АBOBOА [xdHHHHHHа4 џџH2lР ‚   [pџ-ZџџџPerry The CynicˆfџџBLOM!`<.ІџxHHи(џсџтљFG(ќHHи(d'`џџr@†l €/РhР№3фwl4ЄРh*  H4  PД4Дџџџџџџџџ•Мd3DSETЎ ‚ ю&™ 5?4X [М2Ь4D4<дˆ2|)r дˆwT*G@uдˆw1„&™дˆvЌ Ј‘Њ.}Р•ЩK’n’‚’œ’И’Ю’у’ѕ• —k•~x•+ Њ ѕ’ ’ H’ j’ Ќ’ н— 7— o• ‚љж•рЋM‡•­——л—ќ—Ъ—6—Ф•р"t•"#Š$ ’% ’%”’&™’є“Ћ.  Р–Щ  K ”k Ѓl ”ѕ–  ˜k–~  –+  Э Іл   Ї   ѕ ” E Ѓ F ” – Є Ѓ ” н ˜    Ѓ ˜ Ј  Ў ˜ ч  э ˜ ђ   ˜   % ˜ o– ‚  ж–р  $ І,  + Ѕ,  ] Іr  Л ЇТ  н Іы  $ Ї†  ‡–­ ˜ј Ј ˜ь ­№ ˜G T ˜Ф–р  "t–"  $  ”`kˆд Enд&+ˆд‚\ `p\ˆ*hф‘4”u%*X š4?4ЬXВ3ќ v2T€4h€D4$ФХ4 ‰4Р$‰2№\Insight Architecture Overview (The Big Stuff) This document gives a high-level architecture overview of the insight project. Please note that we donеt explain CDSA here; go read the standard. Overview The basic infrastructure of insight is built on CDSA. All cryptographic functionality is expressed as CSSM plugin modules. CSSM manages module operations for any caller. Layered service libraries use CDSA API interfaces to both implement higher-level features (e.g. SSL) and to make the use of CDSA interfaces easy for common cases. Insight consists of the following major components: CSSM and MDS framework libraries CSSM plugin modules Layered service libraries Keychain Access application SecurityServer daemon SecurityAgent daemon Utility libraries Supported Platforms While Insight was originally written to be available on both MacOS 9 and MacOS X, tˆhe actual implementation currently is specific to MacOS X. In particular, the RPC interfaces use Mach IPC, which is not available on MacOS 9. It is still possible to add corresponding (mostly dummy) implementations for MacOS 9, but current priorities make that unlikely. The CSSM Use Model Applications (including daemons, servers, and tools) use this architecture by linking against both layered service libraries and CDSA libraries. Our intent is that simple, common functionality is directly supported by a combination of layered service libraries, without the need to make CSSM API calls. For more complex or more detailed operation, layered se‘rvice APIs will divulge the underlying CSSM data objects, so that CSSM API calls can be made to implement detailed or unusual operations as needed. Conceptually, each application has its separate copy of the CSSM library and underlying set of plugins. That is, no sharing of state is apparent between applications unless explicitly specified. On OS X, applications actually do have their own instances of CSSM and plugins in their own address spaces, independent of any other application. On OS 9, any sharing that may occur is transparent to applications. The SecurityServer Daemon To separate sensitive data and computations from potentially unsecured add%ress spaces, all sensitive cryptographic work is done in a separate process, called the SecurityServer. The SecurityServer is not user visible; the Apple CSP/DL uses it transparently to implement its services. The protocol between CSP and SecurityServer is proprietary and may change from release to release. The SecurityServer can provide the following functionality to its clients: Secure storage of keys while in memory Secure cryptographic computations on keys Protection and evaluation of ACLs Secure acquisition of user secrets (via the SecurityAgent daemon) Retention and management of database master keys On OS X, the SecurityServer is a unique system-trusted process that can be securely contacted through a privileged IPC port. On OS 9, it may either be a faceless background application, or a system library. In either case, the inherent security of address space separation is not available on OS 9, but the architectural model is still observed. Note that databases managed