[apple/security.git] / utilities / src / SecAKSWrappers.h

//
//  SecAKSWrappers.h
//  utilities
//
//  Created by Mitch Adler on 6/5/13.
//  Copyright (c) 2013 Apple Inc. All rights reserved.
//

#ifndef _SECAKSWRAPPERS_H_
#define _SECAKSWRAPPERS_H_

#include <utilities/SecCFError.h>
#include <AssertMacros.h>
#include <dispatch/dispatch.h>

#if TARGET_IPHONE_SIMULATOR

#include <IOKit/IOReturn.h>

// Make the compiler happy so this will compile.
#define device_keybag_handle 0
#define session_keybag_handle 0

enum keybag_state {
    keybag_state_unlocked = 0,
    keybag_state_locked = 1 << 0,
    keybag_state_no_pin = 1 << 1,
    keybag_state_been_unlocked = 1 << 2,
};
typedef uint32_t keybag_state_t;
typedef int32_t keybag_handle_t;

static kern_return_t aks_get_lock_state(keybag_handle_t handle, keybag_state_t *state) {
    if (state) *state = keybag_state_no_pin & keybag_state_been_unlocked;
    return kIOReturnSuccess;
}

#else

#include <libaks.h>

#endif

//
// MARK: User lock state
//

enum {
    user_keybag_handle = TARGET_OS_EMBEDDED ? device_keybag_handle : session_keybag_handle,
};

extern const char * const kUserKeybagStateChangeNotification;

static inline bool SecAKSGetLockedState(keybag_state_t *state, CFErrorRef* error)
{
    kern_return_t status = aks_get_lock_state(user_keybag_handle, state);
    
    if (kIOReturnSuccess != status) {
        SecCFCreateError(status, CFSTR("com.apple.kern_return_t"), CFSTR("Kern return error"), NULL, error);
        return false;
    }

    return true;
}

// returns true if any of the bits in bits is set in the current state of the user bag
static inline bool SecAKSLockedAnyStateBitIsSet(bool* isSet, keybag_state_t bits, CFErrorRef* error)
{
    keybag_state_t state;
    bool success = SecAKSGetLockedState(&state, error);
    
    require_quiet(success, exit);
    
    if (isSet)
        *isSet = (state & bits);
    
exit:
    return success;

}

static inline bool SecAKSGetIsLocked(bool* isLocked, CFErrorRef* error)
{
    return SecAKSLockedAnyStateBitIsSet(isLocked, keybag_state_locked, error);
}

static inline bool SecAKSGetIsUnlocked(bool* isUnlocked, CFErrorRef* error)
{
    bool isLocked = false;
    bool success = SecAKSGetIsLocked(&isLocked, error);

    if (success && isUnlocked)
        *isUnlocked = !isLocked;

    return success;
}

static inline bool SecAKSGetHasBeenUnlocked(bool* hasBeenUnlocked, CFErrorRef* error)
{
    return SecAKSLockedAnyStateBitIsSet(hasBeenUnlocked, keybag_state_been_unlocked, error);
}

bool SecAKSDoWhileUserBagLocked(CFErrorRef *error, dispatch_block_t action);

#endif
Commit	Line	Data
427c49bc A	1	//
	2	// SecAKSWrappers.h
	3	// utilities
	4	//
	5	// Created by Mitch Adler on 6/5/13.
	6	// Copyright (c) 2013 Apple Inc. All rights reserved.
	7	//
	8
	9	#ifndef _SECAKSWRAPPERS_H_
	10	#define _SECAKSWRAPPERS_H_
	11
	12	#include <utilities/SecCFError.h>
	13	#include <AssertMacros.h>
	14	#include <dispatch/dispatch.h>
	15
	16	#if TARGET_IPHONE_SIMULATOR
	17
	18	#include <IOKit/IOReturn.h>
	19
	20	// Make the compiler happy so this will compile.
	21	#define device_keybag_handle 0
	22	#define session_keybag_handle 0
	23
	24	enum keybag_state {
	25	keybag_state_unlocked = 0,
	26	keybag_state_locked = 1 << 0,
	27	keybag_state_no_pin = 1 << 1,
	28	keybag_state_been_unlocked = 1 << 2,
	29	};
	30	typedef uint32_t keybag_state_t;
	31	typedef int32_t keybag_handle_t;
	32
	33	static kern_return_t aks_get_lock_state(keybag_handle_t handle, keybag_state_t *state) {
	34	if (state) *state = keybag_state_no_pin & keybag_state_been_unlocked;
	35	return kIOReturnSuccess;
	36	}
	37
	38	#else
	39
	40	#include <libaks.h>
	41
	42	#endif
	43
	44	//
	45	// MARK: User lock state
	46	//
	47
	48	enum {
	49	user_keybag_handle = TARGET_OS_EMBEDDED ? device_keybag_handle : session_keybag_handle,
	50	};
	51
	52	extern const char * const kUserKeybagStateChangeNotification;
	53
	54	static inline bool SecAKSGetLockedState(keybag_state_t state, CFErrorRef error)
	55	{
	56	kern_return_t status = aks_get_lock_state(user_keybag_handle, state);
	57
	58	if (kIOReturnSuccess != status) {
	59	SecCFCreateError(status, CFSTR("com.apple.kern_return_t"), CFSTR("Kern return error"), NULL, error);
	60	return false;
	61	}
	62
	63	return true;
	64	}
65
66	// returns true if any of the bits in bits is set in the current state of the user bag
67	static inline bool SecAKSLockedAnyStateBitIsSet(bool* isSet, keybag_state_t bits, CFErrorRef* error)
68	{
69	keybag_state_t state;
70	bool success = SecAKSGetLockedState(&state, error);
71
72	require_quiet(success, exit);
73
74	if (isSet)
75	*isSet = (state & bits);
76
77	exit:
78	return success;
79
80	}
81
82	static inline bool SecAKSGetIsLocked(bool* isLocked, CFErrorRef* error)
83	{
84	return SecAKSLockedAnyStateBitIsSet(isLocked, keybag_state_locked, error);
85	}
86
87	static inline bool SecAKSGetIsUnlocked(bool* isUnlocked, CFErrorRef* error)
88	{
89	bool isLocked = false;
90	bool success = SecAKSGetIsLocked(&isLocked, error);
91
92	if (success && isUnlocked)
93	*isUnlocked = !isLocked;
94
95	return success;
96	}
97
98	static inline bool SecAKSGetHasBeenUnlocked(bool* hasBeenUnlocked, CFErrorRef* error)
99	{
100	return SecAKSLockedAnyStateBitIsSet(hasBeenUnlocked, keybag_state_been_unlocked, error);
101	}
102
103	bool SecAKSDoWhileUserBagLocked(CFErrorRef *error, dispatch_block_t action);
104
105	#endif