[SmartcardServices-Changes] [148] releases/Apple/OSX-10.6.7
source_changes at macosforge.org
source_changes at macosforge.org
Fri Aug 24 15:06:02 PDT 2012
Revision: 148
http://trac.macosforge.org/projects/smartcardservices/changeset/148
Author: geddis at apple.com
Date: 2012-08-24 15:06:02 -0700 (Fri, 24 Aug 2012)
Log Message:
-----------
importing
Added Paths:
-----------
releases/Apple/OSX-10.6.7/APPLE_LICENSE
releases/Apple/OSX-10.6.7/BELPIC/
releases/Apple/OSX-10.6.7/BELPIC/BELPICAttributeCoder.cpp
releases/Apple/OSX-10.6.7/BELPIC/BELPICAttributeCoder.h
releases/Apple/OSX-10.6.7/BELPIC/BELPICError.cpp
releases/Apple/OSX-10.6.7/BELPIC/BELPICError.h
releases/Apple/OSX-10.6.7/BELPIC/BELPICKeyHandle.cpp
releases/Apple/OSX-10.6.7/BELPIC/BELPICKeyHandle.h
releases/Apple/OSX-10.6.7/BELPIC/BELPICRecord.cpp
releases/Apple/OSX-10.6.7/BELPIC/BELPICRecord.h
releases/Apple/OSX-10.6.7/BELPIC/BELPICSchema.cpp
releases/Apple/OSX-10.6.7/BELPIC/BELPICSchema.h
releases/Apple/OSX-10.6.7/BELPIC/BELPICToken.cpp
releases/Apple/OSX-10.6.7/BELPIC/BELPICToken.h
releases/Apple/OSX-10.6.7/BELPIC/Info.plist
releases/Apple/OSX-10.6.7/BELPIC/belpic.cpp
releases/Apple/OSX-10.6.7/BELPIC/mds/
releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_capabilities.mdsinfo
releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_capabilities_common.mds
releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_primary.mdsinfo
releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_dl_primary.mdsinfo
releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_smartcard.mdsinfo
releases/Apple/OSX-10.6.7/CAC/
releases/Apple/OSX-10.6.7/CAC/CACAttributeCoder.cpp
releases/Apple/OSX-10.6.7/CAC/CACAttributeCoder.h
releases/Apple/OSX-10.6.7/CAC/CACError.cpp
releases/Apple/OSX-10.6.7/CAC/CACError.h
releases/Apple/OSX-10.6.7/CAC/CACKeyHandle.cpp
releases/Apple/OSX-10.6.7/CAC/CACKeyHandle.h
releases/Apple/OSX-10.6.7/CAC/CACRecord.cpp
releases/Apple/OSX-10.6.7/CAC/CACRecord.h
releases/Apple/OSX-10.6.7/CAC/CACSchema.cpp
releases/Apple/OSX-10.6.7/CAC/CACSchema.h
releases/Apple/OSX-10.6.7/CAC/CACToken.cpp
releases/Apple/OSX-10.6.7/CAC/CACToken.h
releases/Apple/OSX-10.6.7/CAC/Info.plist
releases/Apple/OSX-10.6.7/CAC/cac.cpp
releases/Apple/OSX-10.6.7/CAC/mds/
releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_capabilities.mdsinfo
releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_capabilities_common.mds
releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_primary.mdsinfo
releases/Apple/OSX-10.6.7/CAC/mds/cac_dl_primary.mdsinfo
releases/Apple/OSX-10.6.7/CAC/mds/cac_smartcard.mdsinfo
releases/Apple/OSX-10.6.7/CACNG/
releases/Apple/OSX-10.6.7/CACNG/CACNGApplet.cpp
releases/Apple/OSX-10.6.7/CACNG/CACNGApplet.h
releases/Apple/OSX-10.6.7/CACNG/CACNGAttributeCoder.cpp
releases/Apple/OSX-10.6.7/CACNG/CACNGAttributeCoder.h
releases/Apple/OSX-10.6.7/CACNG/CACNGError.cpp
releases/Apple/OSX-10.6.7/CACNG/CACNGError.h
releases/Apple/OSX-10.6.7/CACNG/CACNGKeyHandle.cpp
releases/Apple/OSX-10.6.7/CACNG/CACNGKeyHandle.h
releases/Apple/OSX-10.6.7/CACNG/CACNGRecord.cpp
releases/Apple/OSX-10.6.7/CACNG/CACNGRecord.h
releases/Apple/OSX-10.6.7/CACNG/CACNGSchema.cpp
releases/Apple/OSX-10.6.7/CACNG/CACNGSchema.h
releases/Apple/OSX-10.6.7/CACNG/CACNGToken.cpp
releases/Apple/OSX-10.6.7/CACNG/CACNGToken.h
releases/Apple/OSX-10.6.7/CACNG/CompressionTool.cpp
releases/Apple/OSX-10.6.7/CACNG/CompressionTool.h
releases/Apple/OSX-10.6.7/CACNG/Info.plist
releases/Apple/OSX-10.6.7/CACNG/Padding.cpp
releases/Apple/OSX-10.6.7/CACNG/Padding.h
releases/Apple/OSX-10.6.7/CACNG/TLV.cpp
releases/Apple/OSX-10.6.7/CACNG/TLV.h
releases/Apple/OSX-10.6.7/CACNG/TLVTemplates.h
releases/Apple/OSX-10.6.7/CACNG/byte_string.h
releases/Apple/OSX-10.6.7/CACNG/cacng.cpp
releases/Apple/OSX-10.6.7/CACNG/mds/
releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_capabilities.mdsinfo
releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_capabilities_common.mds
releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_primary.mdsinfo
releases/Apple/OSX-10.6.7/CACNG/mds/cacng_dl_primary.mdsinfo
releases/Apple/OSX-10.6.7/CACNG/mds/cacng_smartcard.mdsinfo
releases/Apple/OSX-10.6.7/ChangeLog
releases/Apple/OSX-10.6.7/Info-tokend__Upgraded_.plist
releases/Apple/OSX-10.6.7/MuscleCard/
releases/Apple/OSX-10.6.7/MuscleCard/Info.plist
releases/Apple/OSX-10.6.7/MuscleCard/KeyRecord.cpp
releases/Apple/OSX-10.6.7/MuscleCard/KeyRecord.h
releases/Apple/OSX-10.6.7/MuscleCard/Msc/
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscACL.cpp
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscACL.h
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscError.cpp
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscError.h
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscKey.cpp
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscKey.h
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscObject.cpp
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscObject.h
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscPIN.cpp
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscPIN.h
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscToken.cpp
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscToken.h
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscTokenConnection.cpp
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscTokenConnection.h
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscWrappers.cpp
releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscWrappers.h
releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardAttributeCoder.cpp
releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardAttributeCoder.h
releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardKeyHandle.cpp
releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardKeyHandle.h
releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardSchema.cpp
releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardSchema.h
releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardToken.cpp
releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardToken.h
releases/Apple/OSX-10.6.7/MuscleCard/TokenRecord.cpp
releases/Apple/OSX-10.6.7/MuscleCard/TokenRecord.h
releases/Apple/OSX-10.6.7/MuscleCard/mds/
releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_capabilities.mdsinfo
releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_capabilities_common.mds
releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_primary.mdsinfo
releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_dl_primary.mdsinfo
releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_smartcard.mdsinfo
releases/Apple/OSX-10.6.7/MuscleCard/musclecard.cpp
releases/Apple/OSX-10.6.7/PIV/
releases/Apple/OSX-10.6.7/PIV/Info.plist
releases/Apple/OSX-10.6.7/PIV/PIVAttributeCoder.cpp
releases/Apple/OSX-10.6.7/PIV/PIVAttributeCoder.h
releases/Apple/OSX-10.6.7/PIV/PIVCCC.cpp
releases/Apple/OSX-10.6.7/PIV/PIVCCC.h
releases/Apple/OSX-10.6.7/PIV/PIVDefines.h
releases/Apple/OSX-10.6.7/PIV/PIVError.cpp
releases/Apple/OSX-10.6.7/PIV/PIVError.h
releases/Apple/OSX-10.6.7/PIV/PIVKeyHandle.cpp
releases/Apple/OSX-10.6.7/PIV/PIVKeyHandle.h
releases/Apple/OSX-10.6.7/PIV/PIVRecord.cpp
releases/Apple/OSX-10.6.7/PIV/PIVRecord.h
releases/Apple/OSX-10.6.7/PIV/PIVSchema.cpp
releases/Apple/OSX-10.6.7/PIV/PIVSchema.h
releases/Apple/OSX-10.6.7/PIV/PIVToken.cpp
releases/Apple/OSX-10.6.7/PIV/PIVToken.h
releases/Apple/OSX-10.6.7/PIV/PIVUtilities.h
releases/Apple/OSX-10.6.7/PIV/Padding.cpp
releases/Apple/OSX-10.6.7/PIV/Padding.h
releases/Apple/OSX-10.6.7/PIV/SecureBufferAllocator.h
releases/Apple/OSX-10.6.7/PIV/SecureBufferAllocator.inc
releases/Apple/OSX-10.6.7/PIV/TLV.cpp
releases/Apple/OSX-10.6.7/PIV/TLV.h
releases/Apple/OSX-10.6.7/PIV/TLV.inc
releases/Apple/OSX-10.6.7/PIV/byte_string.h
releases/Apple/OSX-10.6.7/PIV/mds/
releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_capabilities.mdsinfo
releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_capabilities_common.mds
releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_primary.mdsinfo
releases/Apple/OSX-10.6.7/PIV/mds/piv_dl_primary.mdsinfo
releases/Apple/OSX-10.6.7/PIV/mds/piv_smartcard.mdsinfo
releases/Apple/OSX-10.6.7/PIV/piv.cpp
releases/Apple/OSX-10.6.7/Tokend/
releases/Apple/OSX-10.6.7/Tokend/Adornment.cpp
releases/Apple/OSX-10.6.7/Tokend/Adornment.h
releases/Apple/OSX-10.6.7/Tokend/Attribute.cpp
releases/Apple/OSX-10.6.7/Tokend/Attribute.h
releases/Apple/OSX-10.6.7/Tokend/AttributeCoder.cpp
releases/Apple/OSX-10.6.7/Tokend/AttributeCoder.h
releases/Apple/OSX-10.6.7/Tokend/Cursor.cpp
releases/Apple/OSX-10.6.7/Tokend/Cursor.h
releases/Apple/OSX-10.6.7/Tokend/DbValue.cpp
releases/Apple/OSX-10.6.7/Tokend/DbValue.h
releases/Apple/OSX-10.6.7/Tokend/KeyHandle.cpp
releases/Apple/OSX-10.6.7/Tokend/KeyHandle.h
releases/Apple/OSX-10.6.7/Tokend/MetaAttribute.cpp
releases/Apple/OSX-10.6.7/Tokend/MetaAttribute.h
releases/Apple/OSX-10.6.7/Tokend/MetaRecord.cpp
releases/Apple/OSX-10.6.7/Tokend/MetaRecord.h
releases/Apple/OSX-10.6.7/Tokend/PKCS11Object.cpp
releases/Apple/OSX-10.6.7/Tokend/PKCS11Object.h
releases/Apple/OSX-10.6.7/Tokend/Record.cpp
releases/Apple/OSX-10.6.7/Tokend/Record.h
releases/Apple/OSX-10.6.7/Tokend/RecordHandle.cpp
releases/Apple/OSX-10.6.7/Tokend/RecordHandle.h
releases/Apple/OSX-10.6.7/Tokend/Relation.cpp
releases/Apple/OSX-10.6.7/Tokend/Relation.h
releases/Apple/OSX-10.6.7/Tokend/SCardError.cpp
releases/Apple/OSX-10.6.7/Tokend/SCardError.h
releases/Apple/OSX-10.6.7/Tokend/Schema.cpp
releases/Apple/OSX-10.6.7/Tokend/Schema.h
releases/Apple/OSX-10.6.7/Tokend/SelectionPredicate.cpp
releases/Apple/OSX-10.6.7/Tokend/SelectionPredicate.h
releases/Apple/OSX-10.6.7/Tokend/Token.cpp
releases/Apple/OSX-10.6.7/Tokend/Token.h
releases/Apple/OSX-10.6.7/Tokend/TokenContext.cpp
releases/Apple/OSX-10.6.7/Tokend/TokenContext.h
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.pbxproj
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.xcworkspace/
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.xcworkspace/contents.xcworkspacedata
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.xcworkspace/xcuserdata/
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.xcworkspace/xcuserdata/geddis.xcuserdatad/
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.xcworkspace/xcuserdata/geddis.xcuserdatad/UserInterfaceState.xcuserstate
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/BELPIC.xcscheme
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/CAC.xcscheme
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/CACNG.xcscheme
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/MuscleCard.xcscheme
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/PIV.xcscheme
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/libtokend.xcscheme
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/tokend.xcscheme
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/world.xcscheme
releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/xcschememanagement.plist
releases/Apple/OSX-10.6.7/testcms.sh
releases/Apple/OSX-10.6.7/testssl.sh
Added: releases/Apple/OSX-10.6.7/APPLE_LICENSE
===================================================================
--- releases/Apple/OSX-10.6.7/APPLE_LICENSE (rev 0)
+++ releases/Apple/OSX-10.6.7/APPLE_LICENSE 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,367 @@
+APPLE PUBLIC SOURCE LICENSE
+Version 2.0 - August 6, 2003
+
+Please read this License carefully before downloading this software.
+By downloading or using this software, you are agreeing to be bound by
+the terms of this License. If you do not or cannot agree to the terms
+of this License, please do not download or use the software.
+
+1. General; Definitions. This License applies to any program or other
+work which Apple Computer, Inc. ("Apple") makes publicly available and
+which contains a notice placed by Apple identifying such program or
+work as "Original Code" and stating that it is subject to the terms of
+this Apple Public Source License version 2.0 ("License"). As used in
+this License:
+
+1.1 "Applicable Patent Rights" mean: (a) in the case where Apple is
+the grantor of rights, (i) claims of patents that are now or hereafter
+acquired, owned by or assigned to Apple and (ii) that cover subject
+matter contained in the Original Code, but only to the extent
+necessary to use, reproduce and/or distribute the Original Code
+without infringement; and (b) in the case where You are the grantor of
+rights, (i) claims of patents that are now or hereafter acquired,
+owned by or assigned to You and (ii) that cover subject matter in Your
+Modifications, taken alone or in combination with Original Code.
+
+1.2 "Contributor" means any person or entity that creates or
+contributes to the creation of Modifications.
+
+1.3 "Covered Code" means the Original Code, Modifications, the
+combination of Original Code and any Modifications, and/or any
+respective portions thereof.
+
+1.4 "Externally Deploy" means: (a) to sublicense, distribute or
+otherwise make Covered Code available, directly or indirectly, to
+anyone other than You; and/or (b) to use Covered Code, alone or as
+part of a Larger Work, in any way to provide a service, including but
+not limited to delivery of content, through electronic communication
+with a client other than You.
+
+1.5 "Larger Work" means a work which combines Covered Code or portions
+thereof with code not governed by the terms of this License.
+
+1.6 "Modifications" mean any addition to, deletion from, and/or change
+to, the substance and/or structure of the Original Code, any previous
+Modifications, the combination of Original Code and any previous
+Modifications, and/or any respective portions thereof. When code is
+released as a series of files, a Modification is: (a) any addition to
+or deletion from the contents of a file containing Covered Code;
+and/or (b) any new file or other representation of computer program
+statements that contains any part of Covered Code.
+
+1.7 "Original Code" means (a) the Source Code of a program or other
+work as originally made available by Apple under this License,
+including the Source Code of any updates or upgrades to such programs
+or works made available by Apple under this License, and that has been
+expressly identified by Apple as such in the header file(s) of such
+work; and (b) the object code compiled from such Source Code and
+originally made available by Apple under this License.
+
+1.8 "Source Code" means the human readable form of a program or other
+work that is suitable for making modifications to it, including all
+modules it contains, plus any associated interface definition files,
+scripts used to control compilation and installation of an executable
+(object code).
+
+1.9 "You" or "Your" means an individual or a legal entity exercising
+rights under this License. For legal entities, "You" or "Your"
+includes any entity which controls, is controlled by, or is under
+common control with, You, where "control" means (a) the power, direct
+or indirect, to cause the direction or management of such entity,
+whether by contract or otherwise, or (b) ownership of fifty percent
+(50%) or more of the outstanding shares or beneficial ownership of
+such entity.
+
+2. Permitted Uses; Conditions & Restrictions. Subject to the terms
+and conditions of this License, Apple hereby grants You, effective on
+the date You accept this License and download the Original Code, a
+world-wide, royalty-free, non-exclusive license, to the extent of
+Apple's Applicable Patent Rights and copyrights covering the Original
+Code, to do the following:
+
+2.1 Unmodified Code. You may use, reproduce, display, perform,
+internally distribute within Your organization, and Externally Deploy
+verbatim, unmodified copies of the Original Code, for commercial or
+non-commercial purposes, provided that in each instance:
+
+(a) You must retain and reproduce in all copies of Original Code the
+copyright and other proprietary notices and disclaimers of Apple as
+they appear in the Original Code, and keep intact all notices in the
+Original Code that refer to this License; and
+
+(b) You must include a copy of this License with every copy of Source
+Code of Covered Code and documentation You distribute or Externally
+Deploy, and You may not offer or impose any terms on such Source Code
+that alter or restrict this License or the recipients' rights
+hereunder, except as permitted under Section 6.
+
+2.2 Modified Code. You may modify Covered Code and use, reproduce,
+display, perform, internally distribute within Your organization, and
+Externally Deploy Your Modifications and Covered Code, for commercial
+or non-commercial purposes, provided that in each instance You also
+meet all of these conditions:
+
+(a) You must satisfy all the conditions of Section 2.1 with respect to
+the Source Code of the Covered Code;
+
+(b) You must duplicate, to the extent it does not already exist, the
+notice in Exhibit A in each file of the Source Code of all Your
+Modifications, and cause the modified files to carry prominent notices
+stating that You changed the files and the date of any change; and
+
+(c) If You Externally Deploy Your Modifications, You must make
+Source Code of all Your Externally Deployed Modifications either
+available to those to whom You have Externally Deployed Your
+Modifications, or publicly available. Source Code of Your Externally
+Deployed Modifications must be released under the terms set forth in
+this License, including the license grants set forth in Section 3
+below, for as long as you Externally Deploy the Covered Code or twelve
+(12) months from the date of initial External Deployment, whichever is
+longer. You should preferably distribute the Source Code of Your
+Externally Deployed Modifications electronically (e.g. download from a
+web site).
+
+2.3 Distribution of Executable Versions. In addition, if You
+Externally Deploy Covered Code (Original Code and/or Modifications) in
+object code, executable form only, You must include a prominent
+notice, in the code itself as well as in related documentation,
+stating that Source Code of the Covered Code is available under the
+terms of this License with information on how and where to obtain such
+Source Code.
+
+2.4 Third Party Rights. You expressly acknowledge and agree that
+although Apple and each Contributor grants the licenses to their
+respective portions of the Covered Code set forth herein, no
+assurances are provided by Apple or any Contributor that the Covered
+Code does not infringe the patent or other intellectual property
+rights of any other entity. Apple and each Contributor disclaim any
+liability to You for claims brought by any other entity based on
+infringement of intellectual property rights or otherwise. As a
+condition to exercising the rights and licenses granted hereunder, You
+hereby assume sole responsibility to secure any other intellectual
+property rights needed, if any. For example, if a third party patent
+license is required to allow You to distribute the Covered Code, it is
+Your responsibility to acquire that license before distributing the
+Covered Code.
+
+3. Your Grants. In consideration of, and as a condition to, the
+licenses granted to You under this License, You hereby grant to any
+person or entity receiving or distributing Covered Code under this
+License a non-exclusive, royalty-free, perpetual, irrevocable license,
+under Your Applicable Patent Rights and other intellectual property
+rights (other than patent) owned or controlled by You, to use,
+reproduce, display, perform, modify, sublicense, distribute and
+Externally Deploy Your Modifications of the same scope and extent as
+Apple's licenses under Sections 2.1 and 2.2 above.
+
+4. Larger Works. You may create a Larger Work by combining Covered
+Code with other code not governed by the terms of this License and
+distribute the Larger Work as a single product. In each such instance,
+You must make sure the requirements of this License are fulfilled for
+the Covered Code or any portion thereof.
+
+5. Limitations on Patent License. Except as expressly stated in
+Section 2, no other patent rights, express or implied, are granted by
+Apple herein. Modifications and/or Larger Works may require additional
+patent licenses from Apple which Apple may grant in its sole
+discretion.
+
+6. Additional Terms. You may choose to offer, and to charge a fee for,
+warranty, support, indemnity or liability obligations and/or other
+rights consistent with the scope of the license granted herein
+("Additional Terms") to one or more recipients of Covered Code.
+However, You may do so only on Your own behalf and as Your sole
+responsibility, and not on behalf of Apple or any Contributor. You
+must obtain the recipient's agreement that any such Additional Terms
+are offered by You alone, and You hereby agree to indemnify, defend
+and hold Apple and every Contributor harmless for any liability
+incurred by or claims asserted against Apple or such Contributor by
+reason of any such Additional Terms.
+
+7. Versions of the License. Apple may publish revised and/or new
+versions of this License from time to time. Each version will be given
+a distinguishing version number. Once Original Code has been published
+under a particular version of this License, You may continue to use it
+under the terms of that version. You may also choose to use such
+Original Code under the terms of any subsequent version of this
+License published by Apple. No one other than Apple has the right to
+modify the terms applicable to Covered Code created under this
+License.
+
+8. NO WARRANTY OR SUPPORT. The Covered Code may contain in whole or in
+part pre-release, untested, or not fully tested works. The Covered
+Code may contain errors that could cause failures or loss of data, and
+may be incomplete or contain inaccuracies. You expressly acknowledge
+and agree that use of the Covered Code, or any portion thereof, is at
+Your sole and entire risk. THE COVERED CODE IS PROVIDED "AS IS" AND
+WITHOUT WARRANTY, UPGRADES OR SUPPORT OF ANY KIND AND APPLE AND
+APPLE'S LICENSOR(S) (COLLECTIVELY REFERRED TO AS "APPLE" FOR THE
+PURPOSES OF SECTIONS 8 AND 9) AND ALL CONTRIBUTORS EXPRESSLY DISCLAIM
+ALL WARRANTIES AND/OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING, BUT
+NOT LIMITED TO, THE IMPLIED WARRANTIES AND/OR CONDITIONS OF
+MERCHANTABILITY, OF SATISFACTORY QUALITY, OF FITNESS FOR A PARTICULAR
+PURPOSE, OF ACCURACY, OF QUIET ENJOYMENT, AND NONINFRINGEMENT OF THIRD
+PARTY RIGHTS. APPLE AND EACH CONTRIBUTOR DOES NOT WARRANT AGAINST
+INTERFERENCE WITH YOUR ENJOYMENT OF THE COVERED CODE, THAT THE
+FUNCTIONS CONTAINED IN THE COVERED CODE WILL MEET YOUR REQUIREMENTS,
+THAT THE OPERATION OF THE COVERED CODE WILL BE UNINTERRUPTED OR
+ERROR-FREE, OR THAT DEFECTS IN THE COVERED CODE WILL BE CORRECTED. NO
+ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY APPLE, AN APPLE
+AUTHORIZED REPRESENTATIVE OR ANY CONTRIBUTOR SHALL CREATE A WARRANTY.
+You acknowledge that the Covered Code is not intended for use in the
+operation of nuclear facilities, aircraft navigation, communication
+systems, or air traffic control machines in which case the failure of
+the Covered Code could lead to death, personal injury, or severe
+physical or environmental damage.
+
+9. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO
+EVENT SHALL APPLE OR ANY CONTRIBUTOR BE LIABLE FOR ANY INCIDENTAL,
+SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING
+TO THIS LICENSE OR YOUR USE OR INABILITY TO USE THE COVERED CODE, OR
+ANY PORTION THEREOF, WHETHER UNDER A THEORY OF CONTRACT, WARRANTY,
+TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY OR OTHERWISE, EVEN IF
+APPLE OR SUCH CONTRIBUTOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY
+REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY OF
+INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY
+TO YOU. In no event shall Apple's total liability to You for all
+damages (other than as may be required by applicable law) under this
+License exceed the amount of fifty dollars ($50.00).
+
+10. Trademarks. This License does not grant any rights to use the
+trademarks or trade names "Apple", "Apple Computer", "Mac", "Mac OS",
+"QuickTime", "QuickTime Streaming Server" or any other trademarks,
+service marks, logos or trade names belonging to Apple (collectively
+"Apple Marks") or to any trademark, service mark, logo or trade name
+belonging to any Contributor. You agree not to use any Apple Marks in
+or as part of the name of products derived from the Original Code or
+to endorse or promote products derived from the Original Code other
+than as expressly permitted by and in strict compliance at all times
+with Apple's third party trademark usage guidelines which are posted
+at http://www.apple.com/legal/guidelinesfor3rdparties.html.
+
+11. Ownership. Subject to the licenses granted under this License,
+each Contributor retains all rights, title and interest in and to any
+Modifications made by such Contributor. Apple retains all rights,
+title and interest in and to the Original Code and any Modifications
+made by or on behalf of Apple ("Apple Modifications"), and such Apple
+Modifications will not be automatically subject to this License. Apple
+may, at its sole discretion, choose to license such Apple
+Modifications under this License, or on different terms from those
+contained in this License or may choose not to license them at all.
+
+12. Termination.
+
+12.1 Termination. This License and the rights granted hereunder will
+terminate:
+
+(a) automatically without notice from Apple if You fail to comply with
+any term(s) of this License and fail to cure such breach within 30
+days of becoming aware of such breach;
+
+(b) immediately in the event of the circumstances described in Section
+13.5(b); or
+
+(c) automatically without notice from Apple if You, at any time during
+the term of this License, commence an action for patent infringement
+against Apple; provided that Apple did not first commence
+an action for patent infringement against You in that instance.
+
+12.2 Effect of Termination. Upon termination, You agree to immediately
+stop any further use, reproduction, modification, sublicensing and
+distribution of the Covered Code. All sublicenses to the Covered Code
+which have been properly granted prior to termination shall survive
+any termination of this License. Provisions which, by their nature,
+should remain in effect beyond the termination of this License shall
+survive, including but not limited to Sections 3, 5, 8, 9, 10, 11,
+12.2 and 13. No party will be liable to any other for compensation,
+indemnity or damages of any sort solely as a result of terminating
+this License in accordance with its terms, and termination of this
+License will be without prejudice to any other right or remedy of
+any party.
+
+13. Miscellaneous.
+
+13.1 Government End Users. The Covered Code is a "commercial item" as
+defined in FAR 2.101. Government software and technical data rights in
+the Covered Code include only those rights customarily provided to the
+public as defined in this License. This customary commercial license
+in technical data and software is provided in accordance with FAR
+12.211 (Technical Data) and 12.212 (Computer Software) and, for
+Department of Defense purchases, DFAR 252.227-7015 (Technical Data --
+Commercial Items) and 227.7202-3 (Rights in Commercial Computer
+Software or Computer Software Documentation). Accordingly, all U.S.
+Government End Users acquire Covered Code with only those rights set
+forth herein.
+
+13.2 Relationship of Parties. This License will not be construed as
+creating an agency, partnership, joint venture or any other form of
+legal association between or among You, Apple or any Contributor, and
+You will not represent to the contrary, whether expressly, by
+implication, appearance or otherwise.
+
+13.3 Independent Development. Nothing in this License will impair
+Apple's right to acquire, license, develop, have others develop for
+it, market and/or distribute technology or products that perform the
+same or similar functions as, or otherwise compete with,
+Modifications, Larger Works, technology or products that You may
+develop, produce, market or distribute.
+
+13.4 Waiver; Construction. Failure by Apple or any Contributor to
+enforce any provision of this License will not be deemed a waiver of
+future enforcement of that or any other provision. Any law or
+regulation which provides that the language of a contract shall be
+construed against the drafter will not apply to this License.
+
+13.5 Severability. (a) If for any reason a court of competent
+jurisdiction finds any provision of this License, or portion thereof,
+to be unenforceable, that provision of the License will be enforced to
+the maximum extent permissible so as to effect the economic benefits
+and intent of the parties, and the remainder of this License will
+continue in full force and effect. (b) Notwithstanding the foregoing,
+if applicable law prohibits or restricts You from fully and/or
+specifically complying with Sections 2 and/or 3 or prevents the
+enforceability of either of those Sections, this License will
+immediately terminate and You must immediately discontinue any use of
+the Covered Code and destroy all copies of it that are in your
+possession or control.
+
+13.6 Dispute Resolution. Any litigation or other dispute resolution
+between You and Apple relating to this License shall take place in the
+Northern District of California, and You and Apple hereby consent to
+the personal jurisdiction of, and venue in, the state and federal
+courts within that District with respect to this License. The
+application of the United Nations Convention on Contracts for the
+International Sale of Goods is expressly excluded.
+
+13.7 Entire Agreement; Governing Law. This License constitutes the
+entire agreement between the parties with respect to the subject
+matter hereof. This License shall be governed by the laws of the
+United States and the State of California, except that body of
+California law concerning conflicts of law.
+
+Where You are located in the province of Quebec, Canada, the following
+clause applies: The parties hereby confirm that they have requested
+that this License and all related documents be drafted in English. Les
+parties ont exige que le present contrat et tous les documents
+connexes soient rediges en anglais.
+
+EXHIBIT A.
+
+"Portions Copyright (c) 1999-2003 Apple Computer, Inc. All Rights
+Reserved.
+
+This file contains Original Code and/or Modifications of Original Code
+as defined in and that are subject to the Apple Public Source License
+Version 2.0 (the 'License'). You may not use this file except in
+compliance with the License. Please obtain a copy of the License at
+http://www.opensource.apple.com/apsl/ and read it before using this
+file.
+
+The Original Code and all software distributed under the License are
+distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+Please see the License for the specific language governing rights and
+limitations under the License."
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICAttributeCoder.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICAttributeCoder.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICAttributeCoder.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICAttributeCoder.cpp
+ * TokendMuscle
+ */
+
+#include "BELPICAttributeCoder.h"
+
+#include "Adornment.h"
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include "BELPICRecord.h"
+#include "BELPICToken.h"
+
+#include <Security/SecKeychainItem.h>
+#include <security_cdsa_utilities/cssmkey.h>
+
+using namespace Tokend;
+
+
+//
+// BELPICDataAttributeCoder
+//
+BELPICDataAttributeCoder::~BELPICDataAttributeCoder()
+{
+}
+
+void BELPICDataAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ BELPICRecord &belpicRecord = dynamic_cast<BELPICRecord &>(record);
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ belpicRecord.getDataAttribute(tokenContext));
+}
+
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICAttributeCoder.h
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICAttributeCoder.h (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICAttributeCoder.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICAttributeCoder.h
+ * TokendMuscle
+ */
+
+#ifndef _BELPICATTRIBUTECODER_H_
+#define _BELPICATTRIBUTECODER_H_
+
+#include "AttributeCoder.h"
+#include <string>
+
+#include <PCSC/musclecard.h>
+
+
+//
+// A coder that reads the data of an object
+//
+class BELPICDataAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(BELPICDataAttributeCoder)
+public:
+
+ BELPICDataAttributeCoder() {}
+ virtual ~BELPICDataAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+
+#endif /* !_BELPICATTRIBUTECODER_H_ */
+
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICError.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICError.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICError.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICError.cpp
+ * TokendMuscle
+ */
+
+#include "BELPICError.h"
+
+#include <Security/cssmerr.h>
+
+//
+// BELPICError exceptions
+//
+BELPICError::BELPICError(uint16_t sw) : SCardError(sw)
+{
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+ IFDEBUG(debugDiagnose(this));
+#else
+ SECURITY_EXCEPTION_THROW_OTHER(this, sw, (char *)"BELPIC");
+#endif
+}
+
+BELPICError::~BELPICError() throw ()
+{
+}
+
+const char *BELPICError::what() const throw ()
+{ return "BELPIC error"; }
+
+void BELPICError::throwMe(uint16_t sw)
+{ throw BELPICError(sw); }
+
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
+#if !defined(NDEBUG)
+
+void BELPICError::debugDiagnose(const void *id) const
+{
+ secdebug("exception", "%p BELPICError %s (%04hX)",
+ id, errorstr(statusWord), statusWord);
+}
+
+#endif //NDEBUG
+
+#endif // MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICError.h
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICError.h (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICError.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICError.h
+ * TokendMuscle
+ */
+
+#ifndef _BELPICERROR_H_
+#define _BELPICERROR_H_
+
+#include "SCardError.h"
+
+
+class BELPICError : public Tokend::SCardError
+{
+protected:
+ BELPICError(uint16_t sw);
+ virtual ~BELPICError() throw ();
+public:
+ virtual const char *what () const throw ();
+
+ static void check(uint16_t sw) { if (sw != SCARD_SUCCESS) throwMe(sw); }
+ static void throwMe(uint16_t sw) __attribute__((noreturn));
+protected:
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+ IFDEBUG(void debugDiagnose(const void *id) const;)
+#endif
+};
+
+#endif /* !_BELPICERROR_H_ */
+
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICKeyHandle.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICKeyHandle.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICKeyHandle.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,274 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICKeyHandle.cpp
+ * TokendMuscle
+ */
+
+#include "BELPICKeyHandle.h"
+
+#include "BELPICRecord.h"
+#include "BELPICToken.h"
+
+#include <security_utilities/debugging.h>
+#include <security_utilities/utilities.h>
+#include <security_cdsa_utilities/cssmerrors.h>
+#include <Security/cssmerr.h>
+
+
+//
+// BELPICKeyHandle
+//
+BELPICKeyHandle::BELPICKeyHandle(BELPICToken &belpicToken,
+ const Tokend::MetaRecord &metaRecord, BELPICKeyRecord &cacKey) :
+ Tokend::KeyHandle(metaRecord, &cacKey),
+ mToken(belpicToken), mKey(cacKey)
+{
+}
+
+BELPICKeyHandle::~BELPICKeyHandle()
+{
+}
+
+void BELPICKeyHandle::getKeySize(CSSM_KEY_SIZE &keySize)
+{
+ secdebug("crypto", "getKeySize");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+uint32 BELPICKeyHandle::getOutputSize(const Context &context,
+ uint32 inputSize, bool encrypting)
+{
+ secdebug("crypto", "getOutputSize");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+static const unsigned char sha1sigheader[] =
+{
+ 0x30, // SEQUENCE
+ 0x21, // LENGTH
+ 0x30, // SEQUENCE
+ 0x09, // LENGTH
+ 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1a, // SHA1 OID (1 4 14 3 2 26)
+ 0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
+ 0x04, 0x14 // OCTECT STRING (20 bytes)
+};
+
+static const unsigned char md5sigheader[] =
+{
+ 0x30, // SEQUENCE
+ 0x20, // LENGTH
+ 0x30, // SEQUENCE
+ 0x0C, // LENGTH
+ // MD5 OID (1 2 840 113549 2 5)
+ 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
+ 0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
+ 0x04, 0x10 // OCTECT STRING (16 bytes)
+};
+
+void BELPICKeyHandle::generateSignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, CssmData &signature)
+{
+ secdebug("crypto", "generateSignature alg: %u signOnly: %u",
+ context.algorithm(), signOnly);
+ IFDUMPING("crypto", context.dump("signature context"));
+
+ if (context.type() != CSSM_ALGCLASS_SIGNATURE)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+
+ if (context.algorithm() != CSSM_ALGID_RSA)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+
+ // Find out if we are doing a SHA1 or MD5 signature and setup header to
+ // point to the right asn1 blob.
+ const unsigned char *header;
+ size_t headerLength;
+ if (signOnly == CSSM_ALGID_SHA1)
+ {
+ if (input.Length != 20)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ header = sha1sigheader;
+ headerLength = sizeof(sha1sigheader);
+ }
+ else if (signOnly == CSSM_ALGID_MD5)
+ {
+ if (input.Length != 16)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ header = md5sigheader;
+ headerLength = sizeof(md5sigheader);
+ }
+ else if (signOnly == CSSM_ALGID_NONE)
+ {
+ // Special case used by SSL it's an RSA signature, without the ASN1
+ // stuff
+ header = NULL;
+ headerLength = 0;
+
+ // @@@ Fix me
+ //CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+ }
+ else
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DIGEST_ALGORITHM);
+
+#if 0
+ // @@@ Hack for BELPIC card!
+ header = NULL;
+ headerLength = 0;
+#endif
+
+ // Create an input buffer in which we construct the data we will send to
+ // the token.
+ size_t inputDataSize = headerLength + input.Length;
+ size_t keyLength = mKey.sizeInBits() / 8;
+ auto_array<unsigned char> inputData(keyLength);
+ unsigned char *to = inputData.get();
+
+ // Get padding, but default to pkcs1 style padding
+ uint32 padding = CSSM_PADDING_PKCS1;
+ context.getInt(CSSM_ATTRIBUTE_PADDING, padding);
+
+#if 1
+ if (padding != CSSM_PADDING_PKCS1)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+#else
+ if (padding == CSSM_PADDING_PKCS1)
+ {
+ // Add PKCS1 style padding
+ *(to++) = 0;
+ *(to++) = 1; /* Private Key Block Type. */
+ size_t padLength = keyLength - 3 - inputDataSize;
+ memset(to, 0xff, padLength);
+ to += padLength;
+ *(to++) = 0;
+ inputDataSize = keyLength;
+ }
+ else if (padding == CSSM_PADDING_NONE)
+ {
+ // Token will fail if the input data isn't exactly keysize / 8 octects
+ // long
+ }
+ else
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+#endif
+
+ // Now copy the ASN1 header into the input buffer.
+ // This header is the DER encoding of
+ // DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier,
+ // digest OCTET STRING }
+ // Where AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER,
+ // parameters OPTIONAL ANY }
+ if (headerLength)
+ {
+ memcpy(to, header, headerLength);
+ to += headerLength;
+ }
+
+ // Finally copy the passed in data to the input buffer.
+ memcpy(to, input.Data, input.Length);
+
+ // @@@ Switch to using tokend allocators
+ unsigned char *outputData =
+ reinterpret_cast<unsigned char *>(malloc(keyLength));
+ size_t outputLength = keyLength;
+ try
+ {
+ const AccessCredentials *cred = context.get<const AccessCredentials>(
+ CSSM_ATTRIBUTE_ACCESS_CREDENTIALS);
+ // Sign the inputData using the token
+ mKey.computeCrypt(mToken, true, cred, inputData.get(), inputDataSize,
+ outputData, outputLength);
+ }
+ catch (...)
+ {
+ // @@@ Switch to using tokend allocators
+ free(outputData);
+ throw;
+ }
+
+ signature.Data = outputData;
+ signature.Length = outputLength;
+}
+
+void BELPICKeyHandle::verifySignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, const CssmData &signature)
+{
+ secdebug("crypto", "verifySignature");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void BELPICKeyHandle::generateMac(const Context &context,
+ const CssmData &input, CssmData &output)
+{
+ secdebug("crypto", "generateMac");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void BELPICKeyHandle::verifyMac(const Context &context,
+ const CssmData &input, const CssmData &compare)
+{
+ secdebug("crypto", "verifyMac");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void BELPICKeyHandle::encrypt(const Context &context,
+ const CssmData &clear, CssmData &cipher)
+{
+ secdebug("crypto", "encrypt");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void BELPICKeyHandle::decrypt(const Context &context,
+ const CssmData &cipher, CssmData &clear)
+{
+ secdebug("crypto", "decrypt alg: %u", context.algorithm());
+ CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT);
+}
+
+void BELPICKeyHandle::exportKey(const Context &context,
+ const AccessCredentials *cred, CssmKey &wrappedKey)
+{
+ secdebug("crypto", "exportKey");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+
+//
+// BELPICKeyHandleFactory
+//
+BELPICKeyHandleFactory::~BELPICKeyHandleFactory()
+{
+}
+
+
+Tokend::KeyHandle *BELPICKeyHandleFactory::keyHandle(
+ Tokend::TokenContext *tokenContext, const Tokend::MetaRecord &metaRecord,
+ Tokend::Record &record) const
+{
+ BELPICKeyRecord &key = dynamic_cast<BELPICKeyRecord &>(record);
+ BELPICToken &belpicToken = static_cast<BELPICToken &>(*tokenContext);
+ return new BELPICKeyHandle(belpicToken, metaRecord, key);
+}
+
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICKeyHandle.h
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICKeyHandle.h (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICKeyHandle.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICKeyHandle.h
+ * TokendMuscle
+ */
+
+#ifndef _BELPICKEYHANDLE_H_
+#define _BELPICKEYHANDLE_H_
+
+#include "KeyHandle.h"
+
+class BELPICToken;
+class BELPICKeyRecord;
+
+
+//
+// A KeyHandle object which implements the crypto interface to muscle.
+//
+class BELPICKeyHandle: public Tokend::KeyHandle
+{
+ NOCOPY(BELPICKeyHandle)
+public:
+ BELPICKeyHandle(BELPICToken &belpicToken,
+ const Tokend::MetaRecord &metaRecord, BELPICKeyRecord &cacKey);
+ ~BELPICKeyHandle();
+
+ virtual void getKeySize(CSSM_KEY_SIZE &keySize);
+ virtual uint32 getOutputSize(const Context &context, uint32 inputSize,
+ bool encrypting);
+ virtual void generateSignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, CssmData &signature);
+ virtual void verifySignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input,
+ const CssmData &signature);
+ virtual void generateMac(const Context &context, const CssmData &input,
+ CssmData &output);
+ virtual void verifyMac(const Context &context, const CssmData &input,
+ const CssmData &compare);
+ virtual void encrypt(const Context &context, const CssmData &clear,
+ CssmData &cipher);
+ virtual void decrypt(const Context &context, const CssmData &cipher,
+ CssmData &clear);
+
+ virtual void exportKey(const Context &context,
+ const AccessCredentials *cred, CssmKey &wrappedKey);
+
+private:
+ BELPICToken &mToken;
+ BELPICKeyRecord &mKey;
+};
+
+
+//
+// A factory that creates BELPICKeyHandle objects.
+//
+class BELPICKeyHandleFactory : public Tokend::KeyHandleFactory
+{
+ NOCOPY(BELPICKeyHandleFactory)
+public:
+ BELPICKeyHandleFactory() {}
+ virtual ~BELPICKeyHandleFactory();
+
+ virtual Tokend::KeyHandle *keyHandle(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaRecord &metaRecord, Tokend::Record &record) const;
+};
+
+
+#endif /* !_BELPICKEYHANDLE_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICRecord.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICRecord.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICRecord.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,265 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICRecord.cpp
+ * TokendMuscle
+ */
+
+#include "BELPICRecord.h"
+
+#include "BELPICError.h"
+#include "BELPICToken.h"
+#include "Attribute.h"
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include <security_cdsa_client/aclclient.h>
+#include <Security/SecKey.h>
+
+
+//
+// BELPICRecord
+//
+BELPICRecord::~BELPICRecord()
+{
+}
+
+//
+// BELPICCertificateRecord
+//
+BELPICBinaryFileRecord::~BELPICBinaryFileRecord()
+{
+}
+
+#define BELPIC_MAXSIZE_CERT 4000
+
+BELPICCertificateRecord::~BELPICCertificateRecord()
+{
+}
+
+Tokend::Attribute *BELPICCertificateRecord::getDataAttribute(
+ Tokend::TokenContext *tokenContext)
+{
+ CssmData data;
+ BELPICToken &belpicToken = static_cast<BELPICToken &>(*tokenContext);
+ if (belpicToken.cachedObject(0, mDescription, data))
+ {
+ Tokend::Attribute *attribute = new Tokend::Attribute(data.Data,
+ data.Length);
+ free(data.Data);
+ return attribute;
+ }
+
+ PCSC::Transaction _(belpicToken);
+ belpicToken.select(mDF, mEF);
+
+ uint8 certificate[BELPIC_MAXSIZE_CERT];
+ size_t certificateLength = sizeof(certificate);
+ belpicToken.readBinary(certificate, certificateLength);
+ data.Data = certificate;
+ data.Length = certificateLength;
+
+ /* Zetes: the cert files on cards older then V1.0 have padding bytes
+ * at the end (to allow updates that might be longer then the current
+ * cert). This works fine for certificate selection (keychain) but
+ * gives problems during an SSL handshake. So we first remove those
+ * padding bytes by adapting the data.Length. */
+ if (certificateLength > 500 && certificate[0] == 0x30 && certificate[1] == 0x82)
+ {
+ size_t realCertLength = 256 * certificate[2] + certificate[3] + 4;
+ if (realCertLength > 500 && realCertLength < certificateLength)
+ data.Length = realCertLength;
+ }
+
+ belpicToken.cacheObject(0, mDescription, data);
+
+ return new Tokend::Attribute(data.Data, data.Length);
+}
+
+//
+// BELPICProtectedRecord
+//
+BELPICProtectedRecord::~BELPICProtectedRecord()
+{
+}
+
+Tokend::Attribute *BELPICProtectedRecord::getDataAttribute(Tokend::TokenContext *tokenContext)
+{
+ // no caching
+ CssmData data;
+ BELPICToken &belpicToken = static_cast<BELPICToken &>(*tokenContext);
+
+ PCSC::Transaction _(belpicToken);
+ belpicToken.select(mDF, mEF);
+
+ uint8 certificate[BELPIC_MAXSIZE_CERT];
+ size_t certificateLength = sizeof(certificate);
+ belpicToken.readBinary(certificate, certificateLength);
+ data.Data = certificate;
+ data.Length = certificateLength;
+
+ return new Tokend::Attribute(data.Data, data.Length);
+}
+
+void BELPICProtectedRecord::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ if (!mAclEntries) {
+ mAclEntries.allocator(Allocator::standard());
+ // Reading this object's data requires PIN1
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 1),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+//
+// BELPICKeyRecord
+//
+BELPICKeyRecord::BELPICKeyRecord(const uint8_t *keyId,
+ const char *description, const Tokend::MetaRecord &metaRecord,
+ bool signOnly) :
+ BELPICRecord(description),
+ mKeyId(keyId),
+ mSignOnly(signOnly)
+{
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).attributeIndex(),
+ new Tokend::Attribute(!signOnly));
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeyUnwrap).attributeIndex(),
+ new Tokend::Attribute(!signOnly));
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeySign).attributeIndex(),
+ new Tokend::Attribute(signOnly));
+}
+
+BELPICKeyRecord::~BELPICKeyRecord()
+{
+}
+
+void BELPICKeyRecord::computeCrypt(BELPICToken &belpicToken, bool sign,
+ const AccessCredentials *cred, const unsigned char *data,
+ size_t dataLength, unsigned char *output, size_t &outputLength)
+{
+ PCSC::Transaction _(belpicToken);
+ belpicToken.selectKeyForSign(mKeyId);
+
+ if (cred)
+ {
+ uint32 size = cred->size();
+ for (uint32 ix = 0; ix < size; ++ix)
+ {
+ const TypedList &sample = (*cred)[ix];
+ if (sample.type() == CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD
+ && sample.length() == 2)
+ {
+ CssmData &pin = sample[1].data();
+ if (pin.Length >= BELPIC_MIN_PIN_LEN &&
+ pin.Length <= BELPIC_MAX_PIN_LEN)
+ {
+ belpicToken._verifyPIN(1, pin.Data, pin.Length);
+ break;
+ }
+ else if (pin.Length == 0)
+ {
+ // %%% <rdar://4334623>
+ // PIN previously verified by securityd;
+ // continue to look at remaining samples
+ }
+ else
+ {
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+ }
+ }
+ }
+
+ }
+
+ if (dataLength > sizeInBits() / 8)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ if (sign != mSignOnly)
+ CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT);
+
+ size_t apduSize = dataLength + 5;
+ unsigned char apdu[apduSize];
+ size_t resultLength = sizeInBits() / 8 + 2;
+ unsigned char result[resultLength];
+
+ apdu[0] = 0x00;
+ apdu[1] = 0x2A;
+ apdu[2] = 0x9E;
+ apdu[3] = 0x9A;
+ apdu[4] = dataLength;
+ memcpy(apdu + 5, data, dataLength);
+ BELPICError::check(belpicToken.exchangeAPDU(apdu, apduSize, result,
+ resultLength));
+ if (resultLength != sizeInBits() / 8 + 2)
+ {
+ secdebug("cac", " %s: computeCrypt: expected size: %ld, got: %ld",
+ mDescription, sizeInBits() / 8 + 2, resultLength);
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+
+ if (outputLength < resultLength - 2)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ outputLength = resultLength - 2;
+ memcpy(output, result, outputLength);
+}
+
+void BELPICKeyRecord::getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&acls)
+{
+ // @@@ Key 1 has any acl for sign, key 2 has pin1 acl, and key3 has pin1
+ // acl with auto-lock which we express as a prompted password subject.
+ if (!mAclEntries) {
+ mAclEntries.allocator(Allocator::standard());
+ // Anyone can read the DB record for this key (which is a reference
+ // CSSM_KEY)
+ mAclEntries.add(CssmClient::AclFactory::AnySubject(
+ mAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ // Setup the remainder of the acl based on the key type.
+
+ //PIN1 is hardcoded for now
+ // Apparently, PINS other than '1' are not yet supported by TokenD.
+ char tmptag[20];
+ snprintf(tmptag, sizeof(tmptag), "PIN%d", 1);
+ if (*mKeyId == 0x82)
+ {
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 1),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, 0), tmptag);
+ }
+ else if (*mKeyId == 0x83)
+ {
+ CssmData prompt;
+ mAclEntries.add(CssmClient::AclFactory::PromptPWSubject(
+ mAclEntries.allocator(), prompt),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, 0), tmptag);
+ }
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICRecord.h
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICRecord.h (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICRecord.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICRecord.h
+ * TokendMuscle
+ */
+
+#ifndef _BELPICRECORD_H_
+#define _BELPICRECORD_H_
+
+#include "Record.h"
+
+#include <security_cdsa_utilities/cssmcred.h>
+
+class BELPICToken;
+
+class BELPICRecord : public Tokend::Record
+{
+ NOCOPY(BELPICRecord)
+public:
+ BELPICRecord(const char *description) :
+ mDescription(description) {}
+ virtual ~BELPICRecord();
+
+ virtual const char *description() { return mDescription; }
+
+protected:
+ const char *mDescription;
+};
+
+
+class BELPICBinaryFileRecord : public BELPICRecord
+{
+ NOCOPY(BELPICBinaryFileRecord)
+public:
+ BELPICBinaryFileRecord(const uint8_t *df, const uint8_t *ef,
+ const char *description) :
+ BELPICRecord(description), mDF(df), mEF(ef) {}
+ virtual ~BELPICBinaryFileRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext) = 0;
+
+protected:
+ const uint8_t *mDF;
+ const uint8_t *mEF;
+};
+
+class BELPICCertificateRecord : public BELPICBinaryFileRecord
+{
+ NOCOPY(BELPICCertificateRecord)
+public:
+ BELPICCertificateRecord(const uint8_t *df, const uint8_t *ef,
+ const char *description) :
+ BELPICBinaryFileRecord(df, ef, description) {}
+ virtual ~BELPICCertificateRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
+};
+
+class BELPICProtectedRecord : public BELPICBinaryFileRecord
+{
+ NOCOPY(BELPICProtectedRecord)
+public:
+ BELPICProtectedRecord(const uint8_t *df, const uint8_t *ef, const char *description) :
+ BELPICBinaryFileRecord(df, ef, description) {}
+ virtual ~BELPICProtectedRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
+ virtual void getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&aclList);
+private:
+ AutoAclEntryInfoList mAclEntries;
+};
+
+
+class BELPICKeyRecord : public BELPICRecord
+{
+ NOCOPY(BELPICKeyRecord)
+public:
+ BELPICKeyRecord(const uint8_t *keyId, const char *description,
+ const Tokend::MetaRecord &metaRecord, bool signOnly);
+ virtual ~BELPICKeyRecord();
+
+ size_t sizeInBits() const { return 1024; }
+ void computeCrypt(BELPICToken &belpicToken, bool sign,
+ const AccessCredentials *cred, const unsigned char *data,
+ size_t dataLength, unsigned char *result, size_t &resultLength);
+
+ void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls);
+
+private:
+ const uint8_t *mKeyId;
+ bool mSignOnly;
+ AutoAclEntryInfoList mAclEntries;
+};
+
+
+#endif /* !_BELPICRECORD_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICSchema.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICSchema.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICSchema.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICSchema.cpp
+ * TokendMuscle
+ */
+
+#include "BELPICSchema.h"
+
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+
+#include <Security/SecCertificate.h>
+#include <Security/SecKeychainItem.h>
+#include <Security/SecKey.h>
+
+using namespace Tokend;
+
+BELPICSchema::BELPICSchema() :
+ mKeyAlgorithmCoder(uint32(CSSM_ALGID_RSA)),
+ mKeySizeCoder(uint32(1024))
+{
+}
+
+BELPICSchema::~BELPICSchema()
+{
+}
+
+Tokend::Relation *BELPICSchema::createKeyRelation(CSSM_DB_RECORDTYPE keyType)
+{
+ Relation *rn = createStandardRelation(keyType);
+
+ // Set up coders for key records.
+ MetaRecord &mr = rn->metaRecord();
+ mr.keyHandleFactory(&mBELPICKeyHandleFactory);
+
+ // Print name of a key might as well be the key name.
+ mr.attributeCoder(kSecKeyPrintName, &mDescriptionCoder);
+
+ // Other key valuess
+ mr.attributeCoder(kSecKeyKeyType, &mKeyAlgorithmCoder);
+ mr.attributeCoder(kSecKeyKeySizeInBits, &mKeySizeCoder);
+ mr.attributeCoder(kSecKeyEffectiveKeySize, &mKeySizeCoder);
+
+ // Key attributes
+ mr.attributeCoder(kSecKeyExtractable, &mFalseCoder);
+ mr.attributeCoder(kSecKeySensitive, &mTrueCoder);
+ mr.attributeCoder(kSecKeyModifiable, &mFalseCoder);
+ mr.attributeCoder(kSecKeyPrivate, &mTrueCoder);
+ mr.attributeCoder(kSecKeyNeverExtractable, &mTrueCoder);
+ mr.attributeCoder(kSecKeyAlwaysSensitive, &mTrueCoder);
+
+ // Key usage
+ mr.attributeCoder(kSecKeyEncrypt, &mFalseCoder);
+ mr.attributeCoder(kSecKeyWrap, &mFalseCoder);
+ mr.attributeCoder(kSecKeyVerify, &mFalseCoder);
+ mr.attributeCoder(kSecKeyDerive, &mFalseCoder);
+ mr.attributeCoder(kSecKeySignRecover, &mFalseCoder);
+ mr.attributeCoder(kSecKeyVerifyRecover, &mFalseCoder);
+
+ return rn;
+}
+
+void BELPICSchema::create()
+{
+ Schema::create();
+
+ createStandardRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+ createKeyRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
+
+ Relation *rn_gen = createStandardRelation(CSSM_DL_DB_RECORD_GENERIC);
+
+ // Create the generic table
+ MetaRecord &mr_gen = rn_gen->metaRecord();
+ mr_gen.attributeCoderForData(&mBELPICDataAttributeCoder);
+
+}
+
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICSchema.h
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICSchema.h (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICSchema.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICSchema.h
+ * TokendMuscle
+ */
+
+#ifndef _BELPICSCHEMA_H_
+#define _BELPICSCHEMA_H_
+
+#include "Schema.h"
+#include "BELPICKeyHandle.h"
+#include "BELPICAttributeCoder.h"
+
+namespace Tokend
+{
+ class Relation;
+ class MetaRecord;
+ class AttributeCoder;
+}
+
+class BELPICSchema : public Tokend::Schema
+{
+ NOCOPY(BELPICSchema)
+public:
+ BELPICSchema();
+ virtual ~BELPICSchema();
+
+ virtual void create();
+
+protected:
+ Tokend::Relation *createKeyRelation(CSSM_DB_RECORDTYPE keyType);
+
+private:
+ // Coders we need.
+ BELPICDataAttributeCoder mBELPICDataAttributeCoder;
+
+ Tokend::ConstAttributeCoder mKeyAlgorithmCoder;
+ Tokend::ConstAttributeCoder mKeySizeCoder;
+
+ BELPICKeyHandleFactory mBELPICKeyHandleFactory;
+};
+
+#endif /* !_BELPICSCHEMA_H_ */
+
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICToken.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICToken.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICToken.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,674 @@
+/*
+ * Copyright (c) 2004,2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICToken.cpp
+ * TokendMuscle
+ */
+
+#include "BELPICToken.h"
+
+#include "Adornment.h"
+#include "AttributeCoder.h"
+#include "BELPICError.h"
+#include "BELPICRecord.h"
+#include "BELPICSchema.h"
+#include <security_cdsa_client/aclclient.h>
+#include <map>
+#include <vector>
+
+using CssmClient::AclFactory;
+
+#define INTER_COMMAND_DELAY 10000 // delay in microseconds between commands
+
+#define OFF_CLA 0
+#define OFF_INS 1
+#define OFF_P1 2
+#define OFF_P2 3
+#define OFF_LC 4
+#define OFF_DATA 5
+
+#define CLA_STANDARD 0x00
+#define INS_SELECT_FILE 0xA4
+#define INS_MANAGE_SECURITY_ENVIRONMENT 0x22
+
+#define P1_SELECT_APPLET 0x04
+#define P2_SELECT_APPLET 0x0C
+
+#define SELECT_APPLET \
+ CLA_STANDARD, INS_SELECT_FILE, P1_SELECT_APPLET, P2_SELECT_APPLET
+
+#define BELPIC_MAX_DATA_SIZE (6*1024L) // plus some extra
+
+//static const unsigned char kBELPICPKCS15Applet[] =
+// { 0xA0, 0x00, 0x00, 0x01, 0x77, 0x50, 0x4B, 0x43, 0x53, 0x2D, 0x31, 0x35 };
+
+static const unsigned char kDF_BELPIC[] = { 0xDF, 0x00 };
+static const unsigned char kDF_ID[] = { 0xDF, 0x01 };
+
+static const unsigned char kEF_DIR[] = { 0x2F, 0x00 };
+
+static const unsigned char kBELPIC_EF_ODF[] = { 0x50, 0x31 };
+static const unsigned char kBELPIC_EF_TokenInfo[] = { 0x50, 0x32 };
+static const unsigned char kBELPIC_EF_AODF[] = { 0x50, 0x34 };
+static const unsigned char kBELPIC_EF_PrKDF[] = { 0x50, 0x35 };
+static const unsigned char kBELPIC_EF_PukDF[] = { 0x50, 0x36 };
+static const unsigned char kBELPIC_EF_CDF[] = { 0x50, 0x37 };
+static const unsigned char kBELPIC_EF_Cert2[] = { 0x50, 0x38 };
+static const unsigned char kBELPIC_EF_Cert3[] = { 0x50, 0x39 };
+static const unsigned char kBELPIC_EF_Cert4[] = { 0x50, 0x3A };
+static const unsigned char kBELPIC_EF_Cert6[] = { 0x50, 0x3B };
+static const unsigned char kBELPIC_EF_Cert8[] = { 0x50, 0x3C };
+
+static const unsigned char kID_EF_ID_RN[] = { 0x40, 0x31 };
+static const unsigned char kID_EF_SGN_RN[] = { 0x40, 0x32 };
+static const unsigned char kID_EF_ID_ADDRESS[] = { 0x40, 0x33 };
+static const unsigned char kID_EF_SGN_ADDRESS[] = { 0x40, 0x34 };
+static const unsigned char kID_EF_ID_PHOTO[] = { 0x40, 0x35 };
+static const unsigned char kID_EF_PuK7_ID[] = { 0x40, 0x38 };
+static const unsigned char kID_EF_Preferences[] = { 0x40, 0x39 };
+
+static const unsigned char kPIN_Cardholder_Id[] = { 0x01 };
+static const unsigned char kPIN_Reset_Id[] = { 0x02 };
+static const unsigned char kPUK_Unblock_Id[] = { 0x03 };
+static const unsigned char kPIN_Activate_Id[] = { 0x84 };
+
+static const unsigned char kPrK1_Id[] = { 0x81 };
+static const unsigned char kPrK2_Id[] = { 0x82 };
+static const unsigned char kPrK3_Id[] = { 0x83 };
+static const unsigned char kPuK5_Id[] = { 0x85 };
+static const unsigned char kPuK7_Id[] = { 0x87 };
+
+
+BELPICToken::BELPICToken() :
+ mCurrentDF(NULL),
+ mCurrentEF(NULL),
+ mReturnedData(NULL),
+ mPinStatus(0)
+{
+ mTokenContext = this;
+ mSession.open();
+}
+
+BELPICToken::~BELPICToken()
+{
+ delete mSchema;
+ delete mReturnedData;
+}
+
+void BELPICToken::select(const uint8_t *df, const uint8_t *ef)
+{
+ unsigned char result[MAX_BUFFER_SIZE];
+ size_t resultLength = sizeof(result);
+ if (isInTransaction() && mCurrentDF == df)
+ {
+ if (mCurrentEF == ef)
+ return;
+
+ uint8_t command[] = { 0x00, 0xA4, 0x02, 0x0C, 0x02, ef[0], ef[1] };
+ BELPICError::check(exchangeAPDU(command, sizeof(command), result,
+ resultLength));
+ mCurrentEF = ef;
+ }
+ else
+ {
+ uint8_t command[] =
+ { 0x00, 0xA4, 0x08, 0x0C, 0x04, df[0], df[1], ef[0], ef[1] };
+ BELPICError::check(exchangeAPDU(command, sizeof(command), result,
+ resultLength));
+ if (isInTransaction())
+ {
+ mCurrentDF = df;
+ mCurrentEF = ef;
+ }
+ }
+}
+
+void BELPICToken::selectKeyForSign(const uint8_t *keyId)
+{
+ bool encrypt = true;
+ uint8_t p1 = (encrypt ? 0x41 : 0x81);
+ // Select signing, algorithm pkcs1 padding and key keyId
+ unsigned char command[] =
+ { 0x00, 0x22, p1, 0xB6, 0x05, 0x04, 0x80, 0x01, 0x84, *keyId };
+ // @@@ This would be the command when letting the card itself to the
+ // DigestInfo wrapping for a SHA1 hash.
+ //unsigned char command[] =
+ // { 0x00, 0x22, p1, 0xB6, 0x05, 0x04, 0x80, 0x02, 0x84, *keyId };
+
+ //if (isInTransaction() && mCurrentKeyId == keyId)
+ // return;
+
+ unsigned char result[MAX_BUFFER_SIZE];
+ size_t resultLength = sizeof(result);
+ BELPICError::check(exchangeAPDU(command, sizeof(command), result,
+ resultLength));
+}
+
+/**
+ * @brief Makes the current process sleep for some microseconds.
+ *
+ * @param[in] iTimeVal Number of microseconds to sleep.
+ */
+int BELPICToken::usleep(int iTimeVal)
+{
+ struct timespec mrqtp;
+ mrqtp.tv_sec = iTimeVal/1000000;
+ mrqtp.tv_nsec = (iTimeVal - (mrqtp.tv_sec * 1000000)) * 1000;
+
+ return nanosleep(&mrqtp, NULL);
+}
+
+#define READ_BLOCK_SIZE 0xF4
+
+/*
+ A full transaction for the readBinary command seems to be the following:
+
+ - Select the appropriate file [ref INS_SELECT_FILE]
+ - Issue read binary command (0xB0) for READ_BLOCK_SIZE (0xF4) bytes
+ - usually, it will come back with a response of "6C xx", where xx is the
+ actual number of bytes available
+ - Issue a new read binary command with correct size
+
+*/
+
+/*
+ See NIST IR 6887, 5.1.1.2 Read Binary APDU
+
+ Function Code 0x02
+
+ CLA 0x00
+ INS 0xB0
+ P1 High-order byte of 2-byte offset
+ P2 Low-order byte of 2-byte offset
+ Lc Empty
+ Data Field Empty
+ Le Number of bytes to read
+
+
+ Processing State returned in the Response Message
+
+ SW1 SW2 Meaning
+ --- --- -----------------------------------------------------
+ 62 81 Part of returned data may be corrupted
+ 62 82 End of file reached before reading Le bytes
+ 67 00 Wrong length (wrong Le field)
+ 69 81 Command incompatible with file structure
+ 69 82 Security status not satisfied
+ 69 86 Command not allowed (no current EF)
+ 6A 81 Function not supported
+ 6A 82 File not found
+ 6B 00 Wrong parameters (offset outside the EF)
+ 6C XX Wrong length (wrong Le field; XX indicates the exact length)
+ 90 00 Successful execution
+
+ Non-fatal errors:
+ 62 82 End of file reached before reading Le bytes
+ 6B 00 Wrong parameters (offset outside the EF)
+ 6C XX Wrong length (wrong Le field; XX indicates the exact length)
+ 90 00 Successful execution
+*/
+
+void BELPICToken::readBinary(uint8_t *result, size_t &resultLength)
+{
+ // Attempt to read READ_BLOCK_SIZE bytes
+
+ unsigned char rcvBuffer[MAX_BUFFER_SIZE]; // N.B. Must be > READ_BLOCK_SIZE
+ size_t bytesReceived = sizeof(rcvBuffer);
+ size_t returnedDataLength = 0;
+
+ // The initial "Read Binary" command, with offset 0 and length READ_BLOCK_SIZE
+ unsigned char apdu[] = { 0x00, 0xB0, 0x00, 0x00, READ_BLOCK_SIZE };
+ size_t apduSize = sizeof(apdu);
+
+ // Talk to token here to get data
+ {
+ PCSC::Transaction _(*this);
+
+ uint16_t rx;
+ uint32_t offset = 0;
+ bool requestedTooMuch = false;
+
+ for (bool done = false; !done; )
+ {
+ bytesReceived = sizeof(rcvBuffer); // must reset each time
+ secdebug("token", "readBinary: attempting read of %d bytes at offset: %d",
+ apdu[OFF_LC], (apdu[OFF_P1] << 8 | apdu[OFF_P2]));
+ transmit(apdu, apduSize, rcvBuffer, bytesReceived);
+ if (bytesReceived < 2)
+ break;
+ rx = (rcvBuffer[bytesReceived - 2] << 8) + rcvBuffer[bytesReceived - 1];
+ secdebug("tokend", "readBinary result 0x%02X (masked: 0x%02X)", rx, rx & 0xFF00);
+
+ switch (rx & 0xFF00)
+ {
+ case SCARD_BYTES_LEFT_IN_SW2: // 0x6100
+ case SCARD_LE_IN_SW2: // 0x6C00
+ secdebug("token", "readBinary should only have read: %d bytes", rx & 0x00FF);
+ // Re-read from same offset with new, shorter length
+ apdu[OFF_LC] = (uint8_t)(rx & 0xFF);
+ requestedTooMuch = true; // signal that we are almost done
+ break;
+ case SCARD_WRONG_PARAMETER_P1_P2: // we read past the end, (probably) non-fatal
+ done = true;
+ break;
+ case SCARD_SUCCESS:
+ offset += (bytesReceived - 2);
+ apdu[OFF_P1] = offset >> 8;
+ apdu[OFF_P2] = offset & 0xFF;
+ apdu[OFF_LC] = READ_BLOCK_SIZE & 0xFF;
+ if (requestedTooMuch)
+ done = true;
+ if (resultLength >= (returnedDataLength + bytesReceived - 2))
+ {
+ memcpy(result + returnedDataLength, rcvBuffer, bytesReceived - 2);
+ returnedDataLength += bytesReceived - 2;
+ }
+ else
+ done = true;
+ break;
+ case SCARD_EXECUTION_WARNING: // No way to recover from SCARD_END_OF_FILE_REACHED, so fall through
+ default:
+ BELPICError::check(rx);
+ return; // will actually throw above
+ }
+
+ }
+ }
+
+ secdebug("token", "readBinary read a total of %ld bytes", returnedDataLength);
+ resultLength = returnedDataLength;
+}
+
+uint32_t BELPICToken::exchangeAPDU(const uint8_t *apdu, size_t apduLength,
+ uint8_t *result, size_t &resultLength)
+{
+ // see SCARD_LE_IN_SW2
+
+ size_t savedLength = resultLength;
+
+ transmit(apdu, apduLength, result, resultLength);
+ if (resultLength == 2 && result[0] == 0x61) // || result[0] == 0x6C)
+ {
+ resultLength = savedLength;
+ uint8 expectedLength = result[1];
+ unsigned char getResult[] = { 0x00, 0xC0, 0x00, 0x00, expectedLength };
+ BELPICToken::usleep(INTER_COMMAND_DELAY);
+ transmit(getResult, sizeof(getResult), result, resultLength);
+ if (resultLength - 2 != expectedLength)
+ {
+ if (resultLength < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ else
+ BELPICError::throwMe((result[resultLength - 2] << 8)
+ + result[resultLength - 1]);
+ }
+ }
+
+ if (resultLength < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ return (result[resultLength - 2] << 8) + result[resultLength - 1];
+}
+
+void BELPICToken::didDisconnect()
+{
+ PCSC::Card::didDisconnect();
+ mCurrentDF = NULL;
+ mCurrentEF = NULL;
+ mPinStatus = 0;
+}
+
+void BELPICToken::didEnd()
+{
+ PCSC::Card::didEnd();
+ mCurrentDF = NULL;
+ mCurrentEF = NULL;
+ mPinStatus = 0;
+}
+
+uint8_t BELPICToken::pinDigit(uint8_t digit)
+{
+ if ('0' <= digit && digit <= '9')
+ return digit - '0';
+ else if ('A' <= digit && digit <= 'F')
+ return digit - 'A' + 0x10;
+ else if ('a' <= digit && digit <= 'f')
+ return digit - 'a' + 0x10;
+ else
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+}
+
+void BELPICToken::changePIN(int pinNum,
+ const unsigned char *oldPin, size_t oldPinLength,
+ const unsigned char *newPin, size_t newPinLength)
+{
+ if (pinNum != 1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ if (oldPinLength < 0 ||
+ oldPinLength > BELPIC_MAX_PIN_LEN ||
+ newPinLength < BELPIC_MIN_PIN_LEN ||
+ newPinLength > BELPIC_MAX_PIN_LEN)
+ {
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+ }
+
+ PCSC::Transaction _(*this);
+ uint8_t apdu[] =
+ { 0x00, 0x24, 0x00, uint8_t(pinNum), 0x10,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ };
+
+ uint32_t offset = 5;
+
+ apdu[offset++] = 0x20 + oldPinLength;
+ for (uint32_t ix = 0; ix < oldPinLength;ix+=2)
+ {
+ apdu[offset++] = (pinDigit(oldPin[ix]) << 4) +
+ ((ix+1) < oldPinLength ? pinDigit(oldPin[ix+1]) : pinDigit('F'));
+ }
+
+ offset = 5 + 8;
+ apdu[offset++] = 0x20 + newPinLength;
+ for (uint32_t ix = 0; ix < newPinLength;ix+=2)
+ {
+ apdu[offset++] = (pinDigit(newPin[ix]) << 4) +
+ ((ix+1) < newPinLength ? pinDigit(newPin[ix+1]) : pinDigit('F'));
+ }
+
+ unsigned char result[MAX_BUFFER_SIZE];
+ size_t resultLength = sizeof(result);
+ mPinStatus = exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
+ memset(apdu + 5, 0, 16);
+ BELPICError::check(mPinStatus);
+}
+
+uint32_t BELPICToken::pinStatus(int pinNum)
+{
+ if (pinNum != 1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+#if 0
+ if (mPinStatus && isInTransaction())
+ return mPinStatus;
+
+ // Always checks PIN1
+ PCSC::Transaction _(*this);
+
+ unsigned char result[2];
+ size_t resultLength = sizeof(result);
+ unsigned char apdu[] = { 0x00, 0x20, 0x00, *kPIN_Cardholder_Id };
+
+ mPinStatus = exchangeAPDU(apdu, 4, result, resultLength);
+ if ((mPinStatus & 0xFF00) != 0x6300
+ && mPinStatus != SCARD_AUTHENTICATION_BLOCKED)
+ BELPICError::check(mPinStatus);
+#endif
+
+ return mPinStatus;
+}
+
+void BELPICToken::verifyPIN(int pinNum, const uint8_t *pin, size_t pinLength)
+{
+ _verifyPIN(pinNum, pin, pinLength);
+ // Start a new transaction which we never get rid of until someone calls
+ // unverifyPIN()
+ begin();
+}
+
+void BELPICToken::_verifyPIN(int pinNum, const uint8_t *pin, size_t pinLength)
+{
+ if (pinNum < 1 || pinNum > 3)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ if (pinLength < BELPIC_MIN_PIN_LEN || pinLength > BELPIC_MAX_PIN_LEN)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+
+ PCSC::Transaction _(*this);
+#ifdef USE_BUILTIN_PIN
+ uint8_t apdu[] =
+ { 0x00, 0x20, 0x00, 0x01, 0x08, 0x24,
+ 0x12, 0x34, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
+#else
+ uint8_t apdu[] =
+ { 0x00, 0x20, 0x00, uint8_t(pinNum), 0x08,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
+
+ uint32_t offset = 5;
+
+ apdu[offset++] = 0x20 + pinLength;
+ for (uint32_t ix = 0; ix < pinLength;ix+=2)
+ {
+ apdu[offset++] = (pinDigit(pin[ix]) << 4) +
+ ((ix+1) < pinLength ? pinDigit(pin[ix+1]) : pinDigit('F'));
+ }
+#endif
+
+ unsigned char result[MAX_BUFFER_SIZE];
+ size_t resultLength = sizeof(result);
+ mPinStatus = exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
+ memset(apdu + 5, 0, 8);
+ BELPICError::check(mPinStatus);
+ // Start a new transaction which we never get rid of until someone calls
+ // unverifyPIN()
+ // begin();
+}
+
+void BELPICToken::unverifyPIN(int pinNum)
+{
+ if (pinNum != -1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ end(SCARD_RESET_CARD);
+}
+
+uint32 BELPICToken::probe(SecTokendProbeFlags flags,
+ char tokenUid[TOKEND_MAX_UID])
+{
+// uint32 score = Tokend::ISO7816Token::probe(flags, tokenUid);
+//SCARD_PROTOCOL_T0
+ const SCARD_READERSTATE &readerState = *(*startupReaderInfo)();
+ connect(mSession, readerState.szReader, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0);
+ uint32 score = 0;
+ //flags = 2;//share pcsc
+ bool doDisconnect = false; /*!(flags & kSecTokendProbeKeepToken); */
+
+ try
+ {
+ unsigned char result[MAX_BUFFER_SIZE];
+ size_t resultLength = sizeof(result);
+
+ {
+ PCSC::Transaction _(*this);
+ select(kDF_BELPIC, kBELPIC_EF_TokenInfo);
+ readBinary(result, resultLength);
+ }
+
+ if (resultLength < 0x29 || memcmp(result + 0x19, "BELPIC", 6))
+ doDisconnect = true;
+ else
+ {
+ // If the length is not an exact match only return a score of 100
+ score = (resultLength == 0x29) ? 200 : 100;
+ // @@@ If the ATR matches one of the built in BELPIC ATR's we
+ // should probably return an even better score.
+
+ // Setup the tokendUID
+ memcpy(tokenUid, "BELPIC-", 7);
+ uint32_t offset = 7;
+ // Now stick in the chip serial # as hex bytes.
+ for (uint32_t ix = 0x07; ix < 0x17; ++ix)
+ {
+ sprintf(tokenUid + offset, "%02X", result[ix]);
+ offset += 2;
+ }
+ assert(TOKEND_MAX_UID > offset);
+ memset(tokenUid + offset, 0, TOKEND_MAX_UID - offset);
+ Tokend::ISO7816Token::name(tokenUid);
+ secdebug("probe", "recognized %s", tokenUid);
+ }
+ }
+ catch (...)
+ {
+ doDisconnect = true;
+ score = 0;
+ }
+
+ if (doDisconnect)
+ disconnect();
+
+ return score;
+}
+
+void BELPICToken::establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX])
+{
+ Tokend::ISO7816Token::establish(guid, subserviceId, flags,
+ cacheDirectory, workDirectory, mdsDirectory, printName);
+
+ mSchema = new BELPICSchema();
+ mSchema->create();
+
+ populate();
+}
+
+//
+// Database-level ACLs
+//
+void BELPICToken::getOwner(AclOwnerPrototype &owner)
+{
+ // we don't really know (right now), so claim we're owned by PIN #0
+ if (!mAclOwner) {
+ mAclOwner.allocator(Allocator::standard());
+ mAclOwner = AclFactory::PinSubject(Allocator::standard(), 0);
+ }
+ owner = mAclOwner;
+}
+
+
+void BELPICToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ Allocator &alloc = Allocator::standard();
+
+ if (unsigned pin = pinFromAclTag(tag, "?")) {
+ static AutoAclEntryInfoList acl;
+ acl.clear();
+ acl.allocator(alloc);
+ uint32_t status = this->pinStatus(pin);
+ if (status == SCARD_SUCCESS)
+ acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED);
+ else
+ acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN);
+ count = acl.size();
+ acls = acl.entries();
+ return;
+ }
+
+ // get pin list, then for each pin
+ if (!mAclEntries)
+ {
+ mAclEntries.allocator(alloc);
+ // Anyone can read the attributes and data of any record on this token
+ // (it's further limited by the object itself).
+ mAclEntries.add(CssmClient::AclFactory::AnySubject(
+ mAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ // We support PIN1 with either a passed in password
+ // subject or a prompted password subject.
+ mAclEntries.addPin(AclFactory::PWSubject(alloc), 1);
+ mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), 1);
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+
+#pragma mark ---------------- BELPIC Specific --------------
+
+void BELPICToken::populate()
+{
+ secdebug("populate", "BELPICToken::populate() begin");
+ Tokend::Relation &certRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+ Tokend::Relation &privateKeyRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
+ Tokend::Relation &dataRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_GENERIC);
+
+ RefPointer<Tokend::Record> cert2(new BELPICCertificateRecord(kDF_BELPIC,
+ kBELPIC_EF_Cert2, "Cert #2 (authentication)"));
+ RefPointer<Tokend::Record> cert3(new BELPICCertificateRecord(kDF_BELPIC,
+ kBELPIC_EF_Cert3, "Cert #3 (signature)"));
+ RefPointer<Tokend::Record> cert4(new BELPICCertificateRecord(kDF_BELPIC,
+ kBELPIC_EF_Cert4, "Cert #4 (CA)"));
+ RefPointer<Tokend::Record> cert6(new BELPICCertificateRecord(kDF_BELPIC,
+ kBELPIC_EF_Cert6, "Cert #6 (root)"));
+ /* Zetes: RRN cert is not relevant here */
+ /* RefPointer<Tokend::Record> cert8(new BELPICCertificateRecord(kDF_BELPIC,
+ kBELPIC_EF_Cert8, "Cert #8 (RN)"));
+ */
+ certRelation.insertRecord(cert2);
+ certRelation.insertRecord(cert3);
+ certRelation.insertRecord(cert4);
+ certRelation.insertRecord(cert6);
+ /* Zetes: RRN cert is not relevant here */
+ /*
+ certRelation.insertRecord(cert8);
+ */
+
+ /* Zetes: better names for the private keys */
+ RefPointer<Tokend::Record> key2(new BELPICKeyRecord(kPrK2_Id,
+ "Authentication key", privateKeyRelation.metaRecord(), true));
+ RefPointer<Tokend::Record> key3(new BELPICKeyRecord(kPrK3_Id,
+ "Signature key", privateKeyRelation.metaRecord(), true));
+
+ privateKeyRelation.insertRecord(key2);
+ privateKeyRelation.insertRecord(key3);
+
+ key2->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(cert2));
+ key3->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(cert3));
+
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
+ kID_EF_ID_RN, "ID#RN"));
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
+ kID_EF_SGN_RN, "SGN#RN"));
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
+ kID_EF_ID_ADDRESS, "ID#Address"));
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
+ kID_EF_SGN_ADDRESS, "SGN#Address"));
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
+ kID_EF_ID_PHOTO, "ID#Photo"));
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
+ kID_EF_PuK7_ID, "PuK#7 ID (CA role ID)"));
+ dataRelation.insertRecord(new BELPICProtectedRecord(kDF_ID,
+ kID_EF_Preferences, "Preferences"));
+
+ secdebug("populate", "BELPICToken::populate() end");
+}
+
Added: releases/Apple/OSX-10.6.7/BELPIC/BELPICToken.h
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/BELPICToken.h (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/BELPICToken.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * BELPICToken.h
+ * TokendMuscle
+ */
+
+#ifndef _BELPICTOKEN_H_
+#define _BELPICTOKEN_H_
+
+#include <Token.h>
+
+#include <security_utilities/pcsc++.h>
+
+#define BELPIC_MIN_PIN_LEN 4
+#define BELPIC_MAX_PIN_LEN 12
+
+class BELPICSchema;
+
+//
+// "The" token
+//
+class BELPICToken : public Tokend::ISO7816Token
+{
+ NOCOPY(BELPICToken)
+public:
+ BELPICToken();
+ ~BELPICToken();
+
+ virtual void didDisconnect();
+ virtual void didEnd();
+
+ virtual uint32 probe(SecTokendProbeFlags flags,
+ char tokenUid[TOKEND_MAX_UID]);
+ virtual void establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX]);
+ virtual void getOwner(AclOwnerPrototype &owner);
+ virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls);
+
+ virtual void changePIN(int pinNum,
+ const unsigned char *oldPin, size_t oldPinLength,
+ const unsigned char *newPin, size_t newPinLength);
+ virtual uint32_t pinStatus(int pinNum);
+ virtual void verifyPIN(int pinNum, const unsigned char *pin, size_t pinLength);
+ void _verifyPIN(int pinNum, const unsigned char *pin, size_t pinLength);
+ virtual void unverifyPIN(int pinNum);
+
+ void select(const uint8_t *df, const uint8_t *ef);
+ void selectKeyForSign(const uint8_t *keyId);
+ void readBinary(uint8_t *result, size_t &resultLength);
+ uint32_t exchangeAPDU(const uint8_t *apdu, size_t apduLength,
+ uint8_t *result, size_t &resultLength);
+
+ static int usleep(int iTimeVal);
+
+protected:
+ uint8_t pinDigit(uint8_t digit);
+ void populate();
+
+public:
+ const uint8_t *mCurrentDF;
+ const uint8_t *mCurrentEF;
+ unsigned char *mReturnedData;
+ uint32_t mPinStatus;
+
+ // temporary ACL cache hack - to be removed
+ AutoAclOwnerPrototype mAclOwner;
+ AutoAclEntryInfoList mAclEntries;
+};
+
+
+#endif /* !_BELPICTOKEN_H_ */
+
Added: releases/Apple/OSX-10.6.7/BELPIC/Info.plist
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/Info.plist (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/Info.plist 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleExecutable</key>
+ <string>BELPIC</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.tokend.belpic</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundleName</key>
+ <string>BELPIC</string>
+ <key>CFBundlePackageType</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>2.2.1</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleVersion</key>
+ <string>40596</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/BELPIC/belpic.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/belpic.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/belpic.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * belpic.cpp - BELPIC.tokend main program
+ */
+
+#include "BELPICToken.h"
+
+int main(int argc, const char *argv[])
+{
+ secdebug("BELPIC.tokend", "main starting with %d arguments", argc);
+ secdelay((char *)"/tmp/delay/BELPIC");
+
+ token = new BELPICToken();
+ return SecTokendMain(argc, argv, token->callbacks(), token->support());
+}
+
Added: releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_capabilities.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_capabilities.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_capabilities.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>Capabilities</key>
+ <string>file:belpic_csp_capabilities_common.mds</string>
+ <key>MdsFileDescription</key>
+ <string>BELPIC Token CSPDL CSP Capabilities</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_capabilities_common.mds
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_capabilities_common.mds (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_capabilities_common.mds 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,903 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<array>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>SHA1 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD5 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD2 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>64</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>192</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>3DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC2 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC4 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC5 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_CAST</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>New item</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>CAST Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_BLOWFISH</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>Blowfish Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>SHA1HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>MD5HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>128</integer>
+ <integer>192</integer>
+ <integer>256</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>AES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ASC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>ASC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>31</integer>
+ <integer>127</integer>
+ <integer>128</integer>
+ <integer>161</integer>
+ <integer>192</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>FEE Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 MD5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 MD2 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 SHA1 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>DES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY_EDE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>3DES EDE Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>AES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>0</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC4 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC5 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_BLOWFISH</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>Blowfish Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_CAST</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>CAST Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>RSA Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEEDEXP</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEEDExp Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEED</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEED Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD2 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC_LEGACY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC Legacy</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_APPLE_YARROW</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_RANDOMGEN</string>
+ <key>Description</key>
+ <string>Yarrow PRNG</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+</array>
+</plist>
Added: releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_primary.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_primary.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_csp_primary.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>AuthTags</key>
+ <!-- @@@ complete this -->
+ <array>
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>CspCustomFlags</key>
+ <integer>0</integer>
+ <key>CspFlags</key>
+ <!-- @@@ dynamic -->
+ <string>CSSM_CSP_STORES_PRIVATE_KEYS | CSSM_CSP_STORES_PUBLIC_KEYS | CSSM_CSP_STORES_CERTIFICATES | CSSM_CSP_STORES_GENERIC</string>
+ <key>CspType</key>
+ <string>CSSM_CSP_HARDWARE</string>
+ <key>MdsFileDescription</key>
+ <string>Token CSPDL CSP Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE</string>
+ <key>ModuleName</key>
+ <string>AppleSDCSPDL</string>
+ <key>ProductVersion</key>
+ <string>0.1</string>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>UseeTags</key>
+ <array/>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_dl_primary.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_dl_primary.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_dl_primary.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>AuthTags</key>
+ <array>
+ <!-- @@@ complete this -->
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>ConjunctiveOps</key>
+ <array>
+ <string>CSSM_DB_NONE</string>
+ <string>CSSM_DB_AND</string>
+ <string>CSSM_DB_OR</string>
+ </array>
+ <key>DLType</key>
+ <string>CSSM_DL_FFS</string>
+ <key>MdsFileDescription</key>
+ <string>Token CSPDL DL Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_DL_PRIMARY_RECORDTYPE</string>
+ <key>ModuleName</key>
+ <string>AppleSDCSPDL</string>
+ <key>ProductVersion</key>
+ <string>0.1</string>
+ <key>QueryLimitsFlag</key>
+ <integer>0</integer>
+ <key>RelationalOps</key>
+ <array>
+ <string>CSSM_DB_EQUAL</string>
+ <string>CSSM_DB_LESS_THAN</string>
+ <string>CSSM_DB_GREATER_THAN</string>
+ <string>CSSM_DB_CONTAINS_FINAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS_INITIAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS</string>
+ <string></string>
+ </array>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_smartcard.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_smartcard.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/BELPIC/mds/belpic_smartcard.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>MdsFileDescription</key>
+ <string>SD/CSPDL Generic Smartcard Information</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>ScVendor</key>
+ <string>Generic</string>
+ <key>ScVersion</key>
+ <string>unknown</string>
+ <key>ScFirmwareVersion</key>
+ <string>BELPICViewerPlugin</string>
+ <key>ScFlags</key> <!-- @@@ dynamic -->
+ <integer>0</integer>
+ <key>ScCustomFlags</key>
+ <integer>0</integer>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/CAC/CACAttributeCoder.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACAttributeCoder.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACAttributeCoder.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACAttributeCoder.cpp
+ * TokendMuscle
+ */
+
+#include "CACAttributeCoder.h"
+
+#include "Adornment.h"
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include "CACRecord.h"
+#include "CACToken.h"
+
+#include <Security/SecKeychainItem.h>
+#include <security_cdsa_utilities/cssmkey.h>
+
+using namespace Tokend;
+
+
+//
+// CACDataAttributeCoder
+//
+CACDataAttributeCoder::~CACDataAttributeCoder()
+{
+}
+
+void CACDataAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ CACRecord &cacRecord = dynamic_cast<CACRecord &>(record);
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ cacRecord.getDataAttribute(tokenContext));
+}
+
Added: releases/Apple/OSX-10.6.7/CAC/CACAttributeCoder.h
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACAttributeCoder.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACAttributeCoder.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACAttributeCoder.h
+ * TokendMuscle
+ */
+
+#ifndef _CACATTRIBUTECODER_H_
+#define _CACATTRIBUTECODER_H_
+
+#include "AttributeCoder.h"
+#include <string>
+
+#include <PCSC/musclecard.h>
+
+
+//
+// A coder that reads the data of an object
+//
+class CACDataAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(CACDataAttributeCoder)
+public:
+
+ CACDataAttributeCoder() {}
+ virtual ~CACDataAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+
+#endif /* !_CACATTRIBUTECODER_H_ */
+
Added: releases/Apple/OSX-10.6.7/CAC/CACError.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACError.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACError.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACError.cpp
+ * TokendMuscle
+ */
+
+#include "CACError.h"
+
+#include <Security/cssmerr.h>
+
+//
+// CACError exceptions
+//
+CACError::CACError(uint16_t sw) : SCardError(sw)
+{
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+ IFDEBUG(debugDiagnose(this));
+#else
+ SECURITY_EXCEPTION_THROW_OTHER(this, sw, (char *)"CAC");
+#endif
+}
+
+CACError::~CACError() throw ()
+{
+}
+
+const char *CACError::what() const throw ()
+{ return "CAC error"; }
+
+OSStatus CACError::osStatus() const
+{
+ switch (statusWord)
+ {
+ case CAC_AUTHENTICATION_FAILED_0:
+ case CAC_AUTHENTICATION_FAILED_1:
+ case CAC_AUTHENTICATION_FAILED_2:
+ case CAC_AUTHENTICATION_FAILED_3:
+ return CSSM_ERRCODE_OPERATION_AUTH_DENIED;
+ default:
+ return SCardError::osStatus();
+ }
+}
+
+void CACError::throwMe(uint16_t sw)
+{ throw CACError(sw); }
+
+#if !defined(NDEBUG)
+
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
+void CACError::debugDiagnose(const void *id) const
+{
+ secdebug("exception", "%p CACError %s (%04hX)",
+ id, errorstr(statusWord), statusWord);
+}
+
+#endif // MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
+const char *CACError::errorstr(uint16_t sw) const
+{
+ switch (sw)
+ {
+ case CAC_AUTHENTICATION_FAILED_0:
+ return "Authentication failed, 0 retries left.";
+ case CAC_AUTHENTICATION_FAILED_1:
+ return "Authentication failed, 1 retry left.";
+ case CAC_AUTHENTICATION_FAILED_2:
+ return "Authentication failed, 2 retries left.";
+ case CAC_AUTHENTICATION_FAILED_3:
+ return "Authentication failed, 3 retries left.";
+ default:
+ return SCardError::errorstr(sw);
+ }
+}
+
+#endif //NDEBUG
+
Added: releases/Apple/OSX-10.6.7/CAC/CACError.h
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACError.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACError.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACError.h
+ * TokendMuscle
+ */
+
+#ifndef _CACERROR_H_
+#define _CACERROR_H_
+
+#include "SCardError.h"
+
+/** Entered PIN is not correct and pin was blocked. */
+#define CAC_AUTHENTICATION_FAILED_0 0x6300
+/** Entered PIN is not correct, 1 try left. */
+#define CAC_AUTHENTICATION_FAILED_1 0x6301
+/** Entered PIN is not correct, 2 tries left. */
+#define CAC_AUTHENTICATION_FAILED_2 0x6302
+/** Entered PIN is not correct, 3 tries left. */
+#define CAC_AUTHENTICATION_FAILED_3 0x6303
+
+class CACError : public Tokend::SCardError
+{
+protected:
+ CACError(uint16_t sw);
+ virtual ~CACError() throw ();
+public:
+ OSStatus osStatus() const;
+ virtual const char *what () const throw ();
+
+ static void check(uint16_t sw) { if (sw != SCARD_SUCCESS) throwMe(sw); }
+ static void throwMe(uint16_t sw) __attribute__((noreturn));
+
+protected:
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+ IFDEBUG(void debugDiagnose(const void *id) const;)
+#endif
+ IFDEBUG(const char *errorstr(uint16_t sw) const;)
+};
+
+#endif /* !_CACERROR_H_ */
+
Added: releases/Apple/OSX-10.6.7/CAC/CACKeyHandle.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACKeyHandle.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACKeyHandle.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,310 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACKeyHandle.cpp
+ * TokendMuscle
+ */
+
+#include "CACKeyHandle.h"
+
+#include "CACRecord.h"
+#include "CACToken.h"
+
+#include <security_utilities/debugging.h>
+#include <security_utilities/utilities.h>
+#include <security_cdsa_utilities/cssmerrors.h>
+#include <Security/cssmerr.h>
+
+
+//
+// CACKeyHandle
+//
+CACKeyHandle::CACKeyHandle(CACToken &cacToken,
+ const Tokend::MetaRecord &metaRecord, CACKeyRecord &cacKey) :
+ Tokend::KeyHandle(metaRecord, &cacKey),
+ mToken(cacToken),
+ mKey(cacKey)
+{
+}
+
+CACKeyHandle::~CACKeyHandle()
+{
+}
+
+void CACKeyHandle::getKeySize(CSSM_KEY_SIZE &keySize)
+{
+ secdebug("crypto", "getKeySize");
+ keySize.LogicalKeySizeInBits = mKey.sizeInBits(); // Logical key size in bits
+ keySize.EffectiveKeySizeInBits = mKey.sizeInBits(); // Effective key size in bits
+}
+
+uint32 CACKeyHandle::getOutputSize(const Context &context, uint32 inputSize,
+ bool encrypting)
+{
+ secdebug("crypto", "getOutputSize");
+ if (encrypting)
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ return inputSize; //accurate for crypto used on CAC cards
+}
+
+static const unsigned char sha1sigheader[] =
+{
+ 0x30, // SEQUENCE
+ 0x21, // LENGTH
+ 0x30, // SEQUENCE
+ 0x09, // LENGTH
+ 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1a, // SHA1 OID (1 4 14 3 2 26)
+ 0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
+ 0x04, 0x14 // OCTECT STRING (20 bytes)
+};
+
+static const unsigned char md5sigheader[] =
+{
+ 0x30, // SEQUENCE
+ 0x20, // LENGTH
+ 0x30, // SEQUENCE
+ 0x0C, // LENGTH
+ // MD5 OID (1 2 840 113549 2 5)
+ 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
+ 0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
+ 0x04, 0x10 // OCTECT STRING (16 bytes)
+};
+
+void CACKeyHandle::generateSignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, CssmData &signature)
+{
+ secdebug("crypto", "generateSignature alg: %u signOnly: %u",
+ context.algorithm(), signOnly);
+ IFDUMPING("crypto", context.dump("signature context"));
+
+ if (context.type() != CSSM_ALGCLASS_SIGNATURE)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+
+ if (context.algorithm() != CSSM_ALGID_RSA)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+
+ // Find out if we are doing a SHA1 or MD5 signature and setup header to
+ // point to the right asn1 blob.
+ const unsigned char *header;
+ size_t headerLength;
+ if (signOnly == CSSM_ALGID_SHA1)
+ {
+ if (input.Length != 20)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ header = sha1sigheader;
+ headerLength = sizeof(sha1sigheader);
+ }
+ else if (signOnly == CSSM_ALGID_MD5)
+ {
+ if (input.Length != 16)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ header = md5sigheader;
+ headerLength = sizeof(md5sigheader);
+ }
+ else if (signOnly == CSSM_ALGID_NONE)
+ {
+ // Special case used by SSL it's an RSA signature, without the ASN1
+ // stuff
+ header = NULL;
+ headerLength = 0;
+ }
+ else
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DIGEST_ALGORITHM);
+
+ // Create an input buffer in which we construct the data we will send to
+ // the token.
+ size_t inputDataSize = headerLength + input.Length;
+ size_t keyLength = mKey.sizeInBits() / 8;
+ auto_array<unsigned char> inputData(keyLength);
+ unsigned char *to = inputData.get();
+
+ // Get padding, but default to pkcs1 style padding
+ uint32 padding = CSSM_PADDING_PKCS1;
+ context.getInt(CSSM_ATTRIBUTE_PADDING, padding);
+
+ if (padding == CSSM_PADDING_PKCS1)
+ {
+ // Add PKCS1 style padding
+ *(to++) = 0;
+ *(to++) = 1; /* Private Key Block Type. */
+ size_t padLength = keyLength - 3 - inputDataSize;
+ memset(to, 0xff, padLength);
+ to += padLength;
+ *(to++) = 0;
+ inputDataSize = keyLength;
+ }
+ else if (padding == CSSM_PADDING_NONE)
+ {
+ // Token will fail if the input data isn't exactly keysize / 8 octects
+ // long
+ }
+ else
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+
+ // Now copy the ASN1 header into the input buffer.
+ // This header is the DER encoding of
+ // DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier,
+ // digest OCTET STRING }
+ // Where AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER,
+ // parameters OPTIONAL ANY }
+ if (headerLength)
+ {
+ memcpy(to, header, headerLength);
+ to += headerLength;
+ }
+
+ // Finally copy the passed in data to the input buffer.
+ memcpy(to, input.Data, input.Length);
+
+ // @@@ Switch to using tokend allocators
+ unsigned char *outputData =
+ reinterpret_cast<unsigned char *>(malloc(keyLength));
+ size_t outputLength = keyLength;
+ try
+ {
+ // Sign the inputData using the token
+ mKey.computeCrypt(mToken, true, inputData.get(), inputDataSize,
+ outputData, outputLength);
+ }
+ catch (...)
+ {
+ // @@@ Switch to using tokend allocators
+ free(outputData);
+ throw;
+ }
+
+ signature.Data = outputData;
+ signature.Length = outputLength;
+}
+
+void CACKeyHandle::verifySignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, const CssmData &signature)
+{
+ secdebug("crypto", "verifySignature");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void CACKeyHandle::generateMac(const Context &context,
+ const CssmData &input, CssmData &output)
+{
+ secdebug("crypto", "generateMac");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void CACKeyHandle::verifyMac(const Context &context,
+ const CssmData &input, const CssmData &compare)
+{
+ secdebug("crypto", "verifyMac");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void CACKeyHandle::encrypt(const Context &context,
+ const CssmData &clear, CssmData &cipher)
+{
+ secdebug("crypto", "encrypt");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void CACKeyHandle::decrypt(const Context &context,
+ const CssmData &cipher, CssmData &clear)
+{
+ secdebug("crypto", "decrypt alg: %u", context.algorithm());
+ IFDUMPING("crypto", context.dump("decrypt context"));
+
+ if (context.type() != CSSM_ALGCLASS_ASYMMETRIC)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+
+ if (context.algorithm() != CSSM_ALGID_RSA)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+
+ size_t keyLength = mKey.sizeInBits() / 8;
+ if (cipher.length() % keyLength != 0)
+ CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR);
+
+ // @@@ Add support for multiples of keyLength by doing multiple blocks
+ if (cipher.length() != keyLength)
+ CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR);
+
+ // @@@ Use a secure allocator for this.
+ auto_array<uint8> outputData(keyLength);
+ uint8 *output = outputData.get();
+ size_t outputLength = keyLength;
+
+ secdebug("crypto", "decrypt: card supports RSA_NOPAD");
+ // Decrypt the inputData using the token
+ mKey.computeCrypt(mToken, false, cipher.Data, cipher.Length, output,
+ outputLength);
+
+ // Now check for proper pkcs1 type 2 padding and remove it.
+ if (outputLength != keyLength || *(output++) != 0 || *(output++) != 2)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DATA);
+
+ /* Skip over padding data */
+ // We already skiped the 00 02 at the start of the block.
+ outputLength -= 2;
+ size_t padSize;
+ for (padSize = 0; padSize < outputLength; ++padSize)
+ if (*(output++) == 0) break;
+
+ if (padSize == outputLength || padSize < 8)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DATA);
+
+ /* Don't count the 00 at the end of the padding. */
+ outputLength -= padSize + 1;
+
+ // @@@ Switch to using tokend allocators
+ clear.Data = reinterpret_cast<uint8 *>(malloc(outputLength));
+ // Finally copy the result into the clear buffer and set the length.
+ memcpy(clear.Data, output, outputLength);
+ clear.Length = outputLength;
+}
+
+void CACKeyHandle::exportKey(const Context &context,
+ const AccessCredentials *cred, CssmKey &wrappedKey)
+{
+ secdebug("crypto", "exportKey");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+
+//
+// CACKeyHandleFactory
+//
+CACKeyHandleFactory::~CACKeyHandleFactory()
+{
+}
+
+
+Tokend::KeyHandle *CACKeyHandleFactory::keyHandle(
+ Tokend::TokenContext *tokenContext, const Tokend::MetaRecord &metaRecord,
+ Tokend::Record &record) const
+{
+ CACKeyRecord &key = dynamic_cast<CACKeyRecord &>(record);
+ CACToken &cacToken = static_cast<CACToken &>(*tokenContext);
+ return new CACKeyHandle(cacToken, metaRecord, key);
+}
+
+
Added: releases/Apple/OSX-10.6.7/CAC/CACKeyHandle.h
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACKeyHandle.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACKeyHandle.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACKeyHandle.h
+ * TokendMuscle
+ */
+
+#ifndef _CACKEYHANDLE_H_
+#define _CACKEYHANDLE_H_
+
+#include "KeyHandle.h"
+
+class CACToken;
+class CACKeyRecord;
+
+
+//
+// A KeyHandle object which implements the crypto interface to muscle.
+//
+class CACKeyHandle: public Tokend::KeyHandle
+{
+ NOCOPY(CACKeyHandle)
+public:
+ CACKeyHandle(CACToken &cacToken, const Tokend::MetaRecord &metaRecord,
+ CACKeyRecord &cacKey);
+ ~CACKeyHandle();
+
+ virtual void getKeySize(CSSM_KEY_SIZE &keySize);
+ virtual uint32 getOutputSize(const Context &context, uint32 inputSize,
+ bool encrypting);
+ virtual void generateSignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, CssmData &signature);
+ virtual void verifySignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input,
+ const CssmData &signature);
+ virtual void generateMac(const Context &context, const CssmData &input,
+ CssmData &output);
+ virtual void verifyMac(const Context &context, const CssmData &input,
+ const CssmData &compare);
+ virtual void encrypt(const Context &context, const CssmData &clear,
+ CssmData &cipher);
+ virtual void decrypt(const Context &context, const CssmData &cipher,
+ CssmData &clear);
+
+ virtual void exportKey(const Context &context,
+ const AccessCredentials *cred, CssmKey &wrappedKey);
+private:
+ CACToken &mToken;
+ CACKeyRecord &mKey;
+};
+
+
+//
+// A factory that creates CACKeyHandle objects.
+//
+class CACKeyHandleFactory : public Tokend::KeyHandleFactory
+{
+ NOCOPY(CACKeyHandleFactory)
+public:
+ CACKeyHandleFactory() {}
+ virtual ~CACKeyHandleFactory();
+
+ virtual Tokend::KeyHandle *keyHandle(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaRecord &metaRecord, Tokend::Record &record) const;
+};
+
+
+#endif /* !_CACKEYHANDLE_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/CAC/CACRecord.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACRecord.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACRecord.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,359 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACRecord.cpp
+ * TokendMuscle
+ */
+
+#include "CACRecord.h"
+
+#include "CACError.h"
+#include "CACToken.h"
+#include "Attribute.h"
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include <security_cdsa_client/aclclient.h>
+#include <Security/SecKey.h>
+
+#include <zlib.h>
+
+//
+// CACRecord
+//
+CACRecord::~CACRecord()
+{
+}
+
+
+//
+// CACCertificateRecord
+//
+CACCertificateRecord::~CACCertificateRecord()
+{
+}
+
+#define CAC_MAXSIZE_CERT 4000
+
+Tokend::Attribute *CACCertificateRecord::getDataAttribute(Tokend::TokenContext *tokenContext)
+{
+ CACToken &cacToken = dynamic_cast<CACToken &>(*tokenContext);
+ CssmData data;
+ if (cacToken.cachedObject(0, mDescription, data))
+ {
+ Tokend::Attribute *attribute =
+ new Tokend::Attribute(data.Data, data.Length);
+ free(data.Data);
+ return attribute;
+ }
+
+ unsigned char command[] = { 0x80, 0x36, 0x00, 0x00, 0x64 };
+ unsigned char result[MAX_BUFFER_SIZE];
+ size_t resultLength = sizeof(result);
+ uint8 certificate[CAC_MAXSIZE_CERT];
+ uint8 uncompressed[CAC_MAXSIZE_CERT];
+ size_t certificateLength = 0;
+
+ try
+ {
+ PCSC::Transaction _(cacToken);
+ cacToken.select(mApplication);
+ uint32_t cacreturn;
+ do
+ {
+ cacreturn = cacToken.exchangeAPDU(command, sizeof(command), result,
+ resultLength);
+
+ if ((cacreturn & 0xFF00) != 0x6300)
+ CACError::check(cacreturn);
+
+ size_t requested = command[4];
+ if (resultLength != requested + 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ memcpy(certificate + certificateLength, result, resultLength - 2);
+ certificateLength += resultLength - 2;
+ // Number of bytes to fetch next time around is in the last byte
+ // returned.
