keychain/CoreDataKeychain/SecCDKeychain.h

   1 /*
   2  * Copyright (c) 2017 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #import "SecKeybagSupport.h"
  25
  26 #if !TARGET_OS_BRIDGE
  27
  28 #if USE_KEYSTORE
  29 #import <libaks.h>
  30 #import <libaks_ref_key.h>
  31 #endif
  32
  33 #import <Foundation/Foundation.h>
  34 #import <CoreData/CoreData.h>
  35 #import <SecurityFoundation/APIMacros.h>
  36
  37 @class SecCDKeychainItemMetadata;
  38 @class SecCDKeychainLookupTuple;
  39 @class SecCDKeychainManagedItemType;
  40 @class SecCDKeychainAccessControlEntity;
  41 @class SFKeychainServerConnection;
  42 @class SFAESKey;
  43
  44 NS_ASSUME_NONNULL_BEGIN
  45
  46 @class SecCDKeychainItem;
  47
  48 @protocol SecCDKeychainLookupValueType <NSObject>
  49 @end
  50 typedef NSString<SecCDKeychainLookupValueType> SecCDKeychainLookupValueType;
  51
  52 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeString;
  53 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeData;
  54 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeNumber;
  55 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeDate;
  56 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeArray;
  57 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeDictionary;
  58
  59 @interface SecCDKeychain : NSObject
  60
  61 - (instancetype)init NS_UNAVAILABLE;
  62 - (instancetype)initWithStorageURL:(NSURL*)persistentStoreURL modelURL:(NSURL*)managedObjectURL encryptDatabase:(bool)encryptDatabase;
  63
  64 - (void)insertItems:(NSArray<SecCDKeychainItem*>*)items withConnection:(SFKeychainServerConnection*)connection completionHandler:(void (^)(bool success, NSError* _Nullable error))completionHandler;
  65
  66 - (void)fetchItemForPersistentID:(NSUUID*)persistentID withConnection:(SFKeychainServerConnection*)connection completionHandler:(void (^)(SecCDKeychainItem* _Nullable item, NSError* _Nullable error))completionHandler;
  67 - (void)fetchItemsWithValue:(NSString*)value forLookupKey:(NSString*)lookupKey ofType:(SecCDKeychainLookupValueType*)lookupValueType withConnection:(SFKeychainServerConnection*)connection completionHandler:(void (^)(NSArray<SecCDKeychainItemMetadata*>* items, NSError* error))completionHandler;
  68
  69 - (void)deleteItemWithPersistentID:(NSUUID*)persistentID withConnection:(SFKeychainServerConnection*)connection completionHandler:(void (^)(bool success, NSError* _Nullable error))completionHandler;
  70
  71 @end
  72
  73 @interface SecCDKeychainItemType : NSObject
  74
  75 @property (readonly, copy) NSString* name;
  76 @property (readonly) int32_t version;
  77
  78 // for both primaryKeys and syncableKeys, nil means "all the attributes"
  79 @property (readonly, copy, nullable) NSArray* primaryKeys;
  80 @property (readonly, copy, nullable) NSArray* syncableKeys;
  81
  82 @property (readonly) SecCDKeychainManagedItemType* managedItemType;
  83
  84 // subclasses must override
  85 + (nullable instancetype)itemType;
  86 + (nullable instancetype)itemTypeForVersion:(int32_t)version;
  87
  88 // to be called only by subclass implementations of +itemType
  89 - (instancetype)_initWithName:(NSString*)name version:(int32_t)version primaryKeys:(nullable NSArray*)primaryKeys syncableKeys:(nullable NSArray*)syncableKeys;
  90
  91 @end
  92
  93 @interface SecCDKeychainItemMetadata : NSObject
