROCESSOR_DEFINITIONS = NDEBUG=1 $(inherited)
COPY_PHASE_STRIP = YES

127
lib/SecTokend.cpp Normal file
View File

@ -0,0 +1,127 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
#include "SecTokend.h"
#include "server.h"
#include <securityd_client/ssclient.h>
namespace Security {
namespace Tokend {
using namespace MachPlusPlus;
//
// Support callbacks provided for the implementation
//
static const SCARD_READERSTATE *cbStartupReaderInfo()
{
return &server->startupReaderState();
}
static const char *cbTokenUid()
{
return server->tokenUid();
}
static void *cbMalloc(uint32 size)
{
return malloc(size);
}
static void cbFree(void *ptr)
{
return free(ptr);
}
static void *cbMallocSensitive(uint32 size)
{
return malloc(size);
}
static void cbFreeSensitive(void *ptr)
{
return free(ptr);
}
//
// Vector of support functions passed to implementation
//
static SecTokendSupport supportVector = {
cbStartupReaderInfo,
cbTokenUid,
cbMalloc, cbFree,
cbMallocSensitive, cbFreeSensitive
};
extern "C" {
//
// The main driver function.
// This is called from the daemon's main() and takes over from there.
//
int SecTokendMain(int argc, const char * argv[],
const SecTokendCallbacks *callbacks, SecTokendSupport *support)
{
// first, check interface version and abort if we don't support it
if (!callbacks) {
secdebug("tokenlib", "NULL callback structure");
exit(1);
}
if (callbacks->version != kSecTokendCallbackVersion) {
secdebug("tokenlib", "callback structure is version %d (supporting %d)",
callbacks->version, kSecTokendCallbackVersion);
exit(1);
}
secdebug("tokenlib", "API interface version %d", callbacks->version);
server = new Server();
if (!server)
{
secdebug("tokenlib", "can't create server object");
exit(1);
}
// set globals (we know by now that the version is okay)
server->callbacks() = *callbacks;
if (support)
*support = supportVector;
try {
return (*server)(argc, argv, callbacks->flags);
} catch (...) {
secdebug("tokenlib", "server aborted with exception");
return 1;
}
}
} // extern "C"
} // namespace Tokend
} // namespace Security

230
lib/SecTokend.h Normal file
View File

@ -0,0 +1,230 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*!
@header SecTokend.h
@copyright 2004 Apple Computer, Inc. All Rights Reserved.
@abstract SPIs for creating a tokend.
*/
#ifndef _SECURITYTOKEND_SECTOKEND_H_
#define _SECURITYTOKEND_SECTOKEND_H_ 1
#include <stdint.h>
#include <Security/cssm.h>
#include <PCSC/winscard.h>
#include <sys/param.h>
#ifdef __cplusplus
extern "C" {
#endif
//
// Constants and fixed values
//
enum {
kSecTokendCallbackVersion = 11 // interface version for callback structure
};
enum {
TOKEND_MAX_UID = 128 // max. length of token identifier string
};
// flags to establish()
typedef uint32 SecTokendCallbackFlags;
typedef uint32 SecTokendProbeFlags;
typedef uint32 SecTokendEstablishFlags;
enum {
// flags in the callback structure passed to SecTokendMain()
kSecTokendCallbacksDefault = 0, // default flags in callbacks struct
// flags to probe()
kSecTokendProbeDefault = 0, // default flags to probe() call
kSecTokendProbeKeepToken = 0x0001, // may keep token connected when returning
// flags to establish()
kSecTokendEstablishNewCache = 0x0001, // the on-disk cache is new (and empty)
kSecTokendEstablishMakeMDS = 0x0002, // (must) write MDS files to cache
// test/debug flags (not for normal operation)
kSecTokendCallbacksTestNoServer = 0x0001, // don't start server; return after setup
};
/*
* Common arguments for data retrieval
*/
typedef struct {
CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes; // add attribute values here
CSSM_DATA *data; // store item data there unless NULL
CSSM_HANDLE record; // store record-id here
CSSM_HANDLE keyhandle; // key handle if key, 0 otherwise
} TOKEND_RETURN_DATA;
/*!
@typedef
@abstract Functions a particular tokend instance needs to implement
*/
typedef struct
{
uint32_t version;
SecTokendCallbackFlags flags;
CSSM_RETURN (*initial)();
CSSM_RETURN (*probe)(SecTokendProbeFlags flags, uint32 *score, char tokenUid[TOKEND_MAX_UID]);
CSSM_RETURN (*establish)(const CSSM_GUID *guid, uint32 subserviceId,
SecTokendEstablishFlags flags, const char *cacheDirectory, const char *workDirectory,
char mdsDirectory[PATH_MAX], char printName[PATH_MAX]);
CSSM_RETURN (*terminate)(uint32 reason, uint32 options);
CSSM_RETURN (*findFirst)(const CSSM_QUERY *query, TOKEND_RETURN_DATA *data,
CSSM_HANDLE *hSearch);
CSSM_RETURN (*findNext)(CSSM_HANDLE hSearch, TOKEND_RETURN_DATA *data);
CSSM_RETURN (*findRecordHandle)(CSSM_HANDLE hRecord, TOKEND_RETURN_DATA *data);
CSSM_RETURN (*insertRecord)(CSSM_DB_RECORDTYPE recordType,
const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, const CSSM_DATA *data,
CSSM_HANDLE *hRecord);
CSSM_RETURN (*modifyRecord)(CSSM_DB_RECORDTYPE recordType, CSSM_HANDLE *hRecord,
const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, const CSSM_DATA *data,
CSSM_DB_MODIFY_MODE modifyMode);
CSSM_RETURN (*deleteRecord)(CSSM_HANDLE hRecord);
CSSM_RETURN (*releaseSearch)(CSSM_HANDLE hSearch);
CSSM_RETURN (*releaseRecord)(CSSM_HANDLE hRecord);
CSSM_RETURN (*freeRetrievedData)(TOKEND_RETURN_DATA *data);
CSSM_RETURN (*releaseKey)(CSSM_HANDLE hKey);
CSSM_RETURN (*getKeySize)(CSSM_HANDLE hKey, CSSM_KEY_SIZE *size);
CSSM_RETURN (*getOutputSize)(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
uint32 inputSize, CSSM_BOOL encrypting, uint32 *outputSize);
CSSM_RETURN (*generateSignature)(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
CSSM_ALGORITHMS signOnly, const CSSM_DATA *input, CSSM_DATA *signature);
CSSM_RETURN (*verifySignature)(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
CSSM_ALGORITHMS signOnly, const CSSM_DATA *input, const CSSM_DATA *signature);
CSSM_RETURN (*generateMac)(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
const CSSM_DATA *input, CSSM_DATA *mac);
CSSM_RETURN (*verifyMac)(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
const CSSM_DATA *input, const CSSM_DATA *mac);
CSSM_RETURN (*encrypt)(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
const CSSM_DATA *clear, CSSM_DATA *cipher);
CSSM_RETURN (*decrypt)(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
const CSSM_DATA *cipher, CSSM_DATA *clear);
CSSM_RETURN (*generateKey)(const CSSM_CONTEXT *context,
const CSSM_ACCESS_CREDENTIALS *creds, const CSSM_ACL_ENTRY_PROTOTYPE *owner,
CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attrs,
CSSM_HANDLE *hKey, CSSM_KEY *header);
CSSM_RETURN (*generateKeyPair)(const CSSM_CONTEXT *context,
const CSSM_ACCESS_CREDENTIALS *creds, const CSSM_ACL_ENTRY_PROTOTYPE *owner,
CSSM_KEYUSE pubUsage, CSSM_KEYATTR_FLAGS pubAttrs,
CSSM_KEYUSE privUsage, CSSM_KEYATTR_FLAGS privAttrs,
CSSM_HANDLE *hPubKey, CSSM_KEY *pubHeader,
CSSM_HANDLE *hPrivKey, CSSM_KEY *privHeader);
CSSM_RETURN (*wrapKey)(const CSSM_CONTEXT *context,
CSSM_HANDLE hWrappingKey, const CSSM_KEY *wrappingKey, const CSSM_ACCESS_CREDENTIALS *cred,
CSSM_HANDLE hKeyToBeWrapped, const CSSM_KEY *keyToBeWrapped, const CSSM_DATA *descriptiveData,
CSSM_KEY *wrappedKey);
CSSM_RETURN (*unwrapKey)(const CSSM_CONTEXT *context,
CSSM_HANDLE hWrappingKey, const CSSM_KEY *wrappingKey, const CSSM_ACCESS_CREDENTIALS *cred,
const CSSM_ACL_ENTRY_PROTOTYPE *access,
CSSM_HANDLE hPublicKey, const CSSM_KEY *publicKey, const CSSM_KEY *wrappedKey,
CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attributes,
CSSM_DATA *descriptiveData,
CSSM_HANDLE *hUnwrappedKey, CSSM_KEY *unwrappedKey);
CSSM_RETURN (*deriveKey)(const CSSM_CONTEXT *context,
CSSM_HANDLE hSourceKey, const CSSM_KEY *sourceKey, const CSSM_ACCESS_CREDENTIALS *cred,
const CSSM_ACL_ENTRY_PROTOTYPE *access, CSSM_DATA *parameters,
CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attributes,
CSSM_HANDLE *hKey, CSSM_KEY *key);
CSSM_RETURN (*getDatabaseOwner)(CSSM_ACL_OWNER_PROTOTYPE *owner);
CSSM_RETURN (*getDatabaseAcl)(const char *tag, uint32 *count, CSSM_ACL_ENTRY_INFO **entries);
CSSM_RETURN (*getObjectOwner)(CSSM_HANDLE hRecord, CSSM_ACL_OWNER_PROTOTYPE *owner);
CSSM_RETURN (*getObjectAcl)(CSSM_HANDLE hRecord, const char *tag,
uint32 *count, CSSM_ACL_ENTRY_INFO **entries);
CSSM_RETURN (*getKeyOwner)(CSSM_HANDLE hKey, CSSM_ACL_OWNER_PROTOTYPE *owner);
CSSM_RETURN (*getKeyAcl)(CSSM_HANDLE hKey,
const char *tag, uint32 *count, CSSM_ACL_ENTRY_INFO **entries);
CSSM_RETURN (*freeOwnerData)(CSSM_ACL_OWNER_PROTOTYPE *owner);
CSSM_RETURN (*freeAclData)(uint32 count, CSSM_ACL_ENTRY_INFO *entries);
CSSM_RETURN (*authenticateDatabase)(CSSM_DB_ACCESS_TYPE mode,
const CSSM_ACCESS_CREDENTIALS *cred);
CSSM_RETURN (*changeDatabaseOwner)(const CSSM_ACL_OWNER_PROTOTYPE *owner);
CSSM_RETURN (*changeDatabaseAcl)(const CSSM_ACCESS_CREDENTIALS *cred, const CSSM_ACL_EDIT *edit);
CSSM_RETURN (*changeObjectOwner)(CSSM_HANDLE hRecord, const CSSM_ACL_OWNER_PROTOTYPE *owner);
CSSM_RETURN (*changeObjectAcl)(CSSM_HANDLE hRecord, const CSSM_ACCESS_CREDENTIALS *cred, const CSSM_ACL_EDIT *edit);
CSSM_RETURN (*changeKeyOwner)(CSSM_HANDLE key, const CSSM_ACL_OWNER_PROTOTYPE *owner);
CSSM_RETURN (*changeKeyAcl)(CSSM_HANDLE key, const CSSM_ACCESS_CREDENTIALS *cred, const CSSM_ACL_EDIT *edit);
CSSM_RETURN (*generateRandom)(const CSSM_CONTEXT *context, CSSM_DATA *result);
CSSM_RETURN (*getStatistics)(CSSM_CSP_OPERATIONAL_STATISTICS *result);
CSSM_RETURN (*getTime)(CSSM_ALGORITHMS algorithm, CSSM_DATA *result);
CSSM_RETURN (*getCounter)(CSSM_DATA *result);
CSSM_RETURN (*selfVerify)();
CSSM_RETURN (*cspPassThrough)(uint32 id, const CSSM_CONTEXT *context,
CSSM_HANDLE hKey, const CSSM_KEY *key, const CSSM_DATA *input, CSSM_DATA *output);
CSSM_RETURN (*dlPassThrough)(uint32 id, const CSSM_DATA *input, CSSM_DATA *output);
CSSM_RETURN (*isLocked)(uint32 *locked);
} SecTokendCallbacks;
/*
*
*/
typedef struct {
const SCARD_READERSTATE *(*startupReaderInfo)(); // get reader information
const char *(*tokenUid)(); // uid string in use for this token
void *(*malloc)(uint32 size); // ordinary memory to interface
void (*free)(void *data); // free malloc'ed data
void *(*mallocSensitive)(uint32 size); // sensitive memory to interface
void (*freeSensitive)(void *data); // free mallocSensitive'ed data
} SecTokendSupport;
/*!
@function
@abstract call this from main in your program
@param argc The argc passed to main().
@param argv The argv passed to main().
@param callbacks Pointer to a SecTokendCallbacks struct containing pointers to all the functions this tokend instance implements.
@description The main of your program should look like:
int main(argc, argv) { ...Create context... return SecTokendMain(argc, argv, &callbacks, &supportCalls); }
*/
int SecTokendMain(int argc, const char * argv[], const SecTokendCallbacks *callbacks, SecTokendSupport *support);
#ifdef __cplusplus
}
#endif
#endif /* _SECURITYTOKEND_SECTOKEND_H_ */

