geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Binary support in shared libraries

Browse Source
This commit is contained in:
Jim Norman
2005-12-09 17:42:13 +00:00
parent c30b2b3195
commit f0946f22d5
12 changed files with 854 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
c_micasacache/link.w32
View File

@@ -41,6 +41,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\ echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\
echo "/EXPORT:sscs_IsSecretPersistent">> $(LINKDEF);\ echo "/EXPORT:sscs_IsSecretPersistent">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheWriteKey">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheWriteKey">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheReadKey">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheWriteBinaryKey">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheReadBinaryKey">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheCloseSecretStore">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheCloseSecretStore">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheOpenSecretStore">> $(LINKDEF); echo "/EXPORT:sscs_CacheOpenSecretStore">> $(LINKDEF);

2
c_micasacache/link_mdd.w32
View File

@@ -48,5 +48,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:sscs_IsSecretPersistent">> $(LINKDEF);\ echo "/EXPORT:sscs_IsSecretPersistent">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheWriteKey">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheWriteKey">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheReadKey">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheReadKey">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheWriteBinaryKey">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheReadBinaryKey">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheCloseSecretStore">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheCloseSecretStore">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheOpenSecretStore">> $(LINKDEF); echo "/EXPORT:sscs_CacheOpenSecretStore">> $(LINKDEF);

54
c_micasacache/sscs_unx_cache.c
View File

@@ -581,7 +581,7 @@ int sscs_CacheWriteKey
SS_UTF8_T *key, SS_UTF8_T *key,
uint32_t keyLen, uint32_t keyLen,
uint8_t *val, uint8_t *val,
uint32_t valLen, int32_t valLen,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
void *reserved void *reserved
) )
@@ -593,6 +593,32 @@ int sscs_CacheWriteKey
return retVal; return retVal;
} }
int sscs_CacheWriteBinaryKey
(
void *ssHandle,
uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T *keyChainID,
SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key,
uint32_t keyLen,
uint8_t *val,
uint32_t valLen,
SSCS_PASSWORD_T *epPassword,
void *reserved
)
{
int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_WriteBinaryKey(ssHandleCopy,ssFlags,keyChainID,secretID,key,keyLen,val,valLen,epPassword, reserved);
return retVal;
}
/* Reads Secret value for a given Secret ID in a given keychain. /* Reads Secret value for a given Secret ID in a given keychain.
* *
* Parameters: * Parameters:
@@ -631,7 +657,7 @@ int32_t sscs_CacheReadKey
SS_UTF8_T *key, SS_UTF8_T *key,
uint32_t keyLen, uint32_t keyLen,
uint8_t *val, uint8_t *val,
uint32_t valLen, uint32_t *valLen,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired, uint32_t *bytesRequired,
void *reserved void *reserved
@@ -644,6 +670,30 @@ int32_t sscs_CacheReadKey
return retVal; return retVal;
} }
int32_t sscs_CacheReadBinaryKey
(
void *ssHandle,
uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T *keychainID,
SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key,
uint32_t keyLen,
uint8_t *val,
uint32_t *valLen,
SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired,
void *reserved
)
{
int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired);
return retVal;
}
int sscs_IsSecretPersistent int sscs_IsSecretPersistent
( (
void *ssHandle, void *ssHandle,

