OSX/sec/securityd/SecDbKeychainItemV7.h

   1 /*
   2  * Copyright (c) 2017 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #import "SecKeybagSupport.h"
  25 #import <Foundation/Foundation.h>
  26 #import <ProtocolBuffer/PBCodable.h>
  27
  28 NS_ASSUME_NONNULL_BEGIN
  29
  30 @interface SecDbKeychainItemV7 : NSObject
  31
  32 @property (nonatomic, readonly) keyclass_t keyclass;
  33
  34 - (nullable instancetype)initWithData:(NSData*)data decryptionKeybag:(keybag_handle_t)decryptionKeybag error:(NSError**)error;
  35 - (instancetype)initWithSecretAttributes:(NSDictionary*)secretAttributes metadataAttributes:(NSDictionary*)metadataAttributes tamperCheck:(NSString*)tamperCheck keyclass:(keyclass_t)keyclass;
  36
  37 - (nullable NSDictionary*)metadataAttributesWithError:(NSError**)error;
  38 - (nullable NSDictionary*)secretAttributesWithAcmContext:(NSData*)acmContext accessControl:(SecAccessControlRef)accessControl callerAccessGroups:(NSArray*)callerAccessGroups error:(NSError**)error;
  39 - (BOOL)deleteWithAcmContext:(NSData*)acmContext accessControl:(SecAccessControlRef)accessControl callerAccessGroups:(NSArray*)callerAccessGroups error:(NSError**)error;
  40
  41 - (nullable NSData*)encryptedBlobWithKeybag:(keybag_handle_t)keybag accessControl:(SecAccessControlRef)accessControl acmContext:(nullable NSData*)acmContext error:(NSError**)error;
  42
  43 @end
  44
  45 extern NSString* const SecDbKeychainErrorDomain;
  46 extern const NSInteger SecDbKeychainErrorDeserializationFailed;
  47
  48
  49 @class SecDbKeychainSerializedMetadata;
  50 @class SecDbKeychainSerializedSecretData;
  51
  52 @interface SecDbKeychainItemV7 (UnitTesting)
  53
  54 + (bool)aksEncryptWithKeybag:(keybag_handle_t)keybag keyclass:(keyclass_t)keyclass keyData:(NSData*)keyData outKeyclass:(keyclass_t* _Nullable)outKeyclass wrappedKey:(NSMutableData*)wrappedKey error:(NSError**)error;
  55 + (bool)aksDecryptWithKeybag:(keybag_handle_t)keybag keyclass:(keyclass_t)keyclass wrappedKeyData:(NSData*)wrappedKeyData outKeyclass:(keyclass_t* _Nullable)outKeyclass unwrappedKey:(NSMutableData*)unwrappedKey error:(NSError**)error;
  56
  57 + (bool)isKeychainUnlocked;
  58
  59 @property (readonly) NSData* encryptedMetadataBlob;
  60 @property (readonly) NSData* encryptedSecretDataBlob;
  61
  62 - (BOOL)encryptMetadataWithKeybag:(keybag_handle_t)keybag error:(NSError**)error;
  63 - (BOOL)encryptSecretDataWithKeybag:(keybag_handle_t)keybag accessControl:(SecAccessControlRef)accessControl acmContext:(nullable NSData*)acmContext error:(NSError**)error;
  64
  65 @end
  66
  67 // For Db resets _only_
  68 @interface SecDbKeychainMetadataKeyStore : NSObject
  69
  70 + (bool)cachingEnabled;
  71
  72 + (void)resetSharedStore;
  73 + (instancetype)sharedStore;
  74
  75 - (instancetype)init NS_UNAVAILABLE;
  76
  77 - (void)dropClassAKeys;
  78
  79 @end
  80
  81 NS_ASSUME_NONNULL_END