23
lib/SecurityTokend.exp Normal file
View File

@ -0,0 +1,23 @@
#
# Copyright (c) 2007 Apple Computer, Inc. All Rights Reserved.
#
# @APPLE_LICENSE_HEADER_START@
#
# This file contains Original Code and/or Modifications of Original Code
# as defined in and that are subject to the Apple Public Source License
# Version 2.0 (the 'License'). You may not use this file except in
# compliance with the License. Please obtain a copy of the License at
# http://www.opensource.apple.com/apsl/ and read it before using this
# file.
#
# The Original Code and all software distributed under the License are
# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
# Please see the License for the specific language governing rights and
# limitations under the License.
#
# @APPLE_LICENSE_HEADER_END@
#
_SecTokendMain

122
lib/server.cpp Normal file
View File

@ -0,0 +1,122 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
//
// server - master server loop for tokend
//
#include "server.h"
#include "tdclient.h"
#include <securityd_client/ssclient.h>
#include <security_cdsa_client/mdsclient.h>
using namespace MachPlusPlus;
//
// The MIG-generated server dispatch function
//
extern boolean_t tokend_server(mach_msg_header_t *in, mach_msg_header_t *out);
namespace Security {
namespace Tokend {
//
// The server singleton
//
Server *server = NULL;
//
// Drive the server
//
int Server::operator () (int argc, const char *argv[], SecTokendCallbackFlags flags)
{
// process command-line arguments as sent by securityd
if (argc != 4) {
secdebug("tokenlib", "invalid argument count (%d)", argc);
Syslog::notice("token daemon invoked with invalid arguments");
return 2;
}
// argv[1] == version of wire protocol
const char *versionString = argv[1];
if (atol(versionString) != TDPROTOVERSION) {
// This would be a mismatch between securityd and the SecurityTokend.framework
// It's NOT a "binary compatibility" mismatch; that got checked for by our caller.
secdebug("tokenlib", "incoming protocol %s expected %d - aborting",
versionString, TDPROTOVERSION);
return 2;
}
// argv[2] == reader name
mReaderName = argv[2];
secdebug("tokenlib", "reader '%s' wire protocol %s", mReaderName, versionString);
// argv[3] == hex coding of reader state, with name() undefined
CssmData::wrap(mStartupReaderState).fromHex(argv[3]);
mStartupReaderState.name(readerName()); // fix name pointer (shipped separately)
#if !defined(NDEBUG)
// stop right here; do not run the server. We're being run from the command line
if (flags & kSecTokendCallbacksTestNoServer)
return 0;
#endif
// handshake with securityd
secdebug("tokenlib", "checking in with securityd");
SecurityServer::ClientSession client(Allocator::standard(), Allocator::standard());
client.childCheckIn(primaryServicePort(), TaskPort());
// start dispatch; from here on securityd is driving us
secdebug("tokenlib", "starting server loop");
run();
// we don't usually return from run(), but just in case
termination(0, 0);
}
//
// Handle the terminate message
//
void Server::termination(uint32 reason, uint32 options)
{
secdebug("tokenlib", "terminate(%d,0x%x) received", reason, options);
if (terminate)
terminate(reason, options); // ignore return code
exit(0);
}
//
// MIG handler hook
//
boolean_t Server::handle(mach_msg_header_t *in, mach_msg_header_t *out)
{
return tokend_server(in, out);
}
} // namespace Tokend
} // namespace Security

76
lib/server.h Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
#ifndef _H_TOKEND_SERVER
#define _H_TOKEND_SERVER
//
// server - master server loop for tokend
//
#include "SecTokend.h"
#include <security_utilities/logging.h>
#include <security_utilities/pcsc++.h>
#include <security_utilities/machserver.h>
#include <security_utilities/alloc.h>
namespace Security {
namespace Tokend {
//
// The server class that drives this tokend
//
class Server : public MachPlusPlus::MachServer, public SecTokendCallbacks {
public:
int operator() (int argc, const char *argv[], SecTokendCallbackFlags flags);
const char *readerName() const { return mReaderName; }
const PCSC::ReaderState &startupReaderState() const { return mStartupReaderState; }
const char *tokenUid() const { return mTokenUid.c_str(); }
void tokenUid(const char *uid) { mTokenUid = uid; }
SecTokendCallbacks &callbacks() { return static_cast<SecTokendCallbacks &>(*this); }
void termination(uint32 reason, uint32 options) __attribute__((noreturn));
protected:
boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
private:
const char *mReaderName;
PCSC::ReaderState mStartupReaderState;
std::string mTokenUid;
};
//
// The server singleton
//
extern Server *server;
} // namespace Tokend
} // namespace Security
#endif //_H_TOKEND_SERVER

77
lib/tdclient.cpp Normal file
View File

@ -0,0 +1,77 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
//
// tdclient - Security tokend client interface library
//
#include "tdtransit.h"
#include <security_utilities/debugging.h>
using MachPlusPlus::check;
using MachPlusPlus::Bootstrap;
namespace Security {
namespace Tokend {
//
// Construct a client session
//
ClientSession::ClientSession(Allocator &std, Allocator &rtn)
: ClientCommon(std, rtn)
{
}
//
// Destroy a session
//
ClientSession::~ClientSession()
{ }
//
// The default fault() notifier does nothing
//
void ClientSession::fault()
{
}
//
// Administrativa
//
void ClientSession::servicePort(Port p)
{
// record service port
assert(!mServicePort); // no overwrite
mServicePort = p;
// come back if the service port dies (usually a tokend crash)
mServicePort.requestNotify(mReplyPort);
}
} // end namespace Tokend
} // end namespace Security

196
lib/tdclient.h Normal file
View File

@ -0,0 +1,196 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
//
// tdclient - Security tokend client interface library
//
// This interface is private to the Security system. It is not a public interface,
// and it may change at any time. You have been warned.
//
#ifndef _H_TDCLIENT
#define _H_TDCLIENT
#include <securityd_client/sscommon.h>
#include <SecurityTokend/SecTokend.h>
#include <security_cdsa_utilities/cssmkey.h>
#include <security_utilities/unix++.h>
#define __MigTypeCheck 1
namespace Security {
namespace Tokend {
using namespace SecurityServer;
//
// Securityd/tokend protocol version.
// Tokend must support this or abort immediately (i.e. don't even try to
// bring up the server loop if you don't).
//
#define TDPROTOVERSION 5
//
// A client connection (session)
//
class ClientSession : public ClientCommon {
public:
ClientSession(Allocator &standard, Allocator &returning);
virtual ~ClientSession();
Port servicePort() const { return mServicePort; }
public:
// tokend setup/teardown interface
typedef uint32 Score;
void probe(Score &score, std::string &tokenUid);
void establish(Guid &guid, uint32 subserviceID,
uint32 flags, const char *cacheDirectory, const char *workDirectory,
char mdsDirectory[PATH_MAX], char printName[PATH_MAX]);
void terminate(uint32 reason, uint32 options);
// search/retrieve interface
RecordHandle findFirst(const CssmQuery &query,
CssmDbRecordAttributeData *inAttributes, size_t inAttributesLength,
SearchHandle &hSearch, CssmData *outData, KeyHandle &hKey,
CssmDbRecordAttributeData *&outAttributes, mach_msg_type_number_t &outAttributesLength);
RecordHandle findNext(SearchHandle hSearch,
CssmDbRecordAttributeData *inAttributes, size_t inAttributesLength,
CssmData *outData, KeyHandle &hKey,
CssmDbRecordAttributeData *&outAttributes, mach_msg_type_number_t &outAttributesLength);
void findRecordHandle(RecordHandle record,
CssmDbRecordAttributeData *inAttributes, size_t inAttributesLength,
CssmData *inOutData, KeyHandle &hKey,
CssmDbRecordAttributeData *&outAttributes, mach_msg_type_number_t &outAttributesLength);
void insertRecord(CSSM_DB_RECORDTYPE recordType,
const CssmDbRecordAttributeData *attributes, size_t attributesLength,
const CssmData &data, RecordHandle &hRecord);
void modifyRecord(CSSM_DB_RECORDTYPE recordType, RecordHandle &hRecord,
const CssmDbRecordAttributeData *attributes, size_t attributesLength,
const CssmData *data, CSSM_DB_MODIFY_MODE modifyMode);
void deleteRecord(RecordHandle hRecord);
void releaseSearch(SearchHandle hSeearch);
void releaseRecord(RecordHandle hRecord);
public:
// key objects
void releaseKey(KeyHandle key);
void queryKeySizeInBits(KeyHandle key, CssmKeySize &result);
void getOutputSize(const Security::Context &context, KeyHandle key,
uint32 inputSize, bool encrypt, uint32 &result);
// encrypt/decrypt
void encrypt(const Security::Context &context, KeyHandle key,
const CssmData &in, CssmData &out);
void decrypt(const Security::Context &context, KeyHandle key,
const CssmData &in, CssmData &out);
// signatures
void generateSignature(const Security::Context &context, KeyHandle key,
const CssmData &data, CssmData &signature,
CSSM_ALGORITHMS signOnlyAlgorithm = CSSM_ALGID_NONE);
void verifySignature(const Security::Context &context, KeyHandle key,
const CssmData &data, const CssmData &signature,
CSSM_ALGORITHMS verifyOnlyAlgorithm = CSSM_ALGID_NONE);
// MACs
void generateMac(const Security::Context &context, KeyHandle key,
const CssmData &data, CssmData &mac);
void verifyMac(const Security::Context &context, KeyHandle key,
const CssmData &data, const CssmData &mac);
public:
// key generation and derivation
void generateKey(const Security::Context &context,
const AccessCredentials *cred, const AclEntryPrototype *owner,
uint32 keyUsage, uint32 keyAttr,
KeyHandle &hKey, CssmKey *&key);
void generateKey(const Security::Context &context,
const AccessCredentials *cred, const AclEntryPrototype *owner,
CSSM_KEYUSE pubKeyUsage, CSSM_KEYATTR_FLAGS pubKeyAttr,
CSSM_KEYUSE privKeyUsage, CSSM_KEYATTR_FLAGS privKeyAttr,
KeyHandle &hPublic, CssmKey *&publicKey,
KeyHandle &hPrivate, CssmKey *&privateKey);
//void generateAlgorithmParameters(); // not implemented
public:
// key wrapping and unwrapping
void wrapKey(const Security::Context &context, const AccessCredentials *cred,
KeyHandle hWrappingKey, const CssmKey *wrappingKey,
KeyHandle hSubjectKey, const CssmKey *subjectKey,
const CssmData &descriptiveData, CssmWrappedKey *&wrappedKey);
void unwrapKey(const Security::Context &context,
const AccessCredentials *cred, const AclEntryPrototype *owner,
KeyHandle hSourceKey, const CssmKey *sourceKey,
KeyHandle hPublicKey, const CssmKey *publicKey,
const CssmWrappedKey &wrappedKey, uint32 keyUsage, uint32 keyAttr,
CssmData &data, KeyHandle &hUnwrappedKey, CssmKey *&unwrappedKey);
// key derivation
void deriveKey(DbHandle db, const Security::Context &context,
KeyHandle hBaseKey, const CssmKey *baseKey,
uint32 keyUsage, uint32 keyAttr, CssmData &param,
const AccessCredentials *cred, const AclEntryPrototype *owner,
KeyHandle &hDerivedKey, CssmKey *&derivedKey);
void generateRandom(CssmData &data);
public:
// access control
void authenticate(CSSM_DB_ACCESS_TYPE mode, const AccessCredentials *cred);
void getAcl(AclKind kind, GenericHandle key, const char *tag,
uint32 &count, AclEntryInfo * &info);
void changeAcl(AclKind kind, GenericHandle key,
const AccessCredentials &cred, const AclEdit &edit);
void getOwner(AclKind kind, GenericHandle key, AclOwnerPrototype *&owner);
void changeOwner(AclKind kind, GenericHandle key, const AccessCredentials &cred,
const AclOwnerPrototype &edit);
bool isLocked();
public:
virtual void fault(); // called if tokend connection fails
protected:
void servicePort(Port p);
private:
void check(kern_return_t rc);
private:
Port mServicePort; // tokend's service port
ReceivePort mReplyPort; // the reply port we use
};
} // end namespace Tokend
} // end namespace Security
#endif //_H_TDCLIENT

