/*----------------------------------------------------------------------- * File: CSM_DYNMDS.H * * Copyright (c) 1995-2000 Intel Corporation. All rights reserved. *----------------------------------------------------------------------- */ /* * This file implements services for "Dynamic MDS". Dynamic MDS is (for * this application) defined to be the MDS operations performed by dynamic * CSPs. The MDS update model is a compromise between keeping 100% accurate * information, supporting application queries and performance. It allows a * "last known good" update model to be performed. * * Maintaining 100% accurate information would require all MDS state to be * removed whenever the card is removed from the system. The advantage of * this system is that an application always knows exactly what it has * available. The drawbacks of this system is that the information can only * be maintained while the service provider is loaded. It also eliminates * the ability for an application to determine what MIGHT be available if * a subservice were available. For instance, an application would not know * that a user could perform RSA signatures until the user inserted a * smartcard... which means the user can not be prompted to insert the * card. * * Allowing an application to query possible capabilities can be achieved * by placing a superset of all capabilities supported by a subservice in * it varying states. The advantage is that there is no performance hit * after installation. The disadvantage is that it may give the application * a false positive if the subservice can only support some of the * capabilities listed in MDS. This implementation would also be the best * for performance reasons since the MDS would never be updated at run-time. * * The chosen solution is a combination of the two solutions above. The * reason for the compromise was to support hardware devices such as * smartcard readers that can be used with multiple cards with different * capabilities. It is meant to be used in the following manner. When a * card is inserted, the "CSP Smartcard Info" record is fetched for the * subservice. If the model and serial number fields are the same, no MDS * updates are made and an insert event should be sent to the CSSM. If the * model is the same, but the serial number is different, the smartcard * info record is updated but the capabilities are not changed. If there * is not record in the MDS for the subservice or the model does not match * the one in MDS, the smartcard info and the capabilities are written to * the MDS. This provides a good balance between capability queries and * performance since a time hit is only experienced when the capability * set of a subservice changes from one insertion to the next. */ #ifndef __CSM_DYNMDS_H__ #define __CSM_DYNMDS_H__ #include "cssmtype.h" #include "mds.h" typedef uint32 CSM_DMDS_SCHEMA_MASK; #define CSM_DMDS_SCHEMA_CSP_SMARTCARD ( 0x00000001 ) #define CSM_DMDS_SCHEMA_CSP_ATTRIBUTES ( 0x00000002 ) typedef struct _csm_dmds_context { MDS_HANDLE hMds; MDS_DB_HANDLE hDb; CSSM_GUID ModuleGuid; uint32 uSubserviceId; CSM_DMDS_SCHEMA_MASK mTouched; CSSM_DB_ATTRIBUTE_DATA *CSPCapabilityAttributes; } CSM_DMDS_CONTEXT; typedef struct _csm_dmds_csp_smartcard { CSSM_STRING szDescription; CSSM_STRING szVendor; CSSM_VERSION vSmartcardVersion; CSSM_VERSION vFirmwareVersion; uint32 uFlags; uint32 uCustomFlags; CSSM_STRING szSerialNumber; } CSM_DMDS_CSP_SMARTCARD; #define CSM_DMDS_MAX_VALUES ( 16 ) typedef struct _csm_dmds_csp_capability { CSSM_PRIVILEGE UseeTag; uint32 GroupId; CSSM_CONTEXT_TYPE ContextType; CSSM_ALGORITHMS AlgType; CSSM_ATTRIBUTE_TYPE AttributeType; uint32 uAttributeValues[CSM_DMDS_MAX_VALUES]; uint32 uNumValues; CSSM_STRING szDescription; } CSM_DMDS_CSP_CAPABILITY; CSSM_RETURN CSM_DMDSInit( CSM_DMDS_CONTEXT *pContext, const CSSM_GUID *pGuid, uint32 uSubserviceId ); CSSM_RETURN CSM_DMDSInitiateUpdate( CSM_DMDS_CONTEXT *pContext ); CSSM_RETURN CSM_DMDSFinalizeUpdate( CSM_DMDS_CONTEXT *pContext ); CSSM_RETURN CSM_DMDSEnd( CSM_DMDS_CONTEXT *pContext ); CSSM_RETURN CSM_DMDSUpdateCSPSmartcard( CSM_DMDS_CONTEXT *pContext, const CSM_DMDS_CSP_SMARTCARD *pSmartcard ); CSSM_RETURN CSM_DMDSFetchCSPSmartcard( CSM_DMDS_CONTEXT *pContext, CSM_DMDS_CSP_SMARTCARD *pSmartcard ); CSSM_RETURN CSM_DMDSUpdateCSPCapability( CSM_DMDS_CONTEXT *pContext, const CSM_DMDS_CSP_CAPABILITY *pCapabilities, uint32 uNumCapabilities ); CSSM_RETURN CSM_DMDSDeleteCSPCapabilities( CSM_DMDS_CONTEXT *pContext ); #endif /* ifndef __CSM_DYNMDS_H__ */