keychain/securityd/SecDbBackupManager.h

   1 /*
   2  * Copyright (c) 2018 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 // For now at least, we'll support backups only on iOS and macOS
  25 #define SECDB_BACKUPS_ENABLED ((TARGET_OS_OSX || TARGET_OS_IOS || TARGET_OS_IOSMAC) && !TARGET_OS_SIMULATOR && !TARGET_DARWINOS)
  26
  27 #if __OBJC2__
  28 #import <Foundation/Foundation.h>
  29 #if !TARGET_OS_BRIDGE   // Specifically needed until rdar://problem/40583882 lands
  30 #import <SecurityFoundation/SFKey.h>
  31 #endif
  32 #import "SecAKSObjCWrappers.h"
  33 #import "CheckV12DevEnabled.h"
  34
  35 NS_ASSUME_NONNULL_BEGIN
  36
  37 typedef NS_ENUM(NSInteger, SecDbBackupRecoveryType) {
  38     SecDbBackupRecoveryTypeInvalid = -1,
  39     SecDbBackupRecoveryTypeAKS = 1,
  40     SecDbBackupRecoveryTypeCylon = 2,
  41     SecDbBackupRecoveryTypeRecoveryKey = 3,
  42 };
  43
  44 extern NSString* const KeychainBackupsErrorDomain;
  45
  46 typedef NS_ENUM(NSInteger, SecDbBackupErrorCode) {
  47     SecDbBackupUnknownError = -1,
  48     SecDbBackupSuccess = 0,
  49     SecDbBackupAKSFailure,
  50     SecDbBackupCryptoFailure,
  51     SecDbBackupWriteFailure,
  52     SecDbBackupDeserializationFailure,
  53     SecDbBackupSetupFailure,
  54     SecDbBackupNoBackupBagFound,
  55     SecDbBackupNoKCSKFound,
  56     SecDbBackupDuplicateBagFound,
  57     SecDbBackupMultipleDefaultBagsFound,
  58     SecDbBackupMalformedBagDataOnDisk,
  59     SecDbBackupMalformedKCSKDataOnDisk,
  60     SecDbBackupMalformedUUIDDataOnDisk,
  61     SecDbBackupUUIDMismatch,
  62     SecDbBackupDataMismatch,
  63     SecDbBackupUnknownOption,
  64     SecDbBackupKeychainLocked,
  65     SecDbBackupInvalidArgument,
  66     SecDbBackupNotSupported,
  67     SecDbBackupInternalError,
  68
  69     SecDbBackupTestCodeFailure = 255,     // support code for testing is falling over somehow
  70 };
  71
  72 @interface SecDbBackupWrappedItemKey : NSObject <NSSecureCoding>
  73 @property (nonatomic) NSData* wrappedKey;
  74 @property (nonatomic) NSData* baguuid;
  75 @end
  76
  77 @interface SecDbBackupManager : NSObject
  78
  79 + (instancetype)manager;
  80 - (instancetype)init NS_UNAVAILABLE;
  81
  82 #if !TARGET_OS_BRIDGE   // Specifically needed until rdar://problem/40583882 lands
  83 - (SecDbBackupWrappedItemKey* _Nullable)wrapItemKey:(SFAESKey*)key forKeyclass:(keyclass_t)keyclass error:(NSError**)error;
  84 #else
  85 - (SecDbBackupWrappedItemKey* _Nullable)wrapItemKey:(id)key forKeyclass:(keyclass_t)keyclass error:(NSError**)error;
  86 #endif
  87
  88 - (void)verifyBackupIntegrity:(bool)lightweight
  89                    completion:(void (^)(NSDictionary<NSString*, NSString*>* results, NSError* _Nullable error))completion;
  90
  91 @end
  92
  93 NS_ASSUME_NONNULL_END
  94 #endif      // __OBJC2__
  95
  96 // Declare C functions here
  97
  98 bool SecDbBackupCreateOrLoadBackupInfrastructure(CFErrorRef _Nullable * _Nonnull error);