535
lib/tdtransit.cpp Normal file
View File

@ -0,0 +1,535 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
//
// tdtransit - security tokend client library transition code.
//
#include "tdtransit.h"
#include "tokend.h"
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
namespace Security {
namespace Tokend {
static void copyDataFromIPC(void *dataPtr, mach_msg_type_number_t dataLength, CssmData *outData);
using MachPlusPlus::VMGuard;
void ClientSession::check(kern_return_t rc)
{
switch (rc) {
case KERN_SUCCESS:
return;
case MIG_SERVER_DIED:
fault();
CssmError::throwMe(CSSM_ERRCODE_DEVICE_FAILED);
default:
MachPlusPlus::check(rc);
}
}
//
// DataOutput helper.
// This happens "at the end" of a glue method, via the DataOutput destructor.
//
DataOutput::~DataOutput()
{
// @@@ Why are we setting up a VMGuard if mData is NULL?
VMGuard _(mData, mLength);
if (mData) { // was assigned to; IPC returned OK
if (argument) { // buffer was provided
if (argument.length() < mLength)
CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
argument.length(mLength);
} else { // allocate buffer
argument = CssmData(allocator.malloc(mLength), mLength);
}
memcpy(argument.data(), mData, mLength);
}
}
//
// Create a packaged-up Context for IPC transmission.
// In addition to collecting the context into a contiguous blob for transmission,
// we also evaluate CssmCryptoData callbacks at this time.
//
SendContext::SendContext(const Security::Context &ctx) : context(ctx)
{
CssmCryptoData cryptoDataValue; // holding area for CssmCryptoData element
IFDEBUG(uint32 cryptoDataUsed = 0);
Context::Builder builder(Allocator::standard());
for (unsigned n = 0; n < ctx.attributesInUse(); n++) {
switch (ctx[n].baseType()) {
case CSSM_ATTRIBUTE_DATA_CRYPTO_DATA: {
CssmCryptoData &data = ctx[n]; // extract CssmCryptoData value
cryptoDataValue = data(); // evaluate callback (if any)
builder.setup(&cryptoDataValue); // use evaluted value
IFDEBUG(cryptoDataUsed++);
break;
}
default:
builder.setup(ctx[n]);
break;
}
}
attributeSize = builder.make();
for (unsigned n = 0; n < ctx.attributesInUse(); n++) {
const Context::Attr &attr = ctx[n];
switch (attr.baseType()) {
case CSSM_ATTRIBUTE_DATA_CRYPTO_DATA:
builder.put(attr.type(), &cryptoDataValue);
break;
default:
builder.put(attr);
break;
}
}
uint32 count; // not needed
builder.done(attributes, count);
assert(cryptoDataUsed <= 1); // no more than one slot converted
}
//
// Setup and basic control
//
void ClientSession::probe(Score &score, std::string &tokenUid)
{
char uid[PATH_MAX];
IPC(tokend_client_probe(TOKEND_ARGS, &score, uid));
tokenUid = uid;
}
void ClientSession::establish(Guid &guid, uint32 ssid,
uint32 flags, const char *cacheDirectory, const char *workDirectory,
char mdsDirectory[PATH_MAX], char printName[PATH_MAX])
{
IPC(tokend_client_establish(TOKEND_ARGS, guid, ssid,
flags, cacheDirectory, workDirectory, mdsDirectory, printName));
}
//
// The soft kiss-of-death. This is a one-way RPC; no reply is sent or received;
// the call returns immediately.
//
void ClientSession::terminate(uint32 reason, uint32 options)
{
IPC((rcode = CSSM_OK, tokend_client_terminate(mServicePort, reason, options)));
}
//
// Data search/retrieval interface
//
RecordHandle ClientSession::findFirst(const CssmQuery &query,
CssmDbRecordAttributeData *inAttributes, size_t inAttributesLength,
SearchHandle &hSearch, CssmData *outData, KeyHandle &hKey,
CssmDbRecordAttributeData *&outAttributes, mach_msg_type_number_t &outAttributesLength)
{
Copier<CssmQuery> theQuery(&query, internalAllocator);
void *dataPtr; mach_msg_type_number_t dataLength;
RecordHandle hRecord;
CssmDbRecordAttributeData *outAttributesBase;
CssmDbRecordAttributeData *tmpOutAttributes = NULL;
IPC(tokend_client_findFirst(TOKEND_ARGS, COPY(theQuery), COPYFLAT(inAttributes),
outData != NULL, &dataPtr, &dataLength, &hKey,
&tmpOutAttributes, &outAttributesLength, &outAttributesBase,
&hSearch, &hRecord));
// DataOutput out_data(data, returnAllocator);
if (outAttributesLength)
{
outAttributes = static_cast<CssmDbRecordAttributeData *>(malloc(outAttributesLength));
memcpy(outAttributes, tmpOutAttributes, outAttributesLength);
relocate(outAttributes, outAttributesBase);
}
else
outAttributes = NULL;
copyDataFromIPC(dataPtr, dataLength, outData);
if (tmpOutAttributes)
mig_deallocate(reinterpret_cast<vm_address_t>(tmpOutAttributes), outAttributesLength);
return hRecord;
}
RecordHandle ClientSession::findNext(SearchHandle hSearch,
CssmDbRecordAttributeData *inAttributes, size_t inAttributesLength,
CssmData *outData, KeyHandle &hKey,
CssmDbRecordAttributeData *&outAttributes, mach_msg_type_number_t &outAttributesLength)
{
void *dataPtr; mach_msg_type_number_t dataLength;
RecordHandle hRecord;
CssmDbRecordAttributeData *outAttributesBase;
CssmDbRecordAttributeData *tmpOutAttributes = NULL;
IPC(tokend_client_findNext(TOKEND_ARGS, hSearch, COPYFLAT(inAttributes),
outData != NULL, &dataPtr, &dataLength, &hKey,
&tmpOutAttributes, &outAttributesLength, &outAttributesBase,
&hRecord));
if (outAttributesLength)
{
outAttributes = static_cast<CssmDbRecordAttributeData *>(malloc(outAttributesLength));
memcpy(outAttributes, tmpOutAttributes, outAttributesLength);
relocate(outAttributes, outAttributesBase);
}
else
outAttributes = NULL;
copyDataFromIPC(dataPtr, dataLength, outData);
if (tmpOutAttributes)
mig_deallocate(reinterpret_cast<vm_address_t>(tmpOutAttributes), outAttributesLength);
return hRecord;
}
void ClientSession::findRecordHandle(RecordHandle hRecord,
CssmDbRecordAttributeData *inAttributes, size_t inAttributesLength,
CssmData *outData, KeyHandle &hKey,
CssmDbRecordAttributeData *&outAttributes, mach_msg_type_number_t &outAttributesLength)
{
void *dataPtr; mach_msg_type_number_t dataLength;
CssmDbRecordAttributeData *outAttributesBase;
CssmDbRecordAttributeData *tmpOutAttributes = NULL;
IPC(tokend_client_findRecordHandle(TOKEND_ARGS, hRecord, COPYFLAT(inAttributes),
outData != NULL, &dataPtr, &dataLength, &hKey,
&tmpOutAttributes, &outAttributesLength, &outAttributesBase));
if (outAttributesLength)
{
outAttributes = static_cast<CssmDbRecordAttributeData *>(malloc(outAttributesLength));
memcpy(outAttributes, tmpOutAttributes, outAttributesLength);
relocate(outAttributes, outAttributesBase);
}
else
outAttributes = NULL;
if (tmpOutAttributes)
mig_deallocate(reinterpret_cast<vm_address_t>(tmpOutAttributes), outAttributesLength);
copyDataFromIPC(dataPtr, dataLength, outData);
}
void ClientSession::insertRecord(CSSM_DB_RECORDTYPE recordType,
const CssmDbRecordAttributeData *inAttributes, size_t attributesLength,
const CssmData &data, RecordHandle &hRecord)
{
CssmDbRecordAttributeData *attributes = const_cast<CssmDbRecordAttributeData*>(inAttributes);
IPC(tokend_client_insertRecord(TOKEND_ARGS, recordType, COPYFLAT(attributes),
DATA(data), &hRecord));
}
void ClientSession::modifyRecord(CSSM_DB_RECORDTYPE recordType, RecordHandle &hRecord,
const CssmDbRecordAttributeData *inAttributes, size_t attributesLength,
const CssmData *data, CSSM_DB_MODIFY_MODE modifyMode)
{
CssmDbRecordAttributeData *attributes = const_cast<CssmDbRecordAttributeData*>(inAttributes);
IPC(tokend_client_modifyRecord(TOKEND_ARGS, recordType, &hRecord, COPYFLAT(attributes),
data != NULL, OPTIONALDATA(data), modifyMode));
}
void ClientSession::deleteRecord(RecordHandle hRecord)
{
IPC(tokend_client_deleteRecord(TOKEND_ARGS, hRecord));
}
void ClientSession::releaseSearch(SearchHandle hSearch)
{
IPC(tokend_client_releaseSearch(TOKEND_ARGS, hSearch));
}
void ClientSession::releaseRecord(RecordHandle hRecord)
{
IPC(tokend_client_releaseRecord(TOKEND_ARGS, hRecord));
}
//
// Key management and inquiry
//
void ClientSession::releaseKey(KeyHandle hKey)
{
IPC(tokend_client_releaseKey(TOKEND_ARGS, hKey));
}
void ClientSession::queryKeySizeInBits(KeyHandle hKey, CssmKeySize &result)
{
IPC(tokend_client_queryKeySizeInBits(TOKEND_ARGS, hKey, &result));
}
void ClientSession::getOutputSize(const Context &context, KeyHandle hKey,
uint32 inputSize, bool encrypt, uint32 &result)
{
SendContext ctx(context);
IPC(tokend_client_getOutputSize(TOKEND_ARGS, CONTEXT(ctx), hKey, inputSize, encrypt, &result));
}
//
// Signatures and MACs
//
void ClientSession::generateSignature(const Context &context, KeyHandle hKey,
const CssmData &data, CssmData &signature, CSSM_ALGORITHMS signOnlyAlgorithm)
{
SendContext ctx(context);
DataOutput sig(signature, returnAllocator);