+ command[4] = cacreturn & 0xFF;
+ } while ((cacreturn & 0xFF00) == 0x6300);
+ }
+ catch (...)
+ {
+ return NULL;
+ }
+
+ if (certificate[0] == 1)
+ {
+ /* The certificate is compressed */
+ secdebug("cac", "uncompressing compressed %s", mDescription);
+ size_t uncompressedLength = sizeof(uncompressed);
+ int rv = uncompress(uncompressed, &uncompressedLength, certificate + 1,
+ certificateLength - 1);
+ if (rv != Z_OK)
+ {
+ secdebug("zlib", "uncompressing %s failed: %d", mDescription, rv);
+ CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT);
+ }
+
+ data.Data = uncompressed;
+ data.Length = uncompressedLength;
+ }
+ else
+ {
+ data.Data = certificate;
+ data.Length = certificateLength;
+ }
+
+ cacToken.cacheObject(0, mDescription, data);
+ return new Tokend::Attribute(data.Data, data.Length);
+}
+
+
+//
+// CACKeyRecord
+//
+CACKeyRecord::CACKeyRecord(const unsigned char *application,
+ const char *description, const Tokend::MetaRecord &metaRecord) :
+ CACRecord(application, description)
+{
+ // Allow all keys to decrypt, unwrap, sign
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).attributeIndex(),
+ new Tokend::Attribute(true));
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeyUnwrap).attributeIndex(),
+ new Tokend::Attribute(true));
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeySign).attributeIndex(),
+ new Tokend::Attribute(true));
+}
+
+CACKeyRecord::~CACKeyRecord()
+{
+}
+
+void CACKeyRecord::computeCrypt(CACToken &cacToken, bool sign,
+ const unsigned char *data, size_t dataLength, unsigned char *output,
+ size_t &outputLength)
+{
+ if (dataLength > sizeInBits() / 8)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ PCSC::Transaction _(cacToken);
+ cacToken.select(mApplication);
+ size_t apduSize = dataLength + 5;
+ unsigned char apdu[apduSize];
+ size_t resultLength = sizeInBits() / 8 + 2;
+ unsigned char result[resultLength];
+
+ apdu[0] = 0x80;
+ apdu[1] = 0x42;
+ apdu[2] = 0x00;
+ apdu[3] = 0x00;
+ apdu[4] = dataLength;
+ memcpy(apdu + 5, data, dataLength);
+ CACError::check(cacToken.exchangeAPDU(apdu, apduSize, result,
+ resultLength));
+ if (resultLength != sizeInBits() / 8 + 2)
+ {
+ secdebug("cac", " %s: computeCrypt: expected size: %ld, got: %ld",
+ mDescription, sizeInBits() / 8 + 2, resultLength);
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+
+ if (outputLength < resultLength - 2)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ outputLength = resultLength - 2;
+ memcpy(output, result, outputLength);
+}
+
+void CACKeyRecord::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ if (!mAclEntries) {
+ mAclEntries.allocator(Allocator::standard());
+ // Anyone can read the DB record for this key (which is a reference
+ // CSSM_KEY)
+ mAclEntries.add(CssmClient::AclFactory::AnySubject(
+ mAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+
+ // Using this key to sign or decrypt will require PIN1
+ char tmptag[20];
+ const uint32 slot = 1; // hardwired for now, but...
+ snprintf(tmptag, sizeof(tmptag), "PIN%d", slot);
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 1),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0),
+ tmptag);
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+//
+// CACTBRecord
+//
+CACTBRecord::~CACTBRecord()
+{
+}
+
+void
+CACTBRecord::getSize(CACToken &cacToken, size_t &tbsize, size_t &vbsize)
+{
+ cacToken.select(mApplication);
+ unsigned char apdu[] = { 0x80, 0x56, 0x00, 0x00, 0x2E };
+ unsigned char result[MAX_BUFFER_SIZE];
+ size_t resultLength = sizeof(result);
+ uint32_t cacresult = cacToken.exchangeAPDU(apdu, sizeof(apdu), result,
+ resultLength);
+ if ((cacresult & 0x6C00) == 0x6C00 && (cacresult & 0xFF) > 0x1E)
+ {
+ /* We requested the wrong length, try again */
+ apdu[4] = cacresult & 0xFF;
+ resultLength = sizeof(result);
+ cacresult = cacToken.exchangeAPDU(apdu, sizeof(apdu), result,
+ resultLength);
+ }
+
+ CACError::check(cacresult);
+
+ if (resultLength - 2 != apdu[4])
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ CACError::check(result[resultLength - 2] << 8 + result[resultLength - 1]);
+
+ tbsize = result[0x1C] + (result[0x1D] << 8);
+ vbsize = result[0x1E] + (result[0x1F] << 8);
+}
+
+#define MAX_READ 0xFF // 200 redefine to avoid SCardTransmitExt -- was 0xFF
+
+#if 0
+ // With extended APDUs, we can get another 0x61xx result
+ if (resultLength == 2 && result[0] == 0x61)
+ {
+ apdusize = 5;
+ apdu[0] = 0x00; apdu[1] = 0xC0; apdu[2] = 0x00; apdu[3] = 0x00; apdu[4] = result[1];
+ continue;
+ }
+#endif
+
+/*
+ See NIST IR 6887 \xD0 2003 EDITION, GSC-IS VERSION 2.1
+ 5.3.4 Generic Container Provider Virtual Machine Card Edge Interface
+ for a description of how this command works
+
+ READ BUFFER 0x80 0x52 Off/H Off/L 0x02 <buffer & number bytes to read> \xD0
+*/
+
+Tokend::Attribute *CACTBRecord::getDataAttribute(CACToken &cacToken,
+ bool getTB)
+{
+ size_t size, tbsize, vbsize;
+ cacToken.select(mApplication);
+ size_t resultLength;
+
+ PCSC::Transaction _(cacToken);
+ getSize(cacToken, tbsize, vbsize);
+ size = getTB ? tbsize : vbsize;
+
+ unsigned char outputData[size + 2];
+ unsigned int offset, bytes_left;
+
+ for (offset = 0, bytes_left = size; bytes_left;)
+ {
+ // resultLength = size + 2 - offset;
+ unsigned char toread = bytes_left > MAX_READ ? MAX_READ : bytes_left;
+ unsigned char apdu[] = { 0x80, 0x52,
+ offset >> 8, offset & 0xFF,
+ 0x02, (getTB ? 0x01 : 0x02),
+ toread };
+ resultLength = toread + 2;
+ uint32_t cacresult = cacToken.exchangeAPDU(apdu, sizeof(apdu),
+ outputData + offset,
+ resultLength);
+
+ CACError::check(cacresult);
+
+ if (resultLength - 2 != toread)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ resultLength -= 2;
+ offset += resultLength;
+ bytes_left -= resultLength;
+ }
+
+ return new Tokend::Attribute(outputData, offset);
+}
+
+#if 0
+Tokend::Attribute *CACTBRecord::getDataAttribute(CACToken &cacToken, bool getTB)
+{
+ size_t size, tbsize, vbsize;
+ cacToken.select(mApplication);
+ size_t resultLength;
+
+ PCSC::Transaction _(cacToken);
+ getSize(cacToken, tbsize, vbsize);
+ size = getTB ? tbsize : vbsize;
+
+ CssmData data;
+
+ cacToken.getDataCore(mApplication, mApplicationSize, mDescription, mIsCertificate, mAllowCaching, data);
+
+ return new Tokend::Attribute(data.Data, data.Length);
+}
+#endif
+
+Tokend::Attribute *CACTBRecord::getDataAttribute(Tokend::TokenContext *tokenContext)
+{
+ CACToken &cacToken = dynamic_cast<CACToken &>(*tokenContext);
+ return getDataAttribute(cacToken, true);
+}
+
+
+//
+// CACVBRecord
+//
+CACVBRecord::~CACVBRecord()
+{
+}
+
+Tokend::Attribute *CACVBRecord::getDataAttribute(Tokend::TokenContext *tokenContext)
+{
+ CACToken &cacToken = dynamic_cast<CACToken &>(*tokenContext);
+ return CACTBRecord::getDataAttribute(cacToken, false);
+}
+
+void CACVBRecord::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ if (!mAclEntries) {
+ mAclEntries.allocator(Allocator::standard());
+ // Reading this objects data requires PIN1
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 1),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
Added: releases/Apple/OSX-10.6.7/CAC/CACRecord.h
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACRecord.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACRecord.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACRecord.h
+ * TokendMuscle
+ */
+
+#ifndef _CACRECORD_H_
+#define _CACRECORD_H_
+
+#include "Record.h"
+
+class CACToken;
+
+class CACRecord : public Tokend::Record
+{
+ NOCOPY(CACRecord)
+public:
+ CACRecord(const unsigned char *application, const char *description) :
+ mApplication(application), mDescription(description) {}
+ virtual ~CACRecord();
+
+ virtual const char *description() { return mDescription; }
+
+protected:
+ const unsigned char *application() const { return mApplication; }
+
+protected:
+ const unsigned char *mApplication;
+ const char *mDescription;
+};
+
+
+class CACCertificateRecord : public CACRecord
+{
+ NOCOPY(CACCertificateRecord)
+public:
+ CACCertificateRecord(const unsigned char *application,
+ const char *description) :
+ CACRecord(application, description) {}
+ virtual ~CACCertificateRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
+};
+
+class CACKeyRecord : public CACRecord
+{
+ NOCOPY(CACKeyRecord)
+public:
+ CACKeyRecord(const unsigned char *application, const char *description,
+ const Tokend::MetaRecord &metaRecord);
+ virtual ~CACKeyRecord();
+
+ size_t sizeInBits() const { return 1024; }
+ void computeCrypt(CACToken &cacToken, bool sign, const unsigned char *data,
+ size_t dataLength, unsigned char *result, size_t &resultLength);
+
+ virtual void getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&aclList);
+private:
+ AutoAclEntryInfoList mAclEntries;
+};
+
+
+class CACTBRecord : public CACRecord
+{
+ NOCOPY(CACTBRecord)
+public:
+ CACTBRecord(const unsigned char *application, const char *description) :
+ CACRecord(application, description) {}
+ virtual ~CACTBRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
+
+protected:
+ void getSize(CACToken &cacToken, size_t &tbsize, size_t &vbsize);
+ Tokend::Attribute *getDataAttribute(CACToken &cacToken, bool getTB);
+};
+
+
+class CACVBRecord : public CACTBRecord
+{
+ NOCOPY(CACVBRecord)
+public:
+ CACVBRecord(const unsigned char *application, const char *description) :
+ CACTBRecord(application, description) {}
+ virtual ~CACVBRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
+ virtual void getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&aclList);
+private:
+ AutoAclEntryInfoList mAclEntries;
+};
+
+
+#endif /* !_CACRECORD_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/CAC/CACSchema.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACSchema.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACSchema.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACSchema.cpp
+ * TokendMuscle
+ */
+
+#include "CACSchema.h"
+
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+
+#include <Security/SecCertificate.h>
+#include <Security/SecKeychainItem.h>
+#include <Security/SecKey.h>
+
+using namespace Tokend;
+
+CACSchema::CACSchema() :
+ mKeyAlgorithmCoder(uint32(CSSM_ALGID_RSA)),
+ mKeySizeCoder(uint32(1024))
+{
+}
+
+CACSchema::~CACSchema()
+{
+}
+
+Tokend::Relation *CACSchema::createKeyRelation(CSSM_DB_RECORDTYPE keyType)
+{
+ Relation *rn = createStandardRelation(keyType);
+
+ // Set up coders for key records.
+ MetaRecord &mr = rn->metaRecord();
+ mr.keyHandleFactory(&mCACKeyHandleFactory);
+
+ // Print name of a key might as well be the key name.
+ mr.attributeCoder(kSecKeyPrintName, &mDescriptionCoder);
+
+ // Other key valuess
+ mr.attributeCoder(kSecKeyKeyType, &mKeyAlgorithmCoder);
+ mr.attributeCoder(kSecKeyKeySizeInBits, &mKeySizeCoder);
+ mr.attributeCoder(kSecKeyEffectiveKeySize, &mKeySizeCoder);
+
+ // Key attributes
+ mr.attributeCoder(kSecKeyExtractable, &mFalseCoder);
+ mr.attributeCoder(kSecKeySensitive, &mTrueCoder);
+ mr.attributeCoder(kSecKeyModifiable, &mFalseCoder);
+ mr.attributeCoder(kSecKeyPrivate, &mTrueCoder);
+ mr.attributeCoder(kSecKeyNeverExtractable, &mTrueCoder);
+ mr.attributeCoder(kSecKeyAlwaysSensitive, &mTrueCoder);
+
+ // Key usage
+ mr.attributeCoder(kSecKeyEncrypt, &mFalseCoder);
+ mr.attributeCoder(kSecKeyWrap, &mFalseCoder);
+ mr.attributeCoder(kSecKeyVerify, &mFalseCoder);
+ mr.attributeCoder(kSecKeyDerive, &mFalseCoder);
+ mr.attributeCoder(kSecKeySignRecover, &mFalseCoder);
+ mr.attributeCoder(kSecKeyVerifyRecover, &mFalseCoder);
+
+ return rn;
+}
+
+void CACSchema::create()
+{
+ Schema::create();
+
+ createStandardRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+ createKeyRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
+ Relation *rn_gen = createStandardRelation(CSSM_DL_DB_RECORD_GENERIC);
+
+ // Create the generic table
+ MetaRecord &mr_gen = rn_gen->metaRecord();
+ mr_gen.attributeCoderForData(&mCACDataAttributeCoder);
+}
+
Added: releases/Apple/OSX-10.6.7/CAC/CACSchema.h
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACSchema.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACSchema.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACSchema.h
+ * TokendMuscle
+ */
+
+#ifndef _CACSCHEMA_H_
+#define _CACSCHEMA_H_
+
+#include "Schema.h"
+#include "CACAttributeCoder.h"
+#include "CACKeyHandle.h"
+
+namespace Tokend
+{
+ class Relation;
+ class MetaRecord;
+ class AttributeCoder;
+}
+
+class CACSchema : public Tokend::Schema
+{
+ NOCOPY(CACSchema)
+public:
+ CACSchema();
+ virtual ~CACSchema();
+
+ virtual void create();
+
+protected:
+ Tokend::Relation *createKeyRelation(CSSM_DB_RECORDTYPE keyType);
+
+private:
+ // Coders we need.
+ CACDataAttributeCoder mCACDataAttributeCoder;
+
+ Tokend::ConstAttributeCoder mKeyAlgorithmCoder;
+ Tokend::ConstAttributeCoder mKeySizeCoder;
+
+ CACKeyHandleFactory mCACKeyHandleFactory;
+};
+
+#endif /* !_CACSCHEMA_H_ */
+
Added: releases/Apple/OSX-10.6.7/CAC/CACToken.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACToken.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACToken.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,621 @@
+/*
+ * Copyright (c) 2004,2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACToken.cpp
+ * TokendMuscle
+ */
+
+#include "CACToken.h"
+
+#include "Adornment.h"
+#include "AttributeCoder.h"
+#include "CACError.h"
+#include "CACRecord.h"
+#include "CACSchema.h"
+#include <security_cdsa_client/aclclient.h>
+#include <map>
+#include <vector>
+
+using CssmClient::AclFactory;
+
+#define CLA_STANDARD 0x00
+#define INS_SELECT_FILE 0xA4
+#define INS_GET_DATA 0xCA
+
+#define SELECT_APPLET CLA_STANDARD, INS_SELECT_FILE, 0x04, 0x00
+
+#define SELECT_CAC_APPLET SELECT_APPLET, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x79
+
+#define SELECT_CAC_APPLET_PKI SELECT_CAC_APPLET, 0x01
+#define SELECT_CAC_APPLET_TLB SELECT_CAC_APPLET, 0x02
+#define SELECT_CAC_APPLET_PIN SELECT_CAC_APPLET, 0x03
+
+static const unsigned char kSelectCardManagerApplet[] =
+ { SELECT_APPLET, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00 };
+
+static const unsigned char kSelectCACAppletPKIID[] =
+ { SELECT_CAC_APPLET_PKI, 0x00 };
+static const unsigned char kSelectCACAppletPKIESig[] =
+ { SELECT_CAC_APPLET_PKI, 0x01 };
+static const unsigned char kSelectCACAppletPKIECry[] =
+ { SELECT_CAC_APPLET_PKI, 0x02 };
+static const unsigned char kSelectCACAppletPN[] =
+ { SELECT_CAC_APPLET_TLB, 0x00 };
+static const unsigned char kSelectCACAppletPL[] =
+ { SELECT_CAC_APPLET_TLB, 0x01 };
+static const unsigned char kSelectCACAppletBS[] =
+ { SELECT_CAC_APPLET_TLB, 0x02 };
+static const unsigned char kSelectCACAppletOB[] =
+ { SELECT_CAC_APPLET_TLB, 0x03 };
+static const unsigned char kSelectCACAppletPIN[] =
+ { SELECT_CAC_APPLET_PIN, 0x00 };
+
+
+CACToken::CACToken() :
+ mCurrentApplet(NULL),
+ mPinStatus(0)
+{
+ mTokenContext = this;
+ mSession.open();
+}
+
+CACToken::~CACToken()
+{
+ delete mSchema;
+}
+
+bool CACToken::identify()
+{
+ try
+ {
+ select(kSelectCACAppletPKIID);
+ return true;
+ }
+ catch (const PCSC::Error &error)
+ {
+ if (error.error == SCARD_E_PROTO_MISMATCH)
+ return false;
+ throw;
+ }
+}
+
+void CACToken::select(const unsigned char *applet)
+{
+ // If we are already connected and our current applet is already selected
+ // we are done.
+ if (isInTransaction() && mCurrentApplet == applet)
+ return;
+
+ // For CAC all applet selectors have the same size.
+ size_t applet_length = sizeof(kSelectCACAppletPKIID);
+ unsigned char result[MAX_BUFFER_SIZE];
+ size_t resultLength = sizeof(result);
+
+ transmit(applet, applet_length, result, resultLength);
+ // If the select command failed this isn't a cac card, so we are done.
+ if (resultLength < 2 || result[resultLength - 2] != 0x90 &&
+ result[resultLength - 2] != 0x61 /* || result[resultLength - 1] != 0x0D */)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ if (isInTransaction())
+ mCurrentApplet = applet;
+}
+
+uint32_t CACToken::exchangeAPDU(const unsigned char *apdu, size_t apduLength,
+ unsigned char *result, size_t &resultLength)
+{
+ size_t savedLength = resultLength;
+
+ transmit(apdu, apduLength, result, resultLength);
+ if (resultLength == 2 && result[0] == 0x61)
+ {
+ resultLength = savedLength;
+ uint8 expectedLength = result[1];
+ unsigned char getResult[] = { 0x00, 0xC0, 0x00, 0x00, expectedLength };
+ transmit(getResult, sizeof(getResult), result, resultLength);
+ if (resultLength - 2 != expectedLength)
+ {
+ if (resultLength < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ else
+ CACError::throwMe((result[resultLength - 2] << 8)
+ + result[resultLength - 1]);
+ }
+ }
+
+ if (resultLength < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ return (result[resultLength - 2] << 8) + result[resultLength - 1];
+}
+
+void CACToken::didDisconnect()
+{
+ PCSC::Card::didDisconnect();
+ mCurrentApplet = NULL;
+ mPinStatus = 0;
+}
+
+void CACToken::didEnd()
+{
+ PCSC::Card::didEnd();
+ mCurrentApplet = NULL;
+ mPinStatus = 0;
+}
+
+void CACToken::changePIN(int pinNum,
+ const unsigned char *oldPin, size_t oldPinLength,
+ const unsigned char *newPin, size_t newPinLength)
+{
+ if (pinNum != 1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ if (oldPinLength < 4 || oldPinLength > 8 ||
+ newPinLength < 4 || newPinLength > 8)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+
+ PCSC::Transaction _(*this);
+ /* Change pin only works if one of the CAC applets are selected. */
+ select(kSelectCACAppletPIN);
+
+ unsigned char apdu[] =
+ {
+ 0x80, 0x24, 0x01, 0x00, 0x10,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ };
+
+ memcpy(apdu + 5, oldPin, oldPinLength);
+ memcpy(apdu + 13, newPin, newPinLength);
+
+ unsigned char result[2];
+ size_t resultLength = sizeof(result);
+
+ mPinStatus = exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
+ memset(apdu + 5, 0, 16);
+ CACError::check(mPinStatus);
+}
+
+uint32_t CACToken::pinStatus(int pinNum)
+{
+ if (pinNum != 1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ if (mPinStatus && isInTransaction())
+{ secdebug("adhoc", "returning cached PIN status 0x%x", mPinStatus);
+ return mPinStatus;
+}
+
+ PCSC::Transaction _(*this);
+ /* Verify pin only works if one of the CAC applets are selected. */
+ if (mCurrentApplet != kSelectCACAppletPKIID
+ && mCurrentApplet != kSelectCACAppletPKIESig
+ && mCurrentApplet != kSelectCACAppletPKIECry
+ && mCurrentApplet != kSelectCACAppletPN
+ && mCurrentApplet != kSelectCACAppletPL
+ && mCurrentApplet != kSelectCACAppletBS
+ && mCurrentApplet != kSelectCACAppletOB
+ && mCurrentApplet != kSelectCACAppletPIN)
+ {
+ select(kSelectCACAppletPKIESig);
+ }
+
+ unsigned char result[2];
+ size_t resultLength = sizeof(result);
+ unsigned char apdu[] = { 0x80, 0x20, 0x00, 0x00 };
+
+ mPinStatus = exchangeAPDU(apdu, 4, result, resultLength);
+ if ((mPinStatus & 0xFF00) != 0x6300
+ && mPinStatus != SCARD_AUTHENTICATION_BLOCKED)
+ CACError::check(mPinStatus);
+
+secdebug("adhoc", "new PIN status=0x%x", mPinStatus);
+ return mPinStatus;
+}
+
+void CACToken::verifyPIN(int pinNum,
+ const unsigned char *pin, size_t pinLength)
+{
+ if (pinNum != 1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ if (pinLength < 4 || pinLength > 8)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+
+ PCSC::Transaction _(*this);
+ /* Verify pin only works if one of the CAC applets are selected. */
+ if (mCurrentApplet != kSelectCACAppletPKIID
+ && mCurrentApplet != kSelectCACAppletPKIESig
+ && mCurrentApplet != kSelectCACAppletPKIECry
+ && mCurrentApplet != kSelectCACAppletPN
+ && mCurrentApplet != kSelectCACAppletPL
+ && mCurrentApplet != kSelectCACAppletBS
+ && mCurrentApplet != kSelectCACAppletOB
+ && mCurrentApplet != kSelectCACAppletPIN)
+ {
+ select(kSelectCACAppletPKIESig);
+ }
+
+ unsigned char apdu[] =
+ {
+ 0x80, 0x20, 0x00, 0x00, 0x08,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ };
+
+#if defined(CAC_PROTECTED_MODE)
+ memcpy(apdu + 5, "77777777", 8);
+#else
+ memcpy(apdu + 5, pin, pinLength);
+#endif
+
+ unsigned char result[2];
+ size_t resultLength = sizeof(result);
+
+ mPinStatus = exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
+ memset(apdu + 5, 0, 8);
+ CACError::check(mPinStatus);
+ // Start a new transaction which we never get rid of until someone calls
+ // unverifyPIN()
+ begin();
+}
+
+void CACToken::unverifyPIN(int pinNum)
+{
+ if (pinNum != -1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ end(SCARD_RESET_CARD);
+}
+
+uint32_t CACToken::getData(unsigned char *result, size_t &resultLength)
+{
+ PCSC::Transaction _(*this);
+ try
+ {
+ select(kSelectCardManagerApplet);
+ }
+ catch (const PCSC::Error &error)
+ {
+ return error.error;
+ }
+
+ unsigned char apdu[] = { 0x80, INS_GET_DATA, 0x9F, 0x7F, 0x2D };
+ return exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
+}
+
+/*
+ See NIST IR 6887 \xD0 2003 EDITION, GSC-IS VERSION 2.1
+ 5.3.4 Generic Container Provider Virtual Machine Card Edge Interface
+ for a description of how this command works
+
+ READ BUFFER 0x80 0x52 Off/H Off/L 0x02 <buffer & number bytes to read> \xD0
+
+*/
+
+#if 0
+ unsigned char toread = bytes_left > MAX_READ ? MAX_READ : bytes_left;
+ unsigned char apdu[] = { 0x80, 0x52,
+ offset >> 8, offset & 0xFF,
+ 0x02, (getTB ? 0x01 : 0x02),
+ toread };
+
+#define TBD_ZERO 0x00
+
+#define CAC_CLA_STANDARD CLA_STANDARD // 00
+#define CAC_INS_GET_DATA INS_GET_DATA 0xCB // [SP800731 7.1.2]
+
+// 0x00 0xCB
+#define CAC_GETDATA_APDU CAC_CLA_STANDARD, CAC_INS_GET_DATA, 0x3F, 0xFF
+// Template for getting data
+// 00 CB 3F FF Lc Tag Len OID1 OID2 OID3
+#define PIV_GETDATA_APDU_TEMPLATE PIV_GETDATA_APDU, TBD_ZERO, 0x5C, TBD_ZERO, TBD_FF, TBD_FF, TBD_FF
+
+#define PIV_GETDATA_APDU_INDEX_LEN 4 // Index into APDU for APDU data length (this is TLV<OID>) [Lc]
+#define PIV_GETDATA_APDU_INDEX_OIDLEN 6 // Index into APDU for requested length of data
+#define PIV_GETDATA_APDU_INDEX_OID 7 // Index into APDU for object ID
+
+#define CAC_GETDATA_CONT_APDU_TEMPLATE 0x00, 0xC0, 0x00, 0x00, TBD_ZERO
+
+#define CAC_GETDATA_CONT_APDU_INDEX_LEN 4 // Index into CONT APDU for requested length of data
+
+void CACToken::getDataCore(const unsigned char *oid, size_t oidlen, const char *description, bool isCertificate,
+ bool allowCaching, CssmData &data)
+{
+ unsigned char result[MAX_BUFFER_SIZE];
+ size_t resultLength = sizeof(result);
+ size_t returnedDataLength = 0;
+
+ // The APDU only has space for a 3 byte OID
+ if (oidlen != 3)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ if (!mReturnedData)
+ {
+ mReturnedData = new unsigned char[PIV_MAX_DATA_SIZE];
+ if (!mReturnedData)
+ CssmError::throwMe(CSSM_ERRCODE_MEMORY_ERROR);
+ }
+
+ const unsigned char dataFieldLen = 0x05; // doc says must be 16, but in pratice it is 5
+ unsigned char initialapdu[] = { PIV_GETDATA_APDU_TEMPLATE };
+
+ initialapdu[PIV_GETDATA_APDU_INDEX_LEN] = dataFieldLen;
+ initialapdu[PIV_GETDATA_APDU_INDEX_OIDLEN] = oidlen;
+ memcpy(initialapdu + PIV_GETDATA_APDU_INDEX_OID, oid, oidlen);
+
+ unsigned char continuationapdu[] = { PIV_GETDATA_CONT_APDU_TEMPLATE };
+
+ unsigned char *apdu = initialapdu;
+ size_t apduSize = sizeof(initialapdu);
+
+ selectDefault();
+ // Talk to token here to get data
+ {
+ PCSC::Transaction _(*this);
+
+ uint32_t rx;
+ do
+ {
+ resultLength = sizeof(result); // must reset each time
+ transmit(apdu, apduSize, result, resultLength);
+ if (resultLength < 2)
+ break;
+ rx = (result[resultLength - 2] << 8) + result[resultLength - 1];
+ secdebug("pivtokend", "exchangeAPDU result %02X", rx);
+
+ if ((rx & 0xFF00) != SCARD_BYTES_LEFT_IN_SW2 &&
+ (rx & 0xFF00) != SCARD_SUCCESS)
+ PIVError::check(rx);
+
+ // Switch to the continuation APDU after first exchange
+ apdu = continuationapdu;
+ apduSize = sizeof(continuationapdu);
+
+ memcpy(mReturnedData + returnedDataLength, result, resultLength - 2);
+ returnedDataLength += resultLength - 2;
+
+ // Number of bytes to fetch next time around is in the last byte returned.
+ // For all except the penultimate read, this is 0, indicating that the
+ // token should read all bytes.
+
+ *(apdu + PIV_GETDATA_CONT_APDU_INDEX_LEN) = static_cast<unsigned char>(rx & 0xFF);
+
+ } while ((rx & 0xFF00) == SCARD_BYTES_LEFT_IN_SW2);
+ }
+
+ dumpDataRecord(mReturnedData, returnedDataLength, oid);
+
+ // Start to parse the BER-TLV encoded data. In the end, we only return the
+ // main data part of this but we need to step through the rest first
+ // The certficates are the only types we parse here
+
+ if (returnedDataLength>0)
+ {
+ const unsigned char *pd = &mReturnedData[0];
+ if (*pd != PIV_GETDATA_RESPONSE_TAG)
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ pd++;
+
+ if (isCertificate)
+ processCertificateRecord(pd, returnedDataLength, oid, description, data);
+ else
+ {
+ data.Data = mReturnedData;
+ data.Length = returnedDataLength;
+ }
+
+ if (allowCaching)
+ cacheObject(0, description, data);
+ }
+ else
+ {
+ data.Data = mReturnedData;
+ data.Length = 0;
+ }
+}
+#endif
+
+
+uint32 CACToken::probe(SecTokendProbeFlags flags,
+ char tokenUid[TOKEND_MAX_UID])
+{
+ uint32 score = Tokend::ISO7816Token::probe(flags, tokenUid);
+
+ bool doDisconnect = false; /*!(flags & kSecTokendProbeKeepToken); */
+
+ try
+ {
+ if (!identify())
+ doDisconnect = true;
+ else
+ {
+ unsigned char result[0x2F];
+ size_t resultLength = sizeof(result);
+ /* uint32_t cacreturn = */ getData(result, resultLength);
+
+ /* Score of 200 to ensure that CAC "wins" for Hybrid CAC/PIV cards */
+ score = 200;
+ // Now stick in the bytes returned by getData into the
+ // tokenUid.
+ if(resultLength > 20)
+ {
+ sprintf(tokenUid,
+ "CAC-%02X%02X-%02X%02X-%02X%02X-%02X%02X-%02X%02X",
+ result[3], result[4], result[5], result[6], result[19],
+ result[20], result[15], result[16], result[17],
+ result[18]);
+ }
+ else
+ {
+ /* Cannot generated a tokenUid given the returned data.
+ * Generate time-based tokenUid to permit basic caching */
+ unsigned char buffer[80];
+ time_t now;
+ struct tm* timestruct = localtime(&now);
+ /* Print out the # of seconds since EPOCH UTF */
+ strftime(reinterpret_cast<char *>(buffer), 80, "%s", timestruct);
+ snprintf(tokenUid, TOKEND_MAX_UID, "CAC-%s", buffer);
+ }
+ Tokend::ISO7816Token::name(tokenUid);
+ secdebug("probe", "recognized %s", tokenUid);
+ }
+ }
+ catch (...)
+ {
+ doDisconnect = true;
+ score = 0;
+ }
+
+ if (doDisconnect)
+ disconnect();
+
+ return score;
+}
+
+void CACToken::establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX])
+{
+ Tokend::ISO7816Token::establish(guid, subserviceId, flags,
+ cacheDirectory, workDirectory, mdsDirectory, printName);
+
+ mSchema = new CACSchema();
+ mSchema->create();
+
+ populate();
+}
+
+//
+// Database-level ACLs
+//
+void CACToken::getOwner(AclOwnerPrototype &owner)
+{
+ // we don't really know (right now), so claim we're owned by PIN #0
+ if (!mAclOwner)
+ {
+ mAclOwner.allocator(Allocator::standard());
+ mAclOwner = AclFactory::PinSubject(Allocator::standard(), 0);
+ }
+ owner = mAclOwner;
+}
+
+
+void CACToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ Allocator &alloc = Allocator::standard();
+
+ if (unsigned pin = pinFromAclTag(tag, "?")) {
+ static AutoAclEntryInfoList acl;
+ acl.clear();
+ acl.allocator(alloc);
+ uint32_t status = this->pinStatus(pin);
+ if (status == SCARD_SUCCESS)
+ acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED);
+ else if (status >= CAC_AUTHENTICATION_FAILED_0 && status <= CAC_AUTHENTICATION_FAILED_3)
+ acl.addPinState(pin, 0, status - CAC_AUTHENTICATION_FAILED_0);
+ else
+ acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN);
+ count = acl.size();
+ acls = acl.entries();
+ return;
+ }
+
+ // mAclEntries sets the handle of each AclEntryInfo to the
+ // offset in the array.
+
+ // get pin list, then for each pin
+ if (!mAclEntries) {
+ mAclEntries.allocator(alloc);
+ // Anyone can read the attributes and data of any record on this token
+ // (it's further limited by the object itself).
+ mAclEntries.add(CssmClient::AclFactory::AnySubject(
+ mAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ // We support PIN1 with either a passed in password
+ // subject or a prompted password subject.
+ mAclEntries.addPin(AclFactory::PWSubject(alloc), 1);
+ mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), 1);
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+
+#pragma mark ---------------- CAC Specific --------------
+
+void CACToken::populate()
+{
+ secdebug("populate", "CACToken::populate() begin");
+ Tokend::Relation &certRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+ Tokend::Relation &privateKeyRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
+ Tokend::Relation &dataRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_GENERIC);
+
+ RefPointer<Tokend::Record> idCert(new CACCertificateRecord(
+ kSelectCACAppletPKIID, "Identity Certificate"));
+ RefPointer<Tokend::Record> eSigCert(new CACCertificateRecord(
+ kSelectCACAppletPKIESig, "Email Signing Certificate"));
+ RefPointer<Tokend::Record> eCryCert(new CACCertificateRecord(
+ kSelectCACAppletPKIECry, "Email Encryption Certificate"));
+
+ certRelation.insertRecord(idCert);
+ certRelation.insertRecord(eSigCert);
+ certRelation.insertRecord(eCryCert);
+
+ RefPointer<Tokend::Record> idKey(new CACKeyRecord(
+ kSelectCACAppletPKIID, "Identity Private Key",
+ privateKeyRelation.metaRecord()));
+ RefPointer<Tokend::Record> eSigKey(new CACKeyRecord(
+ kSelectCACAppletPKIESig, "Email Signing Private Key",
+ privateKeyRelation.metaRecord()));
+ RefPointer<Tokend::Record> eCryKey(new CACKeyRecord(
+ kSelectCACAppletPKIECry, "Email Encryption Private Key",
+ privateKeyRelation.metaRecord()));
+
+ privateKeyRelation.insertRecord(idKey);
+ privateKeyRelation.insertRecord(eSigKey);
+ privateKeyRelation.insertRecord(eCryKey);
+
+ idKey->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(idCert));
+ eSigKey->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(eSigCert));
+ eCryKey->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(eCryCert));
+
+ dataRelation.insertRecord(new CACTBRecord(kSelectCACAppletPN, "PNTB"));
+ dataRelation.insertRecord(new CACVBRecord(kSelectCACAppletPN, "PNVB"));
+ dataRelation.insertRecord(new CACTBRecord(kSelectCACAppletPL, "PLTB"));
+ dataRelation.insertRecord(new CACVBRecord(kSelectCACAppletPL, "PLVB"));
+ dataRelation.insertRecord(new CACTBRecord(kSelectCACAppletBS, "BSTB"));
+ dataRelation.insertRecord(new CACVBRecord(kSelectCACAppletBS, "BSVB"));
+ dataRelation.insertRecord(new CACTBRecord(kSelectCACAppletOB, "OBTB"));
+ dataRelation.insertRecord(new CACVBRecord(kSelectCACAppletOB, "OBVB"));
+
+ secdebug("populate", "CACToken::populate() end");
+}
+
Added: releases/Apple/OSX-10.6.7/CAC/CACToken.h
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/CACToken.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/CACToken.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACToken.h
+ * TokendMuscle
+ */
+
+#ifndef _CACTOKEN_H_
+#define _CACTOKEN_H_
+
+#include <Token.h>
+#include "TokenContext.h"
+
+#include <security_utilities/pcsc++.h>
+
+class CACSchema;
+
+//
+// "The" token
+//
+class CACToken : public Tokend::ISO7816Token
+{
+ NOCOPY(CACToken)
+public:
+ CACToken();
+ ~CACToken();
+
+ virtual void didDisconnect();
+ virtual void didEnd();
+
+ virtual uint32 probe(SecTokendProbeFlags flags,
+ char tokenUid[TOKEND_MAX_UID]);
+ virtual void establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX]);
+ virtual void getOwner(AclOwnerPrototype &owner);
+ virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls);
+
+ virtual void changePIN(int pinNum,
+ const unsigned char *oldPin, size_t oldPinLength,
+ const unsigned char *newPin, size_t newPinLength);
+ virtual uint32_t pinStatus(int pinNum);
+ virtual void verifyPIN(int pinNum, const unsigned char *pin, size_t pinLength);
+ virtual void unverifyPIN(int pinNum);
+
+ bool identify();
+ void select(const unsigned char *applet);
+ uint32_t exchangeAPDU(const unsigned char *apdu, size_t apduLength,
+ unsigned char *result, size_t &resultLength);
+
+ uint32_t getData(unsigned char *result, size_t &resultLength);
+
+protected:
+ void populate();
+
+public:
+ const unsigned char *mCurrentApplet;
+ uint32_t mPinStatus;
+
+ // temporary ACL cache hack - to be removed
+ AutoAclOwnerPrototype mAclOwner;
+ AutoAclEntryInfoList mAclEntries;
+};
+
+
+#endif /* !_CACTOKEN_H_ */
+
Added: releases/Apple/OSX-10.6.7/CAC/Info.plist
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/Info.plist (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/Info.plist 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleExecutable</key>
+ <string>CAC</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.tokend.cac</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundleName</key>
+ <string>CAC</string>
+ <key>CFBundlePackageType</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>2.2.1</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleVersion</key>
+ <string>40596</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/CAC/cac.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/cac.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/cac.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * cac.cpp - CAC.tokend main program
+ */
+
+#include "CACToken.h"
+
+int main(int argc, const char *argv[])
+{
+ secdebug("CAC.tokend", "main starting with %d arguments", argc);
+ secdelay((char *)"/tmp/delay/CAC");
+
+#if 0
+ setenv("DEBUGSCOPE", "-mutex,walkers", 0);
+ setenv("DEBUGOPTIONS", "scope,thread,date", 0);
+ setenv("DEBUGDEST", "/var/tmp/securityd-log", 0);
+ setenv("DEBUGDUMP", "stdout", 0);
+#endif
+
+ token = new CACToken();
+ return SecTokendMain(argc, argv, token->callbacks(), token->support());
+}
+
Added: releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_capabilities.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_capabilities.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_capabilities.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>Capabilities</key>
+ <string>file:cac_csp_capabilities_common.mds</string>
+ <key>MdsFileDescription</key>
+ <string>CAC Token CSPDL CSP Capabilities</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_capabilities_common.mds
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_capabilities_common.mds (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_capabilities_common.mds 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,903 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<array>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>SHA1 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD5 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD2 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>64</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>192</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>3DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC2 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC4 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC5 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_CAST</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>New item</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>CAST Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_BLOWFISH</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>Blowfish Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>SHA1HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>MD5HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>128</integer>
+ <integer>192</integer>
+ <integer>256</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>AES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ASC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>ASC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>31</integer>
+ <integer>127</integer>
+ <integer>128</integer>
+ <integer>161</integer>
+ <integer>192</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>FEE Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 MD5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 MD2 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 SHA1 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>DES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY_EDE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>3DES EDE Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>AES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>0</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC4 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC5 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_BLOWFISH</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>Blowfish Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_CAST</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>CAST Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>RSA Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEEDEXP</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEEDExp Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEED</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEED Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD2 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC_LEGACY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC Legacy</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_APPLE_YARROW</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_RANDOMGEN</string>
+ <key>Description</key>
+ <string>Yarrow PRNG</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+</array>
+</plist>
Added: releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_primary.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_primary.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/mds/cac_csp_primary.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>AuthTags</key>
+ <!-- @@@ complete this -->
+ <array>
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>CspCustomFlags</key>
+ <integer>0</integer>
+ <key>CspFlags</key>
+ <!-- @@@ dynamic -->
+ <string>CSSM_CSP_STORES_PRIVATE_KEYS | CSSM_CSP_STORES_PUBLIC_KEYS | CSSM_CSP_STORES_CERTIFICATES | CSSM_CSP_STORES_GENERIC</string>
+ <key>CspType</key>
+ <string>CSSM_CSP_HARDWARE</string>
+ <key>MdsFileDescription</key>
+ <string>Token CSPDL CSP Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE</string>
+ <key>ModuleName</key>
+ <string>AppleSDCSPDL</string>
+ <key>ProductVersion</key>
+ <string>0.1</string>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>UseeTags</key>
+ <array/>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/CAC/mds/cac_dl_primary.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/mds/cac_dl_primary.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/mds/cac_dl_primary.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>AuthTags</key>
+ <array>
+ <!-- @@@ complete this -->
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>ConjunctiveOps</key>
+ <array>
+ <string>CSSM_DB_NONE</string>
+ <string>CSSM_DB_AND</string>
+ <string>CSSM_DB_OR</string>
+ </array>
+ <key>DLType</key>
+ <string>CSSM_DL_FFS</string>
+ <key>MdsFileDescription</key>
+ <string>Token CSPDL DL Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_DL_PRIMARY_RECORDTYPE</string>
+ <key>ModuleName</key>
+ <string>AppleSDCSPDL</string>
+ <key>ProductVersion</key>
+ <string>0.1</string>
+ <key>QueryLimitsFlag</key>
+ <integer>0</integer>
+ <key>RelationalOps</key>
+ <array>
+ <string>CSSM_DB_EQUAL</string>
+ <string>CSSM_DB_LESS_THAN</string>
+ <string>CSSM_DB_GREATER_THAN</string>
+ <string>CSSM_DB_CONTAINS_FINAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS_INITIAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS</string>
+ <string></string>
+ </array>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/CAC/mds/cac_smartcard.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/CAC/mds/cac_smartcard.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/CAC/mds/cac_smartcard.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>MdsFileDescription</key>
+ <string>SD/CSPDL Generic Smartcard Information</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>ScVendor</key>
+ <string>Generic</string>
+ <key>ScVersion</key>
+ <string>unknown</string>
+ <key>ScFirmwareVersion</key>
+ <string>CACViewerPlugin</string>
+ <key>ScFlags</key> <!-- @@@ dynamic -->
+ <integer>0</integer>
+ <key>ScCustomFlags</key>
+ <integer>0</integer>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGApplet.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGApplet.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGApplet.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,436 @@
+/*
+ * CACNGApplet.cpp
+ * Tokend
+ *
+ * Created by harningt on 9/30/09.
+ * Copyright 2009 TrustBearer Labs. All rights reserved.
+ *
+ */
+
+
+#include "CACNGApplet.h"
+#include <security_utilities/pcsc++.h>
+
+#include "CACNGToken.h"
+#include "CACNGError.h"
+
+#include "CompressionTool.h"
+
+#include "TLV.h"
+
+/* FOR KEYSIZE CALCULATION */
+#include <Security/Security.h>
+
+#define PIV_CLA_STANDARD 0x00
+#define PIV_INS_GET_DATA 0xCB // [SP800731 7.1.2]
+
+// 0x00 0xCB
+#define PIV_GETDATA_APDU PIV_CLA_STANDARD, PIV_INS_GET_DATA, 0x3F, 0xFF
+#define PIV_GETDATA_CONT_APDU 0x00, 0xC0, 0x00, 0x00
+
+#define PIV_GETDATA_RESPONSE_TAG 0x53
+#define PIV_GETDATA_TAG_CERTIFICATE 0x70
+#define PIV_GETDATA_TAG_CERTINFO 0x71
+#define PIV_GETDATA_TAG_MSCUID 0x72
+#define PIV_GETDATA_TAG_ERRORDETECTION 0xFE
+
+#define PIV_GETDATA_COMPRESSION_MASK 0x81
+
+CACNGCacApplet::CACNGCacApplet(CACNGToken &token, const byte_string &applet, const byte_string &object)
+:token(token), applet(applet), object(object)
+{
+}
+
+void CACNGCacApplet::select()
+{
+ byte_string result;
+ uint32_t code = token.exchangeAPDU(applet, result);
+ CACNGError::check(code);
+ if (!object.empty()) {
+ result.resize(0);
+ code = token.exchangeAPDU(object, result);
+ CACNGError::check(code);
+ }
+}
+
+CACNGIDObject::CACNGIDObject(CACNGToken &token, shared_ptr<CACNGSelectable> applet, const std::string &description)
+:token(token), applet(applet), keySize(0), description(description)
+{
+}
+
+
+size_t CACNGIDObject::getKeySize()
+{
+ if (keySize == ~(size_t)0)
+ CACNGError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ if (keySize != 0)
+ return keySize;
+ byte_string cert = read();
+ SecCertificateRef certRef = 0;
+ SecKeyRef keyRef = 0;
+ /* Parse certificate for size */
+ CSSM_DATA certData;
+ certData.Data = (uint8_t*)&cert[0];
+ certData.Length = cert.size();
+ const CSSM_KEY *cssmKey = NULL;
+ OSStatus status = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER, &certRef);
+ if(status != noErr) goto done;
+ status = SecCertificateCopyPublicKey(certRef, &keyRef);
+ if(status != noErr) goto done;
+ status = SecKeyGetCSSMKey(keyRef, &cssmKey);
+ if(status != noErr) goto done;
+ keySize = cssmKey->KeyHeader.LogicalKeySizeInBits;
+done:
+ if(keyRef)
+ CFRelease(keyRef);
+ if(certRef)
+ CFRelease(certRef);
+ if (keySize == 0) {
+ keySize = ~(size_t)0;
+ CACNGError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ }
+ return keySize;
+}
+
+CACNGCacIDObject::CACNGCacIDObject(CACNGToken &token, shared_ptr<CACNGSelectable> applet, const std::string &description)
+:CACNGIDObject(token, applet, description)
+{
+}
+
+/*
+ See NIST IR 6887 – 2003 EDITION, GSC-IS VERSION 2.1
+ 5.3.4 Generic Container Provider Virtual Machine Card Edge Interface
+ for a description of how this command works
+
+ READ BUFFER 0x80 0x52 Off/H Off/L 0x02 <buffer & number bytes to read> –
+ */
+static size_t read_cac_buffer_size(CACNGToken &token, bool isTbuffer)
+{
+ unsigned char apdu[] = { 0x80, 0x52, 0x00, 0x00, 0x02, isTbuffer ? 0x01 : 0x02, 0x02 };
+ unsigned char result[4];
+ size_t resultLength = sizeof(result);
+ uint32_t cacresult = token.exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
+ CACNGError::check(cacresult);
+ return result[0] | result[1] << 8;
+}
+
+static void read_cac_buffer(CACNGToken &token, bool isTbuffer, byte_string &result)
+{
+ size_t size = read_cac_buffer_size(token, isTbuffer);
+ result.resize(size + 2);
+ unsigned int offset, bytes_left;
+ const unsigned int MAX_READ = 0xFF;
+ for (offset = 2, bytes_left = size; bytes_left;)
+ {
+ // resultLength = size + 2 - offset;
+ unsigned char toread = bytes_left > MAX_READ ? MAX_READ : bytes_left;
+ unsigned char apdu[] = {
+ 0x80, 0x52, offset >> 8, offset & 0xFF, 0x02, isTbuffer ? 0x01 : 0x02, toread
+ };
+ size_t resultLength = toread + 2;
+ uint32_t cacresult = token.exchangeAPDU(apdu, sizeof(apdu),
+ &result[offset - 2],
+ resultLength);
+
+ CACNGError::check(cacresult);
+
+ if (resultLength - 2 != toread)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ resultLength -= 2;
+ offset += resultLength;
+ bytes_left -= resultLength;
+ }
+ /* Trim off status bytes */
+ result.resize(result.size() - 2);
+}
+
+byte_string CACNGCacIDObject::read()
+{
+ byte_string result;
+ CssmData data;
+ if (token.cachedObject(0, description.c_str(), data))
+ {
+ result.assign((uint8_t*)data.data(), (uint8_t*)data.data() + data.length());
+ return result;
+ }
+
+ PCSC::Transaction _(token);
+ token.select(applet);
+
+ read_cac_buffer(token, false, result);
+
+ if (result[0] != 0) {
+ /* The certificate is compressed */
+ result = CompressionTool::zlib_decompress(result.begin() + 1, result.end());
+ } else {
+ /* Remove marker byte */
+ result.erase(result.begin());
+ }
+
+ data.Data = &result[0];
+ data.Length = result.size();
+ token.cacheObject(0, description.c_str(), data);
+ return result;
+}
+
+byte_string CACNGCacIDObject::crypt(const byte_string &input)
+{
+ byte_string result;
+ if (input.size() > keySize / 8)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ //if (sign != mSignOnly)
+ // CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT);
+
+ PCSC::Transaction _(token);
+ token.select(applet);
+
+ byte_string apdu;
+
+ size_t resultLength = keySize / 8 + 2;
+ result.resize(resultLength);
+ const size_t CHUNK_SIZE = 128;
+
+ for (unsigned i = 0; i < input.size(); i += CHUNK_SIZE)
+ {
+ const uint8_t next_chunk = min(input.size() - i, CHUNK_SIZE);
+ apdu.resize(5 + next_chunk);
+ apdu[0] = 0x80;
+ apdu[1] = 0x42;
+ apdu[2] = ((input.size() - i) > CHUNK_SIZE) ? 0x80 : 0x00;
+ apdu[3] = 0x00;
+ apdu[4] = next_chunk;
+ memcpy(&apdu[5], &input[i], next_chunk);
+ resultLength = result.size();
+ CACNGError::check(token.exchangeAPDU(&apdu[0], next_chunk + 5, &result[0],
+ resultLength));
+ }
+ if (resultLength != keySize / 8 + 2) {
+ secdebug("cac", " %s: computeCrypt: expected size: %ld, got: %ld",
+ description.c_str(), keySize / 8 + 2, resultLength);
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+ /* Trim off status bytes */
+ result.resize(resultLength - 2);
+ return result;
+}
+
+CACNGPivApplet::CACNGPivApplet(CACNGToken &token, const byte_string &applet)
+:token(token), applet(applet)
+{
+}
+
+void CACNGPivApplet::select()
+{
+ byte_string result;
+ uint32_t code = token.exchangeAPDU(applet, result);
+ CACNGError::check(code);
+}
+
+CACNGPivIDObject::CACNGPivIDObject(CACNGToken &token, shared_ptr<CACNGSelectable> applet, const std::string &description, const byte_string &oid, uint8_t keyRef)
+:CACNGIDObject(token, applet, description), oid(oid), keyRef(keyRef)
+{
+}
+
+static void read_piv_object(CACNGToken &token, const byte_string &oid, byte_string &result)
+{
+ TLV oidValue(0x5C, oid);
+ byte_string tagged_oid = oidValue.encode();
+ static const unsigned char INITIAL_APDU[] = { PIV_GETDATA_APDU };
+ /* TODO: Build from ground-up */
+ byte_string initialApdu;
+ initialApdu.reserve(sizeof(INITIAL_APDU) + 1 + tagged_oid.size());
+ initialApdu.insert(initialApdu.begin(), INITIAL_APDU, INITIAL_APDU + sizeof(INITIAL_APDU));
+ initialApdu.push_back((uint8_t)tagged_oid.size());
+ initialApdu += tagged_oid;
+
+ static const unsigned char CONTINUATION_APDU[] = { PIV_GETDATA_CONT_APDU, 0x00 /* LENGTH LOCATION */ };
+ byte_string continuationApdu(CONTINUATION_APDU, CONTINUATION_APDU + sizeof(CONTINUATION_APDU));
+
+ byte_string *apdu = &initialApdu;
+
+ uint32_t rx;
+ do
+ {
+ rx = token.exchangeAPDU(*apdu, result);
+ secdebug("pivtokend", "exchangeAPDU result %02X", rx);
+
+ if ((rx & 0xFF00) != SCARD_BYTES_LEFT_IN_SW2 &&
+ (rx & 0xFF00) != SCARD_SUCCESS)
+ CACNGError::check(rx);
+
+ // Switch to the continuation APDU after first exchange
+ apdu = &continuationApdu;
+
+ // Number of bytes to fetch next time around is in the last byte returned.
+ // For all except the penultimate read, this is 0, indicating that the
+ // token should read all bytes.
+ apdu->back() = static_cast<unsigned char>(rx & 0xFF);
+ } while ((rx & 0xFF00) == SCARD_BYTES_LEFT_IN_SW2);
+
+ // Start to parse the BER-TLV encoded data. In the end, we only return the
+ // main data part of this but we need to step through the rest first
+ // The certficates are the only types we parse here
+ if (result.size()<=0)
+ return;
+ if (result[0] != PIV_GETDATA_RESPONSE_TAG)
+ CACNGError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+
+}
+
+byte_string CACNGPivIDObject::read()
+{
+ byte_string result;
+ PCSC::Transaction _(token);
+ token.select(applet);
+
+ read_piv_object(token, oid, result);
+ /* Decode/decompress the certificate */
+ bool hasCertificateData = false;
+ bool isCompressed = false;
+
+ // 00000000 53 82 04 84 70 82 04 78 78 da 33 68 62 db 61 d0
+ TLV_ref tlv;
+ TLVList list;
+ try {
+ tlv = TLV::parse(result);
+ list = tlv->getInnerValues();
+ } catch(...) {
+ CACNGError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ }
+
+ for(TLVList::const_iterator iter = list.begin(); iter != list.end(); ++iter) {
+ const byte_string &tagString = (*iter)->getTag();
+ const byte_string &value = (*iter)->getValue();
+ if(tagString.size() != 1)
+ CACNGError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ uint8_t tag = tagString[0];
+ switch (tag) {
+ case PIV_GETDATA_TAG_CERTIFICATE: // 0x70
+ result = value;
+ hasCertificateData = true;
+ break;
+ case PIV_GETDATA_TAG_CERTINFO: // 0x71
+ if(value.size() != 1)
+ CACNGError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ secdebug("pivtokend", "CertInfo byte: %02X", value[0]);
+ isCompressed = value[0] & PIV_GETDATA_COMPRESSION_MASK;
+ break;
+ case PIV_GETDATA_TAG_MSCUID: // 0x72 -- should be of length 3...
+ break;
+ case PIV_GETDATA_TAG_ERRORDETECTION:
+ break;
+ case 0:
+ case 0xFF:
+ break;
+ default:
+ CACNGError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ break;
+ }
+ }
+
+ /* No cert data ? */
+ if(!hasCertificateData)
+ CACNGError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ if (isCompressed) {
+ return CompressionTool::zlib_decompress(result);
+ }
+
+ return result;
+}
+
+byte_string CACNGPivIDObject::crypt(const byte_string &input)
+{
+ byte_string result;
+ /* Allow all key usage, certificates determine validity */
+ unsigned char algRef;
+ switch (keySize) {
+ case 1024:
+ algRef = 0x06;
+ break;
+ case 2048:
+ algRef = 0x07;
+ break;
+ default:
+ /* Cannot use a key ~= 1024 or 2048 bits yet */
+ CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT);
+ break;
+ }
+
+ /* Build the BER-Encoded message */
+ /* Template: 0x7C L { 0x82 0x00, 0x81 L data } .. 2 tag+lengths + 1 tag-0 */
+ TLVList commandList;
+ commandList.push_back(TLV_ref(new TLV(0x82)));
+ commandList.push_back(TLV_ref(new TLV(0x81, input)));
+ TLV_ref command = TLV_ref(new TLV(0x7C, commandList));
+
+ /* TODO: Evaluate result length handling */
+ /* At least enough to contain BER-TLV */
+ size_t resultLength = keySize / 8;
+ resultLength += 1 + TLV::encodedLength(resultLength); // RESPONSE
+ resultLength += 1 + 1; // Potential empty response-tlv
+ resultLength += 1 + TLV::encodedLength(resultLength); // TLV containing response
+ /* Round out resultLength to a multiple of 256 */
+ resultLength = resultLength + resultLength % 256 + 256;
+ // Ensure that there's enough space to prevent unnecessary resizing
+ result.reserve(resultLength);
+
+ byte_string commandString = command->encode();
+
+ PCSC::Transaction _(token);
+ token.select(applet);
+
+ CACNGError::check(token.exchangeChainedAPDU(0x00, 0x87, algRef, keyRef, commandString, result));
+
+ /* DECODE 0x7C */
+ TLV_ref tlv;
+ try {
+ tlv = TLV::parse(result);
+ } catch(...) {
+ secure_zero(result);
+ CACNGError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ }
+ secure_zero(result);
+ if(tlv->getTag() != (unsigned char*)"\x7C") {
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+ byte_string tagData;
+ try {
+ TLVList list = tlv->getInnerValues();
+ TLVList::const_iterator iter = find_if(list.begin(), list.end(), TagPredicate(0x82));
+ if(iter != list.end())
+ tagData = (*iter)->getValue();
+ } catch(...) {
+ }
+ if(tagData.size() == 0) {
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+
+ if(tagData.size() != keySize / 8) { // Not enough data at all..
+ secure_zero(tagData);
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+
+ result.swap(tagData);
+ /* zero-out tagData */
+ secure_zero(tagData);
+
+ return result;
+}
+
+CACNGCacBufferObject::CACNGCacBufferObject(CACNGToken &token, shared_ptr<CACNGSelectable> applet, bool isTbuffer)
+:token(token), applet(applet), isTbuffer(isTbuffer)
+{
+}
+
+byte_string CACNGCacBufferObject::read()
+{
+ byte_string result;
+
+ PCSC::Transaction _(token);
+ token.select(applet);
+ read_cac_buffer(token, isTbuffer, result);
+
+ return result;
+}
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGApplet.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGApplet.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGApplet.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,135 @@
+/*
+ * CACNGApplet.h
+ * Tokend
+ *
+ * Created by harningt on 9/30/09.
+ * Copyright 2009 TrustBearer Labs. All rights reserved.
+ *
+ */
+#ifndef CACNGAPPLET_H
+#define CACNGAPPLET_H
+
+#include "byte_string.h"
+#include <security_utilities/utilities.h>
+
+#include <tr1/memory>
+using std::tr1::shared_ptr;
+
+class CACNGToken;
+
+class CACNGSelectable
+{
+ NOCOPY(CACNGSelectable)
+public:
+ CACNGSelectable() {}
+ virtual ~CACNGSelectable() {}
+
+protected:
+ virtual void select() = 0;
+ friend class CACNGToken;
+};
+
+class CACNGReadable
+{
+ NOCOPY(CACNGReadable)
+public:
+ CACNGReadable() {}
+ virtual ~CACNGReadable() {}
+ virtual byte_string read() = 0;
+};
+
+class CACNGCryptable
+{
+ NOCOPY(CACNGCryptable)
+public:
+ CACNGCryptable() {}
+ virtual ~CACNGCryptable() {}
+ virtual byte_string crypt(const byte_string &input) = 0;
+};
+
+class CACNGCacApplet : public CACNGSelectable
+{
+ NOCOPY(CACNGCacApplet);
+public:
+ CACNGCacApplet(CACNGToken &token, const byte_string &applet, const byte_string &object);
+ virtual ~CACNGCacApplet() {}
+
+protected:
+ void select();
+
+ CACNGToken &token;
+private:
+ const byte_string applet;
+ const byte_string object;
+};
+
+
+class CACNGPivApplet : public CACNGSelectable
+{
+ NOCOPY(CACNGPivApplet)
+public:
+ CACNGPivApplet(CACNGToken &token, const byte_string &applet);
+ virtual ~CACNGPivApplet() {}
+
+protected:
+ CACNGToken &token;
+ void select();
+
+private:
+ const byte_string applet;
+};
+
+class CACNGIDObject : public CACNGReadable, public CACNGCryptable
+{
+ NOCOPY(CACNGIDObject);
+public:
+ CACNGIDObject(CACNGToken &token, shared_ptr<CACNGSelectable> applet, const std::string &description);
+
+ size_t getKeySize();
+protected:
+ CACNGToken &token;
+ shared_ptr<CACNGSelectable> applet;
+
+ size_t keySize;
+ const std::string description;
+};
+
+class CACNGCacIDObject : public CACNGIDObject
+{
+ NOCOPY(CACNGCacIDObject);
+public:
+ CACNGCacIDObject(CACNGToken &token, shared_ptr<CACNGSelectable> applet, const std::string &description);
+ virtual ~CACNGCacIDObject() {}
+ byte_string read();
+ byte_string crypt(const byte_string &input);
+};
+
+class CACNGPivIDObject : public CACNGIDObject
+{
+ NOCOPY(CACNGPivIDObject)
+public:
+ CACNGPivIDObject(CACNGToken &token, shared_ptr<CACNGSelectable> applet, const std::string &description, const byte_string &oid, uint8_t keyRef);
+ virtual ~CACNGPivIDObject() {}
+
+ byte_string read();
+ byte_string crypt(const byte_string &input);
+private:
+ const byte_string oid;
+ const uint8_t keyRef;
+};
+
+class CACNGCacBufferObject : public CACNGReadable
+{
+ NOCOPY(CACNGCacBufferObject);
+public:
+ CACNGCacBufferObject(CACNGToken &token, shared_ptr<CACNGSelectable> applet, bool isTbuffer);
+ virtual ~CACNGCacBufferObject() {}
+
+ byte_string read();
+private:
+ CACNGToken &token;
+ shared_ptr<CACNGSelectable> applet;
+ bool isTbuffer;
+};
+
+#endif /* CACNGAPPLET_H */
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGAttributeCoder.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGAttributeCoder.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGAttributeCoder.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGAttributeCoder.cpp
+ * TokendMuscle
+ */
+
+#include "CACNGAttributeCoder.h"
+
+#include "Adornment.h"
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include "CACNGRecord.h"
+#include "CACNGToken.h"
+
+#include <Security/SecKeychainItem.h>
+#include <security_cdsa_utilities/cssmkey.h>
+
+using namespace Tokend;
+
+
+//
+// CACNGDataAttributeCoder
+//
+CACNGDataAttributeCoder::~CACNGDataAttributeCoder()
+{
+}
+
+void CACNGDataAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ CACNGRecord &cacRecord = dynamic_cast<CACNGRecord &>(record);
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ cacRecord.getDataAttribute(tokenContext));
+}
+
+CACNGKeySizeAttributeCoder::~CACNGKeySizeAttributeCoder()
+{
+}
+
+void CACNGKeySizeAttributeCoder::decode(TokenContext *TokenContext,
+ const MetaAttribute &MetaAttribute, Record &record)
+{
+ CACNGKeyRecord &cacRecord = dynamic_cast<CACNGKeyRecord &>(record);
+ record.attributeAtIndex(MetaAttribute.attributeIndex(),
+ new Tokend::Attribute((uint32_t)cacRecord.sizeInBits()));
+}
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGAttributeCoder.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGAttributeCoder.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGAttributeCoder.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGAttributeCoder.h
+ * TokendMuscle
+ */
+
+#ifndef _CACNGATTRIBUTECODER_H_
+#define _CACNGATTRIBUTECODER_H_
+
+#include "AttributeCoder.h"
+#include <string>
+
+#include <PCSC/musclecard.h>
+
+
+//
+// A coder that reads the data of an object
+//
+class CACNGDataAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(CACNGDataAttributeCoder)
+public:
+
+ CACNGDataAttributeCoder() {}
+ virtual ~CACNGDataAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+//
+// A coder that produces the LogicalKeySizeInBits of a key
+//
+class CACNGKeySizeAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(CACNGKeySizeAttributeCoder)
+public:
+ CACNGKeySizeAttributeCoder() {}
+ virtual ~CACNGKeySizeAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+#endif /* !_CACNGATTRIBUTECODER_H_ */
+
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGError.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGError.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGError.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGError.cpp
+ * TokendMuscle
+ */
+
+#include "CACNGError.h"
+
+#include <Security/cssmerr.h>
+
+//
+// CACNGError exceptions
+//
+CACNGError::CACNGError(uint16_t sw) : SCardError(sw)
+{
+ IFDEBUG(debugDiagnose(this));
+}
+
+CACNGError::~CACNGError() throw ()
+{
+}
+
+const char *CACNGError::what() const throw ()
+{ return "CACNG error"; }
+
+OSStatus CACNGError::osStatus() const
+{
+ switch (statusWord)
+ {
+ case CACNG_AUTHENTICATION_FAILED_0:
+ case CACNG_AUTHENTICATION_FAILED_1:
+ case CACNG_AUTHENTICATION_FAILED_2:
+ case CACNG_AUTHENTICATION_FAILED_3:
+ return CSSM_ERRCODE_OPERATION_AUTH_DENIED;
+ default:
+ return SCardError::osStatus();
+ }
+}
+
+void CACNGError::throwMe(uint16_t sw)
+{ throw CACNGError(sw); }
+
+#if !defined(NDEBUG)
+
+void CACNGError::debugDiagnose(const void *id) const
+{
+ secdebug("exception", "%p CACNGError %s (%04hX)",
+ id, errorstr(statusWord), statusWord);
+}
+
+const char *CACNGError::errorstr(uint16_t sw) const
+{
+ switch (sw)
+ {
+ case CACNG_AUTHENTICATION_FAILED_0:
+ return "Authentication failed, 0 retries left.";
+ case CACNG_AUTHENTICATION_FAILED_1:
+ return "Authentication failed, 1 retry left.";
+ case CACNG_AUTHENTICATION_FAILED_2:
+ return "Authentication failed, 2 retries left.";
+ case CACNG_AUTHENTICATION_FAILED_3:
+ return "Authentication failed, 3 retries left.";
+ default:
+ return SCardError::errorstr(sw);
+ }
+}
+
+#endif //NDEBUG
+
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGError.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGError.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGError.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGError.h
+ * TokendMuscle
+ */
+
+#ifndef _CACNGERROR_H_
+#define _CACNGERROR_H_
+
+#include "SCardError.h"
+
+/** Entered PIN is not correct and pin was blocked. */
+#define CACNG_AUTHENTICATION_FAILED_0 0x6300
+/** Entered PIN is not correct, 1 try left. */
+#define CACNG_AUTHENTICATION_FAILED_1 0x6301
+/** Entered PIN is not correct, 2 tries left. */
+#define CACNG_AUTHENTICATION_FAILED_2 0x6302
+/** Entered PIN is not correct, 3 tries left. */
+#define CACNG_AUTHENTICATION_FAILED_3 0x6303
+
+class CACNGError : public Tokend::SCardError
+{
+protected:
+ CACNGError(uint16_t sw);
+ virtual ~CACNGError() throw ();
+public:
+ OSStatus osStatus() const;
+ virtual const char *what () const throw ();
+
+ static void check(uint16_t sw) { if (sw != SCARD_SUCCESS) throwMe(sw); }
+ static void throwMe(uint16_t sw) __attribute__((noreturn));
+
+protected:
+ IFDEBUG(void debugDiagnose(const void *id) const;)
+ IFDEBUG(const char *errorstr(uint16_t sw) const;)
+};
+
+#endif /* !_CACNGERROR_H_ */
+
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGKeyHandle.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGKeyHandle.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGKeyHandle.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,213 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGKeyHandle.cpp
+ * TokendMuscle
+ */
+
+#include "CACNGKeyHandle.h"
+
+#include "CACNGRecord.h"
+#include "CACNGToken.h"
+
+#include "byte_string.h"
+#include "Padding.h"
+
+#include <security_utilities/debugging.h>
+#include <security_utilities/utilities.h>
+#include <security_cdsa_utilities/cssmerrors.h>
+#include <Security/cssmerr.h>
+
+
+//
+// CACNGKeyHandle
+//
+CACNGKeyHandle::CACNGKeyHandle(CACNGToken &cacToken,
+ const Tokend::MetaRecord &metaRecord, CACNGKeyRecord &cacKey) :
+ Tokend::KeyHandle(metaRecord, &cacKey),
+ mToken(cacToken),
+ mKey(cacKey)
+{
+}
+
+CACNGKeyHandle::~CACNGKeyHandle()
+{
+}
+
+void CACNGKeyHandle::getKeySize(CSSM_KEY_SIZE &keySize)
+{
+ secdebug("crypto", "getKeySize");
+ keySize.LogicalKeySizeInBits = mKey.sizeInBits(); // Logical key size in bits
+ keySize.EffectiveKeySizeInBits = mKey.sizeInBits(); // Effective key size in bits
+}
+
+uint32 CACNGKeyHandle::getOutputSize(const Context &context, uint32 inputSize,
+ bool encrypting)
+{
+ secdebug("crypto", "getOutputSize");
+ if (encrypting)
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ return inputSize; //accurate for crypto used on CACNG cards
+}
+
+void CACNGKeyHandle::generateSignature(const Context &context,
+ CSSM_ALGORITHMS alg, const CssmData &input, CssmData &signature)
+{
+ secdebug("crypto", "generateSignature alg: %u signOnly: %u",
+ context.algorithm(), alg);
+ IFDUMPING("crypto", context.dump("signature context"));
+
+ if (context.type() != CSSM_ALGCLASS_SIGNATURE)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+
+ if (context.algorithm() != CSSM_ALGID_RSA)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+
+ // Get padding, but default to pkcs1 style padding
+ uint32 padding = CSSM_PADDING_PKCS1;
+ context.getInt(CSSM_ATTRIBUTE_PADDING, padding);
+
+ byte_string inputData(input.Data, input.Data + input.Length);
+
+ Padding::apply(inputData, mKey.sizeInBits() / 8, padding, alg);
+
+ // @@@ Switch to using tokend allocators
+ byte_string outputData(mKey.sizeInBits() / 8);
+ size_t outputLength = outputData.size();
+
+ // Sign the inputData using the token
+ mKey.computeCrypt(mToken, true, &inputData[0], inputData.size(),
+ &outputData[0], outputLength);
+
+ signature.Data = malloc_copy(outputData);
+ signature.Length = outputLength;
+}
+
+void CACNGKeyHandle::verifySignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, const CssmData &signature)
+{
+ secdebug("crypto", "verifySignature");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void CACNGKeyHandle::generateMac(const Context &context,
+ const CssmData &input, CssmData &output)
+{
+ secdebug("crypto", "generateMac");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void CACNGKeyHandle::verifyMac(const Context &context,
+ const CssmData &input, const CssmData &compare)
+{
+ secdebug("crypto", "verifyMac");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void CACNGKeyHandle::encrypt(const Context &context,
+ const CssmData &clear, CssmData &cipher)
+{
+ secdebug("crypto", "encrypt");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void CACNGKeyHandle::decrypt(const Context &context,
+ const CssmData &cipher, CssmData &clear)
+{
+ secdebug("crypto", "decrypt alg: %u", context.algorithm());
+ IFDUMPING("crypto", context.dump("decrypt context"));
+
+ if (context.type() != CSSM_ALGCLASS_ASYMMETRIC)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+
+ if (context.algorithm() != CSSM_ALGID_RSA)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+
+ /* Check for supported padding */
+ uint32 padding = context.getInt(CSSM_ATTRIBUTE_PADDING);
+ if(!Padding::canRemove(padding))
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+
+ size_t keyLength = mKey.sizeInBits() / 8;
+ if (cipher.length() % keyLength != 0)
+ CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR);
+
+ // @@@ Add support for multiples of keyLength by doing multiple blocks
+ if (cipher.length() != keyLength)
+ CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR);
+
+ // @@@ Use a secure allocator for this.
+ byte_string outputData(keyLength);
+ uint8 *output = &outputData[0];
+ size_t outputLength = keyLength;
+
+ secdebug("crypto", "decrypt: card supports RSA_NOPAD");
+ // Decrypt the inputData using the token
+ mKey.computeCrypt(mToken, false, cipher.Data, cipher.Length, output,
+ outputLength);
+
+ if (outputLength != keyLength)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DATA);
+ Padding::remove(outputData, padding);
+
+ // @@@ Switch to using tokend allocators
+ clear.Data = malloc_copy(outputData);
+ clear.Length = outputData.size();
+}
+
+void CACNGKeyHandle::exportKey(const Context &context,
+ const AccessCredentials *cred, CssmKey &wrappedKey)
+{
+ secdebug("crypto", "exportKey");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void CACNGKeyHandle::getAcl(const char *tag, uint32 &count, AclEntryInfo *&aclList)
+{
+ mKey.getAcl(tag, count, aclList);
+}
+
+void CACNGKeyHandle::getOwner(AclOwnerPrototype &owner)
+{
+ mKey.getOwner(owner);
+}
+
+//
+// CACNGKeyHandleFactory
+//
+CACNGKeyHandleFactory::~CACNGKeyHandleFactory()
+{
+}
+
+
+Tokend::KeyHandle *CACNGKeyHandleFactory::keyHandle(
+ Tokend::TokenContext *tokenContext, const Tokend::MetaRecord &metaRecord,
+ Tokend::Record &record) const
+{
+ CACNGKeyRecord &key = dynamic_cast<CACNGKeyRecord &>(record);
+ CACNGToken &cacToken = static_cast<CACNGToken &>(*tokenContext);
+ return new CACNGKeyHandle(cacToken, metaRecord, key);
+}
+
+
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGKeyHandle.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGKeyHandle.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGKeyHandle.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGKeyHandle.h
+ * TokendMuscle
+ */
+
+#ifndef _CACNGKEYHANDLE_H_
+#define _CACNGKEYHANDLE_H_
+
+#include "KeyHandle.h"
+
+class CACNGToken;
+class CACNGKeyRecord;
+
+
+//
+// A KeyHandle object which implements the crypto interface to muscle.
+//
+class CACNGKeyHandle: public Tokend::KeyHandle
+{
+ NOCOPY(CACNGKeyHandle)
+public:
+ CACNGKeyHandle(CACNGToken &cacToken, const Tokend::MetaRecord &metaRecord,
+ CACNGKeyRecord &cacKey);
+ ~CACNGKeyHandle();
+
+ virtual void getKeySize(CSSM_KEY_SIZE &keySize);
+ virtual uint32 getOutputSize(const Context &context, uint32 inputSize,
+ bool encrypting);
+ virtual void generateSignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, CssmData &signature);
+ virtual void verifySignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input,
+ const CssmData &signature);
+ virtual void generateMac(const Context &context, const CssmData &input,
+ CssmData &output);
+ virtual void verifyMac(const Context &context, const CssmData &input,
+ const CssmData &compare);
+ virtual void encrypt(const Context &context, const CssmData &clear,
+ CssmData &cipher);
+ virtual void decrypt(const Context &context, const CssmData &cipher,
+ CssmData &clear);
+
+ virtual void exportKey(const Context &context,
+ const AccessCredentials *cred, CssmKey &wrappedKey);
+
+ virtual void getOwner(AclOwnerPrototype &owner);
+ virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&auths);
+
+private:
+ CACNGToken &mToken;
+ CACNGKeyRecord &mKey;
+};
+
+
+//
+// A factory that creates CACNGKeyHandle objects.
+//
+class CACNGKeyHandleFactory : public Tokend::KeyHandleFactory
+{
+ NOCOPY(CACNGKeyHandleFactory)
+public:
+ CACNGKeyHandleFactory() {}
+ virtual ~CACNGKeyHandleFactory();
+
+ virtual Tokend::KeyHandle *keyHandle(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaRecord &metaRecord, Tokend::Record &record) const;
+};
+
+
+#endif /* !_CACNGKEYHANDLE_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGRecord.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGRecord.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGRecord.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,168 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGRecord.cpp
+ * TokendMuscle
+ */
+
+#include "CACNGRecord.h"
+
+#include "CACNGError.h"
+#include "CACNGToken.h"
+#include "Attribute.h"
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include <security_cdsa_client/aclclient.h>
+#include <Security/SecKey.h>
+
+//
+// CACNGRecord
+//
+CACNGRecord::~CACNGRecord()
+{
+}
+
+
+//
+// CACNGCertificateRecord
+//
+CACNGCertificateRecord::~CACNGCertificateRecord()
+{
+}
+
+Tokend::Attribute *CACNGCertificateRecord::getDataAttribute(Tokend::TokenContext *tokenContext)
+{
+ byte_string result = identity->read();
+
+ CssmData data(malloc_copy(result), result.size());
+ return new Tokend::Attribute(data.Data, data.Length);
+}
+
+//
+// CACNGKeyRecord
+//
+CACNGKeyRecord::CACNGKeyRecord(shared_ptr<CACNGIDObject> identity, const char *description, const Tokend::MetaRecord &metaRecord, bool signOnly, bool requireNewPin /* = false */)
+: CACNGRecord(description), identity(identity), mSignOnly(signOnly), requireNewPin(requireNewPin)
+{
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).attributeIndex(),
+ //new Tokend::Attribute(!signOnly));
+ new Tokend::Attribute(true));
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeyUnwrap).attributeIndex(),
+ //new Tokend::Attribute(!signOnly));
+ new Tokend::Attribute(true));
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeySign).attributeIndex(),
+ //new Tokend::Attribute(signOnly));
+ new Tokend::Attribute(true));
+}
+
+CACNGKeyRecord::~CACNGKeyRecord()
+{
+}
+
+
+void CACNGKeyRecord::computeCrypt(CACNGToken &token, bool sign,
+ const unsigned char *data, size_t dataLength, unsigned char *output,
+ size_t &outputLength)
+{
+ if (requireNewPin) {
+ token.verifyCachedPin(2);
+ }
+ byte_string result = identity->crypt(byte_string(data, data + dataLength));
+
+ if (outputLength < result.size())
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ outputLength = result.size();
+ memcpy(output, &result[0], outputLength);
+}
+
+void CACNGKeyRecord::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ // 2010.03.01 -SG- added tmptag adjusting to API change in 10.6.0
+ char tmptag[20];
+ const uint32 slot = 1; // hardwired for now, but...
+ snprintf(tmptag, sizeof(tmptag), "PIN%d", slot);
+
+ if (!mAclEntries) {
+ mAclEntries.allocator(Allocator::standard());
+ // Anyone can read the DB record for this key (which is a reference
+ // CSSM_KEY)
+ mAclEntries.add(CssmClient::AclFactory::AnySubject(
+ mAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ if (requireNewPin) {
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 2),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0), tmptag);
+ if (0x9000 != token->pinStatus(2)) {
+ CssmData prompt;
+ mAclEntries.add(CssmClient::AclFactory::PromptPWSubject(mAclEntries.allocator(), prompt),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0), tmptag);
+ }
+ } else {
+ // Using this key to sign or decrypt will require PIN1
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 1),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0), tmptag);
+ }
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+void CACNGKeyRecord::getOwner(AclOwnerPrototype &owner)
+{
+ if (!mAclOwner) {
+ mAclOwner.allocator(Allocator::standard());
+ mAclOwner = CssmClient::AclFactory::PinSubject(Allocator::standard(), requireNewPin ? 2 : 1);
+ }
+ owner = mAclOwner;
+}
+//
+// CACNGDataRecord
+//
+CACNGDataRecord::~CACNGDataRecord()
+{
+}
+
+Tokend::Attribute *CACNGDataRecord::getDataAttribute(Tokend::TokenContext *tokenContext)
+{
+ byte_string data = buffer->read();
+ return new Tokend::Attribute(&data[0], data.size());
+}
+
+void CACNGDataRecord::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+
+ if (!mAclEntries) {
+ mAclEntries.allocator(Allocator::standard());
+ // Reading this objects data requires PIN1
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 1),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGRecord.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGRecord.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGRecord.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGRecord.h
+ * TokendMuscle
+ */
+
+#ifndef _CACNGRECORD_H_
+#define _CACNGRECORD_H_
+
+#include "Record.h"
+#include "CACNGApplet.h"
+
+#include <security_cdsa_utilities/context.h>
+
+class CACNGToken;
+
+class CACNGRecord : public Tokend::Record
+{
+ NOCOPY(CACNGRecord)
+public:
+ CACNGRecord(const char *description) :
+ mDescription(description) {}
+ ~CACNGRecord();
+
+ virtual const char *description() { return mDescription; }
+
+protected:
+ const char *mDescription;
+};
+
+
+class CACNGCertificateRecord : public CACNGRecord
+{
+ NOCOPY(CACNGCertificateRecord)
+public:
+ CACNGCertificateRecord(
+ shared_ptr<CACNGIDObject> identity,
+ const char *description) :
+ CACNGRecord(description), identity(identity) {}
+ ~CACNGCertificateRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
+private:
+ shared_ptr<CACNGIDObject> identity;
+};
+
+class CACNGKeyRecord : public CACNGRecord
+{
+ NOCOPY(CACNGKeyRecord)
+public:
+ CACNGKeyRecord(shared_ptr<CACNGIDObject> identity, const char *description, const Tokend::MetaRecord &metaRecord, bool signOnly, bool requireNewPin = false);
+ ~CACNGKeyRecord();
+
+ size_t sizeInBits() const { return identity->getKeySize(); }
+ virtual void computeCrypt(CACNGToken &cacToken, bool sign, const unsigned char *data,
+ size_t dataLength, unsigned char *result, size_t &resultLength);
+
+ virtual void getOwner(AclOwnerPrototype &owner);
+ virtual void getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&aclList);
+private:
+ shared_ptr<CACNGIDObject> identity;
+ const bool mSignOnly;
+ AutoAclEntryInfoList mAclEntries;
+ AutoAclOwnerPrototype mAclOwner;
+ const bool requireNewPin;
+};
+
+class CACNGDataRecord : public CACNGRecord
+{
+ NOCOPY(CACNGDataRecord)
+public:
+ CACNGDataRecord(shared_ptr<CACNGReadable> buffer, const char *description) :
+ CACNGRecord(description), buffer(buffer) {}
+ ~CACNGDataRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
+ virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&aclList);
+protected:
+ shared_ptr<CACNGReadable> buffer;
+ AutoAclEntryInfoList mAclEntries;
+};
+
+#endif /* !_CACNGRECORD_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGSchema.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGSchema.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGSchema.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGSchema.cpp
+ * TokendMuscle
+ */
+
+#include "CACNGSchema.h"
+
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+
+#include <Security/SecCertificate.h>
+#include <Security/SecKeychainItem.h>
+#include <Security/SecKey.h>
+
+using namespace Tokend;
+
+CACNGSchema::CACNGSchema() :
+ mKeyAlgorithmCoder(uint32(CSSM_ALGID_RSA))
+{
+}
+
+CACNGSchema::~CACNGSchema()
+{
+}
+
+Tokend::Relation *CACNGSchema::createKeyRelation(CSSM_DB_RECORDTYPE keyType)
+{
+ Relation *rn = createStandardRelation(keyType);
+
+ // Set up coders for key records.
+ MetaRecord &mr = rn->metaRecord();
+ mr.keyHandleFactory(&mCACNGKeyHandleFactory);
+
+ // Print name of a key might as well be the key name.
+ mr.attributeCoder(kSecKeyPrintName, &mDescriptionCoder);
+
+ // Other key valuess
+ mr.attributeCoder(kSecKeyKeyType, &mKeyAlgorithmCoder);
+ mr.attributeCoder(kSecKeyKeySizeInBits, &mKeySizeCoder);
+ mr.attributeCoder(kSecKeyEffectiveKeySize, &mKeySizeCoder);
+
+ // Key attributes
+ mr.attributeCoder(kSecKeyExtractable, &mFalseCoder);
+ mr.attributeCoder(kSecKeySensitive, &mTrueCoder);
+ mr.attributeCoder(kSecKeyModifiable, &mFalseCoder);
+ mr.attributeCoder(kSecKeyPrivate, &mTrueCoder);
+ mr.attributeCoder(kSecKeyNeverExtractable, &mTrueCoder);
+ mr.attributeCoder(kSecKeyAlwaysSensitive, &mTrueCoder);
+
+ // Key usage
+ mr.attributeCoder(kSecKeyEncrypt, &mFalseCoder);
+ mr.attributeCoder(kSecKeyWrap, &mFalseCoder);
+ mr.attributeCoder(kSecKeyVerify, &mFalseCoder);
+ mr.attributeCoder(kSecKeyDerive, &mFalseCoder);
+ mr.attributeCoder(kSecKeySignRecover, &mFalseCoder);
+ mr.attributeCoder(kSecKeyVerifyRecover, &mFalseCoder);
+
+ return rn;
+}
+
+void CACNGSchema::create()
+{
+ Schema::create();
+
+ createStandardRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+ createKeyRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
+ Relation *rn_gen = createStandardRelation(CSSM_DL_DB_RECORD_GENERIC);
+
+ // Create the generic table
+ MetaRecord &mr_gen = rn_gen->metaRecord();
+ mr_gen.attributeCoderForData(&mCACNGDataAttributeCoder);
+}
+
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGSchema.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGSchema.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGSchema.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGSchema.h
+ * TokendMuscle
+ */
+
+#ifndef _CACNGSCHEMA_H_
+#define _CACNGSCHEMA_H_
+
+#include "Schema.h"
+#include "CACNGAttributeCoder.h"
+#include "CACNGKeyHandle.h"
+
+namespace Tokend
+{
+ class Relation;
+ class MetaRecord;
+ class AttributeCoder;
+}
+
+class CACNGSchema : public Tokend::Schema
+{
+ NOCOPY(CACNGSchema)
+public:
+ CACNGSchema();
+ virtual ~CACNGSchema();
+
+ virtual void create();
+
+protected:
+ Tokend::Relation *createKeyRelation(CSSM_DB_RECORDTYPE keyType);
+
+private:
+ // Coders we need.
+ CACNGDataAttributeCoder mCACNGDataAttributeCoder;
+
+ Tokend::ConstAttributeCoder mKeyAlgorithmCoder;
+ CACNGKeySizeAttributeCoder mKeySizeCoder;
+
+ CACNGKeyHandleFactory mCACNGKeyHandleFactory;
+};
+
+#endif /* !_CACNGSCHEMA_H_ */
+
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGToken.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGToken.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGToken.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,729 @@
+/*
+ * Copyright (c) 2004,2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGToken.cpp
+ * TokendMuscle
+ */
+
+#include "CACNGToken.h"
+
+#include "Adornment.h"
+#include "AttributeCoder.h"
+#include "CACNGError.h"
+#include "CACNGRecord.h"
+#include "CACNGSchema.h"
+#include <security_cdsa_client/aclclient.h>
+#include <map>
+#include <vector>
+
+using CssmClient::AclFactory;
+
+#define PIV_CLA_STANDARD 0x00
+#define CLA_STANDARD 0x00
+#define INS_SELECT_FILE 0xA4
+#define INS_GET_DATA 0xCA
+
+#define SELECT_APPLET CLA_STANDARD, INS_SELECT_FILE, 0x04, 0x00
+
+#define SELECT_CACNG_APPLET SELECT_APPLET, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x79
+
+#define SELECT_CACNG_OBJECT CLA_STANDARD, INS_SELECT_FILE, 0x02, 0x00, 0x02
+
+#define SELECT_CACNG_APPLET_PKI SELECT_CACNG_APPLET, 0x01
+#define SELECT_CACNG_APPLET_PIN SELECT_CACNG_APPLET, 0x03, 0x00
+
+static const unsigned char kSelectCardManagerApplet[] =
+ { SELECT_APPLET, 0x07, 0xA0, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00 };
+
+static const unsigned char kSelectCACNGAppletPKI[] =
+ { SELECT_CACNG_APPLET_PKI, 0x00 };
+
+static const unsigned char kSelectCACNGObjectPKIID[] =
+ { SELECT_CACNG_OBJECT, 0x01, 0x00 };
+static const unsigned char kSelectCACNGObjectPKIESig[] =
+ { SELECT_CACNG_OBJECT, 0x01, 0x01 };
+static const unsigned char kSelectCACNGObjectPKIECry[] =
+ { SELECT_CACNG_OBJECT, 0x01, 0x02 };
+
+static const unsigned char kSelectCACNGObjectPN[] =
+ { SELECT_CACNG_OBJECT, 0x02, 0x00 };
+static const unsigned char kSelectCACNGObjectPL[] =
+ { SELECT_CACNG_OBJECT, 0x02, 0x01 };
+/* Unknown objects... */
+static const unsigned char kSelectCACNGObjectBS[] =
+ { SELECT_CACNG_OBJECT, 0x02, 0x02 };
+static const unsigned char kSelectCACNGObjectOB[] =
+ { SELECT_CACNG_OBJECT, 0x02, 0x03 };
+
+static const unsigned char kSelectCACNGAppletPIN[] =
+ { SELECT_CACNG_APPLET_PIN };
+
+
+#define SELECT_PIV_APPLET_VERS 0x10, 0x00, 0x01, 0x00
+#define SELECT_PIV_APPLET_SHORT SELECT_APPLET, 0x07, 0xA0, 0x00, 0x00, 0x03, 0x08, 0x00, 0x00
+#define SELECT_PIV_APPLET_LONG SELECT_APPLET, 0x0B, 0xA0, 0x00, 0x00, 0x03, 0x08, 0x00, 0x00, SELECT_PIV_APPLET_VERS
+
+static const unsigned char kSelectPIVApplet[] =
+ { SELECT_PIV_APPLET_LONG };
+
+// X.509 Certificate for PIV Authentication 2.16.840.1.101.3.7.2.1.1 '5FC105' M
+#define PIV_OBJECT_ID_X509_CERTIFICATE_PIV_AUTHENTICATION 0x5F, 0xC1, 0x05
+
+static const unsigned char oidX509CertificatePIVAuthentication[] = { PIV_OBJECT_ID_X509_CERTIFICATE_PIV_AUTHENTICATION };
+
+#define PIV_KEYREF_PIV_AUTHENTICATION 0x9A
+
+CACNGToken::CACNGToken() :
+ mCacPinStatus(0),mPivPinStatus(0)
+{
+ mTokenContext = this;
+ mSession.open();
+
+ /* Change pin only works if one of the CACNG applets are selected. */
+ byte_string pinAppletId(kSelectCACNGAppletPIN, kSelectCACNGAppletPIN + sizeof(kSelectCACNGAppletPIN));
+ shared_ptr<CACNGSelectable> cacPinApplet(new CACNGCacApplet(*this, pinAppletId, byte_string()));
+ this->cacPinApplet = cacPinApplet;
+
+ byte_string cardManagerAppletId(kSelectCardManagerApplet, kSelectCardManagerApplet + sizeof(kSelectCardManagerApplet));
+ shared_ptr<CACNGSelectable> cardManagerApplet(new CACNGCacApplet(*this, cardManagerAppletId, byte_string()));
+ this->cardManagerApplet = cardManagerApplet;
+
+ byte_string selectPivApplet(kSelectPIVApplet, kSelectPIVApplet + sizeof(kSelectPIVApplet));
+ shared_ptr<CACNGSelectable> pivApplet(new CACNGPivApplet(*this, selectPivApplet));
+ this->pivApplet = pivApplet;
+}
+
+CACNGToken::~CACNGToken()
+{
+ delete mSchema;
+ /* XXX: Wipe out cached pin */
+ secure_resize(cached_piv_pin, 0);
+}
+
+bool CACNGToken::identify()
+{
+ try
+ {
+ byte_string pkiApplet(kSelectCACNGAppletPKI, kSelectCACNGAppletPKI + sizeof(kSelectCACNGAppletPKI));
+ byte_string pkiIdObject(kSelectCACNGObjectPKIID, kSelectCACNGObjectPKIID + sizeof(kSelectCACNGObjectPKIID));
+ byte_string pkiESigObject(kSelectCACNGObjectPKIESig, kSelectCACNGObjectPKIESig + sizeof(kSelectCACNGObjectPKIESig));
+ shared_ptr<CACNGSelectable> idApplet(new CACNGCacApplet(*this, pkiApplet, pkiIdObject));
+ shared_ptr<CACNGSelectable> eSigApplet(new CACNGCacApplet(*this, pkiApplet, pkiESigObject));
+ select(idApplet);
+ select(eSigApplet);
+ return true;
+ }
+ catch (const PCSC::Error &error)
+ {
+ if (error.error == SCARD_E_PROTO_MISMATCH)
+ return false;
+ throw;
+ }
+}
+
+void CACNGToken::select(shared_ptr<CACNGSelectable> &selectable)
+{
+ if (isInTransaction() &&
+ (currentSelectable == selectable))
+ return;
+ /* XXX: Resets PIV pin status to match card behavior */
+// if (selectable != pivApplet)
+ mPivPinStatus = 0;
+ selectable->select();
+ if (isInTransaction()) {
+ currentSelectable = selectable;
+ }
+}
+
+uint32_t CACNGToken::exchangeAPDU(const unsigned char *apdu, size_t apduLength,
+ unsigned char *result, size_t &resultLength)
+{
+ size_t savedLength = resultLength;
+
+ ISO7816Token::transmit(apdu, apduLength, result, resultLength);
+ if (resultLength == 2 && result[0] == 0x61)
+ {
+ resultLength = savedLength;
+ size_t expectedLength = result[1];
+ unsigned char getResult[] = { 0x00, 0xC0, 0x00, 0x00, expectedLength };
+ if (expectedLength == 0) expectedLength = 256;
+ ISO7816Token::transmit(getResult, sizeof(getResult), result, resultLength);
+ if (resultLength - 2 != expectedLength)
+ {
+ if (resultLength < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ else
+ CACNGError::throwMe((result[resultLength - 2] << 8)
+ + result[resultLength - 1]);
+ }
+ }
+
+ if (resultLength < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ return (result[resultLength - 2] << 8) + result[resultLength - 1];
+}
+
+void CACNGToken::didDisconnect()
+{
+ PCSC::Card::didDisconnect();
+ currentSelectable.reset();
+ mCacPinStatus = 0;
+ mPivPinStatus = 0;
+ /* XXX: Wipe out cached pin */
+ secure_resize(cached_piv_pin, 0);
+}
+
+void CACNGToken::didEnd()
+{
+ PCSC::Card::didEnd();
+ currentSelectable.reset();
+ mCacPinStatus = 0;
+ mPivPinStatus = 0;
+ /* XXX: Wipe out cached pin */
+ secure_resize(cached_piv_pin, 0);
+}
+
+void CACNGToken::changePIN(int pinNum,
+ const unsigned char *oldPin, size_t oldPinLength,
+ const unsigned char *newPin, size_t newPinLength)
+{
+ if (pinNum != 1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ if (oldPinLength < 4 || oldPinLength > 8 ||
+ newPinLength < 4 || newPinLength > 8)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+
+ PCSC::Transaction _(*this);
+ select(cacPinApplet);
+
+ unsigned char apdu[] =
+ {
+ 0x80, 0x24, 0x01, 0x00, 0x10,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ };
+
+ memcpy(apdu + 5, oldPin, oldPinLength);
+ memcpy(apdu + 13, newPin, newPinLength);
+
+ unsigned char result[2];
+ size_t resultLength = sizeof(result);
+
+ mCacPinStatus = exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
+ memset(apdu + 5, 0, 16);
+ CACNGError::check(mCacPinStatus);
+
+ /* XXX: Wipe out cached pin */
+ secure_resize(cached_piv_pin, 0);
+}
+
+uint32_t CACNGToken::cacPinStatus()
+{
+ if (mCacPinStatus && isInTransaction()) {
+ secdebug("adhoc", "returning cached PIN status 0x%x", mCacPinStatus);
+ return mCacPinStatus;
+ }
+
+ PCSC::Transaction _(*this);
+ /* Verify pin only works if one of the CACNG applets are selected. */
+ select(cacPinApplet);
+
+ unsigned char result[2];
+ size_t resultLength = sizeof(result);
+ unsigned char apdu[] = { 0x00, 0x20, 0x00, 0x00 };
+
+ mCacPinStatus = exchangeAPDU(apdu, 4, result, resultLength);
+ if ((mCacPinStatus & 0xFF00) != 0x6300
+ && mCacPinStatus != SCARD_AUTHENTICATION_BLOCKED)
+ CACNGError::check(mCacPinStatus);
+
+ secdebug("adhoc", "new PIN status=0x%x", mCacPinStatus);
+ return mCacPinStatus;
+}
+
+uint32_t CACNGToken::pivPinStatus()
+{
+ if (mPivPinStatus && isInTransaction()) {
+ secdebug("adhoc", "returning cached PIN status 0x%x", mPivPinStatus);
+ return mPivPinStatus;
+ }
+ if (currentSelectable != pivApplet)
+ return SCARD_NOT_AUTHORIZED;
+ PCSC::Transaction _(*this);
+ /* Check PIV pin only works if one of the PIV applets are selected. */
+ select(pivApplet);
+
+ unsigned char result[2];
+ size_t resultLength = sizeof(result);
+ unsigned char apdu[] = { 0x00, 0x20, 0x00, 0x00 };
+
+ mPivPinStatus = exchangeAPDU(apdu, 4, result, resultLength);
+ if ((mPivPinStatus & 0xFF00) != 0x6300
+ && mPivPinStatus != SCARD_AUTHENTICATION_BLOCKED)
+ CACNGError::check(mPivPinStatus);
+
+ secdebug("adhoc", "new PIN status=0x%x", mPivPinStatus);
+ return mPivPinStatus;
+}
+
+uint32_t CACNGToken::pinStatus(int pinNum)
+{
+ switch (pinNum) {
+ case 1:
+ return cacPinStatus();
+ case 2:
+ return pivPinStatus();
+ default:
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+ }
+}
+
+static void verify_cac(CACNGToken &token, const unsigned char *pin, size_t pinLength)
+{
+ token.select(token.cacPinApplet);
+
+ unsigned char apdu[] =
+ {
+ 0x00, 0x20, 0x00, 0x00, 0x08,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ };
+
+#if defined(CACNG_PROTECTED_MODE)
+ memcpy(apdu + 5, "77777777", 8);
+#else
+ memcpy(apdu + 5, pin, pinLength);
+#endif
+
+ unsigned char result[2];
+ size_t resultLength = sizeof(result);
+
+ token.mCacPinStatus = token.exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
+ memset(apdu + 5, 0, 8);
+ CACNGError::check(token.mCacPinStatus);
+}
+
+
+
+static void verify_piv(CACNGToken &token, const unsigned char *pin, size_t pinLength)
+{
+ unsigned char apdu[] =
+ {
+ 0x00, 0x20, 0x00, 0x80, 0x08,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ };
+
+#if defined(CACNG_PROTECTED_MODE)
+ memcpy(apdu + 5, "77777777", 8);
+#else
+ memcpy(apdu + 5, pin, pinLength);
+#endif
+
+ unsigned char result[2];
+ size_t resultLength = sizeof(result);
+ token.select(token.pivApplet);
+ token.mPivPinStatus = token.exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
+ memset(apdu + 5, 0, 8);
+ CACNGError::check(token.mPivPinStatus);
+}
+
+void CACNGToken::verifyPIN(int pinNum,
+ const unsigned char *pin, size_t pinLength)
+{
+ if (pinNum != 1 && pinNum != 2)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+ PCSC::Transaction _(*this);
+ switch (pinNum) {
+ case 1:
+ if (pinLength < 4 || pinLength > 8)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+
+ /* Verify pin only works if one of the CACNG applets are selected. */
+ verify_cac(*this, pin, pinLength);
+
+ // Start a new transaction which we never get rid of until someone calls
+ // unverifyPIN()
+ begin();
+ break;
+ case 2:
+ if (pinLength < 1 || pinLength > 8)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+ /* Verify pin only works if one of the CACNG applets are selected. */
+ verify_piv(*this, pin, pinLength);
+ /* XXX: CACHED PIN */
+ cached_piv_pin.assign(pin, pin + pinLength);
+ // Start a new transaction which we never get rid of until someone calls
+ // unverifyPIN()
+ begin();
+ break;
+ }
+}
+
+void CACNGToken::verifyCachedPin(int pinNum)
+{
+ if (pinNum != 2)
+ return;
+ /* XXX: PIN CACHE */
+ if (cached_piv_pin.empty())
+ return;
+ try {
+ verify_piv(*this, &cached_piv_pin[0], cached_piv_pin.size());
+ } catch (...) {
+ /* XXX: Wipe out cache if anything goes wrong */
+ secure_resize(cached_piv_pin, 0);
+ throw;
+ }
+}
+
+void CACNGToken::unverifyPIN(int pinNum)
+{
+ if (pinNum != -1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+ /* XXX: Wipe out cached pin */
+ secure_resize(cached_piv_pin, 0);
+ end(SCARD_RESET_CARD);
+}
+
+uint32_t CACNGToken::getData(unsigned char *result, size_t &resultLength)
+{
+ PCSC::Transaction _(*this);
+ try
+ {
+ select(cardManagerApplet);
+ }
+ catch (const PCSC::Error &error)
+ {
+ return error.error;
+ }
+
+ unsigned char apdu[] = { 0x80, INS_GET_DATA, 0x9F, 0x7F, 0x2D };
+ return exchangeAPDU(apdu, sizeof(apdu), result, resultLength);
+}
+
+uint32 CACNGToken::probe(SecTokendProbeFlags flags,
+ char tokenUid[TOKEND_MAX_UID])
+{
+ uint32 score = Tokend::ISO7816Token::probe(flags, tokenUid);
+
+ bool doDisconnect = false; /*!(flags & kSecTokendProbeKeepToken); */
+
+ try
+ {
+// PCSC::Card::reconnect(SCARD_SHARE_SHARED, SCARD_PROTOCOL_T1);
+ if (!identify())
+ doDisconnect = true;
+ else
+ {
+ unsigned char result[0x2F];
+ size_t resultLength = sizeof(result);
+ (void)getData(result, resultLength);
+ /* Score of 200 to ensure that CACNG "wins" for Hybrid CACNG/PIV cards */
+ score = 300;
+ // Now stick in the bytes returned by getData into the
+ // tokenUid.
+ if(resultLength > 20)
+ {
+ sprintf(tokenUid,
+ "CACNG-%02X%02X-%02X%02X-%02X%02X-%02X%02X-%02X%02X",
+ result[3], result[4], result[5], result[6], result[19],
+ result[20], result[15], result[16], result[17],
+ result[18]);
+ }
+ else
+ {
+ /* Cannot generated a tokenUid given the returned data.
+ * Generate time-based tokenUid to permit basic caching */
+ unsigned char buffer[80];
+ time_t now;
+ struct tm* timestruct = localtime(&now);
+ /* Print out the # of seconds since EPOCH UTF */
+ strftime(reinterpret_cast<char *>(buffer), 80, "%s", timestruct);
+ snprintf(tokenUid, TOKEND_MAX_UID, "CACNG-%s", buffer);
+ }
+ Tokend::ISO7816Token::name(tokenUid);
+ secdebug("probe", "recognized %s", tokenUid);
+ }
+ }
+ catch (...)
+ {
+ doDisconnect = true;
+ score = 0;
+ }
+
+ if (doDisconnect)
+ disconnect();
+
+ return score;
+}
+
+void CACNGToken::establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX])
+{
+ Tokend::ISO7816Token::establish(guid, subserviceId, flags,
+ cacheDirectory, workDirectory, mdsDirectory, printName);
+
+ mSchema = new CACNGSchema();
+ mSchema->create();
+
+ populate();
+}
+
+//
+// Database-level ACLs
+//
+void CACNGToken::getOwner(AclOwnerPrototype &owner)
+{
+ // we don't really know (right now), so claim we're owned by PIN #0
+ if (!mAclOwner)
+ {
+ mAclOwner.allocator(Allocator::standard());
+ mAclOwner = AclFactory::PinSubject(Allocator::standard(), 0);
+ }
+ owner = mAclOwner;
+}
+
+
+void CACNGToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ Allocator &alloc = Allocator::standard();
+
+ if (unsigned pin = pinFromAclTag(tag, "?")) {
+ static AutoAclEntryInfoList acl;
+ acl.clear();
+ acl.allocator(alloc);
+ uint32_t status = this->pinStatus(pin);
+ if (status == SCARD_SUCCESS)
+ acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED);
+ else if (status >= CACNG_AUTHENTICATION_FAILED_0 && status <= CACNG_AUTHENTICATION_FAILED_3)
+ acl.addPinState(pin, 0, status - CACNG_AUTHENTICATION_FAILED_0);
+ else
+ acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN);
+ count = acl.size();
+ acls = acl.entries();
+ return;
+ }
+
+ // mAclEntries sets the handle of each AclEntryInfo to the
+ // offset in the array.
+
+ // get pin list, then for each pin
+ if (!mAclEntries) {
+ mAclEntries.allocator(alloc);
+ // Anyone can read the attributes and data of any record on this token
+ // (it's further limited by the object itself).
+ mAclEntries.add(CssmClient::AclFactory::AnySubject(
+ mAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ // We support PIN1 with either a passed in password
+ // subject or a prompted password subject.