386
c_micasacache/sscs_unx_ipc_client.c
View File

@@ -1801,7 +1801,7 @@ int32_t ipc_ReadKey
SS_UTF8_T *key, SS_UTF8_T *key,
uint32_t keyLen, uint32_t keyLen,
uint8_t *val, uint8_t *val,
uint32_t valLen, uint32_t *valLen,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired uint32_t *bytesRequired
) )
@@ -1917,7 +1917,173 @@ int32_t ipc_ReadKey
break; break;
} }
// Let me check if the buffer passed by application is big enough // Let me check if the buffer passed by application is big enough
if(dataLen <= valLen) if(dataLen <= *valLen)
{
// Read the secret into application buffer.
retVal = IPC_READ(*(int *)ssHandle->platHandle, val, dataLen);
if( retVal < 0 )
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
// set the length of the data
*valLen = dataLen;
}
else
{
//buffer allocated by application is not sufficient to hold the data.
*bytesRequired = dataLen;
{
// Cleanup the channel by reading the remaining and return error.
int n;
n = dataLen;
while(n)
{
int bytes = IPC_READ(*(int *)ssHandle->platHandle, gpReplyBuf, MIN_REPLY_BUF_LEN);
if( bytes > 0)
n -= MIN_REPLY_BUF_LEN;
else
break;
}
// Read the sscs return code also.
IPC_READ(*(int *)ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN);
retCode = NSSCS_E_ENUM_BUFF_TOO_SHORT;
break;
}
}
// Read the sscs return code also.
IPC_READ(*(int *)ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN);
retCode = mapReturnCode(sockReturn);
} while(0);
return retCode;
}
int32_t ipc_ReadBinaryKey
(
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
SSCS_KEYCHAIN_ID_T *keychainID,
SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key,
uint32_t keyLen,
uint8_t *val,
uint32_t *valLen,
SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired
)
{
int retVal = 0; //to be used in the function internally
int32_t retCode = NSSCS_SUCCESS; //to be returned to caller
int32_t sockReturn = 0; //obtained from the server
uint32_t dataLen = 0;
uint16_t msgid = 0;
uint32_t keychainIDLen = 0;
uint32_t secretIDLen = 0;
uint32_t msgLen = 0;
SSCS_PASSWORD_T myPassword = {0,0,""};
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
Byte gpReplyBuf[MIN_REPLY_BUF_LEN];
Byte *pReq = NULL, *pReply = NULL;
memset(gpReqBuf,0,sizeof(gpReqBuf));
memset(gpReplyBuf,0,sizeof(gpReplyBuf));
do
{
if((NULL == ssHandle) || (NULL == ssHandle->platHandle) || (NULL == keychainID) || (NULL == secretID) || (NULL == bytesRequired))
{
retCode = NSSCS_E_INVALID_PARAM;
break;
}
// Prepare Request buffer
keychainIDLen = keychainID->len;
secretIDLen = secretID->len;
if( keychainIDLen > NSSS_MAX_KEYCHAIN_ID_CHARS ||
secretIDLen > NSSS_MAX_SECRET_ID_CHARS )
{
retCode = NSSS_E_SECRET_ID_TOO_LONG;
break;
}
// epPassword is optional. So, the code should not break.
if( NULL == epPassword )
epPassword = &myPassword;
msgLen = MSGID_LEN + MSG_LEN +
MSG_STRING_LEN + // KeychainID length
keychainIDLen + // Keychain ID
MSG_STRING_LEN + // SecretID length
secretIDLen + // SecretID
MSG_STRING_LEN + //keyLen
keyLen + //key
MSG_STRING_LEN + // epPassword len
epPassword->pwordLen;
pReq = gpReqBuf;
msgid = REQ_READ_BINARY_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;
memcpy(pReq, &msgLen, MSG_LEN);
pReq += MSG_LEN;
memcpy(pReq, &keychainIDLen, MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
memcpy(pReq,keychainID->keychainID,keychainIDLen);
pReq += keychainIDLen ;
memcpy(pReq, &secretIDLen, MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
memcpy(pReq, secretID->id, secretIDLen);
pReq += secretIDLen;
memcpy(pReq, &keyLen, MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
memcpy(pReq, key, keyLen);
pReq += keyLen;
memcpy(pReq, &(epPassword->pwordLen), MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
memcpy(pReq, epPassword->pword, epPassword->pwordLen);
pReq += epPassword->pwordLen;
retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0)
{
//log debug info here
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
// Read reply
pReply = gpReplyBuf;
retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL);
if( 0 == retVal )
{
//log debug info here
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
memcpy(&msgid,pReply, MSGID_LEN);
pReply += MSGID_LEN;
memcpy(&msgLen,pReply, MSG_LEN);
pReply += MSG_LEN;
memcpy(&dataLen,pReply, MSG_DWORD_LEN);
if( 0 == dataLen )
{
// Cleanup the channel by reading the return code.
retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN);
if( retVal < 0 )
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
retCode = mapReturnCode(sockReturn);
break;
}
// Let me check if the buffer passed by application is big enough
if(dataLen <= *valLen)
{ {
// Read the secret into application buffer. // Read the secret into application buffer.
retVal = IPC_READ(*(int *)ssHandle->platHandle, val, dataLen); retVal = IPC_READ(*(int *)ssHandle->platHandle, val, dataLen);
@@ -2071,6 +2237,222 @@ int ipc_WriteKey
} }
msgid = REQ_WRITE_KEY_MSGID; msgid = REQ_WRITE_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;
memcpy(pReq, &msgLen, MSG_LEN);
pReq += MSG_LEN;
memcpy(pReq, &keychainIDLen, MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
memcpy(pReq,keychainID->keychainID,keychainIDLen );
pReq += keychainIDLen;
memcpy(pReq, &secretIDLen, MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
memcpy(pReq, secretID->id,secretIDLen);
pReq += secretIDLen;
memcpy(pReq,&keyLen,MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
memcpy(pReq,key,keyLen);
pReq += keyLen;
memcpy(pReq,&valLen,MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
memcpy(pReq,val,valLen);
pReq += valLen;
memcpy(pReq, &(epPassword->pwordLen), MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
memcpy(pReq, epPassword->pword, epPassword->pwordLen);
pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
if(tmpBuf != NULL)
{
retVal = IPC_WRITE(*(int *)ssHandle->platHandle,tmpBuf,msgLen);
}
else
{
retVal = IPC_WRITE(*(int *)ssHandle->platHandle,gpReqBuf, msgLen);
}
if(retVal < 0)
{
//log debug info here
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
// Read reply
pReply = gpReplyBuf;
retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL);
if(retVal < 0)
{
//log debug info here
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
memcpy(&msgid,pReply, MSGID_LEN);
pReply += MSGID_LEN;
memcpy(&msgLen,pReply, MSG_LEN);
pReply += MSG_LEN;
memcpy(&sockReturn, pReply, MSG_DWORD_LEN);
retCode = mapReturnCode(sockReturn);
}while(0);
if( tmpBuf != NULL )
{
free(tmpBuf);
tmpBuf = NULL;
}
return retCode;
}
int ipc_WriteBinaryKey
(
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T *keychainID,
SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key,
uint32_t keyLen,
uint8_t *val,
uint32_t valLen,
SSCS_PASSWORD_T *epPassword,
SSCS_EXT_T *ext
)
{
int retVal = 0; //to be used in the function internally
int32_t retCode = NSSCS_SUCCESS; //to be returned to caller
int32_t sockReturn = 0; //obtained from the server
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
Byte gpReplyBuf[MIN_REPLY_BUF_LEN];
Byte *pReq = NULL, *pReply = NULL;
Byte *tmpBuf = NULL;
uint16_t msgid = 0;
uint32_t keychainIDLen = 0;
uint32_t secretIDLen = 0;
uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
SSCS_PASSWORD_T myPassword = {0,0,""};
memset(gpReqBuf,0,sizeof(gpReqBuf));
memset(gpReplyBuf,0,sizeof(gpReplyBuf));
do
{
if((NULL == ssHandle) || (NULL == ssHandle->platHandle) || (NULL == keychainID) || (NULL == secretID) ||(NULL == key))
{
retCode = NSSCS_E_INVALID_PARAM;
break;
}
// Prepare Request buffer
keychainIDLen = keychainID->len;
secretIDLen = secretID->len;
if( keychainIDLen > NSSS_MAX_KEYCHAIN_ID_CHARS ||
secretIDLen > NSSS_MAX_SECRET_ID_CHARS )
{
retCode = NSSS_E_SECRET_ID_TOO_LONG;
break;
}
// epPassword is optional. So, the code should not break.
if(epPassword == NULL)
epPassword = &myPassword;
msgLen = MSGID_LEN + MSG_LEN +
MSG_STRING_LEN + // KeychainID length
keychainIDLen + // Keychain ID
MSG_STRING_LEN + // SecretID length
secretIDLen + // SecretID
MSG_STRING_LEN + // Secret Value Length
keyLen +
MSG_STRING_LEN +
valLen +
MSG_STRING_LEN + // epPassword len
epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
// as setup in the capture module
//ext.extID = WINDOWS_LOGON_ID;
//ext.version = 0x00010000; // 1.0.0
//ext.ext = (void *)lpLogonId;
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
if( msgLen > MIN_REQUEST_BUF_LEN )
{
tmpBuf = (Byte*)malloc(msgLen);
if( NULL == tmpBuf )
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
memset(tmpBuf,0,msgLen);
pReq = tmpBuf;
}
else
{
pReq = gpReqBuf;
}
msgid = REQ_WRITE_BINARY_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN; pReq += MSGID_LEN;
memcpy(pReq, &msgLen, MSG_LEN); memcpy(pReq, &msgLen, MSG_LEN);

