Binary support in shared libraries
This commit is contained in:
Jim Norman
@@ -40,6 +40,8 @@ LINK_DEF_BLD = \
|
||||
echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAWriteKey" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAWriteBinaryKey" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAReadBinaryKey" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAGetStoreInformation" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAEnumerateSecretIDs" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASARemoveSecretStore" >> $(LINKDEF);\
|
||||
|
||||
@@ -43,6 +43,8 @@ LINK_DEF_BLD = \
|
||||
echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAWriteKey" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAWriteBinaryKey" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAReadBinaryKey" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAGetStoreInformation" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAEnumerateSecretIDs" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASARemoveSecretStore" >> $(LINKDEF);\
|
||||
|
||||
@@ -1585,6 +1585,237 @@ errorLevel2:
|
||||
} //* end of miCASAWriteSecret
|
||||
|
||||
|
||||
/*
|
||||
* NAME - miCASAWriteBinaryKey
|
||||
*
|
||||
* DESCRIPTION
|
||||
* NOTE: This assume a SS_CREDSET SecretType
|
||||
*
|
||||
*
|
||||
*/
|
||||
SSCS_GLOBAL_LIBCALL(int32_t)
|
||||
miCASAWriteBinaryKey
|
||||
(
|
||||
void * context,
|
||||
uint32_t ssFlags,
|
||||
SSCS_KEYCHAIN_ID_T * keyChainID,
|
||||
SSCS_SECRET_ID_T * sharedSecretID,
|
||||
SS_UTF8_T * key,
|
||||
uint32_t keyLen,
|
||||
uint8_t * val,
|
||||
uint32_t valLen,
|
||||
SSCS_PASSWORD_T * epPassword,
|
||||
SSCS_EXT_T * ext
|
||||
)
|
||||
{ /* beginning of the call */
|
||||
/* ########################## DECLARATIONS START HERE ######################### */
|
||||
|
||||
int32_t rc = 0, sidLen = 0, index = 0;
|
||||
uint32_t escNameLen = 0;
|
||||
SSCS_SECRET_ID_T secretID = {0};
|
||||
SS_UTF8_T *escapedSHSName = NULL;
|
||||
SS_UTF8_T *escapedSHSKey = NULL;
|
||||
//SS_UTF8_T *escapedSHSValue = NULL;
|
||||
SSCS_CONTEXT_T * storeContext = (SSCS_CONTEXT_T *)context;
|
||||
|
||||
/* ############################## CODE STARTS HERE ############################ */
|
||||
|
||||
// readData and epPassword are optional parameters
|
||||
if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) || (key == NULL))
|
||||
{
|
||||
return(NSSCS_E_INVALID_PARAM);
|
||||
}
|
||||
|
||||
secretID.len = NSSCS_MAX_SECRET_ID_LEN;
|
||||
|
||||
if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL)
|
||||
{
|
||||
rc = NSSCS_E_SYSTEM_FAILURE;
|
||||
goto errorLevel2;
|
||||
}
|
||||
|
||||
if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_PASSCODE_LEN)) == NULL)
|
||||
{
|
||||
rc = NSSCS_E_SYSTEM_FAILURE;
|
||||
goto errorLevel1;
|
||||
}
|
||||
|
||||
memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN);
|
||||
memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN);
|
||||
memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN);
|
||||
|
||||
// escape delimited characters
|
||||
memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
|
||||
sscsshs_ChkEscapeString(escapedSHSName);
|
||||
|
||||
memcpy(escapedSHSKey, key, keyLen);
|
||||
sscsshs_ChkEscapeString(escapedSHSKey);
|
||||
|
||||
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
|
||||
{
|
||||
rc = NSSCS_E_SECRET_ID_TOO_SHORT;
|
||||
goto errorLevel1;
|
||||
}
|
||||
|
||||
// convert to a SSCS_CRED_SET
|
||||
sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED);
|
||||
sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName);
|
||||
secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1;
|
||||
|
||||
//rc = sscs_CacheWriteSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf, epPassword, ext);
|
||||
// -1 to prevent the null from being cached in micasad
|
||||
|
||||
|
||||
rc = sscs_CacheWriteBinaryKey(storeContext->ssHandle,
|
||||
ssFlags,
|
||||
keyChainID,
|
||||
&secretID,
|
||||
escapedSHSKey,
|
||||
sscs_Utf8Strlen(escapedSHSKey),
|
||||
val,
|
||||
valLen,
|
||||
