From f0946f22d5debc4a869146140c111d1049152c2b Mon Sep 17 00:00:00 2001 From: Jim Norman Date: Fri, 9 Dec 2005 17:42:13 +0000 Subject: [PATCH] Binary support in shared libraries --- c_micasacache/link.w32 | 3 +- c_micasacache/link_mdd.w32 | 2 + c_micasacache/sscs_unx_cache.c | 92 +++++-- c_micasacache/sscs_unx_ipc_client.c | 390 +++++++++++++++++++++++++++- c_micasadk/link.w32 | 2 + c_micasadk/link_mdd.w32 | 2 + c_micasadk/sscs_ndk.c | 307 ++++++++++++++++++++-- include/micasa.h | 16 ++ include/micasa_mgmd.h | 11 +- include/sscs_cache.h | 43 ++- include/sscs_ipc.h | 29 ++- include/sscs_unx_cache_defines.h | 8 + 12 files changed, 854 insertions(+), 51 deletions(-) diff --git a/c_micasacache/link.w32 b/c_micasacache/link.w32 index 6eb30820..a4cfb923 100644 --- a/c_micasacache/link.w32 +++ b/c_micasacache/link.w32 @@ -41,6 +41,7 @@ LINK_DEF_BLD = \ echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\ echo "/EXPORT:sscs_IsSecretPersistent">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheWriteKey">> $(LINKDEF);\ - echo "/EXPORT:sscs_CacheReadKey">> $(LINKDEF);\ + echo "/EXPORT:sscs_CacheWriteBinaryKey">> $(LINKDEF);\ + echo "/EXPORT:sscs_CacheReadBinaryKey">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheCloseSecretStore">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheOpenSecretStore">> $(LINKDEF); diff --git a/c_micasacache/link_mdd.w32 b/c_micasacache/link_mdd.w32 index 9c54660d..e88bd36f 100644 --- a/c_micasacache/link_mdd.w32 +++ b/c_micasacache/link_mdd.w32 @@ -48,5 +48,7 @@ LINK_DEF_BLD = \ echo "/EXPORT:sscs_IsSecretPersistent">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheWriteKey">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheReadKey">> $(LINKDEF);\ + echo "/EXPORT:sscs_CacheWriteBinaryKey">> $(LINKDEF);\ + echo "/EXPORT:sscs_CacheReadBinaryKey">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheCloseSecretStore">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheOpenSecretStore">> $(LINKDEF); diff --git a/c_micasacache/sscs_unx_cache.c b/c_micasacache/sscs_unx_cache.c index 952c9776..8f1485a7 100644 --- a/c_micasacache/sscs_unx_cache.c +++ b/c_micasacache/sscs_unx_cache.c @@ -291,14 +291,14 @@ int32_t sscs_CacheEnumerateSecretIDs */ int32_t sscs_CacheReadSecret ( - void *ssHandle, - uint32_t ssFlags, + void *ssHandle, + uint32_t ssFlags, SSCS_KEYCHAIN_ID_T *keychainID, - SSCS_SECRET_ID_T *secretID, + SSCS_SECRET_ID_T *secretID, SSCS_SECRET_T *secretData, SSCS_PASSWORD_T *epPassword, - uint32_t *bytesRequired, - void *reserved + uint32_t *bytesRequired, + void *reserved ) { int32_t retVal = 0; @@ -574,16 +574,16 @@ int32_t sscs_SetMasterPassword */ int sscs_CacheWriteKey ( - void *ssHandle, - uint32_t ssFlags, + void *ssHandle, + uint32_t ssFlags, SSCS_KEYCHAIN_ID_T *keyChainID, SSCS_SECRET_ID_T *secretID, - SS_UTF8_T *key, - uint32_t keyLen, - uint8_t *val, - uint32_t valLen, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + int32_t valLen, SSCS_PASSWORD_T *epPassword, - void *reserved + void *reserved ) { int32_t retVal = 0; @@ -593,6 +593,32 @@ int sscs_CacheWriteKey return retVal; } + + + +int sscs_CacheWriteBinaryKey +( + void *ssHandle, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T *keyChainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + uint32_t valLen, + SSCS_PASSWORD_T *epPassword, + void *reserved +) +{ + int32_t retVal = 0; + SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; + + retVal = ipc_WriteBinaryKey(ssHandleCopy,ssFlags,keyChainID,secretID,key,keyLen,val,valLen,epPassword, reserved); + + return retVal; +} + + /* Reads Secret value for a given Secret ID in a given