]> git.saurik.com Git - apple/security.git/blob - sec/securityd/keystore.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55179.13.tar.gz
[apple/security.git] / sec / securityd / keystore.h
1 /*
2 * Copyright (c) 2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header keystore
26 The functions provided in keystore.h provide an interface to
27 the AppleKeyStore kext.
28 */
29
30 #ifndef _SECURITYD_KEYSTORE_H_
31 #define _SECURITYD_KEYSTORE_H_
32
33 #include <IOKit/IOKitLib.h>
34
35 #ifdef __cplusplus
36 /*
37 * ks objects are NOT C++ objects. Nevertheless, we can at least keep C++
38 * aware of type compatibility.
39 */
40 typedef struct ks_object_s {
41 private:
42 ks_object_s();
43 ~ks_object_s();
44 ks_object_s(const ks_object_s &);
45 void operator=(const ks_object_s &);
46 } *ks_object_t;
47 #else
48 typedef union {
49 struct ks_object_s *_kso;
50 struct ks_key_s *_ksk;
51 struct ks_buffer_s *_ksb;
52 struct ks_stream_s *_kss;
53 } ks_object_t __attribute__((transparent_union));
54 #endif
55
56 #ifdef __cplusplus
57 #define KS_DECL(name) typedef struct name##_s : public ks_object_s {} *name##_t;
58 #else
59 /*! @parseOnly */
60 #define KS_DECL(name) typedef struct name##_s *name##_t;
61 #endif
62
63 KS_DECL(ks_buffer);
64 KS_DECL(ks_key);
65 KS_DECL(ks_stream);
66
67 #if defined(__cplusplus)
68 extern "C" {
69 #endif
70
71 enum {
72 KS_KEY_SIZE_128 = 16,
73 KS_KEY_SIZE_192 = 24,
74 KS_KEY_SIZE_256 = 32,
75 };
76
77 ks_key_t ks_generate_key(long size);
78 void ks_encrypt(ks_key_t key, ks_object_t data_in, ks_object_t data_out);
79 void ks_decrypt(ks_key_t key, ks_object_t data_in, ks_object_t data_out);
80
81 ks_buffer_t ks_buffer(size_t capacity);
82 size_t ks_get_length(ks_buffer_t buffer);
83 void ks_set_length(ks_buffer_t buffer, size_t length);
84 uint8_t *ks_bytes(ks_buffer_t buffer);
85 ks_buffer_t ks_append(size_t capacity);
86
87
88 /* TODO: Move to iokitutils or something since this is generic. */
89 io_connect_t ks_connect_to_service(const char *className);
90
91 io_connect_t ks_get_connect(void);
92
93
94 /*!
95 @function ks_available
96 @abstract Check if the AppleKeyStore.kext is available, you must call
97 this function before using any other library function.
98 @result true, unless for some reason ks isn't available then false.
99 */
100 bool ks_available(void);
101
102 /*!
103 @function ks_free
104 @abstract free something allocated by a ks_ function.
105 @param ks_object buffer allocated by the
106 */
107 void ks_free(ks_object_t ks_object);
108
109 /*!
110 @function ks_unwrap
111 @abstract unwrap a key using the specified keyclass.
112 @param keybag the keybag handle containing the class key which will be
113 doing the wrapping.
114 @param keyclass handle for the wrapping key.
115 @param bufferSize number of bytes available in array pointed to by buffer
116 @param buffer pointer to a buffer.
117 @param wrappedKeySize (output) size of the wrappedKey if it had been
118 written to buffer.
119 @param error (optional) pointer to a CFErrorRef who's value will only be
120 changed if it is NULL, in which case the caller is responsible for
121 calling CFRelease on it.
122 @result Returns pointer to the wrappedKey, or
123 NULL if an error occured. Pass in a pointer to a CFErrorRef who's value
124 is NULL to obtain an error object.
125 @discussion If and only if NULL is passed for the buffer parameter, this
126 function will allocate a buffer to which it writes the wrappedKey.
127 */
128 uint8_t *ks_unwrap(uint64_t keybag, uint64_t keyclass,
129 const uint8_t *wrappedKey, size_t wrappedKeySize,
130 uint8_t *buffer, size_t bufferSize, size_t *keySize);
131
132 /*!
133 @function ks_wrap
134 @abstract wrap a 128 bit (16 byte), 192 bit (24 byte) or 256 bit (32 byte)
135 key using the specified keyclass.
136 @param keybag the keybag handle containing the class key which will be
137 doing the wrapping.
138 @param keyclass handle for the wrapping key.
139 @param bufferSize number of bytes available in array pointed to by buffer
140 @param buffer pointer to a buffer.
141 @param wrappedKeySize (output) size of the wrappedKey if it had been
142 written to buffer.
143 @param error (optional) pointer to a CFErrorRef who's value will only be
144 changed if it is NULL, in which case the caller is responsible for
145 calling CFRelease on it.
146 @result Returns pointer to the wrappedKey, or
147 NULL if an error occured. Pass in a pointer to a CFErrorRef who's value
148 is NULL to obtain an error object.
149 @discussion If and only if NULL is passed for the buffer parameter, this
150 function will allocate a buffer to which it writes the wrappedKey.
151 */
152 uint8_t *ks_wrap(uint64_t keybag, uint64_t keyclass,
153 const uint8_t *key, size_t keyByteSize,
154 uint8_t *buffer, size_t bufferSize, size_t *wrappedKeySize);
155
156 #if defined(__cplusplus)
157 }
158 #endif
159
160 #endif /* _SECURITYD_KEYSTORE_H_ */
mirror of Security