IPC(tokend_client_generateSignature(TOKEND_ARGS, CONTEXT(ctx), hKey, signOnlyAlgorithm,
DATA(data), DATA(sig)));
}
void ClientSession::verifySignature(const Context &context, KeyHandle hKey,
const CssmData &data, const CssmData &signature, CSSM_ALGORITHMS verifyOnlyAlgorithm)
{
SendContext ctx(context);
IPC(tokend_client_verifySignature(TOKEND_ARGS, CONTEXT(ctx), hKey, verifyOnlyAlgorithm,
DATA(data), DATA(signature)));
}
void ClientSession::generateMac(const Context &context, KeyHandle hKey,
const CssmData &data, CssmData &signature)
{
SendContext ctx(context);
DataOutput sig(signature, returnAllocator);
IPC(tokend_client_generateMac(TOKEND_ARGS, CONTEXT(ctx), hKey,
DATA(data), DATA(sig)));
}
void ClientSession::verifyMac(const Context &context, KeyHandle hKey,
const CssmData &data, const CssmData &signature)
{
SendContext ctx(context);
IPC(tokend_client_verifyMac(TOKEND_ARGS, CONTEXT(ctx), hKey,
DATA(data), DATA(signature)));
}
//
// Encryption/Decryption
//
void ClientSession::encrypt(const Context &context, KeyHandle hKey,
const CssmData &clear, CssmData &cipher)
{
SendContext ctx(context);
DataOutput cipherOut(cipher, returnAllocator);
IPC(tokend_client_encrypt(TOKEND_ARGS, CONTEXT(ctx), hKey, DATA(clear), DATA(cipherOut)));
}
void ClientSession::decrypt(const Context &context, KeyHandle hKey,
const CssmData &cipher, CssmData &clear)
{
SendContext ctx(context);
DataOutput clearOut(clear, returnAllocator);
IPC(tokend_client_decrypt(TOKEND_ARGS, CONTEXT(ctx), hKey, DATA(cipher), DATA(clearOut)));
}
//
// Key generation
//
void ClientSession::generateKey(const Security::Context &context,
const AccessCredentials *cred, const AclEntryPrototype *proto,
uint32 keyUsage, uint32 keyAttr,
KeyHandle &hKey, CssmKey *&key)
{
SendContext ctx(context);
Copier<AccessCredentials> creds(cred, internalAllocator);
Copier<AclEntryPrototype> owner(proto, internalAllocator);
CssmKey *keyBase; mach_msg_type_number_t keyLength;
IPC(tokend_client_generateKey(TOKEND_ARGS, CONTEXT(ctx),
COPY(creds), COPY(owner), keyUsage, keyAttr, &hKey, COPY_OUT(key)));
relocate(key, keyBase);
}
void ClientSession::generateKey(const Security::Context &context,
const AccessCredentials *cred, const AclEntryPrototype *proto,
CSSM_KEYUSE pubKeyUsage, CSSM_KEYATTR_FLAGS pubKeyAttr,
CSSM_KEYUSE privKeyUsage, CSSM_KEYATTR_FLAGS privKeyAttr,
KeyHandle &hPubKey, CssmKey *&pubKey,
KeyHandle &hPrivKey, CssmKey *&privKey)
{
SendContext ctx(context);
Copier<AccessCredentials> creds(cred, internalAllocator);
Copier<AclEntryPrototype> owner(proto, internalAllocator);
CssmKey *pubKeyBase; mach_msg_type_number_t pubKeyLength;
CssmKey *privKeyBase; mach_msg_type_number_t privKeyLength;
IPC(tokend_client_generateKeyPair(TOKEND_ARGS, CONTEXT(ctx),
COPY(creds), COPY(owner),
pubKeyUsage, pubKeyAttr, privKeyUsage, privKeyAttr,
&hPubKey, COPY_OUT(pubKey), &hPrivKey, COPY_OUT(privKey)));
relocate(pubKey, pubKeyBase);
relocate(privKey, privKeyBase);
}
//
// Key wrapping and unwrapping
//
void ClientSession::wrapKey(const Context &context, const AccessCredentials *cred,
KeyHandle hWrappingKey, const CssmKey *wrappingKey,
KeyHandle hSubjectKey, const CssmKey *subjectKey,
const CssmData &descriptiveData, CssmWrappedKey *&wrappedKey)
{
SendContext ctx(context);
Copier<AccessCredentials> creds(cred, internalAllocator);
Copier<CssmKey> cWrappingKey(wrappingKey, internalAllocator);
Copier<CssmKey> cSubjectKey(subjectKey, internalAllocator);
CssmKey *wrappedKeyBase; mach_msg_type_number_t wrappedKeyLength;
IPC(tokend_client_wrapKey(TOKEND_ARGS, CONTEXT(ctx), hWrappingKey, COPY(cWrappingKey), COPY(creds),
hSubjectKey, COPY(cSubjectKey), DATA(descriptiveData), COPY_OUT(wrappedKey)))
}
void ClientSession::unwrapKey(const Security::Context &context,
const AccessCredentials *cred, const AclEntryPrototype *proto,
KeyHandle hWrappingKey, const CssmKey *wrappingKey,
KeyHandle hPublicKey, const CssmKey *publicKey,
const CssmWrappedKey &wrappedKey, uint32 usage, uint32 attrs,
CssmData &descriptiveData, KeyHandle &hKey, CssmKey *&key)
{
SendContext ctx(context);
Copier<AccessCredentials> creds(cred, internalAllocator);
Copier<AclEntryPrototype> owner(proto, internalAllocator);
Copier<CssmKey> cWrappingKey(wrappingKey, internalAllocator);
Copier<CssmKey> cPublicKey(publicKey, internalAllocator);
Copier<CssmWrappedKey> cWrappedKey(&wrappedKey, internalAllocator);
CssmKey *tmpKeyBase; mach_msg_type_number_t tmpKeyLength;
CssmKey *tmpKey;
DataOutput descriptor(descriptiveData, returnAllocator);
IPC(tokend_client_unwrapKey(TOKEND_ARGS, CONTEXT(ctx), hWrappingKey, COPY(cWrappingKey),
COPY(creds), COPY(owner), hPublicKey, COPY(cPublicKey),
COPY(cWrappedKey), usage, attrs, DATA(descriptor),
&hKey, COPY_OUT(tmpKey)));
relocate(tmpKey, tmpKeyBase);
key = chunkCopy(tmpKey);
}
//
// Key derivation
//
void ClientSession::deriveKey(DbHandle db, const Context &context,
KeyHandle hBaseKey, const CssmKey *baseKey,
uint32 keyUsage, uint32 keyAttr, CssmData &param,
const AccessCredentials *cred, const AclEntryPrototype *proto,
KeyHandle &hKey, CssmKey *&key)
{
SendContext ctx(context);
Copier<AccessCredentials> creds(cred, internalAllocator);
Copier<AclEntryPrototype> owner(proto, internalAllocator);
Copier<CssmKey> cBaseKey(baseKey, internalAllocator);
CssmDeriveData inForm(param, context.algorithm());
Copier<CssmDeriveData> inParam(&inForm, internalAllocator);
CssmKey *keyBase; mach_msg_type_number_t keyLength;
DataOutput paramOutput(param, returnAllocator);
IPC(tokend_client_deriveKey(TOKEND_ARGS, CONTEXT(ctx), hBaseKey, COPY(cBaseKey),
COPY(creds), COPY(owner), COPY(inParam), DATA(paramOutput),
keyUsage, keyAttr, &hKey, COPY_OUT(key)));
}
//
// ACL getting/setting interface.
// Note that this layer, unlike the securityd-client one, does not return its
// output data as separate allocated (chunked) copies. It returns its data
// directly as a (relocated) flat blob.
//
void ClientSession::getAcl(AclKind kind, GenericHandle key, const char *tag,
uint32 &count, AclEntryInfo * &info)
{
AclEntryInfo *infoBase;
mach_msg_type_number_t infoLength;
IPC(tokend_client_getAcl(TOKEND_ARGS, kind, key,
(tag != NULL), tag ? tag : "",
&count, COPY_OUT(info)));
// relocate incoming AclEntryInfo array
ReconstituteWalker relocator(info, infoBase);
for (uint32 n = 0; n < count; n++)
walk(relocator, info[n]);
}
void ClientSession::changeAcl(AclKind kind, GenericHandle key,
const AccessCredentials &cred, const AclEdit &edit)
{
Copier<AccessCredentials> creds(&cred, internalAllocator);
Copier<AclEntryInput> infos(edit.newEntry(), internalAllocator);
IPC(tokend_client_changeAcl(TOKEND_ARGS, kind, key, COPY(creds),
edit.mode(), edit.handle(), COPY(infos)));
}
void ClientSession::getOwner(AclKind kind, GenericHandle handle, AclOwnerPrototype *&owner)
{
AclOwnerPrototype *ownerBase; mach_msg_type_number_t ownerLength;
IPC(tokend_client_getOwner(TOKEND_ARGS, kind, handle, COPY_OUT(owner)));
// turn the returned AclOwnerPrototype into its proper output form
relocate(owner, ownerBase);
}
void ClientSession::changeOwner(AclKind kind, GenericHandle key, const AccessCredentials &cred,
const AclOwnerPrototype &edit)
{
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
void ClientSession::authenticate(CSSM_DB_ACCESS_TYPE mode, const AccessCredentials *cred)
{
Copier<AccessCredentials> creds(cred, internalAllocator);
IPC(tokend_client_authenticate(TOKEND_ARGS, mode, COPY(creds)));
}
bool ClientSession::isLocked()
{
uint32 locked = 0;
IPC(tokend_client_isLocked(TOKEND_ARGS, &locked));
return locked;
}
static void copyDataFromIPC(void *dataPtr, mach_msg_type_number_t dataLength, CssmData *outData)
{
if (!outData || !dataPtr)
return;
/*
<rdar://problem/6738709> securityd leaks VM memory during certain smartcard operations
The preceeding IPC call to tokend_client_findRecordHandle() vm_allocates()s the memory
for returning dataPtr. The rest of the system wants to treat this memory as a CssmData object
and call free() on it. But free() won't work for vm_allocate()d memory, so copy the data into
heap memory.
*/
void *newData = malloc(dataLength);
if (newData == NULL)
CssmError::throwMe(CSSM_ERRCODE_MEMORY_ERROR);
memcpy(newData, dataPtr, dataLength);
*outData = CssmData(newData, dataLength);
// secdebug(who, "dataPtr (%p), dataLength (%d); newData (%p)", dataPtr, dataLength, newData);
mig_deallocate(reinterpret_cast<vm_address_t>(dataPtr), (vm_size_t)dataLength);
}
} // namespace Tokend
} // namespace Security