keychain. * * Parameters: @@ -624,17 +650,17 @@ int sscs_CacheWriteKey */ int32_t sscs_CacheReadKey ( - void *ssHandle, - uint32_t ssFlags, + void *ssHandle, + uint32_t ssFlags, SSCS_KEYCHAIN_ID_T *keychainID, - SSCS_SECRET_ID_T *secretID, - SS_UTF8_T *key, - uint32_t keyLen, - uint8_t *val, - uint32_t valLen, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + uint32_t *valLen, SSCS_PASSWORD_T *epPassword, - uint32_t *bytesRequired, - void *reserved + uint32_t *bytesRequired, + void *reserved ) { int32_t retVal = 0; @@ -644,6 +670,30 @@ int32_t sscs_CacheReadKey return retVal; } + +int32_t sscs_CacheReadBinaryKey +( + void *ssHandle, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T *keychainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + uint32_t *valLen, + SSCS_PASSWORD_T *epPassword, + uint32_t *bytesRequired, + void *reserved +) +{ + int32_t retVal = 0; + SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; + + retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired); + + return retVal; +} + int sscs_IsSecretPersistent ( void *ssHandle, diff --git a/c_micasacache/sscs_unx_ipc_client.c b/c_micasacache/sscs_unx_ipc_client.c index b076ccb1..66752dc2 100644 --- a/c_micasacache/sscs_unx_ipc_client.c +++ b/c_micasacache/sscs_unx_ipc_client.c @@ -1801,9 +1801,9 @@ int32_t ipc_ReadKey SS_UTF8_T *key, uint32_t keyLen, uint8_t *val, - uint32_t valLen, + uint32_t *valLen, SSCS_PASSWORD_T *epPassword, - uint32_t *bytesRequired + uint32_t *bytesRequired ) { int retVal = 0; //to be used in the function internally @@ -1917,7 +1917,173 @@ int32_t ipc_ReadKey break; } // Let me check if the buffer passed by application is big enough - if(dataLen <= valLen) + if(dataLen <= *valLen) + { + // Read the secret into application buffer. + retVal = IPC_READ(*(int *)ssHandle->platHandle, val, dataLen); + if( retVal < 0 ) + { + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + // set the length of the data + *valLen = dataLen; + + } + else + { + //buffer allocated by application is not sufficient to hold the data. + *bytesRequired = dataLen; + { + // Cleanup the channel by reading the remaining and return error. + int n; + n = dataLen; + while(n) + { + int bytes = IPC_READ(*(int *)ssHandle->platHandle, gpReplyBuf, MIN_REPLY_BUF_LEN); + if( bytes > 0) + n -= MIN_REPLY_BUF_LEN; + else + break; + } + // Read the sscs return code also. + IPC_READ(*(int *)ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); + retCode = NSSCS_E_ENUM_BUFF_TOO_SHORT; + break; + } + } + // Read the sscs return code also. + IPC_READ(*(int *)ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); + retCode = mapReturnCode(sockReturn); + + } while(0); + return retCode; +} + +int32_t ipc_ReadBinaryKey +( + SSCS_SECRETSTORE_HANDLE_T *ssHandle, + SSCS_KEYCHAIN_ID_T *keychainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + uint32_t *valLen, + SSCS_PASSWORD_T *epPassword, + uint32_t *bytesRequired +) +{ + int retVal = 0; //to be used in the function internally + int32_t retCode = NSSCS_SUCCESS; //to be returned to caller + int32_t sockReturn = 0; //obtained from the server + + uint32_t dataLen = 0; + uint16_t msgid = 0; + uint32_t keychainIDLen = 0; + uint32_t secretIDLen = 0; + uint32_t msgLen = 0; + + SSCS_PASSWORD_T myPassword = {0,0,""}; + + Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; + Byte gpReplyBuf[MIN_REPLY_BUF_LEN]; + Byte *pReq = NULL, *pReply = NULL; + memset(gpReqBuf,0,sizeof(gpReqBuf)); + memset(gpReplyBuf,0,sizeof(gpReplyBuf)); + + do + { + if((NULL == ssHandle) || (NULL == ssHandle->platHandle) || (NULL == keychainID) || (NULL == secretID) || (NULL == bytesRequired)) + { + retCode = NSSCS_E_INVALID_PARAM; + break; + } + + // Prepare Request buffer + keychainIDLen = keychainID->len; + secretIDLen = secretID->len; + + if( keychainIDLen > NSSS_MAX_KEYCHAIN_ID_CHARS || + secretIDLen > NSSS_MAX_SECRET_ID_CHARS ) + { + retCode = NSSS_E_SECRET_ID_TOO_LONG; + break; + } + // epPassword is optional. So, the code should not break. + if( NULL == epPassword ) + epPassword = &myPassword; + msgLen = MSGID_LEN + MSG_LEN + + MSG_STRING_LEN + // KeychainID length + keychainIDLen + // Keychain ID + MSG_STRING_LEN + // SecretID length + secretIDLen + // SecretID + MSG_STRING_LEN + //keyLen + keyLen + //key + MSG_STRING_LEN + // epPassword len + epPassword->pwordLen; + + pReq = gpReqBuf; + msgid = REQ_READ_BINARY_KEY_MSGID; + memcpy(pReq, &msgid, MSGID_LEN); + pReq += MSGID_LEN; + memcpy(pReq, &msgLen, MSG_LEN); + pReq += MSG_LEN; + memcpy(pReq, &keychainIDLen, MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq,keychainID->keychainID,keychainIDLen); + pReq += keychainIDLen ; + memcpy(pReq, &secretIDLen, MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq, secretID->id, secretIDLen); + pReq += secretIDLen; + + memcpy(pReq, &keyLen, MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq, key, keyLen); + pReq += keyLen; + + memcpy(pReq, &(epPassword->pwordLen), MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq, epPassword->pword, epPassword->pwordLen); + pReq += epPassword->pwordLen; + + retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + if(retVal < 0) + { + //log debug info here + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + + // Read reply + pReply = gpReplyBuf; + retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + if( 0 == retVal ) + { + //log debug info here + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + + memcpy(&msgid,pReply, MSGID_LEN); + pReply += MSGID_LEN; + memcpy(&msgLen,pReply, MSG_LEN); + pReply += MSG_LEN; + memcpy(&dataLen,pReply, MSG_DWORD_LEN); + if( 0 == dataLen ) + { + // Cleanup the channel by reading the return code. + retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); + if( retVal < 0 ) + { + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + retCode = mapReturnCode(sockReturn); + break; + } + // Let me check if the buffer passed by application is big enough + if(dataLen <= *valLen) { // Read the secret into application buffer. retVal = IPC_READ(*(int *)ssHandle->platHandle, val, dataLen); @@ -2070,7 +2236,223 @@ int ipc_WriteKey pReq = gpReqBuf; } - msgid = REQ_WRITE_KEY_MSGID; + msgid = REQ_WRITE_KEY_MSGID; + + memcpy(pReq, &msgid, MSGID_LEN); + pReq += MSGID_LEN; + memcpy(pReq, &msgLen, MSG_LEN); + pReq += MSG_LEN; + memcpy(pReq, &keychainIDLen, MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq,keychainID->keychainID,keychainIDLen ); + pReq += keychainIDLen; + memcpy(pReq, &secretIDLen, MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq, secretID->id,secretIDLen); + pReq += secretIDLen; + + memcpy(pReq,&keyLen,MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq,key,keyLen); + pReq += keyLen; + memcpy(pReq,&valLen,MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq,val,valLen); + pReq += valLen; + + memcpy(pReq, &(epPassword->pwordLen), MSG_STRING_LEN); + pReq += MSG_STRING_LEN; + memcpy(pReq, epPassword->pword, epPassword->pwordLen); + pReq += epPassword->pwordLen; + + // marshall the extension if there is one + if (ext) + { + if (ext->extID == WINDOWS_LOGIN_ID) + { + extID = EXT_TYPE_WINDOWS_LUID; + memcpy(pReq, &extID, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + luidLen = WINDOWS_LUID_LEN; + memcpy(pReq, &luidLen, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + memcpy(pReq, ext->ext, 8); + pReq += 8; + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + + } + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + } + + if(tmpBuf != NULL) + { + retVal = IPC_WRITE(*(int *)ssHandle->platHandle,tmpBuf,msgLen); + } + else + { + retVal = IPC_WRITE(*(int *)ssHandle->platHandle,gpReqBuf, msgLen); + } + if(retVal < 0) + { + //log debug info here + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + + // Read reply + pReply = gpReplyBuf; + retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + if(retVal < 0) + { + //log debug info here + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + + memcpy(&msgid,pReply, MSGID_LEN); + pReply += MSGID_LEN; + memcpy(&msgLen,pReply, MSG_LEN); + pReply += MSG_LEN; + memcpy(&sockReturn, pReply, MSG_DWORD_LEN); + retCode = mapReturnCode(sockReturn); + + }while(0); + + if( tmpBuf != NULL ) + { + free(tmpBuf); + tmpBuf = NULL; + } + return retCode; +} + + + +int ipc_WriteBinaryKey +( + SSCS_SECRETSTORE_HANDLE_T *ssHandle, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T *keychainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + uint32_t valLen, + SSCS_PASSWORD_T *epPassword, + SSCS_EXT_T *ext +) +{ + int retVal = 0; //to be used in the function internally + int32_t retCode = NSSCS_SUCCESS; //to be returned to caller + int32_t sockReturn = 0; //obtained from the server + + Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; + Byte gpReplyBuf[MIN_REPLY_BUF_LEN]; + Byte *pReq = NULL, *pReply = NULL; + Byte *tmpBuf = NULL; + + uint16_t msgid = 0; + uint32_t keychainIDLen = 0; + uint32_t secretIDLen = 0; + uint32_t msgLen = 0; + + uint32_t extID = 0; + uint32_t luidLen = 0; + + + SSCS_PASSWORD_T myPassword = {0,0,""}; + memset(gpReqBuf,0,sizeof(gpReqBuf)); + memset(gpReplyBuf,0,sizeof(gpReplyBuf)); + + do + { + if((NULL == ssHandle) || (NULL == ssHandle->platHandle) || (NULL == keychainID) || (NULL == secretID) ||(NULL == key)) + { + retCode = NSSCS_E_INVALID_PARAM; + break; + } + + // Prepare Request buffer + + keychainIDLen = keychainID->len; + secretIDLen = secretID->len; + + if( keychainIDLen > NSSS_MAX_KEYCHAIN_ID_CHARS || + secretIDLen > NSSS_MAX_SECRET_ID_CHARS ) + { + retCode = NSSS_E_SECRET_ID_TOO_LONG; + break; + } + // epPassword is optional. So, the code should not break. + if(epPassword == NULL) + epPassword = &myPassword; + + msgLen = MSGID_LEN + MSG_LEN + + MSG_STRING_LEN + // KeychainID length + keychainIDLen + // Keychain ID + MSG_STRING_LEN + // SecretID length + secretIDLen + // SecretID + MSG_STRING_LEN + // Secret Value Length + keyLen + + MSG_STRING_LEN + + valLen + + MSG_STRING_LEN + // epPassword len + epPassword->pwordLen; + + // is there an ext, account for it + if (ext) + { + // The login capture on Windows determines the LUID of the user + // and sends it as an Extension, marshall it across the pipe + // see the WriteSecret verb for handling it. + if (ext->extID == WINDOWS_LOGIN_ID) + { + // 4 byte ext type, 4 byte len and 8 bytes of LUID + msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; + // as setup in the capture module + //ext.extID = WINDOWS_LOGON_ID; + //ext.version = 0x00010000; // 1.0.0 + //ext.ext = (void *)lpLogonId; + // _LUID { DWORD LowPart; LONG HighPart; // 8 byte + } + else + msgLen += MSG_DWORD_LEN; + } + else + { + // the cache daemon expects a ext, add it here + msgLen += MSG_DWORD_LEN; + } + + if( msgLen > MIN_REQUEST_BUF_LEN ) + { + tmpBuf = (Byte*)malloc(msgLen); + if( NULL == tmpBuf ) + { + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + memset(tmpBuf,0,msgLen); + pReq = tmpBuf; + } + else + { + pReq = gpReqBuf; + } + + + msgid = REQ_WRITE_BINARY_KEY_MSGID; + memcpy(pReq, &msgid, MSGID_LEN); pReq += MSGID_LEN; memcpy(pReq, &msgLen, MSG_LEN); diff --git a/c_micasadk/link.w32 b/c_micasadk/link.w32 index b2208f6c..1301fe97 100644 --- a/c_micasadk/link.w32 +++ b/c_micasadk/link.w32 @@ -40,6 +40,8 @@ LINK_DEF_BLD = \ echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteKey" >> $(LINKDEF);\ + echo "/EXPORT:miCASAWriteBinaryKey" >> $(LINKDEF);\ + echo "/EXPORT:miCASAReadBinaryKey" >> $(LINKDEF);\ echo "/EXPORT:miCASAGetStoreInformation" >> $(LINKDEF);\ echo "/EXPORT:miCASAEnumerateSecretIDs" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveSecretStore" >> $(LINKDEF);\ diff --git a/c_micasadk/link_mdd.w32 b/c_micasadk/link_mdd.w32 index a637bb7d..a50627af 100644 --- a/c_micasadk/link_mdd.w32 +++ b/c_micasadk/link_mdd.w32 @@ -43,6 +43,8 @@ LINK_DEF_BLD = \ echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteKey" >> $(LINKDEF);\ + echo "/EXPORT:miCASAWriteBinaryKey" >> $(LINKDEF);\ + echo "/EXPORT:miCASAReadBinaryKey" >> $(LINKDEF);\ echo "/EXPORT:miCASAGetStoreInformation" >> $(LINKDEF);\ echo "/EXPORT:miCASAEnumerateSecretIDs" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveSecretStore" >> $(LINKDEF);\ diff --git a/c_micasadk/sscs_ndk.c b/c_micasadk/sscs_ndk.c index 794b3d1f..ecc143de 100644 --- a/c_micasadk/sscs_ndk.c +++ b/c_micasadk/sscs_ndk.c @@ -1585,6 +1585,237 @@ errorLevel2: } //* end of miCASAWriteSecret +/* + * NAME - miCASAWriteBinaryKey + * + * DESCRIPTION + * NOTE: This assume a SS_CREDSET SecretType + * + * + */ +SSCS_GLOBAL_LIBCALL(int32_t) +miCASAWriteBinaryKey +( + void * context, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T * keyChainID, + SSCS_SECRET_ID_T * sharedSecretID, + SS_UTF8_T * key, + uint32_t keyLen, + uint8_t * val, + uint32_t valLen, + SSCS_PASSWORD_T * epPassword, + SSCS_EXT_T * ext +) +{ /* beginning of the call */ +/* ########################## DECLARATIONS START HERE ######################### */ + + int32_t rc = 0, sidLen = 0, index = 0; + uint32_t escNameLen = 0; + SSCS_SECRET_ID_T secretID = {0}; + SS_UTF8_T *escapedSHSName = NULL; + SS_UTF8_T *escapedSHSKey = NULL; + //SS_UTF8_T *escapedSHSValue = NULL; + SSCS_CONTEXT_T * storeContext = (SSCS_CONTEXT_T *)context; + +/* ############################## CODE STARTS HERE ############################ */ + + // readData and epPassword are optional parameters + if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) || (key == NULL)) + { + return(NSSCS_E_INVALID_PARAM); + } + + secretID.len = NSSCS_MAX_SECRET_ID_LEN; + + if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) + { + rc = NSSCS_E_SYSTEM_FAILURE; + goto errorLevel2; + } + + if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_PASSCODE_LEN)) == NULL) + { + rc = NSSCS_E_SYSTEM_FAILURE; + goto errorLevel1; + } + + memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); + memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); + memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); + + // escape delimited characters + memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id)); + sscsshs_ChkEscapeString(escapedSHSName); + + memcpy(escapedSHSKey, key, keyLen); + sscsshs_ChkEscapeString(escapedSHSKey); + + if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) + { + rc = NSSCS_E_SECRET_ID_TOO_SHORT; + goto errorLevel1; + } + + // convert to a SSCS_CRED_SET + sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED); + sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); + secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + + //rc = sscs_CacheWriteSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf, epPassword, ext); + // -1 to prevent the null from being cached in micasad + + + rc = sscs_CacheWriteBinaryKey(storeContext->ssHandle, + ssFlags, + keyChainID, + &secretID, + escapedSHSKey, + sscs_Utf8Strlen(escapedSHSKey), + val, + valLen, + epPassword, + ext); + +/* ############################### CODE EXITS HERE ############################# */ + +errorLevel1: + if(escapedSHSName) + { + memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); + free(escapedSHSName); + } + + if (escapedSHSKey) + { + memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); + free(escapedSHSKey); + } + +errorLevel2: + memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); + return(rc); + +/* ############################### CODE ENDS HERE ############################# */ +} //* end of miCASAWriteBinaryKey + + + +/* + * NAME - miCASAWriteKey + * + * DESCRIPTION + * NOTE: This assume a SS_CREDSET SecretType + * + * + */ +SSCS_GLOBAL_LIBCALL(int32_t) +miCASAReadBinaryKey +( + void * context, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T * keyChainID, + SSCS_SECRET_ID_T * sharedSecretID, + SS_UTF8_T * key, + uint32_t keyLen, + uint8_t * val, + uint32_t * valLen, + SSCS_PASSWORD_T * epPassword, + uint32_t * bytesRequired, + SSCS_EXT_T * ext +) +{ /* beginning of the call */ +/* ########################## DECLARATIONS START HERE ######################### */ + + int32_t rc = 0, sidLen = 0, index = 0; + uint32_t escNameLen = 0; + SSCS_SECRET_ID_T secretID = {0}; + SS_UTF8_T *escapedSHSName = NULL; + SS_UTF8_T *escapedSHSKey = NULL; + SSCS_CONTEXT_T * storeContext = (SSCS_CONTEXT_T *)context; + +/* ############################## CODE STARTS HERE ############################ */ + + // readData and epPassword are optional parameters + if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) || (key == NULL)) + { + return(NSSCS_E_INVALID_PARAM); + } + + secretID.len = NSSCS_MAX_SECRET_ID_LEN; + + if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) + { + rc = NSSCS_E_SYSTEM_FAILURE; + goto errorLevel2; + } + + if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_PASSCODE_LEN)) == NULL) + { + rc = NSSCS_E_SYSTEM_FAILURE; + goto errorLevel1; + } + + memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); + memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); + memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); + + + // escape delimited characters + memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id)); + sscsshs_ChkEscapeString(escapedSHSName); + + memcpy(escapedSHSKey, key, keyLen); + sscsshs_ChkEscapeString(escapedSHSKey); + + if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) + { + rc = NSSCS_E_SECRET_ID_TOO_SHORT; + goto errorLevel1; + } + + // convert to a SSCS_CRED_SET + sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED); + sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); + secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + + rc = sscs_CacheReadBinaryKey(storeContext->ssHandle, + ssFlags, + keyChainID, + &secretID, + escapedSHSKey, + sscs_Utf8Strlen(escapedSHSKey), + val, + valLen, + epPassword, + bytesRequired, + ext); + +/* ############################### CODE EXITS HERE ############################# */ + +errorLevel1: + if(escapedSHSName) + { + memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); + free(escapedSHSName); + } + + if (escapedSHSKey) + { + memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); + free(escapedSHSKey); + } + +errorLevel2: + memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); + + return(rc); + +/* ############################### CODE