+ mAclEntries.addPin(AclFactory::PWSubject(alloc), 1);
+ mAclEntries.addPin(AclFactory::PWSubject(alloc), 2);
+ mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), 1);
+ mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), 2);
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+
+#pragma mark ---------------- CACNG Specific --------------
+
+uint32_t CACNGToken::exchangeAPDU(const byte_string &apdu, byte_string &result)
+{
+ static const uint8_t GET_RESULT_TEMPLATE [] = { 0x00, 0xC0, 0x00, 0x00, 0xFF };
+ byte_string getResult(GET_RESULT_TEMPLATE, GET_RESULT_TEMPLATE + sizeof(GET_RESULT_TEMPLATE));
+ const int SIZE_INDEX = 4;
+
+ transmit(apdu, result);
+ /* Keep pulling more data */
+ while (result.size() >= 2 && result[result.size() - 2] == 0x61)
+ {
+ size_t expectedLength = result[result.size() - 1];
+ if(expectedLength == 0) /* 256-byte case .. */
+ expectedLength = 256;
+ getResult[SIZE_INDEX] = expectedLength;
+ // Trim off status bytes
+ result.resize(result.size() - 2);
+ size_t appended = transmit(getResult, result);
+ if (appended != (expectedLength + 2))
+ {
+ if (appended < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ else
+ CACNGError::throwMe((result[result.size() - 2] << 8)
+ + result[result.size() - 1]);
+ }
+ }
+
+ if (result.size() < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ uint16_t ret = (result[result.size() - 2] << 8) + result[result.size() - 1];
+ // Trim off status bytes
+ result.resize(result.size() - 2);
+ return ret;
+}
+
+size_t CACNGToken::transmit(const byte_string::const_iterator &apduBegin, const byte_string::const_iterator &apduEnd, byte_string &result) {
+ const size_t BUFFER_SIZE = 1024;
+ size_t resultLength = BUFFER_SIZE;
+ size_t index = result.size();
+ /* To prevent data leaking, secure byte_string resize takes place */
+ secure_resize(result, result.size() + BUFFER_SIZE);
+ ISO7816Token::transmit(&(*apduBegin), (size_t)(apduEnd - apduBegin), &result[0]+ index, resultLength);
+ /* Trims the data, no expansion occurs */
+ result.resize(index + resultLength);
+ return resultLength;
+}
+
+
+uint32_t CACNGToken::exchangeChainedAPDU(
+ unsigned char cla, unsigned char ins,
+ unsigned char p1, unsigned char p2,
+ const byte_string &data,
+ byte_string &result)
+{
+ byte_string apdu;
+ apdu.reserve(5 + data.size());
+ apdu.resize(5);
+ apdu[0] = cla;
+ apdu[1] = ins;
+ apdu[2] = p1;
+ apdu[3] = p2;
+
+ apdu[0] |= 0x10;
+ apdu += data;
+ const size_t BASE_CHUNK_LENGTH = 255;
+ size_t chunkLength;
+ byte_string::const_iterator iter;
+ /* Chain data and skip last chunk since its in the receiving end */
+ for(iter = data.begin(); (iter + BASE_CHUNK_LENGTH) < data.end(); iter += BASE_CHUNK_LENGTH) {
+ chunkLength = std::min(BASE_CHUNK_LENGTH, (size_t)(data.end() - iter));
+ apdu[4] = chunkLength & 0xFF;
+ /* Don't send Le */
+ transmit(apdu.begin(), apdu.begin() + 5 + chunkLength, result);
+ /* No real data should come back until chaining is complete */
+ if(result.size() != 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ else
+ CACNGError::check(result[result.size() - 2] << 8 | result[result.size() - 1]);
+ /* Trim off result SW */
+ result.resize(result.size() - 2);
+ // Trim off old data
+ apdu.erase(apdu.begin() + 5, apdu.begin() + 5 + chunkLength);
+ }
+ apdu[0] &= ~0x10;
+ apdu[4] = (apdu.size() - 5) & 0xFF;
+ /* LE BYTE? */
+ return exchangeAPDU(apdu, result);
+}
+
+
+void CACNGToken::populate()
+{
+ secdebug("populate", "CACNGToken::populate() begin");
+ Tokend::Relation &certRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+ Tokend::Relation &privateKeyRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
+ Tokend::Relation &dataRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_GENERIC);
+
+ byte_string pkiApplet(kSelectCACNGAppletPKI, kSelectCACNGAppletPKI + sizeof(kSelectCACNGAppletPKI));
+
+ shared_ptr<CACNGSelectable> idApplet(new CACNGCacApplet(*this, pkiApplet,
+ byte_string(kSelectCACNGObjectPKIID, kSelectCACNGObjectPKIID + sizeof(kSelectCACNGObjectPKIID))));
+ shared_ptr<CACNGSelectable> sigApplet(new CACNGCacApplet(*this, pkiApplet,
+ byte_string(kSelectCACNGObjectPKIESig, kSelectCACNGObjectPKIESig + sizeof(kSelectCACNGObjectPKIESig))));
+ shared_ptr<CACNGSelectable> encApplet(new CACNGCacApplet(*this, pkiApplet,
+ byte_string(kSelectCACNGObjectPKIECry, kSelectCACNGObjectPKIECry + sizeof(kSelectCACNGObjectPKIECry))));
+
+ shared_ptr<CACNGIDObject> idObject(new CACNGCacIDObject(*this, idApplet, "Identity Certificate"));
+ shared_ptr<CACNGIDObject> sigObject(new CACNGCacIDObject(*this, sigApplet, "Email Signature Certificate"));
+ shared_ptr<CACNGIDObject> encObject(new CACNGCacIDObject(*this, encApplet, "Email Encryption Certificate"));
+ RefPointer<Tokend::Record> idCert(new CACNGCertificateRecord(idObject, "Identity Certificate"));
+ RefPointer<Tokend::Record> eSigCert(new CACNGCertificateRecord(sigObject, "Email Signing Certificate"));
+ RefPointer<Tokend::Record> eCryCert(new CACNGCertificateRecord(encObject, "Email Encryption Certificate"));
+
+#if 1
+ certRelation.insertRecord(idCert);
+ certRelation.insertRecord(eSigCert);
+ certRelation.insertRecord(eCryCert);
+
+ RefPointer<Tokend::Record> idKey(new CACNGKeyRecord(idObject, "Identity Private Key",
+ privateKeyRelation.metaRecord(), true));
+ RefPointer<Tokend::Record> eSigKey(new CACNGKeyRecord(sigObject, "Email Signing Private Key",
+ privateKeyRelation.metaRecord(), true));
+ RefPointer<Tokend::Record> eCryKey(new CACNGKeyRecord(encObject, "Email Encryption Private Key",
+ privateKeyRelation.metaRecord(), false));
+
+ privateKeyRelation.insertRecord(idKey);
+ privateKeyRelation.insertRecord(eSigKey);
+ privateKeyRelation.insertRecord(eCryKey);
+
+ idKey->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(idCert));
+ eSigKey->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(eSigCert));
+ eCryKey->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(eCryCert));
+#endif
+ static const char *applets[][3] = {
+ {(char*)kSelectCACNGObjectPN, "PNTB", "PNVB"},
+ {(char*)kSelectCACNGObjectPL, "PLTB", "PLVB"},
+ {(char*)kSelectCACNGObjectBS, "BSTB", "BSVB"},
+ {(char*)kSelectCACNGObjectOB, "OBTB", "OBVB"},
+ {NULL, NULL, NULL}
+ };
+ for (int i = 0; applets[i][0]; i++) {
+ shared_ptr<CACNGSelectable> applet(new CACNGCacApplet(
+ *this,
+ pkiApplet,
+ byte_string(applets[i][0], applets[i][0] + 7)));
+ shared_ptr<CACNGReadable> tbuffer(new CACNGCacBufferObject(*this, applet, true));
+ shared_ptr<CACNGReadable> vbuffer(new CACNGCacBufferObject(*this, applet, false));
+ dataRelation.insertRecord(new CACNGDataRecord(tbuffer, applets[i][1]));
+ dataRelation.insertRecord(new CACNGDataRecord(vbuffer, applets[i][2]));
+ }
+
+ /* PIV AUTH KEY */
+ byte_string pivAuthOid(oidX509CertificatePIVAuthentication, oidX509CertificatePIVAuthentication + sizeof(oidX509CertificatePIVAuthentication));
+
+ shared_ptr<CACNGIDObject> pivAuthObject(new CACNGPivIDObject(*this, pivApplet, "Piv Authentication Certificate", pivAuthOid, PIV_KEYREF_PIV_AUTHENTICATION));
+ RefPointer<Tokend::Record> pivAuthCert(new CACNGCertificateRecord(pivAuthObject, "Piv Authentication Certificate"));
+
+ certRelation.insertRecord(pivAuthCert);
+
+ RefPointer<Tokend::Record> pivAuthKey(new CACNGKeyRecord(pivAuthObject, "Piv Authentication Private Key",
+ privateKeyRelation.metaRecord(), true, true));
+ privateKeyRelation.insertRecord(pivAuthKey);
+
+ pivAuthKey->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(pivAuthCert));
+
+ secdebug("populate", "CACNGToken::populate() end");
+}
+
Added: releases/Apple/OSX-10.6.7/CACNG/CACNGToken.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CACNGToken.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CACNGToken.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * CACNGToken.h
+ * TokendMuscle
+ */
+
+#ifndef _CACNGTOKEN_H_
+#define _CACNGTOKEN_H_
+
+#include <Token.h>
+#include "TokenContext.h"
+
+#include <security_utilities/pcsc++.h>
+
+#include "byte_string.h"
+
+#include "CACNGApplet.h"
+
+class CACNGSchema;
+
+//
+// "The" token
+//
+class CACNGToken : public Tokend::ISO7816Token
+{
+ NOCOPY(CACNGToken)
+public:
+ CACNGToken();
+ ~CACNGToken();
+
+ virtual void didDisconnect();
+ virtual void didEnd();
+
+ virtual uint32 probe(SecTokendProbeFlags flags,
+ char tokenUid[TOKEND_MAX_UID]);
+ virtual void establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX]);
+ virtual void getOwner(AclOwnerPrototype &owner);
+ virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls);
+
+ virtual void changePIN(int pinNum,
+ const unsigned char *oldPin, size_t oldPinLength,
+ const unsigned char *newPin, size_t newPinLength);
+ uint32_t pivPinStatus();
+ uint32_t cacPinStatus();
+ virtual uint32_t pinStatus(int pinNum);
+ virtual void verifyPIN(int pinNum, const unsigned char *pin, size_t pinLength);
+ void verifyCachedPin(int pinNum);
+ virtual void unverifyPIN(int pinNum);
+
+ bool identify();
+ void select(shared_ptr<CACNGSelectable> &obj);
+
+ uint32_t exchangeAPDU(const unsigned char *apdu, size_t apduLength,
+ unsigned char *result, size_t &resultLength);
+
+ uint32_t getData(unsigned char *result, size_t &resultLength);
+
+ uint32_t exchangeAPDU(const byte_string& apdu, byte_string &result);
+ uint32_t exchangeChainedAPDU(
+ unsigned char cla, unsigned char ins,
+ unsigned char p1, unsigned char p2,
+ const byte_string &data,
+ byte_string &result);
+protected:
+ void populate();
+
+ size_t transmit(const byte_string &apdu, byte_string &result) {
+ return transmit(apdu.begin(), apdu.end(), result);
+ }
+ size_t transmit(const byte_string::const_iterator &apduBegin, const byte_string::const_iterator &apduEnd, byte_string &result);
+
+public:
+ shared_ptr<CACNGSelectable> currentSelectable;
+ uint32_t mCacPinStatus;
+ uint32_t mPivPinStatus;
+ shared_ptr<CACNGSelectable> cacPinApplet;
+ shared_ptr<CACNGSelectable> cardManagerApplet;
+ shared_ptr<CACNGSelectable> pivApplet;
+
+ // temporary ACL cache hack - to be removed
+ AutoAclOwnerPrototype mAclOwner;
+ AutoAclEntryInfoList mAclEntries;
+
+ byte_string cached_piv_pin;
+};
+
+
+#endif /* !_CACNGTOKEN_H_ */
+
Added: releases/Apple/OSX-10.6.7/CACNG/CompressionTool.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CompressionTool.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CompressionTool.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,51 @@
+/*
+ * CompressionTool.cpp
+ * Tokend
+ *
+ * Created by harningt on 9/30/09.
+ * Copyright 2009 TrustBearer Labs. All rights reserved.
+ *
+ */
+
+
+#include "CompressionTool.h"
+#include <security_cdsa_utilities/cssmerrors.h>
+#include <Security/cssmerr.h>
+
+#include <zlib.h>
+
+using namespace Security;
+
+byte_string CompressionTool::zlib_decompress(const byte_string::const_iterator &begin, const byte_string::const_iterator &end)
+{
+ static const int CHUNK_SIZE = 4096;
+ byte_string output;
+ int ret;
+ z_stream strm;
+ memset(&strm, 0, sizeof(strm));
+ ret = inflateInit2(&strm, 15 + 32); /* Handle optional zlib/gzip headers */
+ if (ret != Z_OK)
+ CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT);
+ strm.avail_in = end - begin;
+ strm.next_in = (uint8_t*)&*begin;
+ do {
+ uint8_t buffer[CHUNK_SIZE];
+ strm.avail_out = sizeof(buffer);
+ strm.next_out = buffer;
+ ret = inflate(&strm, Z_NO_FLUSH);
+ switch (ret) {
+ case Z_NEED_DICT:
+ ret = Z_DATA_ERROR;
+ case Z_DATA_ERROR:
+ case Z_MEM_ERROR:
+ (void)inflateEnd(&strm);
+ CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT);
+ }
+ size_t available = sizeof(buffer) - strm.avail_out;
+ output.insert(output.end(), buffer, buffer + available);
+ } while (strm.avail_out == 0);
+ (void)inflateEnd(&strm);
+ if (ret != Z_STREAM_END)
+ CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT);
+ return output;
+}
\ No newline at end of file
Added: releases/Apple/OSX-10.6.7/CACNG/CompressionTool.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/CompressionTool.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/CompressionTool.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,19 @@
+/*
+ * CompressionTool.h
+ * Tokend
+ *
+ * Created by harningt on 9/30/09.
+ * Copyright 2009 TrustBearer Labs. All rights reserved.
+ *
+ */
+
+
+#include "byte_string.h"
+
+class CompressionTool {
+public:
+ static byte_string zlib_decompress(const byte_string &compressedData) {
+ return zlib_decompress(compressedData.begin(), compressedData.end());
+ }
+ static byte_string zlib_decompress(const byte_string::const_iterator &begin, const byte_string::const_iterator &end);
+};
\ No newline at end of file
Added: releases/Apple/OSX-10.6.7/CACNG/Info.plist
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/Info.plist (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/Info.plist 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleExecutable</key>
+ <string>CACNG</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.tokend.cacng</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundleName</key>
+ <string>CACNG</string>
+ <key>CFBundlePackageType</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>3.0</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleVersion</key>
+ <string>40596</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/CACNG/Padding.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/Padding.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/Padding.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#include "Padding.h"
+
+#include <Security/cssmerr.h>
+//#include "PIVUtilities.h"
+
+using namespace Security;
+
+/* PKCS#1 DigestInfo header for SHA1 */
+static const unsigned char sha1sigheader[] =
+{
+ 0x30, // SEQUENCE
+ 0x21, // LENGTH
+ 0x30, // SEQUENCE
+ 0x09, // LENGTH
+ 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1a, // SHA1 OID (1 4 14 3 2 26)
+ 0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
+ 0x04, 0x14 // OCTECT STRING (20 bytes)
+};
+
+/* PKCS#1 DigestInfo header for MD5 */
+static const unsigned char md5sigheader[] =
+{
+ 0x30, // SEQUENCE
+ 0x20, // LENGTH
+ 0x30, // SEQUENCE
+ 0x0C, // LENGTH
+ // MD5 OID (1 2 840 113549 2 5)
+ 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
+ 0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
+ 0x04, 0x10 // OCTECT STRING (16 bytes)
+};
+
+void Padding::apply(byte_string &data, size_t keySize, CSSM_PADDING padding, CSSM_ALGORITHMS hashAlg) throw(CssmError) {
+ // Calculate which hash-header to use
+ const unsigned char *header;
+ size_t headerLength;
+ switch(hashAlg) {
+ case CSSM_ALGID_SHA1:
+ if (data.size() != 20)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+ header = sha1sigheader;
+ headerLength = sizeof(sha1sigheader);
+ break;
+ case CSSM_ALGID_MD5:
+ if (data.size() != 16)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+ header = md5sigheader;
+ headerLength = sizeof(md5sigheader);
+ break;
+ case CSSM_ALGID_NONE:
+ // Special case used by SSL it's an RSA signature, without the ASN1 stuff
+ header = NULL;
+ headerLength = 0;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DIGEST_ALGORITHM);
+ }
+ // Reserve memory and insert the header before the data
+ data.reserve(keySize);
+ if(headerLength > 0) {
+ data.insert(data.begin(), header, header + headerLength);
+ }
+ // Calculate and apply padding
+ switch (padding) {
+ case CSSM_PADDING_NONE:
+ if(data.size() != keySize)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+ break;
+ case CSSM_PADDING_PKCS1:
+ {
+ // 2010.03.01 -SG- bracket case statements to address compiler changes
+ // Pad using PKCS1 v1.5 signature padding ( 00 01 FF FF.. 00 | M)
+ if(data.size() + 11 > keySize)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+ int markerByteLocation = keySize - data.size() - 1;
+ data.insert(data.begin(), keySize - data.size(), 0xFF);
+ data[0] = 0;
+ data[1] = 1;
+ data[markerByteLocation] = 0;
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+ }
+}
+
+void Padding::remove(byte_string &data, CSSM_PADDING padding) throw(CssmError) {
+ // Calculate and remove padding while validating
+ switch (padding) {
+ case CSSM_PADDING_NONE:
+ break;
+ case CSSM_PADDING_PKCS1:
+ unsigned i;
+ /* Handles PKCS1 v1.5
+ * signatures 00 01 FF FF.. 00 | M
+ * and encrypted data 00 02 NZ NZ.. 00 | M (NZ = non-zero random value)
+ */
+ if(data[0] != 0 || (data[1] != 1 && data[1] != 2))
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DATA);
+ for(i = 2; i < data.size() && data[i] != 0x00; i++) {}
+ /* Assume empty data is invalid */
+ if(data.size() - i == 0)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DATA);
+ secure_erase(data, data.begin(), data.begin() + i + 1);
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+ }
+}
+
+bool Padding::canApply(CSSM_PADDING padding, CSSM_ALGORITHMS hashAlg) throw() {
+ switch(padding) {
+ case CSSM_PADDING_NONE:
+ case CSSM_PADDING_PKCS1:
+ break;
+ default:
+ return false;
+ }
+ switch(hashAlg) {
+ case CSSM_ALGID_NONE:
+ case CSSM_ALGID_SHA1:
+ case CSSM_ALGID_MD5:
+ break;
+ default:
+ return false;
+ }
+ return true;
+}
+
+bool Padding::canRemove(CSSM_PADDING padding) throw() {
+ switch(padding) {
+ case CSSM_PADDING_NONE:
+ case CSSM_PADDING_PKCS1:
+ break;
+ default:
+ return false;
+ }
+ return true;
+}
\ No newline at end of file
Added: releases/Apple/OSX-10.6.7/CACNG/Padding.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/Padding.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/Padding.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#ifndef PADDING_H
+#define PADDING_H
+
+#include "byte_string.h"
+#include <Security/cssmtype.h>
+#include <security_cdsa_utilities/cssmerrors.h>
+
+using namespace Security;
+
+/** Utility class to unify padding/hash-header handling
+ *
+ */
+class Padding {
+public:
+ /** Applies padding and hash-headers for signing */
+ static void apply(byte_string &data, size_t keySize, CSSM_PADDING padding = CSSM_PADDING_NONE, CSSM_ALGORITHMS hashAlg = CSSM_ALGID_NONE) throw(CssmError);
+ /** Removes padding for decryption
+ * Note: Securely eliminates data such that the 'leftover' bytes are not left to be read after data's destruction
+ */
+ static void remove(byte_string &data, CSSM_PADDING padding = CSSM_PADDING_NONE) throw(CssmError);
+
+ /** Returns boolean whether a specific padding/hash-header can be applied */
+ static bool canApply(CSSM_PADDING padding = CSSM_PADDING_NONE, CSSM_ALGORITHMS hashAlg = CSSM_ALGID_NONE) throw();
+ /** Returns boolean whether a specific padding can be removed */
+ static bool canRemove(CSSM_PADDING padding) throw();
+};
+
+#endif
\ No newline at end of file
Added: releases/Apple/OSX-10.6.7/CACNG/TLV.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/TLV.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/TLV.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#include "TLV.h"
+
+#include <iomanip>
+#include <iostream>
+#include <limits>
+
+using namespace std;
+
+TLV::TLV() throw()
+:tag(), value(NULL), innerValues(NULL) {
+}
+
+TLV::TLV(unsigned char tag) throw()
+:tag(1, tag), value(NULL), innerValues(NULL) {
+}
+
+TLV::TLV(const byte_string& tag) throw()
+:tag(tag), value(NULL), innerValues(NULL) {
+}
+
+TLV::TLV(unsigned char tag, const byte_string& value) throw()
+:tag(1, tag), value(new byte_string(value)), innerValues(NULL) {
+}
+
+TLV::TLV(const byte_string& tag, const byte_string& value) throw()
+:tag(tag), value(new byte_string(value)), innerValues(NULL) {
+}
+
+TLV::TLV(uint8_t tag, const TLVList &tlv) throw()
+:tag(1, tag), value(NULL), innerValues(new TLVList(tlv)) {
+}
+
+TLV::TLV(const byte_string &tag, const TLVList &tlv) throw()
+:tag(tag), value(NULL), innerValues(new TLVList(tlv)) {
+}
+
+TLV_ref TLV::parse(const byte_string &in) throw(std::runtime_error) {
+ byte_string::const_iterator begin = in.begin();
+ return parse(begin, in.end());
+}
+
+byte_string TLV::encode() const throw() {
+ byte_string out;
+ encode(out);
+ return out;
+}
+
+void TLV::encode(byte_string &out) const throw() {
+ const byte_string &tag = getTag();
+ // Puts the tag
+ out += tag;
+ // Puts the length
+ encodeLength(valueLength(), out);
+
+#if 1
+ // Non-caching version since the TLV is expected to be
+ // thrown away after encoding
+ // If there is a value, put that
+ if(value.get()) {
+ out += *value;
+ return;
+ }
+ if(!innerValues.get())
+ return;
+ // Else if there are innerValues, encode those out
+ encodeSequence(*innerValues, out);
+#else
+ // Obtain the value in a cached manner
+ const byte_string &value = getValue();
+ out += value;
+#endif
+}
+
+const TLVList &TLV::getInnerValues() const throw(std::runtime_error) {
+ /* If there is a cached innervalues version, output it
+ * else parse any existing TLV data and use that */
+ if(innerValues.get()) return *innerValues;
+ if(!value.get()) {
+ innerValues.reset(new TLVList());
+ return *innerValues;
+ }
+ innerValues.reset(new TLVList());
+ byte_string::const_iterator begin = value->begin();
+ parseSequence(begin, (byte_string::const_iterator)value->end(), *innerValues);
+
+ return *innerValues;
+}
+
+const byte_string &TLV::getValue() const throw() {
+ /* If there is a cached value version, output it
+ * else encode any existing TLV data and use that */
+ if(value.get()) return *value;
+ if(!innerValues.get()) {
+ value.reset(new byte_string());
+ return *value;
+ }
+ value.reset(new byte_string());
+ encodeSequence(*innerValues, *value);
+ return *value;
+}
+
+size_t TLV::length() const throw() {
+ size_t innerLength = valueLength();
+ return tag.size() + encodedLength(innerLength) + innerLength;
+}
+
+void TLV::encodeLength(size_t value, byte_string &out) throw() {
+ /* Encode and output the length according to BER-TLV encoding rules */
+ static const size_t MAX_VALUE = std::numeric_limits<size_t>::max();
+ static const size_t highbyte = (MAX_VALUE ^ (MAX_VALUE >> 8));
+ static const size_t shiftbyte = (sizeof(size_t) - 1) * 8;
+ if (value < 0x80) {
+ out += (unsigned char)(value & 0x7F);
+ return;
+ }
+ size_t size = sizeof(value), i;
+ while(0 == (value & highbyte) && size > 0) {
+ value <<= 8;
+ size--;
+ }
+ out += (unsigned char)(0x80 | size);
+ for(i = 0; i < size; i++) {
+ out += (unsigned char)((value >> shiftbyte) & 0xFF);
+ value <<= 8;
+ }
+}
+
+size_t TLV::encodedLength(size_t value) throw() {
+ if(value < 0x80)
+ return 1;
+ /* Values larger than 0x7F must be encoded in the form (Length-Bytes) (Length) */
+ static const size_t MAX_VALUE = std::numeric_limits<size_t>::max();
+ /* EX: 0xFF000000 - for size_t == 32-bit */
+ static const size_t highbyte = (MAX_VALUE ^ (MAX_VALUE >> 8));
+ size_t size = sizeof(value);
+ /* Check for the highest byte that contains a value */
+ while(0 == (value & highbyte) && size > 0) {
+ value <<= 8;
+ size--;
+ }
+ /* + 1 for byte-size byte
+ * Size encoded as (0x80 + N) [N-bytes]
+ * Max size-bytes == 127
+ */
+ return size + 1;
+}
+
+void TLV::encodeSequence(const TLVList &tlv, byte_string &out) throw() {
+ for(TLVList::const_iterator iter = tlv.begin(); iter < tlv.end(); iter++)
+ (*iter)->encode(out);
+}
+
+size_t TLV::valueLength() const throw() {
+ /* Calculate the length of a value, either by its actual value length
+ * or calculated length based on contained TLV values */
+ if(value.get()) return value->size();
+ if(!innerValues.get()) return 0;
+ size_t retValue = 0;
+ for(TLVList::const_iterator iter = innerValues->begin(); iter < innerValues->end(); iter++)
+ retValue += (*iter)->length();
+ return retValue;
+}
Added: releases/Apple/OSX-10.6.7/CACNG/TLV.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/TLV.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/TLV.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#ifndef TLV_H
+#define TLV_H
+
+#include <tr1/memory>
+
+#include <stdexcept>
+
+#include <sstream>
+#include <vector>
+
+#ifndef NOCOPY
+#define NOCOPY(Type) private: Type(const Type &); void operator = (const Type &);
+#endif
+
+#include "byte_string.h"
+
+class TLV;
+typedef std::tr1::shared_ptr<TLV> TLV_ref;
+typedef std::vector<TLV_ref> TLVList;
+
+/** Utility class to simplify TLV parsing and encoding
+ * Condition of proper behavior (assume sizeof(size_t) => ptr size):
+ * 32-bit: Total data < 4GB
+ * 64-bit: Total data < 4GB * 4GB
+ */
+class TLV {
+ NOCOPY(TLV);
+public:
+ TLV() throw();
+ TLV(uint8_t tag) throw();
+ TLV(const byte_string &tag) throw();
+ TLV(uint8_t tag, const byte_string &value) throw();
+ TLV(const byte_string &tag, const byte_string &value) throw();
+ TLV(const byte_string &tag, const TLVList &tlv) throw();
+ TLV(uint8_t tag, const TLVList &tlv) throw();
+
+ /* Parses a byte_string as a TLV value - ignores trailing bytes
+ * Throws an error if the encoding is invalid
+ */
+ static TLV_ref parse(const byte_string &data) throw(std::runtime_error);
+
+ /* Parses an entire sequence of bytes as a TLV value
+ * - ignores trailing bytes, iter points to byte after TLV
+ * Can accept forward iterators to bytes or pointers to bytes for the range
+ * Ex: byte_string::iterator, unsigned char *
+ * Throws an error if the encoding is invalid
+ */
+ template<typename ForwardIterator>
+ static TLV_ref parse(ForwardIterator &iter, const ForwardIterator &end) throw(std::runtime_error);
+
+ /* Obtains the tag of this TLV */
+ const byte_string &getTag() const throw() { return tag; }
+
+ /* Encodes this TLV into a new byte_string */
+ byte_string encode() const throw();
+ /* Encodes this TLV, appending the data to 'out' */
+ void encode(byte_string &out) const throw();
+ /* Decodes the value of this TLV as a sequence of TLVs */
+ const TLVList &getInnerValues() const throw(std::runtime_error);
+ /* Obtains the value of this TLV */
+ const byte_string &getValue() const throw();
+
+ /* Calculates the length of this TLV */
+ size_t length() const throw();
+
+private:
+ byte_string tag;
+ /* cached/assigned value as a string */
+ mutable std::auto_ptr<byte_string> value;
+ /* cached/assigned value as a TLV sequence */
+ mutable std::auto_ptr<TLVList> innerValues;
+
+ /* Parses an entire sequence of bytes as a sequence of TLV values, appending them to tlv
+ * Can accept forward iterators to bytes or pointers to bytes for the range
+ * Ex: byte_string::iterator, unsigned char *
+ * Throws an error if the encoding is invalid
+ */
+ template<typename ForwardIterator>
+ static void parseSequence(ForwardIterator &iter, const ForwardIterator &end, TLVList &tlv) throw(std::runtime_error);
+
+ /* Parses the ber-encoded length from a sequence of bytes
+ * Can accept forward iterators to bytes or pointers to bytes for the range
+ * Ex: byte_string::iterator, unsigned char *
+ * Throws an error if the encoding is invalid
+ */
+ template<typename ForwardIterator>
+ static size_t parseLength(ForwardIterator &iter, const ForwardIterator &end) throw(std::runtime_error);
+
+ /* ber-encodes an integer and writes it's output to 'out' */
+ static void encodeLength(size_t value, byte_string &out) throw();
+public:
+ /* Obtains the length of a ber-encoded integer that would contain the value */
+ static size_t encodedLength(size_t value) throw();
+private:
+ /* Encodes a sequence of TLVs, writing the to 'out' */
+ static void encodeSequence(const TLVList &tlv, byte_string &out) throw();
+
+ /* Calculates the total length of the value */
+ size_t valueLength() const throw();
+};
+
+class TagPredicate {
+public:
+ TagPredicate(uint8_t tag) throw()
+ :tag(1, tag) {
+ }
+ TagPredicate(const byte_string &tag) throw()
+ :tag(tag) {
+ }
+ bool operator() (const TLV_ref &tlv) throw() {
+ return this->tag == tlv->getTag();
+ }
+private:
+ byte_string tag;
+};
+
+/* TEMPLATE DEFINITIONS */
+#include "TLVTemplates.h"
+
+#endif
Added: releases/Apple/OSX-10.6.7/CACNG/TLVTemplates.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/TLVTemplates.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/TLVTemplates.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+template<typename ForwardIterator>
+void TLV::parseSequence(ForwardIterator &iter, const ForwardIterator &end, TLVList &tlv) throw(std::runtime_error) {
+ /* While there is still data inbetween the iterators */
+ while(iter < end) {
+ /* parse TLV structures and append them to the list */
+ TLV_ref ref = TLV::parse(iter, end);
+ tlv.push_back(ref);
+ }
+}
+
+template<typename ForwardIterator>
+TLV_ref TLV::parse(ForwardIterator &iter, const ForwardIterator &end) throw(std::runtime_error) {
+ byte_string tag;
+ uint8_t ch;
+ if(iter >= end) throw std::runtime_error("Invalid TLV-encoding");
+ /* Read the first byte as the tag */
+ ch = *iter++;
+ tag += ch;
+ if(iter >= end) throw std::runtime_error("Invalid TLV-encoding");
+ /* If the tag is flagged as a multibyte tag */
+ if((ch & 0x1F) == 0x1F) { /* Multibyte tag */
+ do {
+ ch = *iter++;
+ tag += ch;
+ if(iter >= end) throw std::runtime_error("Invalid TLV-encoding");
+ /* Read more until there are no more bytes w/o the high-bit set */
+ } while((ch & 0x80) != 0);
+ }
+ /* Parse the length of the contained value */
+ size_t length = parseLength(iter, end);
+ ForwardIterator begin = iter;
+ iter += length;
+ /* The iterator is permitted to be at the very and at this point */
+ if(iter > end) throw std::runtime_error("Invalid TLV-encoding");
+ /* Return a new TLV with the calculated tag and value */
+ return TLV_ref(new TLV(tag, byte_string(begin, iter)));
+}
+
+/*
+ BER-TLV
+ Reference: http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_annex-d.aspx
+
+ In short form, the length field consists of a single byte where the bit B8 shall be set to 0 and
+ the bits B7-B1 shall encode an integer equal to the number of bytes in the value field. Any length
+ from 0-127 can thus be encoded by 1 byte.
+
+ In long form, the length field consists of a leading byte where the bit B8 shall be set to 1 and
+ the B7-B1 shall not be all equal, thus encoding a positive integer equal to the number of subsequent
+ bytes in the length field. Those subsequent bytes shall encode an integer equal to the number of bytes
+ in the value field. Any length within the APDU limit (up to 65535) can thus be encoded by 3 bytes.
+
+ NOTE - ISO/IEC 7816 does not use the indefinite lengths specified by the basic encoding rules of
+ ASN.1 (see ISO/IEC 8825).
+
+ Sample data (from a certficate GET DATA):
+
+ 00000000 53 82 04 84 70 82 04 78 78 da 33 68 62 db 61 d0
+ 00000010 c4 ba 60 01 33 13 23 13 13 97 e2 dc 88 f7 0c 40
+ 00000020 20 da 63 c0 cb c6 a9 d5 e6 d1 f6 9d 97 91 91 95
+ ....
+ 00000460 1f 22 27 83 ef fe ed 5e 7a f3 e8 b6 dc 6b 3f dc
+ 00000470 4c be bc f5 bf f2 70 7e 6b d0 4c 00 80 0d 3f 1f
+ 00000480 71 01 80 72 03 49 44 41
+
+*/
+template<typename ForwardIterator>
+size_t TLV::parseLength(ForwardIterator &iter, const ForwardIterator &end) throw(std::runtime_error) {
+ // Parse a BER length field. Returns the value of the length
+ uint8_t ch = *iter++;
+ if (!(ch & 0x80)) // single byte
+ return static_cast<uint32_t>(ch);
+ size_t result = 0;
+ uint8_t byteLen = ch & 0x7F;
+ for(;byteLen > 0; byteLen--) {
+ if(iter == end)
+ throw std::runtime_error("Invalid BER-encoded length");
+ ch = *iter++;
+ result = (result << 8) | static_cast<uint8_t>(ch);
+ }
+ return result;
+}
Added: releases/Apple/OSX-10.6.7/CACNG/byte_string.h
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/byte_string.h (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/byte_string.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#ifndef BYTE_STRING
+#define BYTE_STRING
+
+#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
+#include <vector>
+
+/** Utility definition and additional operators to make working with
+ * sequences of bytes more easy and less error/leak-prone
+ */
+typedef std::vector<uint8_t> byte_string;
+
+inline bool operator==(const byte_string &l, const byte_string::value_type &value) {
+ return l.size() == 1 && l.at(0) == value;
+}
+
+inline byte_string &operator+=(byte_string &l, const byte_string::value_type &value) {
+ l.push_back(value);
+ return l;
+}
+inline byte_string &operator+=(byte_string &l, const char &value) {
+ l.push_back(value);
+ return l;
+}
+
+inline byte_string &operator+=(byte_string &l, const byte_string::value_type *value) {
+ l.insert(l.end(), value, value + strlen((char*)value));
+ return l;
+}
+
+inline byte_string &operator+=(byte_string &l, const byte_string &r) {
+ l.insert(l.end(), r.begin(), r.end());
+ return l;
+}
+
+/* RHS must be null-terminated */
+inline bool operator==(const byte_string& l, const byte_string::value_type* r) {
+ byte_string::size_type lSize = l.size();
+ byte_string::size_type rSize = strlen((const char*)r);
+ if(lSize != rSize)
+ return false;
+ return equal(l.begin(), l.end(), r);
+}
+
+inline bool operator!=(const byte_string& l, const byte_string::value_type* r) {
+ return !(l == r);
+}
+
+inline unsigned char *malloc_copy(const byte_string::const_iterator &begin, const byte_string::const_iterator &end) {
+ size_t len = end - begin;
+ unsigned char *output = (unsigned char*)malloc(len);
+ if(!output)
+ return NULL;
+ memcpy(output, &*begin, len);
+ return output;
+}
+inline unsigned char *malloc_copy(const byte_string &l) {
+ return malloc_copy(l.begin(), l.end());
+}
+
+#include <algorithm>
+
+template<typename T>
+inline void secure_zero(T &l) {
+ std::fill(l.begin(), l.end(), typename T::value_type());
+}
+
+template<typename T>
+inline void secure_erase(T &data, const typename T::iterator &first, const typename T::iterator &last) {
+ /* Partly borrowing from alg used by normal 'erase' */
+ typename T::iterator newEnd(std::copy(last, data.end(), first));
+ // Filling w/ defaults to null values out
+ std::fill(newEnd, data.end(), typename T::value_type());
+ data.erase(newEnd, data.end());
+}
+
+template<typename T>
+inline void secure_resize(T &data, const size_t newSize) {
+ // Simple case where no re-allocation occurs
+ if(data.capacity() >= newSize) {
+ data.resize(newSize);
+ return;
+ }
+ // Re-allocation will occur, need to use temporary buffer...
+ T temporary(data);
+ secure_zero(data);
+ data.resize(newSize);
+ copy(temporary.begin(), temporary.end(), data.begin());
+ secure_zero(temporary);
+}
+
+#endif
Added: releases/Apple/OSX-10.6.7/CACNG/cacng.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/cacng.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/cacng.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * cac.cpp - CACNGtokend main program
+ */
+
+#include "CACNGToken.h"
+
+int main(int argc, const char *argv[])
+{
+ secdebug("CACNG .tokend", "main starting with %d arguments", argc);
+ secdelay("/tmp/delay/CACNG");
+
+#if 0
+ setenv("DEBUGSCOPE", "-mutex,walkers", 0);
+ setenv("DEBUGOPTIONS", "scope,thread,date", 0);
+ setenv("DEBUGDEST", "/var/tmp/securityd-log", 0);
+ setenv("DEBUGDUMP", "stdout", 0);
+#endif
+
+ token = new CACNGToken();
+ try {
+ int ret = SecTokendMain(argc, argv, token->callbacks(), token->support());
+ delete token;
+ return ret;
+ } catch (...) {
+ delete token;
+ return -1;
+ }
+}
+
Added: releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_capabilities.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_capabilities.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_capabilities.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>Capabilities</key>
+ <string>file:cacng_csp_capabilities_common.mds</string>
+ <key>MdsFileDescription</key>
+ <string>CACNG Token CSPDL CSP Capabilities</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_capabilities_common.mds
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_capabilities_common.mds (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_capabilities_common.mds 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,903 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<array>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>SHA1 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD5 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD2 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>64</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>192</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>3DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC2 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC4 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC5 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_CAST</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>New item</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>CAST Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_BLOWFISH</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>Blowfish Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>SHA1HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>MD5HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>128</integer>
+ <integer>192</integer>
+ <integer>256</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>AES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ASC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>ASC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>31</integer>
+ <integer>127</integer>
+ <integer>128</integer>
+ <integer>161</integer>
+ <integer>192</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>FEE Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 MD5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 MD2 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 SHA1 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>DES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY_EDE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>3DES EDE Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>AES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>0</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC4 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC5 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_BLOWFISH</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>Blowfish Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_CAST</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>CAST Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>RSA Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEEDEXP</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEEDExp Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEED</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEED Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD2 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC_LEGACY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC Legacy</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_APPLE_YARROW</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_RANDOMGEN</string>
+ <key>Description</key>
+ <string>Yarrow PRNG</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+</array>
+</plist>
Added: releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_primary.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_primary.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/mds/cacng_csp_primary.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>AuthTags</key>
+ <!-- @@@ complete this -->
+ <array>
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>CspCustomFlags</key>
+ <integer>0</integer>
+ <key>CspFlags</key>
+ <!-- @@@ dynamic -->
+ <string>CSSM_CSP_STORES_PRIVATE_KEYS | CSSM_CSP_STORES_PUBLIC_KEYS | CSSM_CSP_STORES_CERTIFICATES | CSSM_CSP_STORES_GENERIC</string>
+ <key>CspType</key>
+ <string>CSSM_CSP_HARDWARE</string>
+ <key>MdsFileDescription</key>
+ <string>Token CSPDL CSP Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE</string>
+ <key>ModuleName</key>
+ <string>AppleSDCSPDL</string>
+ <key>ProductVersion</key>
+ <string>0.1</string>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>UseeTags</key>
+ <array/>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/CACNG/mds/cacng_dl_primary.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/mds/cacng_dl_primary.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/mds/cacng_dl_primary.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>AuthTags</key>
+ <array>
+ <!-- @@@ complete this -->
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>ConjunctiveOps</key>
+ <array>
+ <string>CSSM_DB_NONE</string>
+ <string>CSSM_DB_AND</string>
+ <string>CSSM_DB_OR</string>
+ </array>
+ <key>DLType</key>
+ <string>CSSM_DL_FFS</string>
+ <key>MdsFileDescription</key>
+ <string>Token CSPDL DL Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_DL_PRIMARY_RECORDTYPE</string>
+ <key>ModuleName</key>
+ <string>AppleSDCSPDL</string>
+ <key>ProductVersion</key>
+ <string>0.1</string>
+ <key>QueryLimitsFlag</key>
+ <integer>0</integer>
+ <key>RelationalOps</key>
+ <array>
+ <string>CSSM_DB_EQUAL</string>
+ <string>CSSM_DB_LESS_THAN</string>
+ <string>CSSM_DB_GREATER_THAN</string>
+ <string>CSSM_DB_CONTAINS_FINAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS_INITIAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS</string>
+ <string></string>
+ </array>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/CACNG/mds/cacng_smartcard.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/CACNG/mds/cacng_smartcard.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/CACNG/mds/cacng_smartcard.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>MdsFileDescription</key>
+ <string>SD/CSPDL Generic Smartcard Information</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>ScVendor</key>
+ <string>Generic</string>
+ <key>ScVersion</key>
+ <string>unknown</string>
+ <key>ScFirmwareVersion</key>
+ <string>CACNGViewerPlugin</string>
+ <key>ScFlags</key> <!-- @@@ dynamic -->
+ <integer>0</integer>
+ <key>ScCustomFlags</key>
+ <integer>0</integer>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/ChangeLog
===================================================================
--- releases/Apple/OSX-10.6.7/ChangeLog (rev 0)
+++ releases/Apple/OSX-10.6.7/ChangeLog 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,734 @@
+# do not edit -- automatically generated by arch changelog
+# arch-tag: automatic-ChangeLog--mb at apple.com--SmartCards-2004/Tokend--Tiger--1.0
+#
+
+2005-03-04 23:03:18 GMT Michael Brouwer <mb at apple.com> patch-25
+
+ Summary:
+ Change version to 11
+ Revision:
+ Tokend--Tiger--1.0--patch-25
+
+ Change version to 11
+
+
+ modified files:
+ ChangeLog Tokend.xcode/project.pbxproj
+
+
+2005-03-04 23:02:35 GMT Michael Brouwer <mb at apple.com> patch-24
+
+ Summary:
+ Integrated <rdar://problem/4020193> Digital signature fails on some JPKI smartcard.
+ Revision:
+ Tokend--Tiger--1.0--patch-24
+
+
+
+ Patches applied:
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--4020193--base-0
+ tag of mb at apple.com--SmartCards-2004/Tokend--Tiger--1.0--patch-23
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--4020193--patch-1
+ Fix digital signatures for all card types.
+
+
+ modified files:
+ ChangeLog JPKI/JPKIToken.cpp
+
+ new patches:
+ mb at apple.com--SmartCards-2004/Tokend--radar--4020193--base-0
+ mb at apple.com--SmartCards-2004/Tokend--radar--4020193--patch-1
+
+
+2005-02-24 23:11:27 GMT Michael Brouwer <mb at apple.com> patch-23
+
+ Summary:
+ Bumped to Tokend-10
+ Revision:
+ Tokend--Tiger--1.0--patch-23
+
+ Bumped to Tokend-10
+
+
+ modified files:
+ ChangeLog Tokend.xcode/project.pbxproj
+
+
+2005-02-24 23:10:22 GMT Michael Brouwer <mb at apple.com> patch-22
+
+ Summary:
+
+ Revision:
+ Tokend--Tiger--1.0--patch-22
+
+
+ modified files:
+ ChangeLog JPKI/JPKIToken.cpp
+
+ new patches:
+ mb at apple.com--SmartCards-2004/Tokend--radar--4007295--base-0
+ mb at apple.com--SmartCards-2004/Tokend--radar--4007295--patch-1
+
+
+2005-02-18 01:01:27 GMT Michael Brouwer <mb at apple.com> patch-21
+
+ Summary:
+ Bumped to Tokend-9
+ Revision:
+ Tokend--Tiger--1.0--patch-21
+
+
+ modified files:
+ ChangeLog Tokend.xcode/project.pbxproj
+
+
+2005-02-18 01:01:00 GMT Michael Brouwer <mb at apple.com> patch-20
+
+ Summary:
+ <rdar://problem/4004417> Non-Java CAC cards not recognized by Tokend
+ Revision:
+ Tokend--Tiger--1.0--patch-20
+
+ * CAC/CACToken.cpp:
+ (CACToken::getData): Don't throw if the select of the
+ cardmanager applet fails, return an error instead.
+
+ modified files:
+ CAC/CACToken.cpp ChangeLog
+
+
+2005-01-28 18:17:15 GMT Michael Brouwer <mb at apple.com> patch-19
+
+ Summary:
+ Removed diffs that stupid tla added on it's own.
+ Revision:
+ Tokend--Tiger--1.0--patch-19
+
+
+ removed files:
+ diffs
+
+ modified files:
+ ChangeLog
+
+
+2005-01-28 18:16:33 GMT Michael Brouwer <mb at apple.com> patch-18
+
+ Summary:
+ <rdar://problem/3917232> No PINs are asked for JPKI smartcards
+ Revision:
+ Tokend--Tiger--1.0--patch-18
+
+ * Tokend/Token.cpp:
+ (Token::authenticate): Don't throw for non pin samples. Also
+ added some secdebug statements.
+
+ new files:
+ diffs
+
+ modified files:
+ ChangeLog Tokend.xcode/project.pbxproj Tokend/Token.cpp
+
+
+2005-01-21 19:34:54 GMT Michael Brouwer <mb at apple.com> patch-17
+
+ Summary:
+ Deal with edge case.
+ Revision:
+ Tokend--Tiger--1.0--patch-17
+
+ If we read exactly to the end of a file by chance, the next read
+ will return SCARD_WRONG_PARAMETER_P1_P2 since the offset in P1, P2
+ is past the end of the file now.
+
+ modified files:
+ BELPIC/BELPICToken.cpp ChangeLog
+
+
+2005-01-21 19:07:22 GMT Michael Brouwer <mb at apple.com> patch-16
+
+ Summary:
+ Workaround for <rdar://problem/3964795> CCID reader driver doesn't work with BELPIC cards
+ Revision:
+ Tokend--Tiger--1.0--patch-16
+
+ * BELPIC/BELPICToken.cpp:
+ (BELPICToken::readBinary) Deal with the reader returning less
+ than the amount of bytes requested (instead of returning how many
+ bytes are left in an error code) and treat such a response as the
+ end of the file.
+
+ modified files:
+ BELPIC/BELPICToken.cpp ChangeLog
+
+
+2005-01-21 01:24:01 GMT Michael Brouwer <mb at apple.com> patch-15
+
+ Summary:
+ Bumped to Tokend-7
+ Revision:
+ Tokend--Tiger--1.0--patch-15
+
+
+ modified files:
+ ChangeLog Tokend.xcode/project.pbxproj
+
+
+2005-01-20 00:31:12 GMT Michael Brouwer <mb at apple.com> patch-14
+
+ Summary:
+ Added lock/isLocked and changepin support.
+ Revision:
+ Tokend--Tiger--1.0--patch-14
+
+
+ modified files:
+ BELPIC/BELPICRecord.cpp BELPIC/BELPICToken.cpp
+ BELPIC/BELPICToken.h CAC/CACToken.cpp CAC/CACToken.h
+ CAC/Info.plist ChangeLog JPKI/JPKIToken.cpp JPKI/JPKIToken.h
+ Tokend/Record.cpp Tokend/Record.h Tokend/RecordHandle.cpp
+ Tokend/RecordHandle.h Tokend/Token.cpp Tokend/Token.h
+
+
+2004-12-16 01:07:56 GMT Michael Brouwer <mb at apple.com> patch-13
+
+ Summary:
+ Fixed security_aggregate builds
+ Revision:
+ Tokend--Tiger--1.0--patch-13
+
+ Don't throw when probe fails, return a score of 0 instead this
+ reduces exceptions in securityd.
+
+ Link all tokend's against _nopic static frameworks.
+
+ modified files:
+ BELPIC/BELPICToken.cpp CAC/CACToken.cpp ChangeLog
+ JPKI/JPKIToken.cpp Tokend.xcode/project.pbxproj
+
+
+2004-12-10 21:55:06 GMT Michael Brouwer <mb at apple.com> patch-12
+
+ Summary:
+ Fix build failures
+ Revision:
+ Tokend--Tiger--1.0--patch-12
+
+ Don't include libtokend.a in the targets directly, but rather use
+ the OTHER_LDFLAGS_variant to do so.
+ Add GCC_DYNAMIC_NO_PIC = YES to all targets.
+
+ modified files:
+ ChangeLog Tokend.xcode/project.pbxproj
+
+
+2004-12-10 19:53:52 GMT Michael Brouwer <mb at apple.com> patch-11
+
+ Summary:
+ Bumped version to 6
+ Revision:
+ Tokend--Tiger--1.0--patch-11
+
+
+ modified files:
+ ChangeLog Tokend.xcode/project.pbxproj
+
+
+2004-12-10 19:52:25 GMT Michael Brouwer <mb at apple.com> patch-10
+
+ Summary:
+ Integrated Tokend--radar--3856105
+ Revision:
+ Tokend--Tiger--1.0--patch-10
+
+
+
+ Patches applied:
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--base-0
+ tag of mb at apple.com--SmartCards-2004/Tokend--Tiger--1.0--patch-5
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-1
+ Build a static lib with the shared C++ code.
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-2
+ Seperate mds file for each tokend
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-3
+ Removed obsolete files.
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-4
+ Made tokend's depend on libtokend.a
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-5
+ Moved transmitAPDU method from JPKIToken to ISO7816Token
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-6
+ Picked up changes from trunk
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-7
+ Wrap everything to less than 80 columns.
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-8
+ Added SCardError for generic error handeling
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-9
+ Remove common code for common coders
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-10
+ Integrated changes up to Tokend--submission--5
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-11
+ Use fast path versions of CSSMERR_DL_ENDOFDATA
+
+
+ new files:
+ BELPIC/mds/.arch-ids/=id
+ BELPIC/mds/.arch-ids/belpic_csp_capabilities.mdsinfo.id
+ BELPIC/mds/.arch-ids/belpic_csp_capabilities_common.mds.id
+ BELPIC/mds/.arch-ids/belpic_csp_primary.mdsinfo.id
+ BELPIC/mds/.arch-ids/belpic_dl_primary.mdsinfo.id
+ BELPIC/mds/.arch-ids/belpic_smartcard.mdsinfo.id
+ BELPIC/mds/belpic_csp_capabilities.mdsinfo
+ BELPIC/mds/belpic_csp_capabilities_common.mds
+ BELPIC/mds/belpic_csp_primary.mdsinfo
+ BELPIC/mds/belpic_dl_primary.mdsinfo
+ BELPIC/mds/belpic_smartcard.mdsinfo CAC/mds/.arch-ids/=id
+ CAC/mds/.arch-ids/cac_csp_capabilities.mdsinfo.id
+ CAC/mds/.arch-ids/cac_csp_capabilities_common.mds.id
+ CAC/mds/.arch-ids/cac_csp_primary.mdsinfo.id
+ CAC/mds/.arch-ids/cac_dl_primary.mdsinfo.id
+ CAC/mds/.arch-ids/cac_smartcard.mdsinfo.id
+ CAC/mds/cac_csp_capabilities.mdsinfo
+ CAC/mds/cac_csp_capabilities_common.mds
+ CAC/mds/cac_csp_primary.mdsinfo CAC/mds/cac_dl_primary.mdsinfo
+ CAC/mds/cac_smartcard.mdsinfo JPKI/mds/.arch-ids/=id
+ JPKI/mds/.arch-ids/jpki_csp_capabilities.mdsinfo.id
+ JPKI/mds/.arch-ids/jpki_csp_capabilities_common.mds.id
+ JPKI/mds/.arch-ids/jpki_csp_primary.mdsinfo.id
+ JPKI/mds/.arch-ids/jpki_dl_primary.mdsinfo.id
+ JPKI/mds/.arch-ids/jpki_smartcard.mdsinfo.id
+ JPKI/mds/jpki_csp_capabilities.mdsinfo
+ JPKI/mds/jpki_csp_capabilities_common.mds
+ JPKI/mds/jpki_csp_primary.mdsinfo
+ JPKI/mds/jpki_dl_primary.mdsinfo
+ JPKI/mds/jpki_smartcard.mdsinfo Tokend/SCardError.cpp
+ Tokend/SCardError.h
+
+ removed files:
+ BELPIC/BELPICAttributeCoder.cpp BELPIC/BELPICAttributeCoder.h
+ MSCTokendTest/.arch-ids/=id MSCTokendTest/TokenCollection.cpp
+ MSCTokendTest/TokenCollection.h MSCTokendTest/main.cpp
+ MSCTokendTest/muscletest.c MSCTokendTest/unused.h
+ includes/.arch-ids/=id includes/cryptoki.h
+ includes/cryptoki_unix.h includes/cryptoki_win32.h
+ includes/p11x_msc.h includes/pkcs11.h includes/pkcs11f.h
+ includes/pkcs11t.h
+
+ modified files:
+ BELPIC/BELPICError.cpp BELPIC/BELPICError.h
+ BELPIC/BELPICKeyHandle.cpp BELPIC/BELPICKeyHandle.h
+ BELPIC/BELPICRecord.cpp BELPIC/BELPICRecord.h
+ BELPIC/BELPICSchema.cpp BELPIC/BELPICSchema.h
+ BELPIC/BELPICToken.cpp BELPIC/BELPICToken.h
+ CAC/CACAttributeCoder.cpp CAC/CACAttributeCoder.h
+ CAC/CACError.cpp CAC/CACError.h CAC/CACKeyHandle.cpp
+ CAC/CACKeyHandle.h CAC/CACRecord.cpp CAC/CACRecord.h
+ CAC/CACSchema.cpp CAC/CACSchema.h CAC/CACToken.cpp
+ CAC/CACToken.h ChangeLog JPKI/JPKIAttributeCoder.cpp
+ JPKI/JPKIAttributeCoder.h JPKI/JPKIError.cpp JPKI/JPKIError.h
+ JPKI/JPKIKeyHandle.cpp JPKI/JPKIKeyHandle.h
+ JPKI/JPKIRecord.cpp JPKI/JPKIRecord.h JPKI/JPKISchema.cpp
+ JPKI/JPKISchema.h JPKI/JPKIToken.cpp JPKI/JPKIToken.h
+ MuscleCard/KeyRecord.cpp MuscleCard/KeyRecord.h
+ MuscleCard/MuscleCardAttributeCoder.cpp
+ MuscleCard/MuscleCardAttributeCoder.h
+ MuscleCard/MuscleCardKeyHandle.cpp
+ MuscleCard/MuscleCardSchema.cpp MuscleCard/MuscleCardSchema.h
+ MuscleCard/MuscleCardToken.cpp
+ MuscleCard/mds/musclecard_csp_capabilities.mdsinfo
+ Tokend.xcode/project.pbxproj Tokend/Adornment.cpp
+ Tokend/Adornment.h Tokend/AttributeCoder.cpp
+ Tokend/AttributeCoder.h Tokend/Cursor.cpp Tokend/Cursor.h
+ Tokend/DbValue.cpp Tokend/DbValue.h Tokend/KeyHandle.cpp
+ Tokend/KeyHandle.h Tokend/MetaAttribute.cpp
+ Tokend/MetaAttribute.h Tokend/MetaRecord.cpp
+ Tokend/MetaRecord.h Tokend/PKCS11Object.cpp
+ Tokend/PKCS11Object.h Tokend/Record.cpp Tokend/Record.h
+ Tokend/RecordHandle.cpp Tokend/RecordHandle.h
+ Tokend/Relation.cpp Tokend/Schema.cpp Tokend/Schema.h
+ Tokend/SelectionPredicate.cpp Tokend/SelectionPredicate.h
+ Tokend/Token.cpp Tokend/Token.h
+
+ renamed files:
+ Msc/.arch-ids/=id
+ ==> MuscleCard/Msc/.arch-ids/=id
+ mds/.arch-ids/=id
+ ==> MuscleCard/mds/.arch-ids/=id
+ mds/.arch-ids/musclecard_csp_capabilities.mdsinfo.id
+ ==> MuscleCard/mds/.arch-ids/musclecard_csp_capabilities.mdsinfo.id
+ mds/.arch-ids/musclecard_csp_capabilities_common.mds.id
+ ==> MuscleCard/mds/.arch-ids/musclecard_csp_capabilities_common.mds.id
+ mds/.arch-ids/musclecard_csp_primary.mdsinfo.id
+ ==> MuscleCard/mds/.arch-ids/musclecard_csp_primary.mdsinfo.id
+ mds/.arch-ids/musclecard_dl_primary.mdsinfo.id
+ ==> MuscleCard/mds/.arch-ids/musclecard_dl_primary.mdsinfo.id
+ mds/.arch-ids/musclecard_smartcard.mdsinfo.id
+ ==> MuscleCard/mds/.arch-ids/musclecard_smartcard.mdsinfo.id
+
+ new directories:
+ BELPIC/mds BELPIC/mds/.arch-ids CAC/mds CAC/mds/.arch-ids
+ JPKI/mds JPKI/mds/.arch-ids MuscleCard/Msc/.arch-ids
+ MuscleCard/mds/.arch-ids
+
+ removed directories:
+ MSCTokendTest MSCTokendTest/.arch-ids Msc/.arch-ids includes
+ includes/.arch-ids mds/.arch-ids
+
+ renamed directories:
+ Msc
+ ==> MuscleCard/Msc
+ mds
+ ==> MuscleCard/mds
+
+ new patches:
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--base-0
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-1
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-2
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-3
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-4
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-5
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-6
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-7
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-8
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-9
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-10
+ mb at apple.com--SmartCards-2004/Tokend--radar--3856105--patch-11
+
+
+2004-11-16 21:56:12 GMT Michael Brouwer <mb at apple.com> patch-9
+
+ Summary:
+ Merged changes on Tokend--submission--5 branch
+ Revision:
+ Tokend--Tiger--1.0--patch-9
+
+
+ modified files:
+ ChangeLog Tokend.xcode/project.pbxproj
+
+ new patches:
+ mb at apple.com--SmartCards-2004/Tokend--submission--5--base-0
+ mb at apple.com--SmartCards-2004/Tokend--submission--5--patch-1
+
+
+2004-11-16 03:10:34 GMT Perry The Cynic <perry at apple.com> patch-8
+
+ Summary:
+ Shut up the compiler (warnings). No functional change.
+ Revision:
+ Tokend--Tiger--1.0--patch-8
+
+
+ modified files:
+ ChangeLog
+
+
+2004-11-16 02:58:23 GMT Perry The Cynic <perry at apple.com> patch-7
+
+ Summary:
+ Track changes for PR-3862948
+ Revision:
+ Tokend--Tiger--1.0--patch-7
+
+
+
+ modified files:
+ ChangeLog Tokend/Token.cpp Tokend/Token.h
+
+
+2004-10-28 18:08:53 GMT Michael Brouwer <mb at apple.com> patch-6
+
+ Summary:
+ Integrated Tokend--radar--3836842
+ Revision:
+ Tokend--Tiger--1.0--patch-6
+
+ * Token.cpp
+ (Token::cacheObject): Don't throw if writing the cache object
+ fails for some reason. In addition try to unlink the object
+ if something does go wrong while writing it.
+
+ Patches applied:
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3836842--base-0
+ tag of mb at apple.com--SmartCards-2004/Tokend--Tiger--1.0--patch-5
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3836842--patch-1
+ Make it non fatal to not be able to write to the cache.
+
+
+ modified files:
+ ChangeLog Tokend/Token.cpp
+
+ new patches:
+ mb at apple.com--SmartCards-2004/Tokend--radar--3836842--base-0
+ mb at apple.com--SmartCards-2004/Tokend--radar--3836842--patch-1
+
+
+2004-10-27 19:07:13 GMT Michael Brouwer <mb at apple.com> patch-5
+
+ Summary:
+ Bumped version to 4
+ Revision:
+ Tokend--Tiger--1.0--patch-5
+
+
+ modified files:
+ BELPIC/Info.plist CAC/Info.plist ChangeLog JPKI/Info.plist
+ MuscleCard/Info.plist Tokend.xcode/project.pbxproj
+
+
+2004-10-27 19:04:17 GMT Michael Brouwer <mb at apple.com> patch-4
+
+ Summary:
+ Integrated Tokend--radar--3829126
+ Revision:
+ Tokend--Tiger--1.0--patch-4
+
+ * (testcms.sh): Switch order of encrypt and sign tests.
+
+ new files:
+ JPKI/.arch-ids/=id JPKI/.arch-ids/Info.plist.id
+ JPKI/Info.plist JPKI/JPKIAttributeCoder.cpp
+ JPKI/JPKIAttributeCoder.h JPKI/JPKIError.cpp JPKI/JPKIError.h
+ JPKI/JPKIKeyHandle.cpp JPKI/JPKIKeyHandle.h
+ JPKI/JPKIRecord.cpp JPKI/JPKIRecord.h JPKI/JPKISchema.cpp
+ JPKI/JPKISchema.h JPKI/JPKIToken.cpp JPKI/JPKIToken.h
+ JPKI/jpki.cpp
+
+ modified files:
+ BELPIC/BELPICToken.cpp ChangeLog Tokend.xcode/project.pbxproj
+ testcms.sh
+
+ new directories:
+ JPKI JPKI/.arch-ids
+
+ new patches:
+ mb at apple.com--SmartCards-2004/Tokend--radar--3829126--base-0
+ mb at apple.com--SmartCards-2004/Tokend--radar--3829126--patch-1
+ mb at apple.com--SmartCards-2004/Tokend--radar--3829126--patch-2
+ mb at apple.com--SmartCards-2004/Tokend--radar--3829126--patch-3
+
+
+2004-10-08 00:40:45 GMT Michael Brouwer <mb at apple.com> patch-3
+
+ Summary:
+ Merged Tokend--radar--3825493 branch
+ Revision:
+ Tokend--Tiger--1.0--patch-3
+
+ Bumped version number to 3 in preperation of next submission.
+
+ Patches applied:
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3825493--base-0
+ tag of mb at apple.com--SmartCards-2004/Tokend--Tiger--1.0--base-0
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-1
+ BELPIC card works 90%
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-2
+ Make key#3 use a prompted password acl instead of a pin acl
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-3
+ Disabled decrypt since BELPIC cards can't
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-4
+ Merged changes from Tokend--submission--1 though Tokend--submission--2
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-5
+ Added BELPIC target to world and made world the default target
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-6
+ Key#2 should work again now.
+
+ * mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-7
+ Fixed ACL stuff
+
+
+ new files:
+ ChangeLog
+
+ removed files:
+ ChangeLog
+
+ modified files:
+ BELPIC/BELPICAttributeCoder.cpp BELPIC/BELPICKeyHandle.cpp
+ BELPIC/BELPICKeyHandle.h BELPIC/BELPICRecord.cpp
+ BELPIC/BELPICRecord.h BELPIC/BELPICToken.cpp
+ BELPIC/BELPICToken.h BELPIC/Info.plist CAC/CACRecord.cpp
+ CAC/CACRecord.h CAC/CACToken.cpp CAC/Info.plist
+ MuscleCard/Info.plist MuscleCard/MuscleCardKeyHandle.cpp
+ MuscleCard/MuscleCardToken.cpp Tokend.xcode/project.pbxproj
+ Tokend/Record.cpp
+
+ new patches:
+ mb at apple.com--SmartCards-2004/Tokend--radar--3825493--base-0
+ mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-1
+ mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-2
+ mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-3
+ mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-4
+ mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-5
+ mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-6
+ mb at apple.com--SmartCards-2004/Tokend--radar--3825493--patch-7
+
+
+2004-10-06 01:21:04 GMT Michael Brouwer <mb at apple.com> patch-2
+
+ Summary:
+ Fixed verification failure
+ Revision:
+ Tokend--Tiger--1.0--patch-2
+
+ Remove Info.plist from each target's Bundle Resources section.
+ Bump version number to 2
+
+ modified files:
+ BELPIC/Info.plist CAC/Info.plist MuscleCard/Info.plist
+ Tokend.xcode/project.pbxproj
+
+
+2004-10-05 21:21:00 GMT John Hurley <jhurley at apple.com> patch-1
+
+ Summary:
+ don't copy stack into data buffer for PNTB etc.
+ Revision:
+ Tokend--Tiger--1.0--patch-1
+
+ don't need to call memcpy
+ <rdar://problem/3827355> Tokend incorrectly gets personnel data from CAC card
+
+ modified files:
+ CAC/CACRecord.cpp
+
+
+2004-10-04 19:31:43 GMT Michael Brouwer <mb at apple.com> base-0
+
+ Summary:
+ tag of mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-102
+ Revision:
+ Tokend--Tiger--1.0--base-0
+
+ (automatically generated log message)
+
+ new patches:
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--base-0
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-1
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-2
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-3
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-4
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-5
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-6
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-7
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-8
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-9
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-10
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-11
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-12
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-13
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-14
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-15
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-16
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-17
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-18
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-19
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-20
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-21
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-22
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-23
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-24
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-25
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-26
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-27
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-28
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-29
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-30
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-31
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-32
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-33
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-34
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-35
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-36
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-37
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-38
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-39
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-40
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-41
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-42
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-43
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-44
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-45
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-46
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-47
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-48
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-49
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-50
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-51
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-52
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-53
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-54
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-55
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-56
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-57
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-58
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-59
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-60
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-61
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-62
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-63
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-64
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-65
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-66
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-67
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-68
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-69
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-70
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-71
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-72
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-73
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-74
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-75
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-76
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-77
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-78
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-79
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-80
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-81
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-82
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-83
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-84
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-85
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-86
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-87
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-88
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-89
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-90
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-91
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-92
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-93
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-94
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-95
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-96
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-97
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-98
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-99
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-100
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-101
+ mb at apple.com--SmartCards-2004/TokendMuscle--Tiger--1.0--patch-102
+ mb at apple.com--SmartCards-2004/TokendMuscle--cacreorg--1.0--base-0
+ mb at apple.com--SmartCards-2004/TokendMuscle--cacreorg--1.0--patch-1
+
+
Added: releases/Apple/OSX-10.6.7/Info-tokend__Upgraded_.plist
===================================================================
--- releases/Apple/OSX-10.6.7/Info-tokend__Upgraded_.plist (rev 0)
+++ releases/Apple/OSX-10.6.7/Info-tokend__Upgraded_.plist 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict/>
+</plist>
Added: releases/Apple/OSX-10.6.7/MuscleCard/Info.plist
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Info.plist (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Info.plist 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleExecutable</key>
+ <string>MuscleCard</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.tokend.musclecard</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundleName</key>
+ <string>MuscleCard</string>
+ <key>CFBundlePackageType</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>2.0</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleVersion</key>
+ <string>40596</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/MuscleCard/KeyRecord.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/KeyRecord.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/KeyRecord.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * KeyRecord.cpp
+ * TokendMuscle
+ */
+
+#include "KeyRecord.h"
+#include "Msc/MscObject.h"
+#include <Security/SecKey.h>
+
+using namespace Tokend;
+
+KeyRecord::~KeyRecord()
+{
+}
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/KeyRecord.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/KeyRecord.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/KeyRecord.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * KeyRecord.h
+ * TokendMuscle
+ */
+
+#ifndef _KEYRECORD_H_
+#define _KEYRECORD_H_
+
+#include "Msc/MscKey.h"
+#include "Record.h"
+
+#include <string>
+
+class MscObject;
+
+class KeyRecord : public Tokend::Record
+{
+ NOCOPY(KeyRecord)
+public:
+ KeyRecord(MscKey& key) : mKey(key) {}
+ //KeyRecord(const MSCKeyInfo& keyInfo,MscTokenConnection *connection) : MscKey(keyInfo,connection) {}
+ virtual ~KeyRecord();
+
+ MscKey &key() { return mKey; }
+private:
+ MscKey &mKey;
+};
+
+#endif /* !_KEYRECORD_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscACL.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscACL.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscACL.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscACL.cpp
+ * TokendMuscle
+ */
+
+#include "MscACL.h"
+
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscACL.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscACL.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscACL.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscACL.h
+ * TokendMuscle
+ */
+
+#ifndef _MSCACL_H_
+#define _MSCACL_H_
+
+#include <PCSC/musclecard.h>
+
+#if 0
+class MscACL
+{
+public:
+ typedef struct
+ {
+ MSCUShort16 readPermission;
+ MSCUShort16 writePermission;
+ MSCUShort16 usePermission;
+ }
+ MSCKeyACL, *MSCLPKeyACL;
+
+ typedef struct
+ {
+ MSCUShort16 readPermission;
+ MSCUShort16 writePermission;
+ MSCUShort16 deletePermission;
+ }
+ MSCObjectACL, *MSCLPObjectACL, MSCCertACL, *MSCLPCertACL;
+};
+#endif
+
+#endif /* !_MSCACL_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscError.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscError.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscError.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscError.cpp
+ * TokendMuscle
+ */
+
+#include "MscError.h"
+
+//
+// MacOSError exceptions
+//
+MscError::MscError(int err) : error(err)
+{
+ IFDEBUG(debugDiagnose(this));
+}
+
+const char *MscError::what() const throw ()
+{ return "Musclecard error"; }
+
+OSStatus MscError::osStatus() const
+{ return error; }
+
+int MscError::unixError() const
+{
+ switch (error)
+ {
+ default:
+ // cannot map this to errno space
+ return -1;
+ }
+}
+
+void MscError::throwMe(int error)
+{ throw MscError(error); }
+
+#if !defined(NDEBUG)
+void MscError::debugDiagnose(const void *id) const
+{
+ secdebug("exception", "%p MscError %s (%d)",
+ id, mscerrorstr(error), error);
+}
+
+const char *MscError::mscerrorstr(int err) const
+{
+ switch (err)
+ {
+ // Musclecard Errors
+ case MSC_SUCCESS: return "Success";
+ case MSC_NO_MEMORY_LEFT: return "There have been memory problems on the card";
+ case MSC_AUTH_FAILED: return "Entered PIN is not correct";
+ case MSC_OPERATION_NOT_ALLOWED: return "Required operation is not allowed in actual circumstances";
+ case MSC_INCONSISTENT_STATUS: return "Required operation is inconsistent with memory contents";
+ case MSC_UNSUPPORTED_FEATURE: return "Required feature is not (yet) supported";
+ case MSC_UNAUTHORIZED: return "Required operation was not authorized because of a lack of privileges";
+ case MSC_OBJECT_NOT_FOUND: return "Required object is missing";
+ case MSC_OBJECT_EXISTS: return "New object ID already in use";
+ case MSC_INCORRECT_ALG: return "Algorithm specified is not correct";
+ case MSC_SIGNATURE_INVALID: return "Verify operation detected an invalid signature";
+ case MSC_IDENTITY_BLOCKED: return "Operation has been blocked for security reason";
+ case MSC_UNSPECIFIED_ERROR: return "Unspecified error";
+ case MSC_TRANSPORT_ERROR: return "PCSC and driver transport errors";
+ case MSC_INVALID_PARAMETER: return "Invalid parameter given";
+ case MSC_INCORRECT_P1: return "Incorrect P1 parameter";
+ case MSC_INCORRECT_P2: return "Incorrect P2 parameter";
+ case MSC_SEQUENCE_END: return "End of sequence";
+ case MSC_INTERNAL_ERROR: return "For debugging purposes - Internal error";
+ case MSC_CANCELLED: return "A blocking event has been cancelled";
+ case MSC_INSUFFICIENT_BUFFER: return "The buffer provided is too short";
+ case MSC_UNRECOGNIZED_TOKEN: return "The selected token is not recognized";
+ case MSC_SERVICE_UNRESPONSIVE: return "The PC/SC services is not available";
+ case MSC_TIMEOUT_OCCURRED: return "The action has timed out";
+ case MSC_TOKEN_REMOVED: return "The token has been removed";
+ case MSC_TOKEN_RESET: return "The token has been reset";
+ case MSC_TOKEN_INSERTED: return "The token has been inserted";
+ case MSC_TOKEN_UNRESPONSIVE: return "The token is unresponsive";
+ case MSC_INVALID_HANDLE: return "The handle is invalid";
+ case MSC_SHARING_VIOLATION: return "Invalid sharing";
+
+ // PCSC Errors
+ case SCARD_S_SUCCESS:
+ case SCARD_E_CANCELLED:
+ case SCARD_E_CANT_DISPOSE:
+ case SCARD_E_INSUFFICIENT_BUFFER:
+ case SCARD_E_INVALID_ATR:
+ case SCARD_E_INVALID_HANDLE:
+ case SCARD_E_INVALID_PARAMETER:
+ case SCARD_E_INVALID_TARGET:
+ case SCARD_E_INVALID_VALUE:
+ case SCARD_E_NO_MEMORY:
+ case SCARD_F_COMM_ERROR:
+ case SCARD_F_INTERNAL_ERROR:
+ case SCARD_F_UNKNOWN_ERROR:
+ case SCARD_F_WAITED_TOO_LONG:
+ case SCARD_E_UNKNOWN_READER:
+ case SCARD_E_TIMEOUT:
+ case SCARD_E_SHARING_VIOLATION:
+ case SCARD_E_NO_SMARTCARD:
+ case SCARD_E_UNKNOWN_CARD:
+ case SCARD_E_PROTO_MISMATCH:
+ case SCARD_E_NOT_READY:
+ case SCARD_E_SYSTEM_CANCELLED:
+ case SCARD_E_NOT_TRANSACTED:
+ case SCARD_E_READER_UNAVAILABLE:
+ case SCARD_W_UNSUPPORTED_CARD:
+ case SCARD_W_UNRESPONSIVE_CARD:
+ case SCARD_W_UNPOWERED_CARD:
+ case SCARD_W_RESET_CARD:
+ case SCARD_W_REMOVED_CARD:
+ case SCARD_E_PCI_TOO_SMALL:
+ case SCARD_E_READER_UNSUPPORTED:
+ case SCARD_E_DUPLICATE_READER:
+ case SCARD_E_CARD_UNSUPPORTED:
+ case SCARD_E_NO_SERVICE:
+ case SCARD_E_SERVICE_STOPPED:
+ return pcsc_stringify_error(err);
+ default:
+ return "Unknown error";
+ }
+}
+#endif //NDEBUG
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscError.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscError.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscError.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscError.h
+ * TokendMuscle
+ */
+
+#ifndef _MSCERROR_H_
+#define _MSCERROR_H_
+
+#include <security_utilities/debugging.h>
+#include <security_utilities/errors.h>
+#include <PCSC/musclecard.h>
+#include <PCSC/pcsclite.h>
+
+class MscError : public Security::CommonError
+{
+protected:
+ MscError(int err);
+public:
+ const int error;
+ virtual OSStatus osStatus() const;
+ virtual int unixError() const;
+ virtual const char *what () const throw ();
+
+ static void check(OSStatus status) { if (status!=MSC_SUCCESS && status!=SCARD_S_SUCCESS) throwMe(status); }
+ static void throwMe(int err) __attribute__((noreturn));
+
+protected:
+ IFDEBUG(void debugDiagnose(const void *id) const;)
+ IFDEBUG(const char *mscerrorstr(int err) const;)
+};
+
+#endif /* !_MSCERROR_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscKey.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscKey.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscKey.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,170 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscKey.cpp
+ * TokendMuscle
+ */
+
+#include "MscKey.h"
+#include "MscError.h"
+
+void MscKey::importKey(const MSCKeyACL& keyACL,const void *keyBlob,size_t keyBlobSize,
+ MSCKeyPolicy& keyPolicy,MSCPVoid32 pAddParams, MSCUChar8 addParamsSize)
+{
+ MSC_RV rv = MSCImportKey(&Required(mConnection),number(),const_cast<MSCKeyACL *>(&keyACL),
+ reinterpret_cast<MSCPUChar8>(const_cast<void *>(keyBlob)),keyBlobSize,&keyPolicy,pAddParams,addParamsSize);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscKey::exportKey(void *keyBlob,size_t keyBlobSize,MSCPVoid32 pAddParams, MSCUChar8 addParamsSize)
+{
+ uint32_t kbs = keyBlobSize;
+ MSC_RV rv = MSCExportKey(&Required(mConnection),number(),
+ reinterpret_cast<MSCPUChar8>(keyBlob),&kbs,pAddParams,addParamsSize);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscKey::extAuthenticate(MSCUChar8 cipherMode,MSCUChar8 cipherDirection,const char *pData,size_t dataSize)
+{
+ MSC_RV rv = MSCExtAuthenticate(&Required(mConnection),number(),cipherMode,cipherDirection,
+ reinterpret_cast<unsigned char *>(const_cast<char *>(pData)),dataSize);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscKey::convert(CssmKey &cssmk)
+{
+ cssmk.header().cspGuid(Guid::overlay(gGuidAppleSdCSPDL));
+
+ switch (type())
+ {
+ case MSC_KEY_RSA_PRIVATE:
+ case MSC_KEY_RSA_PRIVATE_CRT:
+ case MSC_KEY_RSA_PUBLIC:
+ cssmk.algorithm(CSSM_ALGID_RSA);
+ break;
+
+ case MSC_KEY_DSA_PRIVATE:
+ case MSC_KEY_DSA_PUBLIC:
+ cssmk.algorithm(CSSM_ALGID_DSA);
+ break;
+
+ case MSC_KEY_DES:
+ cssmk.algorithm(CSSM_ALGID_DES);
+ break;
+ case MSC_KEY_3DES:
+ // @@@ Which algid is this?
+ cssmk.algorithm(CSSM_ALGID_3DES);
+ //cssmk.algorithm(CSSM_ALGID_3DES_3KEY_EDE);
+ //cssmk.algorithm(CSSM_ALGID_3DES_2KEY_EDE);
+ //cssmk.algorithm(CSSM_ALGID_3DES_1KEY_EEE);
+ //cssmk.algorithm(CSSM_ALGID_3DES_3KEY_EEE);
+ //cssmk.algorithm(CSSM_ALGID_3DES_2KEY_EEE);
+ break;
+ case MSC_KEY_3DES3:
+ // @@@ Which algid is this?
+ cssmk.algorithm(CSSM_ALGID_3DES_3KEY_EDE);
+ //cssmk.algorithm(CSSM_ALGID_3DES_3KEY_EEE);
+ break;
+ default:
+ cssmk.algorithm(CSSM_ALGID_CUSTOM);
+ break;
+ }
+
+ cssmk.blobType(CSSM_KEYBLOB_REFERENCE); // Keys are always reference keys
+ cssmk.blobFormat(CSSM_KEYBLOB_REF_FORMAT_INTEGER);
+ switch (type())
+ {
+ case MSC_KEY_RSA_PRIVATE:
+ case MSC_KEY_RSA_PRIVATE_CRT:
+ case MSC_KEY_DSA_PRIVATE:
+ cssmk.keyClass(CSSM_KEYCLASS_PRIVATE_KEY);
+ break;
+ case MSC_KEY_RSA_PUBLIC:
+ case MSC_KEY_DSA_PUBLIC:
+ cssmk.keyClass(CSSM_KEYCLASS_PUBLIC_KEY);
+ break;
+ case MSC_KEY_DES:
+ case MSC_KEY_3DES:
+ case MSC_KEY_3DES3:
+ cssmk.keyClass(CSSM_KEYCLASS_SESSION_KEY);
+ break;
+ default:
+ cssmk.keyClass(CSSM_KEYCLASS_OTHER);
+ break;
+ }
+
+ cssmk.header().LogicalKeySizeInBits = size();
+
+ cssmk.setAttribute(CSSM_KEYATTR_PERMANENT);
+ if (acl().read() != MSC_AUT_NONE)
+ cssmk.setAttribute(CSSM_KEYATTR_EXTRACTABLE);
+ else
+ cssmk.setAttribute(CSSM_KEYATTR_SENSITIVE);
+
+ if (acl().write() != MSC_AUT_NONE)
+ cssmk.setAttribute(CSSM_KEYATTR_MODIFIABLE);
+
+ if (acl().use() != MSC_AUT_ALL)
+ cssmk.setAttribute(CSSM_KEYATTR_PRIVATE);
+
+ // Muscle doesn't really encode these values.
+ cssmk.clearAttribute(CSSM_KEYATTR_ALWAYS_SENSITIVE | CSSM_KEYATTR_NEVER_EXTRACTABLE);
+
+ // Set up key usage fields
+ MSCUShort16 cipherDirection = keyPolicy.cipherDirection;
+ if (cipherDirection & MSC_KEYPOLICY_DIR_SIGN)
+ cssmk.usage(CSSM_KEYUSE_SIGN);
+ if (cipherDirection & MSC_KEYPOLICY_DIR_VERIFY)
+ cssmk.usage(CSSM_KEYUSE_VERIFY);
+ if (cipherDirection & MSC_KEYPOLICY_DIR_ENCRYPT)
+ cssmk.usage(CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_WRAP);
+ if (cipherDirection & MSC_KEYPOLICY_DIR_DECRYPT)
+ cssmk.usage(CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_UNWRAP);
+ // @@@ no mapping to CSSM_KEYUSE_ANY, CSSM_KEYUSE_SIGN_RECOVER, CSSM_KEYUSE_VERIFY_RECOVER, CSSM_KEYUSE_DERIVE
+}
+
+void MscKey::computeCrypt(MSCUChar8 cipherMode, MSCUChar8 cipherDirection,
+ const MSCUChar8 *inputData, size_t inputDataSize,
+ MSCUChar8 *outputData, size_t &outputDataSize)
+{
+ MSCCryptInit cryptInit = { number(), cipherMode, cipherDirection, };
+ uint32_t outsz = outputDataSize;
+ MSC_RV rv = MSCComputeCrypt(mConnection, &cryptInit, const_cast<MSCUChar8 *>(inputData),
+ inputDataSize, outputData, &outsz);
+ outputDataSize = outsz;
+ if (rv != MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+
+#if defined(DEBUGDUMP)
+void MscKey::debugDump()
+{
+ Debug::dump("key: %hhu type: 0x%02hhX size: %hu policy(mode: 0x%04hX direction: 0x%04hX) acl(read: 0x%04hX write: 0x%04hX use: 0x%04hX)\n", keyNum, keyType, keySize, keyPolicy.cipherMode, keyPolicy.cipherDirection, keyACL.readPermission, keyACL.writePermission, keyACL.usePermission);
+}
+#endif /* !defined(DEBUGDUMP) */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscKey.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscKey.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscKey.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscKey.h
+ * TokendMuscle
+ */
+
+#ifndef _MSCKEY_H_
+#define _MSCKEY_H_
+
+#include <PCSC/musclecard.h>
+#include "MscWrappers.h"
+#include "MscTokenConnection.h"
+#include <security_utilities/debugging.h>
+#include <security_cdsa_utilities/cssmkey.h>
+
+class MscKey : public MscKeyInfo
+{
+public:
+ MscKey() { }
+ MscKey(unsigned int keyNum, MscTokenConnection *connection);
+ MscKey(const MSCKeyInfo& keyInfo,MscTokenConnection *connection) :
+ MscKeyInfo(keyInfo), mConnection(connection) {}
+ virtual ~MscKey() {};
+
+ void importKey(const MSCKeyACL& keyACL,const void *keyBlob,size_t keyBlobSize,
+ MSCKeyPolicy& keyPolicy,MSCPVoid32 pAddParams=NULL, MSCUChar8 addParamsSize=0);
+ void exportKey(void *keyBlob,size_t keyBlobSize,MSCPVoid32 pAddParams=NULL, MSCUChar8 addParamsSize=0);
+ void extAuthenticate(MSCUChar8 cipherMode,MSCUChar8 cipherDirection,const char *pData,size_t dataSize);
+ void convert(CssmKey &cssmk);
+ void computeCrypt(MSCUChar8 cipherMode, MSCUChar8 cipherDirection,
+ const MSCUChar8 *inputData, size_t inputDataSize,
+ MSCUChar8 *outputData, size_t &outputDataSize);
+
+ MscTokenConnection &connection() { return *mConnection; }
+
+ IFDUMP(void debugDump());
+
+protected:
+ MscTokenConnection *mConnection;
+};
+
+#endif /* !_MSCKEY_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscObject.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscObject.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscObject.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscObject.cpp
+ * TokendMuscle
+ */
+
+#include "MscObject.h"
+#include "MscError.h"
+
+MscObject::MscObject(const char *objectID,MscTokenConnection *connection) :
+ mConnection(connection), mData(NULL), mDataLoaded(false), mAttributesLoaded(false)
+{
+ ::memcpy(mInfo.objectID,objectID,sizeof(mInfo.objectID));
+}
+
+MscObject::MscObject(const MSCObjectInfo& info,MscTokenConnection *connection) :
+ mInfo(info), mConnection(connection), mData(NULL), mDataLoaded(false), mAttributesLoaded(true)
+{
+ // Note: if we are constructed with an MSCObjectInfo, we already have our attributes
+}
+
+MscObject::~MscObject()
+{
+ if (mData)
+ free(mData);
+}
+
+void MscObject::create(const char *objectID,u_int32_t objectSize,const MscObjectACL& objectACL)
+{
+ // This reserves space on the card for a new object
+ // It must be called before the object can be written
+ MSC_RV rv = MSCCreateObject(mConnection,const_cast<char *>(&Required(objectID)),objectSize,
+ const_cast<MSCObjectACL *>((MSCObjectACL *)&objectACL));
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscObject::deleteobj(const char *objectID,bool zeroFlag)
+{
+ // This deletes an object on the card
+ MSC_RV rv = MSCDeleteObject(mConnection,const_cast<char *>(&Required(objectID)),zeroFlag);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscObject::read()
+{
+ LPRWEventCallback rwCallback = NULL;
+ MSCPVoid32 addParams = NULL;
+ getAttributes();
+
+ if (mDataLoaded)
+ return;
+
+ MSCULong32 readSz = mInfo.size();
+ MSC_RV rv = MSCReadAllocateObject(mConnection, const_cast<char *>(mInfo.objid()),
+ reinterpret_cast<MSCPUChar8 *>(&mData),&readSz, rwCallback, addParams);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+
+ mDataLoaded = true;
+}
+
+void MscObject::write(const char *dataToWrite,size_t dataSize)
+{
+ MSCULong32 offset = 0;
+ LPRWEventCallback rwCallback = NULL;
+ MSCPVoid32 addParams = NULL;
+
+ MSC_RV rv = MSCWriteObject(mConnection, const_cast<char *>(mInfo.objid()), offset,
+ reinterpret_cast<unsigned char *>(const_cast<char *>(dataToWrite)),dataSize, rwCallback, addParams);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+ mDataLoaded = false;
+}
+
+#ifdef _DEBUG_OSTREAM
+std::ostream& operator << (std::ostream& strm, const MscObject& obj)
+{
+ strm << "Obj: " << obj.mInfo;
+ return strm;
+}
+#endif
+
+#pragma mark ---------------- Utility methods --------------
+
+void MscObject::getAttributes(bool refresh)
+{
+ if (refresh || !mAttributesLoaded)
+ {
+ (Required(mConnection)).getObjectAttributes(mInfo.objid(),mInfo);
+ mAttributesLoaded = true;
+ }
+}
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscObject.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscObject.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscObject.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscObject.h
+ * TokendMuscle
+ */
+
+#ifndef _MSCOBJECT_H_
+#define _MSCOBJECT_H_
+
+#include "MscWrappers.h"
+#include "MscTokenConnection.h"
+#include <PCSC/musclecard.h>
+
+class MscObject
+{
+ NOCOPY(MscObject)
+public:
+ MscObject(const char *objectID,MscTokenConnection *connection);
+ MscObject(const MSCObjectInfo& info,MscTokenConnection *connection);
+ virtual ~MscObject();
+
+ virtual void create(const char *objectID,u_int32_t objectSize,const MscObjectACL& objectACL=MscObjectACL());
+ virtual void deleteobj(const char *objectID,bool zeroFlag);
+ virtual void write(const char *dataToWrite,size_t dataSize);
+ virtual void read();
+
+ virtual const void *data() { if (!mDataLoaded) read(); return reinterpret_cast<const void *>(mData); }
+ virtual uint32 size() const { return mInfo.size(); }
+ virtual const char *objid() const { return mInfo.objid(); }
+
+#ifdef _DEBUG_OSTREAM
+ friend std::ostream& operator << (std::ostream& strm, const MscObject& obj);
+#endif
+
+protected:
+ MscObjectInfo mInfo;
+ MscTokenConnection *mConnection;
+ char *mData;
+ mutable bool mDataLoaded;
+ mutable bool mAttributesLoaded;
+
+ void getAttributes(bool refresh=false);
+};
+
+#ifdef _DEBUG_OSTREAM
+std::ostream& operator << (std::ostream& strm, const MscObject& ee);
+#endif
+
+#endif /* !_MSCOBJECT_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscPIN.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscPIN.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscPIN.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscPIN.cpp
+ * TokendMuscle
+ */
+
+#include "MscPIN.h"
+#include "MscError.h"
+
+void MscPIN::create(unsigned int pinNum,unsigned int pinAttempts,const char *PIN, size_t PINSize,
+ const char *unblockPIN, size_t unblockPINSize)
+{
+ MSC_RV rv = MSCCreatePIN(&Required(mConnection),pinNum,pinAttempts,
+ reinterpret_cast<unsigned char *>(const_cast<char *>(PIN)),PINSize,
+ reinterpret_cast<unsigned char *>(const_cast<char *>(unblockPIN)),unblockPINSize);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscPIN::change(unsigned int pinNum,const char *oldPIN, size_t oldPINSize,const char *newPIN, size_t newPINSize)
+{
+ MSC_RV rv = MSCChangePIN(&Required(mConnection),pinNum,
+ reinterpret_cast<unsigned char *>(const_cast<char *>(oldPIN)),oldPINSize,
+ reinterpret_cast<unsigned char *>(const_cast<char *>(newPIN)),newPINSize);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscPIN::unblock(unsigned int pinNum,const char *unblockCode, size_t unblockCodeSize)
+{
+ MSC_RV rv = MSCUnblockPIN(&Required(mConnection),pinNum,
+ reinterpret_cast<unsigned char *>(const_cast<char *>(unblockCode)),unblockCodeSize);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscPIN::list(MSCUShort16& mask)
+{
+ MSC_RV rv = MSCListPINs(&Required(mConnection),&mask);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscPIN.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscPIN.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscPIN.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscPIN.h
+ * TokendMuscle
+ */
+
+#ifndef _MSCPIN_H_
+#define _MSCPIN_H_
+
+#include "MscWrappers.h"
+#include "MscTokenConnection.h"
+#include <PCSC/musclecard.h>
+
+class MscPIN
+{
+public:
+ MscPIN() { }
+ MscPIN(MscTokenConnection *connection) { mConnection = connection; }
+ virtual ~MscPIN() {};
+
+ void create(unsigned int pinNum,unsigned int pinAttempts,const char *PIN, size_t PINSize,
+ const char *unblockPIN, size_t unblockPINSize);
+ void change(unsigned int pinNum,const char *oldPIN, size_t oldPINSize,const char *newPIN, size_t newPINSize);
+ void unblock(unsigned int pinNum,const char *unblockCode, size_t unblockCodeSize);
+ void list(MSCUShort16& mask);
+
+protected:
+ MscTokenConnection *mConnection;
+};
+
+#endif /* !_MSCPIN_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscToken.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscToken.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscToken.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscToken.cpp
+ * TokendMuscle
+ */
+
+#include <iostream>
+#include "MscToken.h"
+#include "MscError.h"
+
+#include <Security/cssmtype.h>
+#include <PCSC/pcsclite.h>
+#include <PCSC/musclecard.h>
+
+#include <security_cdsa_utilities/cssmdb.h>
+
+void MscToken::loadobjects()
+{
+ for (MSCUChar8 seqOption = MSC_SEQUENCE_RESET;;)
+ {
+ MSCObjectInfo objInfo;
+ MSC_RV rv = MSCListObjects(mConnection, seqOption, &objInfo);
+ if (rv!=MSC_SUCCESS)
+ break; //MscError::throwMe(rv);
+ const char *objid = MscObjectInfo::overlay(&objInfo)->objid();
+ MscObject *obj = new MscObject(objInfo,mConnection);
+ mObjects.insert(pair<std::string,MscObject *>(std::string(objid),obj));
+ seqOption = MSC_SEQUENCE_NEXT;
+ }
+
+ for (MSCUChar8 seqOption = MSC_SEQUENCE_RESET;;)
+ {
+ MSCKeyInfo keyInfo;
+ MSC_RV rv = MSCListKeys(mConnection, seqOption, &keyInfo);
+ if (rv!=MSC_SUCCESS)
+ break; //MscError::throwMe(rv);
+ MscKey *xkey = new MscKey(keyInfo,mConnection);
+ mKeys.insert(pair<MSCUChar8,MscKey *>(xkey->number(),xkey));
+ seqOption = MSC_SEQUENCE_NEXT;
+ }
+}
+
+void MscToken::dumpobjects()
+{
+ ConstObjIterator obji = mObjects.begin();
+ for (;obji!=mObjects.end();obji++)
+ std::cout << (*obji).second << std::endl;
+
+#if 0
+ ConstKeyIterator keyi = mKeys.begin();
+ for (;keyi!=mKeys.end();keyi++)
+ std::cout << (*keyi).second << std::endl;
+#endif
+}
+
+MscObject &MscToken::getObject(const std::string &objID)
+{
+ ConstObjIterator obji = mObjects.find(objID);
+ if (obji==mObjects.end())
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_CONTEXT_HANDLE);
+ return *(obji->second);
+}
+
+MscKey &MscToken::getKey(MSCUChar8 keyNum)
+{
+ ConstKeyIterator keyi = mKeys.find(keyNum);
+ if (keyi==mKeys.end())
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_CONTEXT_HANDLE);
+ return *(keyi->second);
+}
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscToken.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscToken.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscToken.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscToken.h
+ * TokendMuscle
+ */
+
+#ifndef _MSCTOKEN_H_
+#define _MSCTOKEN_H_
+
+#include <PCSC/musclecard.h>
+#include <map>
+#include "MscWrappers.h"
+#include "MscObject.h"
+#include "MscKey.h"
+#include "TokenContext.h"
+
+/*
+ Token contains:
+ - <set> of keys
+ - <set> of objects
+*/
+class MscToken: public Tokend::TokenContext
+{
+public:
+ MscToken();
+ MscToken(MSCTokenConnection *connection) : mConnection(MscTokenConnection::optional(connection)) {};
+ virtual ~MscToken() {};
+
+ typedef std::map<std::string, MscObject *> ObjectMap;
+ typedef ObjectMap::iterator ObjIterator;
+ typedef ObjectMap::const_iterator ConstObjIterator;
+
+ typedef std::map<MSCUChar8, MscKey *> KeyMap;
+ typedef KeyMap::iterator KeyIterator;
+ typedef KeyMap::const_iterator ConstKeyIterator;
+
+ void loadobjects();
+ void dumpobjects();
+
+ MscObject &getObject(const std::string &objID);
+ MscKey &getKey(MSCUChar8 keyNum);
+
+ friend std::ostream& operator << (std::ostream& strm, const MscToken& oa);
+
+protected:
+ MscTokenConnection *mConnection;
+ ObjectMap mObjects;
+ KeyMap mKeys;
+
+public:
+ // Iterators for moving through records
+
+ ConstObjIterator begin() const { return ConstObjIterator(mObjects.begin()); }
+ ConstObjIterator end() const { return ConstObjIterator(mObjects.end()); }
+
+ ObjIterator begin() { return ObjIterator(mObjects.begin()); }
+ ObjIterator end() { return ObjIterator(mObjects.end()); }
+
+ ConstKeyIterator kbegin() const { return ConstKeyIterator(mKeys.begin()); }
+ ConstKeyIterator kend() const { return ConstKeyIterator(mKeys.end()); }
+};
+
+std::ostream& operator << (std::ostream& strm, const MscToken& oa);
+
+#endif /* !_MSCTOKEN_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscTokenConnection.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscTokenConnection.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscTokenConnection.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,273 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscTokenConnection.cpp
+ * TokendMuscle
+ */
+
+#include <iostream>
+#include "MscTokenConnection.h"
+#include "MscError.h"
+
+MscTokenConnection::MscTokenConnection(const MSCTokenInfo &rTokenInfo)
+{
+ // @@@ assume that we will call MSCEstablishConnection, which should set us up
+ secdebug("connection", "Calling MscTokenConnection::MscTokenConnection");
+ clearPod();
+// ::memcpy(&tokenInfo,&rTokenInfo,sizeof(MSCTokenInfo));
+// std::cout << "Dump: \n" << tokenInfo << std::endl;
+ ::memcpy(&mLocalTokenInfo,&rTokenInfo,sizeof(MSCTokenInfo));
+#ifdef _DEBUG_OSTREAM
+ std::cout << "Dump: \n" << mLocalTokenInfo << std::endl;
+#endif
+}
+
+MscTokenConnection::MscTokenConnection(const MSCTokenConnection &rTokenConnection)
+{
+ // Set basic fields
+ hContext = rTokenConnection.hContext; // Handle to resource manager
+ hCard = rTokenConnection.hCard; // Handle to the connection
+ ioType->dwProtocol = rTokenConnection.ioType->dwProtocol; // Protocol identifier
+ ioType->cbPciLength = rTokenConnection.ioType->cbPciLength; // Protocol Control Inf Length
+ macSize = rTokenConnection.macSize; // Size of the MAC code
+ loggedIDs = rTokenConnection.loggedIDs; // Verification bit mask
+ shareMode = rTokenConnection.shareMode; // Sharing mode for this
+
+ // Now copy the strings
+ ::strncpy(reinterpret_cast<char *>(pMac), reinterpret_cast<const char *>(rTokenConnection.pMac),
+ min(static_cast<size_t>(rTokenConnection.macSize),sizeof(pMac))); // Token name
+}
+
+// strncpy(char * restrict dst, const char * restrict src, size_t len);
+
+MscTokenConnection &MscTokenConnection::operator = (const MSCTokenConnection &rTokenConnection)
+{
+ // how do we avoid duplication of copy constructor code?
+
+ // Set basic fields
+ hContext = rTokenConnection.hContext; // Handle to resource manager
+ hCard = rTokenConnection.hCard; // Handle to the connection
+ ioType->dwProtocol = rTokenConnection.ioType->dwProtocol; // Protocol identifier
+ ioType->cbPciLength = rTokenConnection.ioType->cbPciLength; // Protocol Control Inf Length
+ macSize = rTokenConnection.macSize; // Size of the MAC code
+ loggedIDs = rTokenConnection.loggedIDs; // Verification bit mask
+ shareMode = rTokenConnection.shareMode; // Sharing mode for this
+
+ // Now copy the strings
+ ::strncpy(reinterpret_cast<char *>(pMac), reinterpret_cast<const char *>(rTokenConnection.pMac),
+ min(static_cast<size_t>(rTokenConnection.macSize),sizeof(pMac))); // Token name
+
+ return *this;
+}
+
+void MscTokenConnection::connect(const char *applicationName,MSCULong32 sharingMode)
+{
+ // Establishes a connection to the specified token
+ MSC_RV rv = MSCReleaseConnection(this, MSC_RESET_TOKEN);
+
+ rv = MSCEstablishConnection(&mLocalTokenInfo, sharingMode,
+ reinterpret_cast<unsigned char *>(const_cast<char *>(applicationName)),
+ applicationName?strlen(applicationName):0, this); // NULL,0 => use default applet
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscTokenConnection::release(MSCULong32 endAction)
+{
+ // Releases a connection to the specified token
+ MSC_RV rv = MSCReleaseConnection(this,endAction);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscTokenConnection::beginTransaction()
+{
+ // Locks a transaction to the token
+ MSC_RV rv = MSCBeginTransaction(this);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscTokenConnection::endTransaction(MSCULong32 endAction)
+{
+ // Releases a locked transaction to the token
+ MSC_RV rv = MSCEndTransaction(this,endAction);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscTokenConnection::logoutAll()
+{
+ // Releases a connection to the specified token
+ MSC_RV rv = MSCLogoutAll(this);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscTokenConnection::verifyPIN(MSCUChar8 pinNum,std::string pin)
+{
+ // Releases a locked transaction to the token
+ MSC_RV rv = MSCVerifyPIN(this,pinNum,reinterpret_cast<unsigned char *>(const_cast<char *>(pin.c_str())),pin.length());
+ if (rv!=MSC_SUCCESS)
+ {
+ std::cout << "*** PIN verify failed!!! ***" << std::endl;
+ MscError::throwMe(rv);
+ }
+}
+
+unsigned int MscTokenConnection::listPins()
+{
+ MSCUShort16 mask;
+ MSC_RV rv = MSCListPINs(this, &mask);
+ if (rv != MSC_SUCCESS)
+ MscError::throwMe(rv);
+ return mask;
+}
+
+void MscTokenConnection::selectAID(std::string aid)
+{
+// selectAID(reinterpret_cast<MSCUChar8 *>(aid.c_str()), aid.length());
+ selectAID(aid.c_str(), aid.length());
+}
+
+void MscTokenConnection::selectAID(const char */* aidValue */, MSCULong32 /* aidSize */)
+{
+ // Selects applet - Not to be used by applications
+ // MSCSelectAID is not exported!!
+// MSC_RV rv = MSCSelectAID(this,reinterpret_cast<unsigned char *>(const_cast<char *>(aidValue)),aidSize); /* MSC_SUCCESS */
+ MSC_RV rv = MSC_UNSUPPORTED_FEATURE; //MSCSelectAID(this,reinterpret_cast<unsigned char *>(const_cast<char *>(aidValue)),aidSize); /* */
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscTokenConnection::writeFramework(const MSCInitTokenParams& initParams)
+{
+ // Pre-personalization function
+ MSC_RV rv = MSCWriteFramework(this,const_cast<MSCInitTokenParams *>(&initParams));
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscTokenConnection::getKeyAttributes(MSCUChar8 keyNumber,MSCKeyInfo& keyInfo)
+{
+ //
+ MSC_RV rv = MSCGetKeyAttributes(this,keyNumber,&keyInfo);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscTokenConnection::getObjectAttributes(std::string objectID,MSCObjectInfo& objectInfo)
+{
+ //
+ MSC_RV rv = MSCGetObjectAttributes(this,const_cast<char *>(objectID.c_str()),&objectInfo);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+void MscTokenConnection::getStatus(MSCStatusInfo& statusInfo)
+{
+ // Pre-personalization function
+ MSC_RV rv = MSCGetStatus(this,&statusInfo);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+#pragma mark ---------------- Token state methods --------------
+
+bool MscTokenConnection::tokenWasReset()
+{
+ // Was the token reset ?
+ return MSCIsTokenReset(this);
+}
+
+bool MscTokenConnection::clearReset()
+{
+ // Clear the Reset state
+ return MSCClearReset(this);
+}
+
+bool MscTokenConnection::moved()
+{
+ // Was the token moved (removed, removed/inserted) ?
+ return MSCIsTokenMoved(this);
+}
+
+bool MscTokenConnection::changed()
+{
+ // Did any state change with the token ?
+ return MSCIsTokenChanged(this);
+}
+
+bool MscTokenConnection::known()
+{
+ // Did any state change with the token ?