111
lib/tdtransit.h Normal file
View File

@ -0,0 +1,111 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
//
//
// WARNING! HERE BE DRAGONS!
// This code involves moderately arcane magic including (but not limited to)
// dancing macros paired off with self-maintaining stack objects. Don't take
// anything for granted! Be very afraid of ALL-CAPS names. Your best bet is
// probably to stick with the existing patterns.
//
#ifndef _H_TDTRANSIT
#define _H_TDTRANSIT
#include <security_tokend_client/tdclient.h>
#include <security_cdsa_utilities/cssmwalkers.h>
#include <SecurityTokend/SecTokend.h>
#include "tokend_types.h"
#include "tokend.h"
namespace Security {
namespace Tokend {
// stock leading argument profile used by all calls
#define TOKEND_ARGS mServicePort, mReplyPort, &rcode
// IPC wraps the actual MIG call
#define IPC(statement) \
{ CSSM_RETURN rcode; check(statement); if (rcode != CSSM_OK) CssmError::throwMe(rcode); }
// pass mandatory or optional CssmData arguments into an IPC call
#define DATA(arg) arg.data(), arg.length()
#define OPTIONALDATA(arg) (arg ? arg->data() : NULL), (arg ? arg->length() : 0)
// pass structured arguments in/out of IPC calls. See "data walkers" for details
#define COPY(copy) copy, copy.length(), copy
#define COPYFLAT(copy) copy, copy##Length, copy
#define COPY_OUT(copy) &copy, &copy##Length, &copy##Base
#define COPY_OUT_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length
//
// DataOutput manages an output CssmData argument.
//
class DataOutput {
public:
DataOutput(CssmData &arg, Allocator &alloc)
: argument(arg), allocator(alloc) { mData = NULL; mLength = 0; }
~DataOutput();
void **data() { return &mData; }
mach_msg_type_number_t *length() { return &mLength; }
CssmData &argument;
Allocator &allocator;
private:
void *mData;
mach_msg_type_number_t mLength;
};
//
// Bundle up a Context for IPC transmission
//
class SendContext {
public:
SendContext(const Context &ctx);
~SendContext() { Allocator::standard().free(attributes); }
const Context &context;
CSSM_CONTEXT_ATTRIBUTE *attributes;
size_t attributeSize;
};
#define CONTEXT(ctx) ctx.context, ctx.attributes, ctx.attributes, ctx.attributeSize
//
// A PodWrapper for TOKEND_RETURN_DATA (used in the tokend APIs)
//
class TokendReturnData : public PodWrapper<TokendReturnData, TOKEND_RETURN_DATA> {
public:
};
} // namespace Tokend
} // namespace Security
#endif //_H_TDTRANSIT

48
lib/tokend_types.h Normal file
View File

@ -0,0 +1,48 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
//
// securityd-tokend interface types
//
#ifndef _H_TOKEND_TYPES
#define _H_TOKEND_TYPES
#include <securityd_client/ss_types.h>
typedef Tokend::ClientSession::Score TokenScore;
typedef char *TokenUidString;
//
// Customization macros for MIG code
//
#define __AfterSendRpc(id, name) \
if (msg_result == MACH_MSG_SUCCESS && Out0P->Head.msgh_id == MACH_NOTIFY_DEAD_NAME) \
return MIG_SERVER_DIED;
#define UseStaticTemplates 0
#endif //_H_TOKEND_TYPES

161
lib/transit.cpp Normal file
View File

@ -0,0 +1,161 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
#include "transit.h"
namespace Security {
namespace Tokend {
//
// Relocation support
//
void relocate(Context &context, void *base, Context::Attr *attrs, uint32 attrSize)
{
ReconstituteWalker relocator(attrs, base);
context.ContextAttributes = attrs; // fix context->attr vector link
for (uint32 n = 0; n < context.attributesInUse(); n++)
walk(relocator, context[n]);
}
//
// Data search and retrieval interface
//
DataRetrieval::DataRetrieval(CssmDbRecordAttributeData *inAttributes, bool getData)
{
this->attributes = inAttributes;
this->data = getData ? &mData : NULL;
this->record = CSSM_INVALID_HANDLE;
this->keyhandle = CSSM_INVALID_HANDLE;
}
DataRetrieval::~DataRetrieval()
{
}
void DataRetrieval::returnData(KeyHandle &hKey, RecordHandle &hRecord,
void *&outData, mach_msg_type_number_t &outDataLength,
CssmDbRecordAttributeData *&outAttributes, mach_msg_type_number_t &outAttributesLength,
CssmDbRecordAttributeData *&outAttributesBase)
{
Copier<CssmDbRecordAttributeData> outCopy(CssmDbRecordAttributeData::overlay(this->attributes));
outAttributesLength = outCopy.length();
outAttributes = outAttributesBase = outCopy.keep();
if (this->data) {
outData = this->data->Data;
outDataLength = this->data->Length;
} else {
outData = NULL;
outDataLength = 0;
}
/*
"record" and "keyhandle" below come from the underlying TOKEND_RETURN_DATA,
and are native-sized quantities. These need to be converted to a client
handle (32 bit)
*/
hKey = (this->keyhandle)?TokendHandleObject::make(this->keyhandle)->ipcHandle():0;
hRecord = (this->record)?TokendHandleObject::make(this->record)->ipcHandle():0;
server->freeRetrievedData(this);
//@@@ deferred-release outAttributes == Copier
}
/*
Cheat sheet
CSSM_HANDLE
- native size, 64 bit or 32 bit
- passed along to Tokend e.g. Tokend::Token::_findRecordHandle
- passed e.g. as CALL(findNext, ...)
RecordHandle & SearchHandle
- always 32 bit
- returned to callers through SecurityTokend interface
*/
TokendHandleObject::TokendHandleObject(CSSM_HANDLE cssmh) : mTokendHandle(cssmh)
{
thmstate().add(ipcHandle(), this);
}
TokendHandleObject::~TokendHandleObject()
{
thmstate().erase(ipcHandle());
}
ModuleNexus<TokendHandleObject::TokendHandleMapState> TokendHandleObject::thmstate;
TokendHandleObject::TokendHandleMapState::TokendHandleMapState()
{
}
// static factory method
TokendHandleObject *TokendHandleObject::make(CSSM_HANDLE cssmh)
{
// This will create a new TokendHandleObject, add it to the map, and return
// the value of the newly created object
if (!cssmh)
CssmError::throwMe(CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
return new TokendHandleObject(cssmh);
}
// static method
CSSM_HANDLE TokendHandleObject::findTDHandle(TokendHandleObject::TransitHandle thdl)
{
/*
Find a handle that we can pass along to tokend. We do this so that Tokend
can return different errors for different calls -- even if we don't find
it in our map, we will still call out to Tokend. It might be better to
use a distinctive non-zero value for the bad handle for tracking
*/
const CSSM_HANDLE knownBadHandle = 0; // for now
if (!thdl)
return knownBadHandle;
TokendHandleMap::const_iterator it = thmstate().find(thdl);
return (it == thmstate().end()) ? knownBadHandle : it->second->tokendHandle();
}
void TokendHandleObject::TokendHandleMapState::add(TransitHandle thdl, TokendHandleObject *tho)
{
StLock<Mutex> _(*this);
thmstate().insert(thmstate().end(), make_pair(thdl,tho));
}
void TokendHandleObject::TokendHandleMapState::erase(TransitHandle thdl)
{
StLock<Mutex> _(*this);
// @@@ check cssmh, don't erase if not valid
TokendHandleMap::erase(thdl);
}
} // namespace Tokend
} // namespace Security

191
lib/transit.h Normal file
View File

@ -0,0 +1,191 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
#ifndef _H_TRANSIT
#define _H_TRANSIT
#include "tdclient.h"
#include "tokend.h"
#include "server.h"
#include <security_cdsa_utilities/cssmwalkers.h>
#include <security_cdsa_utilities/u32handleobject.h>
#include <Security/cssmtype.h>
#include <security_utilities/alloc.h>
namespace Security {
namespace Tokend {
using namespace Security::Tokend;
using namespace Security::DataWalkers;
#define TOKEND_ARGS \
mach_port_t servicePort, mach_port_t replyPort, CSSM_RETURN *rcode
#define CONTEXT_ARGS Context context, Pointer contextBase, Context::Attr *attributes, mach_msg_type_number_t attrSize
#define BEGIN_IPC *rcode = CSSM_OK; try {
#define END_IPC(base) } \
catch (const CommonError &err) { *rcode = CssmError::cssmError(err, CSSM_ ## base ## _BASE_ERROR); } \
catch (const std::bad_alloc &) { *rcode = CssmError::merge(CSSM_ERRCODE_MEMORY_ERROR, CSSM_ ## base ## _BASE_ERROR); } \
catch (...) { *rcode = CssmError::cssmError(CSSM_ERRCODE_INTERNAL_ERROR, CSSM_ ## base ## _BASE_ERROR); } \
return KERN_SUCCESS;
#define DATA_IN(base) void *base, mach_msg_type_number_t base##Length
#define DATA_OUT(base) void **base, mach_msg_type_number_t *base##Length
#define DATA(base) CssmData(base, base##Length)
#define COPY_IN(type,name) type *name, mach_msg_type_number_t name##Length, type *name##Base
#define COPY_OUT(type,name) \
type **name, mach_msg_type_number_t *name##Length, type **name##Base
#define CALL(func,args) { \
if (server->func) \
{ if (*rcode = server->func args) return KERN_SUCCESS; /* and rcode */ } \
else \
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); }
using LowLevelMemoryUtilities::increment;
using LowLevelMemoryUtilities::difference;
//
// An OutputData object will take memory allocated within the SecurityServer,
// hand it to the MIG return-output parameters, and schedule it to be released
// after the MIG reply has been sent. It will also get rid of it in case of
// error.
//
class OutputData : public CssmData {
public:
OutputData(void **outP, mach_msg_type_number_t *outLength)
: mData(*outP), mLength(*outLength) { }
~OutputData()
{ mData = data(); mLength = length(); server->releaseWhenDone(Allocator::standard(), mData); }
void operator = (const CssmData &source)
{ CssmData::operator = (source); }
private:
void * &mData;
mach_msg_type_number_t &mLength;
};
//
// A local copy of a structured return value (COPY_OUT form), self-managing
//
template <class T>
class Return : public T {
public:
Return(T **p, mach_msg_type_number_t *l, T **b)
: ptr(*p), len(*l), base(*b) { ptr = NULL; }
~Return();
private:
T *&ptr;
mach_msg_type_number_t &len;
T *&base;
};
template <class T>
Return<T>::~Return()
{
Copier<T> copier(static_cast<T*>(this), Allocator::standard());
ptr = base = copier;
len = copier.length();
server->releaseWhenDone(Allocator::standard(), copier.keep());
}
//
// Relocation support
//
void relocate(Context &context, void *base, Context::Attr *attrs, uint32 attrSize);
//
// Data search and retrieval interface
//
class DataRetrieval : public TOKEND_RETURN_DATA {
public:
DataRetrieval(CssmDbRecordAttributeData *inAttributes, bool getData);
~DataRetrieval();
void returnData(KeyHandle &hKey, RecordHandle &hRecord,
void *&outData, mach_msg_type_number_t &outDataLength,
CssmDbRecordAttributeData *&outAttributes, mach_msg_type_number_t &outAttrLength,
CssmDbRecordAttributeData *&outAttributesBase);
private:
CssmData mData;
};
//
// Tokend handles <---> client-IPC handles
// the "key" into the map is the 32 bit handle, the value is 64 bit (i.e. native)
//
class TokendHandle : public TypedHandle<CSSM_HANDLE>
{
public:
TokendHandle(CSSM_HANDLE cssmh) : TypedHandle<CSSM_HANDLE>(cssmh) { }
virtual ~TokendHandle() { }
};
class TokendHandleObject : public U32HandleObject
{
public:
// typedef TypedHandle<CSSM_HANDLE> TokendHandle;
typedef uint32_t TransitHandle; // maybe should be U32HandleObject::Handle
public:
static TokendHandleObject *make(CSSM_HANDLE cssmh);
static CSSM_HANDLE findTDHandle(TransitHandle thdl);
TokendHandleObject(CSSM_HANDLE tokendh);
virtual ~TokendHandleObject();
CSSM_HANDLE tokendHandle() const { return mTokendHandle.handle(); }
U32HandleObject::Handle ipcHandle() const { return U32HandleObject::handle(); }
private:
TokendHandle mTokendHandle;
// key,value
typedef std::map<TransitHandle, TokendHandleObject *> TokendHandleMap;
class TokendHandleMapState : public Mutex, public TokendHandleMap
{
public:
TokendHandleMapState();
bool handleInUse(CSSM_HANDLE cssmh);
void add(TransitHandle thdl, TokendHandleObject *tho);
void erase(TransitHandle thdl);
};
static ModuleNexus<TokendHandleObject::TokendHandleMapState> thmstate;
};
} // namespace Tokend
} // namespace Security
#endif //_H_TRANSIT