by the Apple CSP/DL through the SecurityServer support only storage items of Key and Public (cleartext) type. Other types of logical items (such as Secret and Tamper-Resistant) are created by the Secure Storage layered service, and are quite unknown to the SecurityServer and CSP/DL. MDS Implementation MDS is the module directory service of CDSA. We will implement the MDS interfaces according to the standard. However, our implementation will construct the MDS database dynamically from a survey of available modules at initialization time. There is no separate, static registry of module information. Instead, module information is packaged with the individual modules and is collected as needed. MDS will s?till support dynamic modification to support the CDSA model of dynamic subsystems (e.g. insertable smart cards). Such dynamic modifications are lost when the CSSM terminates, but are reacquired should CSSM be reinitialized. We will also have a registry of caller manifests (for signed applications, libraries, etc.). The current design intends to use the MDS facilities to store and control these manifests. This part has not yet been designed. Keychains The primary user-visible repository of security-sensitive data is a Keychain. Keychains appear to the user as storage containers for various kinds of items, including keys, certificates, and secrets (passwords). A keychain is protected by a pass phrase, and the user may place individual access control rules on each contained item . Items can share control rules, thus proviВding Access Control Groups. The user may have any number of keychains on a system. Keychains are a logical construct, created by the Secure Storage layered service. The Secure Storage layer implements keychains as one or more CSSM databases managed by Appleеs CSP/DL plugin and perhaps other DL plugin modules. CSSM itself has no understanding of keychains, though the uCSP daemon does support some special functions useful for database management, that are essential for the keychain implementation. The CSSM databases underlying a particular keychain can be of different kinds. In particular, keys can be stored on smart cards, and non-key data can be stored in any place that has a DL plvugin module to access it. The вnaive userг view of this versatility is probably one of the primary challenges of our design. Application Identity and Authenticity In order to give an application stored on disk the right to perform an operation, we need to establish the applicationеs identity. That is, we must be sure that an application requesting to perform a secured operation is the same one that we gave that right to yesterday. The quality of an application we verify then is called its identity. To establish application identity, we need a canonical mechanism for turning it into a stream of bytes. Essentially, we need to order its pieces in some reproducible way, and omit any pieces that we might not want to include, such as SIZE preferences. Then we apply a cryptographic hash function to that byte stream. The resulting digest (hash) value becomes or notion of identity. To verify an applicationеs identity, we simply repeat the computation and compare digests. It is very important to understand what this notion of identity establishes, and what it omits. It gives us repeatability - we will continue to deal with the same application. Since the digest algorithm is insensitive to where an application is stored, identity survives moves and copies. On the other hand, we have no assurance as to who made the application, who placed it there, or whether it was modified after it was produced (but before we obtained it). That