keychain/CoreDataKeychain/SecCDKeychain.h

   1 /*
   2  * Copyright (c) 2017 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #import "SecKeybagSupport.h"
  25
  26 #if !TARGET_OS_BRIDGE
  27
  28 #if USE_KEYSTORE
  29 #if __has_include(<libaks.h>)
  30 #import <libaks.h>
  31 #endif
  32 #if __has_include(<libaks_ref_key.h>)
  33 #import <libaks_ref_key.h>
  34 #endif
  35 #endif
  36
  37 #import <Foundation/Foundation.h>
  38 #import <CoreData/CoreData.h>
  39 #import <SecurityFoundation/APIMacros.h>
  40
  41 @class SecCDKeychainItemMetadata;
  42 @class SecCDKeychainLookupTuple;
  43 @class SecCDKeychainManagedItemType;
  44 @class SecCDKeychainAccessControlEntity;
  45 @class SFKeychainServerConnection;
  46 @class SFAESKey;
  47
  48 NS_ASSUME_NONNULL_BEGIN
  49
  50 @class SecCDKeychainItem;
  51
  52 @protocol SecCDKeychainLookupValueType <NSObject>
  53 @end
  54 typedef NSString<SecCDKeychainLookupValueType> SecCDKeychainLookupValueType;
  55
  56 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeString;
  57 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeData;
  58 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeNumber;
  59 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeDate;
  60 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeArray;
  61 extern SecCDKeychainLookupValueType* const SecCDKeychainLookupValueTypeDictionary;
  62
  63 @interface SecCDKeychain : NSObject
  64
  65 - (instancetype)init NS_UNAVAILABLE;
  66 - (instancetype)initWithStorageURL:(NSURL*)persistentStoreURL modelURL:(NSURL*)managedObjectURL encryptDatabase:(bool)encryptDatabase;
  67
  68 - (void)insertItems:(NSArray<SecCDKeychainItem*>*)items withConnection:(SFKeychainServerConnection*)connection completionHandler:(void (^)(bool success, NSError* _Nullable error))completionHandler;
  69
  70 - (void)fetchItemForPersistentID:(NSUUID*)persistentID withConnection:(SFKeychainServerConnection*)connection completionHandler:(void (^)(SecCDKeychainItem* _Nullable item, NSError* _Nullable error))completionHandler;
  71 - (void)fetchItemsWithValue:(NSString*)value forLookupKey:(NSString*)lookupKey ofType:(SecCDKeychainLookupValueType*)lookupValueType withConnection:(SFKeychainServerConnection*)connection completionHandler:(void (^)(NSArray<SecCDKeychainItemMetadata*>* items, NSError* error))completionHandler;
  72
  73 - (void)deleteItemWithPersistentID:(NSUUID*)persistentID withConnection:(SFKeychainServerConnection*)connection completionHandler:(void (^)(bool success, NSError* _Nullable error))completionHandler;
  74
  75 @end
  76
  77 @interface SecCDKeychainItemType : NSObject
  78
  79 @property (readonly, copy) NSString* name;
  80 @property (readonly) int32_t version;
  81
  82 // for both primaryKeys and syncableKeys, nil means "all the attributes"
  83 @property (readonly, copy, nullable) NSArray* primaryKeys;
  84 @property (readonly, copy, nullable) NSArray* syncableKeys;
  85
  86 @property (readonly) SecCDKeychainManagedItemType* managedItemType;
  87
  88 // subclasses must override
  89 + (nullable instancetype)itemType;
  90 + (nullable instancetype)itemTypeForVersion:(int32_t)version;
  91
  92 // to be called only by subclass implementations of +itemType
  93 - (instancetype)_initWithName:(NSString*)name version:(int32_t)version primaryKeys:(nullable NSArray*)primaryKeys syncableKeys:(nullable NSArray*)syncableKeys;