2
c_micasadk/link.w32
View File

@@ -40,6 +40,8 @@ LINK_DEF_BLD = \
echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASAWriteKey" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteKey" >> $(LINKDEF);\
echo "/EXPORT:miCASAWriteBinaryKey" >> $(LINKDEF);\
echo "/EXPORT:miCASAReadBinaryKey" >> $(LINKDEF);\
echo "/EXPORT:miCASAGetStoreInformation" >> $(LINKDEF);\ echo "/EXPORT:miCASAGetStoreInformation" >> $(LINKDEF);\
echo "/EXPORT:miCASAEnumerateSecretIDs" >> $(LINKDEF);\ echo "/EXPORT:miCASAEnumerateSecretIDs" >> $(LINKDEF);\
echo "/EXPORT:miCASARemoveSecretStore" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveSecretStore" >> $(LINKDEF);\

2
c_micasadk/link_mdd.w32
View File

@@ -43,6 +43,8 @@ LINK_DEF_BLD = \
echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASAWriteKey" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteKey" >> $(LINKDEF);\
echo "/EXPORT:miCASAWriteBinaryKey" >> $(LINKDEF);\
echo "/EXPORT:miCASAReadBinaryKey" >> $(LINKDEF);\
echo "/EXPORT:miCASAGetStoreInformation" >> $(LINKDEF);\ echo "/EXPORT:miCASAGetStoreInformation" >> $(LINKDEF);\
echo "/EXPORT:miCASAEnumerateSecretIDs" >> $(LINKDEF);\ echo "/EXPORT:miCASAEnumerateSecretIDs" >> $(LINKDEF);\
echo "/EXPORT:miCASARemoveSecretStore" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveSecretStore" >> $(LINKDEF);\