+ return MSCIsTokenKnown(this);
+}
+
+#pragma mark ---------------- Capability methods --------------
+
+MSCULong32 MscTokenConnection::getCapabilities(MSCULong32 tag)
+{
+ MSCULong32 cap;
+ MSCULong32 size;
+ MSC_RV rv = MSCGetCapabilities(this, tag,
+ reinterpret_cast<MSCPUChar8>(&cap), &size);
+ if (rv != MSC_SUCCESS)
+ MscError::throwMe(rv);
+
+ if (size == 1)
+ return *reinterpret_cast<uint8_t *>(&cap);
+ else if (size == 2)
+ return *reinterpret_cast<uint16_t *>(&cap);
+ else
+ return cap;
+}
+
+void MscTokenConnection::extendedFeature(MSCULong32 extFeature,MSCPUChar8 outData,MSCULong32 outLength,
+ MSCPUChar8 inData, MSCPULong32 inLength)
+{
+ MSC_RV rv = MSCExtendedFeature(this,extFeature,outData,outLength,inData,inLength);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+#pragma mark ---------------- Key methods --------------
+
+void MscTokenConnection::generateKeys(MSCUChar8 prvKeyNum,MSCUChar8 pubKeyNum,MSCGenKeyParams& params)
+{
+ MSC_RV rv = MSCGenerateKeys(this,prvKeyNum,pubKeyNum,¶ms);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
+#pragma mark ---------------- Misc methods --------------
+
+void MscTokenConnection::getChallenge(const char *seed,size_t seedSize,const char *randomData,size_t randomDataSize)
+{
+ MSC_RV rv = MSCGetChallenge(this,reinterpret_cast<unsigned char *>(const_cast<char *>(seed)),seedSize,
+ reinterpret_cast<unsigned char *>(const_cast<char *>(randomData)),randomDataSize);
+ if (rv!=MSC_SUCCESS)
+ MscError::throwMe(rv);
+}
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscTokenConnection.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscTokenConnection.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscTokenConnection.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscTokenConnection.h
+ * TokendMuscle
+ */
+
+#ifndef _MSCTOKENCONNECTION_H_
+#define _MSCTOKENCONNECTION_H_
+
+#include <PCSC/musclecard.h>
+#include <security_utilities/utilities.h>
+//#include <sstream>
+#include <map>
+#include <set>
+#include "MscWrappers.h"
+
+class MscTokenConnection : public Security::PodWrapper<MscTokenConnection, MSCTokenConnection>
+{
+public:
+ MscTokenConnection() { memset(this, 0, sizeof(*this)); }
+ MscTokenConnection(const MSCTokenInfo &rTokenInfo);
+ MscTokenConnection(const MSCTokenConnection &rTokenConnection);
+
+ MscTokenConnection &operator = (const MSCTokenConnection &rTokenInfo);
+
+ // Accessors
+ MSCULong32 context() const { return hContext; } // Handle to resource manager
+ const MSCTokenInfo& tinfo() const { return tokenInfo; } // token information
+ const MSCTokenInfo& info() const { return mLocalTokenInfo; } // token information
+
+ const MSCUChar8 *mac() const { return pMac; } // MAC code
+ MSCULong32 macsize() const { return macSize; } // Size of the MAC code
+
+ // calls to muscle layer
+
+ void connect(const char *applicationName=NULL,MSCULong32 sharingMode=MSC_SHARE_SHARED);
+ void release(MSCULong32 endAction=SCARD_LEAVE_CARD);
+ void beginTransaction();
+ void endTransaction(MSCULong32 endAction=SCARD_LEAVE_CARD);
+ void logoutAll();
+
+ void verifyPIN(MSCUChar8 pinNum,std::string pin);
+ unsigned int listPins();
+
+ void selectAID(std::string aid);
+ void selectAID(const char *aidValue, MSCULong32 aidSize);
+ void writeFramework(const MSCInitTokenParams& initParams);
+
+ void getKeyAttributes(MSCUChar8 keyNumber,MSCKeyInfo& keyInfo);
+ void getObjectAttributes(std::string objectID,MSCObjectInfo& objectInfo);
+
+ void getStatus(MSCStatusInfo& statusInfo);
+
+ bool tokenWasReset();
+ bool clearReset();
+ bool moved();
+ bool changed();
+ bool known();
+
+ MSCULong32 getCapabilities(MSCULong32 Tag);
+ void extendedFeature(MSCULong32 extFeature,MSCPUChar8 outData,MSCULong32 outLength,
+ MSCPUChar8 inData, MSCPULong32 inLength);
+
+ void generateKeys(MSCUChar8 prvKeyNum,MSCUChar8 pubKeyNum, MSCGenKeyParams& params);
+ void getChallenge(const char *seed,size_t seedSize,const char *randomData,size_t randomDataSize);
+
+protected:
+ MSCTokenInfo mLocalTokenInfo;
+};
+
+#if 0
+ typedef struct
+ {
+ MSCLong32 hContext; /* */
+ MSCLong32 hCard; /* Handle to the connection */
+ LPSCARD_IO_REQUEST ioType; /* Type of protocol */
+ MSCPVoid32 tokenLibHandle; /* Handle to token library */
+ CFDyLibPointers libPointers; /* Function pointers */
+ MSCTokenInfo tokenInfo; /* */
+ MSCUChar8 loggedIDs; /* Verification bit mask */
+ MSCULong32 shareMode; /* Sharing mode for this */
+ LPRWEventCallback rwCallback; /* Registered callback */
+ }
+ MSCTokenConnection, *MSCLPTokenConnection;
+#endif
+
+#endif /* !_MSCTOKENCONNECTION_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscWrappers.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscWrappers.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscWrappers.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscWrappers.cpp
+ * TokendMuscle
+ */
+
+#include "MscWrappers.h"
+
+inline bool operator == (const MSCObjectInfo &s1, const MSCObjectInfo &s2)
+{
+ return ::strcmp(s1.objectID,s2.objectID)==0;
+}
+
+inline bool operator != (const MSCObjectInfo &s1, const MSCObjectInfo &s2)
+{
+ return !(s1 == s2);
+}
+
+MscTokenInfo::MscTokenInfo(const MSCTokenInfo &rTokenInfo)
+{
+ // Set basic fields
+ tokenAppLen = rTokenInfo.tokenAppLen; // Default AID Length
+ tokenIdLength = rTokenInfo.tokenIdLength; // ID Length (ATR Length)
+ tokenState = rTokenInfo.tokenState; // State (dwEventState)
+ tokenType = rTokenInfo.tokenType; // Type - RFU
+ addParams = rTokenInfo.addParams; // Additional Data
+ addParamsSize = rTokenInfo.addParamsSize; // Size of additional data
+
+ // Now copy the strings
+ ::memcpy(tokenName, rTokenInfo.tokenName, sizeof(tokenName)); // Token name
+ ::memcpy(slotName, rTokenInfo.slotName, sizeof(slotName)); // Slot/reader name
+ ::memcpy(svProvider, rTokenInfo.svProvider, sizeof(svProvider)); // Library
+ ::memcpy(reinterpret_cast<unsigned char *>(tokenId), reinterpret_cast<const unsigned char *>(rTokenInfo.tokenId), sizeof(tokenId)); // Token ID (ATR)
+ ::memcpy(reinterpret_cast<unsigned char *>(tokenApp), reinterpret_cast<const unsigned char *>(rTokenInfo.tokenApp), sizeof(tokenApp)); // Default app ID
+}
+
+MscTokenInfo::MscTokenInfo(const SCARD_READERSTATE &readerState)
+{
+ // An ss is enough info to be able to open a connection
+ ::memset(this, 0, sizeof(*this)); // overkill, but what the heck
+ ::strncpy(slotName, readerState.szReader, sizeof(slotName)); // Slot/reader name
+ size_t idsz = min(size_t(readerState.cbAtr),size_t(sizeof(tokenId)));
+ ::memcpy(reinterpret_cast<unsigned char *>(tokenId), reinterpret_cast<const unsigned char *>(readerState.rgbAtr), idsz); // Token ID (ATR)
+ tokenIdLength = idsz;
+ tokenState = readerState.dwEventState;
+}
+
+MscTokenInfo &MscTokenInfo::operator = (const MSCTokenInfo &rTokenInfo)
+{
+ // how do we avoid duplication of copy constructor code?
+
+ // Set basic fields
+ tokenAppLen = rTokenInfo.tokenAppLen; // Default AID Length
+ tokenIdLength = rTokenInfo.tokenIdLength; // ID Length (ATR Length)
+ tokenState = rTokenInfo.tokenState; // State (dwEventState)
+ tokenType = rTokenInfo.tokenType; // Type - RFU
+ addParams = rTokenInfo.addParams; // Additional Data
+ addParamsSize = rTokenInfo.addParamsSize; // Size of additional data
+
+ // Now copy the strings
+ ::memcpy(tokenName, rTokenInfo.tokenName, sizeof(tokenName)); // Token name
+ ::memcpy(slotName, rTokenInfo.slotName, sizeof(slotName)); // Slot/reader name
+ ::memcpy(svProvider, rTokenInfo.svProvider, sizeof(svProvider)); // Library
+ ::memcpy(reinterpret_cast<unsigned char *>(tokenId), reinterpret_cast<const unsigned char *>(rTokenInfo.tokenId), sizeof(tokenId)); // Token ID (ATR)
+ ::memcpy(reinterpret_cast<unsigned char *>(tokenApp), reinterpret_cast<const unsigned char *>(rTokenInfo.tokenApp), sizeof(tokenApp)); // Default app ID
+
+ return *this;
+}
+
+#pragma mark ---------------- ostream methods --------------
+
+#ifdef _DEBUG_OSTREAM
+
+#include <iomanip>
+
+std::ostream& operator << (std::ostream& strm, const MscObjectACL& oa)
+{
+ strm << "RD: " << oa.readPermission << " WR: " << oa.writePermission << " DEL: " << oa.deletePermission;
+ return strm;
+}
+
+std::ostream& operator << (std::ostream& strm, const MscObjectInfo& oi)
+{
+ strm << "ID: " << oi.objectID << " Size: " << oi.objectSize << " ACL: " << MscObjectACL(oi.objectACL);
+ return strm;
+}
+
+std::ostream& operator << (std::ostream& strm, const MscTokenInfo& ti)
+{
+ strm << "Token name : " << ti.tname() << "\n";
+ strm << "Slot name : " << ti.sname() << "\n";
+ strm << "Token id (ATR) : [" << std::dec << ti.tokenIdLength << "] ";
+ const unsigned char *tid = ti.tid();
+ for (unsigned int jx=0;jx < ti.tokenIdLength;jx++)
+ {
+ strm << std::hex << std::uppercase << std::setw(2) << std::setfill('0') << static_cast<unsigned int>(tid[jx]);
+ if (((jx+1) % 4)==0)
+ strm << " ";
+ }
+ strm << "\nToken state : " << ti.tokenState << "\n";
+ strm << "Provider : " << ti.provider() << "\n";
+ strm << "App ID : [" << std::dec << ti.tokenAppLen << "] " << ti.app() << "\n";
+ strm << "Type : " << ti.tokenType << "\n"; // Type - RFU
+
+ strm << "Addl Params : [" << ti.addParamsSize << "] " << ti.app() << "\n";
+ const unsigned char *tap = reinterpret_cast<const unsigned char *>(ti.addParams);
+ for (unsigned int jx=0;jx < ti.addParamsSize;jx++)
+ strm << std::hex << std::uppercase << std::setw(2) << std::setfill('0') << tap[jx];
+// strm << std::hex << std::uppercase << std::setw(2) << std::setfill('0') << static_cast<unsigned int>(tap[jx]);
+ return strm;
+}
+
+std::ostream& operator << (std::ostream& strm, const MscStatusInfo& si)
+{
+// strm << "GetStatus returns : " << MscError(rv) << "\n";
+ strm << "Protocol version : 0x" <<
+ std::hex << std::uppercase << std::setw(4) << std::setfill('0') << si.appVersion << "\n";
+ strm << "Applet version : 0x" <<
+ std::hex << std::uppercase << std::setw(4) << std::setfill('0') << si.swVersion << "\n";
+ strm << "Total object memory : " <<
+ std::dec << std::setw(8) << std::setfill('0') << si.totalMemory << "\n";
+ strm << "Free object memory : " <<
+ std::dec << std::setw(8) << std::setfill('0') << si.freeMemory << "\n";
+ strm << "Number of used PINs : " <<
+ std::dec << std::setw(2) << std::setfill('0') << si.usedPINs << "\n";
+ strm << "Number of used Keys : " <<
+ std::dec << std::setw(2) << std::setfill('0') << si.usedKeys << "\n";
+ strm << "Currently logged identities : 0x" <<
+ std::hex << std::uppercase << std::setw(4) << std::setfill('0') << si.loggedID << "\n";
+ return strm;
+}
+#endif // _DEBUG_OSTREAM
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscWrappers.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscWrappers.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/Msc/MscWrappers.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MscWrappers.h
+ * TokendMuscle
+ */
+
+#ifndef _MSCWRAPPERS_H_
+#define _MSCWRAPPERS_H_
+
+#include <PCSC/musclecard.h>
+#include <security_utilities/utilities.h>
+
+#ifdef _DEBUG_OSTREAM
+ #include <ostream>
+#endif
+
+#include <Security/cssmerr.h>
+#include <security_cdsa_utilities/cssmbridge.h>
+#include <security_cdsa_utilities/cssmerrors.h>
+
+class MscKeyACL : public Security::PodWrapper<MscKeyACL, MSCKeyACL>
+{
+public:
+ MscKeyACL() { }
+ MscKeyACL(MSCUShort16 rd, MSCUShort16 wr, MSCUShort16 us) { readPermission = rd; writePermission = wr; usePermission = us; }
+ MscKeyACL(MSCUShort16 perm) { readPermission = writePermission = usePermission = perm; }
+
+ MSCUShort16 read() const { return readPermission; }
+ MSCUShort16 write() const { return writePermission; }
+ MSCUShort16 use() const { return usePermission; }
+};
+
+class MscObjectACL : public Security::PodWrapper<MscObjectACL, MSCObjectACL>
+{
+public:
+ MscObjectACL() { }
+ MscObjectACL(MSCUShort16 rd, MSCUShort16 wr, MSCUShort16 delx) { readPermission = rd; writePermission = wr; deletePermission = delx; }
+ MscObjectACL(MSCUShort16 perm) { readPermission = writePermission = deletePermission = perm; }
+ MscObjectACL(const MSCObjectACL &rObjectACL) { readPermission = rObjectACL.readPermission; writePermission = rObjectACL.writePermission; deletePermission = rObjectACL.deletePermission; }
+
+ MSCUShort16 read() const { return readPermission; }
+ MSCUShort16 write() const { return writePermission; }
+ MSCUShort16 del() const { return deletePermission; }
+// operator uint32 () const { return effective(); }
+
+#ifdef _DEBUG_OSTREAM
+ friend std::ostream& operator << (std::ostream& strm, const MscObjectACL& oa);
+#endif
+};
+
+class MscKeyPolicy : public Security::PodWrapper<MscKeyPolicy, MSCKeyPolicy>
+{
+public:
+ MscKeyPolicy() { }
+ MscKeyPolicy(MSCUShort16 modex, MSCUShort16 dir) { cipherMode = modex; cipherDirection = dir; }
+
+ MSCUShort16 mode() const { return cipherMode; }
+ MSCUShort16 direction() const { return cipherDirection; }
+};
+
+class MscKeyInfo : public Security::PodWrapper<MscKeyInfo, MSCKeyInfo>
+{
+public:
+ // Note: these memcpy operations also copy keyPartner & keyMapping
+ // See Guid in cssmpods.h for template template
+ MscKeyInfo() { ::memset(this, 0, sizeof(*this)); }
+ MscKeyInfo(const MSCKeyInfo &rKeyInfo) { ::memcpy(this, &rKeyInfo, sizeof(*this)); }
+
+ MscKeyInfo &operator = (const MSCKeyInfo &rKeyInfo)
+ { ::memcpy(this, &rKeyInfo, sizeof(MSCKeyInfo)); return *this; }
+
+ MSCUChar8 number() const { return keyNum; }
+ MSCUChar8 type() const { return keyType; }
+ MSCULong32 size() const { return keySize; }
+ MscKeyACL &acl() { return MscKeyACL::overlay(keyACL); }
+ const MscKeyACL &acl() const { return MscKeyACL::overlay(keyACL); }
+ MscKeyPolicy &policy() { return MscKeyPolicy::overlay(keyPolicy); }
+ const MscKeyPolicy &policy() const { return MscKeyPolicy::overlay(keyPolicy); }
+};
+
+class MscObjectInfo : public Security::PodWrapper<MscObjectInfo, MSCObjectInfo>
+{
+public:
+ MscObjectInfo() { memset(this, 0, sizeof(*this)); }
+ MscObjectInfo(const MSCObjectInfo &rObjectInfo) { ::memcpy(this, &rObjectInfo, sizeof(*this)); }
+
+ MscObjectInfo &operator = (const MSCObjectInfo &rObjectInfo)
+ { ::memcpy(this, &rObjectInfo, sizeof(MSCObjectInfo)); return *this; }
+
+ const char *objid() const { return reinterpret_cast<const char *>(objectID); }
+ MSCULong32 size() const { return objectSize; }
+
+#ifdef _DEBUG_OSTREAM
+ friend std::ostream& operator << (std::ostream& strm, const MscObjectInfo& ee);
+#endif
+};
+
+class MscTokenInfo : public Security::PodWrapper<MscTokenInfo, MSCTokenInfo>
+{
+public:
+ MscTokenInfo() { memset(this, 0, sizeof(*this)); }
+ MscTokenInfo(const MSCTokenInfo &rTokenInfo);
+ MscTokenInfo(const SCARD_READERSTATE &readerState); // An SCARD_READERSTATE is enough info to be able to open a connection
+
+ MscTokenInfo &operator = (const MSCTokenInfo &rTokenInfo);
+
+ const char *tname() const { return tokenName; }
+ const char *sname() const { return slotName; }
+ const char *provider() const { return svProvider; }
+ const unsigned char *tid() const { return reinterpret_cast<const unsigned char *>(tokenId); }
+ const char *app() const { return reinterpret_cast<const char *>(tokenApp); }
+
+#ifdef _DEBUG_OSTREAM
+ friend std::ostream& operator << (std::ostream& strm, const MscTokenInfo& ti);
+#endif
+};
+
+class MscStatusInfo : public Security::PodWrapper<MscStatusInfo, MSCStatusInfo>
+{
+public:
+ MscStatusInfo() { memset(this, 0, sizeof(*this)); }
+ MscStatusInfo(const MscStatusInfo &rTokenInfo);
+
+ MscStatusInfo &operator = (const MscStatusInfo &rTokenInfo);
+
+#ifdef _DEBUG_OSTREAM
+ friend std::ostream& operator << (std::ostream& strm, const MscStatusInfo& ti);
+#endif
+};
+
+#ifdef _DEBUG_OSTREAM
+std::ostream& operator << (std::ostream& strm, const MscObjectACL& oa);
+std::ostream& operator << (std::ostream& strm, const MscObjectInfo& ee);
+std::ostream& operator << (std::ostream& strm, const MscTokenInfo& ti);
+std::ostream& operator << (std::ostream& strm, const MscStatusInfo& ti);
+#endif
+
+#endif /* !_MSCWRAPPERS_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardAttributeCoder.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardAttributeCoder.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardAttributeCoder.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,224 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MuscleCardAttributeCoder.cpp
+ * TokendMuscle
+ */
+
+#include "MuscleCardAttributeCoder.h"
+
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include "TokenRecord.h"
+#include "KeyRecord.h"
+#include "Msc/MscToken.h"
+#include "Msc/MscObject.h"
+
+#include <Security/SecKeychainItem.h>
+#include <security_cdsa_utilities/cssmkey.h>
+
+using namespace Tokend;
+
+#pragma mark ---------------- Muscle/P11 specific Coder methods --------------
+
+//
+// KeyExtractableAttributeCoder
+//
+KeyExtractableAttributeCoder::~KeyExtractableAttributeCoder() {}
+
+void KeyExtractableAttributeCoder::decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
+{
+ KeyRecord &keyRecord = dynamic_cast<KeyRecord &>(record);
+ bool value = keyRecord.key().acl().read() != MSC_AUT_NONE;
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(value));
+}
+
+
+//
+// KeySensitiveAttributeCoder
+//
+KeySensitiveAttributeCoder::~KeySensitiveAttributeCoder() {}
+
+void KeySensitiveAttributeCoder::decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute,
+ Tokend::Record &record)
+{
+ KeyRecord &keyRecord = dynamic_cast<KeyRecord &>(record);
+ bool value = keyRecord.key().acl().read() == MSC_AUT_NONE;
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(value));
+}
+
+
+//
+// KeyModifiableAttributeCoder
+//
+KeyModifiableAttributeCoder::~KeyModifiableAttributeCoder() {}
+
+void KeyModifiableAttributeCoder::decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
+{
+ KeyRecord &keyRecord = dynamic_cast<KeyRecord &>(record);
+ bool value = keyRecord.key().acl().write() != MSC_AUT_NONE;
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(value));
+}
+
+
+//
+// KeyPrivateAttributeCoder
+//
+KeyPrivateAttributeCoder::~KeyPrivateAttributeCoder() {}
+
+void KeyPrivateAttributeCoder::decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
+{
+ KeyRecord &keyRecord = dynamic_cast<KeyRecord &>(record);
+ bool value = keyRecord.key().acl().use() != MSC_AUT_ALL;
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(value));
+}
+
+
+//
+// KeyDirectionAttributeCoder
+//
+KeyDirectionAttributeCoder::~KeyDirectionAttributeCoder() {}
+
+void KeyDirectionAttributeCoder::decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
+{
+ KeyRecord &keyRecord = dynamic_cast<KeyRecord &>(record);
+ bool value = (keyRecord.key().policy().direction() & mMask);
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(value));
+}
+
+
+//
+// KeySizeAttributeCoder
+//
+KeySizeAttributeCoder::~KeySizeAttributeCoder() {}
+
+void KeySizeAttributeCoder::decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
+{
+ uint32 keySize = dynamic_cast<KeyRecord &>(record).key().size();
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(keySize));
+}
+
+
+//
+// KeyAlgorithmAttributeCoder
+//
+KeyAlgorithmAttributeCoder::~KeyAlgorithmAttributeCoder() {}
+
+void KeyAlgorithmAttributeCoder::decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
+{
+ uint32_t keyType = dynamic_cast<KeyRecord &>(record).key().type();
+ uint32 algID;
+
+ switch (keyType)
+ {
+ case MSC_KEY_RSA_PRIVATE:
+ case MSC_KEY_RSA_PRIVATE_CRT:
+ case MSC_KEY_RSA_PUBLIC:
+ algID = CSSM_ALGID_RSA;
+ break;
+
+ case MSC_KEY_DSA_PRIVATE:
+ case MSC_KEY_DSA_PUBLIC:
+ algID = CSSM_ALGID_DSA;
+ break;
+
+ case MSC_KEY_DES:
+ algID = CSSM_ALGID_DES;
+ break;
+ case MSC_KEY_3DES:
+ // @@@ Which algid is this?
+ algID = CSSM_ALGID_3DES;
+ //algID = CSSM_ALGID_3DES_3KEY_EDE;
+ //algID = CSSM_ALGID_3DES_2KEY_EDE;
+ //algID = CSSM_ALGID_3DES_1KEY_EEE;
+ //algID = CSSM_ALGID_3DES_3KEY_EEE;
+ //algID = CSSM_ALGID_3DES_2KEY_EEE;
+ break;
+ case MSC_KEY_3DES3:
+ // @@@ Which algid is this?
+ algID = CSSM_ALGID_3DES_3KEY_EDE;
+ //algID = CSSM_ALGID_3DES_3KEY_EEE;
+ break;
+ default:
+ secdebug("coder", "unknown MSC_KEY_TYPE: %02X r: %p rid: %08X aid: %u", keyType,
+ &record, metaAttribute.metaRecord().relationId(), metaAttribute.attributeId());
+ algID = CSSM_ALGID_CUSTOM;
+ break;
+ }
+
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(algID));
+}
+
+
+//
+// KeyNameAttributeCoder
+//
+KeyNameAttributeCoder::~KeyNameAttributeCoder() {}
+
+void KeyNameAttributeCoder::decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
+{
+ MSCUChar8 keyNumber = dynamic_cast<KeyRecord &>(record).key().number();
+ char buf[5];
+ int used = snprintf(buf, 5, "K%u", keyNumber);
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(buf, used));
+}
+
+//
+// ObjectIDAttributeCoder
+//
+ObjectIDAttributeCoder::~ObjectIDAttributeCoder()
+{
+}
+
+void ObjectIDAttributeCoder::decode(TokenContext *tokenContext, const MetaAttribute &metaAttribute, Record &record)
+{
+ // fill in data with object name from MscObjectInfo
+ TokenRecord &tokenRecord = dynamic_cast<TokenRecord &>(record);
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(tokenRecord.objid()));
+}
+
+
+//
+// MscDataAttributeCoder
+//
+MscDataAttributeCoder::~MscDataAttributeCoder()
+{
+}
+
+void MscDataAttributeCoder::decode(TokenContext *tokenContext, const MetaAttribute &metaAttribute, Record &record)
+{
+ TokenRecord &trec = dynamic_cast<TokenRecord &>(record);
+ MscToken &tok = dynamic_cast<MscToken &>(*tokenContext);
+ MscObject &obj = tok.getObject(trec.objid());
+ secdebug("dcoder", "getting object %s of size %d", trec.objid().c_str(), obj.size());
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(obj.data(), obj.size()));
+}
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardAttributeCoder.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardAttributeCoder.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardAttributeCoder.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,187 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MuscleCardAttributeCoder.h
+ * TokendMuscle
+ */
+
+#ifndef _MUSCLECARDATTRIBUTECODER_H_
+#define _MUSCLECARDATTRIBUTECODER_H_
+
+#include "AttributeCoder.h"
+#include <string>
+
+#include <PCSC/musclecard.h>
+
+//
+// A coder that produces a boolean value based on whether a key is extractable
+//
+class KeyExtractableAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(KeyExtractableAttributeCoder)
+public:
+ KeyExtractableAttributeCoder() {}
+ virtual ~KeyExtractableAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute,
+ Tokend::Record &record);
+};
+
+
+//
+// A coder that produces a boolean value based on whether a key is sensitive
+//
+class KeySensitiveAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(KeySensitiveAttributeCoder)
+public:
+ KeySensitiveAttributeCoder() {}
+ virtual ~KeySensitiveAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute,
+ Tokend::Record &record);
+};
+
+
+//
+// A coder that produces a boolean value based on whether a key is modifiable
+//
+class KeyModifiableAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(KeyModifiableAttributeCoder)
+public:
+ KeyModifiableAttributeCoder() {}
+ virtual ~KeyModifiableAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute,
+ Tokend::Record &record);
+};
+
+
+//
+// A coder that produces a boolean value based on whether a key is private
+//
+class KeyPrivateAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(KeyPrivateAttributeCoder)
+public:
+ KeyPrivateAttributeCoder() {}
+ virtual ~KeyPrivateAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute,
+ Tokend::Record &record);
+};
+
+
+//
+// A coder that produces a boolean value based on an AND of mask and the direction of a key
+//
+class KeyDirectionAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(KeyDirectionAttributeCoder)
+public:
+ KeyDirectionAttributeCoder(MSCUShort16 mask) : mMask(mask) {}
+ virtual ~KeyDirectionAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute,
+ Tokend::Record &record);
+private:
+ MSCUShort16 mMask;
+};
+
+
+//
+// A coder that produces the LogicalKeySizeInBits of a key
+//
+class KeySizeAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(KeySizeAttributeCoder)
+public:
+ KeySizeAttributeCoder() {}
+ virtual ~KeySizeAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+
+//
+// A coder produces a CSSM_ALGID from a key
+//
+class KeyAlgorithmAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(KeyAlgorithmAttributeCoder)
+public:
+ KeyAlgorithmAttributeCoder() {}
+ virtual ~KeyAlgorithmAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+
+//
+// A coder that reads the name of a key
+//
+class KeyNameAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(KeyNameAttributeCoder)
+public:
+
+ KeyNameAttributeCoder() {}
+ virtual ~KeyNameAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+
+//
+// A coder that reads the object id of an object
+//
+class ObjectIDAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(ObjectIDAttributeCoder)
+public:
+
+ ObjectIDAttributeCoder() {}
+ virtual ~ObjectIDAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+//
+// A coder that reads the data of an object
+//
+class MscDataAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(MscDataAttributeCoder)
+public:
+
+ MscDataAttributeCoder() {}
+ virtual ~MscDataAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+
+#endif /* !_MUSCLECARDATTRIBUTECODER_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardKeyHandle.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardKeyHandle.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardKeyHandle.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,518 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MuscleCardKeyHandle.cpp
+ * TokendMuscle
+ */
+
+#include "MuscleCardKeyHandle.h"
+
+#include "KeyRecord.h"
+#include "Msc/MscError.h"
+#include "Msc/MscKey.h"
+#include "Msc/MscToken.h"
+
+#include <security_utilities/debugging.h>
+#include <security_utilities/utilities.h>
+#include <security_cdsa_utilities/cssmerrors.h>
+#include <security_cdsa_client/aclclient.h>
+#include <Security/cssmerr.h>
+
+using CssmClient::AclFactory;
+
+
+//
+// MuscleCardKeyHandle
+//
+MuscleCardKeyHandle::MuscleCardKeyHandle(const Tokend::MetaRecord &metaRecord,
+ Tokend::Record &record, MscKey &key) :
+ Tokend::KeyHandle(metaRecord, &record),
+ mKey(key)
+{
+}
+
+MuscleCardKeyHandle::~MuscleCardKeyHandle()
+{
+}
+
+void MuscleCardKeyHandle::getKeySize(CSSM_KEY_SIZE &keySize)
+{
+ secdebug("crypto", "getKeySize");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+uint32 MuscleCardKeyHandle::getOutputSize(const Context &context, uint32 inputSize, bool encrypting)
+{
+ secdebug("crypto", "getOutputSize");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+static const MSCUChar8 sha1sigheader[] =
+{
+ 0x30, // SEQUENCE
+ 0x21, // LENGTH
+ 0x30, // SEQUENCE
+ 0x09, // LENGTH
+ 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1a, // SHA1 OID (1 4 14 3 2 26)
+ 0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
+ 0x04, 0x14 // OCTECT STRING (20 bytes)
+};
+
+static const MSCUChar8 md5sigheader[] =
+{
+ 0x30, // SEQUENCE
+ 0x20, // LENGTH
+ 0x30, // SEQUENCE
+ 0x0C, // LENGTH
+ 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // MD5 OID (1 2 840 113549 2 5)
+ 0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
+ 0x04, 0x10 // OCTECT STRING (16 bytes)
+};
+
+void MuscleCardKeyHandle::generateSignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, CssmData &signature)
+{
+ secdebug("crypto", "generateSignature alg: %u signOnly: %u", context.algorithm(), signOnly);
+ IFDUMPING("crypto", context.dump("signature context"));
+
+ if (context.type() != CSSM_ALGCLASS_SIGNATURE)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+
+ if (context.algorithm() != CSSM_ALGID_RSA)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+
+ // Find out if we are doing a SHA1 or MD5 signature and setup header to point to the right asn1 blob.
+ MSCPCUChar8 header;
+ MSCULong32 headerLength;
+ if (signOnly == CSSM_ALGID_SHA1)
+ {
+ if (input.Length != 20)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ header = sha1sigheader;
+ headerLength = sizeof(sha1sigheader);
+ }
+ else if (signOnly == CSSM_ALGID_MD5)
+ {
+ if (input.Length != 16)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ header = md5sigheader;
+ headerLength = sizeof(md5sigheader);
+ }
+ else if (signOnly == CSSM_ALGID_NONE)
+ {
+ // Special case used by SSL it's an RSA signature, without the ASN1 stuff
+ header = NULL;
+ headerLength = 0;
+ }
+ else
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DIGEST_ALGORITHM);
+
+ // Create an input buffer in which we construct the data we will send to the token.
+ MSCUChar8 cipherMode;
+ MSCULong32 inputDataSize = headerLength + input.Length;
+ MSCULong32 keyLength = mKey.size() / 8;
+ auto_array<MSCUChar8> inputData(keyLength);
+ MSCPUChar8 to = inputData.get();
+
+ // Get padding, but default to pkcs1 style padding
+ uint32 padding = CSSM_PADDING_PKCS1;
+ context.getInt(CSSM_ATTRIBUTE_PADDING, padding);
+
+ // Figure out whether the underlying token supports RSA_NOPAD, if so we generate our own padding if not,
+ // we let the card do the PKCS1 padding itself.
+ MSCULong32 rsaCapabilities = mKey.connection().getCapabilities(MSC_TAG_CAPABLE_RSA);
+ if (rsaCapabilities & MSC_CAPABLE_RSA_NOPAD)
+ {
+ secdebug("crypto", "generateSignature: card supports RSA_NOPAD");
+ cipherMode = MSC_MODE_RSA_NOPAD;
+
+ if (padding == CSSM_PADDING_PKCS1)
+ {
+ // Add PKCS1 style padding
+ *(to++) = 0;
+ *(to++) = 1; /* Private Key Block Type. */
+ MSCULong32 padLength = keyLength - 3 - inputDataSize;
+ memset(to, 0xff, padLength);
+ to += padLength;
+ *(to++) = 0;
+ inputDataSize = keyLength;
+ }
+ else if (padding == CSSM_PADDING_NONE)
+ {
+ // Token will fail if the input data isn't exactly keysize / 8 octects long
+ }
+ else
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+ }
+ else if (rsaCapabilities & MSC_CAPABLE_RSA_PKCS1)
+ {
+ if (padding != CSSM_PADDING_PKCS1)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+
+ secdebug("crypto", "generateSignature: card only supports RSA_PKCS1");
+ cipherMode = MSC_MODE_RSA_PAD_PKCS1;
+ }
+ else
+ {
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); // @@@ Look for a better error.
+ }
+
+ // Now copy the ASN1 header into the input buffer.
+ // This header is the DER encoding of
+ // DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier, digest OCTET STRING }
+ // Where AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters OPTIONAL ANY }
+ if (headerLength)
+ {
+ memcpy(to, header, headerLength);
+ to += headerLength;
+ }
+
+ // Finally copy the passed in data to the input buffer.
+ memcpy(to, input.Data, input.Length);
+
+ // @@@ Switch to using tokend allocators
+ MSCPUChar8 outputData = reinterpret_cast<MSCPUChar8>(malloc(keyLength));
+ size_t outputLength = keyLength;
+ try
+ {
+ // Sign the inputData using the token
+ mKey.computeCrypt(cipherMode, MSC_DIR_SIGN, inputData.get(), inputDataSize, outputData, outputLength);
+ }
+ catch (...)
+ {
+ // @@@ Switch to using tokend allocators
+ free(outputData);
+ throw;
+ }
+
+ signature.Data = outputData;
+ signature.Length = outputLength;
+}
+
+void MuscleCardKeyHandle::verifySignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, const CssmData &signature)
+{
+ secdebug("crypto", "verifySignature");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void MuscleCardKeyHandle::generateMac(const Context &context,
+ const CssmData &input, CssmData &output)
+{
+ secdebug("crypto", "generateMac");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void MuscleCardKeyHandle::verifyMac(const Context &context,
+ const CssmData &input, const CssmData &compare)
+{
+ secdebug("crypto", "verifyMac");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void MuscleCardKeyHandle::encrypt(const Context &context,
+ const CssmData &clear, CssmData &cipher)
+{
+ secdebug("crypto", "encrypt");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void MuscleCardKeyHandle::decrypt(const Context &context,
+ const CssmData &cipher, CssmData &clear)
+{
+ secdebug("crypto", "decrypt alg: %u", context.algorithm());
+ IFDUMPING("crypto", context.dump("decrypt context"));
+
+ if (context.type() != CSSM_ALGCLASS_ASYMMETRIC)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+
+ if (context.algorithm() != CSSM_ALGID_RSA)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+
+ size_t keyLength = mKey.size() / 8;
+ if (cipher.length() % keyLength != 0)
+ CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR);
+
+ // @@@ Add support for multiples of keyLength by doing multiple blocks
+ if (cipher.length() != keyLength)
+ CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR);
+
+ // @@@ Use a secure allocator for this.
+ auto_array<uint8> outputData(keyLength);
+ uint8 *output = outputData.get();
+ size_t outputLength = keyLength;
+
+ // Figure out whether the underlying token supports RSA_NOPAD, if so we remove the padding
+ // ourselves if not, we let the card remove the PKCS1 padding.
+ MSCULong32 rsaCapabilities = mKey.connection().getCapabilities(MSC_TAG_CAPABLE_RSA);
+ if (rsaCapabilities & MSC_CAPABLE_RSA_NOPAD)
+ {
+ secdebug("crypto", "decrypt: card supports RSA_NOPAD");
+ // Decrypt the inputData using the token
+ mKey.computeCrypt(MSC_MODE_RSA_NOPAD, MSC_DIR_DECRYPT, cipher.Data, cipher.Length, output, outputLength);
+
+ // Now check for proper pkcs1 type 2 padding and remove it.
+ if (outputLength != keyLength || *(output++) != 0 || *(output++) != 2)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DATA);
+
+ /* Skip over padding data */
+ outputLength -= 2; // We already skiped the 00 02 at the start of the block.
+ size_t padSize;
+ for (padSize = 0; padSize < outputLength; ++padSize)
+ if (*(output++) == 0) break;
+
+ if (padSize == outputLength || padSize < 8)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DATA);
+
+ outputLength -= padSize + 1; /* Don't count the 00 at the end of the padding. */
+ }
+ else if (rsaCapabilities & MSC_CAPABLE_RSA_PKCS1)
+ {
+ secdebug("crypto", "generateSignature: card only supports RSA_PKCS1");
+ // Decrypt the inputData using the token
+ mKey.computeCrypt(MSC_MODE_RSA_PAD_PKCS1, MSC_DIR_DECRYPT, cipher.Data, cipher.Length, output, outputLength);
+ }
+ else
+ {
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); // @@@ Look for a better error.
+ }
+
+ // @@@ Switch to using tokend allocators
+ clear.Data = reinterpret_cast<uint8 *>(malloc(outputLength));
+ // Finally copy the result into the clear buffer and set the length.
+ memcpy(clear.Data, output, outputLength);
+ clear.Length = outputLength;
+}
+
+void MuscleCardKeyHandle::exportKey(const Context &context, const AccessCredentials *cred,
+ CssmKey &wrappedKey)
+{
+ wrappedKey.clearPod();
+ wrappedKey.header().HeaderVersion = CSSM_KEYHEADER_VERSION;
+ wrappedKey.header().cspGuid(Guid::overlay(gGuidAppleSdCSPDL));
+ wrappedKey.blobType(CSSM_KEYBLOB_RAW);
+
+ uint32_t keyType = mKey.type();
+ uint32 algID;
+ uint32 keyClass;
+ CSSM_KEYBLOB_FORMAT format;
+
+ switch (keyType)
+ {
+ case MSC_KEY_RSA_PRIVATE:
+ format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
+ keyClass = CSSM_KEYCLASS_PRIVATE_KEY;
+ algID = CSSM_ALGID_RSA;
+ break;
+
+ case MSC_KEY_RSA_PRIVATE_CRT:
+ format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
+ keyClass = CSSM_KEYCLASS_PRIVATE_KEY;
+ algID = CSSM_ALGID_RSA;
+ break;
+
+ case MSC_KEY_RSA_PUBLIC:
+ format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
+ keyClass = CSSM_KEYCLASS_PUBLIC_KEY;
+ algID = CSSM_ALGID_RSA;
+ break;
+
+ case MSC_KEY_DSA_PRIVATE:
+ format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
+ keyClass = CSSM_KEYCLASS_PRIVATE_KEY;
+ algID = CSSM_ALGID_DSA;
+ break;
+
+ case MSC_KEY_DSA_PUBLIC:
+ format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
+ keyClass = CSSM_KEYCLASS_PUBLIC_KEY;
+ algID = CSSM_ALGID_DSA;
+ break;
+
+ case MSC_KEY_DES:
+ format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
+ keyClass = CSSM_KEYCLASS_SESSION_KEY;
+ algID = CSSM_ALGID_DES;
+ break;
+
+ case MSC_KEY_3DES:
+ format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
+ keyClass = CSSM_KEYCLASS_SESSION_KEY;
+ // @@@ Which algid is this?
+ algID = CSSM_ALGID_3DES;
+ //algID = CSSM_ALGID_3DES_3KEY_EDE;
+ //algID = CSSM_ALGID_3DES_2KEY_EDE;
+ //algID = CSSM_ALGID_3DES_1KEY_EEE;
+ //algID = CSSM_ALGID_3DES_3KEY_EEE;
+ //algID = CSSM_ALGID_3DES_2KEY_EEE;
+ break;
+
+ case MSC_KEY_3DES3:
+ format = CSSM_KEYBLOB_RAW_FORMAT_NONE;
+ keyClass = CSSM_KEYCLASS_SESSION_KEY;
+ // @@@ Which algid is this?
+ algID = CSSM_ALGID_3DES_3KEY_EDE;
+ //algID = CSSM_ALGID_3DES_3KEY_EEE;
+ break;
+
+ default:
+ format = CSSM_KEYBLOB_RAW_FORMAT_OTHER;
+ keyClass = CSSM_KEYCLASS_OTHER;
+ algID = CSSM_ALGID_CUSTOM;
+ break;
+ }
+
+ wrappedKey.blobFormat(format);
+ wrappedKey.algorithm(algID);
+ wrappedKey.keyClass(keyClass);
+ wrappedKey.header().LogicalKeySizeInBits = mKey.size() / 8;
+
+ wrappedKey.header().KeyAttr = CSSM_KEYATTR_MODIFIABLE | CSSM_KEYATTR_EXTRACTABLE;
+
+#if 0
+ CSSM_KEYUSE usage =
+ (mr.metaAttribute(kSecKeyEncrypt).attribute(tokenContext, record).boolValue() ? CSSM_KEYUSE_ENCRYPT : 0)
+ | (mr.metaAttribute(kSecKeyDecrypt).attribute(tokenContext, record).boolValue() ? CSSM_KEYUSE_DECRYPT : 0)
+ | (mr.metaAttribute(kSecKeySign).attribute(tokenContext, record).boolValue() ? CSSM_KEYUSE_SIGN : 0)
+ | (mr.metaAttribute(kSecKeyVerify).attribute(tokenContext, record).boolValue() ? CSSM_KEYUSE_VERIFY : 0)
+ | (mr.metaAttribute(kSecKeySignRecover).attribute(tokenContext, record).boolValue() ? CSSM_KEYUSE_SIGN_RECOVER : 0)
+ | (mr.metaAttribute(kSecKeyVerifyRecover).attribute(tokenContext, record).boolValue() ? CSSM_KEYUSE_VERIFY_RECOVER : 0)
+ | (mr.metaAttribute(kSecKeyWrap).attribute(tokenContext, record).boolValue() ? CSSM_KEYUSE_WRAP : 0)
+ | (mr.metaAttribute(kSecKeyUnwrap).attribute(tokenContext, record).boolValue() ? CSSM_KEYUSE_UNWRAP : 0)
+ | (mr.metaAttribute(kSecKeyDerive).attribute(tokenContext, record).boolValue() ? CSSM_KEYUSE_DERIVE : 0);
+ if (usage == (CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY
+ | CSSM_KEYUSE_SIGN_RECOVER | CSSM_KEYUSE_VERIFY_RECOVER
+ | CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP | CSSM_KEYUSE_DERIVE))
+ usage = CSSM_KEYUSE_ANY;
+
+ wrappedKey.header().KeyUsage = usage;
+#else
+ wrappedKey.header().KeyUsage = CSSM_KEYUSE_ANY;
+#endif
+
+ wrappedKey.KeyData.Length = mKey.size() / 8;
+ void *buffer = malloc(wrappedKey.KeyData.Length);
+ wrappedKey.KeyData.Data = reinterpret_cast<uint8 *>(buffer);
+ mKey.exportKey(buffer, wrappedKey.KeyData.Length);
+}
+
+void MuscleCardKeyHandle::getOwner(AclOwnerPrototype &owner)
+{
+ // we don't really know (right now), so claim we're owned by PIN #0
+ if (!mAclOwner) {
+ Allocator &alloc = Allocator::standard();
+ mAclOwner.allocator(alloc);
+
+ unsigned int acl = mKey.keyACL.readPermission;
+ if (acl == MSC_AUT_NONE)
+ acl = mKey.keyACL.writePermission;
+ if (acl == MSC_AUT_NONE)
+ acl = mKey.keyACL.usePermission;
+ if (acl == MSC_AUT_NONE) {
+ // nobody can do anything with this key? how useless...
+ mAclOwner = AclFactory::NobodySubject(alloc);
+ } else if (acl == MSC_AUT_ALL) {
+ // no restrictions - an ANY ACL
+ mAclOwner = AclFactory::AnySubject(alloc);
+ } else {
+ // we don't currently support ownership by multiple PINs:
+ // pick the first one and ignore the rest
+ for (unsigned n = 0; n < 5; n++)
+ if (acl & (MSC_AUT_PIN_0 << n)) {
+ mAclOwner = AclFactory::PinSubject(alloc, n);
+ break;
+ }
+ // ignoring the KEY and USER bits -- whatever they might be
+ }
+ }
+ owner = mAclOwner;
+}
+
+void MuscleCardKeyHandle::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ // we don't (yet) support queries by tag
+ if (tag)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
+
+ if (!mAclEntries) {
+ mAclEntries.allocator(Allocator::standard());
+ // Anyone can read the DB record for this key (which is a reference CSSM_KEY)
+ mAclEntries.add(CssmClient::AclFactory::AnySubject(mAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ // READ -> unwrap (extract)
+ keyAcl(mKey.keyACL.readPermission, AclAuthorizationSet(
+ CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR,
+ CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED,
+ 0));
+ // WRITE is currently ignored
+ // USE will have to serve for all crypto operations (pity that)
+ keyAcl(mKey.keyACL.usePermission, AclAuthorizationSet(
+ CSSM_ACL_AUTHORIZATION_ENCRYPT,
+ CSSM_ACL_AUTHORIZATION_DECRYPT,
+ CSSM_ACL_AUTHORIZATION_SIGN,
+ CSSM_ACL_AUTHORIZATION_MAC,
+ CSSM_ACL_AUTHORIZATION_DERIVE,
+ 0));
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+void MuscleCardKeyHandle::keyAcl(unsigned int acl, const AclAuthorizationSet &auths)
+{
+ Allocator &alloc = mAclEntries.allocator();
+ if (acl == MSC_AUT_NONE) {
+ // there's no way to do this... so say nothing
+ } else if (acl == MSC_AUT_ALL) {
+ // no restrictions - add an ANY ACL
+ mAclEntries.add(AclFactory::AnySubject(alloc), auths);
+ } else {
+ // general case: for each enabling PIN, issue an ACL entry
+ // (we could form a 1-of-n ACL, but that would complicate the sample set)
+ for (unsigned n = 0; n < 5; n++)
+ if (acl & (MSC_AUT_PIN_0 << n))
+ mAclEntries.add(AclFactory::PinSubject(alloc, n), auths);
+ // ignoring the KEY and USER bits -- whatever they might be
+ }
+}
+
+
+//
+// MuscleCardKeyHandleFactory
+//
+MuscleCardKeyHandleFactory::~MuscleCardKeyHandleFactory()
+{
+}
+
+
+Tokend::KeyHandle *MuscleCardKeyHandleFactory::keyHandle(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaRecord &metaRecord, Tokend::Record &record) const
+{
+ KeyRecord &keyRecord = dynamic_cast<KeyRecord &>(record);
+ return new MuscleCardKeyHandle(metaRecord, record, keyRecord.key());
+}
+
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardKeyHandle.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardKeyHandle.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardKeyHandle.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MuscleCardKeyHandle.h
+ * TokendMuscle
+ */
+
+#ifndef _MUSCLECARDKEYHANDLE_H_
+#define _MUSCLECARDKEYHANDLE_H_
+
+#include "KeyHandle.h"
+
+class MscKey;
+
+//
+// A KeyHandle object which implements the crypto interface to muscle.
+//
+class MuscleCardKeyHandle: public Tokend::KeyHandle
+{
+ NOCOPY(MuscleCardKeyHandle)
+public:
+ MuscleCardKeyHandle(const Tokend::MetaRecord &metaRecord,
+ Tokend::Record &record, MscKey &key);
+ ~MuscleCardKeyHandle();
+
+ virtual void getKeySize(CSSM_KEY_SIZE &keySize);
+ virtual uint32 getOutputSize(const Context &context, uint32 inputSize, bool encrypting);
+ virtual void generateSignature(const Context &context, CSSM_ALGORITHMS signOnly, const CssmData &input, CssmData &signature);
+ virtual void verifySignature(const Context &context, CSSM_ALGORITHMS signOnly, const CssmData &input, const CssmData &signature);
+ virtual void generateMac(const Context &context, const CssmData &input, CssmData &output);
+ virtual void verifyMac(const Context &context, const CssmData &input, const CssmData &compare);
+ virtual void encrypt(const Context &context, const CssmData &clear, CssmData &cipher);
+ virtual void decrypt(const Context &context, const CssmData &cipher, CssmData &clear);
+
+ virtual void exportKey(const Context &context, const AccessCredentials *cred,
+ CssmKey &wrappedKey);
+
+ virtual void getOwner(AclOwnerPrototype &owner);
+ virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&aclList);
+
+private:
+ MscKey &mKey;
+
+ // temporary ACL cache hack - to be removed
+ AutoAclOwnerPrototype mAclOwner;
+ AutoAclEntryInfoList mAclEntries;
+
+ void keyAcl(unsigned int acl, const AclAuthorizationSet &auths);
+};
+
+
+//
+// A factory that creates MuscleCardKeyHandle objects.
+//
+class MuscleCardKeyHandleFactory : public Tokend::KeyHandleFactory
+{
+ NOCOPY(MuscleCardKeyHandleFactory)
+public:
+ MuscleCardKeyHandleFactory() {}
+ virtual ~MuscleCardKeyHandleFactory();
+
+ virtual Tokend::KeyHandle *keyHandle(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaRecord &metaRecord, Tokend::Record &record) const;
+};
+
+
+#endif /* !_MUSCLECARDKEYHANDLE_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardSchema.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardSchema.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardSchema.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MuscleCardSchema.cpp
+ * TokendMuscle
+ */
+
+#include "MuscleCardSchema.h"
+
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+
+#include <PCSC/musclecard.h>
+#include <Security/SecCertificate.h>
+#include <Security/SecKeychainItem.h>
+#include <Security/SecKey.h>
+
+using namespace Tokend;
+
+MuscleCardSchema::MuscleCardSchema() :
+ mEncryptCoder(MSC_KEYPOLICY_DIR_ENCRYPT),
+ mDecryptCoder(MSC_KEYPOLICY_DIR_DECRYPT),
+ mSignCoder(MSC_KEYPOLICY_DIR_SIGN),
+ mVerifyCoder(MSC_KEYPOLICY_DIR_VERIFY)
+{
+}
+
+MuscleCardSchema::~MuscleCardSchema()
+{
+}
+
+Tokend::Relation *MuscleCardSchema::createKeyRelation(CSSM_DB_RECORDTYPE keyType)
+{
+ Relation *rn = createStandardRelation(keyType);
+
+ // Set up coders for key records.
+ MetaRecord &mr = rn->metaRecord();
+ mr.keyHandleFactory(&mMuscleCardKeyHandleFactory);
+
+ // Print name of a key might as well be the key name.
+ mr.attributeCoder(kSecKeyPrintName, &mKeyNameCoder);
+
+ // Other key valuess
+ mr.attributeCoder(kSecKeyKeyType, &mKeyAlgorithmCoder);
+ mr.attributeCoder(kSecKeyKeySizeInBits, &mKeySizeCoder);
+ // @@@ Should be different for 3DES keys.
+ mr.attributeCoder(kSecKeyEffectiveKeySize, &mKeySizeCoder);
+
+ // Key attributes
+ mr.attributeCoder(kSecKeyExtractable, &mKeyExtractableCoder);
+ mr.attributeCoder(kSecKeySensitive, &mKeySensitiveCoder);
+ mr.attributeCoder(kSecKeyModifiable, &mKeyModifiableCoder);
+ mr.attributeCoder(kSecKeyPrivate, &mKeyPrivateCoder);
+ // Made up since muscle doesn't tell us these.
+ mr.attributeCoder(kSecKeyNeverExtractable, &mFalseCoder);
+ mr.attributeCoder(kSecKeyAlwaysSensitive, &mFalseCoder);
+
+ // Key usage
+ mr.attributeCoder(kSecKeyEncrypt, &mEncryptCoder);
+ mr.attributeCoder(kSecKeyDecrypt, &mDecryptCoder);
+ mr.attributeCoder(kSecKeyWrap, &mEncryptCoder);
+ mr.attributeCoder(kSecKeyUnwrap, &mDecryptCoder);
+ mr.attributeCoder(kSecKeySign, &mSignCoder);
+ mr.attributeCoder(kSecKeyVerify, &mVerifyCoder);
+ // Made up since muscle doesn't tell us these.
+ mr.attributeCoder(kSecKeyDerive, &mFalseCoder);
+ mr.attributeCoder(kSecKeySignRecover, &mFalseCoder);
+ mr.attributeCoder(kSecKeyVerifyRecover, &mFalseCoder);
+
+ return rn;
+}
+
+void MuscleCardSchema::create()
+{
+ Schema::create();
+
+ /* Relation *rn_priv = */ createKeyRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
+ Relation *rn_publ = createKeyRelation(CSSM_DL_DB_RECORD_PUBLIC_KEY);
+ Relation *rn_symm = createKeyRelation(CSSM_DL_DB_RECORD_SYMMETRIC_KEY);
+ Relation *rn_ce = createStandardRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+
+ // @@@ We need a coder that calculates the public key hash of a public key
+ rn_publ->metaRecord().attributeCoder(kSecKeyLabel, &mZeroCoder);
+
+ // For symmetric keys we use the object id as the label.
+ rn_symm->metaRecord().attributeCoder(kSecKeyLabel, &mKeyNameCoder);
+
+ // Set coders for certificate attributes.
+ MetaRecord &mr_cert = rn_ce->metaRecord();
+ mr_cert.attributeCoderForData(&mMscDataAttributeCoder);
+
+ // Create the generic table
+ // @@@ HARDWIRED @@@
+ Relation *rn_gen = createStandardRelation(CSSM_DL_DB_RECORD_GENERIC);
+ MetaRecord &mr_gen = rn_gen->metaRecord();
+ mr_gen.attributeCoderForData(&mMscDataAttributeCoder);
+ mr_gen.attributeCoder(kSecLabelItemAttr, &mObjectIDCoder);
+}
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardSchema.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardSchema.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardSchema.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MuscleCardSchema.h
+ * TokendMuscle
+ */
+
+#ifndef _MUSCLECARDSCHEMA_H_
+#define _MUSCLECARDSCHEMA_H_
+
+#include "Schema.h"
+#include "MuscleCardAttributeCoder.h"
+#include "MuscleCardKeyHandle.h"
+
+namespace Tokend
+{
+ class Relation;
+ class MetaRecord;
+ class AttributeCoder;
+}
+
+class MuscleCardSchema : public Tokend::Schema
+{
+ NOCOPY(MuscleCardSchema)
+public:
+ MuscleCardSchema();
+ virtual ~MuscleCardSchema();
+
+ virtual void create();
+protected:
+ Tokend::Relation *createKeyRelation(CSSM_DB_RECORDTYPE keyType);
+
+private:
+ // Coders we need.
+ MscDataAttributeCoder mMscDataAttributeCoder;
+ ObjectIDAttributeCoder mObjectIDCoder;
+ KeyNameAttributeCoder mKeyNameCoder;
+
+ KeyAlgorithmAttributeCoder mKeyAlgorithmCoder;
+
+ // Coders for attributes of keys
+ KeyExtractableAttributeCoder mKeyExtractableCoder;
+ KeySensitiveAttributeCoder mKeySensitiveCoder;
+ KeyModifiableAttributeCoder mKeyModifiableCoder;
+ KeyPrivateAttributeCoder mKeyPrivateCoder;
+
+ // Coders for Directions (or usage bits) of keys
+ KeyDirectionAttributeCoder mEncryptCoder;
+ KeyDirectionAttributeCoder mDecryptCoder;
+ KeyDirectionAttributeCoder mSignCoder;
+ KeyDirectionAttributeCoder mVerifyCoder;
+
+ KeySizeAttributeCoder mKeySizeCoder;
+
+ MuscleCardKeyHandleFactory mMuscleCardKeyHandleFactory;
+};
+
+#endif /* !_MUSCLECARDSCHEMA_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardToken.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardToken.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardToken.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,297 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MuscleCardToken.cpp
+ * TokendMuscle
+ */
+
+#include "MuscleCardToken.h"
+#include "Adornment.h"
+
+#include "Adornment.h"
+#include "AttributeCoder.h"
+#include "KeyRecord.h"
+#include "TokenRecord.h"
+#include "Msc/MscToken.h"
+#include "Msc/MscTokenConnection.h"
+#include "Msc/MscWrappers.h"
+#include "MuscleCardSchema.h"
+#include <security_cdsa_client/aclclient.h>
+#include <map>
+#include <vector>
+
+using CssmClient::AclFactory;
+
+
+MuscleCardToken::MuscleCardToken() : mConnection(NULL)
+{
+}
+
+MuscleCardToken::~MuscleCardToken()
+{
+ delete mTokenContext;
+ delete mSchema;
+ delete mConnection;
+}
+
+uint32 MuscleCardToken::probe(SecTokendProbeFlags flags, char tokenUid[TOKEND_MAX_UID])
+{
+ MscTokenInfo tinfo(*(*startupReaderInfo)());
+ MscTokenConnection tc(tinfo);
+ tc.connect();
+ tc.release();
+ if (flags!=kSecTokendProbeDefault)
+ ;
+ return 50;
+}
+
+void MuscleCardToken::establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory, const char *workDirectory,
+ char mdsDirectory[PATH_MAX], char printName[PATH_MAX])
+{
+ MscTokenInfo tinfo(*(*startupReaderInfo)());
+ mConnection = new MscTokenConnection(tinfo);
+ mConnection->connect();
+ ::strncpy(printName, mConnection->tokenInfo.tokenName, PATH_MAX);
+ mTokenContext = new MscToken(mConnection);
+ static_cast<MscToken *>(mTokenContext)->loadobjects();
+ mSchema = new MuscleCardSchema();
+ mSchema->create();
+
+ populate();
+}
+
+//
+// Authenticate to the token
+//
+void MuscleCardToken::authenticate(CSSM_DB_ACCESS_TYPE mode, const AccessCredentials *cred)
+{
+ if (cred) {
+ if (cred->tag() && !strncmp(cred->tag(), "PIN", 3)) { // tag="PINk"; unlock a PIN
+ if (cred->size() != 1)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE); // just one, please
+ const TypedList &sample = (*cred)[0];
+ switch (sample.type()) {
+ case CSSM_SAMPLE_TYPE_PASSWORD:
+ case CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD:
+ {
+ unsigned int slot;
+ sscanf(cred->tag()+3, "%d", &slot); // "PINn"
+ secdebug("muscleacl", "verifying PIN%d", slot);
+ mConnection->verifyPIN(slot, sample[1].toString());
+ secdebug("muscleacl", "verify successful");
+ }
+ break;
+ default:
+ secdebug("muscleacl", "sample type %d not supported", sample.type());
+ CssmError::throwMe(CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED);
+ }
+ } else
+ secdebug("muscleacl", "authenticate without PIN tag ignored");
+ } else
+ secdebug("muscleacl", "authenticate(NULL) ignored");
+}
+
+
+//
+// Database-level ACLs
+//
+void MuscleCardToken::getOwner(AclOwnerPrototype &owner)
+{
+ // MUSCLE defines ACLs on card initialization, but doesn't seem to allow
+ // them to be read out after the card has been personalized.
+ // In absence of any meaningful information, blame PIN #0.
+ if (!mAclOwner) {
+ mAclOwner.allocator(Allocator::standard());
+ mAclOwner = AclFactory::PinSubject(Allocator::standard(), 0);
+ }
+ owner = mAclOwner;
+}
+
+
+void MuscleCardToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ // we don't (yet) support queries by tag
+ if (tag)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_ENTRY_TAG);
+
+ Allocator &alloc = Allocator::standard();
+ // get pin list, then for each pin
+ if (!mAclEntries) {
+ mAclEntries.allocator(alloc);
+ // Anyone can read any record from this db.
+ // We don't support insertion modification or deletion yet.
+ mAclEntries.add(CssmClient::AclFactory::AnySubject(mAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ // for each PIN on the card...
+ unsigned int pins = mConnection->listPins();
+ for (unsigned n = 0; n < 16; n++)
+ if (pins & (1 << n)) {
+ // add a PIN slot for PASSWORD and PROTECTED_PASSWORD credentials
+ mAclEntries.addPin(AclFactory::PWSubject(alloc), n);
+ mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), n);
+ }
+ }
+
+ // return the ACL vector
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+
+#pragma mark ---------------- CAC Specific --------------
+
+void MuscleCardToken::populate()
+{
+ secdebug("populate", "MuscleCardToken::populate() begin");
+
+ Tokend::Relation &certRelation = mSchema->findRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+ Tokend::Relation &dataRelation = mSchema->findRelation(CSSM_DL_DB_RECORD_GENERIC);
+ Tokend::Relation &privateKeyRelation = mSchema->findRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
+ Tokend::Relation &publicKeyRelation = mSchema->findRelation(CSSM_DL_DB_RECORD_PUBLIC_KEY);
+ Tokend::Relation &symmetricKeyRelation = mSchema->findRelation(CSSM_DL_DB_RECORD_SYMMETRIC_KEY);
+
+ // Map from number to certs.
+ typedef std::map< UInt32, RefPointer<Tokend::Record> > CertificateMap;
+ CertificateMap certificates;
+
+ typedef std::vector<RefPointer<KeyRecord> > KeyVector;
+ KeyVector keys;
+
+ // The first time through, we insert cert and data records. We skip attribute records
+ // so that we can add them as adornments to records that will exist after this pass
+ for (MscToken::ObjIterator it = static_cast<MscToken *>(mTokenContext)->begin();
+ it != static_cast<MscToken *>(mTokenContext)->end();
+ ++it)
+ {
+ MscObject *obj = it->second;
+ std::string objid = obj->objid();
+
+ secdebug("populate", "Found object with id: %s", objid.c_str());
+
+ switch (objid[0])
+ {
+ case 'C': // insert in cert relation
+ {
+ RefPointer<Tokend::Record> record(new TokenRecord(objid));
+ certRelation.insertRecord(record);
+ UInt32 certNum = atoi(objid.c_str() + 1);
+ certificates.insert(std::pair<UInt32, RefPointer<Tokend::Record> >(certNum, record));
+ }
+ break;
+ case 'k': // this will become an adornment for key record
+#if 0
+ {
+ // @@@ Move this define to a msc header
+#define CKO_CAC_PRIVATE_KEY 0x03000000
+ RefPointer<KeyRecord> keyRecord(new KeyRecord(*obj));
+ uint32_t cka_class = keyRecord->attributeValueAsUint32(CKA_CLASS);
+ switch (cka_class)
+ {
+ case CKO_PRIVATE_KEY:
+ case CKO_CAC_PRIVATE_KEY:
+ secdebug("populate", "Inserting private key with id: %s CKA_CLASS: %08X", objid.c_str(), cka_class);
+ privateKeyRelation.insertRecord(keyRecord);
+ keys.push_back(keyRecord);
+ break;
+ case CKO_PUBLIC_KEY:
+ case CKO_SECRET_KEY:
+ default:
+ secdebug("populate", "Ignoring key with id: %s CKA_CLASS: %08X", objid.c_str(), cka_class);
+ break;
+ }
+ }
+ break;
+#endif
+ case 'c': // this might become an adornment for cert record
+ secdebug("populate", "Ignoring object with id: %s", objid.c_str());
+ break;
+ default: // insert as data record
+ {
+ RefPointer<Tokend::Record> record(new TokenRecord(objid));
+ dataRelation.insertRecord(record);
+ }
+ break;
+ }
+ }
+
+ // The first time through, we insert cert and data records. We skip attribute records
+ // so that we can add them as adornments to records that will exist after this pass
+ for (MscToken::ConstKeyIterator it = static_cast<MscToken *>(mTokenContext)->kbegin();
+ it != static_cast<MscToken *>(mTokenContext)->kend();
+ ++it)
+ {
+ MscKey *key = it->second;
+ IFDUMPING("key", key->debugDump());
+ {
+ RefPointer<KeyRecord> keyRecord(new KeyRecord(*key));
+ uint32_t type = key->type();
+ switch (type)
+ {
+ case MSC_KEY_RSA_PRIVATE:
+ case MSC_KEY_RSA_PRIVATE_CRT:
+ case MSC_KEY_DSA_PRIVATE:
+ secdebug("populate", "Inserting private key with type: %02X", type);
+ privateKeyRelation.insertRecord(keyRecord);
+ keys.push_back(keyRecord);
+ break;
+ case MSC_KEY_RSA_PUBLIC:
+ case MSC_KEY_DSA_PUBLIC:
+ secdebug("populate", "Inserting public key with type: %02X", type);
+ publicKeyRelation.insertRecord(keyRecord);
+ keys.push_back(keyRecord);
+ break;
+ case MSC_KEY_DES:
+ case MSC_KEY_3DES:
+ case MSC_KEY_3DES3:
+ secdebug("populate", "Inserting symmetric key with type: %02X", type);
+ symmetricKeyRelation.insertRecord(keyRecord);
+ keys.push_back(keyRecord);
+ break;
+ default:
+ secdebug("populate", "Ignoring key with type: %02X", type);
+ break;
+ }
+ }
+ }
+
+ for (KeyVector::const_iterator ks_it = keys.begin(); ks_it != keys.end(); ++ks_it)
+ {
+ UInt32 keyNum = (*ks_it)->key().number();
+ CertificateMap::const_iterator cs_it = certificates.find(keyNum);
+ if (cs_it == certificates.end())
+ {
+ secdebug("populate", "No certificate found for key: %lu", keyNum);
+ }
+ else
+ {
+ secdebug("populate", "Linked key: K%lu to certificate C%lu", keyNum, keyNum);
+ (*ks_it)->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(cs_it->second));
+ }
+ }
+
+ secdebug("populate", "MuscleCardToken::populate() end");
+}
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardToken.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardToken.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/MuscleCardToken.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MuscleCardToken.h
+ * TokendMuscle
+ */
+
+#ifndef _MUSCLECARDTOKEN_H_
+#define _MUSCLECARDTOKEN_H_
+
+#include <Token.h>
+
+class MscTokenConnection;
+
+//
+// "The" token
+//
+class MuscleCardToken : public Tokend::Token
+{
+ NOCOPY(MuscleCardToken)
+public:
+ MuscleCardToken();
+ ~MuscleCardToken();
+
+ virtual uint32 probe(SecTokendProbeFlags flags, char tokenUid[TOKEND_MAX_UID]);
+ virtual void establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory, const char *workDirectory,
+ char mdsDirectory[PATH_MAX], char printName[PATH_MAX]);
+ virtual void authenticate(CSSM_DB_ACCESS_TYPE mode, const AccessCredentials *cred);
+ virtual void getOwner(AclOwnerPrototype &owner);
+ virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls);
+
+protected:
+
+ void populate();
+
+public:
+ MscTokenConnection *mConnection;
+
+ // temporary ACL cache hack - to be removed
+ AutoAclOwnerPrototype mAclOwner;
+ AutoAclEntryInfoList mAclEntries;
+};
+
+
+#endif /* !_MUSCLECARDTOKEN_H_ */
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/TokenRecord.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/TokenRecord.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/TokenRecord.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * TokenRecord.cpp
+ * TokendMuscle
+ */
+
+#include "TokenRecord.h"
+
+using namespace Tokend;
+
+TokenRecord::TokenRecord(const std::string &objectID) :
+ mObjectID(objectID)
+{
+}
+
+TokenRecord::~TokenRecord()
+{
+}
+
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/TokenRecord.h
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/TokenRecord.h (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/TokenRecord.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * TokenRecord.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKENRECORD_H_
+#define _TOKENRECORD_H_
+
+#include "Record.h"
+#include <string>
+
+class TokenRecord : public Tokend::Record
+{
+ NOCOPY(TokenRecord)
+public:
+ TokenRecord(const std::string &objectID);
+ virtual ~TokenRecord();
+
+ std::string objid() const { return mObjectID; }
+
+private:
+ std::string mObjectID; // we don't need full MscObjectInfo, since MscToken only needs objid
+};
+
+#endif /* !_TOKENRECORD_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_capabilities.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_capabilities.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_capabilities.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>Capabilities</key>
+ <string>file:musclecard_csp_capabilities_common.mds</string>
+ <key>MdsFileDescription</key>
+ <string>MuscleCard Token CSPDL CSP Capabilities</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_capabilities_common.mds
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_capabilities_common.mds (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_capabilities_common.mds 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,903 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<array>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>SHA1 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD5 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD2 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>64</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>192</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>3DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC2 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC4 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC5 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_CAST</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>New item</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>CAST Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_BLOWFISH</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>Blowfish Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>SHA1HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>MD5HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>128</integer>
+ <integer>192</integer>
+ <integer>256</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>AES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ASC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>ASC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>31</integer>
+ <integer>127</integer>
+ <integer>128</integer>
+ <integer>161</integer>
+ <integer>192</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>FEE Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 MD5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 MD2 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 SHA1 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>DES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY_EDE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>3DES EDE Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>AES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>0</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC4 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC5 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_BLOWFISH</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>Blowfish Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_CAST</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>CAST Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>RSA Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEEDEXP</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEEDExp Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEED</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEED Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD2 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC_LEGACY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC Legacy</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_APPLE_YARROW</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_RANDOMGEN</string>
+ <key>Description</key>
+ <string>Yarrow PRNG</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+</array>
+</plist>
Added: releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_primary.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_primary.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_csp_primary.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>AuthTags</key>
+ <!-- @@@ complete this -->
+ <array>
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>CspCustomFlags</key>
+ <integer>0</integer>
+ <key>CspFlags</key>
+ <!-- @@@ dynamic -->
+ <string>CSSM_CSP_STORES_PRIVATE_KEYS | CSSM_CSP_STORES_PUBLIC_KEYS | CSSM_CSP_STORES_CERTIFICATES | CSSM_CSP_STORES_GENERIC</string>
+ <key>CspType</key>
+ <string>CSSM_CSP_HARDWARE</string>
+ <key>MdsFileDescription</key>
+ <string>Token CSPDL CSP Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE</string>
+ <key>ModuleName</key>
+ <string>AppleSDCSPDL</string>
+ <key>ProductVersion</key>
+ <string>0.1</string>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>UseeTags</key>
+ <array/>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_dl_primary.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_dl_primary.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_dl_primary.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>AuthTags</key>
+ <array>
+ <!-- @@@ complete this -->
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>ConjunctiveOps</key>
+ <array>
+ <string>CSSM_DB_NONE</string>
+ <string>CSSM_DB_AND</string>
+ <string>CSSM_DB_OR</string>
+ </array>
+ <key>DLType</key>
+ <string>CSSM_DL_FFS</string>
+ <key>MdsFileDescription</key>
+ <string>Token CSPDL DL Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_DL_PRIMARY_RECORDTYPE</string>
+ <key>ModuleName</key>
+ <string>AppleSDCSPDL</string>
+ <key>ProductVersion</key>
+ <string>0.1</string>
+ <key>QueryLimitsFlag</key>
+ <integer>0</integer>
+ <key>RelationalOps</key>
+ <array>
+ <string>CSSM_DB_EQUAL</string>
+ <string>CSSM_DB_LESS_THAN</string>
+ <string>CSSM_DB_GREATER_THAN</string>
+ <string>CSSM_DB_CONTAINS_FINAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS_INITIAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS</string>
+ <string></string>
+ </array>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>Vendor</key>
+ <string>Apple Computer, Inc.</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_smartcard.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_smartcard.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/mds/musclecard_smartcard.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>MdsFileDescription</key>
+ <string>SD/CSPDL Generic Smartcard Information</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>ScVendor</key>
+ <string>Generic</string>
+ <key>ScVersion</key>
+ <string>unknown</string>
+ <key>ScFirmwareVersion</key>
+ <string>unknown</string>
+ <key>ScFlags</key> <!-- @@@ dynamic -->
+ <integer>0</integer>
+ <key>ScCustomFlags</key>
+ <integer>0</integer>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/MuscleCard/musclecard.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/MuscleCard/musclecard.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/MuscleCard/musclecard.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * musclecard.cpp - MuscleCard.tokend main program
+ */
+
+#include "MuscleCardToken.h"
+
+int main(int argc, const char *argv[])
+{
+ secdebug("tokendmuscle", "main starting with %d arguments", argc);
+ secdelay("/tmp/delay/MuscleCard");
+
+ token = new MuscleCardToken();
+ return SecTokendMain(argc, argv, token->callbacks(), token->support());
+}
+
Added: releases/Apple/OSX-10.6.7/PIV/Info.plist
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/Info.plist (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/Info.plist 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+ <key>CFBundleExecutable</key>
+ <string>PIV</string>
+ <key>CFBundleIdentifier</key>
+ <string>com.apple.tokend.piv</string>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+ <key>CFBundleName</key>
+ <string>PIV</string>
+ <key>CFBundlePackageType</key>
+ <string>????</string>
+ <key>CFBundleShortVersionString</key>
+ <string>2.2.1</string>
+ <key>CFBundleSignature</key>
+ <string>????</string>
+ <key>CFBundleVersion</key>
+ <string>40596</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/PIV/PIVAttributeCoder.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVAttributeCoder.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVAttributeCoder.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVAttributeCoder.cpp
+ * TokendPIV
+ */
+
+/* ---------------------------------------------------------------------------
+ *
+ * This file should not need to be modified except for replacing
+ * "piv" with the name of your token
+ *
+ * ---------------------------------------------------------------------------
+*/
+
+#include "PIVAttributeCoder.h"
+
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include "PIVRecord.h"
+
+using namespace Tokend;
+
+//
+// PIVDataAttributeCoder
+//
+PIVDataAttributeCoder::~PIVDataAttributeCoder()
+{
+}
+
+void PIVDataAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ PIVRecord &pivRecord = dynamic_cast<PIVRecord &>(record);
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ pivRecord.getDataAttribute(tokenContext));
+}
+
+//
+// PIVKeySizeAttributeCoder
+//
+PIVKeySizeAttributeCoder::~PIVKeySizeAttributeCoder() {}
+
+void PIVKeySizeAttributeCoder::decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record)
+{
+ uint32 keySize = dynamic_cast<PIVKeyRecord &>(record).sizeInBits();
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute(keySize));
+}
Added: releases/Apple/OSX-10.6.7/PIV/PIVAttributeCoder.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVAttributeCoder.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVAttributeCoder.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVAttributeCoder.h
+ * TokendPIV
+ */
+
+/* ---------------------------------------------------------------------------
+ *
+ * This file should not need to be modified except for replacing
+ * "piv" with the name of your token
+ *
+ * ---------------------------------------------------------------------------
+*/
+
+#ifndef _PIVATTRIBUTECODER_H_
+#define _PIVATTRIBUTECODER_H_
+
+#include "AttributeCoder.h"
+#include <string>
+
+//
+// A coder that reads the data of an object
+//
+class PIVDataAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(PIVDataAttributeCoder)
+public:
+
+ PIVDataAttributeCoder() {}
+ virtual ~PIVDataAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+
+//
+// A coder that produces the LogicalKeySizeInBits of a key
+//
+class PIVKeySizeAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(PIVKeySizeAttributeCoder)
+public:
+ PIVKeySizeAttributeCoder() {}
+ virtual ~PIVKeySizeAttributeCoder();
+
+ virtual void decode(Tokend::TokenContext *tokenContext, const Tokend::MetaAttribute &metaAttribute, Tokend::Record &record);
+};
+
+
+#endif /* !_PIVATTRIBUTECODER_H_ */
+
Added: releases/Apple/OSX-10.6.7/PIV/PIVCCC.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVCCC.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVCCC.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVCCC.cpp
+ * TokendPIV
+ */
+
+#include "PIVCCC.h"
+#include "PIVToken.h"
+#include "PIVError.h"
+
+#include "TLV.h"
+
+PIVCCC::PIVCCC(const byte_string &data) throw(PIVError)
+{
+ /* Upon construction, parse the input data */
+ parse(data);
+}
+
+PIVCCC::~PIVCCC()
+{
+}
+
+void PIVCCC::parse(const byte_string &data) throw(PIVError)
+{
+ /*
+ Sample CCC block
+
+ 53 44 F0 15 A0 00 00 03 08 01 02 20 50 50 00 11 07 00 00 83 58 00 00
+ 83 58 F1 01 21 F2 01 21 F3 00 F4 01 00 F5 01 10 F6 11 00 00 00 00 00
+ 00 00 00 00 00 00 00 00 00 00 00 00 F7 00 FA 00 FB 00 FC 00 FD 00 FE 00 90 00
+ */
+ // Parse the CCC as a TLV
+ TLV_ref tlv;
+ try {
+ tlv = TLV::parse(data);
+ } catch (std::runtime_error &e) {
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ }
+ // Check that the return-data tag is correct
+ if(tlv->getTag().size() != 1 || tlv->getTag()[0] != PIV_GETDATA_RESPONSE_TAG)
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+
+ // Iterate over the TLV's contained values to check for desired/invalid values
+ TLVList list = tlv->getInnerValues();
+ for(TLVList::const_iterator iter = list.begin(); iter != list.end(); ++iter) {
+ // No known CCC tags of > 1 byte
+ if((*iter)->getTag().size() != 1)
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ uint8_t tag = (*iter)->getTag()[0];
+ switch (tag)
+ {
+ case PIV_CCC_TAG_CARD_IDENTIFIER: // 0xF0
+ // Store the card identifier value persistently
+ mIdentifier_content = (*iter)->getValue();
+ mIdentifier.Data = &mIdentifier_content[0];
+ mIdentifier.Length = mIdentifier_content.size();
+ break;
+ case PIV_CCC_TAG_CARD_CONTAINER_VERS: // 0xF1
+ case PIV_CCC_TAG_CARD_GRAMMAR_VERS: // 0xF2
+ case PIV_CCC_TAG_APPS_URL: // 0xF3
+ case PIV_CCC_TAG_IS_PKCS15: // 0xF4
+ case PIV_CCC_TAG_DATA_MODEL_NUMBER: // 0xF5
+ case PIV_CCC_TAG_ACL_RULE_TABLE: // 0xF6
+ case PIV_CCC_TAG_CARD_APDUS: // 0xF7
+ case PIV_CCC_TAG_REDIRECTION: // 0xFA
+ case PIV_CCC_TAG_CAPABILITY_TUPLES: // 0xFB
+ case PIV_CCC_TAG_STATUS_TUPLES: // 0xFC
+ case PIV_CCC_TAG_NEXT_CCC: // 0xFD
+ case PIV_CCC_TAG_EXTENDED_APP_URL: // 0xE3
+ case PIV_CCC_TAG_SEC_OBJECT_BUFFER: // 0xB4
+ case PIV_CCC_TAG_ERROR_DETECTION: // 0xFE
+ case 0:
+ case 0xFF:
+ // Permit these values, but throw them away
+ break;
+ default:
+ // Unknown data is an error condition
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ break;
+ }
+ }
+}
+
+std::string PIVCCC::hexidentifier() const
+{
+ return mIdentifier.toHex(); // hex string of binary blob
+}
Added: releases/Apple/OSX-10.6.7/PIV/PIVCCC.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVCCC.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVCCC.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVCCC.h
+ * TokendPIV
+ */
+
+#ifndef _PIVCCC_H_
+#define _PIVCCC_H_
+
+#include "PIVDefines.h"
+#include <security_cdsa_utilities/cssmdata.h>
+#include <string>
+#include "byte_string.h"
+#include "PIVError.h"
+
+class PIVCCC
+{
+public:
+ PIVCCC(const byte_string &data) throw(PIVError);
+ virtual ~PIVCCC();
+
+ const unsigned char *identifier() const { return mIdentifier; }
+ std::string hexidentifier() const;
+
+protected:
+
+ // Reference: SP 800-73-1 Appendix A
+ CssmData mIdentifier; // 0xF0 Card Identifier
+ // byte_string to contain the identifier
+ byte_string mIdentifier_content;
+
+#if 0
+ unsigned char ccversion; // Capability Container version number
+ unsigned char cgversion;
+ unsigned char mAppCardURL[128]; // 0xF3 Applications CardURL
+ bool pkcs15; // 0xF4 PKCS#15
+ unsigned char datamodelnumber; // 0xF5 Registered Data Model number
+ unsigned char mACLRuleTable[17]; // 0xF6 Access Control Rule Table
+#endif
+
+private:
+ void parse(const byte_string &data) throw(PIVError);
+};
+
+#endif /* !_PIVCCC_H_ */
Added: releases/Apple/OSX-10.6.7/PIV/PIVDefines.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVDefines.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVDefines.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,404 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVDefines.h
+ * TokendPIV
+ */
+
+#ifndef _PIVDEFINES_H_
+#define _PIVDEFINES_H_
+
+/*
+ For the PIV tokend, refer to NIST Specical Publication 800-73-1, "Interfaces
+ for Personal Identity Verification". The define for CLA_STANDARD comes from 2.3.3.1.1. [SP800731]
+ See Appendix A for useful codes.
+ Object identifiers: 4.2 OIDs and Tags of PIV Card Application Data Objects [SP800731]
+
+ The other publication referenced here is NIST IR 6887 - 2003 Edition (GSC-IS Version 2.1) [NISTIR6887]
+
+ Also useful is NIST Special Publication 800-85A [SP80085A]
+
+ P1 - Reference Control Parameter
+
+ See "Table 1. SP 800-73 Data Model Containers" for RID and object IDs for data objects (p 5)
+ See "Appendix A - PIV Data Model" for object IDs (p 45)
+*/
+
+#pragma mark ---------- PIV defines ----------
+
+#define PIV_CLA_STANDARD 0x00
+#define PIV_CLA_CHAIN 0x10
+#define PIV_INS_SELECT_FILE 0xA4
+#define PIV_INS_VERIFY_APDU 0x20 // SP800731 Section 2.3.3.2.1
+#define PIV_INS_CHANGE_REFERENCE_DATA 0x24 // [SP800731 7.2.2]
+#define PIV_INS_GET_DATA 0xCB // [SP800731 7.1.2]
+#define PIV_INS_GENERAL_AUTHENTICATE 0x87 // [SP800731 7.2.4]
+
+// Placeholders for fields in the APDU to be filled in programmatically
+#define TBD_ZERO 0x00
+#define TBD_FF 0xFF
+
+// These are from NISTIR6887 5.1.1.4 Select File APDU
+// They are the values for the P1 field
+#define SELECT_P1_EXPLICIT 0x00
+#define SELECT_P1_CHILDDF 0x01
+#define SELECT_P1_CHILDEF 0x02
+#define SELECT_P1_PARENTDF 0x03
+
+/*
+ Reference: [SP800731] Appendix A PIV Data Model (data sizes)
+
+ Name ID Size
+ Card Capabilities Container 0xDB00 266
+ Card Holder Unique Identifier 0x3000 3377
+ X.509 Certificates ------ 1651
+ Card Holder Fingerprints 0x6010 7768
+ Printed Information 0x3001 106
+ Card Holder Facial Image 0x6030 12704
+ Security Object 0x9000 1000
+*/
+
+#define PIV_MAX_DATA_SIZE (12704+1024) // plus some extra
+
+#pragma mark ---------- Object IDs on Token ----------
+
+/*
+ Object IDs for objects on token. All currently 3 hex bytes.
+ See 4.2 OIDs and Tags of PIV Card Application Data Objects [SP800731]
+
+ 4.1 PIV Card Application Data Objects [SP800731]
+ A PIV Card Application shall contain six mandatory data objects and five optional data object for
+ interoperable use. The six mandatory data objects for interoperable use are as follows:
+
+ 1. Card Capability Container
+ 2. Card Holder Unique Identifier
+ 3. X.509 Certificate for PIV Authentication
+ 4. Card Holder Fingerprint I
+ 5. Card Holder Fingerprint II2
+ 6. Security Object
+
+ The five optional data objects for interoperable use are as follows:
+
+ 1. Card Holder Facial Image
+ 2. Printed Information
+ 3. X.509 Certificate for PIV Digital Signature
+ 4. X.509 Certificate for PIV Key Management
+ 5. X.509 Certificate for Card Authentication
+*/
+
+// Card Capability Container 2.16.840.1.101.3.7.1.219.0 '5FC107' M
+#define PIV_OBJECT_ID_CARD_CAPABILITY_CONTAINER 0x5F, 0xC1, 0x07
+
+// Card Holder Unique Identifier 2.16.840.1.101.3.7.2.48.0 '5FC102' M [CHUID]
+#define PIV_OBJECT_ID_CARDHOLDER_UNIQUEID 0x5F, 0xC1, 0x02
+
+// Card Holder Fingerprints 2.16.840.1.101.3.7.2.96.16 '5FC103' M
+#define PIV_OBJECT_ID_CARDHOLDER_FINGERPRINTS 0x5F, 0xC1, 0x03
+
+// Printed Information 2.16.840.1.101.3.7.2.48.1 '5FC109' O
+#define PIV_OBJECT_ID_PRINTED_INFORMATION 0x5F, 0xC1, 0x09
+
+// Card Holder Facial Image 2.16.840.1.101.3.7.2.96.48 '5FC108' O
+#define PIV_OBJECT_ID_CARDHOLDER_FACIAL_IMAGE 0x5F, 0xC1, 0x08
+
+// X.509 Certificate for PIV Authentication 2.16.840.1.101.3.7.2.1.1 '5FC105' M
+#define PIV_OBJECT_ID_X509_CERTIFICATE_PIV_AUTHENTICATION 0x5F, 0xC1, 0x05
+
+// X.509 Certificate for Digital Signature 2.16.840.1.101.3.7.2.1.0 '5FC10A' O
+#define PIV_OBJECT_ID_X509_CERTIFICATE_DIGITAL_SIGNATURE 0x5F, 0xC1, 0x0A
+
+// X.509 Certificate for Key Management 2.16.840.1.101.3.7.2.1.2 '5FC10B' O
+#define PIV_OBJECT_ID_X509_CERTIFICATE_KEY_MANAGEMENT 0x5F, 0xC1, 0x0B
+
+// X.509 Certificate for Card Authentication 2.16.840.1.101.3.7.2.5.0 '5FC101' O
+#define PIV_OBJECT_ID_X509_CERTIFICATE_CARD_AUTHENTICATION 0x5F, 0xC1, 0x01
+
+// ----------------------------------------------------------------------------
+/*
+ Verify APDU [NISTIR6887 5.1.2.4]
+ Function Code 0x08
+ CLA 0x00
+ INS 0x20
+ P1 0x00
+ P2 0x00 for default key, 0x01 to 0x30 for key number
+ Lc Length of data field
+ Data Field Authentication data (i.e., password or PIN)
+ Le Empty
+
+ Note: If the Lc is 0x00 and the Data Field is empty, VERIFY returns the
+ number of tries remaining on the referenced PIN.
+
+ NB: "empty" in these documents seems to mean "not present", as opposed to zeros
+*/
+
+// 0x00 0x20 P1 P2
+#define PIV_VERIFY_APDU PIV_CLA_STANDARD, PIV_INS_VERIFY_APDU, 0x00, TBD_ZERO
+
+// Template for supplying a PIN to be verified
+// Lc
+#define PIV_VERIFY_APDU_TEMPLATE PIV_VERIFY_APDU, 0x08, TBD_FF, TBD_FF, TBD_FF, TBD_FF, \
+ TBD_FF, TBD_FF, TBD_FF, TBD_FF
+// Template used to check on the lock state only
+#define PIV_VERIFY_APDU_STATUS PIV_VERIFY_APDU, 0x00
+
+#define PIV_VERIFY_APDU_INDEX_KEY 3 // Index into APDU for PIN number (i.e. which PIN)
+#define PIV_VERIFY_APDU_INDEX_LEN 4 // Index into APDU for data length (always 8)
+#define PIV_VERIFY_APDU_INDEX_DATA 5 // Index into APDU for PIN data
+
+// Allowable values for P2 in VERIFY APDU
+// P2 0x00 for default key, 0x01 to 0x30 for key number
+#define PIV_VERIFY_KEY_NUMBER_DEFAULT 0x00
+#define PIV_VERIFY_KEY_NUMBER_MAX 0x30
+
+#define PIV_VERIFY_PIN_LENGTH_MIN 4
+#define PIV_VERIFY_PIN_LENGTH_MAX 8
+
+// ----------------------------------------------------------------------------
+/*
+ CHANGE REFERENCE DATA Card Command (i.e. change PIN) [SP800731 7.2.2]
+ Function Code 0x08
+ CLA 0x00
+ INS 0x24
+ P1 0x00
+ P2 0x00 for default key, 0x01 to 0x30 for key number
+ Lc Length of data field (always 0x10)
+ Data Field Current PIN reference data concatenated without delimitation with the
+ new PIN reference data, both PINs as described in 3.5.3
+ Le Empty
+*/
+
+#define PIV_CHANGE_REFERENCE_DATA_APDU PIV_CLA_STANDARD, PIV_INS_CHANGE_REFERENCE_DATA, 0x00, TBD_ZERO, TBD_ZERO
+// Template for supplying a PIN to be changed
+// similar to PIV_VERIFY_APDU_TEMPLATE except with space for 2 PINs
+#define PIV_CHANGE_REFERENCE_DATA_APDU_TEMPLATE \
+ PIV_CHANGE_REFERENCE_DATA_APDU, \
+ TBD_FF, TBD_FF, TBD_FF, TBD_FF, TBD_FF, TBD_FF, TBD_FF, TBD_FF, \
+ TBD_FF, TBD_FF, TBD_FF, TBD_FF, TBD_FF, TBD_FF, TBD_FF, TBD_FF, \
+ 0x00
+
+// Index into APDU for new PIN data
+#define PIV_CHANGE_REFERENCE_DATA_APDU_INDEX_DATA2 (PIV_VERIFY_APDU_INDEX_DATA + PIV_VERIFY_PIN_LENGTH_MAX)
+
+// ----------------------------------------------------------------------------
+
+/*
+ Reference: [SP800731]
+
+ 7.1.2 GET DATA Card Command
+ The GET DATA card command retrieves the data content of the single data object
+ whose tag is given in the data field.
+
+ Command Syntax
+ CLA 0x00
+ INS 0xCB
+ P1 0x3F
+ P2 0xFF
+ Lc 0x10
+ Data Field See Table 16.
+ Le Number of data content bytes to be retrieved.
+
+ Table 16. Data Objects in the Data Field of the GET DATA Card Command
+ Name Tag M/O Comment
+ Tag list 0x5C M BER-TLV tag of the data object to be retrieved. See Table 6.
+
+ Response Syntax
+ Data Field BER-TLV with the tag '53' containing in the value field the requested
+ data object.
+ SW1-SW2 Status word
+
+ SW1 SW2 Meaning
+ '61' 'xx' Successful execution where SW2 encodes the number of response
+ data bytes still available
+ '69' '82' Security status not satisfied
+ '6A' '82' Data object not found
+ '90' '00' Successful execution
+
+ Reference:
+ Get Cert
+ APDU: 00 CB 3F FF 05 5C 03 5F C1 05
+ APDU: 61 00
+
+ Get Printed Data
+ APDU: 00 CB 3F FF 05 5C 03 5F C1 09
+ APDU: 61 44
+*/
+
+// 0x00 0xCB
+#define PIV_GETDATA_APDU PIV_CLA_STANDARD, PIV_INS_GET_DATA, 0x3F, 0xFF
+// Template for getting data
+// 00 CB 3F FF Lc Tag Len OID1 OID2 OID3
+#define PIV_GETDATA_APDU_TEMPLATE PIV_GETDATA_APDU, TBD_ZERO, 0x5C, TBD_ZERO, TBD_FF, TBD_FF, TBD_FF
+
+#define PIV_GETDATA_APDU_INDEX_LEN 4 // Index into APDU for APDU data length (this is TLV<OID>) [Lc]
+#define PIV_GETDATA_APDU_INDEX_OIDLEN 6 // Index into APDU for requested length of data
+#define PIV_GETDATA_APDU_INDEX_OID 7 // Index into APDU for object ID
+
+#define PIV_GETDATA_CONT_APDU_TEMPLATE 0x00, 0xC0, 0x00, 0x00, TBD_ZERO
+
+#define PIV_GETDATA_CONT_APDU_INDEX_LEN 4 // Index into CONT APDU for requested length of data
+
+#define PIV_GETDATA_RESPONSE_TAG 0x53
+#define PIV_GETDATA_TAG_CERTIFICATE 0x70
+#define PIV_GETDATA_TAG_CERTINFO 0x71
+#define PIV_GETDATA_TAG_MSCUID 0x72
+#define PIV_GETDATA_TAG_ERRORDETECTION 0xFE
+
+/*
+ Reference: [SP800731] Appendix A PIV Data Model
+
+ CertInfo::= BIT STRING {
+ CompressionTypeMsb(0), // 0 = no compression and 1 = gzip compression.
+ CompressionTypeLsb(1), // shall be set to "0" for PIV Applications
+ IsX509(2), // shall be set to "0" for PIV Applications
+ RFU3(3),
+ RFU4(4),
+ RFU5(5),
+ RFU6(6),
+ RFU7(7)
+ }
+
+ Note: the compression mask below should only be 0x80, but NASA cards use 0x01 (??)
+*/
+#define PIV_GETDATA_COMPRESSION_MASK 0x81
+
+// ----------------------------------------------------------------------------
+
+/*
+Card Identifier 0xF0 Fixed 21
+Capability Container version number 0xF1 Fixed 1
+Capability Grammar version number 0xF2 Fixed 1
+Applications CardURL 0xF3 Variable 128
+PKCS#15 0xF4 Fixed 1
+Registered Data Model number 0xF5 Fixed 1
+Access Control Rule Table 0xF6 Fixed 17
+CARD APDUs 0xF7 Fixed 0
+Redirection Tag 0xFA Fixed 0
+Capability Tuples (CTs) 0xFB Fixed 0
+Status Tuples (STs) 0xFC Fixed 0
+*/
+
+#define PIV_CCC_TAG_CARD_IDENTIFIER 0xF0
+#define PIV_CCC_TAG_CARD_CONTAINER_VERS 0xF1
+#define PIV_CCC_TAG_CARD_GRAMMAR_VERS 0xF2
+#define PIV_CCC_TAG_APPS_URL 0xF3
+#define PIV_CCC_TAG_IS_PKCS15 0xF4
+#define PIV_CCC_TAG_DATA_MODEL_NUMBER 0xF5
+#define PIV_CCC_TAG_ACL_RULE_TABLE 0xF6
+#define PIV_CCC_TAG_CARD_APDUS 0xF7
+#define PIV_CCC_TAG_REDIRECTION 0xFA
+#define PIV_CCC_TAG_CAPABILITY_TUPLES 0xFB
+#define PIV_CCC_TAG_STATUS_TUPLES 0xFC
+#define PIV_CCC_TAG_NEXT_CCC 0xFD
+#define PIV_CCC_TAG_EXTENDED_APP_URL 0xE3
+#define PIV_CCC_TAG_SEC_OBJECT_BUFFER 0xB4
+#define PIV_CCC_TAG_ERROR_DETECTION 0xFE
+
+#define PIV_CCC_SZ_CARD_IDENTIFIER 21
+
+// ----------------------------------------------------------------------------
+
+/*
+ Reference: [SP800-78-1] 6. Identifiers for PIV Card Interfaces
+
+ Key References:
+*/
+#define PIV_KEYREF_PIV_AUTHENTICATION 0x9A
+#define PIV_KEYREF_PIV_CARD_MANAGEMENT 0x9B
+#define PIV_KEYREF_PIV_DIGITAL_SIGNATURE 0x9C
+#define PIV_KEYREF_PIV_KEY_MANAGEMENT 0x9D
+#define PIV_KEYREF_PIV_CARD_AUTHENTICATION 0x9E
+
+/*
+ Algorithm Identifiers:
+ (Listing Only RSA)
+*/
+/* NOTE: After 2008/12/31 user keys will no longer be issued as 1024 */
+#define PIV_KEYALG_RSA_1024 0x06
+#define PIV_KEYALG_RSA_2048 0x07
+
+/*
+ Reference: [SP800-73-1]
+
+ 7.2.4 General Authenticate Command
+ The GENERAL AUTHENTICATE card command performs a cryptographic operation such as an
+ authentication protocol using the data provided in the data field of the command and returns the result of
+ the cryptographic operation in the response data field.
+ The GENERAL AUTHENTICATE command shall be used to authenticate the card or a card application
+ to the client-application (INTERNAL AUTHENTICATE), to authenticate an entity to the card
+ (EXTERNAL AUTHENTICATE), and to perform a mutual authentication between the card and an entity
+ external to the card (MUTUAL AUTHENTICATE).
+ The GENERAL AUTHENTICATE command shall be used to realize the signing functionality on the
+ PIV client-application programming interface. Data sent to the card is expected to be hashed off-card.
+ The GENERAL AUTHENTICATE command supports command chaining to permit the uninterrupted
+ transmission of long command data fields to the PIV Card Application. If a card command other than the
+ GENERAL AUTHENTICATICATE command is received by the PIV Card Application before the
+ termination of a GENERAL AUTHENTICATE chain, the PIV Card Application shall rollback to the
+ state it was in immediately prior to the reception of the first command in the interrupted chain. In other
+ words, an interrupted GENERAL AUTHENTICATE chain has no effect on the PIV Card Application.
+
+ Command Syntax
+ CLA '00' or '10' indicating command chaining.
+ INS '87'
+ P1 Algorithm reference
+ P2 Key reference
+ Lc Length of data field
+ Data Field See Table 17.
+ Le Absent or length of expected response
+
+ Table 17. Data Objects in the Dynamic Authentication Template (Tag '7C')
+ Name Tag M/O Description
+ Witness '80' C Demonstration of knowledge of a fact without revealing
+ the fact. An empty witness is a request for a witness.
+ Challenge '81' C One or more random numbers or byte sequences to be
+ used in the authentication protocol.
+ Response '82' C A sequence of bytes encoding a response step in an
+ authentication protocol.
+ Committed '83' C Hash-code of a large random number including one or
+ challenge more challenges
+ Authentication '84' C Hash-code of one or more data fields and a witness data code object.
+
+ The data objects that appear in the dynamic authentication template (tag '7C') in the data field of the
+ GENERAL AUTHENTICATE card command depend on the authentication protocol being executed.
+
+ Response Syntax
+ Data Field Absent or authentication-related data
+ SW1-SW2 Status word
+
+ == How to use for signing/decrypting ==
+ Build output data structure:
+ 0x7C BER-LENGTH // Dynamic Auth Template
+ 0x82 0x00 // Request for Response
+ 0x81 BER-LENGTH // 'Challenge' the card for crypto
+ data
+ Assuming 256-bytes sendable each time
+ while remaining data left
+ if there will be more after this
+ SEND 0x10 0x87 ALG KEY LEN (data chunk)
+ else
+ SEND 0x00 0x87 ALG KEY LEN (data chunk)
+*/
+
+// ----------------------------------------------------------------------------
+
+#endif /* !_PIVDEFINES_H_ */
Added: releases/Apple/OSX-10.6.7/PIV/PIVError.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVError.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVError.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVError.cpp
+ * TokendPIV
+ */
+
+/* ---------------------------------------------------------------------------
+ *
+ * MODIFY
+ * - Fill in your token specific error codes below
+ *
+ * ---------------------------------------------------------------------------
+*/
+
+/*
+ Errors:
+ card blocked: shall not be made and the PIV Card Application shall return the status word '69 83'.
+*/
+
+#include "PIVError.h"
+
+#include <Security/cssmerr.h>
+
+//
+// PIVError exceptions
+//
+PIVError::PIVError(uint16_t sw) : SCardError(sw)
+{
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+ IFDEBUG(debugDiagnose(this));
+#else
+ SECURITY_EXCEPTION_THROW_OTHER(this, sw, (char *)"PIV");
+#endif
+}
+
+PIVError::~PIVError() throw ()
+{
+}
+
+const char *PIVError::what() const throw ()
+{ return "PIV error"; }
+
+OSStatus PIVError::osStatus() const
+{
+ switch (statusWord)
+ {
+ case PIV_AUTHENTICATION_FAILED_0:
+ case PIV_AUTHENTICATION_FAILED_1:
+ case PIV_AUTHENTICATION_FAILED_2:
+ case PIV_AUTHENTICATION_FAILED_3:
+ return CSSM_ERRCODE_OPERATION_AUTH_DENIED;
+ // At least leave the default case
+ default:
+ return SCardError::osStatus();
+ }
+}
+
+void PIVError::throwMe(uint16_t sw)
+{ throw PIVError(sw); }
+
+#if !defined(NDEBUG)
+
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
+void PIVError::debugDiagnose(const void *id) const
+{
+ secdebug("exception", "%p PIVError %s (%04hX)",
+ id, errorstr(statusWord), statusWord);
+}
+
+#endif // MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
+const char *PIVError::errorstr(uint16_t sw) const
+{
+ switch (sw)
+ {
+ case PIV_AUTHENTICATION_FAILED_0:
+ return "Authentication failed, 0 retries left.";
+ case PIV_AUTHENTICATION_FAILED_1:
+ return "Authentication failed, 1 retry left.";
+ case PIV_AUTHENTICATION_FAILED_2:
+ return "Authentication failed, 2 retries left.";
+ case PIV_AUTHENTICATION_FAILED_3:
+ return "Authentication failed, 3 retries left.";
+ // At least leave the default case
+ default:
+ return SCardError::errorstr(sw);
+ }
+}
+
+#endif //NDEBUG
+
Added: releases/Apple/OSX-10.6.7/PIV/PIVError.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVError.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVError.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVError.h
+ * TokendPIV
+ */
+
+/* ---------------------------------------------------------------------------
+ *
+ * MODIFY
+ * - Fill in your token specific error codes below
+ *
+ * ---------------------------------------------------------------------------
+*/
+
+#ifndef _PIVERROR_H_
+#define _PIVERROR_H_
+
+#include "SCardError.h"
+
+
+/** Entered PIN is not correct and pin was blocked. */
+#define PIV_AUTHENTICATION_FAILED_0 0x6300
+/** Entered PIN is not correct, 1 try left. */
+#define PIV_AUTHENTICATION_FAILED_1 0x6301
+/** Entered PIN is not correct, 2 tries left. */
+#define PIV_AUTHENTICATION_FAILED_2 0x6302
+/** Entered PIN is not correct, 3 tries left. */
+#define PIV_AUTHENTICATION_FAILED_3 0x6303
+
+class PIVError : public Tokend::SCardError
+{
+protected:
+ PIVError(uint16_t sw);
+ virtual ~PIVError() throw ();
+public:
+ OSStatus osStatus() const;
+ virtual const char *what () const throw ();
+
+ static void check(uint16_t sw) { if (sw != SCARD_SUCCESS) throwMe(sw); }
+ static void throwMe(uint16_t sw) __attribute__((noreturn));
+
+protected:
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+ IFDEBUG(void debugDiagnose(const void *id) const;)
+#endif
+ IFDEBUG(const char *errorstr(uint16_t sw) const;)
+};
+
+#endif /* !_CACERROR_H_ */
+
Added: releases/Apple/OSX-10.6.7/PIV/PIVKeyHandle.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVKeyHandle.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVKeyHandle.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,211 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVKeyHandle.cpp
+ * TokendPIV
+ */
+
+#include "PIVKeyHandle.h"
+
+#include "PIVRecord.h"
+#include "PIVToken.h"
+
+#include <security_utilities/debugging.h>
+#include <security_utilities/utilities.h>
+#include <security_cdsa_utilities/cssmerrors.h>
+#include <Security/cssmerr.h>
+
+#include "byte_string.h"
+
+#include "PIVUtilities.h"
+#include "Padding.h"
+
+//
+// PIVKeyHandle
+//
+PIVKeyHandle::PIVKeyHandle(PIVToken &pivToken,
+ const Tokend::MetaRecord &metaRecord, PIVKeyRecord &pivKey) :
+ Tokend::KeyHandle(metaRecord, &pivKey),
+ mToken(pivToken),
+ mKey(pivKey)
+{
+}
+
+PIVKeyHandle::~PIVKeyHandle()
+{
+}
+
+void PIVKeyHandle::getKeySize(CSSM_KEY_SIZE &keySize)
+{
+ secdebug("crypto", "getKeySize");
+ keySize.LogicalKeySizeInBits = mKey.sizeInBits();
+ keySize.EffectiveKeySizeInBits = mKey.sizeInBits();
+}
+
+uint32 PIVKeyHandle::getOutputSize(const Context &context, uint32 inputSize,
+ bool encrypting)
+{
+ secdebug("crypto", "getOutputSize");
+ if (encrypting)
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ return inputSize; //accurate for crypto used on PIV cards
+}
+
+
+void PIVKeyHandle::generateSignature(const Context &context,
+ CSSM_ALGORITHMS alg, const CssmData &input, CssmData &signature)
+{
+ // MODIFY: This routine may have to be modified
+ // See comment at top of file
+ secdebug("crypto", "generateSignature alg: %u sigAlg: %u",
+ context.algorithm(), alg);
+ IFDUMPING("crypto", context.dump("signature context"));
+
+ if (context.type() != CSSM_ALGCLASS_SIGNATURE)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+
+ if (context.algorithm() != CSSM_ALGID_RSA)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+
+ // Create an input buffer in which we construct the data we will send to the token.