645
lib/transition.cpp Normal file
View File

@ -0,0 +1,645 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
#include "transit.h"
using namespace Security::Tokend;
//
// Server inbound transition layer.
// These are C functions in the global namespace, called by the MIG dispatch.
//
//
// Probe: Examine token, determine score, and generate token uid string
//
kern_return_t tokend_server_probe(TOKEND_ARGS, TokenScore *score, TokenUidString uid)
{
BEGIN_IPC
uid[0] = '\0'; // default to no uid obtained
CALL(probe, (kSecTokendCallbacksDefault, score, uid));
// We do not support 32 bit tokends on 10.6 and later
// since securityd always runs 64 bit
if (sizeof(int*) == 4)
{
Syslog::error("32-bit tokends not supported");
CssmError::throwMe(CSSMERR_CSP_DEVICE_ERROR);
}
uid[TOKEND_MAX_UID-1] = '\0'; // enforce null termination
server->tokenUid(uid);
END_IPC(CSSM)
}
//
// Establish: take securityd's information and stash it away;
// determine MDS resources and return them.
//
kern_return_t tokend_server_establish(TOKEND_ARGS,
CSSM_GUID guid, uint32 ssid, SecTokendEstablishFlags flags,
const char *cacheDirectory, const char *workDirectory,
char mdsDirectory[PATH_MAX], char printName[PATH_MAX])
{
BEGIN_IPC
mdsDirectory[0] = '\0'; // default to all resources
printName[0] = '\0'; // default to no print name
CALL(establish, (&guid, ssid, flags, cacheDirectory, workDirectory, mdsDirectory, printName));
END_IPC(CSSM)
}
//
// Induce termination
//
kern_return_t tokend_server_terminate(mach_port_t servicePort, uint32 reason, uint32 options)
{
server->termination(reason, options);
}
//
// Find/retrieve interface
//
kern_return_t tokend_server_findFirst(TOKEND_ARGS,
COPY_IN(CssmQuery, query),
COPY_IN(CssmDbRecordAttributeData, inAttributes),
boolean_t getData, DATA_OUT(outData), KeyHandle *hKey,
COPY_OUT(CssmDbRecordAttributeData, outAttributes),
SearchHandle *hSearch, RecordHandle *hRecord)
{
BEGIN_IPC
relocate(query, queryBase);
relocate(inAttributes, inAttributesBase);
DataRetrieval interface(inAttributes, getData);
CSSM_HANDLE searchHandle = 0;
*hSearch = 0; // to prevent uninitialized value when following CALL ends with exception
CALL(findFirst, (query, &interface, &searchHandle));
interface.returnData(*hKey, *hRecord, *outData, *outDataLength,
*outAttributes, *outAttributesLength, *outAttributesBase);
/*
findFirst and findNext do not return an error if nothing was found.
Instead, hKey and hRecord are set to 0. In this case, we don't want to
set up a search handle
*/
if (searchHandle)
*hSearch = TokendHandleObject::make(searchHandle)->ipcHandle();
server->releaseWhenDone(Allocator::standard(), *outAttributes);
END_IPC(DL)
}
kern_return_t tokend_server_findNext(TOKEND_ARGS, SearchHandle hSearch,
COPY_IN(CssmDbRecordAttributeData, inAttributes),
boolean_t getData, DATA_OUT(outData), KeyHandle *hKey,
COPY_OUT(CssmDbRecordAttributeData, outAttributes),
RecordHandle *hRecord)
{
BEGIN_IPC
relocate(inAttributes, inAttributesBase);
DataRetrieval interface(inAttributes, getData);
CSSM_HANDLE searchHandle = TokendHandleObject::findTDHandle(hSearch);
CALL(findNext, (searchHandle, &interface));
interface.returnData(*hKey, *hRecord, *outData, *outDataLength,
*outAttributes, *outAttributesLength, *outAttributesBase);
server->releaseWhenDone(Allocator::standard(), *outAttributes);
END_IPC(DL)
}
kern_return_t tokend_server_findRecordHandle(TOKEND_ARGS, RecordHandle hRecord,
COPY_IN(CssmDbRecordAttributeData, inAttributes),
boolean_t getData, DATA_OUT(outData), KeyHandle *hKey,
COPY_OUT(CssmDbRecordAttributeData, outAttributes))
{
BEGIN_IPC
relocate(inAttributes, inAttributesBase);
DataRetrieval interface(inAttributes, getData);
CSSM_HANDLE recordHandle = TokendHandleObject::findTDHandle(hRecord);
CALL(findRecordHandle, (recordHandle, &interface));
interface.returnData(*hKey, hRecord, *outData, *outDataLength,
*outAttributes, *outAttributesLength, *outAttributesBase);
server->releaseWhenDone(Allocator::standard(), *outAttributes);
END_IPC(DL)
}
kern_return_t tokend_server_insertRecord(TOKEND_ARGS, CSSM_DB_RECORDTYPE recordType,
COPY_IN(CssmDbRecordAttributeData, attributes), DATA_IN(data),
RecordHandle *hRecord)
{
BEGIN_IPC
relocate(attributes, attributesBase);
const CssmData dataBlob(DATA(data));
CSSM_HANDLE recordHandle;
CALL(insertRecord, (recordType, attributes, data ? &dataBlob : NULL, &recordHandle));
*hRecord = TokendHandleObject::make(recordHandle)->ipcHandle();
END_IPC(DL)
}
kern_return_t tokend_server_modifyRecord(TOKEND_ARGS, CSSM_DB_RECORDTYPE recordType,
RecordHandle *hRecord, COPY_IN(CssmDbRecordAttributeData, attributes),
boolean_t setData, DATA_IN(data), CSSM_DB_MODIFY_MODE modifyMode)
{
BEGIN_IPC
relocate(attributes, attributesBase);
const CssmData dataBlob(DATA(data));
CSSM_HANDLE recordHandle;
CALL(modifyRecord, (recordType, &recordHandle, attributes,
setData ? &dataBlob : NULL, modifyMode));
*hRecord = TokendHandleObject::make(recordHandle)->ipcHandle();
END_IPC(DL)
}
kern_return_t tokend_server_deleteRecord(TOKEND_ARGS, RecordHandle hRecord)
{
BEGIN_IPC
CSSM_HANDLE recordHandle = TokendHandleObject::findTDHandle(hRecord);
CALL(deleteRecord, (recordHandle));
END_IPC(DL)
}
kern_return_t tokend_server_releaseSearch(TOKEND_ARGS, SearchHandle hSearch)
{
BEGIN_IPC
CSSM_HANDLE searchHandle = TokendHandleObject::findTDHandle(hSearch);
CALL(releaseSearch, (searchHandle));
END_IPC(DL)
}
kern_return_t tokend_server_releaseRecord(TOKEND_ARGS, RecordHandle hRecord)
{
BEGIN_IPC
CSSM_HANDLE recordHandle = TokendHandleObject::findTDHandle(hRecord);
CALL(releaseRecord, (recordHandle));
END_IPC(DL)
}
//
// Key management
//
kern_return_t tokend_server_releaseKey(TOKEND_ARGS, KeyHandle hKey)
{
BEGIN_IPC
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
CALL(releaseKey, (keyHandle));
END_IPC(DL)
}
kern_return_t tokend_server_queryKeySizeInBits(TOKEND_ARGS, KeyHandle hKey,
CSSM_KEY_SIZE *size)
{
BEGIN_IPC
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
CALL(getKeySize, (keyHandle, size));
END_IPC(CSP)
}
kern_return_t tokend_server_getOutputSize(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
uint32 inputSize, boolean_t encrypt, uint32 *outputSize)
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
CALL(getOutputSize, (&context, keyHandle, inputSize, encrypt, outputSize));
END_IPC(CSP)
}
//
// Signatures and MACs
//
kern_return_t tokend_server_generateSignature(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
CSSM_ALGORITHMS signOnlyAlgorithm, DATA_IN(data), DATA_OUT(signature))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
const CssmData dataBlob(DATA(data));
OutputData sigData(signature, signatureLength);
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
CALL(generateSignature, (&context, keyHandle, signOnlyAlgorithm,
&dataBlob, &sigData));
END_IPC(CSP)
}
kern_return_t tokend_server_verifySignature(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
CSSM_ALGORITHMS verifyOnlyAlgorithm, DATA_IN(data), DATA_IN(signature))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
const CssmData dataBlob(DATA(data));
const CssmData signatureBlob(DATA(signature));
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
CALL(verifySignature, (&context, keyHandle, verifyOnlyAlgorithm, &dataBlob, &signatureBlob));
END_IPC(CSP)
}
kern_return_t tokend_server_generateMac(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
DATA_IN(data), DATA_OUT(mac))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
const CssmData dataBlob(DATA(data));
OutputData macData(mac, macLength);
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
CALL(generateMac, (&context, keyHandle, &dataBlob, &macData));
END_IPC(CSP)
}
kern_return_t tokend_server_verifyMac(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
DATA_IN(data), DATA_IN(mac))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
const CssmData dataBlob(DATA(data));
const CssmData macBlob(DATA(mac));
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
CALL(verifyMac, (&context, keyHandle, &dataBlob, &macBlob));
END_IPC(CSP)
}
//
// Encryption/Decryption
//
kern_return_t tokend_server_encrypt(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
DATA_IN(clear), DATA_OUT(cipher))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
const CssmData clearBlob(DATA(clear));
OutputData cipherOut(cipher, cipherLength);
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
CALL(encrypt, (&context, keyHandle, &clearBlob, &cipherOut));
END_IPC(CSP)
}
kern_return_t tokend_server_decrypt(TOKEND_ARGS, CONTEXT_ARGS, KeyHandle hKey,
DATA_IN(cipher), DATA_OUT(clear))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
const CssmData cipherBlob(DATA(cipher));
OutputData clearOut(clear, clearLength);
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
CALL(decrypt, (&context, keyHandle, &cipherBlob, &clearOut));
END_IPC(CSP)
}
//
// Key generation
//
kern_return_t tokend_server_generateKey(TOKEND_ARGS, CONTEXT_ARGS,
COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner),
uint32 usage, uint32 attrs, KeyHandle *hKey, COPY_OUT(CssmKey, key))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
