OSX/utilities/SecAKSWrappers.h

   1 /*
   2  * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 #ifndef _SECAKSWRAPPERS_H_
  26 #define _SECAKSWRAPPERS_H_
  27
  28 #include <TargetConditionals.h>
  29 #include "utilities/SecCFError.h"
  30 #include <AssertMacros.h>
  31 #include <dispatch/dispatch.h>
  32
  33 #include <CoreFoundation/CFData.h>
  34
  35 #if defined(USE_KEYSTORE)
  36 #define TARGET_HAS_KEYSTORE USE_KEYSTORE
  37
  38 #else
  39
  40 #if RC_HORIZON
  41   #define TARGET_HAS_KEYSTORE 0
  42 #elif TARGET_OS_SIMULATOR
  43   #define TARGET_HAS_KEYSTORE 0
  44 #elif TARGET_OS_OSX
  45   #if TARGET_CPU_X86
  46     #define TARGET_HAS_KEYSTORE 0
  47   #else
  48     #define TARGET_HAS_KEYSTORE 1
  49   #endif
  50 #elif TARGET_OS_IPHONE
  51   #define TARGET_HAS_KEYSTORE 1
  52 #else
  53   #error "unknown keystore status for this platform"
  54 #endif
  55
  56 #endif // USE_KEYSTORE
  57
  58 #if __has_include(<libaks.h>)
  59 #include <libaks.h>
  60 #else
  61 #undef INCLUDE_MOCK_AKS
  62 #define INCLUDE_MOCK_AKS 1
  63 #endif
  64
  65 #if __has_include(<MobileKeyBag/MobileKeyBag.h>)
  66 #include <MobileKeyBag/MobileKeyBag.h>
  67 #else
  68 #undef INCLUDE_MOCK_AKS
  69 #define INCLUDE_MOCK_AKS 1
  70 #endif
  71
  72 #if INCLUDE_MOCK_AKS
  73 #include "tests/secdmockaks/mockaks.h"
  74 #endif
  75
  76
  77 bool hwaes_key_available(void);
  78
  79 //
  80 // MARK: User lock state
  81 //
  82
  83 enum {
  84     user_keybag_handle = (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR) ? device_keybag_handle : session_keybag_handle,
  85 };
  86
  87 extern const char * const kUserKeybagStateChangeNotification;
  88
  89 static inline bool SecAKSGetLockedState(keybag_state_t *state, CFErrorRef* error)
  90 {
  91     kern_return_t status = aks_get_lock_state(user_keybag_handle, state);
  92
  93     return SecKernError(status, error, CFSTR("aks_get_lock_state failed: %x"), status);
  94 }
  95
  96 // returns true if any of the bits in bits is set in the current state of the user bag
  97 static inline bool SecAKSLockedAnyStateBitIsSet(bool* isSet, keybag_state_t bits, CFErrorRef* error)
  98 {
  99     keybag_state_t state;
 100     bool success = SecAKSGetLockedState(&state, error);
 101
 102     require_quiet(success, exit);
 103
 104     if (isSet)
 105         *isSet = (state & bits);
 106
 107 exit:
 108     return success;
 109
 110 }
 111
 112 static inline bool SecAKSGetIsLocked(bool* isLocked, CFErrorRef* error)
 113 {
 114     return SecAKSLockedAnyStateBitIsSet(isLocked, keybag_state_locked, error);
 115 }
 116
 117 static inline bool SecAKSGetIsUnlocked(bool* isUnlocked, CFErrorRef* error)
 118 {
 119     bool isLocked = false;
 120     bool success = SecAKSGetIsLocked(&isLocked, error);
 121
 122     if (success && isUnlocked)
 123         *isUnlocked = !isLocked;
 124
 125     return success;
 126 }
 127
 128 static inline bool SecAKSGetHasBeenUnlocked(bool* hasBeenUnlocked, CFErrorRef* error)
 129 {
 130     return SecAKSLockedAnyStateBitIsSet(hasBeenUnlocked, keybag_state_been_unlocked, error);
 131 }
 132
 133 bool SecAKSDoWithUserBagLockAssertion(CFErrorRef *error, dispatch_block_t action);
 134
 135 //just like SecAKSDoWithUserBagLockAssertion, but always perform action regardless if we got the assertion or not
 136 bool SecAKSDoWithUserBagLockAssertionSoftly(dispatch_block_t action);
 137 //
 138 // if you can't use the block version above, use these.
 139 // !!!!!Remember to balance them!!!!!!
 140 //
 141 bool SecAKSUserKeybagDropLockAssertion(CFErrorRef *error);
 142 bool SecAKSUserKeybagHoldLockAssertion(uint64_t timeout, CFErrorRef *error);
 143
 144
 145 CFDataRef SecAKSCopyBackupBagWithSecret(size_t size, uint8_t *secret, CFErrorRef *error);
 146
 147 keyclass_t SecAKSSanitizedKeyclass(keyclass_t keyclass);
 148
 149 #endif