keychain/securityd/SecDbBackupManager.h

   1 /*
   2  * Copyright (c) 2018 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 // For now at least, we'll support backups only on iOS and macOS
  25 #define SECDB_BACKUPS_ENABLED ((TARGET_OS_OSX || TARGET_OS_IOS || TARGET_OS_MACCATALYST) && !TARGET_OS_SIMULATOR && !TARGET_DARWINOS)
  26
  27 #if __OBJC2__
  28 #import <Foundation/Foundation.h>
  29 #import <SecurityFoundation/SFKey.h>
  30 #import "SecAKSObjCWrappers.h"
  31 #import "CheckV12DevEnabled.h"
  32
  33 NS_ASSUME_NONNULL_BEGIN
  34
  35 typedef NS_ENUM(NSInteger, SecDbBackupRecoveryType) {
  36     SecDbBackupRecoveryTypeInvalid = -1,
  37     SecDbBackupRecoveryTypeAKS = 1,
  38     SecDbBackupRecoveryTypeCylon = 2,
  39     SecDbBackupRecoveryTypeRecoveryKey = 3,
  40 };
  41
  42 extern NSString* const KeychainBackupsErrorDomain;
  43
  44 typedef NS_ENUM(NSInteger, SecDbBackupErrorCode) {
  45     SecDbBackupUnknownError = -1,
  46     SecDbBackupSuccess = 0,
  47     SecDbBackupAKSFailure,
  48     SecDbBackupCryptoFailure,
  49     SecDbBackupWriteFailure,
  50     SecDbBackupDeserializationFailure,
  51     SecDbBackupSetupFailure,
  52     SecDbBackupNoBackupBagFound,
  53     SecDbBackupNoKCSKFound,
  54     SecDbBackupDuplicateBagFound,
  55     SecDbBackupMultipleDefaultBagsFound,
  56     SecDbBackupMalformedBagDataOnDisk,
  57     SecDbBackupMalformedKCSKDataOnDisk,
  58     SecDbBackupMalformedUUIDDataOnDisk,
  59     SecDbBackupUUIDMismatch,
  60     SecDbBackupDataMismatch,
  61     SecDbBackupUnknownOption,
  62     SecDbBackupKeychainLocked,
  63     SecDbBackupInvalidArgument,
  64     SecDbBackupNotSupported,
  65     SecDbBackupInternalError,
  66
  67     SecDbBackupTestCodeFailure = 255,     // support code for testing is falling over somehow
  68 };
  69
  70 @interface SecDbBackupWrappedKey : NSObject <NSSecureCoding>
  71 @property (nonatomic) NSData* wrappedKey;
  72 @property (nonatomic) NSData* baguuid;
  73 @end
  74
  75 @interface SecDbBackupManager : NSObject
  76
  77 // Nullable to make analyzer not complain in the case where the stub returns nil
  78 + (instancetype _Nullable)manager;
  79 - (instancetype)init NS_UNAVAILABLE;
  80
  81 - (NSData* _Nullable)currentBackupBagUUID;
  82 - (SecDbBackupWrappedKey* _Nullable)wrapItemKey:(SFAESKey*)key forKeyclass:(keyclass_t)keyclass error:(NSError**)error;
  83 - (SecDbBackupWrappedKey* _Nullable)wrapMetadataKey:(SFAESKey*)key forKeyclass:(keyclass_t)keyclass error:(NSError**)error;
  84 - (void)verifyBackupIntegrity:(bool)lightweight
  85                    completion:(void (^)(NSDictionary<NSString*, NSString*>* results, NSError* _Nullable error))completion;
  86
  87 @end
  88
  89 NS_ASSUME_NONNULL_END
  90 #endif      // __OBJC2__
  91
  92 // Declare C functions here
  93
  94 bool SecDbBackupCreateOrLoadBackupInfrastructure(CFErrorRef _Nullable * _Nonnull error);
  95 void SecDbResetBackupManager(void);     // For testing. Here so SecKeychainDbReset can use it.