epPassword,
|
||||
ext);
|
||||
|
||||
/* ############################### CODE EXITS HERE ############################# */
|
||||
|
||||
errorLevel1:
|
||||
if(escapedSHSName)
|
||||
{
|
||||
memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN);
|
||||
free(escapedSHSName);
|
||||
}
|
||||
|
||||
if (escapedSHSKey)
|
||||
{
|
||||
memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN);
|
||||
free(escapedSHSKey);
|
||||
}
|
||||
|
||||
errorLevel2:
|
||||
memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN);
|
||||
return(rc);
|
||||
|
||||
/* ############################### CODE ENDS HERE ############################# */
|
||||
} //* end of miCASAWriteBinaryKey
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* NAME - miCASAWriteKey
|
||||
*
|
||||
* DESCRIPTION
|
||||
* NOTE: This assume a SS_CREDSET SecretType
|
||||
*
|
||||
*
|
||||
*/
|
||||
SSCS_GLOBAL_LIBCALL(int32_t)
|
||||
miCASAReadBinaryKey
|
||||
(
|
||||
void * context,
|
||||
uint32_t ssFlags,
|
||||
SSCS_KEYCHAIN_ID_T * keyChainID,
|
||||
SSCS_SECRET_ID_T * sharedSecretID,
|
||||
SS_UTF8_T * key,
|
||||
uint32_t keyLen,
|
||||
uint8_t * val,
|
||||
uint32_t * valLen,
|
||||
SSCS_PASSWORD_T * epPassword,
|
||||
uint32_t * bytesRequired,
|
||||
SSCS_EXT_T * ext
|
||||
)
|
||||
{ /* beginning of the call */
|
||||
/* ########################## DECLARATIONS START HERE ######################### */
|
||||
|
||||
int32_t rc = 0, sidLen = 0, index = 0;
|
||||
uint32_t escNameLen = 0;
|
||||
SSCS_SECRET_ID_T secretID = {0};
|
||||
SS_UTF8_T *escapedSHSName = NULL;
|
||||
SS_UTF8_T *escapedSHSKey = NULL;
|
||||
SSCS_CONTEXT_T * storeContext = (SSCS_CONTEXT_T *)context;
|
||||
|
||||
/* ############################## CODE STARTS HERE ############################ */
|
||||
|
||||
// readData and epPassword are optional parameters
|
||||
if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) || (key == NULL))
|
||||
{
|
||||
return(NSSCS_E_INVALID_PARAM);
|
||||
}
|
||||
|
||||
secretID.len = NSSCS_MAX_SECRET_ID_LEN;
|
||||
|
||||
if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL)
|
||||
{
|
||||
rc = NSSCS_E_SYSTEM_FAILURE;
|
||||
goto errorLevel2;
|
||||
}
|
||||
|
||||
if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_PASSCODE_LEN)) == NULL)
|
||||
{
|
||||
rc = NSSCS_E_SYSTEM_FAILURE;
|
||||
goto errorLevel1;
|
||||
}
|
||||
|
||||
memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN);
|
||||
memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN);
|
||||
memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN);
|
||||
|
||||
|
||||
// escape delimited characters
|
||||
memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
|
||||
sscsshs_ChkEscapeString(escapedSHSName);
|
||||
|
||||
memcpy(escapedSHSKey, key, keyLen);
|
||||
sscsshs_ChkEscapeString(escapedSHSKey);
|
||||
|
||||
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
|
||||
{
|
||||
rc = NSSCS_E_SECRET_ID_TOO_SHORT;
|
||||
goto errorLevel1;
|
||||
}
|
||||
|
||||
// convert to a SSCS_CRED_SET
|
||||
sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED);
|
||||
sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName);
|
||||
secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1;
|
||||
|
||||
rc = sscs_CacheReadBinaryKey(storeContext->ssHandle,
|
||||
ssFlags,
|
||||
keyChainID,
|
||||
&secretID,
|
||||
escapedSHSKey,
|
||||
sscs_Utf8Strlen(escapedSHSKey),
|
||||
val,
|
||||
valLen,
|
||||
epPassword,
|
||||
bytesRequired,
|
||||
ext);
|
||||
|
||||
/* ############################### CODE EXITS HERE ############################# */
|
||||
|
||||
errorLevel1:
|
||||
if(escapedSHSName)
|
||||
{
|
||||
memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN);
|
||||
free(escapedSHSName);
|
||||
}
|
||||
|
||||
if (escapedSHSKey)
|
||||
{
|
||||
memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN);
|
||||
free(escapedSHSKey);
|
||||
}
|
||||
|
||||
errorLevel2:
|
||||
memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN);
|
||||
|
||||
return(rc);
|
||||
|
||||