+ byte_string inputData(input.Data, input.Data + input.Length);
+
+ // Get padding, but default to pkcs1 style padding
+ uint32 padding = CSSM_PADDING_PKCS1;
+ context.getInt(CSSM_ATTRIBUTE_PADDING, padding);
+
+ Padding::apply(inputData, mKey.sizeInBits() / 8, padding, alg);
+
+ // @@@ Switch to using tokend allocators
+ /* Use ref to a new buffer item to keep the data around after the function ends */
+ size_t keyLength = mKey.sizeInBits() / 8;
+ byte_string outputData;
+ outputData.reserve(keyLength);
+
+ const AccessCredentials *cred = context.get<const AccessCredentials>(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS);
+ // Sign the inputData using the token
+ mKey.computeCrypt(mToken, true, cred, inputData, outputData);
+
+ signature.Data = malloc_copy(outputData);
+ signature.Length = outputData.size();
+}
+
+void PIVKeyHandle::verifySignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, const CssmData &signature)
+{
+ secdebug("crypto", "verifySignature");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void PIVKeyHandle::generateMac(const Context &context,
+ const CssmData &input, CssmData &output)
+{
+ secdebug("crypto", "generateMac");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void PIVKeyHandle::verifyMac(const Context &context,
+ const CssmData &input, const CssmData &compare)
+{
+ secdebug("crypto", "verifyMac");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void PIVKeyHandle::encrypt(const Context &context,
+ const CssmData &clear, CssmData &cipher)
+{
+ secdebug("crypto", "encrypt");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void PIVKeyHandle::decrypt(const Context &context,
+ const CssmData &cipher, CssmData &clear)
+{
+ // MODIFY: This routine may have to be modified
+ // See comment at top of file
+ secdebug("crypto", "decrypt alg: %u", context.algorithm());
+ IFDUMPING("crypto", context.dump("decrypt context"));
+
+ if (context.type() != CSSM_ALGCLASS_ASYMMETRIC)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+
+ if (context.algorithm() != CSSM_ALGID_RSA)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+
+ /* Check for supported padding */
+ uint32 padding = context.getInt(CSSM_ATTRIBUTE_PADDING);
+ if(!Padding::canRemove(padding))
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+
+ size_t keyLength = mKey.sizeInBits() / 8;
+ if (cipher.length() % keyLength != 0)
+ CssmError::throwMe(CSSMERR_CSP_INPUT_LENGTH_ERROR);
+
+ // @@@ Use a secure allocator for this.
+ /* Use ref to a new buffer item to keep the data around after the function ends */
+ byte_string outputData;
+ outputData.reserve(cipher.Length);
+ // --- support for multiples of keyLength by doing multiple blocks
+ for(size_t i = 0; i < cipher.Length; i += keyLength) {
+ byte_string inputData(cipher.Data + i, cipher.Data + i + keyLength);
+ byte_string tmpOutput;
+ tmpOutput.reserve(keyLength);
+ secdebug("crypto", "decrypt: card supports RSA_NOPAD");
+ const AccessCredentials *cred = context.get<const AccessCredentials>(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS);
+ // Decrypt the inputData using the token
+ mKey.computeCrypt(mToken, false, cred, inputData, tmpOutput);
+ Padding::remove(tmpOutput, padding);
+ outputData += tmpOutput;
+ /* Clear out temporary output */
+ secure_zero(tmpOutput);
+ }
+
+ clear.Data = malloc_copy(outputData);
+ clear.Length = outputData.size();
+}
+
+void PIVKeyHandle::exportKey(const Context &context,
+ const AccessCredentials *cred, CssmKey &wrappedKey)
+{
+ secdebug("crypto", "exportKey");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+//
+// PIVKeyHandleFactory
+//
+PIVKeyHandleFactory::~PIVKeyHandleFactory()
+{
+}
+
+
+Tokend::KeyHandle *PIVKeyHandleFactory::keyHandle(
+ Tokend::TokenContext *tokenContext, const Tokend::MetaRecord &metaRecord,
+ Tokend::Record &record) const
+{
+ PIVKeyRecord &key = dynamic_cast<PIVKeyRecord &>(record);
+ PIVToken &pivToken = static_cast<PIVToken &>(*tokenContext);
+ return new PIVKeyHandle(pivToken, metaRecord, key);
+}
+
Added: releases/Apple/OSX-10.6.7/PIV/PIVKeyHandle.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVKeyHandle.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVKeyHandle.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVKeyHandle.h
+ * TokendPIV
+ */
+
+#ifndef _PIVKEYHANDLE_H_
+#define _PIVKEYHANDLE_H_
+
+#include "KeyHandle.h"
+
+#include <deque>
+#include "byte_string.h"
+#include "SecureBufferAllocator.h"
+
+class PIVToken;
+class PIVKeyRecord;
+
+//
+// A KeyHandle object which implements the crypto interface to piv.
+//
+class PIVKeyHandle: public Tokend::KeyHandle
+{
+ NOCOPY(PIVKeyHandle)
+public:
+ PIVKeyHandle(PIVToken &cacToken, const Tokend::MetaRecord &metaRecord,
+ PIVKeyRecord &cacKey);
+ ~PIVKeyHandle();
+
+ virtual void getKeySize(CSSM_KEY_SIZE &keySize);
+ virtual uint32 getOutputSize(const Context &context, uint32 inputSize,
+ bool encrypting);
+ virtual void generateSignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input, CssmData &signature);
+ virtual void verifySignature(const Context &context,
+ CSSM_ALGORITHMS alg, const CssmData &input,
+ const CssmData &signature);
+ virtual void generateMac(const Context &context, const CssmData &input,
+ CssmData &output);
+ virtual void verifyMac(const Context &context, const CssmData &input,
+ const CssmData &compare);
+ virtual void encrypt(const Context &context, const CssmData &clear,
+ CssmData &cipher);
+ /* Implemented such that the decrypted data has limited external exposure
+ * Value is, however, cached until destroyed */
+ virtual void decrypt(const Context &context, const CssmData &cipher,
+ CssmData &clear);
+
+ virtual void exportKey(const Context &context,
+ const AccessCredentials *cred, CssmKey &wrappedKey);
+private:
+ PIVToken &mToken;
+ PIVKeyRecord &mKey;
+ /* Fixed queue of crypto data to keep the CssmData values used
+ * so that when the Key Handle keys away, the CssmData references go away.
+ * Fixed queue to prevent unbounded growth.
+ * TODO: Need spec on how to do this 'right' -- preferred setup would be for
+ * the data buffer be provided
+ */
+// static const unsigned MAX_BUFFERS = 2;
+// SecureBufferAllocator<MAX_BUFFERS> bufferAllocator;
+};
+
+
+//
+// A factory that creates PIVKeyHandle objects.
+//
+class PIVKeyHandleFactory : public Tokend::KeyHandleFactory
+{
+ NOCOPY(PIVKeyHandleFactory)
+public:
+ PIVKeyHandleFactory() {}
+ virtual ~PIVKeyHandleFactory();
+
+ virtual Tokend::KeyHandle *keyHandle(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaRecord &metaRecord, Tokend::Record &record) const;
+};
+
+
+#endif /* !_PIVKEYHANDLE_H_ */
+
Added: releases/Apple/OSX-10.6.7/PIV/PIVRecord.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVRecord.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVRecord.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,281 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVRecord.cpp
+ * TokendPIV
+ */
+
+#include "PIVRecord.h"
+#include "PIVDefines.h"
+
+#include "PIVError.h"
+#include "PIVToken.h"
+#include "Attribute.h"
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include <security_cdsa_client/aclclient.h>
+#include <Security/SecKey.h>
+
+#include <algorithm> /* min, find_if */
+
+#include "TLV.h"
+#include "PIVUtilities.h"
+
+//
+// PIVRecord
+//
+PIVRecord::~PIVRecord()
+{
+}
+
+//
+// PIVDataRecord
+//
+PIVDataRecord::~PIVDataRecord()
+{
+}
+
+
+//
+// PIVCertificateRecord
+//
+PIVCertificateRecord::~PIVCertificateRecord()
+{
+}
+
+//
+// PIVProtectedRecord
+//
+PIVProtectedRecord::~PIVProtectedRecord()
+{
+}
+
+void PIVProtectedRecord::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ if (!mAclEntries) {
+ mAclEntries.allocator(Allocator::standard());
+ // Reading this object's data requires PIN1
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 1),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+Tokend::Attribute *PIVDataRecord::getDataAttribute(Tokend::TokenContext *tokenContext)
+{
+ PIVToken &pivToken = dynamic_cast<PIVToken &>(*tokenContext);
+ if(mAllowCaching && lastAttribute.get())
+ return lastAttribute.get();
+
+ byte_string data;
+
+ pivToken.getDataCore(mApplication, description(), mIsCertificate, mAllowCaching, data);
+ /* Tokend::Attribute creates a copy of data */
+ lastAttribute.reset(new Tokend::Attribute(&data[0], data.size()));
+ return lastAttribute.get();
+}
+
+//
+// PIVKeyRecord
+//
+PIVKeyRecord::PIVKeyRecord(const unsigned char *application, size_t applicationSize,
+ const char *description, const Tokend::MetaRecord &metaRecord,
+ unsigned char keyRef, size_t keySize) :
+ PIVRecord(application, applicationSize, description),
+ keyRef(keyRef), keySize(keySize)
+{
+ /* Allow all keys to decrypt, unwrap, sign */
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).attributeIndex(),
+ new Tokend::Attribute(true));
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeyUnwrap).attributeIndex(),
+ new Tokend::Attribute(true));
+ attributeAtIndex(metaRecord.metaAttribute(kSecKeySign).attributeIndex(),
+ new Tokend::Attribute(true));
+}
+
+PIVKeyRecord::~PIVKeyRecord()
+{
+}
+
+size_t PIVKeyRecord::sizeInBits() const {
+ return keySize;
+}
+
+/*
+ MODIFY - This is where most of the crypto functions end up, and
+ this will be the main place to actually talk with the token.
+*/
+
+void PIVKeyRecord::computeCrypt(PIVToken &pivToken, bool sign, // MODIFY
+ const AccessCredentials *cred,
+ const byte_string &data, byte_string &output)
+{
+ if (data.size() != sizeInBits() / 8)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+
+ /* Allow all key usage, certificates determine validity */
+ unsigned char algRef;
+ switch (sizeInBits()) {
+ case 1024:
+ algRef = PIV_KEYALG_RSA_1024;
+ break;
+ case 2048:
+ algRef = PIV_KEYALG_RSA_2048;
+ break;
+ default:
+ /* Cannot use a key ~= 1024 or 2048 bits yet */
+ CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT);
+ break;
+ }
+
+ /* Build the BER-Encoded message */
+ /* Template: 0x7C L { 0x82 0x00, 0x81 L data } .. 2 tag+lengths + 1 tag-0 */
+ TLVList commandList;
+ commandList.push_back(TLV_ref(new TLV(0x81, data)));
+ commandList.push_back(TLV_ref(new TLV(0x82)));
+ TLV_ref command = TLV_ref(new TLV(0x7C, commandList));
+
+ /* TODO: Evaluate result length handling */
+ /* At least enough to contain BER-TLV */
+ size_t resultLength = sizeInBits() / 8;
+ resultLength += 1 + TLV::encodedLength(resultLength); // RESPONSE
+ resultLength += 1 + 1; // Potential empty response-tlv
+ resultLength += 1 + TLV::encodedLength(resultLength); // TLV containing response
+ /* Round out resultLength to a multiple of 256 */
+ resultLength = resultLength + resultLength % 256 + 256;
+ // Ensure that there's enough space to prevent unnecessary resizing
+ output.reserve(resultLength);
+
+ PCSC::Transaction _(pivToken);
+ pivToken.selectDefault();
+ /* Support for the signing key w/ user-consent pin */
+ if (cred)
+ {
+ uint32 size = cred->size();
+ for (uint32 ix = 0; ix < size; ++ix)
+ {
+ const TypedList &sample = (*cred)[ix];
+ if (sample.type() == CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD
+ && sample.length() == 2)
+ {
+ CssmData &pin = sample[1].data();
+ if (pin.Length > 0)
+ {
+ pivToken.verifyPIN(1, pin.Data, pin.Length);
+ break;
+ }
+ else if (pin.Length == 0)
+ {
+ // %%% <rdar://4334623>
+ // PIN previously verified by securityd;
+ // continue to look at remaining samples
+ }
+ else
+ {
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+ }
+ }
+ }
+ }
+
+ byte_string commandString = command->encode();
+ PIVError::check(pivToken.exchangeChainedAPDU(0x00, 0x87, algRef, keyRef, commandString, output));
+
+ /* DECODE 0x7C */
+ TLV_ref tlv;
+ try {
+ tlv = TLV::parse(output);
+ } catch(...) {
+ secure_zero(output);
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ }
+ secure_zero(output);
+ if(tlv->getTag() != (unsigned char*)"\x7C") {
+ secdebug("piv", " %s: computeCrypt: missing response tag: 0x%.2X",
+ description(), 0x7C);
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+ byte_string tagData;
+ try {
+ TLVList list = tlv->getInnerValues();
+ TLVList::const_iterator iter = find_if(list.begin(), list.end(), TagPredicate(0x82));
+ if(iter != list.end())
+ tagData = (*iter)->getValue();
+ } catch(...) {
+ }
+ if(tagData.size() == 0) {
+ secdebug("piv", " %s: computeCrypt: missing response value tag: 0x%.2X",
+ description(), 0x82);
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+
+ if(tagData.size() != sizeInBits() / 8) { // Not enough data at all..
+ secure_zero(tagData);
+ secdebug("piv", " %s: computeCrypt: expected contained response length: %ld, got: %ld",
+ description(), sizeInBits() / 8, tagData.size());
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+
+ output.swap(tagData);
+ /* zero-out tagData */
+ secure_zero(tagData);
+}
+
+void PIVKeyRecord::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ if (!mAclEntries) {
+ mAclEntries.allocator(Allocator::standard());
+ // Anyone can read the DB record for this key (which is a reference
+ // CSSM_KEY)
+ mAclEntries.add(CssmClient::AclFactory::AnySubject(
+ mAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+
+ CssmData prompt;
+ char tmptag[20];
+ const uint32 slot = 1; // hardwired for now, but...
+ snprintf(tmptag, sizeof(tmptag), "PIN%d", slot);
+
+ if(isUserConsent()) { // PIN1 must be entered every time
+ mAclEntries.add(
+ CssmClient::AclFactory::PromptPWSubject(mAclEntries.allocator(), prompt),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0),
+ tmptag);
+ } else {
+ // Using this key to sign or decrypt will require PIN1
+ mAclEntries.add(CssmClient::AclFactory::PinSubject(
+ mAclEntries.allocator(), 1),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_DECRYPT, 0),
+ tmptag);
+ }
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+bool PIVKeyRecord::isUserConsent() const {
+ return keyRef == PIV_KEYREF_PIV_DIGITAL_SIGNATURE;
+}
Added: releases/Apple/OSX-10.6.7/PIV/PIVRecord.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVRecord.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVRecord.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVRecord.h
+ * TokendPIV
+ */
+
+#ifndef _PIVRECORD_H_
+#define _PIVRECORD_H_
+
+#include "Record.h"
+
+#include "byte_string.h"
+
+class PIVToken;
+
+class PIVRecord : public Tokend::Record
+{
+ NOCOPY(PIVRecord)
+public:
+ PIVRecord(const unsigned char *application, size_t applicationSize, const char *description) :
+ mApplication(application, application + applicationSize), mDescription(description) {}
+ virtual ~PIVRecord();
+
+ virtual const char *description() { return mDescription.c_str(); }
+
+protected:
+ const unsigned char *application() const { return &mApplication[0]; }
+
+protected:
+ const byte_string mApplication;
+ const std::string mDescription;
+};
+
+
+class PIVKeyRecord : public PIVRecord
+{
+ NOCOPY(PIVKeyRecord)
+public:
+ PIVKeyRecord(const unsigned char *application, size_t applicationSize, const char *description,
+ const Tokend::MetaRecord &metaRecord, unsigned char keyRef, size_t keySize);
+ virtual ~PIVKeyRecord();
+
+ size_t sizeInBits() const;
+ void computeCrypt(PIVToken &pivToken, bool sign, const AccessCredentials *cred,
+ const byte_string& data_type, byte_string &output);
+
+ virtual void getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&aclList);
+private:
+ AutoAclEntryInfoList mAclEntries;
+ const unsigned char keyRef;
+ bool isUserConsent() const;
+ size_t keySize;
+};
+
+
+class PIVDataRecord : public PIVRecord
+{
+ NOCOPY(PIVDataRecord)
+public:
+ PIVDataRecord(const unsigned char *application, size_t applicationSize, const char *description) :
+ PIVRecord(application, applicationSize, description), mIsCertificate(false), mAllowCaching(true) {}
+ virtual ~PIVDataRecord();
+
+ virtual Tokend::Attribute *getDataAttribute(Tokend::TokenContext *tokenContext);
+
+protected:
+
+ bool mIsCertificate;
+ bool mAllowCaching;
+ /* Added to permit caching on-demand as well as keep the string values around long enough to send
+ * to securityd */
+ auto_ptr<Tokend::Attribute> lastAttribute;
+};
+
+class PIVCertificateRecord : public PIVDataRecord
+{
+ NOCOPY(PIVCertificateRecord)
+public:
+ PIVCertificateRecord(const unsigned char *application, size_t applicationSize,
+ const char *description) :
+ PIVDataRecord(application, applicationSize, description) {mIsCertificate = true; mAllowCaching = true; }
+ virtual ~PIVCertificateRecord();
+};
+
+class PIVProtectedRecord : public PIVDataRecord
+{
+ NOCOPY(PIVProtectedRecord)
+public:
+ PIVProtectedRecord(const unsigned char *application, size_t applicationSize, const char *description) :
+ PIVDataRecord(application, applicationSize, description) {mIsCertificate = false; mAllowCaching = false; }
+ virtual ~PIVProtectedRecord();
+
+ virtual void getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&aclList);
+private:
+ AutoAclEntryInfoList mAclEntries;
+};
+
+#endif /* !_PIVRECORD_H_ */
Added: releases/Apple/OSX-10.6.7/PIV/PIVSchema.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVSchema.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVSchema.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVSchema.cpp
+ * TokendPIV
+ */
+
+/* ---------------------------------------------------------------------------
+ *
+ * MODIFY
+ * - Change key size if necessary
+ *
+ * ---------------------------------------------------------------------------
+*/
+
+#include "PIVSchema.h"
+
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+
+#include <Security/SecCertificate.h>
+#include <Security/SecKeychainItem.h>
+#include <Security/SecKey.h>
+
+using namespace Tokend;
+
+PIVSchema::PIVSchema() :
+ mKeyAlgorithmCoder(uint32(CSSM_ALGID_RSA))
+{
+}
+
+PIVSchema::~PIVSchema()
+{
+}
+
+Tokend::Relation *PIVSchema::createKeyRelation(CSSM_DB_RECORDTYPE keyType)
+{
+ Relation *rn = createStandardRelation(keyType);
+
+ // Set up coders for key records.
+ MetaRecord &mr = rn->metaRecord();
+ mr.keyHandleFactory(&mPIVKeyHandleFactory);
+
+ // Print name of a key might as well be the key name.
+ mr.attributeCoder(kSecKeyPrintName, &mDescriptionCoder);
+
+ // Other key valuess
+ mr.attributeCoder(kSecKeyKeyType, &mKeyAlgorithmCoder);
+ mr.attributeCoder(kSecKeyKeySizeInBits, &mKeySizeCoder);
+ mr.attributeCoder(kSecKeyEffectiveKeySize, &mKeySizeCoder);
+
+ // Key attributes
+ mr.attributeCoder(kSecKeyExtractable, &mFalseCoder);
+ mr.attributeCoder(kSecKeySensitive, &mTrueCoder);
+ mr.attributeCoder(kSecKeyModifiable, &mFalseCoder);
+ mr.attributeCoder(kSecKeyPrivate, &mTrueCoder);
+ mr.attributeCoder(kSecKeyNeverExtractable, &mTrueCoder);
+ mr.attributeCoder(kSecKeyAlwaysSensitive, &mTrueCoder);
+
+ // Key usage
+ mr.attributeCoder(kSecKeyEncrypt, &mFalseCoder);
+ mr.attributeCoder(kSecKeyWrap, &mFalseCoder);
+ mr.attributeCoder(kSecKeyVerify, &mFalseCoder);
+ mr.attributeCoder(kSecKeyDerive, &mFalseCoder);
+ mr.attributeCoder(kSecKeySignRecover, &mFalseCoder);
+ mr.attributeCoder(kSecKeyVerifyRecover, &mFalseCoder);
+
+ return rn;
+}
+
+void PIVSchema::create()
+{
+ Schema::create();
+
+ createStandardRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+ createKeyRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
+
+ Relation *rn_gen = createStandardRelation(CSSM_DL_DB_RECORD_GENERIC);
+
+ // Create the generic table
+ MetaRecord &mr_gen = rn_gen->metaRecord();
+ mr_gen.attributeCoderForData(&mPIVDataAttributeCoder);
+}
+
Added: releases/Apple/OSX-10.6.7/PIV/PIVSchema.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVSchema.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVSchema.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVSchema.h
+ * TokendPIV
+ */
+
+#ifndef _PIVSCHEMA_H_
+#define _PIVSCHEMA_H_
+
+#include "Schema.h"
+#include "PIVAttributeCoder.h"
+#include "PIVKeyHandle.h"
+
+namespace Tokend
+{
+ class Relation;
+ class MetaRecord;
+ class AttributeCoder;
+}
+
+class PIVSchema : public Tokend::Schema
+{
+ NOCOPY(PIVSchema)
+public:
+ PIVSchema();
+ virtual ~PIVSchema();
+
+ virtual void create();
+
+protected:
+ Tokend::Relation *createKeyRelation(CSSM_DB_RECORDTYPE keyType);
+
+private:
+ // Coders we need.
+ PIVDataAttributeCoder mPIVDataAttributeCoder;
+
+ Tokend::ConstAttributeCoder mKeyAlgorithmCoder;
+ PIVKeySizeAttributeCoder mKeySizeCoder;
+
+ PIVKeyHandleFactory mPIVKeyHandleFactory;
+};
+
+#endif /* !_PIVSCHEMA_H_ */
Added: releases/Apple/OSX-10.6.7/PIV/PIVToken.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVToken.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVToken.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,1016 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVToken.cpp
+ * TokendPIV
+ */
+
+#include "PIVToken.h"
+#include "PIVDefines.h"
+#include "PIVCCC.h"
+
+#include "Adornment.h"
+#include "AttributeCoder.h"
+#include "PIVError.h"
+#include "PIVRecord.h"
+#include "PIVSchema.h"
+#include <security_cdsa_client/aclclient.h>
+#include <map>
+#include <vector>
+#include <zlib.h>
+#include <CoreFoundation/CFString.h>
+/* FOR KEYSIZE RETREIVAL */
+#include <Security/Security.h>
+
+#include <algorithm> /* min */
+
+#include "TLV.h"
+
+using CssmClient::AclFactory;
+
+/*
+ APDU: 00 A4 04 00 06 A0 00 00 00 01 01
+ APDU: 6A 82 ==> applet not found (NISTIR6887 5.3.3.2/ISO 7816-4)
+*/
+
+#pragma mark ---------- PIV defines ----------
+
+
+// Result codes [Ref NISTIR6887 5.1.1.1 Get Response APDU]
+
+#define PIV_RESULT_SUCCESS_SW1 0x90 //[ref SCARD_SUCCESS]
+#define PIV_RESULT_SUCCESS_SW2 (unsigned char )0x00
+#define PIV_RESULT_CONTINUATION_SW1 (unsigned char )0x61
+
+/*
+ 00 A4 04 00 07 A0 00 00 01 51 00 00 [A0000001510000]
+ 00 A4 04 00 06 A0 00 00 00 01 01
+
+ 00 A4 04 00 0B A0 00 00 03 08 00 00 10 00 01 00
+ Select applet/object (00 A4 )
+ select by AID (04)
+ P2 (00)
+ Lc (length of data) (0B)
+ Applet id A0 00 00 03 08 00 00 10 00 01 00 (A000000308000010000100)
+ A0 00 00 03 08 00 00 10 00 01 00
+ 1. Send SELECT card command with,
+
+ 2. Send SELECT card command without the version number,
+ 0 10 00
+ ...
+ AID == A0 00 00 03 08 00 00 10 00 01 00
+ ...
+ AID == A0 00 00 03 08 00 00
+*/
+
+static const unsigned char kSelectPIVApplet[] = { SELECT_PIV_APPLET_LONG }; // or SELECT_PIV_APPLET_SHORT
+
+static const unsigned char kUniversalAID[] = { 0xA0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00 };
+
+#pragma mark ---------- Data Description Strings -----------
+
+static const char *sDescripCardCapabilityContainer = "CCC";
+static const char *sDescripCardHolderUniqueIdentifier = "CHUID";
+static const char *sDescripCardHolderFingerprints = "FINGERPRINTS";
+static const char *sDescripPrintedInformation = "PRINTDATA";
+static const char *sDescripCardHolderFacialImage = "FACIALIMAGE";
+
+#pragma mark ---------- Object IDs ----------
+
+static const unsigned char oidCardCapabilityContainer[] = { PIV_OBJECT_ID_CARD_CAPABILITY_CONTAINER };
+static const unsigned char oidCardHolderUniqueIdentifier[] = { PIV_OBJECT_ID_CARDHOLDER_UNIQUEID };
+static const unsigned char oidCardHolderFingerprints[] = { PIV_OBJECT_ID_CARDHOLDER_FINGERPRINTS };
+static const unsigned char oidPrintedInformation[] = { PIV_OBJECT_ID_PRINTED_INFORMATION };
+static const unsigned char oidCardHolderFacialImage[] = { PIV_OBJECT_ID_CARDHOLDER_FACIAL_IMAGE };
+static const unsigned char oidX509CertificatePIVAuthentication[] = { PIV_OBJECT_ID_X509_CERTIFICATE_PIV_AUTHENTICATION };
+static const unsigned char oidX509CertificateDigitalSignature[] = { PIV_OBJECT_ID_X509_CERTIFICATE_DIGITAL_SIGNATURE };
+static const unsigned char oidX509CertificateKeyManagement[] = { PIV_OBJECT_ID_X509_CERTIFICATE_KEY_MANAGEMENT };
+static const unsigned char oidX509CertificateCardAuthentication[] = { PIV_OBJECT_ID_X509_CERTIFICATE_CARD_AUTHENTICATION };
+
+
+#pragma mark ---------- NO/MINOR MODIFICATION NEEDED ----------
+
+PIVToken::PIVToken() :
+ mCurrentApplet(NULL), mPinStatus(0)
+{
+ mTokenContext = this;
+ mSession.open();
+}
+
+PIVToken::~PIVToken()
+{
+ delete mSchema;
+}
+
+
+void PIVToken::didDisconnect()
+{
+ PCSC::Card::didDisconnect();
+ mCurrentApplet = NULL;
+ mPinStatus = 0;
+}
+
+void PIVToken::didEnd()
+{
+ PCSC::Card::didEnd();
+ mCurrentApplet = NULL;
+ mPinStatus = 0;
+}
+
+void PIVToken::unverifyPIN(int pinNum)
+{
+ if (pinNum != -1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ end(SCARD_RESET_CARD);
+}
+
+void PIVToken::establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX])
+{
+ Tokend::ISO7816Token::establish(guid, subserviceId, flags,
+ cacheDirectory, workDirectory, mdsDirectory, printName);
+
+#ifdef _USECERTIFICATECOMMONNAME
+ std::string commonName = authCertCommonName();
+ ::snprintf(printName, 40, "PIV-%s", commonName.c_str());
+#else
+ byte_string cccOid((const unsigned char *)oidCardCapabilityContainer, oidCardCapabilityContainer + sizeof(oidCardCapabilityContainer));
+ byte_string cccdata;
+ getDataCore(cccOid, "CCC", false, true, cccdata);
+ PIVCCC ccc(cccdata);
+ ::snprintf(printName, 40, "PIV-%s", ccc.hexidentifier().c_str());
+#endif /* _USECERTIFICATECOMMONNAME */
+ Tokend::ISO7816Token::name(printName);
+ secdebug("pivtoken", "name: %s", printName);
+
+ if(mSchema)
+ delete mSchema;
+ mSchema = new PIVSchema();
+ mSchema->create();
+
+ populate();
+}
+
+//
+// Database-level ACLs
+//
+void PIVToken::getOwner(AclOwnerPrototype &owner)
+{
+ // we don't really know (right now), so claim we're owned by PIN #0
+ if (!mAclOwner)
+ {
+ mAclOwner.allocator(Allocator::standard());
+ mAclOwner = AclFactory::PinSubject(Allocator::standard(), 0);
+ }
+ owner = mAclOwner;
+}
+
+
+void PIVToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ //uint32_t cacresult = pinStatus();
+ Allocator &alloc = Allocator::standard();
+
+ if (unsigned pin = pinFromAclTag(tag, "?")) {
+ static AutoAclEntryInfoList acl;
+ acl.clear();
+ acl.allocator(alloc);
+ uint32_t status = this->pinStatus(pin);
+ if (status == SCARD_SUCCESS)
+ acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED);
+ else if (status >= PIV_AUTHENTICATION_FAILED_0 && status <= PIV_AUTHENTICATION_FAILED_3)
+ acl.addPinState(pin, 0, status - PIV_AUTHENTICATION_FAILED_0);
+ else
+ acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN);
+ count = acl.size();
+ acls = acl.entries();
+ return;
+ }
+
+ // mAclEntries sets the handle of each AclEntryInfo to the
+ // offset in the array.
+
+ // get pin list, then for each pin
+ if (!mAclEntries) {
+ mAclEntries.allocator(alloc);
+ // Anyone can read the attributes and data of any record on this token
+ // (it's further limited by the object itself).
+ mAclEntries.add(CssmClient::AclFactory::AnySubject(
+ mAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ // We support PIN1 with either a passed in password
+ // subject or a prompted password subject.
+ mAclEntries.addPin(AclFactory::PWSubject(alloc), 1);
+ mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), 1);
+ }
+ count = mAclEntries.size();
+ acls = mAclEntries.entries();
+}
+
+
+#pragma mark ---------- MODIFICATION REQUIRED ----------
+
+/* ---------------------------------------------------------------------------
+ *
+ * The methods in this section should be usable with very minor or no
+ * modifications. For example, for a PKCS#11 based tokend, replace
+ * mCurrentApplet with mObjectID or the like.
+ *
+ * ---------------------------------------------------------------------------
+*/
+
+uint32 PIVToken::probe(SecTokendProbeFlags flags, char tokenUid[TOKEND_MAX_UID]) // MODIFY
+{
+ /*
+ In probe, try to figure out if this is your token. If it is, return
+ a good score (e.g. 100-200) and set the tokenUid to something
+ unique-ish. It can be completely token-specific information.
+ If not, disconnect from the token and return 0.
+ */
+ uint32 score = Tokend::ISO7816Token::probe(flags, tokenUid);
+
+ bool doDisconnect = false; /*!(flags & kSecTokendProbeKeepToken); */
+
+ try
+ {
+ if (!identify())
+ doDisconnect = true;
+ else
+ {
+#ifndef _USEFALLBACKTOKENUID
+ byte_string cccOid((const unsigned char *)oidCardCapabilityContainer, oidCardCapabilityContainer + sizeof(oidCardCapabilityContainer));
+ byte_string cccdata;
+ /*
+ Since probe is called before establish, securityd has not passed us
+ the cache directory yet, so we don't try to cache anything right now
+ */
+ const bool allowCaching = false;
+ getDataCore(cccOid, "CCC", false, allowCaching, cccdata);
+ PIVCCC ccc(cccdata);
+ snprintf(tokenUid, TOKEND_MAX_UID, "PIV-%s", ccc.hexidentifier().c_str());
+
+#else
+ // You should put something to uniquely identify the token into
+ // tokenUid if possible, since then caching of large items such
+ // as certificates will be possible. Here we just put in some
+ // random junk.
+ unsigned char buffer[80];
+ time_t now;
+ struct tm* timestruct = localtime(&now);
+ strftime(reinterpret_cast<char *>(buffer), 80, "%+", timestruct); // like "date" output in shell
+ snprintf(tokenUid, TOKEND_MAX_UID, "PIV-%s", buffer);
+#endif
+ score = 110;
+ secdebug("probe", "recognized %s", tokenUid);
+ }
+ }
+ catch (...)
+ {
+ doDisconnect = true;
+ score = 0;
+ }
+
+ if (doDisconnect)
+ disconnect();
+
+ return score;
+}
+
+size_t PIVToken::getKeySize(const byte_string &cert) const {
+ size_t keySize = 0;
+ SecCertificateRef certRef = 0;
+ SecKeyRef keyRef = 0;
+ /* Parse certificate for size */
+ CSSM_DATA certData;
+ certData.Data = (uint8_t*)&cert[0];
+ certData.Length = cert.size();
+ const CSSM_KEY *cssmKey = NULL;
+ OSStatus status = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER, &certRef);
+ if(status != noErr) goto done;
+ status = SecCertificateCopyPublicKey(certRef, &keyRef);
+ if(status != noErr) goto done;
+ status = SecKeyGetCSSMKey(keyRef, &cssmKey);
+ if(status != noErr) goto done;
+ keySize = cssmKey->KeyHeader.LogicalKeySizeInBits;
+done:
+ if(keyRef)
+ CFRelease(keyRef);
+ if(certRef)
+ CFRelease(certRef);
+ return keySize;
+}
+
+void PIVToken::populate()
+{
+ /*
+ @@@ To do:
+ read and parse CCC record to find out if the card has all of the optional records
+ before adding them
+ */
+
+ secdebug("populate", "PIVToken::populate() begin");
+
+ // These lines will be the same for any token with certs, keys, and
+ // data records.
+ Tokend::Relation &certRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE);
+ Tokend::Relation &privateKeyRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_PRIVATE_KEY);
+ Tokend::Relation &dataRelation =
+ mSchema->findRelation(CSSM_DL_DB_RECORD_GENERIC);
+
+ /*
+ Table 1. SP 800-73 Data Model Containers
+
+ RID 'A0 00 00 00 01 16' - ContainerID - Access Rule - Contact/Contactless - M/O
+ Card Capability Container 0xDB00 Read Always Contact Mandatory
+ CHUID Buffer 0x3000 Read Always Contact & Contactless Mandatory
+ PIV Authentication Certificate Buffer 0x0101 Read Always Contact Mandatory
+ Fingerprint Buffer 0x6010 PIN Contact Mandatory
+ Printed Information Buffer 0x3001 PIN Contact Optional
+ Facial Image Buffer 0x6030 PIN Contact Optional
+ Digital Signature Certificate Buffer 0x0100 Read Always Contact Optional
+ Key Management Certificate Buffer 0x0102 Read Always Contact Optional
+ Card Authentication Certificate Buffer 0x0500 Read Always Contact Optional
+ Security Object Buffer 0x9000 Read Always Contact Mandatory
+ */
+
+ // Since every object ID is 3 bytes long, this works
+ const size_t sz = sizeof(oidCardCapabilityContainer);
+
+ // Card Capability Container 2.16.840.1.101.3.7.1.219.0 '5FC107' [Mandatory]
+ if (getDataExists(oidCardCapabilityContainer, sz, sDescripCardCapabilityContainer))
+ dataRelation.insertRecord(new PIVDataRecord(oidCardCapabilityContainer, sz, sDescripCardCapabilityContainer));
+
+ // Card Holder Unique Identifier 2.16.840.1.101.3.7.2.48.0 '5FC102' [Mandatory] [CHUID]
+ if (getDataExists(oidCardHolderUniqueIdentifier, sz, sDescripCardHolderUniqueIdentifier))
+ dataRelation.insertRecord(new PIVDataRecord(oidCardHolderUniqueIdentifier, sz, sDescripCardHolderUniqueIdentifier));
+
+ // Card Holder Fingerprints 2.16.840.1.101.3.7.2.96.16 '5FC103' [Mandatory]
+ if (getDataExists(oidCardHolderFingerprints, sz, sDescripCardHolderFingerprints))
+ dataRelation.insertRecord(new PIVProtectedRecord(oidCardHolderFingerprints, sz, sDescripCardHolderFingerprints));
+
+ // Printed Information 2.16.840.1.101.3.7.2.48.1 '5FC109' [Optional]
+ if (getDataExists(oidPrintedInformation, sz, sDescripPrintedInformation))
+ dataRelation.insertRecord(new PIVProtectedRecord(oidPrintedInformation, sz, sDescripPrintedInformation));
+
+ // Card Holder Facial Image 2.16.840.1.101.3.7.2.96.48 '5FC108' O
+ if (getDataExists(oidCardHolderFacialImage, sz, sDescripCardHolderFacialImage))
+ dataRelation.insertRecord(new PIVProtectedRecord(oidCardHolderFacialImage, sz, sDescripCardHolderFacialImage));
+
+ // Now describe the keys and certificates
+
+ // Note that the "Card Management Key", keyref 0x9B is a symmetric key
+ // and so is not listed here
+
+ const unsigned char *certids[] =
+ {
+ oidX509CertificatePIVAuthentication, // 0x9A
+ oidX509CertificateDigitalSignature, // 0x9C
+ oidX509CertificateKeyManagement, // 0x9D
+ oidX509CertificateCardAuthentication // 0x9E
+ };
+
+ const char *certNames[] =
+ {
+ "PIV Authentication Certificate",
+ "Digital Signature Certificate",
+ "Key Management Certificate",
+ "Card Authentication Certificate"
+ };
+
+ const char *keyNames[] =
+ {
+ "PIV Authentication Private Key", // Keyref 9A
+ "Digital Signature Private Key", // Keyref 9C
+ "Key Management Private Key", // Keyref 9D
+ "Card Authentication Private Key" // Keyref 9E
+ };
+
+ const unsigned char keyRefs[] =
+ {
+ PIV_KEYREF_PIV_AUTHENTICATION,
+ PIV_KEYREF_PIV_DIGITAL_SIGNATURE,
+ PIV_KEYREF_PIV_KEY_MANAGEMENT,
+ PIV_KEYREF_PIV_CARD_AUTHENTICATION
+ };
+
+ for (unsigned int ix=0;ix<sizeof(certids)/sizeof(certids[0]);++ix)
+ {
+ byte_string certData;
+ try {
+ getDataCore(byte_string(certids[ix], certids[ix] + sz), certNames[ix], true, true, certData);
+ } catch(PIVError &e) {
+ continue;
+ }
+ int keySize = getKeySize(certData);
+ if(keySize == 0) continue;
+
+ RefPointer<Tokend::Record> cert(new PIVCertificateRecord(certids[ix], sz, certNames[ix]));
+ certRelation.insertRecord(cert);
+
+ RefPointer<Tokend::Record> key(new PIVKeyRecord(certids[ix], sz, keyNames[ix], privateKeyRelation.metaRecord(), keyRefs[ix], keySize));
+ privateKeyRelation.insertRecord(key);
+
+ // The Adornment class links a particular PIVCertificateRecord
+ // with its corresponding PIVKeyRecord record
+ key->setAdornment(mSchema->publicKeyHashCoder().certificateKey(),
+ new Tokend::LinkedRecordAdornment(cert));
+ }
+
+ secdebug("populate", "PIVToken::populate() end");
+}
+
+bool PIVToken::identify()
+{
+ // For the PIV identify function, just try to select the PIV applet.
+ // If it fails, this is not a PIV card.
+
+ try
+ {
+ selectDefault();
+ return true;
+ }
+ catch (const PCSC::Error &error)
+ {
+ if (error.error == SCARD_E_PROTO_MISMATCH)
+ return false;
+ throw;
+ }
+}
+
+void PIVToken::changePIN(int pinNum,
+ const unsigned char *oldPin, size_t oldPinLength,
+ const unsigned char *newPin, size_t newPinLength)
+{
+ /*
+ References:
+ - 7.2.2 CHANGE REFERENCE DATA Card Command [SP800731]
+ */
+ if (pinNum < PIV_VERIFY_KEY_NUMBER_DEFAULT || pinNum > PIV_VERIFY_KEY_NUMBER_MAX)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ if (oldPinLength < PIV_VERIFY_PIN_LENGTH_MIN || oldPinLength > PIV_VERIFY_PIN_LENGTH_MAX ||
+ newPinLength < PIV_VERIFY_PIN_LENGTH_MIN || newPinLength > PIV_VERIFY_PIN_LENGTH_MAX)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+
+ PCSC::Transaction _(*this);
+ // Change pin requires that we select the default applet first
+ selectDefault();
+
+ const unsigned char dataFieldLen = 0x10; // doc says must be 16 (= 2x8)
+ const unsigned char APDU_TEMPLATE[] = { PIV_CHANGE_REFERENCE_DATA_APDU_TEMPLATE };
+ byte_string apdu(APDU_TEMPLATE, APDU_TEMPLATE + sizeof(APDU_TEMPLATE));
+
+ apdu[PIV_VERIFY_APDU_INDEX_KEY] = static_cast<unsigned char>(pinNum & 0xFF);
+ apdu[PIV_VERIFY_APDU_INDEX_LEN] = dataFieldLen;
+
+ copy(oldPin, oldPin + oldPinLength, apdu.begin() + PIV_VERIFY_APDU_INDEX_DATA);
+ copy(newPin, newPin + newPinLength, apdu.begin() + PIV_CHANGE_REFERENCE_DATA_APDU_INDEX_DATA2);
+
+ byte_string result;
+
+ mPinStatus = exchangeAPDU(apdu, result);
+ /* Clear out pin by forcing zeroes in */
+ secure_zero(apdu);
+ PIVError::check(mPinStatus);
+}
+
+uint32_t PIVToken::pinStatus(int pinNum)
+{
+ /*
+ Ref 5.1.2.4 Verify APDU [NISTIR6887]
+
+ Processing State returned in the Response Message
+ SW1 SW2 Meaning
+ 63 00 Verification failed
+ 63 CX Verification failed, X indicates the number of further allowed retries
+ 69 83 Authentication method blocked [SCARD_AUTHENTICATION_BLOCKED]
+ 69 84 Referenced data deactivated [SCARD_REFERENCED_DATA_INVALIDATED]
+ 6A 86 Incorrect parameters P1-P2 [SCARD_INCORRECT_P1_P2]
+ 6A 88 Reference data not found [SCARD_REFERENCED_DATA_NOT_FOUND]
+ 90 00 Successful execution [SCARD_SUCCESS]
+ */
+ if (pinNum < PIV_VERIFY_KEY_NUMBER_DEFAULT || pinNum > PIV_VERIFY_KEY_NUMBER_MAX)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ if (mPinStatus && isInTransaction())
+ return mPinStatus;
+
+ PCSC::Transaction _(*this);
+ // Verify pin requires that we select the default applet first
+ selectDefault();
+
+ const unsigned char APDU_TEMPLATE[] = { PIV_VERIFY_APDU_STATUS };
+ byte_string apdu(APDU_TEMPLATE, APDU_TEMPLATE + sizeof(APDU_TEMPLATE));
+
+ apdu[PIV_VERIFY_APDU_INDEX_KEY] = 0x80;//static_cast<unsigned char>(pinNum & 0xFF);
+
+ byte_string result;
+
+ mPinStatus = exchangeAPDU(apdu, result);
+ if (((mPinStatus & 0xFF00) != SCARD_AUTHENTICATION_FAILED) &&
+ (mPinStatus != SCARD_AUTHENTICATION_BLOCKED))
+ PIVError::check(mPinStatus);
+
+ if ((mPinStatus & 0xFF00) == SCARD_AUTHENTICATION_FAILED)
+ secdebug("pivtoken", "pinStatus: %d authentication attempts remaining", (mPinStatus & 0x000F));
+ else
+ if (mPinStatus == SCARD_AUTHENTICATION_BLOCKED)
+ secdebug("pivtoken", "pinStatus: CARD IS BLOCKED");
+
+ return mPinStatus;
+}
+
+// 00 20 00 80 08 31 32 33 34 35 36 FF FF
+//APDU: 00 20 00 01 08 31 32 33 34 35 36 FF FF
+//APDU: 6A 88
+
+void PIVToken::verifyPIN(int pinNum,
+ const unsigned char *pin, size_t pinLength)
+{
+ // 5.1.2.4 Verify APDU [NISTIR6887]
+
+ if (pinNum < PIV_VERIFY_KEY_NUMBER_DEFAULT || pinNum > PIV_VERIFY_KEY_NUMBER_MAX)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ if (pinLength < PIV_VERIFY_PIN_LENGTH_MIN || pinLength > PIV_VERIFY_PIN_LENGTH_MAX)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+
+ PCSC::Transaction _(*this);
+ // Verify pin requires that we select the default applet first
+ selectDefault();
+
+ const unsigned char dataFieldLen = 8; // doc says must be 8
+
+ const unsigned char APDU_TEMPLATE[] = { PIV_VERIFY_APDU_TEMPLATE };
+ byte_string apdu(APDU_TEMPLATE, APDU_TEMPLATE + sizeof(APDU_TEMPLATE));
+
+ apdu[PIV_VERIFY_APDU_INDEX_KEY] = 0x80;//static_cast<unsigned char>(pinNum & 0xFF);
+ apdu[PIV_VERIFY_APDU_INDEX_LEN] = dataFieldLen;
+
+ copy(pin, pin + pinLength, apdu.begin() + PIV_VERIFY_APDU_INDEX_DATA);
+
+ byte_string result;
+
+ mPinStatus = exchangeAPDU(apdu, result);
+ /* Clear out pin */
+ secure_zero(apdu);
+ PIVError::check(mPinStatus);
+ // Start a new transaction which we never get rid of until someone calls
+ // unverifyPIN()
+ begin();
+}
+
+
+#pragma mark ---------------- TOKEN Specific/Utility --------------
+
+
+/* ---------------------------------------------------------------------------
+ *
+ * The methods in this section are useful utility functions for Java
+ * cards, but may be useful for other tokens as well with appropriate
+ * changes.
+ *
+ * ---------------------------------------------------------------------------
+*/
+
+void PIVToken::select(const unsigned char *applet, size_t appletLength)
+{
+ /*
+ References:
+ - 2.3.3.3.1 SELECT APDU [SP800731]
+ - 5.1.1.4 Select File APDU [NISTIR6887]
+
+ Data Field returned in the Response Message
+ If P2 is set to 0x00, data is returned as per ISO 7816-4 [ISO4].
+ If P2 is set to 0x0C, no data is returned.
+
+ Processing State returned in the Response Message
+
+ SW1 SW2 Meaning
+ 62 83 Selected file deactivated
+ 62 84 FCI not formatted according to ISO 7816-4 Section 5.1.5
+ 6A 81 Function not supported
+ 6A 82 File not found
+ 6A 86 Incorrect parameters P1-P2
+ 6A 87 Lc inconsistent with P1-P2
+ 90 00 Successful execution
+ */
+
+ secdebug("pivtoken", "select BEGIN");
+ // If we are already connected and our current applet is already selected we are done.
+ if (isInTransaction() && mCurrentApplet == applet)
+ return;
+
+ byte_string apdu(applet, applet + appletLength);
+ byte_string result;
+ bool failed = false;
+
+ uint16_t rx;
+ try
+ {
+ rx = exchangeAPDU(apdu, result);
+ }
+ catch (const PCSC::Error &error)
+ {
+ secdebug("pivtoken", "select transmit error: %ld (0x%04lX)]", error.error, error.error);
+ if (error.error == SCARD_E_PROTO_MISMATCH)
+ return;
+ failed = true;
+ }
+ catch (...)
+ {
+ secdebug("pivtoken", "select transmit unknown failure");
+ failed = true;
+ }
+ //PCSC::Error Transaction failed. (-2146435050) osStatus -2147416063
+ // We could return a more specific error based on the codes above
+
+ if (failed || (rx != SCARD_SUCCESS))
+ {
+ secdebug("pivtoken", "select END [FAILURE %02X %02X]",
+ result[result.size() - 2], result[result.size() - 1]);
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+
+ if (isInTransaction())
+ mCurrentApplet = applet;
+
+ secdebug("pivtoken", "select END [SUCCESS]");
+}
+
+void PIVToken::selectDefault()
+{
+ select(kSelectPIVApplet, sizeof(kSelectPIVApplet));
+}
+
+uint16_t PIVToken::simpleExchangeAPDU(const byte_string &apdu, byte_string &result) {
+ transmit(apdu, result);
+ if (result.size() < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ uint16_t ret = (result[result.size() - 2] << 8) + result[result.size() - 1];
+ // Trim off status bytes
+ result.resize(result.size() - 2);
+ return ret;
+}
+
+uint16_t PIVToken::exchangeAPDU(const byte_string &apdu, byte_string &result)
+{
+ static const uint8_t GET_RESULT_TEMPLATE [] = { 0x00, 0xC0, 0x00, 0x00, 0xFF };
+ byte_string getResult(GET_RESULT_TEMPLATE, GET_RESULT_TEMPLATE + sizeof(GET_RESULT_TEMPLATE));
+ const int SIZE_INDEX = 4;
+
+ uint16_t ret = simpleExchangeAPDU(apdu, result);
+ /* Keep pulling more data */
+ while ((ret >> 8) == PIV_RESULT_CONTINUATION_SW1)
+ {
+ size_t expectedLength = ret & 0xFF;
+ if(expectedLength == 0) /* 256-byte case .. */
+ expectedLength = 256;
+ getResult[SIZE_INDEX] = expectedLength & 0xFF;
+ ret = simpleExchangeAPDU(getResult, result);
+ }
+ return ret;
+}
+
+uint16_t PIVToken::exchangeChainedAPDU(unsigned char cla, unsigned char ins,
+ unsigned char p1, unsigned char p2,
+ const byte_string &data,
+ byte_string &result)
+{
+ const size_t BASE_CHUNK_LENGTH = 242; /* 242 == reasonably safe data chunk amount well under 256 */
+ byte_string apdu;
+ uint16_t ret;
+ apdu.reserve(5 + BASE_CHUNK_LENGTH);
+ apdu.resize(5);
+ apdu[0] = cla;
+ apdu[1] = ins;
+ apdu[2] = p1;
+ apdu[3] = p2;
+
+ apdu[0] |= 0x10;
+ byte_string::iterator apduDataBegin = apdu.begin() + 5;
+ size_t chunkLength;
+ byte_string::const_iterator iter;
+ /* Chain data and skip last chunk since its in the receiving end */
+ for(iter = data.begin(); (iter + BASE_CHUNK_LENGTH) < data.end(); iter += BASE_CHUNK_LENGTH) {
+ chunkLength = std::min(BASE_CHUNK_LENGTH, (size_t)(data.end() - iter));
+ apdu.resize(5 + chunkLength);
+ apdu[4] = chunkLength & 0xFF;
+ copy(iter, iter + chunkLength, apduDataBegin);
+ /* Don't send Le */
+ ret = simpleExchangeAPDU(apdu, result);
+ /* No real data should come back until chaining is complete */
+ PIVError::check(ret);
+ }
+ apdu[0] &= ~0x10;
+ apdu[4] = (data.end() - iter) & 0xFF;
+ apdu.resize(5 + (data.end() - iter));
+ copy(iter, data.end(), apduDataBegin);
+ /* LE BYTE? */
+ return exchangeAPDU(apdu, result);
+}
+
+byte_string PIVToken::buildGetData(const byte_string &oid, int limit /* = -1 */) const {
+ // The APDU only has space for a 3 byte OID
+ if (oid.size() != 3)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ const unsigned char dataFieldLen = 0x05;
+ static const unsigned char INITIAL_APDU_TEMPLATE[] = { PIV_GETDATA_APDU_TEMPLATE };
+ /* TODO: Build from ground-up */
+ byte_string initialApdu(INITIAL_APDU_TEMPLATE, INITIAL_APDU_TEMPLATE + sizeof(INITIAL_APDU_TEMPLATE));
+
+ initialApdu[PIV_GETDATA_APDU_INDEX_LEN] = dataFieldLen;
+ initialApdu[PIV_GETDATA_APDU_INDEX_OIDLEN] = oid.size();
+ copy(oid.begin(), oid.end(), initialApdu.begin() + PIV_GETDATA_APDU_INDEX_OID);
+ initialApdu.resize(PIV_GETDATA_APDU_INDEX_OID + oid.size());
+ if(limit > 255)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ if(limit >= 0)
+ initialApdu.push_back(limit);
+ return initialApdu;
+}
+
+/*
+ This is where the actual data for a certificate or other data is retrieved from the token.
+
+ Here is a sample exchange
+
+ APDU: 00 CB 3F FF 05 5C 03 5F C1 05
+ APDU: 61 00
+
+ APDU: 00 C0 00 00 00
+ APDU: 53 82 04 84 70 82 ... 61 00
+
+ APDU: 00 C0 00 00 00
+ APDU: 68 82 8C 52 65 ... 61 88
+
+ APDU: 00 C0 00 00 88
+ APDU: 50 D0 B2 A2 EF ... 90 00
+*/
+void PIVToken::getDataCore(const byte_string &oid, const char *description, bool isCertificate,
+ bool allowCaching, byte_string &data)
+{
+ /* First check the cache */
+ CssmData cssmData;
+ if(allowCaching && cachedObject(0, description, cssmData)) {
+ data.assign(cssmData.Data, cssmData.Data + cssmData.Length);
+ free(cssmData.Data);
+ return;
+ }
+ // Talk to token here to get data
+ {
+ byte_string getDataApdu = buildGetData(oid);
+ PCSC::Transaction _(*this);
+ selectDefault();
+ /* Continuation handled by exchangeAPDU */
+ uint16_t rx = exchangeAPDU(getDataApdu, data);
+ secdebug("pivtokend", "exchangeAPDU result %02X", rx);
+ PIVError::check(rx);
+ if(data.size() > PIV_MAX_DATA_SIZE) {
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ }
+ }
+ dumpDataRecord(data, oid);
+
+ // Start to parse the BER-TLV encoded data. In the end, we only return the
+ // main data part of this but we need to step through the rest first
+ // The certficates are the only types we parse here
+
+ if (data.size()<=0)
+ return;
+ if (data[0] != PIV_GETDATA_RESPONSE_TAG)
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+
+ if (isCertificate)
+ processCertificateRecord(data, oid, description);
+
+ if (!allowCaching)
+ return;
+ cssmData.Data = &data[0];
+ cssmData.Length = data.size();
+ cacheObject(0, description, cssmData);
+}
+
+void PIVToken::processCertificateRecord(byte_string &data, const byte_string &oid, const char *description)
+{
+ bool hasCertificateData = false;
+ bool isCompressed = false;
+
+ // 00000000 53 82 04 84 70 82 04 78 78 da 33 68 62 db 61 d0
+ TLV_ref tlv;
+ TLVList list;
+ try {
+ tlv = TLV::parse(data);
+ list = tlv->getInnerValues();
+ } catch(...) {
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ }
+
+ for(TLVList::const_iterator iter = list.begin(); iter != list.end(); ++iter) {
+ const byte_string &tagString = (*iter)->getTag();
+ const byte_string &value = (*iter)->getValue();
+ if(tagString.size() != 1)
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ uint8_t tag = tagString[0];
+ switch (tag)
+ {
+ case PIV_GETDATA_TAG_CERTIFICATE: // 0x70
+ data = value;
+ hasCertificateData = true;
+ break;
+ case PIV_GETDATA_TAG_CERTINFO: // 0x71
+ if(value.size() != 1)
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ secdebug("pivtokend", "CertInfo byte: %02X", value[0]);
+ isCompressed = value[0] & PIV_GETDATA_COMPRESSION_MASK;
+ break;
+ case PIV_GETDATA_TAG_MSCUID: // 0x72 -- should be of length 3...
+ break;
+ case PIV_GETDATA_TAG_ERRORDETECTION:
+ break;
+ case 0:
+ case 0xFF:
+ break;
+ default:
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ break;
+ }
+ }
+
+ /* No cert data ? */
+ if(!hasCertificateData)
+ PIVError::throwMe(SCARD_RETURNED_DATA_CORRUPTED);
+ if (isCompressed)
+ {
+ /* The certificate is compressed */
+ secdebug("pivtokend", "uncompressing compressed %s", description);
+ dumpDataRecord(data, oid, "-compressedcert");
+
+ byte_string uncompressedData;
+ uncompressedData.resize(PIV_MAX_DATA_SIZE);
+ int rv = Z_ERRNO;
+ int compTyp = compressionType(data);
+ rv = PIVToken::uncompressData(uncompressedData, data, compTyp);
+ if (rv != Z_OK)
+ {
+ secdebug("zlib", "uncompressing %s failed: %d [type=%d]", description, rv, compTyp);
+ CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT);
+ }
+ data = uncompressedData;
+ }
+ else
+ {
+ }
+ dumpDataRecord(data, oid, "-rawcert");
+}
+
+int PIVToken::compressionType(const byte_string &data)
+{
+ // Some ad-hoc stuff to guess at compression type
+ if (data.size() > 2 && data[0] == 0x1F && data[1] == 0x8B)
+ return kCompressionGzip;
+ if (data.size() > 1 /*&& (data[0] & 0x10) == Z_DEFLATED*/)
+ return kCompressionZlib;
+ else
+ return kCompressionUnknown;
+}
+
+int PIVToken::uncompressData(byte_string &uncompressedData, const byte_string &compressedData, int compressionType)
+{
+ z_stream dstream; // decompression stream
+ int windowSize = 15;
+ switch(compressionType) {
+ case kCompressionGzip:
+ windowSize += 0x20;
+ break;
+ case kCompressionZlib:
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_DL_DATABASE_CORRUPT);
+ }
+ dstream.zalloc = (alloc_func)0;
+ dstream.zfree = (free_func)0;
+ dstream.opaque = (voidpf)0;
+ /* Input not altered , so de-const-casting ok*/
+ dstream.next_in = (Bytef*)&compressedData[0];
+ dstream.avail_in = compressedData.size();
+ dstream.next_out = &uncompressedData[0];
+ dstream.avail_out = uncompressedData.size();
+ int err = inflateInit2(&dstream, windowSize);
+ if (err)
+ return err;
+
+ err = inflate(&dstream, Z_FINISH);
+ if (err != Z_STREAM_END)
+ {
+ inflateEnd(&dstream);
+ return err;
+ }
+ uncompressedData.resize(dstream.total_out);
+ err = inflateEnd(&dstream);
+ return err;
+}
+
+void PIVToken::dumpDataRecord(const byte_string &data, const byte_string &oid, const char *extraSuffix)
+{
+#if !defined(NDEBUG)
+ FILE *fp;
+ char fileName[128]={0,};
+ const char *kNamePrefix = "/tmp/pivobj-";
+ char suffix[32]={0,};
+ memcpy(fileName, kNamePrefix, strlen(kNamePrefix));
+ sprintf(suffix,"%02X%02X%02X", oid[0], oid[1], oid[2]);
+ strncat(fileName, suffix, 3);
+ if (extraSuffix)
+ strcat(fileName, extraSuffix);
+ if ((fp = fopen(fileName, "wb")) != NULL)
+ {
+ fwrite(&data[0], 1, data.size(), fp);
+ fclose(fp);
+ secdebug("pivtokend", "wrote data of length %ld to %s", data.size(), fileName);
+ }
+#endif
+}
+
+std::string PIVToken::authCertCommonName()
+{
+ // Since the PIV Authentication Certificate is mandatory, do the user
+ // a favor and find the common name to use as the name of the token
+
+ const char *cn = NULL;
+ SecCertificateRef certificateRef = NULL;
+ CFStringRef commonName = NULL;
+
+ byte_string data;
+ byte_string oidAuthCert(oidX509CertificatePIVAuthentication, oidX509CertificatePIVAuthentication + sizeof(oidX509CertificatePIVAuthentication));
+ getDataCore(oidAuthCert, "AUTHCERT", true, true, data);
+ CssmData certData(&data[0], data.size());
+ OSStatus status = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_BER, &certificateRef);
+ if (!status)
+ {
+ CFStringRef commonName = NULL;
+ SecCertificateCopyCommonName(certificateRef, &commonName);
+ if (commonName)
+ cn = CFStringGetCStringPtr(commonName, kCFStringEncodingMacRoman);
+ }
+
+ if (certificateRef)
+ CFRelease(certificateRef);
+ if (commonName)
+ CFRelease(commonName);
+
+ return std::string(cn?cn:"--unknown--");
+}
+
+size_t PIVToken::transmit(const byte_string::const_iterator &apduBegin, const byte_string::const_iterator &apduEnd, byte_string &result) {
+ const size_t BUFFER_SIZE = 1024;
+ size_t resultLength = BUFFER_SIZE;
+ size_t index = result.size();
+ /* To prevent data leaking, secure byte_string resize takes place */
+ secure_resize(result, result.size() + BUFFER_SIZE);
+ ISO7816Token::transmit(&(*apduBegin), (size_t)(apduEnd - apduBegin), &result[0]+ index, resultLength);
+ /* Trims the data, no expansion occurs */
+ result.resize(index + resultLength);
+ return resultLength;
+}
+
+bool PIVToken::getDataExists(const unsigned char *oid, size_t oidlen, const char *description)
+{
+ /* Read the data object, limiting it at one byte received to help speed things along */
+ byte_string result;
+ byte_string getDataApdu = buildGetData(byte_string(oid, oid + oidlen), 1);
+ uint16_t rx = simpleExchangeAPDU(getDataApdu, result);
+ if(rx == 0x6A82) return false; /* Object certainly doesn't exist */
+ if(rx == 0x6982) return true; /* Assume security status not satisified == object exists */
+ if(rx & 0xFF00 == SCARD_BYTES_LEFT_IN_SW2) return true; /* More bytes left */
+ if((rx >> 8) == PIV_RESULT_CONTINUATION_SW1) return true; /* More data available */
+ return result.size() > 0; /* Data has been returned */
+}
+
Added: releases/Apple/OSX-10.6.7/PIV/PIVToken.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVToken.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVToken.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,210 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PIVToken.h
+ * TokendPIV
+ */
+
+#ifndef _PIVTOKEN_H_
+#define _PIVTOKEN_H_
+
+#define _USECERTIFICATECOMMONNAME 1
+
+#include <Token.h>
+#include "TokenContext.h"
+#include "PIVDefines.h"
+
+#include <security_utilities/pcsc++.h>
+
+#include "byte_string.h"
+
+#pragma mark ---------- PIV defines ----------
+
+#define CLA_STANDARD 0x00
+#define INS_SELECT_FILE 0xA4
+#define INS_VERIFY_APDU 0x20 // SP800731 Section 2.3.3.2.1
+#define INS_CHANGE_REFERENCE_DATA 0x24 // [SP800731 7.2.2]
+
+// Placeholders for fields in the APDU to be filled in programmatically
+#define TBD_ZERO 0x00
+#define TBD_FF 0xFF
+
+// These are from NISTIR6887 5.1.1.4 Select File APDU
+// They are the values for the P1 field
+#define SELECT_P1_EXPLICIT 0x00
+#define SELECT_P1_CHILDDF 0x01
+#define SELECT_P1_CHILDEF 0x02
+#define SELECT_P1_PARENTDF 0x03
+
+#define SELECT_APPLET PIV_CLA_STANDARD, PIV_INS_SELECT_FILE, 0x04, 0x00 // Select application by AID
+
+#define SELECT_PIV_APPLET_VERS 0x10, 0x00, 0x01, 0x00
+#define SELECT_PIV_APPLET_SHORT SELECT_APPLET, 0x07, 0xA0, 0x00, 0x00, 0x03, 0x08, 0x00, 0x00
+#define SELECT_PIV_APPLET_LONG SELECT_APPLET, 0x0B, 0xA0, 0x00, 0x00, 0x03, 0x08, 0x00, 0x00, SELECT_PIV_APPLET_VERS
+
+#pragma mark ---------- Object IDs on Token ----------
+
+/*
+ Object IDs for objects on token. All currently 3 hex bytes.
+ See 4.2 OIDs and Tags of PIV Card Application Data Objects [SP800731]
+
+ 4.1 PIV Card Application Data Objects [SP800731]
+ A PIV Card Application shall contain six mandatory data objects and five optional data object for
+ interoperable use. The six mandatory data objects for interoperable use are as follows:
+
+ 1. Card Capability Container
+ 2. Card Holder Unique Identifier
+ 3. X.509 Certificate for PIV Authentication
+ 4. Card Holder Fingerprint I
+ 5. Card Holder Fingerprint II2
+ 6. Security Object
+
+ The five optional data objects for interoperable use are as follows:
+
+ 1. Card Holder Facial Image
+ 2. Printed Information
+ 3. X.509 Certificate for PIV Digital Signature
+ 4. X.509 Certificate for PIV Key Management
+ 5. X.509 Certificate for Card Authentication
+*/
+
+// Card Capability Container 2.16.840.1.101.3.7.1.219.0 0x5FC107 M
+#define PIV_OBJECT_ID_CARD_CAPABILITY_CONTAINER 0x5F, 0xC1, 0x07
+
+// Card Holder Unique Identifier 2.16.840.1.101.3.7.2.48.0 0x5FC102 M [CHUID]
+#define PIV_OBJECT_ID_CARDHOLDER_UNIQUEID 0x5F, 0xC1, 0x02
+
+// Card Holder Fingerprints 2.16.840.1.101.3.7.2.96.16 0x5FC103 M
+#define PIV_OBJECT_ID_CARDHOLDER_FINGERPRINTS 0x5F, 0xC1, 0x03
+
+// Printed Information 2.16.840.1.101.3.7.2.48.1 0x5FC109 O
+#define PIV_OBJECT_ID_PRINTED_INFORMATION 0x5F, 0xC1, 0x09
+
+// Card Holder Facial Image 2.16.840.1.101.3.7.2.96.48 0x5FC108 O
+#define PIV_OBJECT_ID_CARDHOLDER_FACIAL_IMAGE 0x5F, 0xC1, 0x08
+
+// X.509 Certificate for PIV Authentication 2.16.840.1.101.3.7.2.1.1 0x5FC105 M
+#define PIV_OBJECT_ID_X509_CERTIFICATE_PIV_AUTHENTICATION 0x5F, 0xC1, 0x05
+
+// X.509 Certificate for Digital Signature 2.16.840.1.101.3.7.2.1.0 0x5FC10A O
+#define PIV_OBJECT_ID_X509_CERTIFICATE_DIGITAL_SIGNATURE 0x5F, 0xC1, 0x0A
+
+// X.509 Certificate for Key Management 2.16.840.1.101.3.7.2.1.2 0x5FC10B O
+#define PIV_OBJECT_ID_X509_CERTIFICATE_KEY_MANAGEMENT 0x5F, 0xC1, 0x0B
+
+// X.509 Certificate for Card Authentication 2.16.840.1.101.3.7.2.5.0 0x5FC101 O
+#define PIV_OBJECT_ID_X509_CERTIFICATE_CARD_AUTHENTICATION 0x5F, 0xC1, 0x01
+
+
+class PIVSchema;
+class PIVCCC;
+
+#pragma mark ---------- The Token Class ----------
+
+//
+// "The" token
+//
+class PIVToken : public Tokend::ISO7816Token
+{
+ NOCOPY(PIVToken)
+public:
+ PIVToken();
+ ~PIVToken();
+
+ virtual void didDisconnect();
+ virtual void didEnd();
+
+ virtual uint32 probe(SecTokendProbeFlags flags,
+ char tokenUid[TOKEND_MAX_UID]);
+ virtual void establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX]);
+ virtual void getOwner(AclOwnerPrototype &owner);
+ virtual void getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls);
+
+ virtual void changePIN(int pinNum,
+ const unsigned char *oldPin, size_t oldPinLength,
+ const unsigned char *newPin, size_t newPinLength);
+ virtual uint32_t pinStatus(int pinNum);
+ virtual void verifyPIN(int pinNum, const unsigned char *pin, size_t pinLength);
+ virtual void unverifyPIN(int pinNum);
+
+ bool identify();
+
+ // These methods are convenient for Java card, but would be replace by calls
+ // to the PKCS#11 library for a for a PKCS#11 based tokend
+
+ /* NOTE: Using pointers for applet selection rather than byte_strings to permit simple selection detection */
+ void select(const unsigned char *applet, size_t appletLength);
+ void selectDefault();
+ /* Exchanges APDU without performing data continuation */
+ uint16_t simpleExchangeAPDU(const byte_string &apdu, byte_string &result);
+ /* Exchanges APDU, performing data retreival continuation as needed */
+ uint16_t exchangeAPDU(const byte_string& apdu, byte_string &result);
+ uint16_t exchangeChainedAPDU(unsigned char cla, unsigned char ins,
+ unsigned char p1, unsigned char p2,
+ const byte_string &data,
+ byte_string &result);
+
+ /* Builds the GetData APDU string with a given limit, if limit == -1, no limit */
+ byte_string buildGetData(const byte_string &oid, int limit = -1) const;
+
+ void getDataCore(const byte_string &oid, const char *description, bool isCertificate,
+ bool allowCaching, byte_string &data);
+ bool getDataExists(const unsigned char *oid, size_t oidlen, const char *description);
+ std::string authCertCommonName();
+
+protected:
+ void populate();
+
+ size_t getKeySize(const byte_string &cert) const;
+ void processCertificateRecord(byte_string &data, const byte_string &oid, const char *description);
+ void dumpDataRecord(const byte_string &data, const byte_string &oid, const char *extraSuffix = NULL);
+ static int compressionType(const byte_string &data);
+ static int uncompressData(byte_string &uncompressedData, const byte_string &compressedData, int compressionType);
+
+ enum //arbitrary values
+ {
+ kCompressionNone = 0,
+ kCompressionZlib = 1,
+ kCompressionGzip = 2,
+ kCompressionUnknown = 9
+ };
+
+ size_t transmit(const byte_string &apdu, byte_string &result) {
+ return transmit(apdu.begin(), apdu.end(), result);
+ }
+ size_t transmit(const byte_string::const_iterator &apduBegin, const byte_string::const_iterator &apduEnd, byte_string &result);
+public:
+ const unsigned char *mCurrentApplet;
+ uint32_t mPinStatus;
+
+ // temporary ACL cache hack - to be removed
+ AutoAclOwnerPrototype mAclOwner;
+ AutoAclEntryInfoList mAclEntries;
+};
+
+
+#endif /* !_PIVTOKEN_H_ */
Added: releases/Apple/OSX-10.6.7/PIV/PIVUtilities.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/PIVUtilities.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/PIVUtilities.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#ifndef PIV_UTILITIES_H
+#define PIV_UTILITIES_H
+
+#include "byte_string.h"
+#include <algorithm>
+
+template<typename T>
+inline void secure_zero(T &l) {
+ std::fill(l.begin(), l.end(), typename T::value_type());
+}
+
+template<typename T>
+inline void secure_erase(T &data, const typename T::iterator &first, const typename T::iterator &last) {
+ /* Partly borrowing from alg used by normal 'erase' */
+ typename T::iterator newEnd(std::copy(last, data.end(), first));
+ // Filling w/ defaults to null values out
+ std::fill(newEnd, data.end(), typename T::value_type());
+ data.erase(newEnd, data.end());
+}
+
+template<typename T>
+inline void secure_resize(T &data, const size_t newSize) {
+ // Simple case where no re-allocation occurs
+ if(data.capacity() >= newSize) {
+ data.resize(newSize);
+ return;
+ }
+ // Re-allocation will occur, need to use temporary buffer...
+ T temporary(data);
+ secure_zero(data);
+ data.resize(newSize);
+ copy(temporary.begin(), temporary.end(), data.begin());
+ secure_zero(temporary);
+}
+
+#endif
Added: releases/Apple/OSX-10.6.7/PIV/Padding.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/Padding.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/Padding.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,160 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#include "Padding.h"
+
+#include <Security/cssmerr.h>
+#include "PIVUtilities.h"
+
+using namespace Security;
+
+/* PKCS#1 DigestInfo header for SHA1 */
+static const unsigned char sha1sigheader[] =
+{
+ 0x30, // SEQUENCE
+ 0x21, // LENGTH
+ 0x30, // SEQUENCE
+ 0x09, // LENGTH
+ 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1a, // SHA1 OID (1 4 14 3 2 26)
+ 0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
+ 0x04, 0x14 // OCTECT STRING (20 bytes)
+};
+
+/* PKCS#1 DigestInfo header for MD5 */
+static const unsigned char md5sigheader[] =
+{
+ 0x30, // SEQUENCE
+ 0x20, // LENGTH
+ 0x30, // SEQUENCE
+ 0x0C, // LENGTH
+ // MD5 OID (1 2 840 113549 2 5)
+ 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
+ 0x05, 0x00, // OPTIONAL ANY algorithm params (NULL)
+ 0x04, 0x10 // OCTECT STRING (16 bytes)
+};
+
+void Padding::apply(byte_string &data, size_t keySize, CSSM_PADDING padding, CSSM_ALGORITHMS hashAlg) throw(CssmError) {
+ // Calculate which hash-header to use
+ const unsigned char *header;
+ size_t headerLength;
+ switch(hashAlg) {
+ case CSSM_ALGID_SHA1:
+ if (data.size() != 20)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+ header = sha1sigheader;
+ headerLength = sizeof(sha1sigheader);
+ break;
+ case CSSM_ALGID_MD5:
+ if (data.size() != 16)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+ header = md5sigheader;
+ headerLength = sizeof(md5sigheader);
+ break;
+ case CSSM_ALGID_NONE:
+ // Special case used by SSL it's an RSA signature, without the ASN1 stuff
+ header = NULL;
+ headerLength = 0;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DIGEST_ALGORITHM);
+ }
+ // Reserve memory and insert the header before the data
+ data.reserve(keySize);
+ if(headerLength > 0) {
+ data.insert(data.begin(), header, header + headerLength);
+ }
+ int markerByteLocation;
+ // Calculate and apply padding
+ switch (padding) {
+ case CSSM_PADDING_NONE:
+ if(data.size() != keySize)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+ break;
+ case CSSM_PADDING_PKCS1:
+ // Pad using PKCS1 v1.5 signature padding ( 00 01 FF FF.. 00 | M)
+ if(data.size() + 11 > keySize)
+ CssmError::throwMe(CSSMERR_CSP_BLOCK_SIZE_MISMATCH);
+ markerByteLocation = keySize - data.size() - 1;
+ data.insert(data.begin(), keySize - data.size(), 0xFF);
+ data[0] = 0;
+ data[1] = 1;
+ data[markerByteLocation] = 0;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+ }
+}
+
+void Padding::remove(byte_string &data, CSSM_PADDING padding) throw(CssmError) {
+ // Calculate and remove padding while validating
+ switch (padding) {
+ case CSSM_PADDING_NONE:
+ break;
+ case CSSM_PADDING_PKCS1:
+ unsigned i;
+ /* Handles PKCS1 v1.5
+ * signatures 00 01 FF FF.. 00 | M
+ * and encrypted data 00 02 NZ NZ.. 00 | M (NZ = non-zero random value)
+ */
+ if(data[0] != 0 || (data[1] != 1 && data[1] != 2))
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DATA);
+ for(i = 2; i < data.size() && data[i] != 0x00; i++) {}
+ /* Assume empty data is invalid */
+ if(data.size() - i == 0)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DATA);
+ secure_erase(data, data.begin(), data.begin() + i + 1);
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_PADDING);
+ }
+}
+
+bool Padding::canApply(CSSM_PADDING padding, CSSM_ALGORITHMS hashAlg) throw() {
+ switch(padding) {
+ case CSSM_PADDING_NONE:
+ case CSSM_PADDING_PKCS1:
+ break;
+ default:
+ return false;
+ }
+ switch(hashAlg) {
+ case CSSM_ALGID_NONE:
+ case CSSM_ALGID_SHA1:
+ case CSSM_ALGID_MD5:
+ break;
+ default:
+ return false;
+ }
+ return true;
+}
+
+bool Padding::canRemove(CSSM_PADDING padding) throw() {
+ switch(padding) {
+ case CSSM_PADDING_NONE:
+ case CSSM_PADDING_PKCS1:
+ break;
+ default:
+ return false;
+ }
+ return true;
+}
\ No newline at end of file
Added: releases/Apple/OSX-10.6.7/PIV/Padding.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/Padding.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/Padding.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#ifndef PADDING_H
+#define PADDING_H
+
+#include "byte_string.h"
+#include <Security/cssmtype.h>
+#include <security_cdsa_utilities/cssmerrors.h>
+
+/** Utility class to unify padding/hash-header handling
+ *
+ */
+class Padding {
+public:
+ /** Applies padding and hash-headers for signing */
+ static void apply(byte_string &data, size_t keySize, CSSM_PADDING padding = CSSM_PADDING_NONE, CSSM_ALGORITHMS hashAlg = CSSM_ALGID_NONE) throw(CssmError);
+ /** Removes padding for decryption
+ * Note: Securely eliminates data such that the 'leftover' bytes are not left to be read after data's destruction
+ */
+ static void remove(byte_string &data, CSSM_PADDING padding = CSSM_PADDING_NONE) throw(CssmError);
+
+ /** Returns boolean whether a specific padding/hash-header can be applied */
+ static bool canApply(CSSM_PADDING padding = CSSM_PADDING_NONE, CSSM_ALGORITHMS hashAlg = CSSM_ALGID_NONE) throw();
+ /** Returns boolean whether a specific padding can be removed */
+ static bool canRemove(CSSM_PADDING padding) throw();
+};
+
+#endif
\ No newline at end of file
Added: releases/Apple/OSX-10.6.7/PIV/SecureBufferAllocator.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/SecureBufferAllocator.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/SecureBufferAllocator.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#ifndef SECUREBUFFERALLOCATOR_H
+#define SECUREBUFFERALLOCATOR_H
+
+#include "byte_string.h"
+#include <tr1/array>
+
+/* Utility class to store a fixed-size container of available buffers
+ * Used to keepalive byte_strings for buffer usage while keeping contents secure
+ * for re-use and on destruction.
+ */
+template<size_t MAX_SIZE>
+class SecureBufferAllocator {
+ NOCOPY(SecureBufferAllocator);
+public:
+ SecureBufferAllocator();
+ ~SecureBufferAllocator();
+
+ byte_string &getBuffer();
+private:
+ std::tr1::array<byte_string, MAX_SIZE> buffers;
+ size_t nextFree;
+};
+
+#include "SecureBufferAllocator.inc"
+
+#endif
\ No newline at end of file
Added: releases/Apple/OSX-10.6.7/PIV/SecureBufferAllocator.inc
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/SecureBufferAllocator.inc (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/SecureBufferAllocator.inc 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2004-2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#include "SecureBufferAllocator.h"
+#include "PIVUtilities.h"
+
+template<size_t MAX_SIZE>
+SecureBufferAllocator<MAX_SIZE>::SecureBufferAllocator()
+: nextFree(0) {
+}
+
+template<size_t MAX_SIZE>
+SecureBufferAllocator<MAX_SIZE>::~SecureBufferAllocator() {
+ /* Clear out all buffers */
+ for(size_t i = 0; i < buffers.size(); i++)
+ secure_zero(buffers[i]);
+}
+
+template<size_t MAX_SIZE>
+byte_string &SecureBufferAllocator<MAX_SIZE>::getBuffer() {
+ byte_string &nextBuffer = buffers[nextFree];
+ /* Calculate next available buffer */
+ nextFree++;
+ if(nextFree >= buffers.size())
+ nextFree = 0;
+ /* Clear out the buffer for use */
+ secure_zero(nextBuffer);
+ nextBuffer.clear();
+ return nextBuffer;
+}
Added: releases/Apple/OSX-10.6.7/PIV/TLV.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/TLV.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/TLV.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#include "TLV.h"
+
+#include <iomanip>
+#include <iostream>
+#include <limits>
+
+using namespace std;
+
+TLV::TLV() throw()
+:tag(), value(NULL), innerValues(NULL) {
+}
+
+TLV::TLV(unsigned char tag) throw()
+:tag(1, tag), value(NULL), innerValues(NULL) {
+}
+
+TLV::TLV(const byte_string& tag) throw()
+:tag(tag), value(NULL), innerValues(NULL) {
+}
+
+TLV::TLV(unsigned char tag, const byte_string& value) throw()
+:tag(1, tag), value(new byte_string(value)), innerValues(NULL) {
+}
+
+TLV::TLV(const byte_string& tag, const byte_string& value) throw()
+:tag(tag), value(new byte_string(value)), innerValues(NULL) {
+}
+
+TLV::TLV(uint8_t tag, const TLVList &tlv) throw()
+:tag(1, tag), value(NULL), innerValues(new TLVList(tlv)) {
+}
+
+TLV::TLV(const byte_string &tag, const TLVList &tlv) throw()
+:tag(tag), value(NULL), innerValues(new TLVList(tlv)) {
+}
+
+TLV_ref TLV::parse(const byte_string &in) throw(std::runtime_error) {
+ byte_string::const_iterator begin = in.begin();
+ return parse(begin, in.end());
+}
+
+byte_string TLV::encode() const throw() {
+ byte_string out;
+ encode(out);
+ return out;
+}
+
+void TLV::encode(byte_string &out) const throw() {
+ const byte_string &tag = getTag();
+ // Puts the tag
+ out += tag;
+ // Puts the length
+ encodeLength(valueLength(), out);
+
+#if 1
+ // Non-caching version since the TLV is expected to be
+ // thrown away after encoding
+ // If there is a value, put that
+ if(value.get()) {
+ out += *value;
+ return;
+ }
+ if(!innerValues.get())
+ return;
+ // Else if there are innerValues, encode those out
+ encodeSequence(*innerValues, out);
+#else
+ // Obtain the value in a cached manner
+ const byte_string &value = getValue();
+ out += value;
+#endif
+}
+
+const TLVList &TLV::getInnerValues() const throw(std::runtime_error) {
+ /* If there is a cached innervalues version, output it
+ * else parse any existing TLV data and use that */
+ if(innerValues.get()) return *innerValues;
+ if(!value.get()) {
+ innerValues.reset(new TLVList());
+ return *innerValues;
+ }
+ innerValues.reset(new TLVList());
+ byte_string::const_iterator begin = value->begin();
+ parseSequence(begin, (byte_string::const_iterator)value->end(), *innerValues);
+
+ return *innerValues;
+}
+
+const byte_string &TLV::getValue() const throw() {
+ /* If there is a cached value version, output it
+ * else encode any existing TLV data and use that */
+ if(value.get()) return *value;
+ if(!innerValues.get()) {
+ value.reset(new byte_string());
+ return *value;
+ }
+ value.reset(new byte_string());
+ encodeSequence(*innerValues, *value);
+ return *value;
+}
+
+size_t TLV::length() const throw() {
+ size_t innerLength = valueLength();
+ return tag.size() + encodedLength(innerLength) + innerLength;
+}
+
+void TLV::encodeLength(size_t value, byte_string &out) throw() {
+ /* Encode and output the length according to BER-TLV encoding rules */
+ static const size_t MAX_VALUE = std::numeric_limits<size_t>::max();
+ static const size_t highbyte = (MAX_VALUE ^ (MAX_VALUE >> 8));
+ static const size_t shiftbyte = (sizeof(size_t) - 1) * 8;
+ if (value < 0x80) {
+ out += (unsigned char)(value & 0x7F);
+ return;
+ }
+ size_t size = sizeof(value), i;
+ while(0 == (value & highbyte) && size > 0) {
+ value <<= 8;
+ size--;
+ }
+ out += (unsigned char)(0x80 | size);
+ for(i = 0; i < size; i++) {
+ out += (unsigned char)((value >> shiftbyte) & 0xFF);
+ value <<= 8;
+ }
+}
+
+size_t TLV::encodedLength(size_t value) throw() {
+ if(value < 0x80)
+ return 1;
+ /* Values larger than 0x7F must be encoded in the form (Length-Bytes) (Length) */
+ static const size_t MAX_VALUE = std::numeric_limits<size_t>::max();
+ /* EX: 0xFF000000 - for size_t == 32-bit */
+ static const size_t highbyte = (MAX_VALUE ^ (MAX_VALUE >> 8));
+ size_t size = sizeof(value);
+ /* Check for the highest byte that contains a value */
+ while(0 == (value & highbyte) && size > 0) {
+ value <<= 8;
+ size--;
+ }
+ /* + 1 for byte-size byte
+ * Size encoded as (0x80 + N) [N-bytes]
+ * Max size-bytes == 127
+ */
+ return size + 1;
+}
+
+void TLV::encodeSequence(const TLVList &tlv, byte_string &out) throw() {
+ for(TLVList::const_iterator iter = tlv.begin(); iter < tlv.end(); iter++)
+ (*iter)->encode(out);
+}
+
+size_t TLV::valueLength() const throw() {
+ /* Calculate the length of a value, either by its actual value length
+ * or calculated length based on contained TLV values */
+ if(value.get()) return value->size();
+ if(!innerValues.get()) return 0;
+ size_t retValue = 0;
+ for(TLVList::const_iterator iter = innerValues->begin(); iter < innerValues->end(); iter++)
+ retValue += (*iter)->length();
+ return retValue;
+}
Added: releases/Apple/OSX-10.6.7/PIV/TLV.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/TLV.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/TLV.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#ifndef TLV_H
+#define TLV_H
+
+#include <tr1/memory>
+
+#include <stdexcept>
+
+#include <sstream>
+#include <vector>
+
+#ifndef NOCOPY
+#define NOCOPY(Type) private: Type(const Type &); void operator = (const Type &);
+#endif
+
+#include "byte_string.h"
+
+class TLV;
+typedef std::tr1::shared_ptr<TLV> TLV_ref;
+typedef std::vector<TLV_ref> TLVList;
+
+/** Utility class to simplify TLV parsing and encoding
+ * Condition of proper behavior (assume sizeof(size_t) => ptr size):
+ * 32-bit: Total data < 4GB
+ * 64-bit: Total data < 4GB * 4GB
+ */
+class TLV {
+ NOCOPY(TLV);
+public:
+ TLV() throw();
+ TLV(uint8_t tag) throw();
+ TLV(const byte_string &tag) throw();
+ TLV(uint8_t tag, const byte_string &value) throw();
+ TLV(const byte_string &tag, const byte_string &value) throw();
+ TLV(const byte_string &tag, const TLVList &tlv) throw();
+ TLV(uint8_t tag, const TLVList &tlv) throw();
+
+ /* Parses a byte_string as a TLV value - ignores trailing bytes
+ * Throws an error if the encoding is invalid
+ */
+ static TLV_ref parse(const byte_string &data) throw(std::runtime_error);
+
+ /* Parses an entire sequence of bytes as a TLV value
+ * - ignores trailing bytes, iter points to byte after TLV
+ * Can accept forward iterators to bytes or pointers to bytes for the range
+ * Ex: byte_string::iterator, unsigned char *
+ * Throws an error if the encoding is invalid
+ */
+ template<typename ForwardIterator>
+ static TLV_ref parse(ForwardIterator &iter, const ForwardIterator &end) throw(std::runtime_error);
+
+ /* Obtains the tag of this TLV */
+ const byte_string &getTag() const throw() { return tag; }
+
+ /* Encodes this TLV into a new byte_string */
+ byte_string encode() const throw();
+ /* Encodes this TLV, appending the data to 'out' */
+ void encode(byte_string &out) const throw();
+ /* Decodes the value of this TLV as a sequence of TLVs */
+ const TLVList &getInnerValues() const throw(std::runtime_error);
+ /* Obtains the value of this TLV */
+ const byte_string &getValue() const throw();
+
+ /* Calculates the length of this TLV */
+ size_t length() const throw();
+
+private:
+ byte_string tag;
+ /* cached/assigned value as a string */
+ mutable std::auto_ptr<byte_string> value;
+ /* cached/assigned value as a TLV sequence */
+ mutable std::auto_ptr<TLVList> innerValues;
+
+ /* Parses an entire sequence of bytes as a sequence of TLV values, appending them to tlv
+ * Can accept forward iterators to bytes or pointers to bytes for the range
+ * Ex: byte_string::iterator, unsigned char *
+ * Throws an error if the encoding is invalid
+ */
+ template<typename ForwardIterator>
+ static void parseSequence(ForwardIterator &iter, const ForwardIterator &end, TLVList &tlv) throw(std::runtime_error);
+
+ /* Parses the ber-encoded length from a sequence of bytes
+ * Can accept forward iterators to bytes or pointers to bytes for the range
+ * Ex: byte_string::iterator, unsigned char *
+ * Throws an error if the encoding is invalid
+ */
+ template<typename ForwardIterator>
+ static size_t parseLength(ForwardIterator &iter, const ForwardIterator &end) throw(std::runtime_error);
+
+ /* ber-encodes an integer and writes it's output to 'out' */
+ static void encodeLength(size_t value, byte_string &out) throw();
+public:
+ /* Obtains the length of a ber-encoded integer that would contain the value */
+ static size_t encodedLength(size_t value) throw();
+private:
+ /* Encodes a sequence of TLVs, writing the to 'out' */
+ static void encodeSequence(const TLVList &tlv, byte_string &out) throw();
+
+ /* Calculates the total length of the value */
+ size_t valueLength() const throw();
+};
+
+class TagPredicate {
+public:
+ TagPredicate(uint8_t tag) throw()
+ :tag(1, tag) {
+ }
+ TagPredicate(const byte_string &tag) throw()
+ :tag(tag) {
+ }
+ bool operator() (const TLV_ref &tlv) throw() {
+ return this->tag == tlv->getTag();
+ }
+private:
+ byte_string tag;
+};
+
+/* TEMPLATE DEFINITIONS */
+#include "TLV.inc"
+
+#endif
Added: releases/Apple/OSX-10.6.7/PIV/TLV.inc
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/TLV.inc (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/TLV.inc 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+template<typename ForwardIterator>
+void TLV::parseSequence(ForwardIterator &iter, const ForwardIterator &end, TLVList &tlv) throw(std::runtime_error) {
+ /* While there is still data inbetween the iterators */
+ while(iter < end) {
+ /* parse TLV structures and append them to the list */
+ TLV_ref ref = TLV::parse(iter, end);
+ tlv.push_back(ref);
+ }
+}
+
+template<typename ForwardIterator>
+TLV_ref TLV::parse(ForwardIterator &iter, const ForwardIterator &end) throw(std::runtime_error) {
+ byte_string tag;
+ uint8_t ch;
+ if(iter >= end) throw std::runtime_error("Invalid TLV-encoding");
+ /* Read the first byte as the tag */
+ ch = *iter++;
+ tag += ch;
+ if(iter >= end) throw std::runtime_error("Invalid TLV-encoding");
+ /* If the tag is flagged as a multibyte tag */
+ if((ch & 0x1F) == 0x1F) { /* Multibyte tag */
+ do {
+ ch = *iter++;
+ tag += ch;
+ if(iter >= end) throw std::runtime_error("Invalid TLV-encoding");
+ /* Read more until there are no more bytes w/o the high-bit set */
+ } while((ch & 0x80) != 0);
+ }
+ /* Parse the length of the contained value */
+ size_t length = parseLength(iter, end);
+ ForwardIterator begin = iter;
+ iter += length;
+ /* The iterator is permitted to be at the very and at this point */
+ if(iter > end) throw std::runtime_error("Invalid TLV-encoding");
+ /* Return a new TLV with the calculated tag and value */
+ return TLV_ref(new TLV(tag, byte_string(begin, iter)));
+}
+
+/*
+ BER-TLV
+ Reference: http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_annex-d.aspx
+
+ In short form, the length field consists of a single byte where the bit B8 shall be set to 0 and
+ the bits B7-B1 shall encode an integer equal to the number of bytes in the value field. Any length
+ from 0-127 can thus be encoded by 1 byte.
+
+ In long form, the length field consists of a leading byte where the bit B8 shall be set to 1 and
+ the B7-B1 shall not be all equal, thus encoding a positive integer equal to the number of subsequent
+ bytes in the length field. Those subsequent bytes shall encode an integer equal to the number of bytes
+ in the value field. Any length within the APDU limit (up to 65535) can thus be encoded by 3 bytes.
+
+ NOTE - ISO/IEC 7816 does not use the indefinite lengths specified by the basic encoding rules of
+ ASN.1 (see ISO/IEC 8825).
+
+ Sample data (from a certficate GET DATA):
+
+ 00000000 53 82 04 84 70 82 04 78 78 da 33 68 62 db 61 d0
+ 00000010 c4 ba 60 01 33 13 23 13 13 97 e2 dc 88 f7 0c 40
+ 00000020 20 da 63 c0 cb c6 a9 d5 e6 d1 f6 9d 97 91 91 95
+ ....
+ 00000460 1f 22 27 83 ef fe ed 5e 7a f3 e8 b6 dc 6b 3f dc
+ 00000470 4c be bc f5 bf f2 70 7e 6b d0 4c 00 80 0d 3f 1f
+ 00000480 71 01 80 72 03 49 44 41
+
+*/
+template<typename ForwardIterator>
+size_t TLV::parseLength(ForwardIterator &iter, const ForwardIterator &end) throw(std::runtime_error) {
+ // Parse a BER length field. Returns the value of the length
+ uint8_t ch = *iter++;
+ if (!(ch & 0x80)) // single byte
+ return static_cast<uint32_t>(ch);
+ size_t result = 0;
+ uint8_t byteLen = ch & 0x7F;
+ for(;byteLen > 0; byteLen--) {
+ if(iter == end)
+ throw std::runtime_error("Invalid BER-encoded length");
+ ch = *iter++;
+ result = (result << 8) | static_cast<uint8_t>(ch);
+ }
+ return result;
+}
Added: releases/Apple/OSX-10.6.7/PIV/byte_string.h
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/byte_string.h (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/byte_string.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2008 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#ifndef BYTE_STRING
+#define BYTE_STRING
+#include <vector>
+
+/** Utility definition and additional operators to make working with
+ * sequences of bytes more easy and less error/leak-prone
+ */
+typedef std::vector<uint8_t> byte_string;
+
+inline bool operator==(const byte_string &l, const byte_string::value_type &value) {
+ return l.size() == 1 && l.at(0) == value;
+}
+
+inline byte_string &operator+=(byte_string &l, const byte_string::value_type &value) {
+ l.push_back(value);
+ return l;
+}
+inline byte_string &operator+=(byte_string &l, const char &value) {
+ l.push_back(value);
+ return l;
+}
+
+inline byte_string &operator+=(byte_string &l, const byte_string::value_type *value) {
+ l.insert(l.end(), value, value + strlen((char*)value));
+ return l;
+}
+
+inline byte_string &operator+=(byte_string &l, const byte_string &r) {
+ l.insert(l.end(), r.begin(), r.end());
+ return l;
+}
+
+/* RHS must be null-terminated */
+inline bool operator==(const byte_string& l, const byte_string::value_type* r) {
+ byte_string::size_type lSize = l.size();
+ byte_string::size_type rSize = strlen((const char*)r);
+ if(lSize != rSize)
+ return false;
+ return equal(l.begin(), l.end(), r);
+}
+
+inline bool operator!=(const byte_string& l, const byte_string::value_type* r) {
+ return !(l == r);
+}
+
+inline unsigned char *malloc_copy(const byte_string &l) {
+ unsigned char *output = (unsigned char*)malloc(l.size());
+ if(!output)
+ return NULL;
+ memcpy(output, &l[0], l.size());
+ return output;
+}
+#endif
Added: releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_capabilities.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_capabilities.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_capabilities.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>Capabilities</key>
+ <string>file:piv_csp_capabilities_common.mds</string>
+ <key>MdsFileDescription</key>
+ <string>PIV Token CSPDL CSP Capabilities</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_capabilities_common.mds
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_capabilities_common.mds (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_capabilities_common.mds 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,903 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<array>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>SHA1 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD5 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>16</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DIGEST</string>
+ <key>Description</key>
+ <string>MD2 Digest</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>64</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <integer>192</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>3DES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC2 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC4 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>RC5 Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_CAST</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>New item</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>CAST Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_BLOWFISH</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>Blowfish Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>SHA1HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>MD5HMAC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>128</integer>
+ <integer>192</integer>
+ <integer>256</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>AES Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ASC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>ASC Key Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_KEY_LENGTH</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>31</integer>
+ <integer>127</integer>
+ <integer>128</integer>
+ <integer>161</integer>
+ <integer>192</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>FEE Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_KEYGEN</string>
+ <key>Description</key>
+ <string>DSA Key Pair Generation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 MD5 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_MD2</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 MD2 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_PKCS5_PBKDF1_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_DERIVEKEY</string>
+ <key>Description</key>
+ <string>PKCS5 PBKDF1 SHA1 Key Derivation</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>DES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_3DES_3KEY_EDE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>3DES EDE Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_AES</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>AES Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC4</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>0</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC4 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RC5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>RC5 Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_BLOWFISH</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>Blowfish Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_CAST</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_MODE</string>
+ <key>AttributeValue</key>
+ <array>
+ <integer>2</integer>
+ <integer>3</integer>
+ <integer>5</integer>
+ <integer>6</integer>
+ </array>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SYMMETRIC</string>
+ <key>Description</key>
+ <string>CAST Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>RSA Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEEDEXP</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEEDExp Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEED</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_ASYMMETRIC</string>
+ <key>Description</key>
+ <string>FEED Encryption</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD5WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_MD2WithRSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD2 With RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_RSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw RSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 With DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_DSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw DSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_MD5</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>MD5 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE_SHA1</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_FEE</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw FEE Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1WithECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>SHA1 with ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_ECDSA</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_SIGNATURE</string>
+ <key>Description</key>
+ <string>Raw ECDSA Signature</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_SHA1HMAC_LEGACY</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_OUTPUT_SIZE</string>
+ <key>AttributeValue</key>
+ <integer>20</integer>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_MAC</string>
+ <key>Description</key>
+ <string>SHA1HMAC MAC Legacy</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+ <dict>
+ <key>AlgType</key>
+ <string>CSSM_ALGID_APPLE_YARROW</string>
+ <key>Attributes</key>
+ <array>
+ <dict>
+ <key>AttributeType</key>
+ <string>CSSM_ATTRIBUTE_NONE</string>
+ <key>AttributeValue</key>
+ <array/>
+ </dict>
+ </array>
+ <key>ContextType</key>
+ <string>CSSM_ALGCLASS_RANDOMGEN</string>
+ <key>Description</key>
+ <string>Yarrow PRNG</string>
+ <key>UseeTag</key>
+ <string>CSSM_USEE_NONE</string>
+ </dict>
+</array>
+</plist>
Added: releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_primary.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_primary.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/mds/piv_csp_primary.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>AuthTags</key>
+ <!-- @@@ complete this -->
+ <array>
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>CspCustomFlags</key>
+ <integer>0</integer>
+ <key>CspFlags</key>
+ <!-- @@@ dynamic -->
+ <string>CSSM_CSP_STORES_PRIVATE_KEYS | CSSM_CSP_STORES_PUBLIC_KEYS | CSSM_CSP_STORES_CERTIFICATES | CSSM_CSP_STORES_GENERIC</string>
+ <key>CspType</key>
+ <string>CSSM_CSP_HARDWARE</string>
+ <key>MdsFileDescription</key>
+ <string>Token CSPDL CSP Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE</string>
+ <key>ModuleName</key>
+ <string>AppleSDCSPDL</string>
+ <key>ProductVersion</key>
+ <string>0.1</string>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>UseeTags</key>
+ <array/>
+ <key>Vendor</key>
+ <string>Apple, Inc.</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/PIV/mds/piv_dl_primary.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/mds/piv_dl_primary.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/mds/piv_dl_primary.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>AclSubjectTypes</key>
+ <array>
+ <string>CSSM_ACL_SUBJECT_TYPE_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>AuthTags</key>
+ <array>
+ <!-- @@@ complete this -->
+ <string>CSSM_ACL_AUTHORIZATION_ANY</string>
+ </array>
+ <key>ConjunctiveOps</key>
+ <array>
+ <string>CSSM_DB_NONE</string>
+ <string>CSSM_DB_AND</string>
+ <string>CSSM_DB_OR</string>
+ </array>
+ <key>DLType</key>
+ <string>CSSM_DL_FFS</string>
+ <key>MdsFileDescription</key>
+ <string>Token CSPDL DL Primary info</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_DL_PRIMARY_RECORDTYPE</string>
+ <key>ModuleName</key>
+ <string>AppleSDCSPDL</string>
+ <key>ProductVersion</key>
+ <string>0.1</string>
+ <key>QueryLimitsFlag</key>
+ <integer>0</integer>
+ <key>RelationalOps</key>
+ <array>
+ <string>CSSM_DB_EQUAL</string>
+ <string>CSSM_DB_LESS_THAN</string>
+ <string>CSSM_DB_GREATER_THAN</string>
+ <string>CSSM_DB_CONTAINS_FINAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS_INITIAL_SUBSTRING</string>
+ <string>CSSM_DB_CONTAINS</string>
+ <string></string>
+ </array>
+ <key>SampleTypes</key>
+ <array>
+ <string>CSSM_SAMPLE_TYPE_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD</string>
+ <string>CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD</string>
+ </array>
+ <key>Vendor</key>
+ <string>Apple, Inc.</string>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/PIV/mds/piv_smartcard.mdsinfo
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/mds/piv_smartcard.mdsinfo (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/mds/piv_smartcard.mdsinfo 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>MdsFileDescription</key>
+ <string>SD/CSPDL Generic Smartcard Information</string>
+ <key>MdsRecordType</key>
+ <string>MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE</string>
+ <key>MdsFileType</key>
+ <string>PluginSpecific</string>
+ <key>ScVendor</key>
+ <string>Generic</string>
+ <key>ScVersion</key>
+ <string>unknown</string>
+ <key>ScFirmwareVersion</key>
+ <string>PIVViewerPlugin</string>
+ <key>ScFlags</key> <!-- @@@ dynamic -->
+ <integer>0</integer>
+ <key>ScCustomFlags</key>
+ <integer>0</integer>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/PIV/piv.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/PIV/piv.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/PIV/piv.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2004-2007 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * piv.cpp - PIV.tokend main program
+ */
+
+#include "PIVToken.h"
+
+/*
+ The call to SecKeychainSetServerMode is used to avoid recursion when
+ doing keychain calls. The only place this is relevant is when we are
+ setting the print name for the token using the common name from the
+ certificate. Calling this will prevent any keychain-type calls from
+ working but will still allow use of SecCertificate calls, etc.
+ If the header is not available, you can safely undef _USECERTIFICATECOMMONNAME
+*/
+
+#ifdef _USECERTIFICATECOMMONNAME
+#include <Security/SecKeychainPriv.h>
+#endif /* _USECERTIFICATECOMMONNAME */
+
+int main(int argc, const char *argv[])
+{
+ /* @@@ REQUIRED FOR KEYSIZE RETRIEVAL I THINK */
+#if defined(_USECERTIFICATECOMMONNAME) || 1
+ SecKeychainSetServerMode();
+#endif /* _USECERTIFICATECOMMONNAME */
+ secdebug("PIV.tokend", "main starting with %d arguments", argc);
+ secdelay((char *)"/tmp/delay/PIV");
+
+ token = new PIVToken();
+ try {
+ int ret = SecTokendMain(argc, argv, token->callbacks(), token->support());
+ delete token;
+ return ret;
+ } catch(...) {
+ delete token;
+ return -1;
+ }
+}
Added: releases/Apple/OSX-10.6.7/Tokend/Adornment.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Adornment.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Adornment.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Adornment.cpp
+ * TokendMuscle
+ */
+
+#include "Adornment.h"
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include "Record.h"
+
+namespace Tokend
+{
+
+
+//
+// LinkedRecordAdornment
+//
+//const Adornment::Key LinkedRecordAdornment::key = "LinkedRecordAdornment";
+
+LinkedRecordAdornment::LinkedRecordAdornment(RefPointer<Record> record) :
+ mRecord(record)
+{
+}
+
+LinkedRecordAdornment::~LinkedRecordAdornment()
+{
+}
+
+Record &LinkedRecordAdornment::record()
+{
+ return *mRecord;
+}
+
+
+//
+// SecCertificateAdornment
+//
+SecCertificateAdornment::SecCertificateAdornment(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ // Get the data for record (the actual certificate).
+ const MetaAttribute &dma =
+ metaAttribute.metaRecord().metaAttributeForData();
+ const Attribute &data = dma.attribute(tokenContext, record);
+
+ // Data should have exactly one value.
+ if (data.size() != 1)
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+
+ // Create a new adornment using the data from the certificate.