is, establishing identity may only assure us that we still have the same, but corrupt, copy of it. In order to establish actual trust, we must use digital certificates that certify the applicationеs MDS manifest. This authenticates the application (as, e.g. being authorized by Apple). In general, authenticity is more powerful than identity, but it is also more expensive and more complicated to verify. Authentication through X.509 certificate chains allows us to exDtend trust to all applications signed (directly or indirectly) by one key. But to verify this, we need to obtain or reconstruct the entire certificate chain, verify for expiration and possible revocation, and finally verify that the applicationеs digest conforms to that in the leaf certificate. On the other hand, identity can be verified without any recourse to certificates or keys, as long as the digest value can be stored securely. The upshot is, of course, that both are useful and needed. If we need to bind an access right to a real-world entity (e.g. Apple Computer), or we wish to extend privileges to a dynamic set of applications (e.g. all applications of a release), then we need to use authentication. If we obtained an application from a trusted path (e.g. a CD-ROM, an S/MIME e-mail), we may just wish to use identity. ХInsight Used From Libraries Libraries (both Appleеs and third party) can program to the layered services and CSSM APIs like applications do. CSSM provides for separate initialization and cleanup by multiple callers; while this mechanism is awkward in places, we believe it to be serviceable (if used appropriately). Layered services APIs must provide for multiple independent users within the same address space. Thus, separately packaged library may use the security APIs without regard to other concurrent users, with the understanding that it may be sharing resources (particularly CSSM state) that make it vulnerable to errors of other code in the same address space. (No news here.) Kernel Use There is currently no model to provide CDSA functionality to kernel code. Our CSSM implementation will not run in the kernel (itеs definitely user-space code). That means that kernel code that wants to do cryptography cannot use the basic framework established here. There are a few possibilities to ameliorate this situation. They have not been thoroughly investigated; take this as rough ideas. Move cryptographic code into user space. It is possible to implement, say, an encrypting file system in user code, with kernel hooks (a la automounter) to connect it to kernel functionality. This is the easiest way, though it may have performance problems. Re-implement needed cryptographic code in the kernel. This is of course possible, though itеs wasteful in engineering and maintenance. Extract needed cryptographic into a library module, make the library usable in kernel space, and use it both in a CSSM CSP and in kernel code. This is the most practical approach, as long as the needed functionality can be well defined and is unlikely to grow. ZџџNдDSETTd`dwwvфдw Ў А Џ ew@e MDS is not fully implemented at this time. We use a trivial text file based вshimг implementation.DSETTOE`12ш2Ј3јд&wH& 0 Ђ Ёf Ќo Ё 24H2 Not all cryptographic computations need to be performed in the SecurityServer, only those involving sensitive keys. For example, for an asymmetric signing algorithm, digesting may be performed in the CSP itself, while signing the digest may happen in the uCSP. This addresses certain performance issues.DSETTKf`‚p4,444дwD 0 Ђ ЁK Љf Ё q4Pq These access rules are internally implemented through CDSA ACLs. See the Access Control Architecture document.DSET‚џџ.Hџџџџџџ4(дˆЋ/ дџџ6џџ*Ћ/DSET џџ.HA-џџџџџџ3є/ˆдџџˆдџџ˜дџџ˜ дџџ6џџ*Ћ/DSUM(Perry The CynicHDNISTYLF><­џџDSTYL40w|4wœw”wŒw„w€ †џџв џџџџџџџџџџџџџџџџ џџџџН џџ џџ џџџџ џџ 1џџџџџџ4џџ* џџ џџ џџ џџџџ џџџџ џџ џџџџ џџ џџ3 џџ џџџџ џџџџ џџџџ  џџџџ џџџџџџџџџџ  џџџџџџ  џџ%аџџџџџџ0џџџџ0џџџџ0џџџџ0џџџџ0џџџџ0 џџџџ0 џџџџ0 џџџџ0 џџџџ0 џџџџ0џџџџ 0џџџџ!!0џџџџ%""аџџџџџџ##0""џџ$$0""џџ%%0""џџџџ&&0"$џџ''0"$џџ((0"$ џџ))0"$ џџ**0"$ џџ++0"$ џџџџ,,0"#џџџџ--0"#џџџџ..0"%џџ!