/* ############################### CODE ENDS HERE ############################# */
|
||||
} //* end of miCASAWriteSecret
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* NAME - miCASAGetStoreInfomaion
|
||||
*
|
||||
@@ -2457,6 +2688,8 @@ miCASAGetCredential
|
||||
SSCS_KEYCHAIN_ID_T kc = {0};
|
||||
|
||||
SSCS_BASIC_CREDENTIAL *basicCred = (SSCS_BASIC_CREDENTIAL *)credential;
|
||||
SSCS_BINARY_CREDENTIAL *binaryCred = (SSCS_BINARY_CREDENTIAL *)credential;
|
||||
int32_t bytesRequired = 0;
|
||||
|
||||
/* ############################## CODE STARTS HERE ############################ */
|
||||
|
||||
@@ -2466,11 +2699,31 @@ miCASAGetCredential
|
||||
return(NSSCS_E_INVALID_PARAM);
|
||||
}
|
||||
|
||||
// set default keychain
|
||||
sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID);
|
||||
kc.len = SSCS_S_KC_ID_CHARS;
|
||||
|
||||
|
||||
// open secretStore
|
||||
sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID);
|
||||
store.version = 1;
|
||||
context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL);
|
||||
|
||||
if (*credentialType == SSCS_CRED_TYPE_BINARY_F)
|
||||
{
|
||||
return miCASAReadBinaryKey(
|
||||
context,
|
||||
ssFlags,
|
||||
&kc,
|
||||
appSecretID,
|
||||
binaryCred->id,
|
||||
binaryCred->idLen,
|
||||
binaryCred->data,
|
||||
binaryCred->dataLen,
|
||||
NULL,
|
||||
&bytesRequired,
|
||||
ext);
|
||||
}
|
||||
|
||||
// create a SHS Handle
|
||||
secretHandle = miCASA_CreateSHSHandle();
|
||||
@@ -2479,8 +2732,6 @@ miCASAGetCredential
|
||||
|
||||
|
||||
// 1&2. look up the SS_App for this secretID, if not found use the sharedSecretID
|
||||
sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID);
|
||||
kc.len = SSCS_S_KC_ID_CHARS;
|
||||
|
||||
secID.type = SSCS_APPLICATION_TYPE_F;
|
||||
secID.len = appSecretID->len;
|
||||
@@ -2628,7 +2879,44 @@ miCASASetCredential
|
||||
|
||||
/* ############################## CODE STARTS HERE ############################ */
|
||||
|
||||
SSCS_BASIC_CREDENTIAL *basicCred = (SSCS_BASIC_CREDENTIAL *)credential;
|
||||
SSCS_BASIC_CREDENTIAL *basicCred;
|
||||
SSCS_BINARY_CREDENTIAL *binaryCred;
|
||||
|
||||
// open secretStore
|
||||
sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID);
|
||||
store.version = 1;
|
||||
context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL);
|
||||
|
||||
storeContext = (SSCS_CONTEXT_T *)context;
|
||||
|
||||
if (context == NULL)
|
||||
{
|
||||
return NSSCS_E_SYSTEM_FAILURE;
|
||||
}
|
||||
|
||||
|
||||
sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID);
|
||||
kc.len = SSCS_S_KC_ID_CHARS;
|
||||
|
||||
|
||||
if (credentialType == SSCS_CRED_TYPE_BINARY_F)
|
||||
{
|
||||
binaryCred = (SSCS_BINARY_CREDENTIAL *)credential;
|
||||
|
||||
return miCASAWriteBinaryKey(
|
||||
context,
|
||||
ssFlags,
|
||||
&kc,
|
||||
sharedSecretID,
|
||||
binaryCred->id,
|
||||
binaryCred->idLen,
|
||||
binaryCred->data,
|
||||
*binaryCred->dataLen,
|
||||
NULL,
|
||||
ext);
|
||||
}
|
||||
else
|
||||
basicCred = (SSCS_BASIC_CREDENTIAL *)credential;
|
||||
// check params
|
||||
if ((appSecretID == NULL) || (credential == NULL))
|
||||
{
|
||||
@@ -2650,17 +2938,6 @@ miCASASetCredential
|
||||
usernameKeyname = SHS_CN;
|
||||
|
||||
|
||||
// open secretStore
|
||||
sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID);
|
||||
store.version = 1;
|
||||
context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL);
|
||||
|
||||
storeContext = (SSCS_CONTEXT_T *)context;
|
||||
|
||||
if (context == NULL)
|
||||
{
|
||||
return NSSCS_E_SYSTEM_FAILURE;
|
||||
}
|
||||
|
||||
// create a SHS Handle
|
||||
secretHandle = miCASA_CreateSHSHandle();
|
||||
@@ -2669,8 +2946,6 @@ miCASASetCredential
|
||||
|
||||
// 1&2. Look up the SS_App for this secretID in case we should use an shared override,
|
||||
// if not found use the sharedSecretID passed in.
|
||||
sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID);
|
||||
kc.len = SSCS_S_KC_ID_CHARS;
|
||||
|
||||
secID.type = SSCS_APPLICATION_TYPE_F;
|
||||
secID.len = appSecretID->len;
|
||||
|
||||
Reference in New Issue
Block a user