relocate(cred, credBase);
relocate(owner, ownerBase);
Return<CssmKey> rKey(key, keyLength, keyBase);
CSSM_HANDLE keyHandle;
CALL(generateKey, (&context, cred, owner, usage, attrs, &keyHandle, &rKey));
*hKey = TokendHandleObject::make(keyHandle)->ipcHandle();
END_IPC(CSP)
}
kern_return_t tokend_server_generateKeyPair(TOKEND_ARGS, CONTEXT_ARGS,
COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner),
CSSM_KEYUSE pubUsage, CSSM_KEYATTR_FLAGS pubAttrs,
CSSM_KEYUSE privUsage, CSSM_KEYATTR_FLAGS privAttrs,
KeyHandle *hPubKey, COPY_OUT(CssmKey, pubKey),
KeyHandle *hPrivKey, COPY_OUT(CssmKey, privKey))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
relocate(cred, credBase);
relocate(owner, ownerBase);
Return<CssmKey> rPubKey(pubKey, pubKeyLength, pubKeyBase);
Return<CssmKey> rPrivKey(privKey, privKeyLength, privKeyBase);
CSSM_HANDLE cssmPubKey, cssmPrivKey;
CALL(generateKeyPair, (&context, cred, owner,
pubUsage, pubAttrs, privUsage, privAttrs,
&cssmPubKey, &rPubKey, &cssmPrivKey, &rPrivKey));
*hPubKey = TokendHandleObject::make(cssmPubKey)->ipcHandle();
*hPrivKey = TokendHandleObject::make(cssmPrivKey)->ipcHandle();
END_IPC(CSP)
}
//
// Key wrapping and unwrapping
//
kern_return_t tokend_server_wrapKey(TOKEND_ARGS, CONTEXT_ARGS,
KeyHandle hWrappingKey, COPY_IN(CssmKey, wrappingKey),
COPY_IN(AccessCredentials, cred),
KeyHandle hSubjectKey, COPY_IN(CssmKey, subjectKey),
DATA_IN(descriptiveData), COPY_OUT(CssmWrappedKey, wrappedKey))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
relocate(cred, credBase);
relocate(wrappingKey, wrappingKeyBase);
relocate(subjectKey, subjectKeyBase);
CssmData ddata(DATA(descriptiveData));
Return<CssmKey> rKey(wrappedKey, wrappedKeyLength, wrappedKeyBase);
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hSubjectKey);
CALL(wrapKey, (&context, hWrappingKey, wrappingKey, cred,
keyHandle, subjectKey, descriptiveData ? &ddata : NULL, &rKey));
END_IPC(CSP)
}
kern_return_t tokend_server_unwrapKey(TOKEND_ARGS, CONTEXT_ARGS,
KeyHandle hWrappingKey, COPY_IN(CssmKey, wrappingKey),
COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner),
KeyHandle hPublicKey, COPY_IN(CssmKey, publicKey),
COPY_IN(CssmWrappedKey, wrappedKey),
uint32 usage, uint32 attrs, DATA_OUT(descriptiveData),
KeyHandle *hUnwrappedKey, COPY_OUT(CssmKey, unwrappedKey))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
relocate(cred, credBase);
relocate(owner, ownerBase);
relocate(wrappingKey, wrappingKeyBase);
relocate(publicKey, publicKeyBase);
relocate(wrappedKey, wrappedKeyBase);
Return<CssmKey> rKey(unwrappedKey, unwrappedKeyLength, unwrappedKeyBase);
OutputData descriptives(descriptiveData, descriptiveDataLength);
CSSM_HANDLE cssmUnwrappedKey;
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hPublicKey);
CSSM_HANDLE wrapKeyHandle = TokendHandleObject::findTDHandle(hWrappingKey);
CALL(unwrapKey, (&context, wrapKeyHandle, wrappingKey, cred, owner,
keyHandle, publicKey, wrappedKey,
usage, attrs, &descriptives, &cssmUnwrappedKey, &rKey));
*hUnwrappedKey = TokendHandleObject::make(cssmUnwrappedKey)->ipcHandle();
END_IPC(CSP)
}
//
// Key derivation.
//
kern_return_t tokend_server_deriveKey(TOKEND_ARGS, CONTEXT_ARGS,
KeyHandle hBaseKey, COPY_IN(CssmKey, baseKey),
COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner),
COPY_IN(CssmDeriveData,paramInput), DATA_OUT(paramOutput),
CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attrs,
KeyHandle *hKey, COPY_OUT(CssmKey, key))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
relocate(cred, credBase);
relocate(owner, ownerBase);
relocate(baseKey, baseKeyBase);
relocate(paramInput, paramInputBase);
if (!paramInput || paramInput->algorithm != context.algorithm())
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS);
Return<CssmKey> rKey(key, keyLength, keyBase);
CSSM_HANDLE cssmKeyHandle;
CALL(deriveKey, (&context, hBaseKey, baseKey, cred, owner, &paramInput->baseData,
usage, attrs, &cssmKeyHandle, &rKey));
*hKey = TokendHandleObject::make(cssmKeyHandle)->ipcHandle();
OutputData(paramOutput, paramOutputLength) = paramInput->baseData;
END_IPC(CSP)
}
//
// Random generation
//
kern_return_t tokend_server_generateRandom(TOKEND_ARGS, CONTEXT_ARGS, DATA_OUT(result))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
OutputData results(result, resultLength);
CALL(generateRandom, (&context, &results));
END_IPC(CSP)
}
//
// ACL management.
// Watch out for the memory-management tap-dance.
//
kern_return_t tokend_server_getOwner(TOKEND_ARGS, AclKind kind, GenericHandle hHandle,
COPY_OUT(AclOwnerPrototype, owner))
{
BEGIN_IPC
Return<AclOwnerPrototype> proto(owner, ownerLength, ownerBase);
switch (kind) {
case dbAcl:
CALL(getDatabaseOwner, (&proto));
break;
case keyAcl:
{
CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hHandle);
CALL(getKeyOwner, (tdHandle, &proto));
}
break;
case objectAcl:
{
CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hHandle);
CALL(getObjectOwner, (tdHandle, &proto));
}
break;
case loginAcl:
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
END_IPC(CSP)
}
kern_return_t tokend_server_setOwner(TOKEND_ARGS, AclKind kind, GenericHandle key,
COPY_IN(AccessCredentials, cred), COPY_IN(AclOwnerPrototype, owner))
{
BEGIN_IPC
relocate(cred, credBase);
relocate(owner, ownerBase);
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
END_IPC(CSP)
}
kern_return_t tokend_server_getAcl(TOKEND_ARGS, AclKind kind, GenericHandle hObject,
boolean_t haveTag, const char *inTag,
uint32 *countp, COPY_OUT(AclEntryInfo, acls))
{
BEGIN_IPC
const char *tag = haveTag ? inTag : NULL;
AclEntryInfo *infos;
switch (kind) {
case dbAcl:
CALL(getDatabaseAcl, (tag, countp, (CSSM_ACL_ENTRY_INFO**)&infos));
break;
case keyAcl:
{
CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hObject);
CALL(getKeyAcl, (tdHandle, tag, countp, (CSSM_ACL_ENTRY_INFO**)&infos));
}
break;
case objectAcl:
{
CSSM_HANDLE tdHandle = TokendHandleObject::findTDHandle(hObject);
CALL(getObjectAcl, (tdHandle, tag, countp, (CSSM_ACL_ENTRY_INFO**)&infos));
}
break;
case loginAcl:
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
// package up (count, infos) as a return blob
Copier<AclEntryInfo> aclsOut(infos, *countp);
*aclsLength = aclsOut.length();
*acls = *aclsBase = aclsOut;
aclsOut.keep();
server->releaseWhenDone(Allocator::standard(), *acls);
END_IPC(CSP)
}
kern_return_t tokend_server_changeAcl(TOKEND_ARGS, AclKind kind, GenericHandle key,
COPY_IN(AccessCredentials, cred), CSSM_ACL_EDIT_MODE mode, CSSM_ACL_HANDLE handle,
COPY_IN(AclEntryInput, acl))
{
BEGIN_IPC
relocate(cred, credBase);
relocate(acl, aclBase);
AclEdit edit(mode, handle, acl);
switch (kind) {
case dbAcl:
CALL(changeDatabaseAcl, (cred, &edit));
break;
case keyAcl:
{
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(key);
CALL(changeKeyAcl, (keyHandle, cred, &edit));
}
break;
case objectAcl:
{
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(key);
CALL(changeObjectAcl, (keyHandle, cred, &edit));
}
break;
case loginAcl:
CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
}
END_IPC(CSP)
}
kern_return_t tokend_server_authenticate(TOKEND_ARGS,
CSSM_DB_ACCESS_TYPE mode, COPY_IN(AccessCredentials, cred))
{
BEGIN_IPC
relocate(cred, credBase);
CALL(authenticateDatabase, (mode, cred));
END_IPC(DL)
}
kern_return_t tokend_server_login(TOKEND_ARGS, COPY_IN(AccessCredentials, cred), DATA_IN(name))
{
BEGIN_IPC
relocate(cred, credBase);
//CALL(login, (cred));
END_IPC(DL)
}
kern_return_t tokend_server_logout(TOKEND_ARGS)
{
BEGIN_IPC
//CALL(logout, ());
END_IPC(DL)
}
//
// Miscellaneous CSP-related calls
//
kern_return_t tokend_server_getStatistics(TOKEND_ARGS, CSPOperationalStatistics *statistics)
{
BEGIN_IPC
CALL(getStatistics, (statistics));
END_IPC(CSP)
}
kern_return_t tokend_server_getTime(TOKEND_ARGS, CSSM_ALGORITHMS algorithm, DATA_OUT(data))
{
BEGIN_IPC
OutputData datas(data, dataLength);
CALL(getTime, (algorithm, &datas));
END_IPC(CSP)
}
kern_return_t tokend_server_getCounter(TOKEND_ARGS, DATA_OUT(data))
{
BEGIN_IPC
OutputData datas(data, dataLength);
CALL(getCounter, (&datas));
END_IPC(CSP)
}
kern_return_t tokend_server_selfVerify(TOKEND_ARGS)
{
BEGIN_IPC
CALL(selfVerify, ());
END_IPC(CSP)
}
//
// Passthrough calls (separate for CSP and DL passthroughs)
//
kern_return_t tokend_server_cspPassThrough(TOKEND_ARGS, uint32 id, CONTEXT_ARGS,
KeyHandle hKey, COPY_IN(CssmKey, key), DATA_IN(inData), DATA_OUT(outData))
{
BEGIN_IPC
relocate(context, contextBase, attributes, attrSize);
relocate(key, keyBase);
const CssmData inDataBlob(DATA(inData));
OutputData outputs(outData, outDataLength);
CSSM_HANDLE keyHandle = TokendHandleObject::findTDHandle(hKey);
CALL(cspPassThrough, (id, &context, keyHandle, key, inData ? &inDataBlob : NULL, &outputs));
END_IPC(CSP)
}
kern_return_t tokend_server_dlPassThrough(TOKEND_ARGS, uint32 id,
DATA_IN(inData), DATA_OUT(outData))
{
BEGIN_IPC
const CssmData inDataBlob(DATA(inData));
OutputData outputs(outData, outDataLength);
CALL(dlPassThrough, (id, inData ? &inDataBlob : NULL, &outputs));
END_IPC(DL)
}
kern_return_t tokend_server_isLocked(TOKEND_ARGS, uint32 *locked)
{
BEGIN_IPC
CALL(isLocked, (locked));
END_IPC(DL)
}

