diff --git a/CASA/CASA.changes b/CASA/CASA.changes index 0cffaaf5..36ca3e4b 100644 --- a/CASA/CASA.changes +++ b/CASA/CASA.changes @@ -1,3 +1,7 @@ +-------------------------------------------------------------------- +Tue Jun 27 14:22:53 MST 2006 - jnorman@novell.com +Added miCASARemoveKey API to dll. + -------------------------------------------------------------------- Mon Jun 26 16:16:53 MST 2006 - jluciani@novell.com - Added files sscs_string.h, micasa.h, and casa_status.h diff --git a/CASA/include/micasa.h b/CASA/include/micasa.h index cdf760a7..7f7dd217 100644 --- a/CASA/include/micasa.h +++ b/CASA/include/micasa.h @@ -510,6 +510,19 @@ miCASAReadBinaryKey SSCS_EXT_T * ext ); +SSCS_EXTERN_LIBCALL(int32_t) +miCASARemoveKey +( + void * context, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T * keyChainID, + SSCS_SECRET_ID_T * sharedSecretID, + SS_UTF8_T * key, + uint32_t keyLen, + SSCS_PASSWORD_T * epPassword, + SSCS_EXT_T * ext +); + SSCS_EXTERN_LIBCALL(int32_t) miCASASetMasterPasscode ( diff --git a/CASA/include/sscs_cache.h b/CASA/include/sscs_cache.h index d8c053ff..afdcb84d 100644 --- a/CASA/include/sscs_cache.h +++ b/CASA/include/sscs_cache.h @@ -517,6 +517,19 @@ int sscs_CacheReadBinaryKey void *reserved ); +int sscs_CacheRemoveKey +( + void *ssHandle, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T *keychainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + SSCS_PASSWORD_T *epPassword, + void *reserved +); + + int32_t sscs_SetMasterPasscode ( void *ssHandle, diff --git a/CASA/include/sscs_ipc.h b/CASA/include/sscs_ipc.h index 9bdc6b33..4d03cf7b 100644 --- a/CASA/include/sscs_ipc.h +++ b/CASA/include/sscs_ipc.h @@ -204,6 +204,16 @@ int ipc_WriteKey SSCS_EXT_T *ext ); +int ipc_RemoveKey +( + SSCS_SECRETSTORE_HANDLE_T *ssHandle, + SSCS_KEYCHAIN_ID_T *keychainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + SSCS_PASSWORD_T *epPassword +); + int ipc_ReadBinaryKey ( SSCS_SECRETSTORE_HANDLE_T *ssHandle, diff --git a/CASA/include/sscs_unx_cache_defines.h b/CASA/include/sscs_unx_cache_defines.h index 99d03d49..f0b47c3e 100644 --- a/CASA/include/sscs_unx_cache_defines.h +++ b/CASA/include/sscs_unx_cache_defines.h @@ -130,7 +130,7 @@ #define RESP_WRITE_KEY_MSGID 0x1011 #define REQ_SET_MASTER_PASSWORD 0x0012 -#define RESP_SET_MASTER_PASSWORD 0x1021 +#define RESP_SET_MASTER_PASSWORD 0x1012 #define REQ_IS_SECRET_PERSISTENT 0x0013 #define RESP_IS_SECRET_PERSISTENT 0x1013 @@ -143,6 +143,10 @@ #define REQ_READ_BINARY_KEY_MSGID 0x0016 #define RESP_READ_BINARY_KEY_MSGID 0x1016 + +#define REQ_REMOVE_KEY_MSGID 0x0017 +#define RESP_REMOVE_KEY_MSGID 0x1017 + #define EXT_TYPE_WINDOWS_LUID 0x00000001; #define WINDOWS_LUID_LEN 0x00000008; diff --git a/CASA/micasacache/micasacache.def b/CASA/micasacache/micasacache.def index 3e2096d1..494354d6 100644 --- a/CASA/micasacache/micasacache.def +++ b/CASA/micasacache/micasacache.def @@ -17,6 +17,7 @@ EXPORTS sscs_IsSecretPersistent sscs_CacheWriteKey sscs_CacheWriteBinaryKey + sscs_CacheRemoveKey sscs_CacheReadKey sscs_CacheReadBinaryKey sscs_CacheCloseSecretStore diff --git a/CASA/micasacache/sscs_unx_cache.c b/CASA/micasacache/sscs_unx_cache.c index 6b010112..3ce05672 100644 --- a/CASA/micasacache/sscs_unx_cache.c +++ b/CASA/micasacache/sscs_unx_cache.c @@ -631,6 +631,48 @@ int sscs_CacheWriteBinaryKey return retVal; } +/* Removes Secret for a given Secret ID in a given keychain. + * + * Parameters: + * ssHandle + * (IN) Handle returned by sscs_CacheOpenSecretStore function. This will have + * context information regarding the SecretStore. + * + * + * keyChainID + * (IN) KeyChainID where the specified SecretID stored. + * + * secretID + * (IN) Specifies the unique secret ID within the keychain. This data is + * encoded in SSCS_SECRET_ID_T. + * + * + * epPassword + * (IN) Points