+ OSStatus status = SecCertificateCreateFromData(&data[0], CSSM_CERT_X_509v3,
+ CSSM_CERT_ENCODING_BER, &mCertificate);
+ if (status)
+ MacOSError::throwMe(status);
+}
+
+SecCertificateAdornment::~SecCertificateAdornment()
+{
+ CFRelease(mCertificate);
+}
+
+SecCertificateRef SecCertificateAdornment::certificate()
+{
+ return mCertificate;
+}
+
+SecKeychainItemRef SecCertificateAdornment::certificateItem()
+{
+ return SecKeychainItemRef(mCertificate);
+}
+
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/Adornment.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Adornment.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Adornment.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Adornment.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_ADORNMENT_H_
+#define _TOKEND_ADORNMENT_H_
+
+#include <security_utilities/adornments.h>
+#include <security_utilities/refcount.h>
+#include <Security/SecCertificate.h>
+
+namespace Tokend
+{
+
+class TokenContext;
+class MetaRecord;
+class MetaAttribute;
+class Record;
+
+//
+// Adornment that refers to another record
+//
+class LinkedRecordAdornment : public Adornment
+{
+ NOCOPY(LinkedRecordAdornment)
+public:
+ LinkedRecordAdornment(RefPointer<Record> record);
+ ~LinkedRecordAdornment();
+ Record &record();
+
+private:
+ RefPointer<Record> mRecord;
+};
+
+
+class SecCertificateAdornment : public Adornment
+{
+ NOCOPY(SecCertificateAdornment)
+public:
+ SecCertificateAdornment(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record);
+ ~SecCertificateAdornment();
+ SecCertificateRef certificate();
+ SecKeychainItemRef certificateItem();
+
+private:
+ SecCertificateRef mCertificate;
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_ADORNMENT_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/Attribute.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Attribute.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Attribute.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Attribute.cpp
+ * TokendMuscle
+ */
+
+#include "Attribute.h"
+
+namespace Tokend
+{
+
+
+Attribute::Attribute()
+{
+ mCount = 0;
+ mValues = NULL;
+}
+
+Attribute::Attribute(const Attribute &attribute)
+{
+ set(attribute.mValues, attribute.mCount);
+}
+
+Attribute::Attribute(bool value)
+{
+ uint32 v = value ? 1 : 0;
+ set(&v, sizeof(v));
+}
+
+Attribute::Attribute(sint32 value)
+{
+ set(&value, sizeof(value));
+}
+
+Attribute::Attribute(uint32 value)
+{
+ set(&value, sizeof(value));
+}
+
+Attribute::Attribute(const char *value)
+{
+ set(value, strlen(value));
+}
+
+Attribute::Attribute(const std::string &value)
+{
+ set(value.c_str(), value.size());
+}
+
+Attribute::Attribute(const void *data, uint32 length)
+{
+ set(data, length);
+}
+
+Attribute::Attribute(const CSSM_DATA *datas, uint32 count)
+{
+ set(datas, count);
+}
+
+Attribute::~Attribute()
+{
+ if (mValues)
+ free(mValues);
+}
+
+Attribute &Attribute::operator = (const Attribute &attribute)
+{
+ if (mValues)
+ free(mValues);
+
+ set(attribute.mValues, attribute.mCount);
+ return *this;
+}
+
+void Attribute::set(const CSSM_DATA *datas, uint32 count)
+{
+ mCount = count;
+ uint32 size = count * sizeof(CSSM_DATA);
+ for (uint32 ix = 0; ix < count; ++ix)
+ size += datas[ix].Length;
+
+ uint8 *buffer = (uint8 *)malloc(size);
+ mValues = CSSM_DATA_PTR(buffer);
+ buffer += sizeof(CSSM_DATA) * count;
+ for (uint32 ix = 0; ix < count; ++ix)
+ {
+ uint32 length = datas[ix].Length;
+ mValues[ix].Data = buffer;
+ mValues[ix].Length = length;
+ memcpy(mValues[ix].Data, datas[ix].Data, length);
+ buffer += length;
+ }
+}
+
+void Attribute::set(const void *data, uint32 length)
+{
+ mCount = 1;
+ uint8 *buffer = (uint8 *)malloc(sizeof(CSSM_DATA) + length);
+ mValues = CSSM_DATA_PTR(buffer);
+ mValues[0].Data = buffer + sizeof(CSSM_DATA);
+ mValues[0].Length = length;
+ memcpy(mValues[0].Data, data, length);
+}
+
+void Attribute::getDateValue(CSSM_DATE &date) const
+{
+ if (mCount == 0 || mValues[0].Length == 0)
+ {
+ memset(&date, 0, sizeof(date));
+ }
+ else if (mCount == 1 && mValues[0].Length == sizeof(date))
+ {
+ memcpy(&date, mValues[0].Data, sizeof(date));
+ }
+ else
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+}
+
+uint32 Attribute::uint32Value() const
+{
+ if (mCount != 1 || mValues[0].Length != 4)
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+
+ return *reinterpret_cast<uint32 *>(mValues[0].Data);
+}
+
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/Attribute.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Attribute.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Attribute.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Attribute.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_ATTRIBUTE_H_
+#define _TOKEND_ATTRIBUTE_H_
+
+#include <Security/cssmtype.h>
+#include <security_cdsa_utilities/cssmdb.h>
+#include <string>
+
+namespace Tokend
+{
+
+class Attribute
+{
+public:
+ Attribute();
+ Attribute(const Attribute &attribute);
+ Attribute(bool value);
+ Attribute(sint32 value);
+ Attribute(uint32 value);
+ Attribute(const char *value);
+ Attribute(const std::string &value);
+ Attribute(const void *data, uint32 length);
+ Attribute(const CSSM_DATA *datas, uint32 count);
+ ~Attribute();
+
+ Attribute &operator = (const Attribute &attribute);
+
+ uint32 size() const { return mCount; }
+ const CSSM_DATA &operator [](uint32 ix) const { return mValues[ix]; }
+ const CSSM_DATA *values() const { return mValues; }
+
+ void getDateValue(CSSM_DATE &date) const;
+ uint32 uint32Value() const;
+ bool boolValue() const { return uint32Value() != 0; }
+
+private:
+ void set(const CSSM_DATA *datas, uint32 count);
+ void set(const void *data, uint32 length);
+
+ uint32 mCount;
+ CSSM_DATA_PTR mValues;
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_ATTRIBUTE_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/AttributeCoder.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/AttributeCoder.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/AttributeCoder.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,290 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * AttributeCoder.cpp
+ * TokendMuscle
+ */
+
+#include "AttributeCoder.h"
+
+#include "Attribute.h"
+#include "Adornment.h"
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include "Record.h"
+
+#include <security_cdsa_utilities/cssmerrors.h>
+#include <security_cdsa_utilities/cssmkey.h>
+#include <Security/cssmerr.h>
+
+#include <Security/SecKey.h>
+#include <Security/SecCertificate.h>
+#include <Security/SecKeychainItem.h>
+
+namespace Tokend
+{
+
+
+//
+// AttributeCoder
+//
+AttributeCoder::~AttributeCoder() {}
+
+
+//
+// CertificateAttributeCoder
+//
+CertificateAttributeCoder::~CertificateAttributeCoder() {}
+
+void CertificateAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute,
+ Record &record)
+{
+ // Get the SecCertificateAdornment off record using a pointer to ourself as
+ // the key
+ SecCertificateAdornment &sca =
+ record.adornment<SecCertificateAdornment>(this, tokenContext,
+ metaAttribute, record);
+
+ // Get the keychain item for the certificate from the record's adornment.
+ SecKeychainItemRef certificate = sca.certificateItem();
+ // Read the attribute with the requested attributeId from the item.
+ SecKeychainAttribute ska = { metaAttribute.attributeId() };
+ SecKeychainAttributeList skal = { 1, &ska };
+ OSStatus status = SecKeychainItemCopyContent(certificate, NULL, &skal,
+ NULL, NULL);
+ if (status)
+ MacOSError::throwMe(status);
+ // Add the retrieved attribute as an attribute to the record.
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ new Attribute(ska.data, ska.length));
+ // Free the retrieved attribute.
+ status = SecKeychainItemFreeContent(&skal, NULL);
+ if (status)
+ MacOSError::throwMe(status);
+
+ // @@@ The code above only returns one email address. Fix this.
+}
+
+
+//
+// ConstAttributeCoder
+//
+ConstAttributeCoder::ConstAttributeCoder(uint32 value) : mValue(value) {}
+
+ConstAttributeCoder::ConstAttributeCoder(bool value) : mValue(value ? 1 : 0) {}
+
+ConstAttributeCoder::~ConstAttributeCoder() {}
+
+void ConstAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ new Attribute(mValue));
+}
+
+
+//
+// GuidAttributeCoder
+//
+GuidAttributeCoder::GuidAttributeCoder(const CSSM_GUID &guid) : mGuid(guid) {}
+
+GuidAttributeCoder::~GuidAttributeCoder() {}
+
+void GuidAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ new Attribute(&mGuid, sizeof(CSSM_GUID)));
+}
+
+
+//
+// NullAttributeCoder
+//
+NullAttributeCoder::~NullAttributeCoder() {}
+
+void NullAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ record.attributeAtIndex(metaAttribute.attributeIndex(), new Attribute());
+}
+
+
+//
+// ZeroAttributeCoder
+//
+ZeroAttributeCoder::~ZeroAttributeCoder() {}
+
+void ZeroAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ new Attribute(reinterpret_cast<const void *>(NULL), 0));
+}
+
+
+//
+// KeyDataAttributeCoder
+//
+KeyDataAttributeCoder::~KeyDataAttributeCoder() {}
+
+void KeyDataAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ const MetaRecord &mr = metaAttribute.metaRecord();
+ CssmKey key;
+ key.header().cspGuid(Guid::overlay(gGuidAppleSdCSPDL));
+ key.blobType(CSSM_KEYBLOB_REFERENCE);
+ key.blobFormat(CSSM_KEYBLOB_REF_FORMAT_INTEGER);
+ key.algorithm(mr.metaAttribute(kSecKeyKeyType)
+ .attribute(tokenContext, record).uint32Value());
+ key.keyClass(mr.metaAttribute(kSecKeyKeyClass)
+ .attribute(tokenContext, record).uint32Value());
+ key.header().LogicalKeySizeInBits =
+ mr.metaAttribute(kSecKeyKeySizeInBits).attribute(tokenContext, record)
+ .uint32Value();
+
+ key.header().KeyAttr =
+ (mr.metaAttribute(kSecKeyPermanent).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYATTR_PERMANENT : 0)
+ | (mr.metaAttribute(kSecKeyPrivate).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYATTR_PRIVATE : 0)
+ | (mr.metaAttribute(kSecKeyModifiable).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYATTR_MODIFIABLE : 0)
+ | (mr.metaAttribute(kSecKeySensitive).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYATTR_SENSITIVE : 0)
+ | (mr.metaAttribute(kSecKeyAlwaysSensitive)
+ .attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYATTR_ALWAYS_SENSITIVE : 0)
+ | (mr.metaAttribute(kSecKeyExtractable).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYATTR_EXTRACTABLE : 0)
+ | (mr.metaAttribute(kSecKeyNeverExtractable)
+ .attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYATTR_NEVER_EXTRACTABLE : 0);
+
+ CSSM_KEYUSE usage =
+ (mr.metaAttribute(kSecKeyEncrypt).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYUSE_ENCRYPT : 0)
+ | (mr.metaAttribute(kSecKeyDecrypt).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYUSE_DECRYPT : 0)
+ | (mr.metaAttribute(kSecKeySign).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYUSE_SIGN : 0)
+ | (mr.metaAttribute(kSecKeyVerify).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYUSE_VERIFY : 0)
+ | (mr.metaAttribute(kSecKeySignRecover).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYUSE_SIGN_RECOVER : 0)
+ | (mr.metaAttribute(kSecKeyVerifyRecover)
+ .attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYUSE_VERIFY_RECOVER : 0)
+ | (mr.metaAttribute(kSecKeyWrap).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYUSE_WRAP : 0)
+ | (mr.metaAttribute(kSecKeyUnwrap).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYUSE_UNWRAP : 0)
+ | (mr.metaAttribute(kSecKeyDerive).attribute(tokenContext, record)
+ .boolValue() ? CSSM_KEYUSE_DERIVE : 0);
+ if (usage == (CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT | CSSM_KEYUSE_SIGN
+ | CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_SIGN_RECOVER
+ | CSSM_KEYUSE_VERIFY_RECOVER | CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP
+ | CSSM_KEYUSE_DERIVE))
+ usage = CSSM_KEYUSE_ANY;
+
+ key.header().KeyUsage = usage;
+
+ // Dates
+ mr.metaAttribute(kSecKeyStartDate).attribute(tokenContext, record)
+ .getDateValue(key.header().StartDate);
+ mr.metaAttribute(kSecKeyEndDate).attribute(tokenContext, record)
+ .getDateValue(key.header().EndDate);
+
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ new Attribute(&key, sizeof(key)));
+}
+
+
+//
+// LinkedRecordAttributeCoder
+//
+LinkedRecordAttributeCoder::~LinkedRecordAttributeCoder() {}
+
+void LinkedRecordAttributeCoder::decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute,
+ Tokend::Record &record)
+{
+ const Tokend::MetaAttribute *lma = NULL;
+ LinkedRecordAdornment *lra = NULL;
+ if (mCertificateMetaAttribute)
+ {
+ lma = mCertificateMetaAttribute;
+ lra = record.getAdornment<LinkedRecordAdornment>(certificateKey());
+ }
+
+ if (!lra && mPublicKeyMetaAttribute)
+ {
+ lma = mPublicKeyMetaAttribute;
+ lra = record.getAdornment<LinkedRecordAdornment>(publicKeyKey());
+ }
+
+ if (!lma || !lra)
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+
+ // Get the linked record's attribute and set it on record.
+ const Attribute &attribute = lma->attribute(tokenContext, lra->record());
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ new Attribute(attribute));
+}
+
+
+//
+// DecriptionAttributeCoder
+//
+DescriptionAttributeCoder::~DescriptionAttributeCoder()
+{
+}
+
+void DescriptionAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ new Attribute(record.description()));
+}
+
+
+//
+// DataAttributeCoder
+//
+DataAttributeCoder::~DataAttributeCoder()
+{
+}
+
+void DataAttributeCoder::decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record)
+{
+ record.attributeAtIndex(metaAttribute.attributeIndex(),
+ record.getDataAttribute(tokenContext));
+}
+
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/AttributeCoder.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/AttributeCoder.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/AttributeCoder.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,217 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * AttributeCoder.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_ATTRIBUTECODER_H_
+#define _TOKEND_ATTRIBUTECODER_H_
+
+#include <security_utilities/utilities.h>
+#include <Security/cssmtype.h>
+
+namespace Tokend
+{
+
+class MetaAttribute;
+class Record;
+class TokenContext;
+
+
+class AttributeCoder
+{
+ NOCOPY(AttributeCoder)
+public:
+ AttributeCoder() {}
+ virtual ~AttributeCoder() = 0;
+
+ virtual void decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record) = 0;
+};
+
+
+//
+// A coder that derives certificate attributes for the certificate data
+//
+class CertificateAttributeCoder : public AttributeCoder
+{
+ NOCOPY(CertificateAttributeCoder)
+public:
+ CertificateAttributeCoder() {}
+ virtual ~CertificateAttributeCoder();
+
+ virtual void decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record);
+private:
+};
+
+//
+// A coder with a constant value
+//
+class ConstAttributeCoder : public AttributeCoder
+{
+ NOCOPY(ConstAttributeCoder)
+public:
+ ConstAttributeCoder(uint32 value);
+ ConstAttributeCoder(bool value);
+ virtual ~ConstAttributeCoder();
+
+ virtual void decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record);
+private:
+ uint32 mValue;
+};
+
+
+//
+// A coder whose value is a guid.
+//
+class GuidAttributeCoder : public AttributeCoder
+{
+ NOCOPY(GuidAttributeCoder)
+public:
+ GuidAttributeCoder(const CSSM_GUID &guid);
+ virtual ~GuidAttributeCoder();
+
+ virtual void decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record);
+private:
+ const CSSM_GUID mGuid;
+};
+
+
+//
+// A coder whose value contains 0 values.
+//
+class NullAttributeCoder : public AttributeCoder
+{
+ NOCOPY(NullAttributeCoder)
+public:
+ NullAttributeCoder() {}
+ virtual ~NullAttributeCoder();
+
+ virtual void decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record);
+};
+
+
+//
+// A coder whose value contains 1 zero length value.
+//
+class ZeroAttributeCoder : public AttributeCoder
+{
+ NOCOPY(ZeroAttributeCoder)
+public:
+ ZeroAttributeCoder() {}
+ virtual ~ZeroAttributeCoder();
+
+ virtual void decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record);
+};
+
+
+//
+// A data coder for key relations
+//
+class KeyDataAttributeCoder : public AttributeCoder
+{
+ NOCOPY(KeyDataAttributeCoder)
+public:
+
+ KeyDataAttributeCoder() {}
+ virtual ~KeyDataAttributeCoder();
+
+ virtual void decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record);
+};
+
+
+//
+// A coder for private key objects value is the public key hash of a
+// certificate. Generic get an attribute of a linked record coder.
+//
+class LinkedRecordAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(LinkedRecordAttributeCoder)
+public:
+ LinkedRecordAttributeCoder() {}
+ virtual ~LinkedRecordAttributeCoder();
+
+ const void *certificateKey() const { return mCertificateMetaAttribute; }
+ const void *publicKeyKey() const { return mPublicKeyMetaAttribute; }
+
+ void setCertificateMetaAttribute(
+ const Tokend::MetaAttribute *linkedRecordMetaAttribute)
+ { mCertificateMetaAttribute = linkedRecordMetaAttribute; }
+ void setPublicKeyMetaAttribute(
+ const Tokend::MetaAttribute *linkedRecordMetaAttribute)
+ { mPublicKeyMetaAttribute = linkedRecordMetaAttribute; }
+
+ virtual void decode(Tokend::TokenContext *tokenContext,
+ const Tokend::MetaAttribute &metaAttribute,
+ Tokend::Record &record);
+
+private:
+ const Tokend::MetaAttribute *mCertificateMetaAttribute;
+ const Tokend::MetaAttribute *mPublicKeyMetaAttribute;
+};
+
+
+//
+// A coder that reads the description of an object
+//
+class DescriptionAttributeCoder : public AttributeCoder
+{
+ NOCOPY(DescriptionAttributeCoder)
+public:
+
+ DescriptionAttributeCoder() {}
+ virtual ~DescriptionAttributeCoder();
+
+ virtual void decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record);
+};
+
+
+//
+// A coder that reads the data of an object
+//
+class DataAttributeCoder : public Tokend::AttributeCoder
+{
+ NOCOPY(DataAttributeCoder)
+public:
+
+ DataAttributeCoder() {}
+ virtual ~DataAttributeCoder();
+
+ virtual void decode(TokenContext *tokenContext,
+ const MetaAttribute &metaAttribute, Record &record);
+};
+
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_ATTRIBUTECODER_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/Cursor.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Cursor.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Cursor.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,189 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Cursor.cpp
+ * TokendMuscle
+ */
+
+#include "Cursor.h"
+
+#include "MetaRecord.h"
+#include "Record.h"
+#include "RecordHandle.h"
+#include "Relation.h"
+#include "Token.h"
+#include "SelectionPredicate.h"
+
+namespace Tokend
+{
+
+#pragma mark ---------------- Cursor methods --------------
+
+//
+// Cursor implemetation
+//
+Cursor::Cursor()
+{
+}
+
+Cursor::~Cursor()
+{
+}
+
+//
+// LinearCursor implemetation
+//
+LinearCursor::LinearCursor(const CSSM_QUERY *inQuery,
+ const Relation &inRelation) :
+ mIterator(inRelation.begin()),
+ mEnd(inRelation.end()),
+ mMetaRecord(inRelation.metaRecord())
+{
+ mConjunctive = inQuery->Conjunctive;
+ mQueryFlags = inQuery->QueryFlags;
+ // @@@ Do something with inQuery->QueryLimits?
+ uint32 aPredicatesCount = inQuery->NumSelectionPredicates;
+ mPredicates.resize(aPredicatesCount);
+ try
+ {
+ for (uint32 anIndex = 0; anIndex < aPredicatesCount; anIndex++)
+ {
+ CSSM_SELECTION_PREDICATE &aPredicate =
+ inQuery->SelectionPredicate[anIndex];
+ mPredicates[anIndex] =
+ new SelectionPredicate(mMetaRecord, aPredicate);
+ }
+ }
+ catch (...)
+ {
+ for_each_delete(mPredicates.begin(), mPredicates.end());
+ throw;
+ }
+}
+
+LinearCursor::~LinearCursor()
+{
+ for_each_delete(mPredicates.begin(), mPredicates.end());
+}
+
+RecordHandle *LinearCursor::next(TokenContext *tokenContext)
+{
+ while (mIterator != mEnd)
+ {
+ RefPointer<Record> rec = *mIterator;
+ ++mIterator;
+
+ PredicateVector::const_iterator anIt = mPredicates.begin();
+ PredicateVector::const_iterator anEnd = mPredicates.end();
+ bool aMatch;
+ if (anIt == anEnd) // If there are no predicates we have a match.
+ aMatch = true;
+ else if (mConjunctive == CSSM_DB_OR)
+ {
+ // If mConjunctive is OR, the first predicate that returns
+ // true indicates a match. Dropthough means no match
+ aMatch = false;
+ for (; anIt != anEnd; anIt++)
+ {
+ if ((*anIt)->evaluate(tokenContext, *rec))
+ {
+ aMatch = true;
+ break;
+ }
+ }
+ }
+ else if (mConjunctive == CSSM_DB_AND || mConjunctive == CSSM_DB_NONE)
+ {
+ // If mConjunctive is AND (or NONE), the first predicate that
+ // returns false indicates a mismatch. Dropthough means a match.
+ aMatch = true;
+ for (; anIt != anEnd; anIt++)
+ {
+ if (!(*anIt)->evaluate(tokenContext, *rec))
+ {
+ aMatch = false;
+ break;
+ }
+ }
+ }
+ else
+ {
+ CssmError::throwMe(CSSMERR_DL_INVALID_QUERY);
+ }
+
+ if (aMatch)
+ return new RecordHandle(mMetaRecord, rec);
+ }
+
+ return NULL;
+}
+
+#pragma mark ---------------- MultiCursor methods --------------
+
+MultiCursor::MultiCursor(const CSSM_QUERY *inQuery, const Schema &inSchema) :
+ mRelationIterator(inSchema.begin()),
+ mRelationEnd(inSchema.end())
+{
+ if (inQuery)
+ mQuery.reset(new CssmAutoQuery(*inQuery));
+ else
+ {
+ mQuery.reset(new CssmAutoQuery());
+ mQuery->recordType(CSSM_DL_DB_RECORD_ANY);
+ }
+}
+
+MultiCursor::~MultiCursor()
+{
+}
+
+RecordHandle *MultiCursor::next(TokenContext *tokenContext)
+{
+ RecordHandle *result = NULL;
+ for (;;)
+ {
+ if (!mCursor.get())
+ {
+ if (mRelationIterator == mRelationEnd)
+ return NULL;
+
+ const Relation &aRelation = *(mRelationIterator->second);
+ ++mRelationIterator;
+ if (!aRelation.matchesId(mQuery->recordType()))
+ continue;
+
+ mCursor.reset(new LinearCursor(mQuery.get(), aRelation));
+ }
+
+ if ((result = mCursor->next(tokenContext)))
+ return result;
+
+ mCursor.reset(NULL);
+ }
+}
+
+
+} // end namespace Tokend
+
+
Added: releases/Apple/OSX-10.6.7/Tokend/Cursor.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Cursor.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Cursor.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Cursor.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_CURSOR_H_
+#define _TOKEND_CURSOR_H_
+
+#include "Relation.h"
+#include "Schema.h"
+#include <security_cdsa_utilities/handleobject.h>
+#include <vector>
+
+namespace Tokend
+{
+
+class MetaRecord;
+class RecordHandle;
+class Relation;
+class SelectionPredicate;
+
+class Cursor : public HandleObject
+{
+ NOCOPY(Cursor)
+public:
+ Cursor();
+ virtual ~Cursor() = 0;
+ virtual RecordHandle *next(TokenContext *tokenContext) = 0;
+};
+
+class LinearCursor : public Cursor
+{
+ NOCOPY(LinearCursor)
+public:
+ LinearCursor(const CSSM_QUERY *inQuery, const Relation &inRelation);
+ virtual ~LinearCursor();
+ virtual RecordHandle *next(TokenContext *tokenContext);
+
+private:
+ Relation::const_iterator mIterator;
+ Relation::const_iterator mEnd;
+
+ const MetaRecord &mMetaRecord;
+
+ CSSM_DB_CONJUNCTIVE mConjunctive;
+
+ // If CSSM_QUERY_RETURN_DATA is set return the raw key bits
+ CSSM_QUERY_FLAGS mQueryFlags;
+ typedef vector<SelectionPredicate *> PredicateVector;
+
+ PredicateVector mPredicates;
+};
+
+class MultiCursor : public Cursor
+{
+ NOCOPY(MultiCursor)
+public:
+ MultiCursor(const CSSM_QUERY *inQuery, const Schema &inSchema);
+ virtual ~MultiCursor();
+ virtual RecordHandle *next(TokenContext *tokenContext);
+
+private:
+ Schema::ConstRelationMapIterator mRelationIterator;
+ Schema::ConstRelationMapIterator mRelationEnd;
+ auto_ptr<CssmAutoQuery> mQuery;
+ auto_ptr<Cursor> mCursor;
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_CURSOR_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/Tokend/DbValue.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/DbValue.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/DbValue.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,458 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * DbValue.cpp
+ * TokendMuscle
+ */
+
+#include "DbValue.h"
+#include <ctype.h>
+
+// @@@ missing "pack" methods with WriteSection parameter
+
+namespace Tokend
+{
+
+//
+// DbValue
+//
+DbValue::DbValue()
+{
+}
+
+DbValue::~DbValue()
+{
+}
+
+UInt32Value::UInt32Value(const CSSM_DATA &data)
+{
+ switch (data.Length)
+ {
+ case 1: mValue = *reinterpret_cast<uint8 *>(data.Data); break;
+ case 2: mValue = *reinterpret_cast<uint16 *>(data.Data); break;
+ case 4: mValue = *reinterpret_cast<uint32 *>(data.Data); break;
+ default:
+ CssmError::throwMe(CSSMERR_DL_INVALID_VALUE);
+ }
+}
+
+UInt32Value::~UInt32Value()
+{
+}
+
+//
+// SInt32Value
+//
+
+SInt32Value::SInt32Value(const CSSM_DATA &data)
+{
+ switch (data.Length)
+ {
+ case 1: mValue = *reinterpret_cast<sint8 *>(data.Data); break;
+ case 2: mValue = *reinterpret_cast<sint16 *>(data.Data); break;
+ case 4: mValue = *reinterpret_cast<sint32 *>(data.Data); break;
+ default:
+ CssmError::throwMe(CSSMERR_DL_INVALID_VALUE);
+ }
+}
+
+SInt32Value::~SInt32Value()
+{
+}
+
+//
+// DoubleValue
+//
+
+DoubleValue::DoubleValue(const CSSM_DATA &data)
+{
+ switch (data.Length)
+ {
+ case 4: mValue = *reinterpret_cast<float *>(data.Data); break;
+ case 8: mValue = *reinterpret_cast<double *>(data.Data); break;
+ default:
+ CssmError::throwMe(CSSMERR_DL_INVALID_VALUE);
+ }
+}
+
+DoubleValue::~DoubleValue()
+{
+}
+
+//
+// BlobValue
+//
+
+BlobValue::BlobValue(const CSSM_DATA &data) : CssmData(CssmData::overlay(data))
+{
+}
+
+BlobValue::~BlobValue()
+{
+}
+
+BlobValue::Comparator::~Comparator()
+{
+}
+
+int
+BlobValue::Comparator::operator ()(const uint8 *ptr1, const uint8 *ptr2,
+ uint32 length)
+{
+ return memcmp(ptr1, ptr2, length);
+}
+
+bool
+BlobValue::evaluate(const BlobValue &other, CSSM_DB_OPERATOR op) const
+{
+ return evaluate(*this, other, op, Comparator());
+}
+
+bool
+BlobValue::evaluate(const CssmData &inData1, const CssmData &inData2,
+ CSSM_DB_OPERATOR op, Comparator compare)
+{
+ uint32 length1 = inData1.Length, length2 = inData2.Length;
+ const uint8 *data1 = inData1.Data;
+ const uint8 *data2 = inData2.Data;
+
+ switch (op) {
+
+ case CSSM_DB_CONTAINS_INITIAL_SUBSTRING:
+ if (length1 > length2)
+ return false;
+ length2 = length1;
+ goto DB_EQUAL;
+
+ case CSSM_DB_CONTAINS_FINAL_SUBSTRING:
+ if (length1 > length2)
+ return false;
+ data2 += (length2 - length1);
+ length2 = length1;
+ // dropthrough...
+
+ case CSSM_DB_EQUAL:
+ DB_EQUAL:
+ if (length1 != length2)
+ return false;
+ if (length1 == 0)
+ return true;
+ return compare(data1, data2, length1) == 0;
+
+ case CSSM_DB_NOT_EQUAL:
+ if (length1 != length2)
+ return true;
+ if (length1 == 0)
+ return false;
+ return compare(data1, data2, length1) != 0;
+
+ case CSSM_DB_LESS_THAN:
+ case CSSM_DB_GREATER_THAN:
+ {
+ uint32 length = min(length1, length2);
+ int result = (length == 0) ? 0 : compare(data1, data2, length);
+
+ if (result < 0 || (result == 0 && length1 < length2))
+ return op == CSSM_DB_LESS_THAN;
+ else if (result > 0 || (result == 0 && length1 > length2))
+ return op == CSSM_DB_GREATER_THAN;
+ break;
+ }
+
+ case CSSM_DB_CONTAINS:
+ if (length1 > length2)
+ return false;
+ if (length1 == 0)
+ return true;
+ // Both buffers are at least 1 byte long.
+ for (const uint8 *data = data2; data + length1 <= data2 + length2;
+ ++data)
+ if (compare(data1, data, length1) == 0)
+ return true;
+ break;
+
+ default:
+ CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY);
+ }
+
+ return false;
+}
+
+//
+// TimeDateValue
+//
+
+TimeDateValue::TimeDateValue(const CSSM_DATA &data)
+: BlobValue(data)
+{
+ if (Length != kTimeDateSize || !isValidDate())
+ CssmError::throwMe(CSSMERR_DL_INVALID_VALUE);
+}
+
+TimeDateValue::~TimeDateValue()
+{
+}
+
+bool
+TimeDateValue::isValidDate() const
+{
+ if (Length != kTimeDateSize || Data[kTimeDateSize - 1] != 0 ||
+ Data[kTimeDateSize - 2] != 'Z')
+ return false;
+
+ for (uint32 i = 0; i < kTimeDateSize - 2; i++)
+ if (!isdigit(Data[i]))
+ return false;
+
+ uint32 month = rangeValue(4, 2);
+ if (month < 1 || month > 12)
+ return false;
+
+ uint32 day = rangeValue(6, 2);
+ if (day < 1 || day > 31)
+ return false;
+
+ uint32 hour = rangeValue(8, 2);
+ if (hour < 0 || hour > 23)
+ return false;
+
+ uint32 minute = rangeValue(10, 2);
+ if (minute < 0 || minute > 59)
+ return false;
+
+ uint32 second = rangeValue(12, 2);
+ if (second < 0 || second > 59)
+ return false;
+
+ return true;
+}
+
+uint32
+TimeDateValue::rangeValue(uint32 start, uint32 length) const
+{
+ uint32 value = 0;
+ for (uint32 i = 0; i < length; i++)
+ value = value * 10 + Data[start + i] - '0';
+ return value;
+}
+
+//
+// StringValue
+//
+
+StringValue::StringValue(const CSSM_DATA &data)
+: BlobValue(data)
+{
+}
+
+StringValue::~StringValue()
+{
+}
+
+int
+StringValue::Comparator::operator ()(const uint8 *ptr1, const uint8 *ptr2,
+ uint32 length)
+{
+ return strncmp(reinterpret_cast<const char *>(ptr1),
+ reinterpret_cast<const char *>(ptr2), length);
+}
+
+bool
+StringValue::evaluate(const StringValue &other, CSSM_DB_OPERATOR op) const
+{
+ return BlobValue::evaluate(*this, other, op, StringValue::Comparator());
+}
+
+//
+// BigNumValue
+//
+
+BigNumValue::BigNumValue(const CSSM_DATA &data)
+: BlobValue(data)
+{
+ // remove trailing zero bytes
+ while (Length > 1 && Data[Length - 1] == 0)
+ Length--;
+
+ // if the number is zero (positive or negative), make the length zero
+ if (Length == 1 && (Data[0] & ~kSignBit) == 0)
+ Length = 0;
+}
+
+BigNumValue::~BigNumValue()
+{
+}
+
+// Walk the contents of two equal-sized bignums, moving backward
+// from the high-order bytes, and return the comparison result
+// ala memcmp.
+
+int
+BigNumValue::compare(const uint8 *a, const uint8 *b, int length)
+{
+ for (int diff, i = length - 1; i >= 1; i--)
+ if ((diff = a[i] - b[i]))
+ return diff;
+
+ // for the last (i.e. first) byte, mask out the sign bit
+ return (a[0] & ~kSignBit) - (b[0] & ~kSignBit);
+}
+
+// Compare two bignums, assuming they are in canonical form (i.e.,
+// no bytes containing trailing zeros.
+
+bool
+BigNumValue::evaluate(const BigNumValue &other, CSSM_DB_OPERATOR op) const
+{
+ uint32 length1 = Length, length2 = other.Length;
+ uint8 sign1 = length1 ? (Data[0] & kSignBit) : 0;
+ uint8 sign2 = length2 ? (other.Data[0] & kSignBit) : 0;
+
+ switch (op)
+ {
+ case CSSM_DB_EQUAL:
+ case CSSM_DB_NOT_EQUAL:
+ return BlobValue::evaluate(other, op);
+
+ case CSSM_DB_LESS_THAN:
+ if (sign1 ^ sign2)
+ // different signs: return true iff left value is the negative one
+ return sign1;
+ else if (length1 != length2)
+ // in canonical form, shorter numbers have smaller absolute value
+ return sign1 ? (length1 > length2) : (length1 < length2);
+ else {
+ // same length, same sign...
+ int c = compare(Data, other.Data, length1);
+ return sign1 ? (c > 0) : (c < 0);
+ }
+ break;
+
+ case CSSM_DB_GREATER_THAN:
+ if (sign1 ^ sign2)
+ return sign2;
+ else if (length1 != length2)
+ return sign1 ? (length1 < length2) : (length1 > length2);
+ else {
+ int c = compare(Data, other.Data, length1);
+ return sign1 ? (c < 0) : (c > 0);
+ }
+ break;
+
+ case CSSM_DB_CONTAINS:
+ case CSSM_DB_CONTAINS_INITIAL_SUBSTRING:
+ case CSSM_DB_CONTAINS_FINAL_SUBSTRING:
+ default:
+ CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY);
+ }
+}
+
+//
+// MultiUInt32Value
+//
+
+MultiUInt32Value::MultiUInt32Value(const CSSM_DATA &data)
+{
+ if (data.Length & (sizeof(uint32) - 1))
+ CssmError::throwMe(CSSMERR_DL_INVALID_VALUE);
+
+ mNumValues = data.Length / sizeof(uint32);
+ mValues = reinterpret_cast<uint32 *>(data.Data);
+ mOwnsValues = false;
+}
+
+MultiUInt32Value::~MultiUInt32Value()
+{
+ if (mOwnsValues)
+ delete [] mValues;
+}
+
+static inline int
+uint32cmp(const uint32 *a, const uint32 *b, uint32 length)
+{
+ return memcmp(a, b, length * sizeof(uint32));
+}
+
+bool
+MultiUInt32Value::evaluate(const MultiUInt32Value &other,
+ CSSM_DB_OPERATOR op) const
+{
+ uint32 length1 = mNumValues, length2 = other.mNumValues;
+ const uint32 *values1 = mValues;
+ const uint32 *values2 = other.mValues;
+
+ switch (op)
+ {
+ case CSSM_DB_EQUAL:
+ if (length1 == length2)
+ return uint32cmp(values1, values2, length1) == 0;
+ break;
+
+ case CSSM_DB_NOT_EQUAL:
+ if (length1 != length2 || uint32cmp(values1, values2, length1))
+ return true;
+ break;
+
+ case CSSM_DB_CONTAINS_INITIAL_SUBSTRING:
+ if (length1 <= length2)
+ return uint32cmp(values1, values2, length1) == 0;
+ break;
+
+ case CSSM_DB_CONTAINS_FINAL_SUBSTRING:
+ if (length1 <= length2)
+ return uint32cmp(values1, values2 + (length2 - length1), length1)
+ == 0;
+ break;
+
+ case CSSM_DB_CONTAINS:
+ if (length1 <= length2) {
+
+ if (length1 == 0)
+ return true;
+
+ for (const uint32 *values = values2;
+ values + length1 < values2 + length2; values++)
+ if (uint32cmp(values1, values, length1) == 0)
+ return true;
+ }
+ break;
+
+ case CSSM_DB_LESS_THAN:
+ // this is not required by the spec, but is required to sort indexes
+ // over multi uint32 keys...
+ if (length1 < length2)
+ return true;
+ else if (length1 == length2)
+ return uint32cmp(values1, values2, length1) < 0;
+ break;
+
+ default:
+ CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY);
+ }
+
+ return false;
+}
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/DbValue.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/DbValue.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/DbValue.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,206 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * DbValue.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_DBVALUE_H_
+#define _TOKEND_DBVALUE_H_
+
+#include <security_cdsa_utilities/cssmdata.h>
+#include <security_cdsa_utilities/cssmdb.h>
+#include <Security/cssmerr.h>
+#include <map>
+#include <vector>
+
+namespace Tokend
+{
+
+//
+// DbValue -- A base class for all types of database values.
+//
+class DbValue
+{
+ NOCOPY(DbValue)
+public:
+ DbValue();
+ virtual ~DbValue() = 0;
+};
+
+// A collection of subclasses of DbValue that work for simple
+// data types, e.g. uint32, sint32, and double, that have
+// the usual C comparison and sizeof operations. Defining this
+// template saves typing below.
+
+template <class T>
+class BasicValue : public DbValue
+{
+ NOCOPY(BasicValue)
+public:
+ BasicValue() {}
+ BasicValue(T value) : mValue(value) {}
+
+ bool evaluate(const BasicValue<T> &other, CSSM_DB_OPERATOR op) const
+ {
+ switch (op)
+ {
+ case CSSM_DB_EQUAL: return mValue == other.mValue;
+ case CSSM_DB_NOT_EQUAL: return mValue != other.mValue;
+ case CSSM_DB_LESS_THAN: return mValue < other.mValue;
+ case CSSM_DB_GREATER_THAN: return mValue > other.mValue;
+ default: CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY);
+ }
+ }
+
+ size_t size() const { return sizeof(T); }
+ const uint8 *bytes() const
+ { return reinterpret_cast<const uint8 *>(&mValue); }
+
+protected:
+ T mValue;
+};
+
+// Actual useful subclasses of DbValue as instances of BasicValue.
+// Note that all of these require a constructor of the form
+// (const ReadSection &, uint32 &offset) that advances the offset
+// to just after the value.
+
+class UInt32Value : public BasicValue<uint32>
+{
+ NOCOPY(UInt32Value)
+public:
+ UInt32Value(const CSSM_DATA &data);
+ virtual ~UInt32Value();
+};
+
+class SInt32Value : public BasicValue<sint32>
+{
+ NOCOPY(SInt32Value)
+public:
+ SInt32Value(const CSSM_DATA &data);
+ virtual ~SInt32Value();
+};
+
+class DoubleValue : public BasicValue<double>
+{
+ NOCOPY(DoubleValue)
+public:
+ DoubleValue(const CSSM_DATA &data);
+ virtual ~DoubleValue();
+};
+
+// Subclasses of Value for more complex types.
+
+class BlobValue : public DbValue, public CssmData
+{
+ NOCOPY(BlobValue)
+public:
+ BlobValue() {}
+ BlobValue(const CSSM_DATA &data);
+ virtual ~BlobValue();
+ bool evaluate(const BlobValue &other, CSSM_DB_OPERATOR op) const;
+
+ size_t size() const { return Length; }
+ const uint8 *bytes() const { return Data; }
+
+protected:
+ class Comparator {
+ public:
+ virtual ~Comparator();
+ virtual int operator ()(const uint8 *ptr1, const uint8 *ptr2,
+ uint32 length);
+ };
+
+ static bool evaluate(const CssmData &data1, const CssmData &data2,
+ CSSM_DB_OPERATOR op, Comparator compare);
+};
+
+class TimeDateValue : public BlobValue
+{
+ NOCOPY(TimeDateValue)
+public:
+ enum { kTimeDateSize = 16 };
+
+ TimeDateValue(const CSSM_DATA &data);
+ virtual ~TimeDateValue();
+
+ bool isValidDate() const;
+
+private:
+ uint32 rangeValue(uint32 start, uint32 length) const;
+};
+
+class StringValue : public BlobValue
+{
+ NOCOPY(StringValue)
+public:
+ StringValue(const CSSM_DATA &data);
+ virtual ~StringValue();
+ bool evaluate(const StringValue &other, CSSM_DB_OPERATOR op) const;
+
+private:
+ class Comparator : public BlobValue::Comparator {
+ public:
+ virtual int operator ()(const uint8 *ptr1, const uint8 *ptr2,
+ uint32 length);
+ };
+
+};
+
+class BigNumValue : public BlobValue
+{
+ NOCOPY(BigNumValue)
+public:
+ static const uint8 kSignBit = 0x80;
+
+ BigNumValue(const CSSM_DATA &data);
+ virtual ~BigNumValue();
+ bool evaluate(const BigNumValue &other, CSSM_DB_OPERATOR op) const;
+
+private:
+ static int compare(const uint8 *a, const uint8 *b, int length);
+};
+
+class MultiUInt32Value : public DbValue
+{
+ NOCOPY(MultiUInt32Value)
+public:
+ MultiUInt32Value(const CSSM_DATA &data);
+ virtual ~MultiUInt32Value();
+ bool evaluate(const MultiUInt32Value &other, CSSM_DB_OPERATOR op) const;
+
+ size_t size() const { return mNumValues * sizeof(uint32); }
+ const uint8 *bytes() const { return reinterpret_cast<uint8 *>(mValues); }
+
+private:
+ uint32 mNumValues;
+ uint32 *mValues;
+ bool mOwnsValues;
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_DBVALUE_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/KeyHandle.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/KeyHandle.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/KeyHandle.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,158 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * KeyHandle.cpp
+ * TokendMuscle
+ */
+
+#include "KeyHandle.h"
+
+namespace Tokend
+{
+
+//
+// KeyHandle
+//
+KeyHandle::KeyHandle(const MetaRecord &metaRecord,
+ const RefPointer<Record> &record) :
+ RecordHandle(metaRecord, record)
+{
+}
+
+KeyHandle::~KeyHandle()
+{
+}
+
+void KeyHandle::wrapUsingKey(const Context &context,
+ const AccessCredentials *cred, KeyHandle *wrappingKeyHandle,
+ const CssmKey *wrappingKey, const CssmData *descriptiveData,
+ CssmKey &wrappedKey)
+{
+ /* We are being asked to wrap this key using another key. */
+ secdebug("crypto", "wrapKey alg: %u", context.algorithm());
+ IFDUMPING("crypto", context.dump("wrapKey context"));
+ if (wrappingKeyHandle)
+ {
+ secdebug("tokend",
+ "wrapKey of a reference key using a reference key not supported");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ }
+
+ /* First export the key from the card. */
+ exportKey(context, cred, wrappedKey);
+
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void KeyHandle::wrapKey(const Context &context, const CssmKey &subjectKey,
+ const CssmData *descriptiveData, CssmKey &wrappedKey)
+{
+ /* We are being asked to wrap a raw subject key using a key on the card. */
+ secdebug("tokend", "wrapKey of a raw subject key not supported");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void KeyHandle::unwrapKey(const Context &context,
+ const AccessCredentials *cred, const AclEntryPrototype *access,
+ const CssmKey &wrappedKey, CSSM_KEYUSE usage,
+ CSSM_KEYATTR_FLAGS attributes, CssmData *descriptiveData,
+ CSSM_HANDLE &hUnwrappedKey, CssmKey &unwrappedKey)
+{
+ secdebug("crypto", "unwrapKey alg: %u", context.algorithm());
+ IFDUMPING("crypto", context.dump("unwrapKey context"));
+#if 0
+ /* Make sure our key type matches the context type */
+ if (keyClass() == CSSM_KEYCLASS_SESSION_KEY)
+ {
+ if (context.type() != CSSM_ALGCLASS_SYMMETRIC))
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+ }
+ else
+#endif
+ if (context.type() != CSSM_ALGCLASS_ASYMMETRIC)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_CONTEXT);
+
+ /* validate wrappedKey */
+ if (wrappedKey.keyClass() != CSSM_KEYCLASS_SESSION_KEY)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
+
+ if(wrappedKey.blobType() != CSSM_KEYBLOB_WRAPPED)
+ CssmError::throwMe(CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT);
+
+ /* validate requested storage and usage */
+ if (!(attributes & CSSM_KEYATTR_RETURN_DATA)
+ || (attributes & (CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_RETURN_NONE
+ | CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_PRIVATE)) != 0)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+
+ /* prepare outgoing header */
+ CssmKey::Header &hdr = unwrappedKey.header();
+ hdr.clearPod();
+ hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
+ hdr.cspGuid(gGuidAppleSdCSPDL);
+ hdr.blobType(CSSM_KEYBLOB_RAW);
+ hdr.algorithm(wrappedKey.algorithm());
+ hdr.keyClass(wrappedKey.keyClass());
+ hdr.KeyUsage = usage;
+ hdr.KeyAttr = attributes & ~(CSSM_KEYATTR_RETURN_DATA
+ | CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_RETURN_NONE);
+
+ // defaults (change as needed)
+ hdr.StartDate = wrappedKey.header().StartDate;
+ hdr.EndDate = wrappedKey.header().EndDate;
+ unwrappedKey.KeyData.Data = NULL; // ignore possible incoming KeyData
+ unwrappedKey.KeyData.Length = 0;
+
+ /* validate wrappedKey format */
+ if (wrappedKey.blobFormat() != CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7)
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_WRAPPED_KEY_FORMAT);
+
+ /* There is no descriptiveData in a PKCS7 wrapped blob. */
+ if (descriptiveData)
+ {
+ descriptiveData->Data = NULL;
+ descriptiveData->Length = 0;
+ }
+
+ /* Decrypt the key blob. */
+ decrypt(context, wrappedKey.keyData(), unwrappedKey.keyData());
+
+ /* We are assuming a CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7 from here on. */
+ hdr.blobFormat(CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING);
+ hdr.LogicalKeySizeInBits = unwrappedKey.length() * 8;
+}
+
+
+
+//
+// KeyHandleFactory
+//
+KeyHandleFactory::~KeyHandleFactory()
+{
+}
+
+
+} // end namespace Tokend
+
+
Added: releases/Apple/OSX-10.6.7/Tokend/KeyHandle.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/KeyHandle.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/KeyHandle.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * KeyHandle.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_KEYHANDLE_H_
+#define _TOKEND_KEYHANDLE_H_
+
+#include "RecordHandle.h"
+
+#include <security_cdsa_utilities/handleobject.h>
+#include <security_cdsa_utilities/context.h>
+#include <security_cdsa_utilities/cssmaclpod.h>
+
+namespace Tokend
+{
+
+class MetaRecord;
+class Record;
+class TokenContext;
+
+
+//
+// A (nearly pure virtual) KeyHandle object which implements the crypto
+// interface.
+//
+class KeyHandle : public RecordHandle
+{
+ NOCOPY(KeyHandle)
+public:
+ KeyHandle(const MetaRecord &metaRecord, const RefPointer<Record> &record);
+ ~KeyHandle();
+
+ virtual void getKeySize(CSSM_KEY_SIZE &keySize) = 0;
+ virtual uint32 getOutputSize(const Context &context, uint32 inputSize,
+ bool encrypting) = 0;
+ virtual void generateSignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input,
+ CssmData &signature) = 0;
+ virtual void verifySignature(const Context &context,
+ CSSM_ALGORITHMS signOnly, const CssmData &input,
+ const CssmData &signature) = 0;
+ virtual void generateMac(const Context &context, const CssmData &input,
+ CssmData &output) = 0;
+ virtual void verifyMac(const Context &context, const CssmData &input,
+ const CssmData &compare) = 0;
+ virtual void encrypt(const Context &context, const CssmData &clear,
+ CssmData &cipher) = 0;
+ virtual void decrypt(const Context &context, const CssmData &cipher,
+ CssmData &clear) = 0;
+
+ virtual void exportKey(const Context &context,
+ const AccessCredentials *cred, CssmKey &wrappedKey) = 0;
+
+ virtual void wrapUsingKey(const Context &context,
+ const AccessCredentials *cred, KeyHandle *wrappingKeyHandle,
+ const CssmKey *wrappingKey, const CssmData *descriptiveData,
+ CssmKey &wrappedKey);
+ virtual void wrapKey(const Context &context, const CssmKey &subjectKey,
+ const CssmData *descriptiveData, CssmKey &wrappedKey);
+ virtual void unwrapKey(const Context &context,
+ const AccessCredentials *cred, const AclEntryPrototype *access,
+ const CssmKey &wrappedKey, CSSM_KEYUSE usage,
+ CSSM_KEYATTR_FLAGS attributes, CssmData *descriptiveData,
+ CSSM_HANDLE &hUnwrappedKey, CssmKey &unwrappedKey);
+private:
+};
+
+
+//
+// A (pure virtual) factory that creates KeyHandle objects.
+//
+class KeyHandleFactory
+{
+ NOCOPY(KeyHandleFactory)
+public:
+ KeyHandleFactory() {}
+ virtual ~KeyHandleFactory() = 0;
+
+ virtual KeyHandle *keyHandle(TokenContext *tokenContext,
+ const MetaRecord &metaRecord, Record &record) const = 0;
+};
+
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_KEYHANDLE_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/Tokend/MetaAttribute.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/MetaAttribute.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/MetaAttribute.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MetaAttribute.cpp
+ * TokendMuscle
+ */
+
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include "Record.h"
+#include "DbValue.h"
+#include "DbValue.h"
+
+namespace Tokend
+{
+
+MetaAttribute::~MetaAttribute()
+{
+}
+
+// Construct an instance of an appropriate subclass of MetaAttribute based on
+// the given format. Called in MetaRecord.cpp createAttribute.
+MetaAttribute *MetaAttribute::create(MetaRecord& metaRecord, Format format,
+ uint32 attributeIndex, uint32 attributeId)
+{
+ switch (format)
+ {
+ case kAF_STRING:
+ return new TypedMetaAttribute<StringValue>(metaRecord, format,
+ attributeIndex, attributeId);
+
+ case kAF_SINT32:
+ return new TypedMetaAttribute<SInt32Value>(metaRecord, format,
+ attributeIndex, attributeId);
+
+ case kAF_UINT32:
+ return new TypedMetaAttribute<UInt32Value>(metaRecord, format,
+ attributeIndex, attributeId);
+
+ case kAF_BIG_NUM:
+ return new TypedMetaAttribute<BigNumValue>(metaRecord, format,
+ attributeIndex, attributeId);
+
+ case kAF_REAL:
+ return new TypedMetaAttribute<DoubleValue>(metaRecord, format,
+ attributeIndex, attributeId);
+
+ case kAF_TIME_DATE:
+ return new TypedMetaAttribute<TimeDateValue>(metaRecord, format,
+ attributeIndex, attributeId);
+
+ case kAF_BLOB:
+ return new TypedMetaAttribute<BlobValue>(metaRecord, format,
+ attributeIndex, attributeId);
+
+ case kAF_MULTI_UINT32:
+ return new TypedMetaAttribute<MultiUInt32Value>(metaRecord, format,
+ attributeIndex, attributeId);
+
+ case kAF_COMPLEX:
+ default:
+ CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_FIELD_FORMAT);
+ }
+}
+
+const Attribute &
+MetaAttribute::attribute(TokenContext *tokenContext, Record &record) const
+{
+ if (!record.hasAttributeAtIndex(mAttributeIndex))
+ {
+ if (!mCoder)
+ {
+ secdebug("coder",
+ "No coder for r: %p rid: 0x%08X aid: %u aix: %u",
+ &record, mMetaRecord.relationId(), mAttributeId,
+ mAttributeIndex);
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+ }
+
+ secdebug("coder",
+ "Asking coder %p for r: %p rid: 0x%08X aid: %u aix: %u",
+ mCoder, &record, mMetaRecord.relationId(), mAttributeId,
+ mAttributeIndex);
+ mCoder->decode(tokenContext, *this, record);
+
+ // The coder had better put something useful in the attribute we asked it to.
+ if (!record.hasAttributeAtIndex(mAttributeIndex))
+ {
+ secdebug("coder",
+ "Coder %p did not set r: %p rid: 0x%08X aid: %u aix: %u",
+ mCoder, &record, mMetaRecord.relationId(), mAttributeId,
+ mAttributeIndex);
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+ }
+ }
+
+ const Attribute &attribute = record.attributeAtIndex(mAttributeIndex);
+#ifndef NDEBUG
+ if (attribute.size() == 1)
+ secdebug("mscread",
+ "r: %p rid: 0x%08X aid: %u aix: %u has: 1 value of length: %lu",
+ &record, mMetaRecord.relationId(), mAttributeId, mAttributeIndex,
+ attribute[0].Length);
+ else
+ secdebug("mscread",
+ "r: %p rid: 0x%08X aid: %u aix: %u has: %u values",
+ &record, mMetaRecord.relationId(), mAttributeId, mAttributeIndex,
+ attribute.size());
+#endif
+
+ return attribute;
+}
+
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/MetaAttribute.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/MetaAttribute.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/MetaAttribute.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MetaAttribute.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_METAATTRIBUTE_H_
+#define _TOKEND_METAATTRIBUTE_H_
+
+#include <Security/cssmtype.h>
+#include <security_utilities/utilities.h>
+#include "Attribute.h"
+
+namespace Tokend
+{
+
+class Attribute;
+class AttributeCoder;
+class DbValue;
+class MetaRecord;
+class Record;
+class TokenContext;
+
+// A base class for all meta attributes.
+
+class MetaAttribute
+{
+ NOCOPY(MetaAttribute)
+public:
+ typedef CSSM_DB_ATTRIBUTE_FORMAT Format;
+
+ virtual ~MetaAttribute();
+
+ // construct an appropriate subclass of MetaAttribute
+ static MetaAttribute *create(MetaRecord& metaRecord, Format format,
+ uint32 attributeIndex, uint32 attributeId);
+
+ void attributeCoder(AttributeCoder *coder) { mCoder = coder; }
+
+ Format attributeFormat() const { return mFormat; }
+ uint32 attributeIndex() const { return mAttributeIndex; }
+ uint32 attributeId() const { return mAttributeId; }
+
+ const Attribute &attribute(TokenContext *tokenContext,
+ Record &record) const;
+
+ const MetaRecord &metaRecord() const { return mMetaRecord; }
+
+ // interface required of all subclasses, implemented with templates below
+ virtual DbValue *createValue(const CSSM_DATA &data) const = 0;
+
+ virtual bool evaluate(TokenContext *tokenContext, const DbValue *value,
+ Record& record, CSSM_DB_OPERATOR op) const = 0;
+
+protected:
+ MetaAttribute(MetaRecord& metaRecord, Format format, uint32 attributeIndex,
+ uint32 attributeId)
+ : mCoder(NULL), mMetaRecord(metaRecord), mFormat(format),
+ mAttributeIndex(attributeIndex), mAttributeId(attributeId) {}
+
+ AttributeCoder *mCoder;
+ MetaRecord &mMetaRecord;
+ Format mFormat;
+ uint32 mAttributeIndex;
+ uint32 mAttributeId;
+};
+
+// Template used to describe particular subclasses of MetaAttribute
+
+template <class T>
+class TypedMetaAttribute : public MetaAttribute
+{
+public:
+ TypedMetaAttribute(MetaRecord& metaRecord, Format format,
+ uint32 attributeIndex, uint32 attributeId)
+ : MetaAttribute(metaRecord, format, attributeIndex, attributeId) {}
+
+ DbValue *createValue(const CSSM_DATA &data) const
+ {
+ return new T(data);
+ }
+
+ bool evaluate(TokenContext *tokenContext, const DbValue *value,
+ Record &record, CSSM_DB_OPERATOR op) const
+ {
+ const Attribute &attr = attribute(tokenContext, record);
+ uint32 numValues = attr.size();
+
+ /* If any of the values for this attribute match we have a match. */
+ for (uint32 ix = 0; ix < numValues; ++ix)
+ if (dynamic_cast<const T *>(value)->evaluate(static_cast<const T &>(attr[ix]), op))
+ return true;
+
+ return false;
+ }
+
+ bool evaluate(const DbValue *value1, const DbValue *value2,
+ CSSM_DB_OPERATOR op) const
+ {
+ return (dynamic_cast<const T *>(value1))->
+ evaluate(*dynamic_cast<const T *>(value2), op);
+ }
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_METAATTRIBUTE_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/MetaRecord.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/MetaRecord.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/MetaRecord.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,251 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MetaRecord.cpp
+ * TokendMuscle
+ */
+
+#include "MetaRecord.h"
+
+#include "Attribute.h"
+#include "KeyHandle.h"
+#include "MetaAttribute.h"
+#include "Record.h"
+#include <security_utilities/trackingallocator.h>
+#include <security_cdsa_utilities/cssmbridge.h>
+
+namespace Tokend
+{
+
+#pragma mark ---------------- MetaRecord methods --------------
+
+// Used for normal relations.
+MetaRecord::MetaRecord(RelationId inRelationId) : mRelationId(inRelationId),
+ mKeyHandleFactory(NULL)
+{
+ // Passing in a bogus attributeId for the attribute at index 0 (which is
+ // the data). It's not possible to look up the attribute by attributeId,
+ // nor should any coder rely on it's value.
+ mAttributeVector.push_back(MetaAttribute::create(*this, kAF_BLOB, 0,
+ 'data'));
+}
+
+MetaRecord::~MetaRecord()
+{
+ for_each_delete(mAttributeVector.begin(), mAttributeVector.end());
+}
+
+MetaAttribute &MetaRecord::createAttribute(const std::string &inAttributeName,
+ CSSM_DB_ATTRIBUTE_FORMAT inAttributeFormat)
+{
+ uint32 anAttributeId = mAttributeVector.size() - 1;
+ return createAttribute(&inAttributeName, NULL, anAttributeId,
+ inAttributeFormat);
+}
+
+MetaAttribute &MetaRecord::createAttribute(const string *inAttributeName,
+ const CssmOid *inAttributeOID, uint32 inAttributeID,
+ CSSM_DB_ATTRIBUTE_FORMAT inAttributeFormat)
+{
+ // Index of new element is current size of vector
+ uint32 anAttributeIndex = mAttributeVector.size();
+ bool aInsertedAttributeName = false;
+ bool aInsertedAttributeOID = false;
+ bool aInsertedAttributeID = false;
+
+ if (inAttributeName)
+ {
+ if (!mNameStringMap.insert(NameStringMap::value_type(*inAttributeName,
+ anAttributeIndex)).second)
+ CssmError::throwMe(CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE);
+ aInsertedAttributeName = true;
+ }
+ try
+ {
+ if (inAttributeOID)
+ {
+ if (!mNameOIDMap.insert(NameOIDMap::value_type(*inAttributeOID,
+ anAttributeIndex)).second)
+ CssmError::throwMe(CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE);
+ aInsertedAttributeOID = true;
+ }
+
+ if (!mNameIntMap.insert(NameIntMap::value_type(inAttributeID,
+ anAttributeIndex)).second)
+ CssmError::throwMe(CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE);
+ aInsertedAttributeID = true;
+
+ // Note: this no longer throws INVALID_FIELD_NAME since the attribute
+ // will always have an attribute ID by which it is known.
+ MetaAttribute *ma = MetaAttribute::create(*this, inAttributeFormat,
+ anAttributeIndex, inAttributeID);
+ mAttributeVector.push_back(ma);
+ return *ma;
+ }
+ catch (...)
+ {
+ if (aInsertedAttributeName)
+ mNameStringMap.erase(*inAttributeName);
+ if (aInsertedAttributeOID)
+ mNameOIDMap.erase(*inAttributeOID);
+ if (inAttributeID)
+ mNameIntMap.erase(inAttributeID);
+
+ throw;
+ }
+}
+
+// Return the index (0 though NumAttributes - 1) of the attribute
+// represented by inAttributeInfo
+
+uint32 MetaRecord::attributeIndex(
+ const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const
+{
+ uint32 anIndex;
+ switch (inAttributeInfo.AttributeNameFormat)
+ {
+ case CSSM_DB_ATTRIBUTE_NAME_AS_STRING:
+ {
+ string aName(inAttributeInfo.Label.AttributeName);
+ NameStringMap::const_iterator it = mNameStringMap.find(aName);
+ if (it == mNameStringMap.end())
+ CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME);
+
+ anIndex = it->second;
+ break;
+ }
+ case CSSM_DB_ATTRIBUTE_NAME_AS_OID:
+ {
+ const CssmOid &aName =
+ CssmOid::overlay(inAttributeInfo.Label.AttributeOID);
+ NameOIDMap::const_iterator it = mNameOIDMap.find(aName);
+ if (it == mNameOIDMap.end())
+ CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME);
+ anIndex = it->second;
+ break;
+ }
+ case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER:
+ {
+ uint32 aName = inAttributeInfo.Label.AttributeID;
+ NameIntMap::const_iterator it = mNameIntMap.find(aName);
+ if (it == mNameIntMap.end())
+ CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME);
+ anIndex = it->second;
+ break;
+ }
+ default:
+ CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME);
+ break;
+ }
+
+ return anIndex;
+}
+
+const MetaAttribute &MetaRecord::metaAttribute(
+ const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const
+{
+ return *mAttributeVector[attributeIndex(inAttributeInfo)];
+}
+
+const MetaAttribute &MetaRecord::metaAttribute(uint32 name) const
+{
+ NameIntMap::const_iterator it = mNameIntMap.find(name);
+ if (it == mNameIntMap.end())
+ CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME);
+
+ return *mAttributeVector[it->second];
+}
+
+const MetaAttribute &MetaRecord::metaAttribute(const std::string &name) const
+{
+ NameStringMap::const_iterator it = mNameStringMap.find(name);
+ if (it == mNameStringMap.end())
+ CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME);
+
+ return *mAttributeVector[it->second];
+}
+
+const MetaAttribute &MetaRecord::metaAttributeForData() const
+{
+ return *mAttributeVector[0];
+}
+
+void MetaRecord::attributeCoder(uint32 name, AttributeCoder *coder)
+{
+ const_cast<MetaAttribute &>(metaAttribute(name)).attributeCoder(coder);
+}
+
+void MetaRecord::attributeCoder(const std::string &name, AttributeCoder *coder)
+{
+ const_cast<MetaAttribute &>(metaAttribute(name)).attributeCoder(coder);
+}
+
+void MetaRecord::attributeCoderForData(AttributeCoder *coder)
+{
+ const_cast<MetaAttribute &>(metaAttributeForData()).attributeCoder(coder);
+}
+
+void
+MetaRecord::get(TokenContext *tokenContext, Record &record,
+ TOKEND_RETURN_DATA &data) const
+{
+ if (data.attributes)
+ {
+ // Fetch the requested attributes.
+ CSSM_DB_RECORD_ATTRIBUTE_DATA &drad = *data.attributes;
+ drad.DataRecordType = mRelationId;
+ drad.SemanticInformation = 0;
+ for (uint32 ix = 0; ix < drad.NumberOfAttributes; ++ix)
+ {
+ CSSM_DB_ATTRIBUTE_DATA &dad = drad.AttributeData[ix];
+ const MetaAttribute &ma = metaAttribute(dad.Info);
+ dad.Info.AttributeFormat = ma.attributeFormat();
+ const Attribute &attr = ma.attribute(tokenContext, record);
+ dad.NumberOfValues = attr.size();
+ dad.Value = const_cast<CSSM_DATA_PTR>(attr.values());
+ }
+ }
+
+ if (data.data)
+ {
+ // Fetch the data.
+ const MetaAttribute &ma = metaAttributeForData();
+ const Attribute &attr = ma.attribute(tokenContext, record);
+ if (attr.size() != 1)
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+
+ (*data.data) = attr.values()[0];
+ if (mKeyHandleFactory)
+ {
+ KeyHandle *keyHandle = mKeyHandleFactory->keyHandle(tokenContext,
+ *this, record);
+ data.keyhandle = keyHandle ? keyHandle->handle() : 0;
+ }
+ else
+ data.keyhandle = 0;
+ }
+}
+
+
+} // end namespace Tokend
Added: releases/Apple/OSX-10.6.7/Tokend/MetaRecord.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/MetaRecord.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/MetaRecord.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * MetaRecord.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_METARECORD_H_
+#define _TOKEND_METARECORD_H_
+
+#include <security_cdsa_utilities/cssmdata.h>
+#include <map>
+#include <string>
+#include <vector>
+#include <SecurityTokend/SecTokend.h>
+
+namespace Tokend
+{
+
+// Shorter names for some long cssm constants
+enum
+{
+ kAF_STRING = CSSM_DB_ATTRIBUTE_FORMAT_STRING,
+ kAF_SINT32 = CSSM_DB_ATTRIBUTE_FORMAT_SINT32,
+ kAF_UINT32 = CSSM_DB_ATTRIBUTE_FORMAT_UINT32,
+ kAF_BIG_NUM = CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM,
+ kAF_REAL = CSSM_DB_ATTRIBUTE_FORMAT_REAL,
+ kAF_TIME_DATE = CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE,
+ kAF_BLOB = CSSM_DB_ATTRIBUTE_FORMAT_BLOB,
+ kAF_MULTI_UINT32 = CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32,
+ kAF_COMPLEX = CSSM_DB_ATTRIBUTE_FORMAT_COMPLEX
+};
+
+typedef CSSM_DB_RECORDTYPE RelationId;
+
+
+class AttributeCoder;
+class KeyHandleFactory;
+class MetaAttribute;
+class Record;
+class TokenContext;
+//
+// Meta (or Schema) representation of an a Record. Used for packing and
+// unpacking objects.
+//
+
+class MetaRecord
+{
+ NOCOPY(MetaRecord)
+public:
+ // Used for normal relations
+ // dataCoder is the coder which will be used for the "data" value
+ // (metaAttributeForData() returns a metaAttribute using this coder.
+ MetaRecord(RelationId inRelationId);
+
+ ~MetaRecord();
+
+ MetaAttribute &createAttribute(const std::string &inAttributeName,
+ CSSM_DB_ATTRIBUTE_FORMAT inAttributeFormat);
+ MetaAttribute &createAttribute(const std::string *inAttributeName,
+ const CssmOid *inAttributeOID,
+ uint32 inAttributeID,
+ CSSM_DB_ATTRIBUTE_FORMAT inAttributeFormat);
+
+ const MetaAttribute &metaAttribute(
+ const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const;
+ const MetaAttribute &metaAttribute(uint32 name) const;
+ const MetaAttribute &metaAttribute(
+ const std::string &name) const;
+ const MetaAttribute &metaAttributeForData() const;
+
+ void attributeCoder(uint32 name, AttributeCoder *coder);
+ void attributeCoder(const std::string &name, AttributeCoder *coder);
+ void attributeCoderForData(AttributeCoder *coder);
+
+ RelationId relationId() const { return mRelationId; }
+
+ // Return the index (0 though NumAttributes - 1) of the attribute
+ // represented by inAttributeInfo
+ uint32 attributeIndex(const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const;
+
+ void get(TokenContext *tokenContext, Record &record,
+ TOKEND_RETURN_DATA &data) const;
+
+ void keyHandleFactory(KeyHandleFactory *keyHandleFactory)
+ { mKeyHandleFactory = keyHandleFactory; }
+private:
+
+ //friend class MetaAttribute;
+
+ RelationId mRelationId;
+
+ typedef std::map<std::string, uint32> NameStringMap;
+ typedef std::map<CssmBuffer<CssmOidContainer>, uint32> NameOIDMap;
+ typedef std::map<uint32, uint32> NameIntMap;
+
+ NameStringMap mNameStringMap;
+ NameOIDMap mNameOIDMap;
+ NameIntMap mNameIntMap;
+
+ typedef std::vector<MetaAttribute *> AttributeVector;
+ typedef AttributeVector::iterator AttributeIterator;
+ typedef AttributeVector::const_iterator ConstAttributeIterator;
+ AttributeVector mAttributeVector;
+ KeyHandleFactory *mKeyHandleFactory;
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_METARECORD_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/PKCS11Object.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/PKCS11Object.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/PKCS11Object.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,208 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PKCS11Object.cpp
+ * TokendMuscle
+ */
+
+#include "PKCS11Object.h"
+
+#include <security_utilities/debugging.h>
+#include <security_cdsa_utilities/cssmerrors.h>
+#include <Security/cssmerr.h>
+
+#if defined(DEBUGDUMP)
+#include "cryptoki.h"
+#include "pkcs11.h"
+#endif /* !defined(DEBUGDUMP) */
+
+namespace Tokend
+{
+
+PKCS11Object::PKCS11Object(const void *inData, size_t inSize)
+{
+ const PKCS11ObjectHeader *object =
+ reinterpret_cast<const PKCS11ObjectHeader *>(inData);
+ if (inSize < sizeof(PKCS11ObjectHeader) || !object
+ || inSize < (object->size() + sizeof(PKCS11ObjectHeader)))
+ CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
+
+ size_t objectSize = object->size();
+ const uint8_t *data = object->data();
+ for (size_t bytesRead = 0; bytesRead < objectSize;)
+ {
+ const PKCS11Attribute *attribute =
+ reinterpret_cast<const PKCS11Attribute *>(&data[bytesRead]);
+ IFDUMPING("pkcs11", debugDump(*attribute));
+ mAttributeMap.insert(pair<uint32_t,
+ const PKCS11Attribute *>(attribute->attributeId(), attribute));
+ bytesRead += sizeof(PKCS11Attribute) + attribute->size();
+ }
+}
+
+const PKCS11Object::PKCS11Attribute *
+PKCS11Object::attribute(uint32_t attributeId) const
+{
+ AttributeMap::const_iterator it = mAttributeMap.find(attributeId);
+ if (it == mAttributeMap.end())
+ {
+ secdebug("pkcs11", "pkcs11 attribute: %08X not found", attributeId);
+ return NULL;
+ }
+
+ secdebug("pkcs11-d", "accessing pkcs11 attribute: %08X size: %lu",
+ attributeId, it->second->size());
+ return it->second;
+}
+
+bool PKCS11Object::attributeValueAsBool(uint32_t attributeId) const
+{
+ const PKCS11Attribute *attr = attribute(attributeId);
+ if (!attr)
+ return false;
+
+ if (attr->size() != 1)
+ {
+ secdebug("pkcs11",
+ "attributeValueAsBool: pkcs11 attribute: %08X size: %lu",
+ attributeId, attr->size());
+ CssmError::throwMe(CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT);
+ }
+
+ return *attr->data() != 0;
+}
+
+uint32_t PKCS11Object::attributeValueAsUint32(uint32_t attributeId) const
+{
+ const PKCS11Attribute *attr = attribute(attributeId);
+ if (!attr)
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+
+ if (attr->size() != 4)
+ {
+ secdebug("pkcs11",
+ "attributeValueAsUint32: pkcs11 attribute: %08X size: %lu",
+ attributeId, attr->size());
+ CssmError::throwMe(CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT);
+ }
+
+ const uint8_t *data = attr->data();
+ return (data[0] << 24) + (data[1] << 16) + (data[2] << 8) + data[3];
+}
+
+void PKCS11Object::attributeValueAsData(uint32_t attributeId,
+ const uint8_t *&data, size_t &size) const
+{
+ const PKCS11Attribute *attr = attribute(attributeId);
+ if (!attr)
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+
+ size = attr->size();
+ data = attr->data();
+}
+
+#if defined(DEBUGDUMP)
+void PKCS11Object::debugDump(const PKCS11Attribute &attribute)
+{
+ Debug::dump("found pkcs11 attribute: %s size: %lu ",
+ attributeName(attribute.attributeId()), attribute.size());
+ Debug::dumpData(attribute.data(), attribute.size());
+ Debug::dump("\n");
+}
+
+const char *PKCS11Object::attributeName(uint32_t attributeId)
+{
+ static char buffer[20];
+
+ switch (attributeId)
+ {
+ case CKA_CLASS: return "CLASS";
+ case CKA_TOKEN: return "TOKEN";
+ case CKA_PRIVATE: return "PRIVATE";
+ case CKA_LABEL: return "LABEL";
+ case CKA_APPLICATION: return "APPLICATION";
+ case CKA_VALUE: return "VALUE";
+ case CKA_OBJECT_ID: return "OBJECT_ID";
+ case CKA_CERTIFICATE_TYPE: return "CERTIFICATE_TYPE";
+ case CKA_ISSUER: return "ISSUER";
+ case CKA_SERIAL_NUMBER: return "SERIAL_NUMBER";
+ case CKA_AC_ISSUER: return "AC_ISSUER";
+ case CKA_OWNER: return "OWNER";
+ case CKA_ATTR_TYPES: return "ATTR_TYPES";
+ case CKA_TRUSTED: return "TRUSTED";
+ case CKA_KEY_TYPE: return "KEY_TYPE";
+ case CKA_SUBJECT: return "SUBJECT";
+ case CKA_ID: return "ID";
+ case CKA_SENSITIVE: return "SENSITIVE";
+ case CKA_ENCRYPT: return "ENCRYPT";
+ case CKA_DECRYPT: return "DECRYPT";
+ case CKA_WRAP: return "WRAP";
+ case CKA_UNWRAP: return "UNWRAP";
+ case CKA_SIGN: return "SIGN";
+ case CKA_SIGN_RECOVER: return "SIGN_RECOVER";
+ case CKA_VERIFY: return "VERIFY";
+ case CKA_VERIFY_RECOVER: return "VERIFY_RECOVER";
+ case CKA_DERIVE: return "DERIVE";
+ case CKA_START_DATE: return "START_DATE";
+ case CKA_END_DATE: return "END_DATE";
+ case CKA_MODULUS: return "MODULUS";
+ case CKA_MODULUS_BITS: return "MODULUS_BITS";
+ case CKA_PUBLIC_EXPONENT: return "PUBLIC_EXPONENT";
+ case CKA_PRIVATE_EXPONENT: return "PRIVATE_EXPONENT";
+ case CKA_PRIME_1: return "PRIME_1";
+ case CKA_PRIME_2: return "PRIME_2";
+ case CKA_EXPONENT_1: return "EXPONENT_1";
+ case CKA_EXPONENT_2: return "EXPONENT_2";
+ case CKA_COEFFICIENT: return "COEFFICIENT";
+ case CKA_PRIME: return "PRIME";
+ case CKA_SUBPRIME: return "SUBPRIME";
+ case CKA_BASE: return "BASE";
+ case CKA_PRIME_BITS: return "PRIME_BITS";
+ case CKA_SUB_PRIME_BITS: return "SUB_PRIME_BITS";
+ case CKA_VALUE_BITS: return "VALUE_BITS";
+ case CKA_VALUE_LEN: return "VALUE_LEN";
+ case CKA_EXTRACTABLE: return "EXTRACTABLE";
+ case CKA_LOCAL: return "LOCAL";
+ case CKA_NEVER_EXTRACTABLE: return "NEVER_EXTRACTABLE";
+ case CKA_ALWAYS_SENSITIVE: return "ALWAYS_SENSITIVE";
+ case CKA_KEY_GEN_MECHANISM: return "KEY_GEN_MECHANISM";
+ case CKA_MODIFIABLE: return "MODIFIABLE";
+ case CKA_EC_PARAMS: return "EC_PARAMS";
+ case CKA_EC_POINT: return "EC_POINT";
+ case CKA_SECONDARY_AUTH: return "SECONDARY_AUTH";
+ case CKA_AUTH_PIN_FLAGS: return "AUTH_PIN_FLAGS";
+ case CKA_HW_FEATURE_TYPE: return "HW_FEATURE_TYPE";
+ case CKA_RESET_ON_INIT: return "RESET_ON_INIT";
+ case CKA_HAS_RESET: return "HAS_RESET";
+ case CKA_VENDOR_DEFINED: return "VENDOR_DEFINED";
+ default:
+ snprintf(buffer, sizeof(buffer), "unknown(%0x08X)", attributeId);
+ return buffer;
+ }
+}
+#endif /* !defined(DEBUGDUMP) */
+
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/PKCS11Object.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/PKCS11Object.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/PKCS11Object.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * PKCS11Object.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_PKCS11OBJECT_H_
+#define _TOKEND_PKCS11OBJECT_H_
+
+#include <stdint.h>
+#include <map>
+#include <security_utilities/debugging.h>
+
+namespace Tokend
+{
+
+// This object doesn't copy it's data. It's assumed that the data will live at
+// least as long as this object does.
+class PKCS11Object
+{
+public:
+ PKCS11Object(const void *inData, size_t inSize);
+
+ bool attributeValueAsBool(uint32_t attributeId) const;
+ uint32_t attributeValueAsUint32(uint32_t attributeId) const;
+ void PKCS11Object::attributeValueAsData(uint32_t attributeId,
+ const uint8_t *&data, size_t &size) const;
+
+private:
+ struct PKCS11ObjectHeader
+ {
+ uint8_t oh_type;
+ uint8_t oh_id[2];
+ uint8_t oh_next_id[2];
+ uint8_t oa_size[2];
+ uint8_t oh_data[0];
+
+ size_t size() const { return (oa_size[0] << 8) + oa_size[1]; }
+ const uint8_t *data() const { return oh_data; }
+ };
+
+ struct PKCS11Attribute
+ {
+ uint8_t oa_id[4]; // big endian attribute type
+ uint8_t oa_size[2]; // big endian attribute length
+ uint8_t oa_data[0];
+
+ uint32_t attributeId() const { return (oa_id[0] << 24)
+ + (oa_id[1] << 16) + (oa_id[2] << 8) + oa_id[3]; }
+ size_t size() const { return (oa_size[0] << 8) + oa_size[1]; }
+ const uint8_t *data() const { return oa_data; }
+ };
+
+ const PKCS11Attribute *attribute(uint32_t attributeId) const;
+
+#if defined(DEBUGDUMP)
+ void debugDump(const PKCS11Attribute &attribute);
+ static const char *attributeName(uint32_t attributeId);
+#endif /* !defined(DEBUGDUMP) */
+
+ typedef std::map<uint32_t, const PKCS11Attribute *> AttributeMap;
+ AttributeMap mAttributeMap;
+};
+
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_PKCS11OBJECT_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/Record.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Record.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Record.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Record.cpp
+ * TokendMuscle
+ */
+
+#include "Record.h"
+
+#include <security_cdsa_client/aclclient.h>
+
+namespace Tokend
+{
+
+AutoAclOwnerPrototype Record::gNobodyAclOwner;
+AutoAclEntryInfoList Record::gAnyReadAclEntries;
+
+Record::Record()
+{
+}
+
+Record::~Record()
+{
+ for_each_delete(mAttributes.begin(), mAttributes.end());
+}
+
+bool
+Record::hasAttributeAtIndex(uint32 attributeIndex) const
+{
+ if (attributeIndex < mAttributes.size())
+ return mAttributes[attributeIndex] != NULL;
+
+ return false;
+}
+
+const Attribute &
+Record::attributeAtIndex(uint32 attributeIndex) const
+{
+ if (attributeIndex < mAttributes.size())
+ {
+ Attribute *attribute = mAttributes[attributeIndex];
+ if (attribute)
+ return *attribute;
+ }
+
+ CssmError::throwMe(CSSMERR_DL_INTERNAL_ERROR);
+}
+
+void Record::attributeAtIndex(uint32 attributeIndex, Attribute *attribute)
+{
+ auto_ptr<Attribute> _(attribute);
+ if (attributeIndex >= mAttributes.size())
+ mAttributes.resize(attributeIndex + 1);
+
+ if (mAttributes[attributeIndex] != NULL)
+ CssmError::throwMe(CSSMERR_DL_INTERNAL_ERROR);
+
+ mAttributes[attributeIndex] = _.release();
+}
+
+void Record::getOwner(AclOwnerPrototype &owner)
+{
+ // Normally nobody can change the acl of an object on a smartcard.
+ if (!gNobodyAclOwner)
+ {
+ Allocator &alloc = Allocator::standard();
+ gNobodyAclOwner.allocator(alloc);
+ gNobodyAclOwner = CssmClient::AclFactory::NobodySubject(alloc);
+ }
+ owner = gNobodyAclOwner;
+}
+
+void Record::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ // Normally anyone can read an object on a smartcard (subclasses might
+ // override this).
+ if (!gAnyReadAclEntries) {
+ gAnyReadAclEntries.allocator(Allocator::standard());
+ gAnyReadAclEntries.add(CssmClient::AclFactory::AnySubject(
+ gAnyReadAclEntries.allocator()),
+ AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
+ }
+ count = gAnyReadAclEntries.size();
+ acls = gAnyReadAclEntries.entries();
+}
+
+void Record::changeOwner(const AclOwnerPrototype &owner)
+{
+ // Default changeOwner on a record always fails.
+ CssmError::throwMe(CSSM_ERRCODE_OBJECT_MANIP_AUTH_DENIED);
+}
+
+void Record::changeAcl(const AccessCredentials &cred, const AclEdit &edit)
+{
+ // Default changeAcl on a record always fails.
+ CssmError::throwMe(CSSM_ERRCODE_OBJECT_MANIP_AUTH_DENIED);
+}
+
+const char *Record::description()
+{
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+}
+
+Attribute *Record::getDataAttribute(TokenContext *tokenContext)
+{
+ CssmError::throwMe(CSSMERR_DL_MISSING_VALUE);
+}
+
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/Record.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Record.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Record.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Record.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_RECORD_H_
+#define _TOKEND_RECORD_H_
+
+#include "AttributeCoder.h"
+#include "MetaRecord.h"
+#include "Attribute.h"
+#include <security_utilities/refcount.h>
+#include <security_utilities/adornments.h>
+#include <security_cdsa_utilities/cssmaclpod.h>
+#include <security_cdsa_utilities/cssmcred.h>
+#include <SecurityTokend/SecTokend.h>
+
+namespace Tokend
+{
+
+class Record : public RefCount, public Security::Adornable
+{
+ NOCOPY(Record)
+public:
+ Record();
+ virtual ~Record();
+
+ bool hasAttributeAtIndex(uint32 attributeIndex) const;
+ const Attribute &attributeAtIndex(uint32 attributeIndex) const;
+ void attributeAtIndex(uint32 attributeIndex, Attribute *attribute);
+
+ virtual void getOwner(AclOwnerPrototype &owner);
+ virtual void getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&aclList);
+ virtual void changeOwner(const AclOwnerPrototype &owner);
+ virtual void changeAcl(const AccessCredentials &cred, const AclEdit &edit);
+
+ virtual const char *description();
+ virtual Attribute *getDataAttribute(TokenContext *tokenContext);
+
+protected:
+ typedef std::vector<Attribute *> Attributes;
+ typedef Attributes::iterator AttributesIterator;
+ typedef Attributes::const_iterator ConstAttributesIterator;
+
+ Attributes mAttributes;
+
+ // temporary ACL cache hack - to be removed
+ static AutoAclOwnerPrototype gNobodyAclOwner;
+ static AutoAclEntryInfoList gAnyReadAclEntries;
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_RECORD_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/RecordHandle.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/RecordHandle.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/RecordHandle.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * RecordHandle.cpp
+ * TokendMuscle
+ */
+
+#include "RecordHandle.h"
+
+#include "MetaRecord.h"
+#include "Record.h"
+
+namespace Tokend
+{
+
+RecordHandle::RecordHandle(const MetaRecord &metaRecord,
+ const RefPointer<Record> &record) :
+ mMetaRecord(metaRecord), mRecord(record)
+{
+}
+
+RecordHandle::~RecordHandle()
+{
+}
+
+void RecordHandle::get(TokenContext *tokenContext, TOKEND_RETURN_DATA &data)
+{
+ mMetaRecord.get(tokenContext, *mRecord, data);
+ data.record = handle();
+}
+
+void RecordHandle::getOwner(AclOwnerPrototype &owner)
+{
+ mRecord->getOwner(owner);
+}
+
+void RecordHandle::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
+{
+ mRecord->getAcl(tag, count, acls);
+}
+
+void RecordHandle::changeOwner(const AclOwnerPrototype &owner)
+{
+ mRecord->changeOwner(owner);
+}
+
+void RecordHandle::changeAcl(const AccessCredentials &cred,
+ const AclEdit &edit)
+{
+ mRecord->changeAcl(cred, edit);
+}
+
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/RecordHandle.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/RecordHandle.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/RecordHandle.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * RecordHandle.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_RECORDHANDLE_H_
+#define _TOKEND_RECORDHANDLE_H_
+
+#include <security_cdsa_utilities/handleobject.h>
+#include <security_utilities/refcount.h>
+#include <security_cdsa_utilities/cssmaclpod.h>
+#include <security_cdsa_utilities/cssmcred.h>
+#include <SecurityTokend/SecTokend.h>
+
+namespace Tokend
+{
+
+class MetaRecord;
+class Record;
+class TokenContext;
+
+class RecordHandle: public HandleObject
+{
+ NOCOPY(RecordHandle)
+public:
+ RecordHandle(const MetaRecord &metaRecord,
+ const RefPointer<Record> &record);
+ virtual ~RecordHandle();
+ virtual void get(TokenContext *tokenContext, TOKEND_RETURN_DATA &data);
+
+ virtual void getOwner(AclOwnerPrototype &owner);
+ virtual void getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&aclList);
+ virtual void changeOwner(const AclOwnerPrototype &owner);
+ virtual void changeAcl(const AccessCredentials &cred, const AclEdit &edit);
+
+private:
+ const MetaRecord &mMetaRecord;
+ RefPointer<Record> mRecord;
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_RECORDHANDLE_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/Tokend/Relation.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Relation.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Relation.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Relation.cpp
+ * TokendMuscle
+ */
+
+#include "Relation.h"
+
+namespace Tokend
+{
+
+// @@@ need to distinguish between records that exist at db open time, and
+// those that are being added and must be written back to the card
+
+#pragma mark ---------------- Relation methods --------------
+
+Relation::~Relation()
+{
+ delete mMetaRecord;
+}
+
+void Relation::insertRecord(const RefPointer<Record> &record)
+{
+ push_back(record);
+}
+
+bool Relation::matchesId(RelationId inRelationId) const
+{
+ RelationId anId = mMetaRecord->relationId();
+ if (inRelationId == CSSM_DL_DB_RECORD_ANY) // All non schema tables.
+ return !(CSSM_DB_RECORDTYPE_SCHEMA_START <= anId
+ && anId < CSSM_DB_RECORDTYPE_SCHEMA_END);
+
+ if (inRelationId == CSSM_DL_DB_RECORD_ALL_KEYS) // All key tables.
+ return (anId == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || anId == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || anId == CSSM_DL_DB_RECORD_SYMMETRIC_KEY);
+
+ return inRelationId == anId; // Only if exact match.
+}
+
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/Relation.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Relation.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Relation.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Relation.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_RELATION_H_
+#define _TOKEND_RELATION_H_
+
+#include "Record.h"
+#include <vector>
+
+namespace Tokend
+{
+
+class MetaRecord;
+class Record;
+
+class Relation : public std::vector< RefPointer<Record> >
+{
+ NOCOPY(Relation)
+public:
+ Relation(MetaRecord *metaRecord) : mMetaRecord(metaRecord) { }
+ ~Relation();
+
+ const MetaRecord &metaRecord() const { return *mMetaRecord; }
+ MetaRecord &metaRecord() { return *mMetaRecord; }
+
+ void insertRecord(const RefPointer<Record> &record);
+ bool matchesId(RelationId inRelationId) const;
+
+protected:
+ MetaRecord *mMetaRecord;
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_RELATION_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/Tokend/SCardError.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/SCardError.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/SCardError.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,441 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * SCardError.cpp
+ * TokendMuscle
+ */
+
+#include "SCardError.h"
+
+#include <Security/cssmerr.h>
+
+namespace Tokend
+{
+
+/*
+Excerpt from ISO/IEC 7816 part 3:
+
+Status bytes (SW1=$6x or $9x, expect $60; SW2 any value)
+--------------------------------------------------------
+The end sequence SW1-SW2 gives the card status at the end of the command.
+
+The normal ending is indicated by SW1-SW2 = $90-$00.
+
+When the most significant half byte SW1 is $6, the meaning of SW1 is
+independant of the application. The following five values are defined:
+
+$6E The card does not support the instruction class.
+$6D The instruction code is not programmed or is invalid.
+$6B The reference is incorrect.
+$67 The length is incorrect.
+$6F No precise diagnostic is given.
+
+Other values are reserved for future use by ISO7816. When SW1 is neither $6E
+nor $6D, the card support the instruction. This part of ISO7816 does not
+interprets neither $9X SW1 bytes, nor SW2
+bytes; Their meaning relates to the application itself.
+
+Supplement (were seen sometimes):
+---------------------------------
+SW1 SW2 Meaning
+
+62 81 Returned data may be corrupted.
+62 82 The end of the file has been reached before the end of reading.
+62 84 Selected file is not valid.
+65 01 Memory failure. There have been problems in writing or reading
+the EEPROM. Other hardware problems may also bring this error.
+68 00 The request function is not supported by the card.
+6A 00 Bytes P1 and/or P2 are incorrect.
+6A 80 The parameters in the data field are incorrect.
+6A 82 File not found.
+6A 83 Record not found.
+6A 84 There is insufficient memory space in record or file.
+6A 87 The P3 value is not consistent with the P1 and P2 values.
+6A 88 Referenced data not found.
+6C XX Incorrect P3 length.
+
+
+Excerpt from ISO/IEC 7816 part 4:
+
+Due to specifications in part 3 of ISO/IEC 7816, this part does not define the
+following values of SW1-SW2 :
+
+'60XX'
+'67XX', '6BXX', '6DXX', '6EXX', '6FXX'; in each case if 'XX'!='00'
+'9XXX', if 'XXX'!='000'
+The following values of SW1-SW2 are defined whichever protocol is used (see
+examples in annex A).
+
+If a command is aborted with a response where SW1='6C', then SW2 indicates the
+value to be given to the short Le field (exact length of requested data) when
+re-issuing the same command before issuing any other command.
+If a command (which may be of case 2 or 4, see table 4 and figure 4) is
+processed with a response where SW1='61', then SW2 indicates the maximum value
+to be given to the short Le field (length of extra data still available) in
+a GET RESPONSE command issued before issuing any other command.
+NOTE - A functionality similar to that offered by '61XX' may be offered at
+application level by '9FXX'. However, applications may use '9FXX' for other
+purposes.
+
+Table 12 completed by tables 13 to 18 shows the general meanings of the values
+of SW1-SW2 defined in this part of ISO/IEC 7816. For each command, an
+appropriate clause provides more detailed meanings.
+
+Tables 13 to 18 specify values of SW2 when SW1 is valued to '62', '63', '65',
+'68', '69' and '6A'. The values of SW2 not defined in tables 13 to 18 are RFU,
+except the values from 'F0' to 'FF' which are not defined in this part of
+ISO/IEC 7816.
+
+
+Table 12 - Coding of SW1-SW2
+
+SW1-SW2 Meaning
+Normal processing
+'9000' No further qualification
+'61XX' SW2 indicates the number of response bytes still available
+(see text below)
+Warning processings
+'62XX' State of non-volatile memory unchanged (further qualification in SW2,
+see table 13)
+'63XX' State of non-volatile memory changed (further qualification in SW2,
+see table 14)
+Execution errors
+'64XX' State of non-volatile memory unchanged (SW2='00', other values are RFU)
+'65XX' State of non-volatile memory changed (further qualification in SW2,
+see table 15)
+'66XX' Reserved for security-related issues (not defined in this part of
+ISO/IEC 7816)
+Checking errors
+'6700' Wrong length
+'68XX' Functions in CLA not supported (further qualification in SW2, see
+table 16)
+'69XX' Command not allowed (further qualification in SW2, see table 17)
+'6AXX' Wrong parameter(s) P1-P2 (further qualification in SW2, see table 18)
+'6B00' Wrong parameter(s) P1-P2
+'6CXX' Wrong length Le: SW2 indicates the exact length (see text below)
+'6D00' Instruction code not supported or invalid
+'6E00' Class not supported
+'6F00' No precise diagnosis
+
+Table 13 - Coding of SW2 when SW1='62'
+
+SW2 Meaning
+'00' No information given
+'81' Part of returned data may be corrupted
+'82' End of file/record reached before reading Le bytes
+'83' Selected file invalidated
+'84' FCI not formatted according to 1.1.5
+
+Table 14 - Coding of SW2 when SW1='63'
+
+SW2 Meaning
+'00' No information given
+'81' File filled up by the last write
+'CX' Counter provided by 'X' (valued from 0 to 15) (exact meaning depending
+on the command)
+
+Table 15 - Coding of SW2 when SW1='65'
+
+SW2 Meaning
+'00' No information given
+'81' Memory failure
+
+Table 16 - Coding of SW2 when SW1='68'
+
+SW2 Meaning
+'00' No information given
+'81' Logical channel not supported
+'82' Secure messaging not supported
+
+Table 17 - Coding of SW2 when SW1='69'
+
+SW2 Meaning
+'00' No information given
+'81' Command incompatible with file structure
+'82' Security status not satisfied
+'83' Authentication method blocked
+'84' Referenced data invalidated
+'85' Conditions of use not satisfied
+'86' Command not allowed (no current EF)
+'87' Expected SM data objects missing
+'88' SM data objects incorrect
+
+Table 18 - Coding of SW2 when SW1='6A'
+
+SW2 Meaning
+'00' No information given
+'80' Incorrect parameters in the data field
+'81' Function not supported
+'82' File not found
+'83' Record not found
+'84' Not enough memory space in the file
+'85' Lc inconsistent with TLV structure
+'86' Incorrect parameters P1-P2
+'87' Lc inconsistent with P1-P2
+'88' Referenced data not found
+
+*/
+
+//
+// SCardError exceptions
+//
+SCardError::SCardError(uint16_t sw) : statusWord(sw)
+{
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+ IFDEBUG(debugDiagnose(this));
+#else
+ SECURITY_EXCEPTION_THROW_OTHER(this, sw, (char *)"SCard");
+#endif
+}
+
+const char *SCardError::what() const throw ()
+{ return "SCardError"; }
+
+OSStatus SCardError::osStatus() const
+{
+ switch (statusWord)
+ {
+ case SCARD_SUCCESS:
+ return 0;
+
+ case SCARD_FILE_FILLED:
+ case SCARD_MEMORY_FAILURE:
+ case SCARD_NO_MEMORY_LEFT:
+ return CSSM_ERRCODE_MEMORY_ERROR;
+
+ case SCARD_AUTHENTICATION_FAILED:
+ case SCARD_AUTHENTICATION_FAILED_0:
+ case SCARD_AUTHENTICATION_FAILED_1:
+ case SCARD_AUTHENTICATION_FAILED_2:
+ case SCARD_AUTHENTICATION_FAILED_3:
+ case SCARD_AUTHENTICATION_FAILED_4:
+ case SCARD_AUTHENTICATION_FAILED_5:
+ case SCARD_AUTHENTICATION_FAILED_6:
+ case SCARD_AUTHENTICATION_FAILED_7:
+ case SCARD_AUTHENTICATION_FAILED_8:
+ case SCARD_AUTHENTICATION_FAILED_9:
+ case SCARD_AUTHENTICATION_FAILED_10:
+ case SCARD_AUTHENTICATION_FAILED_11:
+ case SCARD_AUTHENTICATION_FAILED_12:
+ case SCARD_AUTHENTICATION_FAILED_13:
+ case SCARD_AUTHENTICATION_FAILED_14:
+ case SCARD_AUTHENTICATION_FAILED_15:
+ case SCARD_AUTHENTICATION_BLOCKED:
+ return CSSM_ERRCODE_OPERATION_AUTH_DENIED;
+
+ case SCARD_COMMAND_NOT_ALLOWED:
+ case SCARD_NOT_AUTHORIZED:
+ case SCARD_USE_CONDITIONS_NOT_MET:
+ return CSSM_ERRCODE_OBJECT_USE_AUTH_DENIED;
+
+ case SCARD_FUNCTION_NOT_SUPPORTED:
+ case SCARD_INSTRUCTION_CODE_INVALID:
+ return CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED;
+
+ case SCARD_FILE_NOT_FOUND:
+ case SCARD_RECORD_NOT_FOUND:
+ return CSSMERR_DL_RECORD_NOT_FOUND;
+
+ case SCARD_BYTES_LEFT_IN_SW2:
+ case SCARD_EXECUTION_WARNING:
+ case SCARD_RETURNED_DATA_CORRUPTED:
+ case SCARD_END_OF_FILE_REACHED:
+ case SCARD_FILE_INVALIDATED:
+ case SCARD_FCI_INVALID:
+ case SCARD_EXECUTION_ERROR:
+ case SCARD_CHANGED_ERROR:
+ case SCARD_LENGTH_INCORRECT:
+ case SCARD_CLA_UNSUPPORTED:
+ case SCARD_LOGICAL_CHANNEL_UNSUPPORTED:
+ case SCARD_SECURE_MESSAGING_UNSUPPORTED:
+ case SCARD_COMMAND_INCOMPATIBLE:
+ case SCARD_REFERENCED_DATA_INVALIDATED:
+ case SCARD_NO_CURRENT_EF:
+ case SCARD_SM_DATA_OBJECTS_MISSING:
+ case SCARD_SM_DATA_NOT_ALLOWED:
+ case SCARD_WRONG_PARAMETER:
+ case SCARD_DATA_INCORRECT:
+ case SCARD_LC_INCONSISTENT_TLV:
+ case SCARD_INCORRECT_P1_P2:
+ case SCARD_LC_INCONSISTENT_P1_P2:
+ case SCARD_REFERENCED_DATA_NOT_FOUND:
+ case SCARD_WRONG_PARAMETER_P1_P2:
+ case SCARD_LE_IN_SW2:
+ case SCARD_INSTRUCTION_CLASS_UNSUPPORTED:
+ case SCARD_UNSPECIFIED_ERROR:
+ default:
+ return CSSM_ERRCODE_INTERNAL_ERROR;
+ }
+}
+
+int SCardError::unixError() const
+{
+ switch (statusWord)
+ {
+ default:
+ // cannot map this to errno space
+ return -1;
+ }
+}
+
+void SCardError::throwMe(uint16_t sw)
+{ throw SCardError(sw); }
+
+#if !defined(NDEBUG)
+
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
+void SCardError::debugDiagnose(const void *id) const
+{
+ secdebug("exception", "%p Error %s (%04hX)",
+ id, errorstr(statusWord), statusWord);
+}
+
+#endif // MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+
+const char *SCardError::errorstr(uint16_t sw)
+{
+ switch (sw)
+ {
+ case SCARD_SUCCESS:
+ return "Success";
+ case SCARD_BYTES_LEFT_IN_SW2:
+ return "SW2 indicates the number of response bytes still available";
+ case SCARD_EXECUTION_WARNING:
+ return "Execution warning, state of non-volatile memory unchanged";
+ case SCARD_RETURNED_DATA_CORRUPTED:
+ return "Part of returned data may be corrupted.";
+ case SCARD_END_OF_FILE_REACHED:
+ return "End of file/record reached before reading Le bytes.";
+ case SCARD_FILE_INVALIDATED:
+ return "Selected file invalidated.";
+ case SCARD_FCI_INVALID:
+ return "FCI not formatted according to 1.1.5.";
+ case SCARD_AUTHENTICATION_FAILED:
+ return "Authentication failed.";
+ case SCARD_FILE_FILLED:
+ return "File filled up by the last write.";
+ case SCARD_AUTHENTICATION_FAILED_0:
+ return "Authentication failed, 0 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_1:
+ return "Authentication failed, 1 retry left.";
+ case SCARD_AUTHENTICATION_FAILED_2:
+ return "Authentication failed, 2 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_3:
+ return "Authentication failed, 3 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_4:
+ return "Authentication failed, 4 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_5:
+ return "Authentication failed, 5 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_6:
+ return "Authentication failed, 6 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_7:
+ return "Authentication failed, 7 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_8:
+ return "Authentication failed, 8 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_9:
+ return "Authentication failed, 9 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_10:
+ return "Authentication failed, 10 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_11:
+ return "Authentication failed, 11 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_12:
+ return "Authentication failed, 12 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_13:
+ return "Authentication failed, 13 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_14:
+ return "Authentication failed, 14 retries left.";
+ case SCARD_AUTHENTICATION_FAILED_15:
+ return "Authentication failed, 15 retries left.";
+ case SCARD_EXECUTION_ERROR:
+ return "Execution error, state of non-volatile memory unchanged.";
+ case SCARD_CHANGED_ERROR:
+ return "Execution error, state of non-volatile memory changed.";
+ case SCARD_MEMORY_FAILURE:
+ return "Memory failure.";
+ case SCARD_LENGTH_INCORRECT:
+ return "The length is incorrect.";
+ case SCARD_CLA_UNSUPPORTED:
+ return "Functions in CLA not supported.";
+ case SCARD_LOGICAL_CHANNEL_UNSUPPORTED:
+ return "Logical channel not supported.";
+ case SCARD_SECURE_MESSAGING_UNSUPPORTED:
+ return "Secure messaging not supported.";
+ case SCARD_COMMAND_NOT_ALLOWED:
+ return "Command not allowed.";
+ case SCARD_COMMAND_INCOMPATIBLE:
+ return "Command incompatible with file structure.";
+ case SCARD_NOT_AUTHORIZED:
+ return "Security status not satisfied.";
+ case SCARD_AUTHENTICATION_BLOCKED:
+ return "Authentication method blocked.";
+ case SCARD_REFERENCED_DATA_INVALIDATED:
+ return "Referenced data invalidated.";
+ case SCARD_USE_CONDITIONS_NOT_MET:
+ return "Conditions of use not satisfied.";
+ case SCARD_NO_CURRENT_EF:
+ return "Command not allowed (no current EF).";
+ case SCARD_SM_DATA_OBJECTS_MISSING:
+ return "Expected SM data objects missing.";
+ case SCARD_SM_DATA_NOT_ALLOWED:
+ return "SM data objects incorrect.";
+ case SCARD_WRONG_PARAMETER:
+ return "Wrong parameter.";
+ case SCARD_DATA_INCORRECT:
+ return "Incorrect parameters in the data field.";
+ case SCARD_FUNCTION_NOT_SUPPORTED:
+ return "Function not supported.";
+ case SCARD_FILE_NOT_FOUND:
+ return "File not found.";
+ case SCARD_RECORD_NOT_FOUND:
+ return "Record not found.";
+ case SCARD_NO_MEMORY_LEFT:
+ return "Not enough memory space in the file.";
+ case SCARD_LC_INCONSISTENT_TLV:
+ return "Lc inconsistent with TLV structure.";
+ case SCARD_INCORRECT_P1_P2:
+ return "Incorrect parameters P1-P2.";
+ case SCARD_LC_INCONSISTENT_P1_P2:
+ return "Lc inconsistent with P1-P2.";
+ case SCARD_REFERENCED_DATA_NOT_FOUND:
+ return "Referenced data not found.";
+ case SCARD_WRONG_PARAMETER_P1_P2:
+ return "Wrong parameter(s) P1-P2.";
+ case SCARD_LE_IN_SW2:
+ return "Wrong length Le: SW2 indicates the exact length";
+ case SCARD_INSTRUCTION_CODE_INVALID:
+ return "The instruction code is not programmed or is invalid.";
+ case SCARD_INSTRUCTION_CLASS_UNSUPPORTED:
+ return "The card does not support the instruction class.";
+ case SCARD_UNSPECIFIED_ERROR:
+ return "No precise diagnostic is given.";
+ default:
+ return "Unknown error";
+ }
+}
+
+#endif //NDEBUG
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/SCardError.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/SCardError.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/SCardError.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,273 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * SCardError.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_SCARDERROR_H_
+#define _TOKEND_SCARDERROR_H_
+
+#include <security_utilities/debugging.h>
+#include <security_utilities/errors.h>
+
+
+/* ISO/IEC 7816 part 3 and 4 error codes. */
+
+/** success */
+#define SCARD_SUCCESS 0x9000
+
+
+/* '61XX' SW2 indicates the number of response bytes still available. */
+#define SCARD_BYTES_LEFT_IN_SW2 0x6100
+
+
+/* '62XX' Warning processings - State of non-volatile memory unchanged. */
+
+/** Execution warning, state of non-volatile memory unchanged */
+#define SCARD_EXECUTION_WARNING 0x6200
+
+/** Part of returned data may be corrupted. */
+#define SCARD_RETURNED_DATA_CORRUPTED 0x6281
+
+/** End of file/record reached before reading Le bytes. */
+#define SCARD_END_OF_FILE_REACHED 0x6282
+
+/** Selected file invalidated. */
+#define SCARD_FILE_INVALIDATED 0x6283
+
+/** FCI not formatted according to 1.1.5. */
+#define SCARD_FCI_INVALID 0x6284
+
+
+/* '62XX' Warning processings - State of non-volatile memory changed. */
+
+/** Authentication failed. */
+#define SCARD_AUTHENTICATION_FAILED 0x6300
+
+/** File filled up by the last write. */
+#define SCARD_FILE_FILLED 0x6381
+
+/** Authentication failed, 0 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_0 0x63C0
+
+/** Authentication failed, 1 retry left. */
+#define SCARD_AUTHENTICATION_FAILED_1 0x63C1
+
+/** Authentication failed, 2 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_2 0x63C2
+
+/** Authentication failed, 3 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_3 0x63C3
+
+/** Authentication failed, 4 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_4 0x63C4
+
+/** Authentication failed, 5 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_5 0x63C5
+
+/** Authentication failed, 6 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_6 0x63C6
+
+/** Authentication failed, 7 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_7 0x63C7
+
+/** Authentication failed, 8 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_8 0x63C8
+
+/** Authentication failed, 9 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_9 0x63C9
+
+/** Authentication failed, 10 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_10 0x63CA
+
+/** Authentication failed, 11 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_11 0x63CB
+
+/** Authentication failed, 12 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_12 0x63CC
+
+/** Authentication failed, 13 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_13 0x63CD
+
+/** Authentication failed, 14 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_14 0x63CE
+
+/** Authentication failed, 15 retries left. */
+#define SCARD_AUTHENTICATION_FAILED_15 0x63CF
+
+
+/* '64XX' Execution errors - State of non-volatile memory unchanged. */
+
+/** Execution error, state of non-volatile memory unchanged. */
+#define SCARD_EXECUTION_ERROR 0x6400
+
+
+/* '65XX' Execution errors - State of non-volatile memory changed. */
+
+/** Execution error, state of non-volatile memory changed. */
+#define SCARD_CHANGED_ERROR 0x6500
+
+/** Memory failure. */
+#define SCARD_MEMORY_FAILURE 0x6581
+
+
+/* '66XX' Reserved for security-related issues. */
+
+/* '6700' Wrong length. */
+
+/** The length is incorrect. */
+#define SCARD_LENGTH_INCORRECT 0x6700
+
+
+/* '68XX' Functions in CLA not supported. */
+
+/** No information given. */
+#define SCARD_CLA_UNSUPPORTED 0x6800
+
+/** Logical channel not supported. */
+#define SCARD_LOGICAL_CHANNEL_UNSUPPORTED 0x6881
+
+/** Secure messaging not supported. */
+#define SCARD_SECURE_MESSAGING_UNSUPPORTED 0x6882
+
+
+/* '69XX' Command not allowed. */
+
+/** Command not allowed. */
+#define SCARD_COMMAND_NOT_ALLOWED 0x6900
+
+/** Command incompatible with file structure. */
+#define SCARD_COMMAND_INCOMPATIBLE 0x6981
+
+/** Security status not satisfied. */
+#define SCARD_NOT_AUTHORIZED 0x6982
+
+/** Authentication method blocked. */
+#define SCARD_AUTHENTICATION_BLOCKED 0x6983
+
+/** Referenced data invalidated. */
+#define SCARD_REFERENCED_DATA_INVALIDATED 0x6984
+
+/** Conditions of use not satisfied. */
+#define SCARD_USE_CONDITIONS_NOT_MET 0x6985
+
+/** Command not allowed (no current EF). */
+#define SCARD_NO_CURRENT_EF 0x6986
+
+/** Expected SM data objects missing. */
+#define SCARD_SM_DATA_OBJECTS_MISSING 0x6987
+
+/** SM data objects incorrect. */
+#define SCARD_SM_DATA_NOT_ALLOWED 0x6988
+
+
+/* '6AXX' Wrong parameter(s) P1-P2. */
+
+/** Wrong parameter. */
+#define SCARD_WRONG_PARAMETER 0x6A00
+
+/** Incorrect parameters in the data field. */
+#define SCARD_DATA_INCORRECT 0x6A80
+
+/** Function not supported. */
+#define SCARD_FUNCTION_NOT_SUPPORTED 0x6A81
+
+/** File not found. */
+#define SCARD_FILE_NOT_FOUND 0x6A82
+
+/** Record not found. */
+#define SCARD_RECORD_NOT_FOUND 0x6A83
+
+/** Not enough memory space in the file. */
+#define SCARD_NO_MEMORY_LEFT 0x6A84
+
+/** Lc inconsistent with TLV structure. */
+#define SCARD_LC_INCONSISTENT_TLV 0x6A85
+
+/** Incorrect parameters P1-P2. */
+#define SCARD_INCORRECT_P1_P2 0x6A86
+
+/** Lc inconsistent with P1-P2. */
+#define SCARD_LC_INCONSISTENT_P1_P2 0x6A87
+
+/** Referenced data not found. */
+#define SCARD_REFERENCED_DATA_NOT_FOUND 0x6A88
+
+
+/* '6B00' Wrong parameter(s) P1-P2. */
+
+/** Wrong parameter(s) P1-P2. */
+#define SCARD_WRONG_PARAMETER_P1_P2 0x6B00
+
+
+/* '6CXX' Wrong length Le: SW2 indicates the exact length */
+#define SCARD_LE_IN_SW2 0x6C00
+
+
+/* '6D00' Instruction code not supported or invalid. */
+
+/** The instruction code is not programmed or is invalid. */
+#define SCARD_INSTRUCTION_CODE_INVALID 0x6D00
+
+
+/* '6E00' Class not supported. */
+
+/** The card does not support the instruction class. */
+#define SCARD_INSTRUCTION_CLASS_UNSUPPORTED 0x6E00
+
+
+/* '6F00' No precise diagnosis. */
+
+/** No precise diagnostic is given. */
+#define SCARD_UNSPECIFIED_ERROR 0x6F00
+
+
+namespace Tokend
+{
+
+class SCardError : public Security::CommonError
+{
+protected:
+ SCardError(uint16_t sw);
+public:
+ const uint16_t statusWord;
+ virtual OSStatus osStatus() const;
+ virtual int unixError() const;
+ virtual const char *what () const throw ();
+
+ static void check(uint16_t sw) { if (sw != SCARD_SUCCESS) throwMe(sw); }
+ static void throwMe(uint16_t sw) __attribute__((noreturn));
+
+protected:
+#if MAX_OS_X_VERSION_MIN_REQUIRED <= MAX_OS_X_VERSION_10_5
+ IFDEBUG(void debugDiagnose(const void *id) const;)
+#endif
+ IFDEBUG(static const char *errorstr(uint16_t sw);)
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_SCARDERROR_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/Schema.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Schema.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Schema.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,511 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Schema.cpp
+ * TokendMuscle
+ */
+
+#include "Schema.h"
+
+#include "Attribute.h"
+#include "MetaRecord.h"
+#include "MetaAttribute.h"
+
+#include <Security/SecKey.h>
+#include <Security/SecCertificate.h>
+#include <Security/SecKeychainItem.h>
+#include <Security/cssmapple.h>
+
+//#define REGISTER_SCHEMA_RELATIONS 1
+
+namespace Tokend
+{
+
+#pragma mark ---------------- Schema --------------
+
+Schema::Schema() :
+ mTrueCoder(true),
+ mFalseCoder(false),
+ mCertEncodingBERCoder(CSSM_CERT_ENCODING(CSSM_CERT_ENCODING_BER)),
+ mSdCSPDLGuidCoder(gGuidAppleSdCSPDL),
+ mPublicKeyClassCoder(CSSM_KEYCLASS(CSSM_KEYCLASS_PUBLIC_KEY)),
+ mPrivateKeyClassCoder(CSSM_KEYCLASS(CSSM_KEYCLASS_PRIVATE_KEY)),
+ mSessionKeyClassCoder(CSSM_KEYCLASS(CSSM_KEYCLASS_SESSION_KEY))
+{
+}
+
+Schema::~Schema()
+{
+ try
+ {
+ for_each_map_delete(mRelationMap.begin(), mRelationMap.end());
+ }
+ catch(...) {}
+}
+
+void Schema::create()
+{
+ // Attribute names.