ENDS HERE ############################# */ +} //* end of miCASAWriteSecret + + + /* * NAME - miCASAGetStoreInfomaion * @@ -2457,6 +2688,8 @@ miCASAGetCredential SSCS_KEYCHAIN_ID_T kc = {0}; SSCS_BASIC_CREDENTIAL *basicCred = (SSCS_BASIC_CREDENTIAL *)credential; + SSCS_BINARY_CREDENTIAL *binaryCred = (SSCS_BINARY_CREDENTIAL *)credential; + int32_t bytesRequired = 0; /* ############################## CODE STARTS HERE ############################ */ @@ -2466,11 +2699,31 @@ miCASAGetCredential return(NSSCS_E_INVALID_PARAM); } + // set default keychain + sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID); + kc.len = SSCS_S_KC_ID_CHARS; + + // open secretStore sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID); store.version = 1; context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); + if (*credentialType == SSCS_CRED_TYPE_BINARY_F) + { + return miCASAReadBinaryKey( + context, + ssFlags, + &kc, + appSecretID, + binaryCred->id, + binaryCred->idLen, + binaryCred->data, + binaryCred->dataLen, + NULL, + &bytesRequired, + ext); + } // create a SHS Handle secretHandle = miCASA_CreateSHSHandle(); @@ -2479,8 +2732,6 @@ miCASAGetCredential // 1&2. look up the SS_App for this secretID, if not found use the sharedSecretID - sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID); - kc.len = SSCS_S_KC_ID_CHARS; secID.type = SSCS_APPLICATION_TYPE_F; secID.len = appSecretID->len; @@ -2628,7 +2879,44 @@ miCASASetCredential /* ############################## CODE STARTS HERE ############################ */ - SSCS_BASIC_CREDENTIAL *basicCred = (SSCS_BASIC_CREDENTIAL *)credential; + SSCS_BASIC_CREDENTIAL *basicCred; + SSCS_BINARY_CREDENTIAL *binaryCred; + + // open secretStore + sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID); + store.version = 1; + context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); + + storeContext = (SSCS_CONTEXT_T *)context; + + if (context == NULL) + { + return NSSCS_E_SYSTEM_FAILURE; + } + + + sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID); + kc.len = SSCS_S_KC_ID_CHARS; + + + if (credentialType == SSCS_CRED_TYPE_BINARY_F) + { + binaryCred = (SSCS_BINARY_CREDENTIAL *)credential; + + return miCASAWriteBinaryKey( + context, + ssFlags, + &kc, + sharedSecretID, + binaryCred->id, + binaryCred->idLen, + binaryCred->data, + *binaryCred->dataLen, + NULL, + ext); + } + else + basicCred = (SSCS_BASIC_CREDENTIAL *)credential; // check params if ((appSecretID == NULL) || (credential == NULL)) { @@ -2650,17 +2938,6 @@ miCASASetCredential usernameKeyname = SHS_CN; - // open secretStore - sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID); - store.version = 1; - context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); - - storeContext = (SSCS_CONTEXT_T *)context; - - if (context == NULL) - { - return NSSCS_E_SYSTEM_FAILURE; - } // create a SHS Handle secretHandle = miCASA_CreateSHSHandle(); @@ -2669,8 +2946,6 @@ miCASASetCredential // 1&2. Look up the SS_App for this secretID in case we should use an shared override, // if not found use the sharedSecretID passed in. - sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID); - kc.len = SSCS_S_KC_ID_CHARS; secID.type = SSCS_APPLICATION_TYPE_F; secID.len = appSecretID->len; diff --git a/include/micasa.h b/include/micasa.h index 82408f09..757d2fed 100644 --- a/include/micasa.h +++ b/include/micasa.h @@ -461,6 +461,22 @@ miCASAWriteKey SSCS_EXT_T * ext ); +SSCS_EXTERN_LIBCALL(int32_t) +miCASAReadBinaryKey +( + void * context, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T * keyChainID, + SSCS_SECRET_ID_T * sharedSecretID, + SS_UTF8_T * key, + uint32_t