to an optional field to pass in the Enhanced Protection Password + * for reading a secret.When the password is not present, you can pass in a NULL. + * + * Return Values: + */ +int32_t sscs_CacheRemoveKey +( + void *ssHandle, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T *keyChainID, + SSCS_SECRET_ID_T *secredID, + SS_UTF8_T *key, + uint32_t keyLen, + SSCS_PASSWORD_T *epPassword, + void *reserved +) +{ + int32_t retVal = 0; + SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; + + retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword); + + return retVal; +} + /* Reads Secret value for a given Secret ID in a given keychain. * diff --git a/CASA/micasacache/sscs_unx_ipc_client.c b/CASA/micasacache/sscs_unx_ipc_client.c index e0da7b0a..75b538a9 100644 --- a/CASA/micasacache/sscs_unx_ipc_client.c +++ b/CASA/micasacache/sscs_unx_ipc_client.c @@ -1844,6 +1844,126 @@ int32_t ipc_SetMasterPasscode return retCode; } +int32_t ipc_RemoveKey +( + SSCS_SECRETSTORE_HANDLE_T *ssHandle, + SSCS_KEYCHAIN_ID_T *keychainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + SSCS_PASSWORD_T *epPassword +) +{ + int retVal = 0; //to be used in the function internally + int32_t retCode = NSSCS_SUCCESS; //to be returned to caller + int32_t sockReturn = 0; //obtained from the server + + uint32_t dataLen = 0; + uint16_t msgid = 0; + uint32_t keychainIDLen = 0; + uint32_t secretIDLen = 0; + uint32_t msgLen = 0; + + SSCS_PASSWORD_T myPassword = {0,0,""}; + + Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; + Byte gpReplyBuf[MIN_REPLY_BUF_LEN]; + Byte *pReq = NULL, *pReply = NULL; + memset(gpReqBuf,0,sizeof(gpReqBuf)); + memset(gpReplyBuf,0,sizeof(gpReplyBuf)); + + do + { + if((NULL == ssHandle) + || (NULL == ssHandle->platHandle) + || (NULL == keychainID) + || (NULL == secretID) + || (NULL == key) + || (keyLen < 1)) + { + retCode = NSSCS_E_INVALID_PARAM; + break; + } + + // Prepare Request buffer + + keychainIDLen = keychainID->len; + secretIDLen = secretID->len; + + if( keychainIDLen > NSSS_MAX_KEYCHAIN_ID_CHARS || + secretIDLen > NSSS_MAX_SECRET_ID_CHARS ) + { + retCode = NSSS_E_SECRET_ID_TOO_LONG; + break; + } + // epPassword is optional. So, the code should not break. + if( NULL == epPassword ) + epPassword = &myPassword; + msgLen = MSGID_LEN + MSG_LEN + + MSG_STRING_LEN + // KeychainID length + keychainIDLen + // Keychain ID + MSG_STRING_LEN + // SecretID length + secretIDLen + // SecretID + MSG_STRING_LEN + //keyLen + keyLen + //key + MSG_STRING_LEN + // epPassword len + epPassword->pwordLen; + + pReq = gpReqBuf; + msgid = REQ_REMOVE_KEY_MSGID; + memcpy(pReq, &msgid, MSGID_LEN); + pReq += MSGID_LEN; + memcpy(pReq, &msgLen, MSG_LEN); + pReq += MSG_LEN; + memcpy(pReq, &keychainIDLen, MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq,keychainID->keychainID,keychainIDLen); + pReq += keychainIDLen ; + memcpy(pReq, &secretIDLen, MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq, secretID->id, secretIDLen); + pReq += secretIDLen; + + memcpy(pReq, &keyLen, MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq, key, keyLen); + pReq += keyLen; + + memcpy(pReq, &(epPassword->pwordLen), MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq, epPassword->pword, epPassword->pwordLen); + pReq += epPassword->pwordLen; + + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); + if(retVal < 0) + { + //log debug info here + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + + // Read reply + pReply = gpReplyBuf; + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + if( 0 == retVal ) + { + //log debug info here + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + + memcpy(&msgid,pReply, MSGID_LEN); + pReply += MSGID_LEN; + memcpy(&msgLen,pReply, MSG_LEN); + pReply += MSG_LEN; + memcpy(&sockReturn, pReply, MSG_DWORD_LEN); + retCode = mapReturnCode(sockReturn); + + } while(0); + return retCode; +} + + int32_t ipc_ReadKey ( SSCS_SECRETSTORE_HANDLE_T *ssHandle, diff --git a/CASA/micasadk/micasa.def b/CASA/micasadk/micasa.def index 1b0b3084..0a0f99a7 100644 --- a/CASA/micasadk/micasa.def +++ b/CASA/micasadk/micasa.def @@ -16,6 +16,7 @@ EXPORTS miCASAWriteBinaryKey miCASAReadKey miCASAReadBinaryKey + miCASARemoveKey miCASAGetStoreInformation miCASAEnumerateSecretIDs miCASARemoveSecretStore diff --git a/CASA/micasadk/sscs_ndk.c b/CASA/micasadk/sscs_ndk.c index 35cfdbdc..32639c6c 100644 --- a/CASA/micasadk/sscs_ndk.c +++ b/CASA/micasadk/sscs_ndk.c @@ -2066,6 +2066,125 @@ errorLevel2: /* ############################### CODE ENDS HERE ############################# */ } //* end of miCASAReadBinaryKey +/* + * NAME - miCASARemoveKey + * + * DESCRIPTION + * NOTE: This assume a SS_CREDSET SecretType + * + * + */ +SSCS_GLOBAL_LIBCALL(int32_t) +miCASARemoveKey +( + void * context, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T * keyChainID, + SSCS_SECRET_ID_T * sharedSecretID, + SS_UTF8_T * key, + uint32_t keyLen, + SSCS_PASSWORD_T * epPassword, + SSCS_EXT_T * ext +) +{ /* beginning of the call */ +/* ########################## DECLARATIONS START HERE ######################### */ + + int32_t rc = 0, sidLen = 0, index = 0; + uint32_t escNameLen = 0; + SSCS_SECRET_ID_T secretID = {0}; + SS_UTF8_T *escapedSHSName = NULL; + SS_UTF8_T *escapedSHSKey = NULL; + SSCS_CONTEXT_T *storeContext = (SSCS_CONTEXT_T *)context; + +/* ############################## CODE STARTS HERE ############################ */ + + // readData and epPassword are optional parameters + if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) || (key == NULL)) + { + return(NSSCS_E_INVALID_PARAM); + } + + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN/4) + { + return(NSSCS_E_BUFFER_LEN); + } + + if (keyLen > NSSCS_MAX_SECRET_ID_LEN/4) + { + return(NSSCS_E_BUFFER_LEN); + } + + if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) + { + rc = NSSCS_E_SYSTEM_FAILURE; + goto errorLevel2; + } + + if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) + { + rc = NSSCS_E_SYSTEM_FAILURE; + goto errorLevel1; + } + + memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); + memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); + memset(escapedSHSKey, 0, NSSCS_MAX_SECRET_ID_LEN); + + // escape delimited characters + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN) + { + rc = NSSCS_E_BUFFER_LEN; + goto errorLevel1; + } + + memcpy(escapedSHSName, sharedSecretID->id, sharedSecretID->len); + escNameLen = sharedSecretID->len; + sscsshs_ChkEscapeString(&escapedSHSName, &escNameLen); + + memcpy(escapedSHSKey, key, keyLen); + sscsshs_ChkEscapeString(&escapedSHSKey, &keyLen); + + if(escNameLen < 1) + { + rc = NSSCS_E_SECRET_ID_TOO_SHORT; + goto errorLevel1; + } + + // convert to a SSCS_CRED_SET + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED, SSCS_CRED_SET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); + secretID.len = SSCS_CRED_SET_CHARS_DELIMITED + escNameLen - 1; + + rc = sscs_CacheRemoveKey(storeContext->ssHandle, + ssFlags, + keyChainID, + &secretID, + escapedSHSKey, + keyLen-1, // NOTE: micasad not saving NULL on key + epPassword, + ext); + +/* ############################### CODE EXITS HERE ############################# */ + +errorLevel1: + if(escapedSHSName) + { + memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); + free(escapedSHSName); + } + + if(escapedSHSKey) + { + memset(escapedSHSKey, 0, NSSCS_MAX_SECRET_ID_LEN); + free(escapedSHSKey); + } + +errorLevel2: + memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); + return(rc); + +/* ############################### CODE ENDS HERE ############################# */ +} //* end of miCASAReadKey /*