307
c_micasadk/sscs_ndk.c
View File

@@ -1585,6 +1585,237 @@ errorLevel2:
} //* end of miCASAWriteSecret } //* end of miCASAWriteSecret
/*
* NAME - miCASAWriteBinaryKey
*
* DESCRIPTION
* NOTE: This assume a SS_CREDSET SecretType
*
*
*/
SSCS_GLOBAL_LIBCALL(int32_t)
miCASAWriteBinaryKey
(
void * context,
uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T * keyChainID,
SSCS_SECRET_ID_T * sharedSecretID,
SS_UTF8_T * key,
uint32_t keyLen,
uint8_t * val,
uint32_t valLen,
SSCS_PASSWORD_T * epPassword,
SSCS_EXT_T * ext
)
{ /* beginning of the call */
/* ########################## DECLARATIONS START HERE ######################### */
int32_t rc = 0, sidLen = 0, index = 0;
uint32_t escNameLen = 0;
SSCS_SECRET_ID_T secretID = {0};
SS_UTF8_T *escapedSHSName = NULL;
SS_UTF8_T *escapedSHSKey = NULL;
//SS_UTF8_T *escapedSHSValue = NULL;
SSCS_CONTEXT_T * storeContext = (SSCS_CONTEXT_T *)context;
/* ############################## CODE STARTS HERE ############################ */
// readData and epPassword are optional parameters
if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) || (key == NULL))
{
return(NSSCS_E_INVALID_PARAM);
}
secretID.len = NSSCS_MAX_SECRET_ID_LEN;
if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL)
{
rc = NSSCS_E_SYSTEM_FAILURE;
goto errorLevel2;
}
if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_PASSCODE_LEN)) == NULL)
{
rc = NSSCS_E_SYSTEM_FAILURE;
goto errorLevel1;
}
memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN);
memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN);
memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN);
// escape delimited characters
memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
sscsshs_ChkEscapeString(escapedSHSName);
memcpy(escapedSHSKey, key, keyLen);
sscsshs_ChkEscapeString(escapedSHSKey);
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
{
rc = NSSCS_E_SECRET_ID_TOO_SHORT;
goto errorLevel1;
}
// convert to a SSCS_CRED_SET
sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED);
sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName);
secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1;
//rc = sscs_CacheWriteSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf, epPassword, ext);
// -1 to prevent the null from being cached in micasad
rc = sscs_CacheWriteBinaryKey(storeContext->ssHandle,
ssFlags,
keyChainID,
&secretID,
escapedSHSKey,
sscs_Utf8Strlen(escapedSHSKey),
val,
valLen,
epPassword,
ext);
/* ############################### CODE EXITS HERE ############################# */
errorLevel1:
if(escapedSHSName)
{
memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN);
free(escapedSHSName);
}
if (escapedSHSKey)
{
memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN);
free(escapedSHSKey);
}
errorLevel2:
memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN);
return(rc);
/* ############################### CODE ENDS HERE ############################# */
} //* end of miCASAWriteBinaryKey
/*
* NAME - miCASAWriteKey
*
* DESCRIPTION
* NOTE: This assume a SS_CREDSET SecretType
*
*
*/
SSCS_GLOBAL_LIBCALL(int32_t)
miCASAReadBinaryKey
(
void * context,
uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T * keyChainID,
SSCS_SECRET_ID_T * sharedSecretID,
SS_UTF8_T * key,
uint32_t keyLen,
uint8_t * val,
uint32_t * valLen,
SSCS_PASSWORD_T * epPassword,
uint32_t * bytesRequired,
SSCS_EXT_T * ext
)
{ /* beginning of the call */
/* ########################## DECLARATIONS START HERE ######################### */
int32_t rc = 0, sidLen = 0, index = 0;
uint32_t escNameLen = 0;
SSCS_SECRET_ID_T secretID = {0};
SS_UTF8_T *escapedSHSName = NULL;
SS_UTF8_T *escapedSHSKey = NULL;
SSCS_CONTEXT_T * storeContext = (SSCS_CONTEXT_T *)context;
/* ############################## CODE STARTS HERE ############################ */
// readData and epPassword are optional parameters
if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) || (key == NULL))
{
return(NSSCS_E_INVALID_PARAM);
}
secretID.len = NSSCS_MAX_SECRET_ID_LEN;
if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL)
{
rc = NSSCS_E_SYSTEM_FAILURE;
goto errorLevel2;
}
if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_PASSCODE_LEN)) == NULL)
{
rc = NSSCS_E_SYSTEM_FAILURE;
goto errorLevel1;
}
memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN);
memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN);
memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN);
// escape delimited characters
memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
sscsshs_ChkEscapeString(escapedSHSName);
memcpy(escapedSHSKey, key, keyLen);
sscsshs_ChkEscapeString(escapedSHSKey);
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
{
rc = NSSCS_E_SECRET_ID_TOO_SHORT;
goto errorLevel1;
}
// convert to a SSCS_CRED_SET
sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED);
sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName);
secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1;
rc = sscs_CacheReadBinaryKey(storeContext->ssHandle,
ssFlags,
keyChainID,
&secretID,
escapedSHSKey,
sscs_Utf8Strlen(escapedSHSKey),
val,
valLen,
epPassword,
bytesRequired,
ext);
/* ############################### CODE EXITS HERE ############################# */
errorLevel1:
if(escapedSHSName)
{
memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN);
free(escapedSHSName);
}
if (escapedSHSKey)
{
memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN);
free(escapedSHSKey);
}
errorLevel2:
memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN);
return(rc);
/* ############################### CODE ENDS HERE ############################# */
} //* end of miCASAWriteSecret
/* /*
* NAME - miCASAGetStoreInfomaion * NAME - miCASAGetStoreInfomaion
* *
@@ -2457,6 +2688,8 @@ miCASAGetCredential
SSCS_KEYCHAIN_ID_T kc = {0}; SSCS_KEYCHAIN_ID_T kc = {0};
SSCS_BASIC_CREDENTIAL *basicCred = (SSCS_BASIC_CREDENTIAL *)credential; SSCS_BASIC_CREDENTIAL *basicCred = (SSCS_BASIC_CREDENTIAL *)credential;
SSCS_BINARY_CREDENTIAL *binaryCred = (SSCS_BINARY_CREDENTIAL *)credential;
int32_t bytesRequired = 0;
/* ############################## CODE STARTS HERE ############################ */ /* ############################## CODE STARTS HERE ############################ */
@@ -2466,11 +2699,31 @@ miCASAGetCredential
return(NSSCS_E_INVALID_PARAM); return(NSSCS_E_INVALID_PARAM);
} }
// set default keychain
sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID);
kc.len = SSCS_S_KC_ID_CHARS;
// open secretStore // open secretStore
sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID); sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID);
store.version = 1; store.version = 1;
context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL);
if (*credentialType == SSCS_CRED_TYPE_BINARY_F)
{
return miCASAReadBinaryKey(
context,
ssFlags,
&kc,
appSecretID,
binaryCred->id,
binaryCred->idLen,
binaryCred->data,
binaryCred->dataLen,
NULL,
&bytesRequired,
ext);
}
// create a SHS Handle // create a SHS Handle
secretHandle = miCASA_CreateSHSHandle(); secretHandle = miCASA_CreateSHSHandle();
@@ -2479,8 +2732,6 @@ miCASAGetCredential
// 1&2. look up the SS_App for this secretID, if not found use the sharedSecretID // 1&2. look up the SS_App for this secretID, if not found use the sharedSecretID
sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID);
kc.len = SSCS_S_KC_ID_CHARS;
secID.type = SSCS_APPLICATION_TYPE_F; secID.type = SSCS_APPLICATION_TYPE_F;
secID.len = appSecretID->len; secID.len = appSecretID->len;
@@ -2628,7 +2879,44 @@ miCASASetCredential
/* ############################## CODE STARTS HERE ############################ */ /* ############################## CODE STARTS HERE ############################ */
SSCS_BASIC_CREDENTIAL *basicCred = (SSCS_BASIC_CREDENTIAL *)credential; SSCS_BASIC_CREDENTIAL *basicCred;
SSCS_BINARY_CREDENTIAL *binaryCred;
// open secretStore
sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID);
store.version = 1;
context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL);
storeContext = (SSCS_CONTEXT_T *)context;
if (context == NULL)
{
return NSSCS_E_SYSTEM_FAILURE;
}
sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID);
kc.len = SSCS_S_KC_ID_CHARS;
if (credentialType == SSCS_CRED_TYPE_BINARY_F)
{
binaryCred = (SSCS_BINARY_CREDENTIAL *)credential;
return miCASAWriteBinaryKey(
context,
ssFlags,
&kc,
sharedSecretID,
binaryCred->id,
binaryCred->idLen,
binaryCred->data,
*binaryCred->dataLen,
NULL,
ext);
}
else
basicCred = (SSCS_BASIC_CREDENTIAL *)credential;
// check params // check params
if ((appSecretID == NULL) || (credential == NULL)) if ((appSecretID == NULL) || (credential == NULL))
{ {
@@ -2650,17 +2938,6 @@ miCASASetCredential
usernameKeyname = SHS_CN; usernameKeyname = SHS_CN;
// open secretStore
sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID);
store.version = 1;
context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL);
storeContext = (SSCS_CONTEXT_T *)context;
if (context == NULL)
{
return NSSCS_E_SYSTEM_FAILURE;
}
// create a SHS Handle // create a SHS Handle
secretHandle = miCASA_CreateSHSHandle(); secretHandle = miCASA_CreateSHSHandle();
@@ -2669,8 +2946,6 @@ miCASASetCredential
// 1&2. Look up the SS_App for this secretID in case we should use an shared override, // 1&2. Look up the SS_App for this secretID in case we should use an shared override,
// if not found use the sharedSecretID passed in. // if not found use the sharedSecretID passed in.
sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID);
kc.len = SSCS_S_KC_ID_CHARS;
secID.type = SSCS_APPLICATION_TYPE_F; secID.type = SSCS_APPLICATION_TYPE_F;
secID.len = appSecretID->len; secID.len = appSecretID->len;