  94
  95 @property (readonly) SecCDKeychainItemType* itemType;
  96 @property (readonly) SecCDKeychainAccessControlEntity* owner;
  97 @property (readonly) NSUUID* persistentID;
  98 @property (readonly, copy) NSDictionary* attributes;
  99 @property (readonly, copy) NSArray<SecCDKeychainLookupTuple*>* lookupAttributes;
 100 @property (readonly) keyclass_t keyclass;
 101
 102 - (instancetype)init NS_UNAVAILABLE;
 103 - (void)fetchFullItemWithKeychain:(SecCDKeychain*)keychain withConnection:(SFKeychainServerConnection*)connection completionHandler:(void (^)(SecCDKeychainItem* _Nullable item, NSError* _Nullable error))completionHandler;
 104
 105 @end
 106
 107 @interface SecCDKeychainItem : NSObject
 108
 109 @property (readonly) SecCDKeychainItemType* itemType;
 110 @property (readonly) SecCDKeychainAccessControlEntity* owner;
 111 @property (readonly) NSUUID* persistentID;
 112 @property (readonly) NSDictionary* attributes;
 113 @property (readonly) NSArray<SecCDKeychainLookupTuple*>* lookupAttributes;
 114 @property (readonly) keyclass_t keyclass;
 115 @property (readonly) NSDictionary* secrets;
 116
 117 @property (readonly) SecCDKeychainItemMetadata* metadata;
 118
 119 - (instancetype)init NS_UNAVAILABLE;
 120 - (instancetype)initItemType:(SecCDKeychainItemType*)itemType withPersistentID:(NSUUID*)persistentID attributes:(NSDictionary*)attributes lookupAttributes:(nullable NSArray<SecCDKeychainLookupTuple*>*)lookupAttributes secrets:(NSDictionary*)secrets owner:(SecCDKeychainAccessControlEntity*)owner keyclass:(keyclass_t)keyclass;
 121
 122 @end
 123
 124 @interface SecCDKeychainLookupTuple : NSObject
 125
 126 @property (readonly, copy) NSString* key;
 127 @property (readonly, copy) id<NSCopying, NSObject> value;
 128 @property (readonly, copy) SecCDKeychainLookupValueType* valueType;
 129 @property (readonly, copy) NSString* stringRepresentation;
 130
 131 + (instancetype)lookupTupleWithKey:(NSString*)key value:(id<NSCopying, NSObject>)value;
 132
 133 - (instancetype)init NS_UNAVAILABLE;
 134 - (instancetype)initWithKey:(NSString*)key value:(id<NSCopying, NSObject>)value;
 135
 136 @end
 137
 138 typedef NS_ENUM(NSInteger, SecCDKeychainAccessControlEntityType) {
 139     SecCDKeychainAccessControlEntityTypeAccessGroup = 0,
 140 };
 141
 142 @interface SecCDKeychainAccessControlEntity : NSObject
 143
 144 @property (nonatomic, readonly) SecCDKeychainAccessControlEntityType entityType;
 145 @property (nonatomic, readonly) NSString* stringRepresentation;
 146
 147 + (instancetype)accessControlEntityWithType:(SecCDKeychainAccessControlEntityType)type stringRepresentation:(NSString*)stringRepresentation;
 148
 149 - (instancetype)init NS_UNAVAILABLE;
 150
 151 @end
 152
 153 #if USE_KEYSTORE
 154
 155 @protocol SecAKSRefKey <NSObject>
 156
 157 @property (readonly) NSData* refKeyBlob;
 158
 159 - (instancetype)initWithKeybag:(keybag_handle_t)keybag keyclass:(keyclass_t)keyclass;
 160 - (instancetype)initWithBlob:(NSData*)blob keybag:(keybag_handle_t)keybag;
 161
 162 - (nullable NSData*)wrappedDataForKey:(SFAESKey*)key;
 163 - (nullable SFAESKey*)keyWithWrappedData:(NSData*)wrappedKeyData;
 164
 165 @end
 166
 167 @interface SecAKSRefKey : NSObject <SecAKSRefKey>
 168 @end
 169
 170 #endif // USE_KEYSTORE
 171
 172 NS_ASSUME_NONNULL_END
 173
 174 #endif // !TARGET_OS_BRIDGE