keyLen, + uint8_t * val, + uint32_t * valLen, + SSCS_PASSWORD_T * epPassword, + uint32_t * bytesRequired, + SSCS_EXT_T * ext +); + SSCS_EXTERN_LIBCALL(int32_t) miCASASetMasterPasscode ( diff --git a/include/micasa_mgmd.h b/include/micasa_mgmd.h index 81143d9b..1422f6ab 100644 --- a/include/micasa_mgmd.h +++ b/include/micasa_mgmd.h @@ -89,6 +89,7 @@ typedef unsigned char SS_UTF8_T; // used to denote what structure is being used for the credentials #define SSCS_CRED_TYPE_BASIC_F 0x00000001L +#define SSCS_CRED_TYPE_BINARY_F 0x00000002L // used to denote the type of username being requested or set #define USERNAME_TYPE_CN_F 0x00000000L // default behavior @@ -113,7 +114,15 @@ typedef struct _sscs_basic_credential uint32_t pwordLen; SS_UTF8_T password[NSSCS_MAX_PWORD_LEN]; } SSCS_BASIC_CREDENTIAL; - + + +typedef struct _sscs_binary_credential +{ + uint32_t idLen; + SS_UTF8_T id[NSSCS_MAX_SECRET_ID_LEN]; + uint32_t *dataLen; + uint8_t *data; +} SSCS_BINARY_CREDENTIAL; typedef struct _sscs_ext_t { diff --git a/include/sscs_cache.h b/include/sscs_cache.h index 43806d8a..faaee68c 100644 --- a/include/sscs_cache.h +++ b/include/sscs_cache.h @@ -444,16 +444,45 @@ int sscs_UnlockCache int sscs_CacheWriteKey ( - void *ssHandle, - uint32_t ssFlags, + void *ssHandle, + uint32_t ssFlags, SSCS_KEYCHAIN_ID_T *keyChainID, SSCS_SECRET_ID_T *secretID, - SS_UTF8_T *key, - uint32_t keyLen, - uint8_t *val, - uint32_t valLen, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + int32_t valLen, + SSCS_PASSWORD_T *epPassword, + void *reserved +); + +int sscs_CacheWriteBinaryKey +( + void *ssHandle, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T *keyChainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + uint32_t valLen, SSCS_PASSWORD_T *epPassword, - void *reserved + void *reserved +); + +int sscs_CacheReadBinaryKey +( + void *ssHandle, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T *keychainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + uint32_t *valLen, + SSCS_PASSWORD_T *epPassword, + uint32_t *bytesRequired, + void *reserved ); int32_t sscs_SetMasterPasscode diff --git a/include/sscs_ipc.h b/include/sscs_ipc.h index 2c2958ca..54c73ff3 100644 --- a/include/sscs_ipc.h +++ b/include/sscs_ipc.h @@ -153,12 +153,39 @@ int ipc_ReadKey SS_UTF8_T *key, uint32_t keyLen, uint8_t *val, - uint32_t valLen, + uint32_t *valLen, SSCS_PASSWORD_T *epPassword, uint32_t *bytesRequired ); int ipc_WriteKey +( + SSCS_SECRETSTORE_HANDLE_T *ssHandle, + uint32_t ssFlags, + SSCS_KEYCHAIN_ID_T *keychainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + uint32_t valLen, + SSCS_PASSWORD_T *epPassword, + SSCS_EXT_T *ext +); + +int ipc_ReadBinaryKey +( + SSCS_SECRETSTORE_HANDLE_T *ssHandle, + SSCS_KEYCHAIN_ID_T *keychainID, + SSCS_SECRET_ID_T *secretID, + SS_UTF8_T *key, + uint32_t keyLen, + uint8_t *val, + uint32_t *valLen, + SSCS_PASSWORD_T *epPassword, + uint32_t *bytesRequired +); + +int ipc_WriteBinaryKey ( SSCS_SECRETSTORE_HANDLE_T *ssHandle, uint32_t ssFlags, diff --git a/include/sscs_unx_cache_defines.h b/include/sscs_unx_cache_defines.h index 72745ff4..94a4666b 100644 --- a/include/sscs_unx_cache_defines.h +++ b/include/sscs_unx_cache_defines.h @@ -112,6 +112,14 @@ #define REQ_IS_SECRET_PERSISTENT 0x0013 #define RESP_IS_SECRET_PERSISTENT 0x1013 +#define REQ_IS_OBJECT_SERIALIZATION 0x0014 +#define RESP_IS_OBJECT_SERIALIZATION 0x1014 + +#define REQ_WRITE_BINARY_KEY_MSGID 0x0015 +#define RESP_WRITE_BINARY_KEY_MSGID 0x1015 + +#define REQ_READ_BINARY_KEY_MSGID 0x0016 +#define RESP_READ_BINARY_KEY_MSGID 0x1016 #define EXT_TYPE_WINDOWS_LUID 0x00000001; #define WINDOWS_LUID_LEN 0x00000008;