16
include/micasa.h
View File

@@ -461,6 +461,22 @@ miCASAWriteKey
SSCS_EXT_T * ext SSCS_EXT_T * ext
); );
SSCS_EXTERN_LIBCALL(int32_t)
miCASAReadBinaryKey
(
void * context,
uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T * keyChainID,
SSCS_SECRET_ID_T * sharedSecretID,
SS_UTF8_T * key,
uint32_t keyLen,
uint8_t * val,
uint32_t * valLen,
SSCS_PASSWORD_T * epPassword,
uint32_t * bytesRequired,
SSCS_EXT_T * ext
);
SSCS_EXTERN_LIBCALL(int32_t) SSCS_EXTERN_LIBCALL(int32_t)
miCASASetMasterPasscode miCASASetMasterPasscode
( (

9
include/micasa_mgmd.h
View File

@@ -89,6 +89,7 @@ typedef unsigned char SS_UTF8_T;
// used to denote what structure is being used for the credentials // used to denote what structure is being used for the credentials
#define SSCS_CRED_TYPE_BASIC_F 0x00000001L #define SSCS_CRED_TYPE_BASIC_F 0x00000001L
#define SSCS_CRED_TYPE_BINARY_F 0x00000002L
// used to denote the type of username being requested or set // used to denote the type of username being requested or set
#define USERNAME_TYPE_CN_F 0x00000000L // default behavior #define USERNAME_TYPE_CN_F 0x00000000L // default behavior
@@ -115,6 +116,14 @@ typedef struct _sscs_basic_credential
} SSCS_BASIC_CREDENTIAL; } SSCS_BASIC_CREDENTIAL;
typedef struct _sscs_binary_credential
{
uint32_t idLen;
SS_UTF8_T id[NSSCS_MAX_SECRET_ID_LEN];
uint32_t *dataLen;
uint8_t *data;
} SSCS_BINARY_CREDENTIAL;
typedef struct _sscs_ext_t typedef struct _sscs_ext_t
{ {
int32_t extID; // defined to identify the extension int32_t extID; // defined to identify the extension

29
include/sscs_cache.h
View File

@@ -443,6 +443,20 @@ int sscs_UnlockCache
); );
int sscs_CacheWriteKey int sscs_CacheWriteKey
(
void *ssHandle,
uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T *keyChainID,
SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key,
uint32_t keyLen,
uint8_t *val,
int32_t valLen,
SSCS_PASSWORD_T *epPassword,
void *reserved
);
int sscs_CacheWriteBinaryKey
( (
void *ssHandle, void *ssHandle,
uint32_t ssFlags, uint32_t ssFlags,
@@ -456,6 +470,21 @@ int sscs_CacheWriteKey
void *reserved void *reserved
); );
int sscs_CacheReadBinaryKey
(
void *ssHandle,
uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T *keychainID,
SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key,
uint32_t keyLen,
uint8_t *val,
uint32_t *valLen,
SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired,
void *reserved
);
int32_t sscs_SetMasterPasscode int32_t sscs_SetMasterPasscode
( (
void *ssHandle, void *ssHandle,

29
include/sscs_ipc.h
View File

@@ -153,7 +153,7 @@ int ipc_ReadKey
SS_UTF8_T *key, SS_UTF8_T *key,
uint32_t keyLen, uint32_t keyLen,
uint8_t *val, uint8_t *val,
uint32_t valLen, uint32_t *valLen,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired uint32_t *bytesRequired
); );
@@ -172,6 +172,33 @@ int ipc_WriteKey
SSCS_EXT_T *ext SSCS_EXT_T *ext
); );
int ipc_ReadBinaryKey
(
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
SSCS_KEYCHAIN_ID_T *keychainID,
SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key,
uint32_t keyLen,
uint8_t *val,
uint32_t *valLen,
SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired
);
int ipc_WriteBinaryKey
(
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T *keychainID,
SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key,
uint32_t keyLen,
uint8_t *val,
uint32_t valLen,
SSCS_PASSWORD_T *epPassword,
SSCS_EXT_T *ext
);
int32_t ipc_SetMasterPassword int32_t ipc_SetMasterPassword
( (
SSCS_SECRETSTORE_HANDLE_T *ssHandle, SSCS_SECRETSTORE_HANDLE_T *ssHandle,

8
include/sscs_unx_cache_defines.h
View File

@@ -112,6 +112,14 @@
#define REQ_IS_SECRET_PERSISTENT 0x0013 #define REQ_IS_SECRET_PERSISTENT 0x0013
#define RESP_IS_SECRET_PERSISTENT 0x1013 #define RESP_IS_SECRET_PERSISTENT 0x1013
#define REQ_IS_OBJECT_SERIALIZATION 0x0014
#define RESP_IS_OBJECT_SERIALIZATION 0x1014
#define REQ_WRITE_BINARY_KEY_MSGID 0x0015
#define RESP_WRITE_BINARY_KEY_MSGID 0x1015
#define REQ_READ_BINARY_KEY_MSGID 0x0016
#define RESP_READ_BINARY_KEY_MSGID 0x1016
#define EXT_TYPE_WINDOWS_LUID 0x00000001; #define EXT_TYPE_WINDOWS_LUID 0x00000001;
#define WINDOWS_LUID_LEN 0x00000008; #define WINDOWS_LUID_LEN 0x00000008;