+ std::string
+ an_RelationID("RelationID"),
+ an_RelationName("RelationName"),
+ an_AttributeID("AttributeID"),
+ an_AttributeNameFormat("AttributeNameFormat"),
+ an_AttributeName("AttributeName"),
+ an_AttributeNameID("AttributeNameID"),
+ an_AttributeFormat("AttributeFormat"),
+ an_IndexID("IndexID"),
+ an_IndexType("IndexType"),
+ an_IndexedDataLocation("IndexedDataLocation");
+
+ // Record the attributeIndex of each created attribute for use by our
+ // register functions laster on.
+ // Create CSSM_DL_DB_SCHEMA_INFO relation.
+ MetaRecord *mrio = new MetaRecord(CSSM_DL_DB_SCHEMA_INFO);
+ io_rid = mrio->createAttribute(an_RelationID,
+ kAF_UINT32).attributeIndex();
+ io_rn = mrio->createAttribute(an_RelationName,
+ kAF_STRING).attributeIndex();
+ mInfo = createRelation(mrio);
+
+ // Create CSSM_DL_DB_SCHEMA_ATTRIBUTES relation
+ MetaRecord *mras = new MetaRecord(CSSM_DL_DB_SCHEMA_ATTRIBUTES);
+ as_rid = mras->createAttribute(an_RelationID,
+ kAF_UINT32).attributeIndex();
+ as_aid = mras->createAttribute(an_AttributeID,
+ kAF_UINT32).attributeIndex();
+ as_anf = mras->createAttribute(an_AttributeNameFormat,
+ kAF_UINT32).attributeIndex();
+ as_an = mras->createAttribute(an_AttributeName,
+ kAF_STRING).attributeIndex();
+ as_anid= mras->createAttribute(an_AttributeNameID,
+ kAF_BLOB ).attributeIndex();
+ as_af = mras->createAttribute(an_AttributeFormat,
+ kAF_UINT32).attributeIndex();
+ mAttributes = createRelation(mras);
+
+ // Create CSSM_DL_DB_SCHEMA_INDEXES relation
+ MetaRecord *mrix = new MetaRecord(CSSM_DL_DB_SCHEMA_INDEXES);
+ ix_rid = mrix->createAttribute(an_RelationID,
+ kAF_UINT32).attributeIndex();
+ ix_iid = mrix->createAttribute(an_IndexID,
+ kAF_UINT32).attributeIndex();
+ ix_aid = mrix->createAttribute(an_AttributeID,
+ kAF_UINT32).attributeIndex();
+ ix_it = mrix->createAttribute(an_IndexType,
+ kAF_UINT32).attributeIndex();
+ ix_idl = mrix->createAttribute(an_IndexedDataLocation,
+ kAF_UINT32).attributeIndex();
+ mIndices = createRelation(mrix);
+
+#ifdef ADD_SCHEMA_PARSING_MODULE
+ // @@@ Skipping CSSM_DL_DB_SCHEMA_PARSING_MODULE relation since no one uses
+ // it and it's definition in CDSA is broken anyway
+
+ // Attribute names.
+ std::string
+ an_ModuleID("ModuleID"),
+ an_AddinVersion("AddinVersion"),
+ an_SSID("SSID"),
+ an_SubserviceType("SubserviceType");
+
+ // Create CSSM_DL_DB_SCHEMA_PARSING_MODULE Relation
+ MetaRecord *mr_parsing = new MetaRecord(CSSM_DL_DB_SCHEMA_PARSING_MODULE);
+ mr_parsing->createAttribute(an_AttributeID, kAF_UINT32);
+ mr_parsing->createAttribute(an_ModuleID, kAF_BLOB );
+ mr_parsing->createAttribute(an_AddinVersion, kAF_STRING);
+ mr_parsing->createAttribute(an_SSID, kAF_UINT32);
+ mr_parsing->createAttribute(an_SubserviceType, kAF_UINT32);
+ createRelation(mr_parsing);
+#endif
+
+#ifdef REGISTER_SCHEMA_RELATIONS
+ registerRelation("CSSM_DL_DB_SCHEMA_INFO", CSSM_DL_DB_SCHEMA_INFO);
+ registerAttribute(CSSM_DL_DB_SCHEMA_INFO, &an_RelationID, 0,
+ kAF_UINT32, true);
+ registerAttribute(CSSM_DL_DB_SCHEMA_INFO, &an_RelationName, 1,
+ kAF_UINT32, false);
+ registerRelation("CSSM_DL_DB_SCHEMA_ATTRIBUTES",
+ CSSM_DL_DB_SCHEMA_ATTRIBUTES);
+ registerAttribute(CSSM_DL_DB_SCHEMA_ATTRIBUTES, &an_RelationID, 0,
+ kAF_UINT32, true);
+ registerAttribute(CSSM_DL_DB_SCHEMA_ATTRIBUTES, &an_AttributeID, 2,
+ kAF_UINT32, true);
+ registerAttribute(CSSM_DL_DB_SCHEMA_ATTRIBUTES, &an_AttributeNameFormat, 3,
+ kAF_UINT32, false);
+ registerAttribute(CSSM_DL_DB_SCHEMA_ATTRIBUTES, &an_AttributeName, 4,
+ kAF_STRING, false);
+ registerAttribute(CSSM_DL_DB_SCHEMA_ATTRIBUTES, &an_AttributeNameId, 5,
+ kAF_BLOB, false);
+ registerAttribute(CSSM_DL_DB_SCHEMA_ATTRIBUTES, &an_AttributeFormat, 6,
+ kAF_UINT32, false);
+ registerRelation("CSSM_DL_DB_SCHEMA_INDEXES", CSSM_DL_DB_SCHEMA_INDEXES);
+ registerAttribute(CSSM_DL_DB_SCHEMA_INDEXES, &an_RelationID, 0,
+ kAF_UINT32, true);
+ registerAttribute(CSSM_DL_DB_SCHEMA_INDEXES, &an_IndexID, 1,
+ kAF_UINT32, true);
+ registerAttribute(CSSM_DL_DB_SCHEMA_INDEXES, &an_AttributeID, 2,
+ kAF_UINT32, true);
+ registerAttribute(CSSM_DL_DB_SCHEMA_INDEXES, &an_IndexType, 3,
+ kAF_UINT32, false);
+ registerAttribute(CSSM_DL_DB_SCHEMA_INDEXES, &an_IndexedDataLocation, 4,
+ kAF_UINT32, false);
+#endif
+}
+
+// Create one of the standard relations conforming to what the SecKeychain
+// layer expects.
+Relation *Schema::createStandardRelation(RelationId relationId)
+{
+ // avoid include of <Security/SecKeychainItemPriv.h> for definition of kSecProtectedDataItemAttr
+ const uint32 localkSecProtectedDataItemAttr = 'prot'; /* Item's data is protected (encrypted) (Boolean) */
+ std::string relationName;
+ // Get the name based on the relation
+ switch (relationId)
+ {
+ case CSSM_DL_DB_RECORD_PRIVATE_KEY:
+ relationName = "CSSM_DL_DB_RECORD_PRIVATE_KEY"; break;
+ case CSSM_DL_DB_RECORD_PUBLIC_KEY:
+ relationName = "CSSM_DL_DB_RECORD_PUBLIC_KEY"; break;
+ case CSSM_DL_DB_RECORD_SYMMETRIC_KEY:
+ relationName = "CSSM_DL_DB_RECORD_SYMMETRIC_KEY"; break;
+ case CSSM_DL_DB_RECORD_X509_CERTIFICATE:
+ relationName = "CSSM_DL_DB_RECORD_X509_CERTIFICATE"; break;
+ case CSSM_DL_DB_RECORD_GENERIC:
+ relationName = "CSSM_DL_DB_RECORD_GENERIC"; break;
+ case CSSM_DL_DB_RECORD_GENERIC_PASSWORD:
+ relationName = "CSSM_DL_DB_RECORD_GENERIC_PASSWORD"; break;
+ default: CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE);
+ }
+
+ Relation *rt = createRelation(relationName, relationId);
+
+ std::string
+ an_CertType = "CertType",
+ an_CertEncoding = "CertEncoding",
+ an_PrintName = "PrintName",
+ an_Alias = "Alias",
+ an_Subject = "Subject",
+ an_Issuer = "Issuer",
+ an_SerialNumber = "SerialNumber",
+ an_SubjectKeyIdentifier = "SubjectKeyIdentifier",
+ an_PublicKeyHash = "PublicKeyHash",
+ an_KeyClass = "KeyClass",
+ an_Permanent = "Permanent",
+ an_Private = "Private",
+ an_Modifiable = "Modifiable",
+ an_Label = "Label",
+ an_ApplicationTag = "ApplicationTag",
+ an_KeyCreator = "KeyCreator",
+ an_KeyType = "KeyType",
+ an_KeySizeInBits = "KeySizeInBits",
+ an_EffectiveKeySize = "EffectiveKeySize",
+ an_StartDate = "StartDate",
+ an_EndDate = "EndDate",
+ an_Sensitive = "Sensitive",
+ an_AlwaysSensitive = "AlwaysSensitive",
+ an_Extractable = "Extractable",
+ an_NeverExtractable = "NeverExtractable",
+ an_Encrypt = "Encrypt",
+ an_Decrypt = "Decrypt",
+ an_Derive = "Derive",
+ an_Sign = "Sign",
+ an_Verify = "Verify",
+ an_SignRecover = "SignRecover",
+ an_VerifyRecover = "VerifyRecover",
+ an_Wrap = "Wrap",
+ an_Unwrap = "Unwrap",
+ an_CreationDate = "CreationDate",
+ an_ModDate = "ModDate",
+ an_Description = "Description",
+ an_Comment = "Comment",
+ an_Creator = "Creator",
+ an_Type = "Type",
+ an_ScriptCode = "ScriptCode",
+ an_Invisible = "Invisible",
+ an_Negative = "Negative",
+ an_CustomIcon = "CustomIcon",
+ an_Protected = "Protected",
+ an_Account = "Account",
+ an_Service = "Service",
+ an_Generic = "Generic"
+ ;
+
+ // @@@ HARDWIRED Based on what SecKeychain layer expects @@@
+ switch (relationId)
+ {
+ case CSSM_DL_DB_RECORD_GENERIC:
+ createAttribute(*rt, &an_PrintName, kSecLabelItemAttr, kAF_BLOB, false)
+ .attributeCoder(&mDescriptionCoder);
+ createAttribute(*rt, &an_Alias, kSecAlias, kAF_BLOB, false)
+ .attributeCoder(&mZeroCoder);
+ rt->metaRecord().attributeCoderForData(&mDataAttributeCoder);
+ break;
+ case CSSM_DL_DB_RECORD_X509_CERTIFICATE:
+ createAttribute(*rt, &an_CertType, kSecCertTypeItemAttr,
+ kAF_UINT32, true).attributeCoder(&mCertificateCoder);
+ createAttribute(*rt, &an_CertEncoding, kSecCertEncodingItemAttr,
+ kAF_UINT32, false).attributeCoder(&mCertEncodingBERCoder);
+ createAttribute(*rt, &an_PrintName, kSecLabelItemAttr,
+ kAF_BLOB, false).attributeCoder(&mCertificateCoder);
+ createAttribute(*rt, &an_Alias, kSecAlias,
+ kAF_BLOB, false).attributeCoder(&mCertificateCoder);
+ createAttribute(*rt, &an_Subject, kSecSubjectItemAttr,
+ kAF_BLOB, false).attributeCoder(&mCertificateCoder);
+ createAttribute(*rt, &an_Issuer, kSecIssuerItemAttr,
+ kAF_BLOB, true).attributeCoder(&mCertificateCoder);
+ createAttribute(*rt, &an_SerialNumber, kSecSerialNumberItemAttr,
+ kAF_BLOB, true).attributeCoder(&mCertificateCoder);
+ createAttribute(*rt, &an_SubjectKeyIdentifier,
+ kSecSubjectKeyIdentifierItemAttr,
+ kAF_BLOB, false).attributeCoder(&mCertificateCoder);
+ createAttribute(*rt, &an_PublicKeyHash, kSecPublicKeyHashItemAttr,
+ kAF_BLOB, false).attributeCoder(&mCertificateCoder);
+ rt->metaRecord().attributeCoderForData(&mDataAttributeCoder);
+ // Initialize mPublicKeyHashCoder so it knows which attribute of a
+ // certificate to use to get the public key hash of a key.
+ mPublicKeyHashCoder.setCertificateMetaAttribute(&(rt->metaRecord()
+ .metaAttribute(kSecPublicKeyHashItemAttr)));
+ break;
+ case CSSM_DL_DB_RECORD_PUBLIC_KEY:
+ case CSSM_DL_DB_RECORD_PRIVATE_KEY:
+ case CSSM_DL_DB_RECORD_SYMMETRIC_KEY:
+ rt->metaRecord().attributeCoderForData(&mKeyDataCoder);
+ createAttribute(*rt, &an_KeyClass, kSecKeyKeyClass,
+ kAF_UINT32, false).attributeCoder(
+ relationId == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ ? &mPublicKeyClassCoder
+ : relationId == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ ? &mPrivateKeyClassCoder
+ : &mSessionKeyClassCoder);
+ createAttribute(*rt, &an_PrintName, kSecKeyPrintName,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Alias, kSecKeyAlias,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Permanent, kSecKeyPermanent,
+ kAF_UINT32, false).attributeCoder(&mTrueCoder);
+ createAttribute(*rt, &an_Private, kSecKeyPrivate,
+ kAF_UINT32, false).attributeCoder(
+ relationId == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ ? &mFalseCoder : &mTrueCoder);
+ createAttribute(*rt, &an_Modifiable, kSecKeyModifiable,
+ kAF_UINT32, false).attributeCoder(&mFalseCoder);
+ createAttribute(*rt, &an_Label, kSecKeyLabel,
+ kAF_BLOB, true).attributeCoder(
+ relationId == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ ? &mPublicKeyHashCoder : NULL);
+ createAttribute(*rt, &an_ApplicationTag, kSecKeyApplicationTag,
+ kAF_BLOB, true).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_KeyCreator, kSecKeyKeyCreator,
+ kAF_BLOB, true).attributeCoder(&mSdCSPDLGuidCoder);
+ createAttribute(*rt, &an_KeyType, kSecKeyKeyType, kAF_UINT32, true);
+ createAttribute(*rt, &an_KeySizeInBits, kSecKeyKeySizeInBits,
+ kAF_UINT32, true);
+ createAttribute(*rt, &an_EffectiveKeySize, kSecKeyEffectiveKeySize,
+ kAF_UINT32, true);
+ createAttribute(*rt, &an_StartDate, kSecKeyStartDate,
+ kAF_TIME_DATE, true).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_EndDate, kSecKeyEndDate,
+ kAF_TIME_DATE, true).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Sensitive, kSecKeySensitive,
+ kAF_UINT32, false).attributeCoder(
+ relationId == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ ? &mFalseCoder : &mTrueCoder);
+ createAttribute(*rt, &an_AlwaysSensitive, kSecKeyAlwaysSensitive,
+ kAF_UINT32, false).attributeCoder(&mFalseCoder);
+ createAttribute(*rt, &an_Extractable, kSecKeyExtractable,
+ kAF_UINT32, false).attributeCoder(&mFalseCoder);
+ createAttribute(*rt, &an_NeverExtractable, kSecKeyNeverExtractable,
+ kAF_UINT32, false).attributeCoder(&mFalseCoder);
+ createAttribute(*rt, &an_Encrypt, kSecKeyEncrypt, kAF_UINT32, false);
+ createAttribute(*rt, &an_Decrypt, kSecKeyDecrypt, kAF_UINT32, false);
+ createAttribute(*rt, &an_Derive, kSecKeyDerive, kAF_UINT32, false);
+ createAttribute(*rt, &an_Sign, kSecKeySign, kAF_UINT32, false);
+ createAttribute(*rt, &an_Verify, kSecKeyVerify, kAF_UINT32, false);
+ createAttribute(*rt, &an_SignRecover, kSecKeySignRecover,
+ kAF_UINT32, false);
+ createAttribute(*rt, &an_VerifyRecover, kSecKeyVerifyRecover,
+ kAF_UINT32, false);
+ createAttribute(*rt, &an_Wrap, kSecKeyWrap, kAF_UINT32, false);
+ createAttribute(*rt, &an_Unwrap, kSecKeyUnwrap, kAF_UINT32, false);
+ // Initialize mPublicKeyHashCoder so it knows which attribute of a
+ // public key to use to get the public key hash of a key.
+ if (relationId == CSSM_DL_DB_RECORD_PUBLIC_KEY)
+ mPublicKeyHashCoder.setPublicKeyMetaAttribute(&(rt->metaRecord()
+ .metaAttribute(kSecKeyLabel)));
+ break;
+ case CSSM_DL_DB_RECORD_GENERIC_PASSWORD:
+ createAttribute(*rt, &an_CreationDate, kSecCreationDateItemAttr,
+ kAF_TIME_DATE, true).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_ModDate, kSecModDateItemAttr,
+ kAF_TIME_DATE, true).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Description, kSecDescriptionItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Comment, kSecCommentItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Creator, kSecCreatorItemAttr, kAF_UINT32, 0);
+ createAttribute(*rt, &an_Type, kSecTypeItemAttr, kAF_UINT32, 0);
+ createAttribute(*rt, &an_ScriptCode, kSecScriptCodeItemAttr, kAF_UINT32, 0);
+
+ createAttribute(*rt, &an_PrintName, kSecLabelItemAttr, kAF_BLOB, false)
+ .attributeCoder(&mDescriptionCoder);
+ createAttribute(*rt, &an_Alias, kSecAlias, kAF_BLOB, false)
+ .attributeCoder(&mZeroCoder);
+
+ createAttribute(*rt, &an_Invisible, kSecInvisibleItemAttr, kAF_UINT32, 0);
+ createAttribute(*rt, &an_Negative, kSecNegativeItemAttr, kAF_UINT32, 0);
+ createAttribute(*rt, &an_CustomIcon, kSecCustomIconItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Protected, localkSecProtectedDataItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Account, kSecAccountItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Service, kSecServiceItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ createAttribute(*rt, &an_Generic, kSecGenericItemAttr,
+ kAF_BLOB, false).attributeCoder(&mZeroCoder);
+ rt->metaRecord().attributeCoderForData(&mDataAttributeCoder);
+
+ break;
+ }
+
+ return rt;
+}
+
+// Create a new relation using metaRecord. Does not register this in the
+// CSSM_DL_DB_SCHEMA_INFO relation. This is used for creating the schema
+// relations themselves only.
+Relation *Schema::createRelation(MetaRecord *metaRecord)
+{
+ auto_ptr<Relation> aRelation(new Relation(metaRecord));
+
+ if (!mRelationMap.insert(RelationMap::value_type(metaRecord->relationId(),
+ aRelation.get())).second)
+ {
+ // @@@ Should be CSSMERR_DL_DUPLICATE_RECORDTYPE. Since that
+ // doesn't exist we report that the meta-relation's unique index would
+ // no longer be valid
+ CssmError::throwMe(CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA);
+ }
+
+ return aRelation.release();
+}
+
+// Create a new relation and register this in the CSSM_DL_DB_SCHEMA_INFO
+// relation.
+Relation *Schema::createRelation(const std::string &relationName,
+ RelationId relationId)
+{
+ MetaRecord *mr = new MetaRecord(relationId);
+ Relation *rt = createRelation(mr);
+ registerRelation(relationName, relationId);
+ return rt;
+}
+
+// Create a new attribute and register this with the schema. Do not use this
+// for creating schema relations.
+MetaAttribute &Schema::createAttribute(Relation &relation,
+ const std::string *name, uint32 attributeId,
+ CSSM_DB_ATTRIBUTE_FORMAT attributeFormat, bool isIndex)
+{
+ MetaRecord &mr = relation.metaRecord();
+ registerAttribute(mr.relationId(), name, attributeId, attributeFormat,
+ isIndex);
+ return mr.createAttribute(name, NULL, attributeId, attributeFormat);
+}
+
+// Insert a record containing a relationId and it's name into
+// CSSM_DL_DB_SCHEMA_INFO relation
+void Schema::registerRelation(const std::string &relationName,
+ RelationId relationId)
+{
+ RefPointer<Record> record = new Record();
+ record->attributeAtIndex(io_rid, new Attribute(relationId));
+ record->attributeAtIndex(io_rn, new Attribute(relationName));
+ mInfo->insertRecord(record);
+}
+
+// Insert a record containing a relationId, attributeId and other meta
+// information into the CSSM_DL_DB_SCHEMA_ATTRIBUTES relation. In addition, if
+// isIndex is true insert a record into the CSSM_DL_DB_SCHEMA_INDEXES relation.
+void Schema::registerAttribute(RelationId relationId, const std::string *name,
+ uint32 attributeId, CSSM_DB_ATTRIBUTE_FORMAT attributeFormat, bool isIndex)
+{
+ CSSM_DB_ATTRIBUTE_NAME_FORMAT nameFormat = name
+ ? CSSM_DB_ATTRIBUTE_NAME_AS_STRING : CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER;
+
+ RefPointer<Record> rc_attribute = new Record();
+
+ rc_attribute->attributeAtIndex(as_rid, new Attribute(relationId));
+ rc_attribute->attributeAtIndex(as_aid, new Attribute(attributeId));
+ rc_attribute->attributeAtIndex(as_anf, new Attribute(nameFormat));
+ rc_attribute->attributeAtIndex(as_an, name
+ ? new Attribute(*name) : new Attribute()); // AttributeName
+ rc_attribute->attributeAtIndex(as_anid, new Attribute());// AttributeNameId
+ rc_attribute->attributeAtIndex(as_af, new Attribute(attributeFormat));
+ mAttributes->insertRecord(rc_attribute);
+
+ if (isIndex)
+ {
+ RefPointer<Record> rc_index = new Record();
+ rc_index->attributeAtIndex(ix_rid, // RelationId
+ new Attribute(relationId));
+ rc_index->attributeAtIndex(ix_iid, // IndexId
+ new Attribute(uint32(0)));
+ rc_index->attributeAtIndex(ix_aid, // AttributeId
+ new Attribute(attributeId));
+ rc_index->attributeAtIndex(ix_it, // IndexType
+ new Attribute(uint32(CSSM_DB_INDEX_UNIQUE)));
+ rc_index->attributeAtIndex(ix_idl, // IndexedDataLocation
+ new Attribute(uint32(CSSM_DB_INDEX_ON_UNKNOWN)));
+ mIndices->insertRecord(rc_index);
+ }
+}
+
+
+#pragma mark ---------------- Utility methods --------------
+
+const Relation &Schema::findRelation(RelationId inRelationId) const
+{
+ RelationMap::const_iterator it = mRelationMap.find(inRelationId);
+ if (it == mRelationMap.end())
+ CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE);
+ return *it->second;
+}
+
+Relation &Schema::findRelation(RelationId inRelationId)
+{
+ RelationMap::iterator it = mRelationMap.find(inRelationId);
+ if (it == mRelationMap.end())
+ CssmError::throwMe(CSSMERR_DL_INVALID_RECORDTYPE);
+ return *it->second;
+}
+
+MetaRecord &Schema::findMetaRecord(RelationId inRelationId)
+{
+ return findRelation(inRelationId).metaRecord();
+}
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/Schema.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Schema.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Schema.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Schema.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_SCHEMA_H_
+#define _TOKEND_SCHEMA_H_
+
+#include <security_cdsa_utilities/cssmdata.h>
+#include <security_cdsa_utilities/cssmdb.h>
+#include <map>
+
+#include "MetaRecord.h"
+#include "Relation.h"
+#include "AttributeCoder.h"
+
+namespace Tokend
+{
+
+class Relation;
+
+//
+// Schema
+//
+class Schema
+{
+ NOCOPY(Schema)
+public:
+ typedef std::map<RelationId, Relation *> RelationMap;
+ typedef RelationMap::const_iterator ConstRelationMapIterator;
+
+ Schema();
+ virtual ~Schema();
+
+ virtual void create();
+
+ const Relation &findRelation(RelationId inRelationId) const;
+ Relation &findRelation(RelationId inRelationId);
+ MetaRecord &findMetaRecord(RelationId inRelationId);
+
+ ConstRelationMapIterator begin() const { return mRelationMap.begin(); }
+ ConstRelationMapIterator end() const { return mRelationMap.end(); }
+
+ const LinkedRecordAttributeCoder &publicKeyHashCoder() const
+ { return mPublicKeyHashCoder; }
+protected:
+ Relation *createRelation(const std::string &relationName,
+ RelationId relationId);
+ Relation *createStandardRelation(RelationId relationId);
+
+ MetaAttribute &createAttribute(Relation &relation,
+ const std::string *name, uint32 attributeId,
+ CSSM_DB_ATTRIBUTE_FORMAT attributeFormat, bool isIndex);
+private:
+ Relation *createRelation(MetaRecord *inMetaRecord);
+
+ void registerRelation(const std::string &relationName,
+ RelationId relationId);
+ void registerAttribute(RelationId relationId, const std::string *name,
+ uint32 attributeId, CSSM_DB_ATTRIBUTE_FORMAT attributeFormat,
+ bool isIndex);
+
+private:
+ Relation *mInfo, *mAttributes, *mIndices;
+ RelationMap mRelationMap;
+
+ // AttributeIndices for attributes of CSSM_DL_DB_SCHEMA_INFO relation.
+ uint32 io_rid;
+ uint32 io_rn;
+
+ // AttributeIndices for attributes of CSSM_DL_DB_SCHEMA_ATTRIBUTES
+ // relation.
+ uint32 as_rid;
+ uint32 as_aid;
+ uint32 as_anf;
+ uint32 as_an;
+ uint32 as_anid;
+ uint32 as_af;
+
+ // AttributeIndices for attributes of CSSM_DL_DB_SCHEMA_INDEXES relation.
+ uint32 ix_rid;
+ uint32 ix_iid;
+ uint32 ix_aid;
+ uint32 ix_it;
+ uint32 ix_idl;
+protected:
+ // Coders for some standard attributes
+ ConstAttributeCoder mTrueCoder;
+ ConstAttributeCoder mFalseCoder;
+ ConstAttributeCoder mCertEncodingBERCoder;
+ GuidAttributeCoder mSdCSPDLGuidCoder;
+ CertificateAttributeCoder mCertificateCoder;
+ ZeroAttributeCoder mZeroCoder;
+ ConstAttributeCoder mPublicKeyClassCoder;
+ ConstAttributeCoder mPrivateKeyClassCoder;
+ ConstAttributeCoder mSessionKeyClassCoder;
+ KeyDataAttributeCoder mKeyDataCoder;
+ LinkedRecordAttributeCoder mPublicKeyHashCoder;
+ DataAttributeCoder mDataAttributeCoder;
+ DescriptionAttributeCoder mDescriptionCoder;
+};
+
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_SCHEMA_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/SelectionPredicate.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/SelectionPredicate.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/SelectionPredicate.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * SelectionPredicate.cpp
+ * TokendMuscle
+ */
+
+#include "SelectionPredicate.h"
+#include "MetaAttribute.h"
+#include "MetaRecord.h"
+#include "DbValue.h"
+#include <Security/cssmerr.h>
+
+namespace Tokend
+{
+
+SelectionPredicate::SelectionPredicate(const MetaRecord &inMetaRecord,
+ const CSSM_SELECTION_PREDICATE &inPredicate)
+ : mMetaAttribute(inMetaRecord.metaAttribute(inPredicate.Attribute.Info)),
+ mDbOperator(inPredicate.DbOperator)
+{
+ // Make sure that the caller specified the attribute values in the correct
+ // format.
+ if (inPredicate.Attribute.Info.AttributeFormat
+ != mMetaAttribute.attributeFormat())
+ CssmError::throwMe(CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT);
+
+ // @@@ See ISSUES
+ if (inPredicate.Attribute.NumberOfValues != 1)
+ CssmError::throwMe(CSSMERR_DL_UNSUPPORTED_QUERY);
+
+ mData = inPredicate.Attribute.Value[0];
+ mValue = mMetaAttribute.createValue(mData);
+}
+
+SelectionPredicate::~SelectionPredicate()
+{
+ delete mValue;
+}
+
+bool SelectionPredicate::evaluate(TokenContext *tokenContext,
+ Record& record) const
+{
+ return mMetaAttribute.evaluate(tokenContext, mValue, record, mDbOperator);
+}
+
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/SelectionPredicate.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/SelectionPredicate.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/SelectionPredicate.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * SelectionPredicate.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_SELECTIONPREDICATE_H_
+#define _TOKEND_SELECTIONPREDICATE_H_
+
+#include <security_cdsa_utilities/cssmdata.h>
+
+namespace Tokend
+{
+
+class DbValue;
+class MetaAttribute;
+class MetaRecord;
+class Record;
+class TokenContext;
+
+class SelectionPredicate
+{
+ NOCOPY(SelectionPredicate)
+public:
+ SelectionPredicate(const MetaRecord &inMetaRecord,
+ const CSSM_SELECTION_PREDICATE &inPredicate);
+ ~SelectionPredicate();
+
+ bool evaluate(TokenContext *tokenContext, Record& record) const;
+
+private:
+ const MetaAttribute &mMetaAttribute;
+ CSSM_DB_OPERATOR mDbOperator;
+ CssmDataContainer mData;
+ DbValue *mValue;
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_SELECTIONPREDICATE_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/Token.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Token.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Token.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,1129 @@
+/*
+ * Copyright (c) 2004,2007 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Token.cpp
+ * TokendMuscle
+ */
+
+#include "Token.h"
+
+#include "Cursor.h"
+#include "KeyHandle.h"
+#include "RecordHandle.h"
+#include "Schema.h"
+#include <memory>
+#include <security_cdsa_utilities/cssmaclpod.h>
+#include <security_utilities/unix++.h>
+#include <security_utilities/logging.h>
+
+//
+// SPI wrapper macros
+//
+#define BEGIN try {
+#define END(SS) \
+ return CSSM_OK; \
+ } catch (const CommonError &err) { \
+ return CssmError::cssmError(err, CSSM_##SS##_BASE_ERROR); \
+ } catch (...) { \
+ return CSSM_ERRCODE_INTERNAL_ERROR; \
+ }
+
+//
+// Singleton
+//
+Tokend::Token *token;
+
+namespace Tokend
+{
+
+Token::Token() : mSchema(NULL), mTokenContext(NULL)
+{
+}
+
+Token::~Token()
+{
+}
+
+
+//
+// Initial: Your first chance to do anything with the tokend framework
+// initialized.
+//
+CSSM_RETURN Token::_initial()
+{
+ BEGIN
+ token->initial();
+ secdebug("tokend", "using reader %s",
+ token->startupReaderInfo()->szReader);
+ END(CSSM)
+}
+
+
+//
+// Probe:
+// (1) See if we support this token. Return zero if not.
+// Return a score if we do - the lower, the better. 1 beats everyone else.
+// (2) Generate a unique id string for the token. This doesn't have to be
+// human readable. If you REALLY can't make one up, leave tokenUid alone.
+// But do try.
+//
+CSSM_RETURN Token::_probe(SecTokendProbeFlags flags, uint32 *score,
+ char tokenUid[TOKEND_MAX_UID])
+{
+ BEGIN
+ *score = token->probe(flags, tokenUid);
+ secdebug("tokend", "flags=%d returning score=%d uid='%s'",
+ flags, *score, tokenUid);
+ END(CSSM)
+}
+
+
+//
+// Establish:
+// Okay, you're the one. The token is yours. Here's your GUID and subservice ID
+// (in case you care); it'll get automatically inserted into your MDS unless
+// you override it. If you can make up a nice, user-friendly print name for
+// your token, return it in printName. If you can't, leave it alone and
+// securityd will make something up for you.
+//
+CSSM_RETURN Token::_establish(const CSSM_GUID *guid, uint32 subserviceID,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX])
+{
+ BEGIN
+ secdebug("tokend", "establish(%s,%d,0x%X)",
+ Guid::required(guid).toString().c_str(), subserviceID, flags);
+
+ token->establish(guid, subserviceID, flags, cacheDirectory, workDirectory,
+ mdsDirectory, printName);
+ // if printName is left alone, securityd will make one up
+ // if mdsDirectory is left alone, all MDS resources in the Resource bundle
+ // will be loaded
+ END(CSSM)
+}
+
+
+//
+// Terminate() is called by security when it wants you to go away.
+// This function does not (currently) return anything, so the CSSM_RETURN is
+// effectively ignored. (It's still here for consistency's sake.)
+//
+CSSM_RETURN Token::_terminate(uint32 reason, uint32 options)
+{
+ BEGIN
+ secdebug("tokend", "terminate(%d,0x%d)", reason, options);
+ token->terminate(reason, options);
+ END(CSSM)
+}
+
+
+CSSM_RETURN Token::_findFirst(const CSSM_QUERY *query,
+ TOKEND_RETURN_DATA *data, CSSM_HANDLE *hSearch)
+{
+ BEGIN
+ secdebug("tokend", "findFirst()");
+ std::auto_ptr<Cursor> curs(token->createCursor(query));
+ TokenContext *tokenContext = token->tokenContext();
+ std::auto_ptr<RecordHandle> rh(curs->next(tokenContext));
+ if (!rh.get())
+ {
+ secdebug("tokend", "findFirst() returning: CSSMERR_DL_ENDOFDATA");
+#if 1
+ data->record = 0;
+ data->keyhandle = 0;
+ return 0;
+#else
+ return CSSMERR_DL_ENDOFDATA;
+#endif
+ }
+
+ rh->get(tokenContext, *data);
+ // Release the RecordHandle until the caller kills the handle we returned.
+ rh.release();
+
+ // We didn't throw so return a search handle and keep the Cursor around.
+ *hSearch = curs->handle();
+ curs.release();
+ secdebug("tokend", "end findFirst() returned: %ld", *hSearch);
+ END(DL)
+}
+
+CSSM_RETURN Token::_findNext(CSSM_HANDLE hSearch, TOKEND_RETURN_DATA *data)
+{
+ BEGIN
+ secdebug("tokend", "findNext(%ld)", hSearch);
+ Cursor& curs = Security::HandleObject::find<Cursor>(hSearch,
+ CSSMERR_DL_RECORD_NOT_FOUND);
+ TokenContext *tokenContext = token->tokenContext();
+ std::auto_ptr<RecordHandle> rh(curs.next(tokenContext));
+ if (!rh.get())
+ {
+ secdebug("tokend", "findNext(%ld) returning: CSSMERR_DL_ENDOFDATA",
+ hSearch);
+#if 1
+ data->record = 0;
+ data->keyhandle = 0;
+ return 0;
+#else
+ return CSSMERR_DL_ENDOFDATA;
+#endif
+ }
+
+ rh->get(tokenContext, *data);
+ rh.release();
+ END(DL)
+}
+
+CSSM_RETURN Token::_findRecordHandle(CSSM_HANDLE hRecord,
+ TOKEND_RETURN_DATA *data)
+{
+ BEGIN
+ secdebug("tokend", "findRecordHandle(%ld)", hRecord);
+ RecordHandle &rh = Security::HandleObject::find<RecordHandle>(hRecord,
+ CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
+ rh.get(token->tokenContext(), *data);
+ END(DL)
+}
+
+CSSM_RETURN Token::_insertRecord(CSSM_DB_RECORDTYPE recordType,
+ const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, const CSSM_DATA *data,
+ CSSM_HANDLE *hRecord)
+{
+ BEGIN
+ secdebug("tokend", "insertRecord");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ END(DL)
+}
+
+CSSM_RETURN Token::_modifyRecord(CSSM_DB_RECORDTYPE recordType,
+ CSSM_HANDLE *hRecord, const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
+ const CSSM_DATA *data, CSSM_DB_MODIFY_MODE modifyMode)
+{
+ BEGIN
+ secdebug("tokend", "modifyRecord");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ END(DL)
+}
+
+CSSM_RETURN Token::_deleteRecord(CSSM_HANDLE hRecord)
+{
+ BEGIN
+ secdebug("tokend", "deleteRecord");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ END(DL)
+}
+
+CSSM_RETURN Token::_releaseSearch(CSSM_HANDLE hSearch)
+{
+ BEGIN
+ secdebug("tokend", "releaseSearch(%ld)", hSearch);
+ Cursor &curs = Security::HandleObject::findAndKill<Cursor>(hSearch,
+ CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
+ delete &curs;
+ END(DL)
+}
+
+CSSM_RETURN Token::_releaseRecord(CSSM_HANDLE hRecord)
+{
+ BEGIN
+ secdebug("tokend", "releaseRecord(%ld)", hRecord);
+ RecordHandle &rech = Security::HandleObject::findAndKill<RecordHandle>(hRecord,
+ CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
+ delete &rech;
+ END(DL)
+}
+
+CSSM_RETURN Token::_freeRetrievedData(TOKEND_RETURN_DATA *data)
+{
+ BEGIN
+ secdebug("tokend", "freeRetrievedData");
+ // Since we return pointers to our cached interal data this is also a noop
+ END(DL)
+}
+
+CSSM_RETURN Token::_releaseKey(CSSM_HANDLE hKey)
+{
+ BEGIN
+ secdebug("tokend", "releaseKey(%ld)", hKey);
+ KeyHandle &keyh = Security::HandleObject::findAndKill<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ delete &keyh;
+ END(CSP)
+}
+
+CSSM_RETURN Token::_getKeySize(CSSM_HANDLE hKey, CSSM_KEY_SIZE *size)
+{
+ BEGIN
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.getKeySize(Required(size));
+ END(CSP)
+}
+
+CSSM_RETURN Token::_getOutputSize(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hKey, uint32 inputSize, CSSM_BOOL encrypting,
+ uint32 *outputSize)
+{
+ BEGIN
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ Required(outputSize) = key.getOutputSize(Context::required(context),
+ inputSize, encrypting);
+ END(CSP)
+}
+
+CSSM_RETURN Token::_generateSignature(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hKey, CSSM_ALGORITHMS signOnly, const CSSM_DATA *input,
+ CSSM_DATA *signature)
+{
+ BEGIN
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.generateSignature(Context::required(context), signOnly,
+ CssmData::required(input), CssmData::required(signature));
+ END(CSP)
+}
+
+
+CSSM_RETURN Token::_verifySignature(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hKey, CSSM_ALGORITHMS signOnly, const CSSM_DATA *input,
+ const CSSM_DATA *signature)
+{
+ BEGIN
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.verifySignature(Context::required(context), signOnly,
+ CssmData::required(input), CssmData::required(signature));
+ END(CSP)
+}
+
+
+CSSM_RETURN Token::_generateMac(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
+ const CSSM_DATA *input, CSSM_DATA *output)
+{
+ BEGIN
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.generateMac(Context::required(context), CssmData::required(input),
+ CssmData::required(output));
+ END(CSP)
+}
+
+
+CSSM_RETURN Token::_verifyMac(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
+ const CSSM_DATA *input, const CSSM_DATA *compare)
+{
+ BEGIN
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.verifyMac(Context::required(context), CssmData::required(input),
+ CssmData::required(compare));
+ END(CSP)
+}
+
+
+CSSM_RETURN Token::_encrypt(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
+ const CSSM_DATA *clear, CSSM_DATA *cipher)
+{
+ BEGIN
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.encrypt(Context::required(context), CssmData::required(clear),
+ CssmData::required(cipher));
+ END(CSP)
+}
+
+
+CSSM_RETURN Token::_decrypt(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
+ const CSSM_DATA *cipher, CSSM_DATA *clear)
+{
+ BEGIN
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.decrypt(Context::required(context), CssmData::required(cipher),
+ CssmData::required(clear));
+ END(CSP)
+}
+
+CSSM_RETURN Token::_generateKey(const CSSM_CONTEXT *context,
+ const CSSM_ACCESS_CREDENTIALS *creds,
+ const CSSM_ACL_ENTRY_PROTOTYPE *owner, CSSM_KEYUSE usage,
+ CSSM_KEYATTR_FLAGS attrs, CSSM_HANDLE *hKey, CSSM_KEY *header)
+{
+ BEGIN
+ secdebug("tokend", "generateKey");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ END(CSP)
+}
+
+CSSM_RETURN Token::_generateKeyPair(const CSSM_CONTEXT *context,
+ const CSSM_ACCESS_CREDENTIALS *creds,
+ const CSSM_ACL_ENTRY_PROTOTYPE *owner,
+ CSSM_KEYUSE pubUsage, CSSM_KEYATTR_FLAGS pubAttrs,
+ CSSM_KEYUSE privUsage, CSSM_KEYATTR_FLAGS privAttrs,
+ CSSM_HANDLE *hPubKey, CSSM_KEY *pubHeader,
+ CSSM_HANDLE *hPrivKey, CSSM_KEY *privHeader)
+{
+ BEGIN
+ secdebug("tokend", "generateKeyPair");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ END(CSP)
+}
+
+CSSM_RETURN Token::_wrapKey(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hWrappingKey, const CSSM_KEY *wrappingKey,
+ const CSSM_ACCESS_CREDENTIALS *cred,
+ CSSM_HANDLE hSubjectKey, const CSSM_KEY *subjectKey,
+ const CSSM_DATA *descriptiveData, CSSM_KEY *wrappedKey)
+{
+ BEGIN
+ KeyHandle *subjectKeyHandle = hSubjectKey
+ ? &Security::HandleObject::find<KeyHandle>(hSubjectKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE) : NULL;
+ KeyHandle *wrappingKeyHandle = hWrappingKey
+ ? &Security::HandleObject::find<KeyHandle>(hWrappingKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE) : NULL;
+
+ if (subjectKeyHandle)
+ {
+ subjectKeyHandle->wrapUsingKey(Context::required(context),
+ AccessCredentials::optional(cred),
+ wrappingKeyHandle, CssmKey::optional(wrappingKey),
+ CssmData::optional(descriptiveData),
+ CssmKey::required(wrappedKey));
+ }
+ else if (wrappingKeyHandle)
+ {
+ wrappingKeyHandle->wrapKey(Context::required(context),
+ CssmKey::required(subjectKey),
+ CssmData::optional(descriptiveData),
+ CssmKey::required(wrappedKey));
+ }
+ else
+ {
+ secdebug("tokend",
+ "wrapKey without a reference subject or wrapping key not supported"
+ );
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ }
+ END(CSP)
+}
+
+CSSM_RETURN Token::_unwrapKey(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hWrappingKey, const CSSM_KEY *wrappingKey,
+ const CSSM_ACCESS_CREDENTIALS *cred,
+ const CSSM_ACL_ENTRY_PROTOTYPE *access,
+ CSSM_HANDLE hPublicKey, const CSSM_KEY *publicKey,
+ const CSSM_KEY *wrappedKey, CSSM_KEYUSE usage,
+ CSSM_KEYATTR_FLAGS attributes, CSSM_DATA *descriptiveData,
+ CSSM_HANDLE *hUnwrappedKey, CSSM_KEY *unwrappedKey)
+{
+ BEGIN
+ if (hWrappingKey)
+ {
+ KeyHandle &unwrappingKey =
+ Security::HandleObject::find<KeyHandle>(hWrappingKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ if (hPublicKey)
+ {
+ secdebug("tokend", "unwrapKey with a public key not supported");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ }
+
+ unwrappingKey.unwrapKey(Context::required(context),
+ AccessCredentials::optional(cred),
+ AclEntryPrototype::optional(access), CssmKey::required(wrappedKey),
+ usage, attributes, CssmData::optional(descriptiveData),
+ *hUnwrappedKey, CssmKey::required(unwrappedKey));
+ }
+ else
+ {
+ secdebug("tokend",
+ "unwrapKey without a wrapping key not supported (import)");
+ /* There is no key doing the unwrap so this is basically an import. */
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ }
+ END(CSP)
+}
+
+CSSM_RETURN Token::_deriveKey(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hSourceKey, const CSSM_KEY *sourceKey,
+ const CSSM_ACCESS_CREDENTIALS *cred,
+ const CSSM_ACL_ENTRY_PROTOTYPE *access, CSSM_DATA *parameters,
+ CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attributes,
+ CSSM_HANDLE *hKey, CSSM_KEY *key)
+{
+ BEGIN
+ secdebug("tokend", "deriveKey");
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+ END(CSP)
+}
+
+CSSM_RETURN Token::_getObjectOwner(CSSM_HANDLE hRecord,
+ CSSM_ACL_OWNER_PROTOTYPE *owner)
+{
+ BEGIN
+ secdebug("tokend", "getObjectOwner");
+ RecordHandle &rh = Security::HandleObject::find<RecordHandle>(hRecord,
+ CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
+ rh.getOwner(AclOwnerPrototype::required(owner));
+ END(DL)
+}
+
+CSSM_RETURN Token::_getObjectAcl(CSSM_HANDLE hRecord,
+ const char *tag, uint32 *count, CSSM_ACL_ENTRY_INFO **entries)
+{
+ BEGIN
+ secdebug("tokend", "getObjectAcl");
+ RecordHandle &rh = Security::HandleObject::find<RecordHandle>(hRecord,
+ CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
+ rh.getAcl(tag, Required(count), AclEntryInfo::overlayVar(*entries));
+ END(DL)
+}
+
+CSSM_RETURN Token::_getDatabaseOwner(CSSM_ACL_OWNER_PROTOTYPE *owner)
+{
+ BEGIN
+ token->getOwner(AclOwnerPrototype::required(owner));
+ END(DL)
+}
+
+CSSM_RETURN Token::_getDatabaseAcl(const char *tag, uint32 *count,
+ CSSM_ACL_ENTRY_INFO **entries)
+{
+ BEGIN
+ token->getAcl(tag, *count, AclEntryInfo::overlayVar(*entries));
+ END(DL)
+}
+
+CSSM_RETURN Token::_getKeyOwner(CSSM_HANDLE hKey,
+ CSSM_ACL_OWNER_PROTOTYPE *owner)
+{
+ BEGIN
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.getOwner(AclOwnerPrototype::required(owner));
+ END(CSP)
+}
+
+CSSM_RETURN Token::_getKeyAcl(CSSM_HANDLE hKey,
+ const char *tag, uint32 *count, CSSM_ACL_ENTRY_INFO **entries)
+{
+ BEGIN
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.getAcl(tag, Required(count), AclEntryInfo::overlayVar(*entries));
+ END(CSP)
+}
+
+CSSM_RETURN Token::_freeOwnerData(CSSM_ACL_OWNER_PROTOTYPE *owner)
+{
+ BEGIN
+ // @@@ Do something here based on how we return data above.
+ END(CSP)
+}
+
+CSSM_RETURN Token::_freeAclData(uint32 count, CSSM_ACL_ENTRY_INFO *entries)
+{
+ BEGIN
+#if 0
+ AutoAclEntryInfoList aclList(&Allocator::standard());
+ // Invoke braindead overloaded operators since there are no setters on
+ // AutoAclEntryInfoList
+ *static_cast<uint32 *>(aclList) = count;
+ *static_cast<CSSM_ACL_ENTRY_INFO_PTR *>(aclList) = entries;
+#endif
+ END(CSP)
+}
+
+CSSM_RETURN Token::_authenticateDatabase(CSSM_DB_ACCESS_TYPE mode,
+ const CSSM_ACCESS_CREDENTIALS *cred)
+{
+ BEGIN
+ secdebug("tokend", "authenticateDatabase");
+ token->authenticate(mode, AccessCredentials::overlay(cred));
+ END(DL)
+}
+
+CSSM_RETURN Token::_changeDatabaseOwner(const CSSM_ACL_OWNER_PROTOTYPE *owner)
+{
+ BEGIN
+ secdebug("tokend", "changeDatabaseOwner");
+ token->changeOwner(AclOwnerPrototype::required(owner));
+ END(DL)
+}
+
+CSSM_RETURN Token::_changeDatabaseAcl(const CSSM_ACCESS_CREDENTIALS *cred,
+ const CSSM_ACL_EDIT *edit)
+{
+ BEGIN
+ secdebug("tokend", "changeDatabaseAcl");
+ token->changeAcl(AccessCredentials::required(cred),
+ AclEdit::required(edit));
+ END(DL)
+}
+
+CSSM_RETURN Token::_changeObjectOwner(CSSM_HANDLE hRecord,
+ const CSSM_ACL_OWNER_PROTOTYPE *owner)
+{
+ BEGIN
+ secdebug("tokend", "changeObjectOwner");
+ RecordHandle &rh = Security::HandleObject::find<RecordHandle>(hRecord,
+ CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
+ rh.changeOwner(AclOwnerPrototype::required(owner));
+ END(DL)
+}
+
+CSSM_RETURN Token::_changeObjectAcl(CSSM_HANDLE hRecord,
+ const CSSM_ACCESS_CREDENTIALS *cred, const CSSM_ACL_EDIT *edit)
+{
+ BEGIN
+ secdebug("tokend", "changeObjectAcl");
+ RecordHandle &rh = Security::HandleObject::find<RecordHandle>(hRecord,
+ CSSMERR_CSSM_INVALID_ADDIN_HANDLE);
+ rh.changeAcl(AccessCredentials::required(cred), AclEdit::required(edit));
+ END(DL)
+}
+
+CSSM_RETURN Token::_changeKeyOwner(CSSM_HANDLE hKey,
+ const CSSM_ACL_OWNER_PROTOTYPE *owner)
+{
+ BEGIN
+ secdebug("tokend", "changeKeyOwner");
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.changeOwner(AclOwnerPrototype::required(owner));
+ END(CSP)
+}
+
+CSSM_RETURN Token::_changeKeyAcl(CSSM_HANDLE hKey,
+ const CSSM_ACCESS_CREDENTIALS *cred, const CSSM_ACL_EDIT *edit)
+{
+ BEGIN
+ secdebug("tokend", "changeKeyAcl");
+ KeyHandle &key = Security::HandleObject::find<KeyHandle>(hKey,
+ CSSMERR_CSP_INVALID_KEY_REFERENCE);
+ key.changeAcl(AccessCredentials::required(cred), AclEdit::required(edit));
+ END(CSP)
+}
+
+CSSM_RETURN Token::_generateRandom(const CSSM_CONTEXT *context,
+ CSSM_DATA *result)
+{
+ BEGIN
+ secdebug("tokend", "generateRandom");
+ token->generateRandom(Context::required(context),
+ CssmData::required(result));
+ END(CSP)
+}
+
+CSSM_RETURN Token::_getStatistics(CSSM_CSP_OPERATIONAL_STATISTICS *result)
+{
+ BEGIN
+ secdebug("tokend", "getStatistics");
+ token->getStatistics(Required(result));
+ END(CSP)
+}
+
+CSSM_RETURN Token::_getTime(CSSM_ALGORITHMS algorithm, CSSM_DATA *result)
+{
+ BEGIN
+ secdebug("tokend", "getTime");
+ token->getTime(algorithm, CssmData::required(result));
+ END(CSP)
+}
+
+CSSM_RETURN Token::_getCounter(CSSM_DATA *result)
+{
+ BEGIN
+ secdebug("tokend", "getCounter");
+ token->getCounter(CssmData::required(result));
+ END(CSP)
+}
+
+CSSM_RETURN Token::_selfVerify()
+{
+ BEGIN
+ secdebug("tokend", "selfVerify");
+ token->selfVerify();
+ END(CSP)
+}
+
+CSSM_RETURN Token::_cspPassThrough(uint32 id, const CSSM_CONTEXT *context,
+ CSSM_HANDLE hKey, const CSSM_KEY *key, const CSSM_DATA *input,
+ CSSM_DATA *output)
+{
+ BEGIN
+ secdebug("tokend", "cspPassThrough");
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_PASSTHROUGH_ID);
+ END(CSP)
+}
+
+CSSM_RETURN Token::_dlPassThrough(uint32 id, const CSSM_DATA *input,
+ CSSM_DATA *output)
+{
+ BEGIN
+ secdebug("tokend", "dlPassThrough");
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_PASSTHROUGH_ID);
+ END(DL)
+}
+
+CSSM_RETURN Token::_isLocked(uint32 *locked)
+{
+ BEGIN
+ secdebug("tokend", "_isLocked");
+ Required(locked) = token->isLocked();
+ secdebug("tokend", "_isLocked: %d", *locked);
+ END(DL)
+}
+
+//
+// Callback vector into SecTokendMain
+//
+const SecTokendCallbacks Token::mCallbacks = {
+ kSecTokendCallbackVersion,
+ kSecTokendCallbacksDefault,
+ _initial, _probe, _establish, _terminate,
+ _findFirst, _findNext, _findRecordHandle,
+ _insertRecord, _modifyRecord, _deleteRecord,
+ _releaseSearch, _releaseRecord,
+ _freeRetrievedData,
+ _releaseKey, _getKeySize, _getOutputSize,
+ _generateSignature, _verifySignature,
+ _generateMac, _verifyMac,
+ _encrypt, _decrypt,
+ _generateKey, _generateKeyPair,
+ _wrapKey, _unwrapKey, _deriveKey,
+ _getDatabaseOwner, _getDatabaseAcl,
+ _getObjectOwner, _getObjectAcl,
+ _getKeyOwner, _getKeyAcl,
+ _freeOwnerData, _freeAclData,
+ _authenticateDatabase,
+ _changeDatabaseOwner, _changeDatabaseAcl,
+ _changeObjectOwner, _changeObjectAcl,
+ _changeKeyOwner, _changeKeyAcl,
+ _generateRandom, _getStatistics,
+ _getTime, _getCounter,
+ _selfVerify,
+ _cspPassThrough, _dlPassThrough,
+ _isLocked
+};
+
+const SecTokendCallbacks *Token::callbacks()
+{
+ return &mCallbacks;
+}
+
+SecTokendSupport *Token::support()
+{
+ return this;
+}
+
+void Token::initial()
+{
+}
+
+void Token::terminate(uint32 reason, uint32 options)
+{
+}
+
+void Token::establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX])
+{
+ secdebug("establish", "cacheDirectory %s", cacheDirectory);
+ mGuid = *guid;
+ mSubserviceId = subserviceId;
+ mCacheDirectory = cacheDirectory;
+}
+
+
+bool Token::cachedObject(CSSM_DB_RECORDTYPE relationId,
+ const std::string &name, CssmData &object) const
+{
+ try
+ {
+ UnixPlusPlus::AutoFileDesc fd(cachedObjectPath(relationId, name));
+ object.Length = fd.fileSize();
+ object.Data = reinterpret_cast<uint8 *>(malloc(object.Length));
+ object.Length = fd.readAll(object.Data, object.Length);
+ }
+ catch (const UnixError &error)
+ {
+ return false;
+ }
+
+ return true;
+}
+
+void Token::cacheObject(CSSM_DB_RECORDTYPE relationId, const std::string &name,
+ const CssmData &object) const
+{
+ std::string path(cachedObjectPath(relationId, name));
+ try
+ {
+ UnixPlusPlus::AutoFileDesc fd(path, O_WRONLY|O_CREAT|O_TRUNC);
+ fd.writeAll(object.Data, object.Length);
+ }
+ catch (const UnixError &e)
+ {
+ Syslog::error("error writing cache file: %s: %s\n", path.c_str(),
+ strerror(e.unixError()));
+ ::unlink(path.c_str());
+ }
+}
+
+std::string Token::cachedObjectPath(CSSM_DB_RECORDTYPE relationId,
+ const std::string &name) const
+{
+ char buffer[9];
+ sprintf(buffer, "%X", relationId);
+
+ return mCacheDirectory + "/" + buffer + "-" + name;
+}
+
+Cursor *Token::createCursor(const CSSM_QUERY *inQuery)
+{
+ if (!inQuery || inQuery->RecordType == CSSM_DL_DB_RECORD_ANY
+ || inQuery->RecordType == CSSM_DL_DB_RECORD_ALL_KEYS)
+ {
+ return new MultiCursor(inQuery, *mSchema);
+ }
+
+ const Relation &relation = mSchema->findRelation(inQuery->RecordType);
+ return new LinearCursor(inQuery, relation);
+}
+
+//
+// Authenticate to the token
+//
+void Token::authenticate(CSSM_DB_ACCESS_TYPE mode,
+ const AccessCredentials *cred)
+{
+ int pinNum = pinFromAclTag(cred->EntryTag);
+ if (!pinNum || !cred)
+ pinNum = -1; // No PIN in tag.
+
+ if (mode == CSSM_DB_ACCESS_RESET)
+ {
+ // A mode of CSSM_DB_ACCESS_RESET is a request to deauthenticate
+ // the card completely.
+ secdebug("authenticate", "unverifying PIN%d", pinNum);
+ return unverifyPIN(pinNum);
+ }
+ else if (cred && pinNum > 0)
+ { // tag="PINk"; unlock a PIN
+ if (cred->size() != 1) // just one, please
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_SAMPLE_VALUE);
+ const TypedList &sample = (*cred)[0];
+ switch (sample.type())
+ {
+ case CSSM_SAMPLE_TYPE_PASSWORD:
+ case CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD:
+ case CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD:
+ {
+ if (sample.length() != 2) // not recognized, may have non-existing data
+ return;
+ CssmData &pin = sample[1].data();
+ return verifyPIN(pinNum, pin.Data, pin.Length);
+ }
+ default:
+ break;
+ }
+
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+ }
+ else
+ secdebug("authenticate", "ignoring non-PIN authentication request");
+}
+
+void Token::changeOwner(const AclOwnerPrototype &owner)
+{
+ // Default changeOwner on a token always fails.
+ CssmError::throwMe(CSSM_ERRCODE_OBJECT_MANIP_AUTH_DENIED);
+}
+
+void Token::changeAcl(const AccessCredentials &cred, const AclEdit &edit)
+{
+ // We don't allow adding or deleting of acls currently
+ switch (edit.mode())
+ {
+ case CSSM_ACL_EDIT_MODE_DELETE:
+ CssmError::throwMe(CSSM_ERRCODE_ACL_DELETE_FAILED);
+ case CSSM_ACL_EDIT_MODE_REPLACE:
+ break;
+ case CSSM_ACL_EDIT_MODE_ADD:
+ CssmError::throwMe(CSSM_ERRCODE_ACL_ADD_FAILED);
+ default:
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_ACL_EDIT_MODE);
+ }
+
+#if 0
+ // edit.handle() is the offset in mAclEntries of the acl we are replacing
+ uint32 ix = edit.handle();
+ if (ix >= mAclEntries.size())
+ CssmError::throwMe(CSSM_ERRCODE_ACL_REPLACE_FAILED);
+
+ // Now we have the actual AclEntryPrototype being changed
+ const AclEntryPrototype &oldProto = mAclEntries.at(ix).proto();
+#endif
+
+ // Now get the new AclEntryPrototype for this entry.
+ const AclEntryInput *newEntry = edit.newEntry();
+ if (!newEntry)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER);
+ const AclEntryPrototype &newProto = newEntry->proto();
+
+ unsigned int pinNum = pinFromAclTag(newProto.EntryTag);
+ if (!pinNum)
+ CssmError::throwMe(CSSM_ERRCODE_OBJECT_ACL_NOT_SUPPORTED);
+
+ const TypedList &subject = newProto.subject();
+ switch (subject.type())
+ {
+ case CSSM_ACL_SUBJECT_TYPE_PASSWORD:
+ case CSSM_ACL_SUBJECT_TYPE_PROMPTED_PASSWORD:
+ case CSSM_ACL_SUBJECT_TYPE_PROTECTED_PASSWORD:
+ break;
+ default:
+ CssmError::throwMe(CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED);
+ }
+ const CssmData &newPin = subject[1].data();
+
+ if (cred.size() != 1)
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+
+ const TypedList &value = cred[0].value();
+ switch (value.type())
+ {
+ case CSSM_SAMPLE_TYPE_PASSWORD:
+ case CSSM_SAMPLE_TYPE_PROMPTED_PASSWORD:
+ case CSSM_SAMPLE_TYPE_PROTECTED_PASSWORD:
+ break;
+ default:
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+ }
+ const CssmData &oldPin = value[1].data();
+
+ secdebug("tokend", "CHANGE PIN%d from \"%.*s\" to \"%.*s\"",
+ pinNum, static_cast<int>(oldPin.Length), oldPin.Data,
+ static_cast<int>(newPin.Length), newPin.Data);
+
+ changePIN(pinNum, oldPin.Data, oldPin.Length, newPin.Data, newPin.Length);
+}
+
+void Token::generateRandom(const Context &context, CssmData &result)
+{
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Token::getStatistics(CSSM_CSP_OPERATIONAL_STATISTICS &result)
+{
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Token::getTime(CSSM_ALGORITHMS algorithm, CssmData &result)
+{
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Token::getCounter(CssmData &result)
+{
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Token::selfVerify()
+{
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Token::changePIN(int pinNum,
+ const unsigned char *oldPin, size_t oldPinLength,
+ const unsigned char *newPin, size_t newPinLength)
+{
+ // Default changePIN on a token always fails.
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+}
+
+uint32_t Token::pinStatus(int pinNum)
+{
+ CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED);
+}
+
+void Token::verifyPIN(int pinNum,
+ const unsigned char *pin, size_t pinLength)
+{
+ CssmError::throwMe(CSSM_ERRCODE_SAMPLE_VALUE_NOT_SUPPORTED);
+}
+
+void Token::unverifyPIN(int pinNum)
+{
+}
+
+bool Token::isLocked()
+{
+ // Check pin1 by default. Subclasses may override.
+ return pinStatus(1) != 0x9000;
+}
+
+
+//
+// ISO7816Token
+//
+ISO7816Token::ISO7816Token()
+{
+ mPrintName[0]=0;
+}
+
+ISO7816Token::~ISO7816Token()
+{
+}
+
+uint32 ISO7816Token::probe(SecTokendProbeFlags flags,
+ char tokenUid[TOKEND_MAX_UID])
+{
+ const SCARD_READERSTATE &readerState = *(*startupReaderInfo)();
+ connect(mSession, readerState.szReader);
+ return 0;
+}
+
+void ISO7816Token::establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX])
+{
+ secdebug("establish", "cacheDirectory %s, workDirectory: %s, name: %s",
+ cacheDirectory, workDirectory, mPrintName);
+ if (mPrintName[0])
+ ::strlcpy(printName, mPrintName, PATH_MAX);
+ Token::establish(guid, subserviceId, flags, cacheDirectory,
+ workDirectory, mdsDirectory, printName);
+
+ if (!isConnected())
+ {
+ const SCARD_READERSTATE &readerState = *(*startupReaderInfo)();
+ connect(mSession, readerState.szReader);
+ }
+}
+
+uint16_t ISO7816Token::transmitAPDU(uint8_t cla, uint8_t ins, uint8_t p1,
+ uint8_t p2, size_t dataSize, const uint8_t *data,
+ size_t outputLength, std::vector<uint8_t> *output)
+{
+ std::vector<uint8_t> apdu;
+ uint32_t lc = data ? dataSize : 0;
+
+ // Worst case we need this much
+ apdu.reserve(10 + lc);
+
+ apdu.push_back(cla);
+ apdu.push_back(ins);
+ apdu.push_back(p1);
+ apdu.push_back(p2);
+
+ if (lc > 0)
+ {
+ if (lc < 0x100)
+ {
+ // Normal length Lc
+ apdu.push_back(lc);
+ }
+ else if (lc < 0x10000)
+ {
+ // Extended length Lc
+ apdu.push_back(0);
+ apdu.push_back(lc >> 8);
+ apdu.push_back(lc);
+ }
+ else
+ {
+ // Lc too big.
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+ apdu.insert(apdu.end(), data, data + dataSize);
+ }
+
+ if (output && outputLength > 0)
+ {
+ if (outputLength < 0x100)
+ {
+ // Normal length Le
+ apdu.push_back(outputLength);
+ }
+ else if (outputLength < 0x10000)
+ {
+ // Extended length Le
+ apdu.push_back(0);
+ apdu.push_back(outputLength >> 8);
+ apdu.push_back(outputLength);
+ }
+ else
+ {
+ // Le too big
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+
+ // Append the response to what's already in output.
+ size_t oldSize = output->size();
+ // Make enough room for the data we are requesting plus the sw
+ output->resize(oldSize + outputLength + 2);
+ uint8_t *response = &output->at(oldSize);
+ size_t responseLength = outputLength + 2;
+ transmit(&apdu[0], apdu.size(), response, responseLength);
+ if (responseLength < 2)
+ {
+ output->resize(oldSize + responseLength);
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+ }
+
+ uint16_t sw = (response[responseLength - 2] << 8)
+ + response[responseLength - 1];
+ // Remove the sw from the output.
+ output->resize(oldSize + responseLength - 2);
+
+ return sw;
+ }
+ else
+ {
+ uint8_t response[2];
+ size_t responseLength = sizeof(response);
+ transmit(&apdu[0], apdu.size(), response, responseLength);
+ if (responseLength < 2)
+ PCSC::Error::throwMe(SCARD_E_PROTO_MISMATCH);
+
+ return (response[responseLength - 2] << 8)
+ + response[responseLength - 1];
+ }
+}
+
+void ISO7816Token::name(const char *printName)
+{
+ // Set the printName
+ ::strlcpy(mPrintName,printName,min(1+strlen(printName),size_t(PATH_MAX)));
+}
+
+} // end namespace Tokend
+
Added: releases/Apple/OSX-10.6.7/Tokend/Token.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/Token.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/Token.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,285 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * Token.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_TOKEN_H_
+#define _TOKEND_TOKEN_H_
+
+#include <SecurityTokend/SecTokend.h>
+#include <security_utilities/osxcode.h>
+#include <security_cdsa_utilities/context.h>
+#include <security_cdsa_utilities/cssmpods.h>
+#include <security_cdsa_utilities/cssmbridge.h>
+#include <security_cdsa_utilities/cssmdb.h>
+#include <security_cdsa_utilities/cssmaclpod.h>
+#include <security_cdsa_utilities/cssmcred.h>
+#include <security_utilities/debugging.h>
+#include <security_utilities/pcsc++.h>
+#include <string>
+
+#include "TokenContext.h"
+
+namespace Tokend
+{
+
+class Cursor;
+class Schema;
+class TokenContext;
+
+//
+// "The" token
+//
+class Token : public SecTokendSupport
+{
+ NOCOPY(Token)
+public:
+ Token();
+ virtual ~Token();
+
+ bool cachedObject(CSSM_DB_RECORDTYPE relationId, const std::string &name,
+ CssmData &data) const;
+ void cacheObject(CSSM_DB_RECORDTYPE relationId, const std::string &name,
+ const CssmData &object) const;
+
+ virtual const SecTokendCallbacks *callbacks();
+ virtual SecTokendSupport *support();
+
+ virtual void initial();
+ virtual uint32 probe(SecTokendProbeFlags flags,
+ char tokenUid[TOKEND_MAX_UID]) = 0;
+ virtual void establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX]);
+ virtual void terminate(uint32 reason, uint32 options);
+
+ virtual void authenticate(CSSM_DB_ACCESS_TYPE mode,
+ const AccessCredentials *cred);
+ virtual void getOwner(AclOwnerPrototype &owner) = 0;
+ virtual void getAcl(const char *tag, uint32 &count,
+ AclEntryInfo *&acls) = 0;
+
+ virtual Cursor *createCursor(const CSSM_QUERY *inQuery);
+
+ virtual void changeOwner(const AclOwnerPrototype &owner);
+ virtual void changeAcl(const AccessCredentials &cred, const AclEdit &edit);
+
+ virtual void generateRandom(const Context &context, CssmData &result);
+ virtual void getStatistics(CSSM_CSP_OPERATIONAL_STATISTICS &result);
+ virtual void getTime(CSSM_ALGORITHMS algorithm, CssmData &result);
+ virtual void getCounter(CssmData &result);
+ virtual void selfVerify();
+
+ virtual void changePIN(int pinNum,
+ const unsigned char *oldPin, size_t oldPinLength,
+ const unsigned char *newPin, size_t newPinLength);
+ virtual uint32_t pinStatus(int pinNum);
+ virtual void verifyPIN(int pinNum,
+ const unsigned char *pin, size_t pinLength);
+ virtual void unverifyPIN(int pinNum);
+
+ virtual bool isLocked();
+
+ TokenContext *tokenContext() { return mTokenContext; }
+
+protected:
+ std::string cachedObjectPath(CSSM_DB_RECORDTYPE relationId,
+ const std::string &name) const;
+
+ static CSSM_RETURN _initial();
+ static CSSM_RETURN _probe(SecTokendProbeFlags flags, uint32 *score,
+ char tokenUid[TOKEND_MAX_UID]);
+ static CSSM_RETURN _establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX]);
+ static CSSM_RETURN _terminate(uint32 reason, uint32 options);
+
+ static CSSM_RETURN _findFirst(const CSSM_QUERY *query,
+ TOKEND_RETURN_DATA *data, CSSM_HANDLE *hSearch);
+ static CSSM_RETURN _findNext(CSSM_HANDLE hSearch,
+ TOKEND_RETURN_DATA *data);
+ static CSSM_RETURN _findRecordHandle(CSSM_HANDLE hRecord,
+ TOKEND_RETURN_DATA *data);
+ static CSSM_RETURN _insertRecord(CSSM_DB_RECORDTYPE recordType,
+ const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, const CSSM_DATA *data,
+ CSSM_HANDLE *hRecord);
+ static CSSM_RETURN _modifyRecord(CSSM_DB_RECORDTYPE recordType,
+ CSSM_HANDLE *hRecord, const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
+ const CSSM_DATA *data, CSSM_DB_MODIFY_MODE modifyMode);
+ static CSSM_RETURN _deleteRecord(CSSM_HANDLE hRecord);
+ static CSSM_RETURN _releaseSearch(CSSM_HANDLE hSearch);
+ static CSSM_RETURN _releaseRecord(CSSM_HANDLE hRecord);
+
+ static CSSM_RETURN _freeRetrievedData(TOKEND_RETURN_DATA *data);
+
+ static CSSM_RETURN _releaseKey(CSSM_HANDLE hKey);
+ static CSSM_RETURN _getKeySize(CSSM_HANDLE hKey, CSSM_KEY_SIZE *size);
+ static CSSM_RETURN _getOutputSize(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hKey, uint32 inputSize, CSSM_BOOL encrypting,
+ uint32 *outputSize);
+
+ static CSSM_RETURN _generateSignature(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hKey, CSSM_ALGORITHMS signOnly, const CSSM_DATA *input,
+ CSSM_DATA *signature);
+ static CSSM_RETURN _verifySignature(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hKey, CSSM_ALGORITHMS signOnly, const CSSM_DATA *input,
+ const CSSM_DATA *signature);
+ static CSSM_RETURN _generateMac(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hKey, const CSSM_DATA *input, CSSM_DATA *mac);
+ static CSSM_RETURN _verifyMac(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hKey, const CSSM_DATA *input, const CSSM_DATA *mac);
+ static CSSM_RETURN _encrypt(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
+ const CSSM_DATA *clear, CSSM_DATA *cipher);
+ static CSSM_RETURN _decrypt(const CSSM_CONTEXT *context, CSSM_HANDLE hKey,
+ const CSSM_DATA *cipher, CSSM_DATA *clear);
+ static CSSM_RETURN _generateKey(const CSSM_CONTEXT *context,
+ const CSSM_ACCESS_CREDENTIALS *creds,
+ const CSSM_ACL_ENTRY_PROTOTYPE *owner, CSSM_KEYUSE usage,
+ CSSM_KEYATTR_FLAGS attrs, CSSM_HANDLE *hKey, CSSM_KEY *header);
+ static CSSM_RETURN _generateKeyPair(const CSSM_CONTEXT *context,
+ const CSSM_ACCESS_CREDENTIALS *creds,
+ const CSSM_ACL_ENTRY_PROTOTYPE *owner,
+ CSSM_KEYUSE pubUsage, CSSM_KEYATTR_FLAGS pubAttrs,
+ CSSM_KEYUSE privUsage, CSSM_KEYATTR_FLAGS privAttrs,
+ CSSM_HANDLE *hPubKey, CSSM_KEY *pubHeader,
+ CSSM_HANDLE *hPrivKey, CSSM_KEY *privHeader);
+ static CSSM_RETURN _wrapKey(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hWrappingKey, const CSSM_KEY *wrappingKey,
+ const CSSM_ACCESS_CREDENTIALS *cred, CSSM_HANDLE hSubjectKey,
+ const CSSM_KEY *subjectKey, const CSSM_DATA *descriptiveData,
+ CSSM_KEY *wrappedKey);
+ static CSSM_RETURN _unwrapKey(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hWrappingKey, const CSSM_KEY *wrappingKey,
+ const CSSM_ACCESS_CREDENTIALS *cred,
+ const CSSM_ACL_ENTRY_PROTOTYPE *access,
+ CSSM_HANDLE hPublicKey, const CSSM_KEY *publicKey,
+ const CSSM_KEY *wrappedKey, CSSM_KEYUSE usage,
+ CSSM_KEYATTR_FLAGS attributes, CSSM_DATA *descriptiveData,
+ CSSM_HANDLE *hUnwrappedKey, CSSM_KEY *unwrappedKey);
+ static CSSM_RETURN _deriveKey(const CSSM_CONTEXT *context,
+ CSSM_HANDLE hSourceKey, const CSSM_KEY *sourceKey,
+ const CSSM_ACCESS_CREDENTIALS *cred,
+ const CSSM_ACL_ENTRY_PROTOTYPE *access, CSSM_DATA *parameters,
+ CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attributes,
+ CSSM_HANDLE *hKey, CSSM_KEY *hKey);
+
+ static CSSM_RETURN _getObjectOwner(CSSM_HANDLE hKey,
+ CSSM_ACL_OWNER_PROTOTYPE *owner);
+ static CSSM_RETURN _getObjectAcl(CSSM_HANDLE hKey,
+ const char *tag, uint32 *count, CSSM_ACL_ENTRY_INFO **entries);
+ static CSSM_RETURN _getDatabaseOwner(CSSM_ACL_OWNER_PROTOTYPE *owner);
+ static CSSM_RETURN _getDatabaseAcl(const char *tag, uint32 *count,
+ CSSM_ACL_ENTRY_INFO **entries);
+ static CSSM_RETURN _getKeyOwner(CSSM_HANDLE hKey,
+ CSSM_ACL_OWNER_PROTOTYPE *owner);
+ static CSSM_RETURN _getKeyAcl(CSSM_HANDLE hKey, const char *tag,
+ uint32 *count, CSSM_ACL_ENTRY_INFO **entries);
+
+ static CSSM_RETURN _freeOwnerData(CSSM_ACL_OWNER_PROTOTYPE *owner);
+ static CSSM_RETURN _freeAclData(uint32 count,
+ CSSM_ACL_ENTRY_INFO *entries);
+
+ static CSSM_RETURN _authenticateDatabase(CSSM_DB_ACCESS_TYPE mode,
+ const CSSM_ACCESS_CREDENTIALS *cred);
+
+ static CSSM_RETURN _changeDatabaseOwner(const CSSM_ACL_OWNER_PROTOTYPE *
+ owner);
+ static CSSM_RETURN _changeDatabaseAcl(const CSSM_ACCESS_CREDENTIALS *cred,
+ const CSSM_ACL_EDIT *edit);
+ static CSSM_RETURN _changeObjectOwner(CSSM_HANDLE hRecord,
+ const CSSM_ACL_OWNER_PROTOTYPE *owner);
+ static CSSM_RETURN _changeObjectAcl(CSSM_HANDLE hRecord,
+ const CSSM_ACCESS_CREDENTIALS *cred, const CSSM_ACL_EDIT *edit);
+ static CSSM_RETURN _changeKeyOwner(CSSM_HANDLE key,
+ const CSSM_ACL_OWNER_PROTOTYPE *owner);
+ static CSSM_RETURN _changeKeyAcl(CSSM_HANDLE key,
+ const CSSM_ACCESS_CREDENTIALS *cred, const CSSM_ACL_EDIT *edit);
+
+ static CSSM_RETURN _generateRandom(const CSSM_CONTEXT *context,
+ CSSM_DATA *result);
+ static CSSM_RETURN _getStatistics(CSSM_CSP_OPERATIONAL_STATISTICS *result);
+ static CSSM_RETURN _getTime(CSSM_ALGORITHMS algorithm, CSSM_DATA *result);
+ static CSSM_RETURN _getCounter(CSSM_DATA *result);
+ static CSSM_RETURN _selfVerify();
+
+ static CSSM_RETURN _cspPassThrough(uint32 id, const CSSM_CONTEXT *context,
+ CSSM_HANDLE hKey, const CSSM_KEY *key, const CSSM_DATA *input,
+ CSSM_DATA *output);
+ static CSSM_RETURN _dlPassThrough(uint32 id, const CSSM_DATA *input,
+ CSSM_DATA *output);
+
+ static CSSM_RETURN _isLocked(uint32 *locked);
+
+private:
+ static const SecTokendCallbacks mCallbacks;
+
+protected:
+ Schema *mSchema;
+ TokenContext *mTokenContext;
+
+ Guid mGuid;
+ uint32 mSubserviceId;
+ std::string mCacheDirectory;
+};
+
+
+class ISO7816Token : public Token, public TokenContext, public PCSC::Card
+{
+ NOCOPY(ISO7816Token)
+public:
+ ISO7816Token();
+ virtual ~ISO7816Token();
+
+ virtual uint32 probe(SecTokendProbeFlags flags,
+ char tokenUid[TOKEND_MAX_UID]);
+ virtual void establish(const CSSM_GUID *guid, uint32 subserviceId,
+ SecTokendEstablishFlags flags, const char *cacheDirectory,
+ const char *workDirectory, char mdsDirectory[PATH_MAX],
+ char printName[PATH_MAX]);
+
+ uint16_t transmitAPDU(uint8_t cla, uint8_t ins, uint8_t p1, uint8_t p2,
+ size_t dataSize = 0, const uint8_t *data = NULL,
+ size_t outputLength = 0, std::vector<uint8_t> *output = NULL);
+
+protected:
+ PCSC::Session mSession;
+ char mPrintName[PATH_MAX];
+
+ virtual void name(const char *printName);
+};
+
+
+} // end namespace Tokend
+
+//
+// Singleton
+//
+extern Tokend::Token *token;
+
+#endif /* !_TOKEND_TOKEN_H_ */
+
Added: releases/Apple/OSX-10.6.7/Tokend/TokenContext.cpp
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/TokenContext.cpp (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/TokenContext.cpp 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * TokenContext.cpp
+ * TokendMuscle
+ */
+
+#include "TokenContext.h"
+
+namespace Tokend
+{
+
+TokenContext::~TokenContext()
+{
+}
+
+} // end namespace Tokend
+
+
Added: releases/Apple/OSX-10.6.7/Tokend/TokenContext.h
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend/TokenContext.h (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend/TokenContext.h 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+/*
+ * TokenContext.h
+ * TokendMuscle
+ */
+
+#ifndef _TOKEND_TOKENCONTEXT_H_
+#define _TOKEND_TOKENCONTEXT_H_
+
+#include <security_utilities/utilities.h>
+
+namespace Tokend
+{
+
+class TokenContext
+{
+ NOCOPY(TokenContext)
+public:
+ TokenContext() {}
+ virtual ~TokenContext() = 0;
+};
+
+} // end namespace Tokend
+
+#endif /* !_TOKEND_TOKENCONTEXT_H_ */
+
+
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.pbxproj
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.pbxproj (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.pbxproj 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,2030 @@
+// !$*UTF8*$!