50
mig/mig.mk Normal file
View File

@ -0,0 +1,50 @@
#
# Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved.
#
# @APPLE_LICENSE_HEADER_START@
#
# This file contains Original Code and/or Modifications of Original Code
# as defined in and that are subject to the Apple Public Source License
# Version 2.0 (the 'License'). You may not use this file except in
# compliance with the License. Please obtain a copy of the License at
# http://www.opensource.apple.com/apsl/ and read it before using this
# file.
#
# The Original Code and all software distributed under the License are
# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
# Please see the License for the specific language governing rights and
# limitations under the License.
#
# @APPLE_LICENSE_HEADER_END@
#
# Makefile to build MIG-generated sources and headers
#
DEFS = $(SRCROOT)/mig/tokend.defs
DERIVED_SRC = $(BUILT_PRODUCTS_DIR)/derived_src
HEADER = $(DERIVED_SRC)/tokend.h
HDRS = $(HEADER)
SERVER = $(DERIVED_SRC)/tokendServer.cpp
CLIENT = $(DERIVED_SRC)/tokendClient.cpp
SRCS = $(SERVER) $(CLIENT)
SDKROOT := $(shell xcrun --show-sdk-path --sdk macosx.internal)
build: $(HDRS) $(SRCS)
install: build
installhdrs: $(HDRS)
installsrc:
clean:
rm -f $(HDRS) $(SRCS)
$(SRCS) $(HDRS): $(DEFS)
mkdir -p $(DERIVED_SRC)
xcrun mig -isysroot "$(SDKROOT)" $(MIGFLAGS) \
-server $(SERVER) \
-user $(CLIENT) \
-header $(HEADER) $(DEFS)

187
mig/tokend.defs Normal file
View File

@ -0,0 +1,187 @@
/*
* Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* compliance with the License. Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this
* file.
*
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
*
* @APPLE_LICENSE_HEADER_END@
*/
/*!
@header tokend.defs
@abstract Mach RPC interface between securityd and tokend.
*/
#include <mach/std_types.defs>
#include <mach/mach_types.defs>
#include <securityd_client/ss_types.defs>
subsystem tokend 2000;
serverprefix tokend_server_;
userprefix tokend_client_;
import "tokend.h";
import "tdclient.h";
import <SecurityTokend/tokend_types.h>;
type TokenScore = uint32_t;
type EstablishFlags = uint32_t;
type TokenUidString = c_string[*:256]; //@@@ initial guess
/*
* Common argument profiles
*/
#define TOKEND_PORTS requestport sport: mach_port_t; \
replyport rport: mach_port_make_send_t; \
out rcode: CSSM_RETURN
//
// Setup and control calls
//
routine probe(TOKEND_PORTS; out score: TokenScore; out uid: TokenUidString);
routine establish(TOKEND_PORTS; in guid: Guid; in ssid: uint32;
in state: uint32; in cacheDirectory: FilePath; in workDirectory: FilePath;
out mdsDirectory: FilePathOut; out printName: FilePathOut);
simpleroutine terminate(requestport sport: mach_port_t; in reason: uint32; in options: uint32);
//
// DL I/O and search functions
//
routine findFirst(TOKEND_PORTS; IN_BLOB(query,CssmQuery);
IN_BLOB(inAttributes,CssmDbRecordAttributeData);
in getData: boolean_t; out data: Data; out hKey: KeyHandle;
OUT_BLOB(outAttributes,CssmDbRecordAttributeData);
out search: SearchHandle; out record: RecordHandle);
routine findNext(TOKEND_PORTS; in hSearch: SearchHandle;
IN_BLOB(inAttributes,CssmDbRecordAttributeData);
in getData: boolean_t; out data: Data; out hKey: KeyHandle;
OUT_BLOB(outAttributes,CssmDbRecordAttributeData);
out record: RecordHandle);
routine findRecordHandle(TOKEND_PORTS; in hRecord: RecordHandle;
IN_BLOB(inAttributes,CssmDbRecordAttributeData);
in getData: boolean_t; out data: Data; out hKey: KeyHandle;
OUT_BLOB(outAttributes,CssmDbRecordAttributeData));
routine insertRecord(TOKEND_PORTS; in recordType: CSSM_DB_RECORDTYPE;
IN_BLOB(attributes,CssmDbRecordAttributeData);
in data: Data; out hRecord: RecordHandle);
routine modifyRecord(TOKEND_PORTS; in recordType: CSSM_DB_RECORDTYPE;
inout hRecord: RecordHandle; IN_BLOB(attributes,CssmDbRecordAttributeData);
in setData: boolean_t; in data: Data; in modifyMode: CSSM_DB_MODIFY_MODE);
routine deleteRecord(TOKEND_PORTS; in record: RecordHandle);
routine releaseSearch(TOKEND_PORTS; in hSearch: SearchHandle);
routine releaseRecord(TOKEND_PORTS; in hRecord: RecordHandle);
//
// Key management
//
routine releaseKey(TOKEND_PORTS; in key: KeyHandle);
routine queryKeySizeInBits(TOKEND_PORTS; in key: KeyHandle; out length: CSSM_KEY_SIZE);
routine getOutputSize(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle;
in inputSize: uint32; in encrypt: boolean_t; out outputSize: uint32);
//
// Cryptographic operations
//
routine generateSignature(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle;
in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; out signature: Data);
routine verifySignature(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle;
in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; in signature: Data);
routine generateMac(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle;
in data: Data; out signature: Data);
routine verifyMac(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle;
in data: Data; in signature: Data);
routine encrypt(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; in clear: Data; out cipher: Data);
routine decrypt(TOKEND_PORTS; IN_CONTEXT; in key: KeyHandle; in cipher: Data; out clear: Data);
routine generateKey(TOKEND_PORTS; IN_CONTEXT;
IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
in keyUsage: uint32; in keyAttrs: uint32;
out hKey: KeyHandle; out key: CssmKeyBlob; out keyBase: CssmKeyPtr);
routine generateKeyPair(TOKEND_PORTS; IN_CONTEXT;
IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
in pubUsage: uint32; in pubAttrs: uint32; in privUsage: uint32; in privAttrs: uint32;
out hPubKey: KeyHandle; out pubKey: CssmKeyBlob; out pubKeyBase: CssmKeyPtr;
out hPrivKey: KeyHandle; out privKey: CssmKeyBlob; out privKeyBase: CssmKeyPtr);
routine wrapKey(TOKEND_PORTS; IN_CONTEXT; in hWrappingKey: KeyHandle; IN_BLOB(wrappingKey, CssmKey);
IN_BLOB(accessCredentials,AccessCredentials);
in hSubjectKey: KeyHandle; IN_BLOB(subjectKey, CssmKey);
in data: Data; OUT_BLOB(wrappedKey, CssmKey));
routine unwrapKey(TOKEND_PORTS; IN_CONTEXT; in hWrappingKey: KeyHandle; IN_BLOB(wrappingKey, CssmKey);
IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
in hPublicKey: KeyHandle; IN_BLOB(publicKey, CssmKey); IN_BLOB(wrappedKey, CssmKey);
in usage: uint32; in attributes: uint32; out data: Data;
out hKey: KeyHandle; out key: CssmKeyBlob; out keyBase: CssmKeyPtr);
routine deriveKey(TOKEND_PORTS; IN_CONTEXT; in hSourceKey: KeyHandle; IN_BLOB(sourceKey, CssmKey);
IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
IN_BLOB(paramInput,CssmDeriveData); out paramOutput: Data;
in keyUsage: uint32; in keyAttrs: uint32;
out hKey: KeyHandle; OUT_BLOB(key, CssmKey));
routine generateRandom(TOKEND_PORTS; IN_CONTEXT; out data: Data);
//
// ACL management
//
routine getOwner(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle;
out proto: AclOwnerPrototypeBlob; out protoBase: AclOwnerPrototypePtr);
routine setOwner(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle;
IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclOwnerPrototype,AclOwnerPrototype));
routine getAcl(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle;
in haveTag: boolean_t; in tag: CssmString;
out count: uint32; out acls: AclEntryInfoBlob; out aclsBase: AclEntryInfoPtr);
routine changeAcl(TOKEND_PORTS; in kind: AclKind; in key: GenericHandle;
IN_BLOB(accessCredentials,AccessCredentials);
in mode: CSSM_ACL_EDIT_MODE; in handle: CSSM_ACL_HANDLE;
IN_BLOB(aclEntryInput,AclEntryInput));
routine authenticate(TOKEND_PORTS;
in mode: CSSM_DB_ACCESS_TYPE; IN_BLOB(accessCredentials, AccessCredentials));
routine login(TOKEND_PORTS; IN_BLOB(accessCredentials,AccessCredentials); in name: Data);
routine logout(TOKEND_PORTS);
//
// Miscellanea
//
routine getStatistics(TOKEND_PORTS; out statistics: CSPOperationalStatistics);
routine getTime(TOKEND_PORTS; in algorithm: CSSM_ALGORITHMS; out data: Data);
routine getCounter(TOKEND_PORTS; out data: Data);
routine selfVerify(TOKEND_PORTS);
routine cspPassThrough(TOKEND_PORTS; in id: uint32; IN_CONTEXT; in hKey: KeyHandle; IN_BLOB(key, CssmKey);
in inData: Data; out outData: Data);
routine dlPassThrough(TOKEND_PORTS; in id: uint32; in inData: Data; out outData: Data);
routine isLocked(TOKEND_PORTS; out locked: uint32);

1
security_tokend_client Symbolic link
View File

@ -0,0 +1 @@
lib

20
tokend_test-Info.plist Normal file
View File

@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundleExecutable</key>
<string>tokend_test</string>
<key>CFBundleIdentifier</key>
<string>com.apple.tokend.test</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>1.0</string>
</dict>
</plist>