  94
  95 @end
  96
  97 @interface SecCDKeychainItemMetadata : NSObject
  98
  99 @property (readonly) SecCDKeychainItemType* itemType;
 100 @property (readonly) SecCDKeychainAccessControlEntity* owner;
 101 @property (readonly) NSUUID* persistentID;
 102 @property (readonly, copy) NSDictionary* attributes;
 103 @property (readonly, copy) NSArray<SecCDKeychainLookupTuple*>* lookupAttributes;
 104 @property (readonly) keyclass_t keyclass;
 105
 106 - (instancetype)init NS_UNAVAILABLE;
 107 - (void)fetchFullItemWithKeychain:(SecCDKeychain*)keychain withConnection:(SFKeychainServerConnection*)connection completionHandler:(void (^)(SecCDKeychainItem* _Nullable item, NSError* _Nullable error))completionHandler;
 108
 109 @end
 110
 111 @interface SecCDKeychainItem : NSObject
 112
 113 @property (readonly) SecCDKeychainItemType* itemType;
 114 @property (readonly) SecCDKeychainAccessControlEntity* owner;
 115 @property (readonly) NSUUID* persistentID;
 116 @property (readonly) NSDictionary* attributes;
 117 @property (readonly) NSArray<SecCDKeychainLookupTuple*>* lookupAttributes;
 118 @property (readonly) keyclass_t keyclass;
 119 @property (readonly) NSDictionary* secrets;
 120
 121 @property (readonly) SecCDKeychainItemMetadata* metadata;
 122
 123 - (instancetype)init NS_UNAVAILABLE;
 124 - (instancetype)initItemType:(SecCDKeychainItemType*)itemType withPersistentID:(NSUUID*)persistentID attributes:(NSDictionary*)attributes lookupAttributes:(nullable NSArray<SecCDKeychainLookupTuple*>*)lookupAttributes secrets:(NSDictionary*)secrets owner:(SecCDKeychainAccessControlEntity*)owner keyclass:(keyclass_t)keyclass;
 125
 126 @end
 127
 128 @interface SecCDKeychainLookupTuple : NSObject
 129
 130 @property (readonly, copy) NSString* key;
 131 @property (readonly, copy) id<NSCopying, NSObject> value;
 132 @property (readonly, copy) SecCDKeychainLookupValueType* valueType;
 133 @property (readonly, copy) NSString* stringRepresentation;
 134
 135 + (instancetype)lookupTupleWithKey:(NSString*)key value:(id<NSCopying, NSObject>)value;
 136
 137 - (instancetype)init NS_UNAVAILABLE;
 138 - (instancetype)initWithKey:(NSString*)key value:(id<NSCopying, NSObject>)value;
 139
 140 @end
 141
 142 typedef NS_ENUM(NSInteger, SecCDKeychainAccessControlEntityType) {
 143     SecCDKeychainAccessControlEntityTypeAccessGroup = 0,
 144 };
 145
 146 @interface SecCDKeychainAccessControlEntity : NSObject
 147
 148 @property (nonatomic, readonly) SecCDKeychainAccessControlEntityType entityType;
 149 @property (nonatomic, readonly) NSString* stringRepresentation;
 150
 151 + (instancetype)accessControlEntityWithType:(SecCDKeychainAccessControlEntityType)type stringRepresentation:(NSString*)stringRepresentation;
 152
 153 - (instancetype)init NS_UNAVAILABLE;
 154
 155 @end
 156
 157 #if USE_KEYSTORE
 158
 159 @protocol SecAKSRefKey <NSObject>
 160
 161 @property (readonly) NSData* refKeyBlob;
 162
 163 - (instancetype)initWithKeybag:(keybag_handle_t)keybag keyclass:(keyclass_t)keyclass;
 164 - (instancetype)initWithBlob:(NSData*)blob keybag:(keybag_handle_t)keybag;
 165
 166 - (nullable NSData*)wrappedDataForKey:(SFAESKey*)key;
 167 - (nullable SFAESKey*)keyWithWrappedData:(NSData*)wrappedKeyData;
 168
 169 @end
 170
 171 @interface SecAKSRefKey : NSObject <SecAKSRefKey>
 172 @end
 173
 174 #endif // USE_KEYSTORE
 175
 176 NS_ASSUME_NONNULL_END
 177
 178 #endif // !TARGET_OS_BRIDGE