utilities/src/SecAKSWrappers.h

   1 //
   2 //  SecAKSWrappers.h
   3 //  utilities
   4 //
   5 //  Created by Mitch Adler on 6/5/13.
   6 //  Copyright (c) 2013 Apple Inc. All rights reserved.
   7 //
   8
   9 #ifndef _SECAKSWRAPPERS_H_
  10 #define _SECAKSWRAPPERS_H_
  11
  12 #include <utilities/SecCFError.h>
  13 #include <AssertMacros.h>
  14 #include <dispatch/dispatch.h>
  15
  16 #if TARGET_IPHONE_SIMULATOR
  17
  18 #include <IOKit/IOReturn.h>
  19
  20 // Make the compiler happy so this will compile.
  21 #define device_keybag_handle 0
  22 #define session_keybag_handle 0
  23
  24 enum keybag_state {
  25     keybag_state_unlocked = 0,
  26     keybag_state_locked = 1 << 0,
  27     keybag_state_no_pin = 1 << 1,
  28     keybag_state_been_unlocked = 1 << 2,
  29 };
  30 typedef uint32_t keybag_state_t;
  31 typedef int32_t keybag_handle_t;
  32
  33 static kern_return_t aks_get_lock_state(keybag_handle_t handle, keybag_state_t *state) {
  34     if (state) *state = keybag_state_no_pin & keybag_state_been_unlocked;
  35     return kIOReturnSuccess;
  36 }
  37
  38 #else
  39
  40 #include <libaks.h>
  41
  42 #endif
  43
  44 //
  45 // MARK: User lock state
  46 //
  47
  48 enum {
  49     user_keybag_handle = TARGET_OS_EMBEDDED ? device_keybag_handle : session_keybag_handle,
  50 };
  51
  52 extern const char * const kUserKeybagStateChangeNotification;
  53
  54 static inline bool SecAKSGetLockedState(keybag_state_t *state, CFErrorRef* error)
  55 {
  56     kern_return_t status = aks_get_lock_state(user_keybag_handle, state);
  57
  58     if (kIOReturnSuccess != status) {
  59         SecCFCreateError(status, CFSTR("com.apple.kern_return_t"), CFSTR("Kern return error"), NULL, error);
  60         return false;
  61     }
  62
  63     return true;
  64 }
  65
  66 // returns true if any of the bits in bits is set in the current state of the user bag
  67 static inline bool SecAKSLockedAnyStateBitIsSet(bool* isSet, keybag_state_t bits, CFErrorRef* error)
  68 {
  69     keybag_state_t state;
  70     bool success = SecAKSGetLockedState(&state, error);
  71
  72     require_quiet(success, exit);
  73
  74     if (isSet)
  75         *isSet = (state & bits);
  76
  77 exit:
  78     return success;
  79
  80 }
  81
  82 static inline bool SecAKSGetIsLocked(bool* isLocked, CFErrorRef* error)
  83 {
  84     return SecAKSLockedAnyStateBitIsSet(isLocked, keybag_state_locked, error);
  85 }
  86
  87 static inline bool SecAKSGetIsUnlocked(bool* isUnlocked, CFErrorRef* error)
  88 {
  89     bool isLocked = false;
  90     bool success = SecAKSGetIsLocked(&isLocked, error);
  91
  92     if (success && isUnlocked)
  93         *isUnlocked = !isLocked;
  94
  95     return success;
  96 }
  97
  98 static inline bool SecAKSGetHasBeenUnlocked(bool* hasBeenUnlocked, CFErrorRef* error)
  99 {
 100     return SecAKSLockedAnyStateBitIsSet(hasBeenUnlocked, keybag_state_been_unlocked, error);
 101 }
 102
 103 bool SecAKSDoWhileUserBagLocked(CFErrorRef *error, dispatch_block_t action);
 104
 105 #endif