+{
+ archiveVersion = 1;
+ classes = {
+ };
+ objectVersion = 42;
+ objects = {
+
+/* Begin PBXAggregateTarget section */
+ 52B2601F0BC5A864007E00F1 /* world */ = {
+ isa = PBXAggregateTarget;
+ buildConfigurationList = 52B260280BC5A864007E00F1 /* Build configuration list for PBXAggregateTarget "world" */;
+ buildPhases = (
+ );
+ dependencies = (
+ 529252170BC6BEED00816597 /* PBXTargetDependency */,
+ 52B260D90BC5A864007E00F1 /* PBXTargetDependency */,
+ 52B260DB0BC5A864007E00F1 /* PBXTargetDependency */,
+ 5203894212B8031D007C4317 /* PBXTargetDependency */,
+ 52B260DD0BC5A864007E00F1 /* PBXTargetDependency */,
+ );
+ name = world;
+ productName = world;
+ };
+/* End PBXAggregateTarget section */
+
+/* Begin PBXBuildFile section */
+ 5203890012B802BF007C4317 /* CACAttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA7490703990100E5719F /* CACAttributeCoder.cpp */; };
+ 5203890112B802BF007C4317 /* CACError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C273A200708CE2C00CCB0FA /* CACError.cpp */; };
+ 5203890212B802BF007C4317 /* CACKeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA74B0703990100E5719F /* CACKeyHandle.cpp */; };
+ 5203890312B802BF007C4317 /* CACRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CBF5C390704CDBF00EEADC2 /* CACRecord.cpp */; };
+ 5203890412B802BF007C4317 /* CACSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA74D0703990100E5719F /* CACSchema.cpp */; };
+ 5203890512B802BF007C4317 /* CACToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA74F0703990100E5719F /* CACToken.cpp */; };
+ 5203890712B802BF007C4317 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBF5CBE0704E76200EEADC2 /* libz.dylib */; };
+ 5203890812B802BF007C4317 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */; };
+ 5203893012B80315007C4317 /* cacng.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203891312B80315007C4317 /* cacng.cpp */; };
+ 5203893112B80315007C4317 /* CACNGApplet.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203891412B80315007C4317 /* CACNGApplet.cpp */; };
+ 5203893212B80315007C4317 /* CACNGAttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203891612B80315007C4317 /* CACNGAttributeCoder.cpp */; };
+ 5203893312B80315007C4317 /* CACNGError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203891812B80315007C4317 /* CACNGError.cpp */; };
+ 5203893412B80315007C4317 /* CACNGKeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203891A12B80315007C4317 /* CACNGKeyHandle.cpp */; };
+ 5203893512B80315007C4317 /* CACNGRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203891C12B80315007C4317 /* CACNGRecord.cpp */; };
+ 5203893612B80315007C4317 /* CACNGSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203891E12B80315007C4317 /* CACNGSchema.cpp */; };
+ 5203893712B80315007C4317 /* CACNGToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203892012B80315007C4317 /* CACNGToken.cpp */; };
+ 5203893812B80315007C4317 /* CompressionTool.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203892212B80315007C4317 /* CompressionTool.cpp */; };
+ 5203893A12B80315007C4317 /* cacng_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 5203892612B80315007C4317 /* cacng_csp_capabilities.mdsinfo */; };
+ 5203893B12B80315007C4317 /* cacng_csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = 5203892712B80315007C4317 /* cacng_csp_capabilities_common.mds */; };
+ 5203893C12B80315007C4317 /* cacng_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 5203892812B80315007C4317 /* cacng_csp_primary.mdsinfo */; };
+ 5203893D12B80315007C4317 /* cacng_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 5203892912B80315007C4317 /* cacng_dl_primary.mdsinfo */; };
+ 5203893E12B80315007C4317 /* cacng_smartcard.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 5203892A12B80315007C4317 /* cacng_smartcard.mdsinfo */; };
+ 5203893F12B80315007C4317 /* Padding.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203892B12B80315007C4317 /* Padding.cpp */; };
+ 5203894012B80315007C4317 /* TLV.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5203892D12B80315007C4317 /* TLV.cpp */; };
+ 52A683110EEF1FB200F71D5B /* BELPICAttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52A6830F0EEF1FB200F71D5B /* BELPICAttributeCoder.cpp */; };
+ 52B260320BC5A864007E00F1 /* Adornment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C1B9B6406DBF99F00014414 /* Adornment.cpp */; };
+ 52B260330BC5A864007E00F1 /* Attribute.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9606DBF81800FA17D9 /* Attribute.cpp */; };
+ 52B260340BC5A864007E00F1 /* AttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A8A06DBF81800FA17D9 /* AttributeCoder.cpp */; };
+ 52B260350BC5A864007E00F1 /* Cursor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9806DBF81800FA17D9 /* Cursor.cpp */; };
+ 52B260360BC5A864007E00F1 /* DbValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9A06DBF81800FA17D9 /* DbValue.cpp */; };
+ 52B260370BC5A864007E00F1 /* KeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C3C166E06F61D6F00FC8AAC /* KeyHandle.cpp */; };
+ 52B260380BC5A864007E00F1 /* MetaAttribute.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9C06DBF81800FA17D9 /* MetaAttribute.cpp */; };
+ 52B260390BC5A864007E00F1 /* MetaRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9E06DBF81800FA17D9 /* MetaRecord.cpp */; };
+ 52B2603A0BC5A864007E00F1 /* Record.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AA006DBF81800FA17D9 /* Record.cpp */; };
+ 52B2603B0BC5A864007E00F1 /* RecordHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C55BAFC06DEABE500E4200A /* RecordHandle.cpp */; };
+ 52B2603C0BC5A864007E00F1 /* Relation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A8E06DBF81800FA17D9 /* Relation.cpp */; };
+ 52B2603D0BC5A864007E00F1 /* SCardError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3947A0731A4DD00761DEE /* SCardError.cpp */; };
+ 52B2603E0BC5A864007E00F1 /* Schema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AA206DBF81800FA17D9 /* Schema.cpp */; };
+ 52B2603F0BC5A864007E00F1 /* SelectionPredicate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AA406DBF81800FA17D9 /* SelectionPredicate.cpp */; };
+ 52B260400BC5A864007E00F1 /* Token.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9006DBF81800FA17D9 /* Token.cpp */; };
+ 52B260410BC5A864007E00F1 /* TokenContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134A9206DBF81800FA17D9 /* TokenContext.cpp */; };
+ 52B2604D0BC5A864007E00F1 /* Adornment.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C1B9B6306DBF99F00014414 /* Adornment.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B2604E0BC5A864007E00F1 /* Attribute.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9706DBF81800FA17D9 /* Attribute.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B2604F0BC5A864007E00F1 /* AttributeCoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A8B06DBF81800FA17D9 /* AttributeCoder.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260500BC5A864007E00F1 /* Cursor.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9906DBF81800FA17D9 /* Cursor.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260510BC5A864007E00F1 /* DbValue.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9B06DBF81800FA17D9 /* DbValue.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260520BC5A864007E00F1 /* KeyHandle.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C3C166D06F61D6F00FC8AAC /* KeyHandle.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260530BC5A864007E00F1 /* MetaAttribute.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9D06DBF81800FA17D9 /* MetaAttribute.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260540BC5A864007E00F1 /* MetaRecord.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9F06DBF81800FA17D9 /* MetaRecord.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260550BC5A864007E00F1 /* Record.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134AA106DBF81800FA17D9 /* Record.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260560BC5A864007E00F1 /* RecordHandle.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C55BAFB06DEABE500E4200A /* RecordHandle.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260570BC5A864007E00F1 /* Relation.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A8F06DBF81800FA17D9 /* Relation.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260580BC5A864007E00F1 /* SCardError.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC394790731A4DD00761DEE /* SCardError.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260590BC5A864007E00F1 /* Schema.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134AA306DBF81800FA17D9 /* Schema.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B2605A0BC5A864007E00F1 /* SelectionPredicate.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134AA506DBF81800FA17D9 /* SelectionPredicate.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B2605B0BC5A864007E00F1 /* Token.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9106DBF81800FA17D9 /* Token.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B2605C0BC5A864007E00F1 /* TokenContext.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C134A9306DBF81800FA17D9 /* TokenContext.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 52B260680BC5A864007E00F1 /* belpic_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1CE8073065EA00AECB7F /* belpic_csp_capabilities.mdsinfo */; };
+ 52B260690BC5A864007E00F1 /* belpic_csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1CE9073065EA00AECB7F /* belpic_csp_capabilities_common.mds */; };
+ 52B2606A0BC5A864007E00F1 /* belpic_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1CEA073065EA00AECB7F /* belpic_csp_primary.mdsinfo */; };
+ 52B2606B0BC5A864007E00F1 /* belpic_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1CEB073065EA00AECB7F /* belpic_dl_primary.mdsinfo */; };
+ 52B2606C0BC5A864007E00F1 /* belpic_smartcard.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1CEC073065EA00AECB7F /* belpic_smartcard.mdsinfo */; };
+ 52B2606E0BC5A864007E00F1 /* belpic.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3A0070B4122006A0C7F /* belpic.cpp */; };
+ 52B2606F0BC5A864007E00F1 /* BELPICError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3A3070B4122006A0C7F /* BELPICError.cpp */; };
+ 52B260700BC5A864007E00F1 /* BELPICKeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3A5070B4122006A0C7F /* BELPICKeyHandle.cpp */; };
+ 52B260710BC5A864007E00F1 /* BELPICRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3A7070B4122006A0C7F /* BELPICRecord.cpp */; };
+ 52B260720BC5A864007E00F1 /* BELPICSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3A9070B4122006A0C7F /* BELPICSchema.cpp */; };
+ 52B260730BC5A864007E00F1 /* BELPICToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C86D3AB070B4122006A0C7F /* BELPICToken.cpp */; };
+ 52B260750BC5A864007E00F1 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */; };
+ 52B260810BC5A864007E00F1 /* cac_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D000730661500AECB7F /* cac_csp_capabilities.mdsinfo */; };
+ 52B260820BC5A864007E00F1 /* cac_csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D010730661500AECB7F /* cac_csp_capabilities_common.mds */; };
+ 52B260830BC5A864007E00F1 /* cac_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D020730661500AECB7F /* cac_csp_primary.mdsinfo */; };
+ 52B260840BC5A864007E00F1 /* cac_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D030730661500AECB7F /* cac_dl_primary.mdsinfo */; };
+ 52B260850BC5A864007E00F1 /* cac_smartcard.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D040730661500AECB7F /* cac_smartcard.mdsinfo */; };
+ 52B260870BC5A864007E00F1 /* cac.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA7510703990100E5719F /* cac.cpp */; };
+ 52B260880BC5A864007E00F1 /* CACAttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA7490703990100E5719F /* CACAttributeCoder.cpp */; };
+ 52B260890BC5A864007E00F1 /* CACError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C273A200708CE2C00CCB0FA /* CACError.cpp */; };
+ 52B2608A0BC5A864007E00F1 /* CACKeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA74B0703990100E5719F /* CACKeyHandle.cpp */; };
+ 52B2608B0BC5A864007E00F1 /* CACRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CBF5C390704CDBF00EEADC2 /* CACRecord.cpp */; };
+ 52B2608C0BC5A864007E00F1 /* CACSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA74D0703990100E5719F /* CACSchema.cpp */; };
+ 52B2608D0BC5A864007E00F1 /* CACToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7BA74F0703990100E5719F /* CACToken.cpp */; };
+ 52B2608F0BC5A864007E00F1 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBF5CBE0704E76200EEADC2 /* libz.dylib */; };
+ 52B260900BC5A864007E00F1 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */; };
+ 52B2609C0BC5A864007E00F1 /* musclecard_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D300730664E00AECB7F /* musclecard_csp_capabilities.mdsinfo */; };
+ 52B2609D0BC5A864007E00F1 /* musclecard_csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D310730664E00AECB7F /* musclecard_csp_capabilities_common.mds */; };
+ 52B2609E0BC5A864007E00F1 /* musclecard_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D320730664E00AECB7F /* musclecard_csp_primary.mdsinfo */; };
+ 52B2609F0BC5A864007E00F1 /* musclecard_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D330730664E00AECB7F /* musclecard_dl_primary.mdsinfo */; };
+ 52B260A00BC5A864007E00F1 /* musclecard_smartcard.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4C5C1D340730664E00AECB7F /* musclecard_smartcard.mdsinfo */; };
+ 52B260A20BC5A864007E00F1 /* KeyRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CE2E6A406DC06AB00E21469 /* KeyRecord.cpp */; };
+ 52B260A30BC5A864007E00F1 /* musclecard.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C3FACAD06DBF84400D18D5F /* musclecard.cpp */; };
+ 52B260A40BC5A864007E00F1 /* MuscleCardAttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C1B9B5C06DBF96E00014414 /* MuscleCardAttributeCoder.cpp */; };
+ 52B260A50BC5A864007E00F1 /* MuscleCardKeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C253C0E06F66A6100B5CED6 /* MuscleCardKeyHandle.cpp */; };
+ 52B260A60BC5A864007E00F1 /* MuscleCardSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C1B9B8906DBFEE200014414 /* MuscleCardSchema.cpp */; };
+ 52B260A70BC5A864007E00F1 /* MuscleCardToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C3FACAE06DBF84400D18D5F /* MuscleCardToken.cpp */; };
+ 52B260A80BC5A864007E00F1 /* TokenRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C63F7A506DC052A00CB6F22 /* TokenRecord.cpp */; };
+ 52B260A90BC5A864007E00F1 /* MscACL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AAB06DBF81800FA17D9 /* MscACL.cpp */; };
+ 52B260AA0BC5A864007E00F1 /* MscError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AA906DBF81800FA17D9 /* MscError.cpp */; };
+ 52B260AB0BC5A864007E00F1 /* MscKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AAF06DBF81800FA17D9 /* MscKey.cpp */; };
+ 52B260AC0BC5A864007E00F1 /* MscObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AB106DBF81800FA17D9 /* MscObject.cpp */; };
+ 52B260AD0BC5A864007E00F1 /* MscPIN.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AB306DBF81800FA17D9 /* MscPIN.cpp */; };
+ 52B260AE0BC5A864007E00F1 /* MscToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AB506DBF81800FA17D9 /* MscToken.cpp */; };
+ 52B260AF0BC5A864007E00F1 /* MscTokenConnection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AB706DBF81800FA17D9 /* MscTokenConnection.cpp */; };
+ 52B260B00BC5A864007E00F1 /* MscWrappers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C134AB906DBF81800FA17D9 /* MscWrappers.cpp */; };
+ 52B260B20BC5A864007E00F1 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */; };
+ 52B260BE0BC5A864007E00F1 /* piv_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 528067810B78E98600D02C3A /* piv_csp_capabilities.mdsinfo */; };
+ 52B260BF0BC5A864007E00F1 /* piv_csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = 528067820B78E98600D02C3A /* piv_csp_capabilities_common.mds */; };
+ 52B260C00BC5A864007E00F1 /* piv_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 528067830B78E98600D02C3A /* piv_csp_primary.mdsinfo */; };
+ 52B260C10BC5A864007E00F1 /* piv_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 528067840B78E98600D02C3A /* piv_dl_primary.mdsinfo */; };
+ 52B260C20BC5A864007E00F1 /* piv_smartcard.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 528067850B78E98600D02C3A /* piv_smartcard.mdsinfo */; };
+ 52B260C40BC5A864007E00F1 /* piv.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 528067860B78E98600D02C3A /* piv.cpp */; };
+ 52B260C50BC5A864007E00F1 /* PIVAttributeCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 528067870B78E98600D02C3A /* PIVAttributeCoder.cpp */; };
+ 52B260C60BC5A864007E00F1 /* PIVError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 528067890B78E98600D02C3A /* PIVError.cpp */; };
+ 52B260C70BC5A864007E00F1 /* PIVKeyHandle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5280678B0B78E98600D02C3A /* PIVKeyHandle.cpp */; };
+ 52B260C80BC5A864007E00F1 /* PIVRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5280678D0B78E98600D02C3A /* PIVRecord.cpp */; };
+ 52B260C90BC5A864007E00F1 /* PIVSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5280678F0B78E98600D02C3A /* PIVSchema.cpp */; };
+ 52B260CA0BC5A864007E00F1 /* PIVToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 528067910B78E98600D02C3A /* PIVToken.cpp */; };
+ 52B260CB0BC5A864007E00F1 /* PIVCCC.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 529D9A7B0B867FA900DBFA4B /* PIVCCC.cpp */; };
+ 52B260CD0BC5A864007E00F1 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBF5CBE0704E76200EEADC2 /* libz.dylib */; };
+ 52B260CE0BC5A864007E00F1 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */; };
+ 52CAA8CB0EBF7E40004C1A9E /* Padding.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52CAA8C70EBF7E40004C1A9E /* Padding.cpp */; };
+ 52CAA8CC0EBF7E40004C1A9E /* TLV.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52CAA8C90EBF7E40004C1A9E /* TLV.cpp */; };
+ C29914660C441EBB009571C2 /* PCSC.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52CA8342067E8175005A1EBA /* PCSC.framework */; };
+ C29914670C441EBB009571C2 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52CA8343067E8175005A1EBA /* Security.framework */; };
+/* End PBXBuildFile section */
+
+/* Begin PBXContainerItemProxy section */
+ 520388F712B802BF007C4317 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 52B2602D0BC5A864007E00F1;
+ remoteInfo = "libtokend (Upgraded)";
+ };
+ 5203894112B8031D007C4317 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 520388F512B802BF007C4317;
+ remoteInfo = CACNG;
+ };
+ 529252160BC6BEED00816597 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 52B2602D0BC5A864007E00F1;
+ remoteInfo = libtokend;
+ };
+ 52B260D80BC5A864007E00F1 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 52B260640BC5A864007E00F1;
+ remoteInfo = "BELPIC (Copied)";
+ };
+ 52B260DA0BC5A864007E00F1 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 52B2607D0BC5A864007E00F1;
+ remoteInfo = "CAC (Copied)";
+ };
+ 52B260DC0BC5A864007E00F1 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 52B260BA0BC5A864007E00F1;
+ remoteInfo = "PIV (Copied)";
+ };
+ 52B260DE0BC5A864007E00F1 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 52B2604B0BC5A864007E00F1;
+ remoteInfo = "tokend (Upgraded)";
+ };
+ 52B260E00BC5A864007E00F1 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 52B2602D0BC5A864007E00F1;
+ remoteInfo = "libtokend (Upgraded)";
+ };
+ 52B260E20BC5A864007E00F1 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 52B2602D0BC5A864007E00F1;
+ remoteInfo = "libtokend (Upgraded)";
+ };
+ 52B260E40BC5A864007E00F1 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 52B2602D0BC5A864007E00F1;
+ remoteInfo = "libtokend (Upgraded)";
+ };
+ 52B260E60BC5A864007E00F1 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 08FB7793FE84155DC02AAC07 /* Project object */;
+ proxyType = 1;
+ remoteGlobalIDString = 52B2602D0BC5A864007E00F1;
+ remoteInfo = "libtokend (Upgraded)";
+ };
+/* End PBXContainerItemProxy section */
+
+/* Begin PBXFileReference section */
+ 4C134A8A06DBF81800FA17D9 /* AttributeCoder.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AttributeCoder.cpp; sourceTree = "<group>"; };
+ 4C134A8B06DBF81800FA17D9 /* AttributeCoder.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AttributeCoder.h; sourceTree = "<group>"; };
+ 4C134A8E06DBF81800FA17D9 /* Relation.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Relation.cpp; sourceTree = "<group>"; };
+ 4C134A8F06DBF81800FA17D9 /* Relation.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Relation.h; sourceTree = "<group>"; };
+ 4C134A9006DBF81800FA17D9 /* Token.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Token.cpp; sourceTree = "<group>"; };
+ 4C134A9106DBF81800FA17D9 /* Token.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Token.h; sourceTree = "<group>"; };
+ 4C134A9206DBF81800FA17D9 /* TokenContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = TokenContext.cpp; sourceTree = "<group>"; };
+ 4C134A9306DBF81800FA17D9 /* TokenContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TokenContext.h; sourceTree = "<group>"; };
+ 4C134A9606DBF81800FA17D9 /* Attribute.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Attribute.cpp; sourceTree = "<group>"; };
+ 4C134A9706DBF81800FA17D9 /* Attribute.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Attribute.h; sourceTree = "<group>"; };
+ 4C134A9806DBF81800FA17D9 /* Cursor.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Cursor.cpp; sourceTree = "<group>"; };
+ 4C134A9906DBF81800FA17D9 /* Cursor.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Cursor.h; sourceTree = "<group>"; };
+ 4C134A9A06DBF81800FA17D9 /* DbValue.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DbValue.cpp; sourceTree = "<group>"; };
+ 4C134A9B06DBF81800FA17D9 /* DbValue.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DbValue.h; sourceTree = "<group>"; };
+ 4C134A9C06DBF81800FA17D9 /* MetaAttribute.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MetaAttribute.cpp; sourceTree = "<group>"; };
+ 4C134A9D06DBF81800FA17D9 /* MetaAttribute.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MetaAttribute.h; sourceTree = "<group>"; };
+ 4C134A9E06DBF81800FA17D9 /* MetaRecord.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MetaRecord.cpp; sourceTree = "<group>"; };
+ 4C134A9F06DBF81800FA17D9 /* MetaRecord.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MetaRecord.h; sourceTree = "<group>"; };
+ 4C134AA006DBF81800FA17D9 /* Record.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Record.cpp; sourceTree = "<group>"; };
+ 4C134AA106DBF81800FA17D9 /* Record.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Record.h; sourceTree = "<group>"; };
+ 4C134AA206DBF81800FA17D9 /* Schema.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Schema.cpp; sourceTree = "<group>"; };
+ 4C134AA306DBF81800FA17D9 /* Schema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Schema.h; sourceTree = "<group>"; };
+ 4C134AA406DBF81800FA17D9 /* SelectionPredicate.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SelectionPredicate.cpp; sourceTree = "<group>"; };
+ 4C134AA506DBF81800FA17D9 /* SelectionPredicate.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SelectionPredicate.h; sourceTree = "<group>"; };
+ 4C134AA906DBF81800FA17D9 /* MscError.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MscError.cpp; sourceTree = "<group>"; };
+ 4C134AAA06DBF81800FA17D9 /* MscError.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MscError.h; sourceTree = "<group>"; };
+ 4C134AAB06DBF81800FA17D9 /* MscACL.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MscACL.cpp; sourceTree = "<group>"; };
+ 4C134AAC06DBF81800FA17D9 /* MscACL.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MscACL.h; sourceTree = "<group>"; };
+ 4C134AAF06DBF81800FA17D9 /* MscKey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MscKey.cpp; sourceTree = "<group>"; };
+ 4C134AB006DBF81800FA17D9 /* MscKey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MscKey.h; sourceTree = "<group>"; };
+ 4C134AB106DBF81800FA17D9 /* MscObject.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MscObject.cpp; sourceTree = "<group>"; };
+ 4C134AB206DBF81800FA17D9 /* MscObject.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MscObject.h; sourceTree = "<group>"; };
+ 4C134AB306DBF81800FA17D9 /* MscPIN.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MscPIN.cpp; sourceTree = "<group>"; };
+ 4C134AB406DBF81800FA17D9 /* MscPIN.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MscPIN.h; sourceTree = "<group>"; };
+ 4C134AB506DBF81800FA17D9 /* MscToken.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MscToken.cpp; sourceTree = "<group>"; };
+ 4C134AB606DBF81800FA17D9 /* MscToken.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MscToken.h; sourceTree = "<group>"; };
+ 4C134AB706DBF81800FA17D9 /* MscTokenConnection.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MscTokenConnection.cpp; sourceTree = "<group>"; };
+ 4C134AB806DBF81800FA17D9 /* MscTokenConnection.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MscTokenConnection.h; sourceTree = "<group>"; };
+ 4C134AB906DBF81800FA17D9 /* MscWrappers.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MscWrappers.cpp; sourceTree = "<group>"; };
+ 4C134ABA06DBF81800FA17D9 /* MscWrappers.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MscWrappers.h; sourceTree = "<group>"; };
+ 4C1B9B5B06DBF96E00014414 /* MuscleCardAttributeCoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MuscleCardAttributeCoder.h; sourceTree = "<group>"; };
+ 4C1B9B5C06DBF96E00014414 /* MuscleCardAttributeCoder.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MuscleCardAttributeCoder.cpp; sourceTree = "<group>"; };
+ 4C1B9B6306DBF99F00014414 /* Adornment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Adornment.h; sourceTree = "<group>"; };
+ 4C1B9B6406DBF99F00014414 /* Adornment.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Adornment.cpp; sourceTree = "<group>"; };
+ 4C1B9B8806DBFEE200014414 /* MuscleCardSchema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MuscleCardSchema.h; sourceTree = "<group>"; };
+ 4C1B9B8906DBFEE200014414 /* MuscleCardSchema.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MuscleCardSchema.cpp; sourceTree = "<group>"; };
+ 4C253C0D06F66A6100B5CED6 /* MuscleCardKeyHandle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MuscleCardKeyHandle.h; sourceTree = "<group>"; };
+ 4C253C0E06F66A6100B5CED6 /* MuscleCardKeyHandle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MuscleCardKeyHandle.cpp; sourceTree = "<group>"; };
+ 4C273A1F0708CE2C00CCB0FA /* CACError.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CACError.h; sourceTree = "<group>"; };
+ 4C273A200708CE2C00CCB0FA /* CACError.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CACError.cpp; sourceTree = "<group>"; };
+ 4C3C166D06F61D6F00FC8AAC /* KeyHandle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KeyHandle.h; sourceTree = "<group>"; };
+ 4C3C166E06F61D6F00FC8AAC /* KeyHandle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = KeyHandle.cpp; sourceTree = "<group>"; };
+ 4C3FACAC06DBF84400D18D5F /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
+ 4C3FACAD06DBF84400D18D5F /* musclecard.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = musclecard.cpp; sourceTree = "<group>"; };
+ 4C3FACAE06DBF84400D18D5F /* MuscleCardToken.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MuscleCardToken.cpp; sourceTree = "<group>"; };
+ 4C3FACAF06DBF84400D18D5F /* MuscleCardToken.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MuscleCardToken.h; sourceTree = "<group>"; };
+ 4C55BAFB06DEABE500E4200A /* RecordHandle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RecordHandle.h; sourceTree = "<group>"; };
+ 4C55BAFC06DEABE500E4200A /* RecordHandle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RecordHandle.cpp; sourceTree = "<group>"; };
+ 4C5C1CE8073065EA00AECB7F /* belpic_csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = belpic_csp_capabilities.mdsinfo; path = BELPIC/mds/belpic_csp_capabilities.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1CE9073065EA00AECB7F /* belpic_csp_capabilities_common.mds */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = belpic_csp_capabilities_common.mds; path = BELPIC/mds/belpic_csp_capabilities_common.mds; sourceTree = SOURCE_ROOT; };
+ 4C5C1CEA073065EA00AECB7F /* belpic_csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = belpic_csp_primary.mdsinfo; path = BELPIC/mds/belpic_csp_primary.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1CEB073065EA00AECB7F /* belpic_dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = belpic_dl_primary.mdsinfo; path = BELPIC/mds/belpic_dl_primary.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1CEC073065EA00AECB7F /* belpic_smartcard.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = belpic_smartcard.mdsinfo; path = BELPIC/mds/belpic_smartcard.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1D000730661500AECB7F /* cac_csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = cac_csp_capabilities.mdsinfo; path = CAC/mds/cac_csp_capabilities.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1D010730661500AECB7F /* cac_csp_capabilities_common.mds */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = cac_csp_capabilities_common.mds; path = CAC/mds/cac_csp_capabilities_common.mds; sourceTree = SOURCE_ROOT; };
+ 4C5C1D020730661500AECB7F /* cac_csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = cac_csp_primary.mdsinfo; path = CAC/mds/cac_csp_primary.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1D030730661500AECB7F /* cac_dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = cac_dl_primary.mdsinfo; path = CAC/mds/cac_dl_primary.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1D040730661500AECB7F /* cac_smartcard.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = cac_smartcard.mdsinfo; path = CAC/mds/cac_smartcard.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1D300730664E00AECB7F /* musclecard_csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = musclecard_csp_capabilities.mdsinfo; path = MuscleCard/mds/musclecard_csp_capabilities.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1D310730664E00AECB7F /* musclecard_csp_capabilities_common.mds */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = musclecard_csp_capabilities_common.mds; path = MuscleCard/mds/musclecard_csp_capabilities_common.mds; sourceTree = SOURCE_ROOT; };
+ 4C5C1D320730664E00AECB7F /* musclecard_csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = musclecard_csp_primary.mdsinfo; path = MuscleCard/mds/musclecard_csp_primary.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1D330730664E00AECB7F /* musclecard_dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = musclecard_dl_primary.mdsinfo; path = MuscleCard/mds/musclecard_dl_primary.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C5C1D340730664E00AECB7F /* musclecard_smartcard.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; name = musclecard_smartcard.mdsinfo; path = MuscleCard/mds/musclecard_smartcard.mdsinfo; sourceTree = SOURCE_ROOT; };
+ 4C63F7A506DC052A00CB6F22 /* TokenRecord.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = TokenRecord.cpp; sourceTree = "<group>"; };
+ 4C63F7A606DC052A00CB6F22 /* TokenRecord.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TokenRecord.h; sourceTree = "<group>"; };
+ 4C7BA7490703990100E5719F /* CACAttributeCoder.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CACAttributeCoder.cpp; sourceTree = "<group>"; };
+ 4C7BA74A0703990100E5719F /* CACAttributeCoder.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CACAttributeCoder.h; sourceTree = "<group>"; };
+ 4C7BA74B0703990100E5719F /* CACKeyHandle.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CACKeyHandle.cpp; sourceTree = "<group>"; };
+ 4C7BA74C0703990100E5719F /* CACKeyHandle.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CACKeyHandle.h; sourceTree = "<group>"; };
+ 4C7BA74D0703990100E5719F /* CACSchema.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CACSchema.cpp; sourceTree = "<group>"; };
+ 4C7BA74E0703990100E5719F /* CACSchema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CACSchema.h; sourceTree = "<group>"; };
+ 4C7BA74F0703990100E5719F /* CACToken.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CACToken.cpp; sourceTree = "<group>"; };
+ 4C7BA7500703990100E5719F /* CACToken.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CACToken.h; sourceTree = "<group>"; };
+ 4C7BA7510703990100E5719F /* cac.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cac.cpp; sourceTree = "<group>"; };
+ 4C7BA7520703990100E5719F /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
+ 4C86D3A0070B4122006A0C7F /* belpic.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = belpic.cpp; sourceTree = "<group>"; };
+ 4C86D3A3070B4122006A0C7F /* BELPICError.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = BELPICError.cpp; sourceTree = "<group>"; };
+ 4C86D3A4070B4122006A0C7F /* BELPICError.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = BELPICError.h; sourceTree = "<group>"; };
+ 4C86D3A5070B4122006A0C7F /* BELPICKeyHandle.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = BELPICKeyHandle.cpp; sourceTree = "<group>"; };
+ 4C86D3A6070B4122006A0C7F /* BELPICKeyHandle.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = BELPICKeyHandle.h; sourceTree = "<group>"; };
+ 4C86D3A7070B4122006A0C7F /* BELPICRecord.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = BELPICRecord.cpp; sourceTree = "<group>"; };
+ 4C86D3A8070B4122006A0C7F /* BELPICRecord.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = BELPICRecord.h; sourceTree = "<group>"; };
+ 4C86D3A9070B4122006A0C7F /* BELPICSchema.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = BELPICSchema.cpp; sourceTree = "<group>"; };
+ 4C86D3AA070B4122006A0C7F /* BELPICSchema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = BELPICSchema.h; sourceTree = "<group>"; };
+ 4C86D3AB070B4122006A0C7F /* BELPICToken.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = BELPICToken.cpp; sourceTree = "<group>"; };
+ 4C86D3AC070B4122006A0C7F /* BELPICToken.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = BELPICToken.h; sourceTree = "<group>"; };
+ 4C86D3AD070B4122006A0C7F /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
+ 4CA858F10654413F0083DED3 /* SecurityTokend.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = SecurityTokend.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+ 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = /System/Library/Frameworks/CoreFoundation.framework; sourceTree = "<absolute>"; };
+ 4CBF5C380704CDBF00EEADC2 /* CACRecord.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CACRecord.h; sourceTree = "<group>"; };
+ 4CBF5C390704CDBF00EEADC2 /* CACRecord.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CACRecord.cpp; sourceTree = "<group>"; };
+ 4CBF5CBE0704E76200EEADC2 /* libz.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libz.dylib; path = /usr/lib/libz.1.dylib; sourceTree = "<absolute>"; };
+ 4CC394790731A4DD00761DEE /* SCardError.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SCardError.h; sourceTree = "<group>"; };
+ 4CC3947A0731A4DD00761DEE /* SCardError.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SCardError.cpp; sourceTree = "<group>"; };
+ 4CE2E6A406DC06AB00E21469 /* KeyRecord.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = KeyRecord.cpp; sourceTree = "<group>"; };
+ 4CE2E6A506DC06AB00E21469 /* KeyRecord.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KeyRecord.h; sourceTree = "<group>"; };
+ 5203890C12B802BF007C4317 /* CACNG.tokend */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = CACNG.tokend; sourceTree = BUILT_PRODUCTS_DIR; };
+ 5203891212B80315007C4317 /* byte_string.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = byte_string.h; sourceTree = "<group>"; };
+ 5203891312B80315007C4317 /* cacng.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cacng.cpp; sourceTree = "<group>"; };
+ 5203891412B80315007C4317 /* CACNGApplet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CACNGApplet.cpp; sourceTree = "<group>"; };
+ 5203891512B80315007C4317 /* CACNGApplet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CACNGApplet.h; sourceTree = "<group>"; };
+ 5203891612B80315007C4317 /* CACNGAttributeCoder.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CACNGAttributeCoder.cpp; sourceTree = "<group>"; };
+ 5203891712B80315007C4317 /* CACNGAttributeCoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CACNGAttributeCoder.h; sourceTree = "<group>"; };
+ 5203891812B80315007C4317 /* CACNGError.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CACNGError.cpp; sourceTree = "<group>"; };
+ 5203891912B80315007C4317 /* CACNGError.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CACNGError.h; sourceTree = "<group>"; };
+ 5203891A12B80315007C4317 /* CACNGKeyHandle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CACNGKeyHandle.cpp; sourceTree = "<group>"; };
+ 5203891B12B80315007C4317 /* CACNGKeyHandle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CACNGKeyHandle.h; sourceTree = "<group>"; };
+ 5203891C12B80315007C4317 /* CACNGRecord.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CACNGRecord.cpp; sourceTree = "<group>"; };
+ 5203891D12B80315007C4317 /* CACNGRecord.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CACNGRecord.h; sourceTree = "<group>"; };
+ 5203891E12B80315007C4317 /* CACNGSchema.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CACNGSchema.cpp; sourceTree = "<group>"; };
+ 5203891F12B80315007C4317 /* CACNGSchema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CACNGSchema.h; sourceTree = "<group>"; };
+ 5203892012B80315007C4317 /* CACNGToken.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CACNGToken.cpp; sourceTree = "<group>"; };
+ 5203892112B80315007C4317 /* CACNGToken.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CACNGToken.h; sourceTree = "<group>"; };
+ 5203892212B80315007C4317 /* CompressionTool.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CompressionTool.cpp; sourceTree = "<group>"; };
+ 5203892312B80315007C4317 /* CompressionTool.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CompressionTool.h; sourceTree = "<group>"; };
+ 5203892412B80315007C4317 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
+ 5203892612B80315007C4317 /* cacng_csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; path = cacng_csp_capabilities.mdsinfo; sourceTree = "<group>"; };
+ 5203892712B80315007C4317 /* cacng_csp_capabilities_common.mds */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; path = cacng_csp_capabilities_common.mds; sourceTree = "<group>"; };
+ 5203892812B80315007C4317 /* cacng_csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; path = cacng_csp_primary.mdsinfo; sourceTree = "<group>"; };
+ 5203892912B80315007C4317 /* cacng_dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; path = cacng_dl_primary.mdsinfo; sourceTree = "<group>"; };
+ 5203892A12B80315007C4317 /* cacng_smartcard.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; path = cacng_smartcard.mdsinfo; sourceTree = "<group>"; };
+ 5203892B12B80315007C4317 /* Padding.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Padding.cpp; sourceTree = "<group>"; };
+ 5203892C12B80315007C4317 /* Padding.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Padding.h; sourceTree = "<group>"; };
+ 5203892D12B80315007C4317 /* TLV.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TLV.cpp; sourceTree = "<group>"; };
+ 5203892E12B80315007C4317 /* TLV.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TLV.h; sourceTree = "<group>"; };
+ 5203892F12B80315007C4317 /* TLVTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TLVTemplates.h; sourceTree = "<group>"; };
+ 523C07E70B7B940D00067DEA /* PIVDefines.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = PIVDefines.h; path = PIV/PIVDefines.h; sourceTree = "<group>"; };
+ 523F79EC06D5AC27004256A0 /* security_cdsa_client.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = security_cdsa_client.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+ 523F79ED06D5AC27004256A0 /* security_cdsa_utilities.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = security_cdsa_utilities.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+ 523F79EE06D5AC27004256A0 /* security_utilities.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = security_utilities.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+ 5280677F0B78E98600D02C3A /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; name = Info.plist; path = PIV/Info.plist; sourceTree = "<group>"; };
+ 528067810B78E98600D02C3A /* piv_csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = piv_csp_capabilities.mdsinfo; sourceTree = "<group>"; };
+ 528067820B78E98600D02C3A /* piv_csp_capabilities_common.mds */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = piv_csp_capabilities_common.mds; sourceTree = "<group>"; };
+ 528067830B78E98600D02C3A /* piv_csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = piv_csp_primary.mdsinfo; sourceTree = "<group>"; };
+ 528067840B78E98600D02C3A /* piv_dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = piv_dl_primary.mdsinfo; sourceTree = "<group>"; };
+ 528067850B78E98600D02C3A /* piv_smartcard.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = piv_smartcard.mdsinfo; sourceTree = "<group>"; };
+ 528067860B78E98600D02C3A /* piv.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = piv.cpp; path = PIV/piv.cpp; sourceTree = "<group>"; };
+ 528067870B78E98600D02C3A /* PIVAttributeCoder.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = PIVAttributeCoder.cpp; path = PIV/PIVAttributeCoder.cpp; sourceTree = "<group>"; };
+ 528067880B78E98600D02C3A /* PIVAttributeCoder.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = PIVAttributeCoder.h; path = PIV/PIVAttributeCoder.h; sourceTree = "<group>"; };
+ 528067890B78E98600D02C3A /* PIVError.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = PIVError.cpp; path = PIV/PIVError.cpp; sourceTree = "<group>"; };
+ 5280678A0B78E98600D02C3A /* PIVError.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = PIVError.h; path = PIV/PIVError.h; sourceTree = "<group>"; };
+ 5280678B0B78E98600D02C3A /* PIVKeyHandle.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = PIVKeyHandle.cpp; path = PIV/PIVKeyHandle.cpp; sourceTree = "<group>"; };
+ 5280678C0B78E98600D02C3A /* PIVKeyHandle.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = PIVKeyHandle.h; path = PIV/PIVKeyHandle.h; sourceTree = "<group>"; };
+ 5280678D0B78E98600D02C3A /* PIVRecord.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = PIVRecord.cpp; path = PIV/PIVRecord.cpp; sourceTree = "<group>"; };
+ 5280678E0B78E98600D02C3A /* PIVRecord.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = PIVRecord.h; path = PIV/PIVRecord.h; sourceTree = "<group>"; };
+ 5280678F0B78E98600D02C3A /* PIVSchema.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = PIVSchema.cpp; path = PIV/PIVSchema.cpp; sourceTree = "<group>"; };
+ 528067900B78E98600D02C3A /* PIVSchema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = PIVSchema.h; path = PIV/PIVSchema.h; sourceTree = "<group>"; };
+ 528067910B78E98600D02C3A /* PIVToken.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = PIVToken.cpp; path = PIV/PIVToken.cpp; sourceTree = "<group>"; };
+ 528067920B78E98600D02C3A /* PIVToken.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = PIVToken.h; path = PIV/PIVToken.h; sourceTree = "<group>"; };
+ 529D9A7B0B867FA900DBFA4B /* PIVCCC.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = PIVCCC.cpp; path = PIV/PIVCCC.cpp; sourceTree = "<group>"; };
+ 529D9A7C0B867FA900DBFA4B /* PIVCCC.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = PIVCCC.h; path = PIV/PIVCCC.h; sourceTree = "<group>"; };
+ 52A6830F0EEF1FB200F71D5B /* BELPICAttributeCoder.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BELPICAttributeCoder.cpp; sourceTree = "<group>"; };
+ 52A683100EEF1FB200F71D5B /* BELPICAttributeCoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BELPICAttributeCoder.h; sourceTree = "<group>"; };
+ 52B2604A0BC5A864007E00F1 /* libtokend.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libtokend.a; sourceTree = BUILT_PRODUCTS_DIR; };
+ 52B260620BC5A864007E00F1 /* Info-tokend__Upgraded_.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "Info-tokend__Upgraded_.plist"; sourceTree = "<group>"; };
+ 52B260630BC5A864007E00F1 /* tokend.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = tokend.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+ 52B2607B0BC5A864007E00F1 /* BELPIC.tokend */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = BELPIC.tokend; sourceTree = BUILT_PRODUCTS_DIR; };
+ 52B260960BC5A864007E00F1 /* CAC.tokend */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = CAC.tokend; sourceTree = BUILT_PRODUCTS_DIR; };
+ 52B260B80BC5A864007E00F1 /* MuscleCard.tokend */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = MuscleCard.tokend; sourceTree = BUILT_PRODUCTS_DIR; };
+ 52B260D40BC5A864007E00F1 /* PIV.tokend */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = PIV.tokend; sourceTree = BUILT_PRODUCTS_DIR; };
+ 52CA8342067E8175005A1EBA /* PCSC.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = PCSC.framework; path = /System/Library/Frameworks/PCSC.framework; sourceTree = "<absolute>"; };
+ 52CA8343067E8175005A1EBA /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = Security.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+ 52CAA8C60EBF7E40004C1A9E /* byte_string.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = byte_string.h; path = PIV/byte_string.h; sourceTree = "<group>"; };
+ 52CAA8C70EBF7E40004C1A9E /* Padding.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = Padding.cpp; path = PIV/Padding.cpp; sourceTree = "<group>"; };
+ 52CAA8C80EBF7E40004C1A9E /* Padding.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Padding.h; path = PIV/Padding.h; sourceTree = "<group>"; };
+ 52CAA8C90EBF7E40004C1A9E /* TLV.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = TLV.cpp; path = PIV/TLV.cpp; sourceTree = "<group>"; };
+ 52CAA8CA0EBF7E40004C1A9E /* TLV.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = TLV.h; path = PIV/TLV.h; sourceTree = "<group>"; };
+ 52DE698106E93B870024EA03 /* PKCS11Object.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PKCS11Object.h; sourceTree = "<group>"; };
+ 52DE698206E93B870024EA03 /* PKCS11Object.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PKCS11Object.cpp; sourceTree = "<group>"; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+ 5203890612B802BF007C4317 /* Frameworks */ = {
+ isa = PBXFrameworksBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 5203890712B802BF007C4317 /* libz.dylib in Frameworks */,
+ 5203890812B802BF007C4317 /* CoreFoundation.framework in Frameworks */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B260740BC5A864007E00F1 /* Frameworks */ = {
+ isa = PBXFrameworksBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B260750BC5A864007E00F1 /* CoreFoundation.framework in Frameworks */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B2608E0BC5A864007E00F1 /* Frameworks */ = {
+ isa = PBXFrameworksBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B2608F0BC5A864007E00F1 /* libz.dylib in Frameworks */,
+ 52B260900BC5A864007E00F1 /* CoreFoundation.framework in Frameworks */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B260B10BC5A864007E00F1 /* Frameworks */ = {
+ isa = PBXFrameworksBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B260B20BC5A864007E00F1 /* CoreFoundation.framework in Frameworks */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B260CC0BC5A864007E00F1 /* Frameworks */ = {
+ isa = PBXFrameworksBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ C29914660C441EBB009571C2 /* PCSC.framework in Frameworks */,
+ C29914670C441EBB009571C2 /* Security.framework in Frameworks */,
+ 52B260CD0BC5A864007E00F1 /* libz.dylib in Frameworks */,
+ 52B260CE0BC5A864007E00F1 /* CoreFoundation.framework in Frameworks */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+ 08FB7794FE84155DC02AAC07 /* TokendMuscle */ = {
+ isa = PBXGroup;
+ children = (
+ 5203891112B80315007C4317 /* CACNG */,
+ 5280675F0B78E86F00D02C3A /* PIV */,
+ 4C86D39F070B4122006A0C7F /* BELPIC */,
+ 4C7BA7460703990100E5719F /* CAC */,
+ 4C3FACA806DBF84400D18D5F /* MuscleCard */,
+ 4C134A8706DBF81800FA17D9 /* Tokend */,
+ 4CA858F0065441220083DED3 /* External Frameworks */,
+ 4C415098073061D6004C9490 /* External Libraries */,
+ 1AB674ADFE9D54B511CA2CBB /* Products */,
+ 52B260620BC5A864007E00F1 /* Info-tokend__Upgraded_.plist */,
+ );
+ name = TokendMuscle;
+ sourceTree = "<group>";
+ };
+ 1AB674ADFE9D54B511CA2CBB /* Products */ = {
+ isa = PBXGroup;
+ children = (
+ 52B2604A0BC5A864007E00F1 /* libtokend.a */,
+ 52B260630BC5A864007E00F1 /* tokend.framework */,
+ 52B2607B0BC5A864007E00F1 /* BELPIC.tokend */,
+ 52B260960BC5A864007E00F1 /* CAC.tokend */,
+ 52B260B80BC5A864007E00F1 /* MuscleCard.tokend */,
+ 52B260D40BC5A864007E00F1 /* PIV.tokend */,
+ 5203890C12B802BF007C4317 /* CACNG.tokend */,
+ );
+ name = Products;
+ sourceTree = "<group>";
+ };
+ 4C134A8706DBF81800FA17D9 /* Tokend */ = {
+ isa = PBXGroup;
+ children = (
+ 4C1B9B6406DBF99F00014414 /* Adornment.cpp */,
+ 4C1B9B6306DBF99F00014414 /* Adornment.h */,
+ 4C134A9606DBF81800FA17D9 /* Attribute.cpp */,
+ 4C134A9706DBF81800FA17D9 /* Attribute.h */,
+ 4C134A8A06DBF81800FA17D9 /* AttributeCoder.cpp */,
+ 4C134A8B06DBF81800FA17D9 /* AttributeCoder.h */,
+ 4C134A9806DBF81800FA17D9 /* Cursor.cpp */,
+ 4C134A9906DBF81800FA17D9 /* Cursor.h */,
+ 4C134A9A06DBF81800FA17D9 /* DbValue.cpp */,
+ 4C134A9B06DBF81800FA17D9 /* DbValue.h */,
+ 4C3C166E06F61D6F00FC8AAC /* KeyHandle.cpp */,
+ 4C3C166D06F61D6F00FC8AAC /* KeyHandle.h */,
+ 4C134A9C06DBF81800FA17D9 /* MetaAttribute.cpp */,
+ 4C134A9D06DBF81800FA17D9 /* MetaAttribute.h */,
+ 4C134A9E06DBF81800FA17D9 /* MetaRecord.cpp */,
+ 4C134A9F06DBF81800FA17D9 /* MetaRecord.h */,
+ 52DE698206E93B870024EA03 /* PKCS11Object.cpp */,
+ 52DE698106E93B870024EA03 /* PKCS11Object.h */,
+ 4C134AA006DBF81800FA17D9 /* Record.cpp */,
+ 4C134AA106DBF81800FA17D9 /* Record.h */,
+ 4C55BAFC06DEABE500E4200A /* RecordHandle.cpp */,
+ 4C55BAFB06DEABE500E4200A /* RecordHandle.h */,
+ 4C134A8E06DBF81800FA17D9 /* Relation.cpp */,
+ 4C134A8F06DBF81800FA17D9 /* Relation.h */,
+ 4CC3947A0731A4DD00761DEE /* SCardError.cpp */,
+ 4CC394790731A4DD00761DEE /* SCardError.h */,
+ 4C134AA206DBF81800FA17D9 /* Schema.cpp */,
+ 4C134AA306DBF81800FA17D9 /* Schema.h */,
+ 4C134AA406DBF81800FA17D9 /* SelectionPredicate.cpp */,
+ 4C134AA506DBF81800FA17D9 /* SelectionPredicate.h */,
+ 4C134A9006DBF81800FA17D9 /* Token.cpp */,
+ 4C134A9106DBF81800FA17D9 /* Token.h */,
+ 4C134A9206DBF81800FA17D9 /* TokenContext.cpp */,
+ 4C134A9306DBF81800FA17D9 /* TokenContext.h */,
+ );
+ path = Tokend;
+ sourceTree = "<group>";
+ };
+ 4C134AA606DBF81800FA17D9 /* Msc */ = {
+ isa = PBXGroup;
+ children = (
+ 4C134AAB06DBF81800FA17D9 /* MscACL.cpp */,
+ 4C134AAC06DBF81800FA17D9 /* MscACL.h */,
+ 4C134AA906DBF81800FA17D9 /* MscError.cpp */,
+ 4C134AAA06DBF81800FA17D9 /* MscError.h */,
+ 4C134AAF06DBF81800FA17D9 /* MscKey.cpp */,
+ 4C134AB006DBF81800FA17D9 /* MscKey.h */,
+ 4C134AB106DBF81800FA17D9 /* MscObject.cpp */,
+ 4C134AB206DBF81800FA17D9 /* MscObject.h */,
+ 4C134AB306DBF81800FA17D9 /* MscPIN.cpp */,
+ 4C134AB406DBF81800FA17D9 /* MscPIN.h */,
+ 4C134AB506DBF81800FA17D9 /* MscToken.cpp */,
+ 4C134AB606DBF81800FA17D9 /* MscToken.h */,
+ 4C134AB706DBF81800FA17D9 /* MscTokenConnection.cpp */,
+ 4C134AB806DBF81800FA17D9 /* MscTokenConnection.h */,
+ 4C134AB906DBF81800FA17D9 /* MscWrappers.cpp */,
+ 4C134ABA06DBF81800FA17D9 /* MscWrappers.h */,
+ );
+ path = Msc;
+ sourceTree = "<group>";
+ };
+ 4C3FACA806DBF84400D18D5F /* MuscleCard */ = {
+ isa = PBXGroup;
+ children = (
+ 4C134AA606DBF81800FA17D9 /* Msc */,
+ 4C5C1D280730664E00AECB7F /* mds */,
+ 4C3FACAC06DBF84400D18D5F /* Info.plist */,
+ 4CE2E6A406DC06AB00E21469 /* KeyRecord.cpp */,
+ 4CE2E6A506DC06AB00E21469 /* KeyRecord.h */,
+ 4C3FACAD06DBF84400D18D5F /* musclecard.cpp */,
+ 4C1B9B5C06DBF96E00014414 /* MuscleCardAttributeCoder.cpp */,
+ 4C1B9B5B06DBF96E00014414 /* MuscleCardAttributeCoder.h */,
+ 4C253C0E06F66A6100B5CED6 /* MuscleCardKeyHandle.cpp */,
+ 4C253C0D06F66A6100B5CED6 /* MuscleCardKeyHandle.h */,
+ 4C1B9B8906DBFEE200014414 /* MuscleCardSchema.cpp */,
+ 4C1B9B8806DBFEE200014414 /* MuscleCardSchema.h */,
+ 4C3FACAE06DBF84400D18D5F /* MuscleCardToken.cpp */,
+ 4C3FACAF06DBF84400D18D5F /* MuscleCardToken.h */,
+ 4C63F7A506DC052A00CB6F22 /* TokenRecord.cpp */,
+ 4C63F7A606DC052A00CB6F22 /* TokenRecord.h */,
+ );
+ path = MuscleCard;
+ sourceTree = "<group>";
+ };
+ 4C415098073061D6004C9490 /* External Libraries */ = {
+ isa = PBXGroup;
+ children = (
+ 4CBF5CBE0704E76200EEADC2 /* libz.dylib */,
+ );
+ name = "External Libraries";
+ sourceTree = "<group>";
+ };
+ 4C5C1CE0073065EA00AECB7F /* mds */ = {
+ isa = PBXGroup;
+ children = (
+ 4C5C1CE8073065EA00AECB7F /* belpic_csp_capabilities.mdsinfo */,
+ 4C5C1CE9073065EA00AECB7F /* belpic_csp_capabilities_common.mds */,
+ 4C5C1CEA073065EA00AECB7F /* belpic_csp_primary.mdsinfo */,
+ 4C5C1CEB073065EA00AECB7F /* belpic_dl_primary.mdsinfo */,
+ 4C5C1CEC073065EA00AECB7F /* belpic_smartcard.mdsinfo */,
+ );
+ name = mds;
+ path = BELPIC/mds;
+ sourceTree = SOURCE_ROOT;
+ };
+ 4C5C1CF80730661500AECB7F /* mds */ = {
+ isa = PBXGroup;
+ children = (
+ 4C5C1D000730661500AECB7F /* cac_csp_capabilities.mdsinfo */,
+ 4C5C1D010730661500AECB7F /* cac_csp_capabilities_common.mds */,
+ 4C5C1D020730661500AECB7F /* cac_csp_primary.mdsinfo */,
+ 4C5C1D030730661500AECB7F /* cac_dl_primary.mdsinfo */,
+ 4C5C1D040730661500AECB7F /* cac_smartcard.mdsinfo */,
+ );
+ name = mds;
+ path = CAC/mds;
+ sourceTree = SOURCE_ROOT;
+ };
+ 4C5C1D280730664E00AECB7F /* mds */ = {
+ isa = PBXGroup;
+ children = (
+ 4C5C1D300730664E00AECB7F /* musclecard_csp_capabilities.mdsinfo */,
+ 4C5C1D310730664E00AECB7F /* musclecard_csp_capabilities_common.mds */,
+ 4C5C1D320730664E00AECB7F /* musclecard_csp_primary.mdsinfo */,
+ 4C5C1D330730664E00AECB7F /* musclecard_dl_primary.mdsinfo */,
+ 4C5C1D340730664E00AECB7F /* musclecard_smartcard.mdsinfo */,
+ );
+ name = mds;
+ path = MuscleCard/mds;
+ sourceTree = SOURCE_ROOT;
+ };
+ 4C7BA7460703990100E5719F /* CAC */ = {
+ isa = PBXGroup;
+ children = (
+ 4C5C1CF80730661500AECB7F /* mds */,
+ 4C7BA7490703990100E5719F /* CACAttributeCoder.cpp */,
+ 4C7BA74A0703990100E5719F /* CACAttributeCoder.h */,
+ 4C273A200708CE2C00CCB0FA /* CACError.cpp */,
+ 4C273A1F0708CE2C00CCB0FA /* CACError.h */,
+ 4C7BA74B0703990100E5719F /* CACKeyHandle.cpp */,
+ 4C7BA74C0703990100E5719F /* CACKeyHandle.h */,
+ 4CBF5C390704CDBF00EEADC2 /* CACRecord.cpp */,
+ 4CBF5C380704CDBF00EEADC2 /* CACRecord.h */,
+ 4C7BA74D0703990100E5719F /* CACSchema.cpp */,
+ 4C7BA74E0703990100E5719F /* CACSchema.h */,
+ 4C7BA74F0703990100E5719F /* CACToken.cpp */,
+ 4C7BA7500703990100E5719F /* CACToken.h */,
+ 4C7BA7510703990100E5719F /* cac.cpp */,
+ 4C7BA7520703990100E5719F /* Info.plist */,
+ );
+ path = CAC;
+ sourceTree = "<group>";
+ };
+ 4C86D39F070B4122006A0C7F /* BELPIC */ = {
+ isa = PBXGroup;
+ children = (
+ 52A6830F0EEF1FB200F71D5B /* BELPICAttributeCoder.cpp */,
+ 52A683100EEF1FB200F71D5B /* BELPICAttributeCoder.h */,
+ 4C5C1CE0073065EA00AECB7F /* mds */,
+ 4C86D3A0070B4122006A0C7F /* belpic.cpp */,
+ 4C86D3A3070B4122006A0C7F /* BELPICError.cpp */,
+ 4C86D3A4070B4122006A0C7F /* BELPICError.h */,
+ 4C86D3A5070B4122006A0C7F /* BELPICKeyHandle.cpp */,
+ 4C86D3A6070B4122006A0C7F /* BELPICKeyHandle.h */,
+ 4C86D3A7070B4122006A0C7F /* BELPICRecord.cpp */,
+ 4C86D3A8070B4122006A0C7F /* BELPICRecord.h */,
+ 4C86D3A9070B4122006A0C7F /* BELPICSchema.cpp */,
+ 4C86D3AA070B4122006A0C7F /* BELPICSchema.h */,
+ 4C86D3AB070B4122006A0C7F /* BELPICToken.cpp */,
+ 4C86D3AC070B4122006A0C7F /* BELPICToken.h */,
+ 4C86D3AD070B4122006A0C7F /* Info.plist */,
+ );
+ path = BELPIC;
+ sourceTree = "<group>";
+ };
+ 4CA858F0065441220083DED3 /* External Frameworks */ = {
+ isa = PBXGroup;
+ children = (
+ 4CA8C4D606D6D19400F1BCC8 /* CoreFoundation.framework */,
+ 523F79EC06D5AC27004256A0 /* security_cdsa_client.framework */,
+ 523F79ED06D5AC27004256A0 /* security_cdsa_utilities.framework */,
+ 523F79EE06D5AC27004256A0 /* security_utilities.framework */,
+ 52CA8342067E8175005A1EBA /* PCSC.framework */,
+ 52CA8343067E8175005A1EBA /* Security.framework */,
+ 4CA858F10654413F0083DED3 /* SecurityTokend.framework */,
+ );
+ name = "External Frameworks";
+ sourceTree = "<group>";
+ };
+ 5203891112B80315007C4317 /* CACNG */ = {
+ isa = PBXGroup;
+ children = (
+ 5203891212B80315007C4317 /* byte_string.h */,
+ 5203891312B80315007C4317 /* cacng.cpp */,
+ 5203891412B80315007C4317 /* CACNGApplet.cpp */,
+ 5203891512B80315007C4317 /* CACNGApplet.h */,
+ 5203891612B80315007C4317 /* CACNGAttributeCoder.cpp */,
+ 5203891712B80315007C4317 /* CACNGAttributeCoder.h */,
+ 5203891812B80315007C4317 /* CACNGError.cpp */,
+ 5203891912B80315007C4317 /* CACNGError.h */,
+ 5203891A12B80315007C4317 /* CACNGKeyHandle.cpp */,
+ 5203891B12B80315007C4317 /* CACNGKeyHandle.h */,
+ 5203891C12B80315007C4317 /* CACNGRecord.cpp */,
+ 5203891D12B80315007C4317 /* CACNGRecord.h */,
+ 5203891E12B80315007C4317 /* CACNGSchema.cpp */,
+ 5203891F12B80315007C4317 /* CACNGSchema.h */,
+ 5203892012B80315007C4317 /* CACNGToken.cpp */,
+ 5203892112B80315007C4317 /* CACNGToken.h */,
+ 5203892212B80315007C4317 /* CompressionTool.cpp */,
+ 5203892312B80315007C4317 /* CompressionTool.h */,
+ 5203892412B80315007C4317 /* Info.plist */,
+ 5203892512B80315007C4317 /* mds */,
+ 5203892B12B80315007C4317 /* Padding.cpp */,
+ 5203892C12B80315007C4317 /* Padding.h */,
+ 5203892D12B80315007C4317 /* TLV.cpp */,
+ 5203892E12B80315007C4317 /* TLV.h */,
+ 5203892F12B80315007C4317 /* TLVTemplates.h */,
+ );
+ path = CACNG;
+ sourceTree = "<group>";
+ };
+ 5203892512B80315007C4317 /* mds */ = {
+ isa = PBXGroup;
+ children = (
+ 5203892612B80315007C4317 /* cacng_csp_capabilities.mdsinfo */,
+ 5203892712B80315007C4317 /* cacng_csp_capabilities_common.mds */,
+ 5203892812B80315007C4317 /* cacng_csp_primary.mdsinfo */,
+ 5203892912B80315007C4317 /* cacng_dl_primary.mdsinfo */,
+ 5203892A12B80315007C4317 /* cacng_smartcard.mdsinfo */,
+ );
+ path = mds;
+ sourceTree = "<group>";
+ };
+ 5280675F0B78E86F00D02C3A /* PIV */ = {
+ isa = PBXGroup;
+ children = (
+ 52CAA8C60EBF7E40004C1A9E /* byte_string.h */,
+ 52CAA8C70EBF7E40004C1A9E /* Padding.cpp */,
+ 52CAA8C80EBF7E40004C1A9E /* Padding.h */,
+ 52CAA8C90EBF7E40004C1A9E /* TLV.cpp */,
+ 52CAA8CA0EBF7E40004C1A9E /* TLV.h */,
+ 528067800B78E98600D02C3A /* mds */,
+ 529D9A7B0B867FA900DBFA4B /* PIVCCC.cpp */,
+ 529D9A7C0B867FA900DBFA4B /* PIVCCC.h */,
+ 523C07E70B7B940D00067DEA /* PIVDefines.h */,
+ 5280677F0B78E98600D02C3A /* Info.plist */,
+ 528067860B78E98600D02C3A /* piv.cpp */,
+ 528067870B78E98600D02C3A /* PIVAttributeCoder.cpp */,
+ 528067880B78E98600D02C3A /* PIVAttributeCoder.h */,
+ 528067890B78E98600D02C3A /* PIVError.cpp */,
+ 5280678A0B78E98600D02C3A /* PIVError.h */,
+ 5280678B0B78E98600D02C3A /* PIVKeyHandle.cpp */,
+ 5280678C0B78E98600D02C3A /* PIVKeyHandle.h */,
+ 5280678D0B78E98600D02C3A /* PIVRecord.cpp */,
+ 5280678E0B78E98600D02C3A /* PIVRecord.h */,
+ 5280678F0B78E98600D02C3A /* PIVSchema.cpp */,
+ 528067900B78E98600D02C3A /* PIVSchema.h */,
+ 528067910B78E98600D02C3A /* PIVToken.cpp */,
+ 528067920B78E98600D02C3A /* PIVToken.h */,
+ );
+ name = PIV;
+ sourceTree = "<group>";
+ };
+ 528067800B78E98600D02C3A /* mds */ = {
+ isa = PBXGroup;
+ children = (
+ 528067810B78E98600D02C3A /* piv_csp_capabilities.mdsinfo */,
+ 528067820B78E98600D02C3A /* piv_csp_capabilities_common.mds */,
+ 528067830B78E98600D02C3A /* piv_csp_primary.mdsinfo */,
+ 528067840B78E98600D02C3A /* piv_dl_primary.mdsinfo */,
+ 528067850B78E98600D02C3A /* piv_smartcard.mdsinfo */,
+ );
+ name = mds;
+ path = PIV/mds;
+ sourceTree = "<group>";
+ };
+/* End PBXGroup section */
+
+/* Begin PBXHeadersBuildPhase section */
+ 52B2604C0BC5A864007E00F1 /* Headers */ = {
+ isa = PBXHeadersBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B2604D0BC5A864007E00F1 /* Adornment.h in Headers */,
+ 52B2604E0BC5A864007E00F1 /* Attribute.h in Headers */,
+ 52B2604F0BC5A864007E00F1 /* AttributeCoder.h in Headers */,
+ 52B260500BC5A864007E00F1 /* Cursor.h in Headers */,
+ 52B260510BC5A864007E00F1 /* DbValue.h in Headers */,
+ 52B260520BC5A864007E00F1 /* KeyHandle.h in Headers */,
+ 52B260530BC5A864007E00F1 /* MetaAttribute.h in Headers */,
+ 52B260540BC5A864007E00F1 /* MetaRecord.h in Headers */,
+ 52B260550BC5A864007E00F1 /* Record.h in Headers */,
+ 52B260560BC5A864007E00F1 /* RecordHandle.h in Headers */,
+ 52B260570BC5A864007E00F1 /* Relation.h in Headers */,
+ 52B260580BC5A864007E00F1 /* SCardError.h in Headers */,
+ 52B260590BC5A864007E00F1 /* Schema.h in Headers */,
+ 52B2605A0BC5A864007E00F1 /* SelectionPredicate.h in Headers */,
+ 52B2605B0BC5A864007E00F1 /* Token.h in Headers */,
+ 52B2605C0BC5A864007E00F1 /* TokenContext.h in Headers */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+/* End PBXHeadersBuildPhase section */
+
+/* Begin PBXNativeTarget section */
+ 520388F512B802BF007C4317 /* CACNG */ = {
+ isa = PBXNativeTarget;
+ buildConfigurationList = 5203890912B802BF007C4317 /* Build configuration list for PBXNativeTarget "CACNG" */;
+ buildPhases = (
+ 520388F812B802BF007C4317 /* Resources */,
+ 520388FE12B802BF007C4317 /* Sources */,
+ 5203890612B802BF007C4317 /* Frameworks */,
+ );
+ buildRules = (
+ );
+ dependencies = (
+ 520388F612B802BF007C4317 /* PBXTargetDependency */,
+ );
+ name = CACNG;
+ productName = "Common Access Card";
+ productReference = 5203890C12B802BF007C4317 /* CACNG.tokend */;
+ productType = "com.apple.product-type.application";
+ };
+ 52B2602D0BC5A864007E00F1 /* libtokend */ = {
+ isa = PBXNativeTarget;
+ buildConfigurationList = 52B260450BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "libtokend" */;
+ buildPhases = (
+ 52B260310BC5A864007E00F1 /* Sources */,
+ 52B260430BC5A864007E00F1 /* ShellScript */,
+ 52B260440BC5A864007E00F1 /* ShellScript */,
+ );
+ buildRules = (
+ );
+ dependencies = (
+ 52B260DF0BC5A864007E00F1 /* PBXTargetDependency */,
+ );
+ name = libtokend;
+ productName = libtokend;
+ productReference = 52B2604A0BC5A864007E00F1 /* libtokend.a */;
+ productType = "com.apple.product-type.library.static";
+ };
+ 52B2604B0BC5A864007E00F1 /* tokend */ = {
+ isa = PBXNativeTarget;
+ buildConfigurationList = 52B2605D0BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "tokend" */;
+ buildPhases = (
+ 52B2604C0BC5A864007E00F1 /* Headers */,
+ );
+ buildRules = (
+ );
+ dependencies = (
+ );
+ name = tokend;
+ productName = tokend;
+ productReference = 52B260630BC5A864007E00F1 /* tokend.framework */;
+ productType = "com.apple.product-type.framework";
+ };
+ 52B260640BC5A864007E00F1 /* BELPIC */ = {
+ isa = PBXNativeTarget;
+ buildConfigurationList = 52B260760BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "BELPIC" */;
+ buildPhases = (
+ 52B260670BC5A864007E00F1 /* Resources */,
+ 52B2606D0BC5A864007E00F1 /* Sources */,
+ 52B260740BC5A864007E00F1 /* Frameworks */,
+ );
+ buildRules = (
+ );
+ dependencies = (
+ 52B260E10BC5A864007E00F1 /* PBXTargetDependency */,
+ );
+ name = BELPIC;
+ productName = "Common Access Card";
+ productReference = 52B2607B0BC5A864007E00F1 /* BELPIC.tokend */;
+ productType = "com.apple.product-type.application";
+ };
+ 52B2607D0BC5A864007E00F1 /* CAC */ = {
+ isa = PBXNativeTarget;
+ buildConfigurationList = 52B260910BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "CAC" */;
+ buildPhases = (
+ 52B260800BC5A864007E00F1 /* Resources */,
+ 52B260860BC5A864007E00F1 /* Sources */,
+ 52B2608E0BC5A864007E00F1 /* Frameworks */,
+ );
+ buildRules = (
+ );
+ dependencies = (
+ 52B260E30BC5A864007E00F1 /* PBXTargetDependency */,
+ );
+ name = CAC;
+ productName = "Common Access Card";
+ productReference = 52B260960BC5A864007E00F1 /* CAC.tokend */;
+ productType = "com.apple.product-type.application";
+ };
+ 52B260980BC5A864007E00F1 /* MuscleCard */ = {
+ isa = PBXNativeTarget;
+ buildConfigurationList = 52B260B30BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "MuscleCard" */;
+ buildPhases = (
+ 52B2609B0BC5A864007E00F1 /* Resources */,
+ 52B260A10BC5A864007E00F1 /* Sources */,
+ 52B260B10BC5A864007E00F1 /* Frameworks */,
+ );
+ buildRules = (
+ );
+ dependencies = (
+ 52B260E50BC5A864007E00F1 /* PBXTargetDependency */,
+ );
+ name = MuscleCard;
+ productName = MuscleCard;
+ productReference = 52B260B80BC5A864007E00F1 /* MuscleCard.tokend */;
+ productType = "com.apple.product-type.application";
+ };
+ 52B260BA0BC5A864007E00F1 /* PIV */ = {
+ isa = PBXNativeTarget;
+ buildConfigurationList = 52B260CF0BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "PIV" */;
+ buildPhases = (
+ 52B260BD0BC5A864007E00F1 /* Resources */,
+ 52B260C30BC5A864007E00F1 /* Sources */,
+ 52B260CC0BC5A864007E00F1 /* Frameworks */,
+ );
+ buildRules = (
+ );
+ dependencies = (
+ 52B260E70BC5A864007E00F1 /* PBXTargetDependency */,
+ );
+ name = PIV;
+ productName = "Common Access Card";
+ productReference = 52B260D40BC5A864007E00F1 /* PIV.tokend */;
+ productType = "com.apple.product-type.application";
+ };
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+ 08FB7793FE84155DC02AAC07 /* Project object */ = {
+ isa = PBXProject;
+ buildConfigurationList = C27AD2220987FCDC001272E0 /* Build configuration list for PBXProject "Tokend" */;
+ compatibilityVersion = "Xcode 2.4";
+ hasScannedForEncodings = 1;
+ mainGroup = 08FB7794FE84155DC02AAC07 /* TokendMuscle */;
+ projectDirPath = "";
+ projectRoot = "";
+ targets = (
+ 52B2601F0BC5A864007E00F1 /* world */,
+ 52B2602D0BC5A864007E00F1 /* libtokend */,
+ 52B2604B0BC5A864007E00F1 /* tokend */,
+ 52B260640BC5A864007E00F1 /* BELPIC */,
+ 52B2607D0BC5A864007E00F1 /* CAC */,
+ 52B260980BC5A864007E00F1 /* MuscleCard */,
+ 52B260BA0BC5A864007E00F1 /* PIV */,
+ 520388F512B802BF007C4317 /* CACNG */,
+ );
+ };
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+ 520388F812B802BF007C4317 /* Resources */ = {
+ isa = PBXResourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 5203893A12B80315007C4317 /* cacng_csp_capabilities.mdsinfo in Resources */,
+ 5203893B12B80315007C4317 /* cacng_csp_capabilities_common.mds in Resources */,
+ 5203893C12B80315007C4317 /* cacng_csp_primary.mdsinfo in Resources */,
+ 5203893D12B80315007C4317 /* cacng_dl_primary.mdsinfo in Resources */,
+ 5203893E12B80315007C4317 /* cacng_smartcard.mdsinfo in Resources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B260670BC5A864007E00F1 /* Resources */ = {
+ isa = PBXResourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B260680BC5A864007E00F1 /* belpic_csp_capabilities.mdsinfo in Resources */,
+ 52B260690BC5A864007E00F1 /* belpic_csp_capabilities_common.mds in Resources */,
+ 52B2606A0BC5A864007E00F1 /* belpic_csp_primary.mdsinfo in Resources */,
+ 52B2606B0BC5A864007E00F1 /* belpic_dl_primary.mdsinfo in Resources */,
+ 52B2606C0BC5A864007E00F1 /* belpic_smartcard.mdsinfo in Resources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B260800BC5A864007E00F1 /* Resources */ = {
+ isa = PBXResourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B260810BC5A864007E00F1 /* cac_csp_capabilities.mdsinfo in Resources */,
+ 52B260820BC5A864007E00F1 /* cac_csp_capabilities_common.mds in Resources */,
+ 52B260830BC5A864007E00F1 /* cac_csp_primary.mdsinfo in Resources */,
+ 52B260840BC5A864007E00F1 /* cac_dl_primary.mdsinfo in Resources */,
+ 52B260850BC5A864007E00F1 /* cac_smartcard.mdsinfo in Resources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B2609B0BC5A864007E00F1 /* Resources */ = {
+ isa = PBXResourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B2609C0BC5A864007E00F1 /* musclecard_csp_capabilities.mdsinfo in Resources */,
+ 52B2609D0BC5A864007E00F1 /* musclecard_csp_capabilities_common.mds in Resources */,
+ 52B2609E0BC5A864007E00F1 /* musclecard_csp_primary.mdsinfo in Resources */,
+ 52B2609F0BC5A864007E00F1 /* musclecard_dl_primary.mdsinfo in Resources */,
+ 52B260A00BC5A864007E00F1 /* musclecard_smartcard.mdsinfo in Resources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B260BD0BC5A864007E00F1 /* Resources */ = {
+ isa = PBXResourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B260BE0BC5A864007E00F1 /* piv_csp_capabilities.mdsinfo in Resources */,
+ 52B260BF0BC5A864007E00F1 /* piv_csp_capabilities_common.mds in Resources */,
+ 52B260C00BC5A864007E00F1 /* piv_csp_primary.mdsinfo in Resources */,
+ 52B260C10BC5A864007E00F1 /* piv_dl_primary.mdsinfo in Resources */,
+ 52B260C20BC5A864007E00F1 /* piv_smartcard.mdsinfo in Resources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXShellScriptBuildPhase section */
+ 52B260430BC5A864007E00F1 /* ShellScript */ = {
+ isa = PBXShellScriptBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ );
+ inputPaths = (
+ );
+ outputPaths = (
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ shellPath = /bin/sh;
+ shellScript = "for variant in ${BUILD_VARIANTS}\ndo\n\tpostfix=`echo _${variant} | sed 's/_normal//'`\n\tfrmwk=\"${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.framework\"\n\tversa=\"${frmwk}/Versions/A\"\n\tcp \"${BUILT_PRODUCTS_DIR}/lib${PRODUCT_NAME}${postfix}.a\" \"${versa}/${PRODUCT_NAME}${postfix}\"\n\tln -fs \"${versa}/${PRODUCT_NAME}${postfix}\" ${frmwk}/${PRODUCT_NAME}${postfix}\n\tnmedit -p \"${versa}/${PRODUCT_NAME}${postfix}\"\n\tranlib \"${versa}/${PRODUCT_NAME}${postfix}\"\ndone";
+ showEnvVarsInLog = 0;
+ };
+ 52B260440BC5A864007E00F1 /* ShellScript */ = {
+ isa = PBXShellScriptBuildPhase;
+ buildActionMask = 8;
+ files = (
+ );
+ inputPaths = (
+ );
+ outputPaths = (
+ );
+ runOnlyForDeploymentPostprocessing = 1;
+ shellPath = /bin/sh;
+ shellScript = "for variant in ${BUILD_VARIANTS}\ndo\n\tpostfix=`echo _${variant} | sed 's/_normal//'`\n\tcp -p \"${SYMROOT}/${PRODUCT_NAME}${postfix}\" \"${DSTROOT}/usr/local/SecurityPieces/Frameworks/${PRODUCT_NAME}.framework/Versions/A\"\n\tranlib \"${DSTROOT}/usr/local/SecurityPieces/Frameworks/${PRODUCT_NAME}.framework/Versions/A/${PRODUCT_NAME}${postfix}\"\n\tln -fs \"Versions/Current/${PRODUCT_NAME}${postfix}\" \"${DSTROOT}/usr/local/SecurityPieces/Frameworks/${PRODUCT_NAME}.framework\"\ndone";
+ showEnvVarsInLog = 0;
+ };
+/* End PBXShellScriptBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+ 520388FE12B802BF007C4317 /* Sources */ = {
+ isa = PBXSourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 5203890012B802BF007C4317 /* CACAttributeCoder.cpp in Sources */,
+ 5203890112B802BF007C4317 /* CACError.cpp in Sources */,
+ 5203890212B802BF007C4317 /* CACKeyHandle.cpp in Sources */,
+ 5203890312B802BF007C4317 /* CACRecord.cpp in Sources */,
+ 5203890412B802BF007C4317 /* CACSchema.cpp in Sources */,
+ 5203890512B802BF007C4317 /* CACToken.cpp in Sources */,
+ 5203893012B80315007C4317 /* cacng.cpp in Sources */,
+ 5203893112B80315007C4317 /* CACNGApplet.cpp in Sources */,
+ 5203893212B80315007C4317 /* CACNGAttributeCoder.cpp in Sources */,
+ 5203893312B80315007C4317 /* CACNGError.cpp in Sources */,
+ 5203893412B80315007C4317 /* CACNGKeyHandle.cpp in Sources */,
+ 5203893512B80315007C4317 /* CACNGRecord.cpp in Sources */,
+ 5203893612B80315007C4317 /* CACNGSchema.cpp in Sources */,
+ 5203893712B80315007C4317 /* CACNGToken.cpp in Sources */,
+ 5203893812B80315007C4317 /* CompressionTool.cpp in Sources */,
+ 5203893F12B80315007C4317 /* Padding.cpp in Sources */,
+ 5203894012B80315007C4317 /* TLV.cpp in Sources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B260310BC5A864007E00F1 /* Sources */ = {
+ isa = PBXSourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B260320BC5A864007E00F1 /* Adornment.cpp in Sources */,
+ 52B260330BC5A864007E00F1 /* Attribute.cpp in Sources */,
+ 52B260340BC5A864007E00F1 /* AttributeCoder.cpp in Sources */,
+ 52B260350BC5A864007E00F1 /* Cursor.cpp in Sources */,
+ 52B260360BC5A864007E00F1 /* DbValue.cpp in Sources */,
+ 52B260370BC5A864007E00F1 /* KeyHandle.cpp in Sources */,
+ 52B260380BC5A864007E00F1 /* MetaAttribute.cpp in Sources */,
+ 52B260390BC5A864007E00F1 /* MetaRecord.cpp in Sources */,
+ 52B2603A0BC5A864007E00F1 /* Record.cpp in Sources */,
+ 52B2603B0BC5A864007E00F1 /* RecordHandle.cpp in Sources */,
+ 52B2603C0BC5A864007E00F1 /* Relation.cpp in Sources */,
+ 52B2603D0BC5A864007E00F1 /* SCardError.cpp in Sources */,
+ 52B2603E0BC5A864007E00F1 /* Schema.cpp in Sources */,
+ 52B2603F0BC5A864007E00F1 /* SelectionPredicate.cpp in Sources */,
+ 52B260400BC5A864007E00F1 /* Token.cpp in Sources */,
+ 52B260410BC5A864007E00F1 /* TokenContext.cpp in Sources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B2606D0BC5A864007E00F1 /* Sources */ = {
+ isa = PBXSourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B2606E0BC5A864007E00F1 /* belpic.cpp in Sources */,
+ 52B2606F0BC5A864007E00F1 /* BELPICError.cpp in Sources */,
+ 52B260700BC5A864007E00F1 /* BELPICKeyHandle.cpp in Sources */,
+ 52B260710BC5A864007E00F1 /* BELPICRecord.cpp in Sources */,
+ 52B260720BC5A864007E00F1 /* BELPICSchema.cpp in Sources */,
+ 52B260730BC5A864007E00F1 /* BELPICToken.cpp in Sources */,
+ 52A683110EEF1FB200F71D5B /* BELPICAttributeCoder.cpp in Sources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B260860BC5A864007E00F1 /* Sources */ = {
+ isa = PBXSourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B260870BC5A864007E00F1 /* cac.cpp in Sources */,
+ 52B260880BC5A864007E00F1 /* CACAttributeCoder.cpp in Sources */,
+ 52B260890BC5A864007E00F1 /* CACError.cpp in Sources */,
+ 52B2608A0BC5A864007E00F1 /* CACKeyHandle.cpp in Sources */,
+ 52B2608B0BC5A864007E00F1 /* CACRecord.cpp in Sources */,
+ 52B2608C0BC5A864007E00F1 /* CACSchema.cpp in Sources */,
+ 52B2608D0BC5A864007E00F1 /* CACToken.cpp in Sources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B260A10BC5A864007E00F1 /* Sources */ = {
+ isa = PBXSourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B260A20BC5A864007E00F1 /* KeyRecord.cpp in Sources */,
+ 52B260A30BC5A864007E00F1 /* musclecard.cpp in Sources */,
+ 52B260A40BC5A864007E00F1 /* MuscleCardAttributeCoder.cpp in Sources */,
+ 52B260A50BC5A864007E00F1 /* MuscleCardKeyHandle.cpp in Sources */,
+ 52B260A60BC5A864007E00F1 /* MuscleCardSchema.cpp in Sources */,
+ 52B260A70BC5A864007E00F1 /* MuscleCardToken.cpp in Sources */,
+ 52B260A80BC5A864007E00F1 /* TokenRecord.cpp in Sources */,
+ 52B260A90BC5A864007E00F1 /* MscACL.cpp in Sources */,
+ 52B260AA0BC5A864007E00F1 /* MscError.cpp in Sources */,
+ 52B260AB0BC5A864007E00F1 /* MscKey.cpp in Sources */,
+ 52B260AC0BC5A864007E00F1 /* MscObject.cpp in Sources */,
+ 52B260AD0BC5A864007E00F1 /* MscPIN.cpp in Sources */,
+ 52B260AE0BC5A864007E00F1 /* MscToken.cpp in Sources */,
+ 52B260AF0BC5A864007E00F1 /* MscTokenConnection.cpp in Sources */,
+ 52B260B00BC5A864007E00F1 /* MscWrappers.cpp in Sources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+ 52B260C30BC5A864007E00F1 /* Sources */ = {
+ isa = PBXSourcesBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ 52B260C40BC5A864007E00F1 /* piv.cpp in Sources */,
+ 52B260C50BC5A864007E00F1 /* PIVAttributeCoder.cpp in Sources */,
+ 52B260C60BC5A864007E00F1 /* PIVError.cpp in Sources */,
+ 52B260C70BC5A864007E00F1 /* PIVKeyHandle.cpp in Sources */,
+ 52B260C80BC5A864007E00F1 /* PIVRecord.cpp in Sources */,
+ 52B260C90BC5A864007E00F1 /* PIVSchema.cpp in Sources */,
+ 52B260CA0BC5A864007E00F1 /* PIVToken.cpp in Sources */,
+ 52B260CB0BC5A864007E00F1 /* PIVCCC.cpp in Sources */,
+ 52CAA8CB0EBF7E40004C1A9E /* Padding.cpp in Sources */,
+ 52CAA8CC0EBF7E40004C1A9E /* TLV.cpp in Sources */,
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ };
+/* End PBXSourcesBuildPhase section */
+
+/* Begin PBXTargetDependency section */
+ 520388F612B802BF007C4317 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 52B2602D0BC5A864007E00F1 /* libtokend */;
+ targetProxy = 520388F712B802BF007C4317 /* PBXContainerItemProxy */;
+ };
+ 5203894212B8031D007C4317 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 520388F512B802BF007C4317 /* CACNG */;
+ targetProxy = 5203894112B8031D007C4317 /* PBXContainerItemProxy */;
+ };
+ 529252170BC6BEED00816597 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 52B2602D0BC5A864007E00F1 /* libtokend */;
+ targetProxy = 529252160BC6BEED00816597 /* PBXContainerItemProxy */;
+ };
+ 52B260D90BC5A864007E00F1 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 52B260640BC5A864007E00F1 /* BELPIC */;
+ targetProxy = 52B260D80BC5A864007E00F1 /* PBXContainerItemProxy */;
+ };
+ 52B260DB0BC5A864007E00F1 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 52B2607D0BC5A864007E00F1 /* CAC */;
+ targetProxy = 52B260DA0BC5A864007E00F1 /* PBXContainerItemProxy */;
+ };
+ 52B260DD0BC5A864007E00F1 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 52B260BA0BC5A864007E00F1 /* PIV */;
+ targetProxy = 52B260DC0BC5A864007E00F1 /* PBXContainerItemProxy */;
+ };
+ 52B260DF0BC5A864007E00F1 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 52B2604B0BC5A864007E00F1 /* tokend */;
+ targetProxy = 52B260DE0BC5A864007E00F1 /* PBXContainerItemProxy */;
+ };
+ 52B260E10BC5A864007E00F1 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 52B2602D0BC5A864007E00F1 /* libtokend */;
+ targetProxy = 52B260E00BC5A864007E00F1 /* PBXContainerItemProxy */;
+ };
+ 52B260E30BC5A864007E00F1 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 52B2602D0BC5A864007E00F1 /* libtokend */;
+ targetProxy = 52B260E20BC5A864007E00F1 /* PBXContainerItemProxy */;
+ };
+ 52B260E50BC5A864007E00F1 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 52B2602D0BC5A864007E00F1 /* libtokend */;
+ targetProxy = 52B260E40BC5A864007E00F1 /* PBXContainerItemProxy */;
+ };
+ 52B260E70BC5A864007E00F1 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ target = 52B2602D0BC5A864007E00F1 /* libtokend */;
+ targetProxy = 52B260E60BC5A864007E00F1 /* PBXContainerItemProxy */;
+ };
+/* End PBXTargetDependency section */
+
+/* Begin XCBuildConfiguration section */
+ 5203890A12B802BF007C4317 /* Development */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = debug;
+ COPY_PHASE_STRIP = NO;
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = NO;
+ GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
+ GCC_MODEL_TUNING = G5;
+ GCC_OPTIMIZATION_LEVEL = 0;
+ GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES;
+ GCC_WARN_CHECK_SWITCH_STATEMENTS = YES;
+ GCC_WARN_HIDDEN_VIRTUAL_FUNCTIONS = YES;
+ GCC_WARN_INHIBIT_ALL_WARNINGS = NO;
+ GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES;
+ GCC_WARN_MISSING_PARENTHESES = YES;
+ GCC_WARN_NON_VIRTUAL_DESTRUCTOR = YES;
+ GCC_WARN_PEDANTIC = NO;
+ GCC_WARN_SHADOW = NO;
+ GCC_WARN_SIGN_COMPARE = YES;
+ GCC_WARN_TYPECHECK_CALLS_TO_PRINTF = YES;
+ GCC_WARN_UNINITIALIZED_AUTOS = NO;
+ GCC_WARN_UNKNOWN_PRAGMAS = YES;
+ GCC_WARN_UNUSED_FUNCTION = YES;
+ GCC_WARN_UNUSED_LABEL = YES;
+ GCC_WARN_UNUSED_PARAMETER = YES;
+ GCC_WARN_UNUSED_VALUE = YES;
+ GCC_WARN_UNUSED_VARIABLE = YES;
+ INFOPLIST_FILE = CACNG/Info.plist;
+ INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
+ OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
+ OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
+ OPT_INLINEXFLAGS = " -finline-functions";
+ OPT_LDXFLAGS = "-dead_strip";
+ OPT_LDXNOPIC = ",_nopic";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -framework tokend,_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
+ OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -framework tokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -framework tokend,_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
+ PRODUCT_NAME = CACNG;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ WRAPPER_EXTENSION = tokend;
+ ZERO_LINK = NO;
+ };
+ name = Development;
+ };
+ 5203890B12B802BF007C4317 /* Deployment */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = (
+ normal,
+ debug,
+ );
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = YES;
+ GCC_MODEL_TUNING = G5;
+ INFOPLIST_FILE = CACNG/Info.plist;
+ INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
+ OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
+ OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
+ OPT_INLINEXFLAGS = " -finline-functions";
+ OPT_LDXFLAGS = "-dead_strip";
+ OPT_LDXNOPIC = ",_nopic";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -framework tokend,_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
+ OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -framework tokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -framework tokend,_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
+ PRODUCT_NAME = CACNG;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ WRAPPER_EXTENSION = tokend;
+ ZERO_LINK = NO;
+ };
+ name = Deployment;
+ };
+ 52B260290BC5A864007E00F1 /* Development */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = debug;
+ COPY_PHASE_STRIP = NO;
+ GCC_DYNAMIC_NO_PIC = NO;
+ GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
+ GCC_OPTIMIZATION_LEVEL = 0;
+ GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES;
+ GCC_WARN_CHECK_SWITCH_STATEMENTS = YES;
+ GCC_WARN_HIDDEN_VIRTUAL_FUNCTIONS = YES;
+ GCC_WARN_INHIBIT_ALL_WARNINGS = NO;
+ GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES;
+ GCC_WARN_MISSING_PARENTHESES = YES;
+ GCC_WARN_NON_VIRTUAL_DESTRUCTOR = YES;
+ GCC_WARN_PEDANTIC = NO;
+ GCC_WARN_SHADOW = NO;
+ GCC_WARN_SIGN_COMPARE = YES;
+ GCC_WARN_TYPECHECK_CALLS_TO_PRINTF = YES;
+ GCC_WARN_UNINITIALIZED_AUTOS = NO;
+ GCC_WARN_UNKNOWN_PRAGMAS = YES;
+ GCC_WARN_UNUSED_FUNCTION = YES;
+ GCC_WARN_UNUSED_LABEL = YES;
+ GCC_WARN_UNUSED_PARAMETER = YES;
+ GCC_WARN_UNUSED_VALUE = YES;
+ GCC_WARN_UNUSED_VARIABLE = YES;
+ PRODUCT_NAME = world;
+ SECTORDER_FLAGS = "";
+ ZERO_LINK = NO;
+ };
+ name = Development;
+ };
+ 52B2602A0BC5A864007E00F1 /* Deployment */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ PRODUCT_NAME = world;
+ SECTORDER_FLAGS = "";
+ ZERO_LINK = NO;
+ };
+ name = Deployment;
+ };
+ 52B260460BC5A864007E00F1 /* Development */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = debug;
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = NO;
+ GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
+ GCC_PREPROCESSOR_DEFINITIONS = LIMITED_SIGNING;
+ LIBRARY_STYLE = STATIC;
+ OPT_CFLAGS = "-DNDEBUG -Os $(OPT_INLINEFLAGS)";
+ OPT_CPPFLAGS = "$(OPT_CFLAGS)";
+ OPT_INLINEFLAGS = "-finline-functions";
+ OPT_LDFLAGS = "-dead_strip";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS = "";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_nopic = "-mdynamic-no-pic $(OPT_CFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_normal = "$(OPT_CFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_nopic = "-mdynamic-no-pic $(OPT_CPPFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS)";
+ OTHER_LDFLAGS_nopic = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS)";
+ OTHER_LDFLAGS_normal = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS) -pg";
+ PRODUCT_NAME = tokend;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ ZERO_LINK = YES;
+ };
+ name = Development;
+ };
+ 52B260470BC5A864007E00F1 /* Deployment */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = (
+ normal,
+ debug,
+ nopic,
+ );
+ COPY_PHASE_STRIP = YES;
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ "$(inherited)",
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DEBUGGING_SYMBOLS = default;
+ GCC_PREPROCESSOR_DEFINITIONS = LIMITED_SIGNING;
+ LIBRARY_STYLE = STATIC;
+ OPT_CFLAGS = "-DNDEBUG -Os $(OPT_INLINEFLAGS)";
+ OPT_CPPFLAGS = "$(OPT_CFLAGS)";
+ OPT_INLINEFLAGS = "-finline-functions";
+ OPT_LDFLAGS = "-dead_strip";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS = "";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_nopic = "-mdynamic-no-pic $(OPT_CFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_normal = "$(OPT_CFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "\U0001$(OPT_CFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_nopic = "-mdynamic-no-pic $(OPT_CPPFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS)";
+ OTHER_LDFLAGS_nopic = "-dead_strip $(OPT_LDFLAGS) $(OTHER_LDFLAGS)";
+ OTHER_LDFLAGS_normal = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS) -pg";
+ PRODUCT_NAME = tokend;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ ZERO_LINK = NO;
+ };
+ name = Deployment;
+ };
+ 52B2605E0BC5A864007E00F1 /* Development */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ FRAMEWORK_SEARCH_PATHS = (
+ "$(inherited)",
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ FRAMEWORK_VERSION = A;
+ GCC_SYMBOLS_PRIVATE_EXTERN = NO;
+ INFOPLIST_FILE = "Info-tokend__Upgraded_.plist";
+ INSTALL_PATH = /usr/local/SecurityPieces/Frameworks;
+ PRODUCT_NAME = tokend;
+ WRAPPER_EXTENSION = framework;
+ ZERO_LINK = YES;
+ };
+ name = Development;
+ };
+ 52B2605F0BC5A864007E00F1 /* Deployment */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ FRAMEWORK_VERSION = A;
+ GCC_DEBUGGING_SYMBOLS = default;
+ GCC_SYMBOLS_PRIVATE_EXTERN = NO;
+ INFOPLIST_FILE = "Info-tokend__Upgraded_.plist";
+ INSTALL_PATH = /usr/local/SecurityPieces/Frameworks;
+ PRODUCT_NAME = tokend;
+ WRAPPER_EXTENSION = framework;
+ ZERO_LINK = NO;
+ };
+ name = Deployment;
+ };
+ 52B260770BC5A864007E00F1 /* Development */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ ALWAYS_SEARCH_USER_PATHS = YES;
+ BUILD_VARIANTS = debug;
+ COPY_PHASE_STRIP = NO;
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = NO;
+ GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
+ GCC_MODEL_TUNING = G5;
+ GCC_OPTIMIZATION_LEVEL = 0;
+ GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES;
+ GCC_WARN_CHECK_SWITCH_STATEMENTS = YES;
+ GCC_WARN_HIDDEN_VIRTUAL_FUNCTIONS = YES;
+ GCC_WARN_INHIBIT_ALL_WARNINGS = NO;
+ GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES;
+ GCC_WARN_MISSING_PARENTHESES = YES;
+ GCC_WARN_NON_VIRTUAL_DESTRUCTOR = YES;
+ GCC_WARN_PEDANTIC = NO;
+ GCC_WARN_SHADOW = NO;
+ GCC_WARN_SIGN_COMPARE = YES;
+ GCC_WARN_TYPECHECK_CALLS_TO_PRINTF = YES;
+ GCC_WARN_UNINITIALIZED_AUTOS = NO;
+ GCC_WARN_UNKNOWN_PRAGMAS = YES;
+ GCC_WARN_UNUSED_FUNCTION = YES;
+ GCC_WARN_UNUSED_LABEL = YES;
+ GCC_WARN_UNUSED_PARAMETER = YES;
+ GCC_WARN_UNUSED_VALUE = YES;
+ GCC_WARN_UNUSED_VARIABLE = YES;
+ INFOPLIST_FILE = BELPIC/Info.plist;
+ INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
+ OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
+ OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
+ OPT_INLINEXFLAGS = " -finline-functions";
+ OPT_LDXFLAGS = "-dead_strip";
+ OPT_LDXNOPIC = ",_nopic";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -framework tokend,_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
+ OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -framework tokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -framework tokend,_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
+ PRODUCT_NAME = BELPIC;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ WRAPPER_EXTENSION = tokend;
+ ZERO_LINK = NO;
+ };
+ name = Development;
+ };
+ 52B260780BC5A864007E00F1 /* Deployment */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = (
+ normal,
+ debug,
+ );
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = YES;
+ GCC_MODEL_TUNING = G5;
+ INFOPLIST_FILE = BELPIC/Info.plist;
+ INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
+ OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
+ OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
+ OPT_INLINEXFLAGS = " -finline-functions";
+ OPT_LDXFLAGS = "-dead_strip";
+ OPT_LDXNOPIC = ",_nopic";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -framework tokend,_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
+ OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -framework tokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -framework tokend,_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
+ PRODUCT_NAME = BELPIC;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ WRAPPER_EXTENSION = tokend;
+ ZERO_LINK = NO;
+ };
+ name = Deployment;
+ };
+ 52B260920BC5A864007E00F1 /* Development */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = debug;
+ COPY_PHASE_STRIP = NO;
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = NO;
+ GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
+ GCC_MODEL_TUNING = G5;
+ GCC_OPTIMIZATION_LEVEL = 0;
+ GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES;
+ GCC_WARN_CHECK_SWITCH_STATEMENTS = YES;
+ GCC_WARN_HIDDEN_VIRTUAL_FUNCTIONS = YES;
+ GCC_WARN_INHIBIT_ALL_WARNINGS = NO;
+ GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES;
+ GCC_WARN_MISSING_PARENTHESES = YES;
+ GCC_WARN_NON_VIRTUAL_DESTRUCTOR = YES;
+ GCC_WARN_PEDANTIC = NO;
+ GCC_WARN_SHADOW = NO;
+ GCC_WARN_SIGN_COMPARE = YES;
+ GCC_WARN_TYPECHECK_CALLS_TO_PRINTF = YES;
+ GCC_WARN_UNINITIALIZED_AUTOS = NO;
+ GCC_WARN_UNKNOWN_PRAGMAS = YES;
+ GCC_WARN_UNUSED_FUNCTION = YES;
+ GCC_WARN_UNUSED_LABEL = YES;
+ GCC_WARN_UNUSED_PARAMETER = YES;
+ GCC_WARN_UNUSED_VALUE = YES;
+ GCC_WARN_UNUSED_VARIABLE = YES;
+ INFOPLIST_FILE = CAC/Info.plist;
+ INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
+ OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
+ OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
+ OPT_INLINEXFLAGS = " -finline-functions";
+ OPT_LDXFLAGS = "-dead_strip";
+ OPT_LDXNOPIC = ",_nopic";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -framework tokend,_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
+ OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -framework tokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -framework tokend,_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
+ PRODUCT_NAME = CAC;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ WRAPPER_EXTENSION = tokend;
+ ZERO_LINK = NO;
+ };
+ name = Development;
+ };
+ 52B260930BC5A864007E00F1 /* Deployment */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = (
+ normal,
+ debug,
+ );
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = YES;
+ GCC_MODEL_TUNING = G5;
+ INFOPLIST_FILE = CAC/Info.plist;
+ INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
+ OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
+ OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
+ OPT_INLINEXFLAGS = " -finline-functions";
+ OPT_LDXFLAGS = "-dead_strip";
+ OPT_LDXNOPIC = ",_nopic";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -framework tokend,_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
+ OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -framework tokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -framework tokend,_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
+ PRODUCT_NAME = CAC;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ WRAPPER_EXTENSION = tokend;
+ ZERO_LINK = NO;
+ };
+ name = Deployment;
+ };
+ 52B260B40BC5A864007E00F1 /* Development */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = debug;
+ COPY_PHASE_STRIP = NO;
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = NO;
+ GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
+ GCC_MODEL_TUNING = G5;
+ GCC_OPTIMIZATION_LEVEL = 0;
+ GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES;
+ GCC_WARN_CHECK_SWITCH_STATEMENTS = YES;
+ GCC_WARN_HIDDEN_VIRTUAL_FUNCTIONS = YES;
+ GCC_WARN_INHIBIT_ALL_WARNINGS = NO;
+ GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES;
+ GCC_WARN_MISSING_PARENTHESES = YES;
+ GCC_WARN_NON_VIRTUAL_DESTRUCTOR = YES;
+ GCC_WARN_PEDANTIC = NO;
+ GCC_WARN_SHADOW = NO;
+ GCC_WARN_SIGN_COMPARE = YES;
+ GCC_WARN_TYPECHECK_CALLS_TO_PRINTF = YES;
+ GCC_WARN_UNINITIALIZED_AUTOS = NO;
+ GCC_WARN_UNKNOWN_PRAGMAS = YES;
+ GCC_WARN_UNUSED_FUNCTION = YES;
+ GCC_WARN_UNUSED_LABEL = YES;
+ GCC_WARN_UNUSED_PARAMETER = YES;
+ GCC_WARN_UNUSED_VALUE = YES;
+ GCC_WARN_UNUSED_VARIABLE = YES;
+ INFOPLIST_FILE = MuscleCard/Info.plist;
+ INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
+ OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
+ OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
+ OPT_INLINEXFLAGS = " -finline-functions";
+ OPT_LDXFLAGS = "-dead_strip";
+ OPT_LDXNOPIC = ",_nopic";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -framework tokend,_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
+ OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -framework tokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -framework tokend,_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
+ PRODUCT_NAME = MuscleCard;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ WRAPPER_EXTENSION = tokend;
+ ZERO_LINK = NO;
+ };
+ name = Development;
+ };
+ 52B260B50BC5A864007E00F1 /* Deployment */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = (
+ normal,
+ debug,
+ );
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = YES;
+ GCC_MODEL_TUNING = G5;
+ INFOPLIST_FILE = MuscleCard/Info.plist;
+ INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
+ OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
+ OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
+ OPT_INLINEXFLAGS = " -finline-functions";
+ OPT_LDXFLAGS = "-dead_strip";
+ OPT_LDXNOPIC = ",_nopic";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -framework tokend,_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
+ OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -framework tokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -framework tokend,_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
+ PRODUCT_NAME = MuscleCard;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ WRAPPER_EXTENSION = tokend;
+ ZERO_LINK = NO;
+ };
+ name = Deployment;
+ };
+ 52B260D00BC5A864007E00F1 /* Development */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = debug;
+ COPY_PHASE_STRIP = NO;
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = NO;
+ GCC_GENERATE_DEBUGGING_SYMBOLS = YES;
+ GCC_MODEL_TUNING = G5;
+ GCC_OPTIMIZATION_LEVEL = 0;
+ GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES;
+ GCC_WARN_CHECK_SWITCH_STATEMENTS = YES;
+ GCC_WARN_HIDDEN_VIRTUAL_FUNCTIONS = YES;
+ GCC_WARN_INHIBIT_ALL_WARNINGS = NO;
+ GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES;
+ GCC_WARN_MISSING_PARENTHESES = YES;
+ GCC_WARN_NON_VIRTUAL_DESTRUCTOR = YES;
+ GCC_WARN_PEDANTIC = NO;
+ GCC_WARN_SHADOW = NO;
+ GCC_WARN_SIGN_COMPARE = YES;
+ GCC_WARN_TYPECHECK_CALLS_TO_PRINTF = YES;
+ GCC_WARN_UNINITIALIZED_AUTOS = NO;
+ GCC_WARN_UNKNOWN_PRAGMAS = YES;
+ GCC_WARN_UNUSED_FUNCTION = YES;
+ GCC_WARN_UNUSED_LABEL = YES;
+ GCC_WARN_UNUSED_PARAMETER = YES;
+ GCC_WARN_UNUSED_VALUE = YES;
+ GCC_WARN_UNUSED_VARIABLE = YES;
+ INFOPLIST_FILE = PIV/Info.plist;
+ INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
+ OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
+ OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
+ OPT_INLINEXFLAGS = " -finline-functions";
+ OPT_LDXFLAGS = "-dead_strip";
+ OPT_LDXNOPIC = ",_nopic";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -framework tokend,_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
+ OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -framework tokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -framework tokend,_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
+ PRODUCT_NAME = PIV;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ WRAPPER_EXTENSION = tokend;
+ ZERO_LINK = NO;
+ };
+ name = Development;
+ };
+ 52B260D10BC5A864007E00F1 /* Deployment */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ BUILD_VARIANTS = (
+ normal,
+ debug,
+ );
+ CURRENT_PROJECT_VERSION = 40596;
+ FRAMEWORK_SEARCH_PATHS = (
+ /usr/local/SecurityPieces/Frameworks,
+ "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks",
+ );
+ GCC_DYNAMIC_NO_PIC = YES;
+ GCC_MODEL_TUNING = G5;
+ INFOPLIST_FILE = PIV/Info.plist;
+ INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Security/tokend";
+ OPT_CPPXFLAGS = "$(OPT_CXFLAGS) -fno-enforce-eh-specs -fno-implement-inlines";
+ OPT_CXFLAGS = "-DNDEBUG $(OPT_INLINEXFLAGS)";
+ OPT_INLINEXFLAGS = " -finline-functions";
+ OPT_LDXFLAGS = "-dead_strip";
+ OPT_LDXNOPIC = ",_nopic";
+ OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)";
+ OTHER_ASFLAGS_normal = "$(OTHER_CFLAGS) -DNDEBUG";
+ OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg";
+ OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline";
+ OTHER_CFLAGS_normal = "$(OPT_CXFLAGS) $(OTHER_CFLAGS)";
+ OTHER_CFLAGS_profile = "$(OPT_CXFLAGS) $(OTHER_CFLAGS) -pg";
+ OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CPLUSPLUSFLAGS) -O0 -fno-inline";
+ OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS)";
+ OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPXFLAGS) $(OTHER_CPLUSPLUSFLAGS) -pg";
+ OTHER_LDFLAGS_debug = "$(OTHER_LDFLAGS) -framework tokend,_debug -framework PCSC,_debug -framework SecurityTokend,_debug -framework Security,_debug -framework security_cdsa_client,_debug -framework security_cdsa_utilities,_debug -framework security_utilities,_debug";
+ OTHER_LDFLAGS_normal = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -framework tokend -framework PCSC -framework SecurityTokend -framework Security -framework security_cdsa_client$(OPT_LDXNOPIC) -framework security_cdsa_utilities$(OPT_LDXNOPIC) -framework security_utilities$(OPT_LDXNOPIC)";
+ OTHER_LDFLAGS_profile = "$(OPT_LDXFLAGS) $(OTHER_LDFLAGS) -pg -framework tokend,_profile -framework PCSC,_profile -framework SecurityTokend,_profile -framework Security,_profile -framework security_cdsa_client,_profile -framework security_cdsa_utilities,_profile -framework security_utilities,_profile";
+ PRODUCT_NAME = PIV;
+ VERSIONING_SYSTEM = "apple-generic";
+ WARNING_CFLAGS = (
+ "-Wmost",
+ "-Wno-four-char-constants",
+ "-Wno-unknown-pragmas",
+ );
+ WRAPPER_EXTENSION = tokend;
+ ZERO_LINK = NO;
+ };
+ name = Deployment;
+ };
+ C27AD2230987FCDC001272E0 /* Development */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)";
+ CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)";
+ };
+ name = Development;
+ };
+ C27AD2240987FCDC001272E0 /* Deployment */ = {
+ isa = XCBuildConfiguration;
+ buildSettings = {
+ CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)";
+ CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)";
+ };
+ name = Deployment;
+ };
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+ 5203890912B802BF007C4317 /* Build configuration list for PBXNativeTarget "CACNG" */ = {
+ isa = XCConfigurationList;
+ buildConfigurations = (
+ 5203890A12B802BF007C4317 /* Development */,
+ 5203890B12B802BF007C4317 /* Deployment */,
+ );
+ defaultConfigurationIsVisible = 0;
+ defaultConfigurationName = Deployment;
+ };
+ 52B260280BC5A864007E00F1 /* Build configuration list for PBXAggregateTarget "world" */ = {
+ isa = XCConfigurationList;
+ buildConfigurations = (
+ 52B260290BC5A864007E00F1 /* Development */,
+ 52B2602A0BC5A864007E00F1 /* Deployment */,
+ );
+ defaultConfigurationIsVisible = 0;
+ defaultConfigurationName = Deployment;
+ };
+ 52B260450BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "libtokend" */ = {
+ isa = XCConfigurationList;
+ buildConfigurations = (
+ 52B260460BC5A864007E00F1 /* Development */,
+ 52B260470BC5A864007E00F1 /* Deployment */,
+ );
+ defaultConfigurationIsVisible = 0;
+ defaultConfigurationName = Deployment;
+ };
+ 52B2605D0BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "tokend" */ = {
+ isa = XCConfigurationList;
+ buildConfigurations = (
+ 52B2605E0BC5A864007E00F1 /* Development */,
+ 52B2605F0BC5A864007E00F1 /* Deployment */,
+ );
+ defaultConfigurationIsVisible = 0;
+ defaultConfigurationName = Deployment;
+ };
+ 52B260760BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "BELPIC" */ = {
+ isa = XCConfigurationList;
+ buildConfigurations = (
+ 52B260770BC5A864007E00F1 /* Development */,
+ 52B260780BC5A864007E00F1 /* Deployment */,
+ );
+ defaultConfigurationIsVisible = 0;
+ defaultConfigurationName = Deployment;
+ };
+ 52B260910BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "CAC" */ = {
+ isa = XCConfigurationList;
+ buildConfigurations = (
+ 52B260920BC5A864007E00F1 /* Development */,
+ 52B260930BC5A864007E00F1 /* Deployment */,
+ );
+ defaultConfigurationIsVisible = 0;
+ defaultConfigurationName = Deployment;
+ };
+ 52B260B30BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "MuscleCard" */ = {
+ isa = XCConfigurationList;
+ buildConfigurations = (
+ 52B260B40BC5A864007E00F1 /* Development */,
+ 52B260B50BC5A864007E00F1 /* Deployment */,
+ );
+ defaultConfigurationIsVisible = 0;
+ defaultConfigurationName = Deployment;
+ };
+ 52B260CF0BC5A864007E00F1 /* Build configuration list for PBXNativeTarget "PIV" */ = {
+ isa = XCConfigurationList;
+ buildConfigurations = (
+ 52B260D00BC5A864007E00F1 /* Development */,
+ 52B260D10BC5A864007E00F1 /* Deployment */,
+ );
+ defaultConfigurationIsVisible = 0;
+ defaultConfigurationName = Deployment;
+ };
+ C27AD2220987FCDC001272E0 /* Build configuration list for PBXProject "Tokend" */ = {
+ isa = XCConfigurationList;
+ buildConfigurations = (
+ C27AD2230987FCDC001272E0 /* Development */,
+ C27AD2240987FCDC001272E0 /* Deployment */,
+ );
+ defaultConfigurationIsVisible = 0;
+ defaultConfigurationName = Deployment;
+ };
+/* End XCConfigurationList section */
+ };
+ rootObject = 08FB7793FE84155DC02AAC07 /* Project object */;
+}
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.xcworkspace/contents.xcworkspacedata
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.xcworkspace/contents.xcworkspacedata (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.xcworkspace/contents.xcworkspacedata 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Workspace
+ version = "1.0">
+ <FileRef
+ location = "self:Tokend.xcodeproj">
+ </FileRef>
+</Workspace>
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.xcworkspace/xcuserdata/geddis.xcuserdatad/UserInterfaceState.xcuserstate
===================================================================
(Binary files differ)
Property changes on: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/project.xcworkspace/xcuserdata/geddis.xcuserdatad/UserInterfaceState.xcuserstate
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/BELPIC.xcscheme
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/BELPIC.xcscheme (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/BELPIC.xcscheme 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260640BC5A864007E00F1"
+ BuildableName = "BELPIC.tokend"
+ BlueprintName = "BELPIC"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Development">
+ <Testables>
+ </Testables>
+ <MacroExpansion>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260640BC5A864007E00F1"
+ BuildableName = "BELPIC.tokend"
+ BlueprintName = "BELPIC"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </MacroExpansion>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ debugProcessAsUID = "4294967295"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Development"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <BuildableProductRunnable>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260640BC5A864007E00F1"
+ BuildableName = "BELPIC.tokend"
+ BlueprintName = "BELPIC"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildableProductRunnable>
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Deployment"
+ debugDocumentVersioning = "YES">
+ <BuildableProductRunnable>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260640BC5A864007E00F1"
+ BuildableName = "BELPIC.tokend"
+ BlueprintName = "BELPIC"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildableProductRunnable>
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Development">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Deployment"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/CAC.xcscheme
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/CAC.xcscheme (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/CAC.xcscheme 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B2607D0BC5A864007E00F1"
+ BuildableName = "CAC.tokend"
+ BlueprintName = "CAC"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Development">
+ <Testables>
+ </Testables>
+ <MacroExpansion>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B2607D0BC5A864007E00F1"
+ BuildableName = "CAC.tokend"
+ BlueprintName = "CAC"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </MacroExpansion>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ debugProcessAsUID = "4294967295"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Development"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <BuildableProductRunnable>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B2607D0BC5A864007E00F1"
+ BuildableName = "CAC.tokend"
+ BlueprintName = "CAC"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildableProductRunnable>
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Deployment"
+ debugDocumentVersioning = "YES">
+ <BuildableProductRunnable>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B2607D0BC5A864007E00F1"
+ BuildableName = "CAC.tokend"
+ BlueprintName = "CAC"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildableProductRunnable>
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Development">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Deployment"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/CACNG.xcscheme
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/CACNG.xcscheme (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/CACNG.xcscheme 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "520388F512B802BF007C4317"
+ BuildableName = "CACNG.tokend"
+ BlueprintName = "CACNG"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Development">
+ <Testables>
+ </Testables>
+ <MacroExpansion>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "520388F512B802BF007C4317"
+ BuildableName = "CACNG.tokend"
+ BlueprintName = "CACNG"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </MacroExpansion>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ debugProcessAsUID = "4294967295"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Development"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <BuildableProductRunnable>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "520388F512B802BF007C4317"
+ BuildableName = "CACNG.tokend"
+ BlueprintName = "CACNG"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildableProductRunnable>
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Deployment"
+ debugDocumentVersioning = "YES">
+ <BuildableProductRunnable>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "520388F512B802BF007C4317"
+ BuildableName = "CACNG.tokend"
+ BlueprintName = "CACNG"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildableProductRunnable>
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Development">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Deployment"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/MuscleCard.xcscheme
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/MuscleCard.xcscheme (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/MuscleCard.xcscheme 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260980BC5A864007E00F1"
+ BuildableName = "MuscleCard.tokend"
+ BlueprintName = "MuscleCard"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Development">
+ <Testables>
+ </Testables>
+ <MacroExpansion>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260980BC5A864007E00F1"
+ BuildableName = "MuscleCard.tokend"
+ BlueprintName = "MuscleCard"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </MacroExpansion>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ debugProcessAsUID = "4294967295"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Development"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <BuildableProductRunnable>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260980BC5A864007E00F1"
+ BuildableName = "MuscleCard.tokend"
+ BlueprintName = "MuscleCard"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildableProductRunnable>
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Deployment"
+ debugDocumentVersioning = "YES">
+ <BuildableProductRunnable>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260980BC5A864007E00F1"
+ BuildableName = "MuscleCard.tokend"
+ BlueprintName = "MuscleCard"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildableProductRunnable>
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Development">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Deployment"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/PIV.xcscheme
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/PIV.xcscheme (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/PIV.xcscheme 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260BA0BC5A864007E00F1"
+ BuildableName = "PIV.tokend"
+ BlueprintName = "PIV"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Development">
+ <Testables>
+ </Testables>
+ <MacroExpansion>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260BA0BC5A864007E00F1"
+ BuildableName = "PIV.tokend"
+ BlueprintName = "PIV"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </MacroExpansion>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ debugProcessAsUID = "4294967295"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Development"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <BuildableProductRunnable>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260BA0BC5A864007E00F1"
+ BuildableName = "PIV.tokend"
+ BlueprintName = "PIV"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildableProductRunnable>
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Deployment"
+ debugDocumentVersioning = "YES">
+ <BuildableProductRunnable>
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B260BA0BC5A864007E00F1"
+ BuildableName = "PIV.tokend"
+ BlueprintName = "PIV"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildableProductRunnable>
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Development">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Deployment"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/libtokend.xcscheme
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/libtokend.xcscheme (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/libtokend.xcscheme 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B2602D0BC5A864007E00F1"
+ BuildableName = "libtokend.a"
+ BlueprintName = "libtokend"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Development">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ debugProcessAsUID = "4294967295"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Development"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Deployment"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Development">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Deployment"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/tokend.xcscheme
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/tokend.xcscheme (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/tokend.xcscheme 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B2604B0BC5A864007E00F1"
+ BuildableName = "tokend.framework"
+ BlueprintName = "tokend"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Development">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ debugProcessAsUID = "4294967295"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Development"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Deployment"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Development">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Deployment"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/world.xcscheme
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/world.xcscheme (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/world.xcscheme 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Scheme
+ version = "1.3">
+ <BuildAction
+ parallelizeBuildables = "YES"
+ buildImplicitDependencies = "YES">
+ <BuildActionEntries>
+ <BuildActionEntry
+ buildForTesting = "YES"
+ buildForRunning = "YES"
+ buildForProfiling = "YES"
+ buildForArchiving = "YES"
+ buildForAnalyzing = "YES">
+ <BuildableReference
+ BuildableIdentifier = "primary"
+ BlueprintIdentifier = "52B2601F0BC5A864007E00F1"
+ BuildableName = "world"
+ BlueprintName = "world"
+ ReferencedContainer = "container:Tokend.xcodeproj">
+ </BuildableReference>
+ </BuildActionEntry>
+ </BuildActionEntries>
+ </BuildAction>
+ <TestAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ buildConfiguration = "Development">
+ <Testables>
+ </Testables>
+ </TestAction>
+ <LaunchAction
+ selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
+ selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
+ debugProcessAsUID = "4294967295"
+ launchStyle = "0"
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Development"
+ ignoresPersistentStateOnLaunch = "NO"
+ debugDocumentVersioning = "YES"
+ allowLocationSimulation = "YES">
+ <AdditionalOptions>
+ </AdditionalOptions>
+ </LaunchAction>
+ <ProfileAction
+ shouldUseLaunchSchemeArgsEnv = "YES"
+ savedToolIdentifier = ""
+ useCustomWorkingDirectory = "NO"
+ buildConfiguration = "Deployment"
+ debugDocumentVersioning = "YES">
+ </ProfileAction>
+ <AnalyzeAction
+ buildConfiguration = "Development">
+ </AnalyzeAction>
+ <ArchiveAction
+ buildConfiguration = "Deployment"
+ revealArchiveInOrganizer = "YES">
+ </ArchiveAction>
+</Scheme>
Added: releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/xcschememanagement.plist
===================================================================
--- releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/xcschememanagement.plist (rev 0)
+++ releases/Apple/OSX-10.6.7/Tokend.xcodeproj/xcuserdata/geddis.xcuserdatad/xcschemes/xcschememanagement.plist 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>SchemeUserState</key>
+ <dict>
+ <key>BELPIC.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>4</integer>
+ </dict>
+ <key>CAC.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>3</integer>
+ </dict>
+ <key>CACNG.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>6</integer>
+ </dict>
+ <key>MuscleCard.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>5</integer>
+ </dict>
+ <key>PIV.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>0</integer>
+ </dict>
+ <key>libtokend.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>7</integer>
+ </dict>
+ <key>tokend.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>2</integer>
+ </dict>
+ <key>world.xcscheme</key>
+ <dict>
+ <key>orderHint</key>
+ <integer>1</integer>
+ </dict>
+ </dict>
+ <key>SuppressBuildableAutocreation</key>
+ <dict>
+ <key>520388F512B802BF007C4317</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>52B2601F0BC5A864007E00F1</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>52B2602D0BC5A864007E00F1</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>52B2604B0BC5A864007E00F1</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>52B260640BC5A864007E00F1</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>52B2607D0BC5A864007E00F1</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>52B260980BC5A864007E00F1</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ <key>52B260BA0BC5A864007E00F1</key>
+ <dict>
+ <key>primary</key>
+ <true/>
+ </dict>
+ </dict>
+</dict>
+</plist>
Added: releases/Apple/OSX-10.6.7/testcms.sh
===================================================================
--- releases/Apple/OSX-10.6.7/testcms.sh (rev 0)
+++ releases/Apple/OSX-10.6.7/testcms.sh 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# usage: point LOCAL_BUILD_DIR to your build folder, insert a card
+# and run this script
+
+echo $PATH | fgrep -q "${LOCAL_BUILD_DIR}:" || PATH=${LOCAL_BUILD_DIR}:$PATH
+SECURITY=`which security`
+HOME=/tmp/test$$
+export HOME
+
+mkdir $HOME
+cd $HOME
+mkdir Library
+mkdir Library/Preferences
+mkdir Library/Keychains
+
+echo Creating a login.keychain
+$SECURITY create -p login login.keychain
+echo "listing keychains"
+$SECURITY list-keychains
+echo "listing default keychain"
+$SECURITY default-keychain
+
+echo "Looking for the email address of the first certificate on the card"
+if [ "x$EMAIL" == "x" ]; then
+ EMAIL=`$SECURITY find-certificate | awk -F = '/\"alis\"<blob>/ { addr=$2; gsub(/\"/, "", addr); print addr }'`
+ if [ "x$EMAIL" == "x" ]; then
+ echo "No certificate with an email address found."
+ exit 1
+ fi
+fi
+echo "Email addres found: <$EMAIL>"
+
+echo "CONTENT: The secret and possibly signed content." > content.txt
+
+echo "Creating a signed cms message."
+$SECURITY cms -S -N "$EMAIL" -i content.txt -o signed.cms
+echo "Verifying the signed cms message."
+$SECURITY cms -D -i signed.cms -h0
+
+echo "Creating an encrypted cms message."
+$SECURITY cms -E -r "$EMAIL" -i content.txt -o encrypted.cms
+echo "Decrypting the message."
+$SECURITY cms -D -i encrypted.cms
+
+#echo "Exporting the identity to pkcs12."
+#$SECURITY export -f pkcs12 -t identities -p -P testcms -o identity.p12
+
+# arch-tag: D00EE88A-08E5-11D9-B1C3-000A9595DEEE
Added: releases/Apple/OSX-10.6.7/testssl.sh
===================================================================
--- releases/Apple/OSX-10.6.7/testssl.sh (rev 0)
+++ releases/Apple/OSX-10.6.7/testssl.sh 2012-08-24 22:06:02 UTC (rev 148)
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+SECURITY=${SECURITY:=security}
+EMAIL=${EMAIL:=$USER at apple.com}
+SSLVIEW=${SSLVIEW:=sslViewer}
+SERVER=${SERVER:=hurljo3.apple.com}
+HOME=/tmp/test$$
+
+mkdir $HOME
+cd $HOME
+mkdir Library
+mkdir Library/Preferences
+mkdir Library/Keychains
+
+echo Creating a login.keychain
+$SECURITY create -p login login.keychain
+echo "listing keychains"
+$SECURITY list-keychains
+echo "listing default keychain"
+$SECURITY default-keychain
+
+echo "CONTENT: The secret and possibly signed content." > content.txt
+
+echo "Connecting to SSL Test server " $SERVER
+$SSLVIEW $SERVER r c P=4443 V 3 a
+
+# arch-tag: 51571215-09B6-11D9-8D4F-000A95C4302E
+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-changes/attachments/20120824/8814726c/attachment-0001.html>
More information about the SmartcardServices-Changes
mailing list