//0"%џџџџ%00аџџџџџџ11000џџџџ22000џџџџ33000џџџџ44002џџџџ55002џџџџ66002 џџџџ77002 џџџџ88002 џџџџ99002 џџџџ::001 џџџџ;;001 џџџџ<<003џџџџ==003џџџџ%>>аџџџџџџ??0>>!џџџџ@@0>> џџџџAA0>>!џџџџBB0>@"" џџџџCC0>@#џџџџDD0>@$ џџџџEE0>@% џџџџFF0>@& џџџџGG0>@' џџџџHH0>?#( џџџџII0>?#) џџџџJJ0>A* џџџџKK0>A+џџџџ%LLаџџџџ,џџMM0LL$-џџџџNN0LL.џџџџOO0LL/ џџџџPP0LN0џџџџQQ0LN1џџџџRR0LN2џџџџSS0LN3џџџџTT0LN4џџџџUU0LN5џџџџVV0LM%: џџџџWW0LM%; џџџџXX0LO8 џџџџYY0LO9 џџџџZZаџџџџ,џџ[[0ZZ- џџN\\0ZZ.џџџџ]]0ZZ<џџџџ^^0Z\0џџџџ__0Z\=џџџџ``0Z\>џџџџaa0Z\?џџџџbb0Z\@џџџџcc0Z[&: џџџџdd0Z]Aџџџџeeаџџџџ Bџџff0ee'Cџџџџgg0ee Dџџџџhh0eg $џџџџii0eg %џџџџjj0eg &џџџџkk0eg 'џџџџll0ef(Gџџџџmm0ef(Hџџџџnnиџџџџ џџoo8nn џџџџpp8nn џџџџqq8nn џџџџrr8nn џџџџss8nn џџџџtt8nn џџџџuu8nn џџџџvv8nn џџџџww8nn џџџџxx8nn џџџџyy8nn џџџџzz8nn џџџџ{{иџџџџ)џџ||8{{*џџџџ}}8{{+џџџџ~~8{{,џџџџ8{{-џџџџ€€8{{- џџџџ8{{-!џџџџ‚‚8{{-"џџџџƒƒ8{{-#џџџџ„„8{{-$џџџџ……8{{-%џџџџ ††иџџџџ &џџ‡‡8†† 'џџџџˆˆ8†† (џџџџ‰‰8†† )џџџџŠŠ8†† *џџџџ‹‹8†† +џџџџ ŒŒџџџџџџ.џџŽŽџџ,џџџџџџ/-џџџџџџ0џџ‘‘  1.џџ‘’“џџ‘1.џџџџ“’   /џџ“””џџ’ /џџџџ••  џџ• ––џџ•џџ ——  џџ— ˜˜џџ— џџЄ™Œ—3џџџџšžџџџџ0 џџ›Ÿџџ24!џџ œ  џџ2џџœЁџџ 2џџџџžЂ 2џџџџŸЃ’/џџ™ ЄŒ’3џџџџЁЅџџџџЂІ3џџ ЃЇŒ3џџЂЄЈ—3џџџџЅЉџџ 72џџџџІЊ ž6.џџІЇЋџџЊ6.џџџџЈЌџџ 52џџџџЉ­—8џџЊЎ џџ2џџЊЋЏџџЎ2џџžЌАЎ2џџŽ•џџHASHŒ $кэдб юдб›С(ЋС( ЈС(ЅС)ЌУ (˜У (ЃУ )ЁУ (ЉУДзŒLУДиŒZХ/(”Х/) Ÿблд"блд0вДЪйдивŽн"<кр"дЮсДоусМщЮšу%8зeуІрйŒуЕес>іn:7(QQA,‡Qˆv‰›ŠР‹,oQpvq›rРsхt u/vTwyxžyУz,8|QI}v4~›5Р5€х5 5‚ /5ƒ T5„ y5… +–$'()*+/0 OHPICUј, - 06 17 28 39CcJVKW (2 G. 5&yЗ<y›:й?;й H=љљ%љB4љ $3љ 35§J?§>§ EMџ>[1я#g-D.E/F0GFJ`B/R0S1T2U0YJX&C.K "@ #A $\ %]jkhi*lŠВmћHd§/Q§9a§:b§1^§7_§8`§DPў0f'O%’ & C 0$ЇC 0(’L: QfИeg{hГчmhЙбкiCodj­зaqЙit rЇщl tГзХ†uРЯйzЋсozЖеФ}Bod}ЉгжnŠ9џџ CHAR48Oџџџџ џџ џџџњ џџџџ џџ џџ7џџџџ џџџщџџ"џн џџџў  џџ џџџњ џџџџ7џџџџџџ7џџ"џџ џџџў џџ џџ" ( ' џџ% џџ џџ    џџ  џџ џџ. џџ џџ   / џџ* 2 !/ џџ $  џџ'џџ& џџ&џџ  џџ& )& џџџў џџ7 џџ3џџџџџџџџ џџџџ џџ  3"џп џџџџџџџџ џџџџ  *џџHASH (0,1-4*E+Ё4"&3: ;#D")*  )% *   .60F/HL R   572$/61 8 ЪI CELLw˜4џџџџџ+џџџ'џџџџќ џџџџј џџјџџџџџџџџџџ џџќ џџќ џџј џџј џџќ џџџџќ џџќ џџјџџјџџџџј џџџџј џџџџј 6џџџџј џџx„ џџи$ џџx€ џџи  јџџџџџџџџџџџџџџџџ џџј џџј џџ џџ џџџџјџџџџћџџјџџјџџџџџџџџ 7џџџџј Eџџџџј џџџ џџџ џџќ џџќ џџџџјџџјџџјџџј џџј џџџџј џџFџџџџј џџџџџџј џџ(г џџˆs @џџHASHџ     ( ) :;,xxи1и3јјј ј ј -ќ ќ D"# $ % & '*+ 2345 89B !.<*шGŠŒHњCњ 1њ0њAњ=њ>њ?њ@§ / џџ GRPHwџџџџџ+џџџGџџЮџџ џџЮџџ џџџџџџџџџџџџџџџџџџџџ џџ|џџHASH  в Ю   r5џџl RULRwˆOџџџџџџџџ§@џџ\џџ&йРџџџРџџ $џџB@џџџ џџ@ џџ пРџџ пРџџ $џџ $џџџџ$џџHџџlџџџџДџџиџџќџџ џџDџџ hџџ Œџџ Аџџџџ$џџHџџlџџџџДџџиџџќџџ џџDџџ hџџџџ$џџHџџlџџџџДџџ>й+џџ~@џџџ@џџџР$џџf@џџёРџљџџџРџљџџfй џџfйN5џџHASHРј2Ръ1Т Т(чУ"э Ф"э Ф&џ/џ@  kч,џ&,'0Q(v)›*Р+0 ,Qhл4v›Рх /TyžУ,Qv›Р х! " /# T$ y% 0  hл3@§@BB .Bh0H-rБ™LKUP  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘“’”•–—˜š›œџџ™š›œžŸ ЁЂЃЄЅІЇЈЉЊЋЌи"џџ$NAMEDefault Default SSHeaderBodyFooterFootnoteFootnote Index Bullet Title Section 1 Q & AQQA DefinitionCode ChecklistNumberClassic" Blue Gray 10 Blue Gray 2>ColorfulL 3D Table 1Z 3D Table 2e AccountingnHarvard{Legal†DiamondŒEmphasisFilenameŽ CodeLinesWarning Doc ReferencežSubtitleŸ Section 2ЈDFNTM HelveticaGenevaџџGenevaTimesPalatinoCourierMCROMCROoBlNoBlNBBARBBARџџMARKMRKSџџ MOBJWMBTETBLXDSUM7жHDNI8STYL8MCRO~VoBlN~fBBAR~vMARK~†WMBT~ЌETBL~Иџў§ќћњљј№ёђѓєѕії