Lines Matching defs:keybag
93 /* g_keychain_handle is the keybag handle used for encrypting item in the keychain.
105 void SecItemServerSetKeychainKeybag(int32_t keybag)
107 g_keychain_keybag=keybag;
128 #define KEYBAG_DEVICE (g_keychain_keybag) /* actual keybag used to encrypt items */
174 there is no system keybag. */
785 static bool ks_crypt(uint32_t selector, keybag_handle_t keybag,
791 kernResult = aks_wrap_key(source, textLength, keyclass, keybag, dest, (int*)dest_len);
793 kernResult = aks_unwrap_key(source, textLength, keyclass, keybag, dest, (int*)dest_len);
800 kernResult, (selector == kAppleKeyStoreKeyWrap ? "wrap" : "unwrap"), keyclass, keybag);
804 kernResult, (selector == kAppleKeyStoreKeyWrap ? "wrap" : "unwrap"), keyclass, keybag);
807 kernResult, (selector == kAppleKeyStoreKeyWrap ? "wrap" : "unwrap"), keyclass, keybag);
875 bool ks_encrypt_data(keybag_handle_t keybag,
879 //check(keybag >= 0);
906 require_quiet(ok = ks_crypt(kAppleKeyStoreKeyWrap, keybag, keyclass,
961 bool ks_decrypt_data(keybag_handle_t keybag,
972 check(keybag >= 0);
974 check((keybag >= 0) || (keybag == session_keybag_handle));
1038 /* Now unwrap the bulk key using a key in the keybag. */
1039 require_quiet(ok = ks_crypt(kAppleKeyStoreKeyUnwrap, keybag,
2660 /* Encode and encrypt the item to the specified keybag. */
2916 src_keybag is normally the backup keybag.
2917 dst_keybag is normally the device keybag.
2978 - Item in the actual backup are export with a real keybag, and are exported as encrypted v_Data and v_PersistentRef
3104 static bool ks_open_keybag(CFDataRef keybag, CFDataRef password, keybag_handle_t *handle, CFErrorRef *error) {
3107 kernResult = aks_load_bag(CFDataGetBytePtr(keybag), (int)CFDataGetLength(keybag), handle);
3109 return SecKernError(kernResult, error, CFSTR("aks_load_bag failed: %@"), keybag);
3125 static bool ks_close_keybag(keybag_handle_t keybag, CFErrorRef *error) {
3127 IOReturn kernResult = aks_unload_bag(keybag);
3135 static CF_RETURNS_RETAINED CFDataRef SecServerKeychainBackup(SecDbConnectionRef dbt, CFDataRef keybag,
3139 if (ks_open_keybag(keybag, password, &backup_keybag, error)) {
3140 /* Export from system keybag to backup keybag. */
3150 CFDataRef keybag, CFDataRef password, CFErrorRef *error) {
3152 if (!ks_open_keybag(keybag, password, &backup_keybag, error))
3155 /* Import from backup keybag to system keybag. */
3602 _SecServerKeychainBackup(CFDataRef keybag, CFDataRef passcode, CFErrorRef *error) {
3609 if (keybag == NULL && passcode == NULL) {
3617 backup = SecServerKeychainBackup(dbt, keybag, passcode, error);
3626 _SecServerKeychainRestore(CFDataRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error) {
3627 if (backup == NULL || keybag == NULL)
3628 return SecError(errSecParam, error, CFSTR("backup or keybag missing"));
3632 ok = SecServerKeychainRestore(dbconn, backup, keybag, passcode, error);
4288 _SecServerCopyTruthInTheCloud(CFDataRef keybag, CFDataRef password,
4295 if (!ks_open_keybag(keybag, password, &bag_handle, error))
4358 _SecServerRestoreTruthInTheCloud(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in, CFErrorRef *error) {
4361 if (!ks_open_keybag(keybag, password, &bag_handle, error))
4419 _SecServerBackupSyncable(CFDictionaryRef backup, CFDataRef keybag, CFDataRef password, CFErrorRef *error) {
4420 require_action_quiet(isData(keybag), errOut, SecError(errSecParam, error, CFSTR("keybag %@ not a data"), keybag));
4424 return _SecServerCopyTruthInTheCloud(keybag, password, backup, error);
4431 _SecServerRestoreSyncable(CFDictionaryRef backup, CFDataRef keybag, CFDataRef password, CFErrorRef *error) {
4433 require_action_quiet(isData(keybag), errOut, ok = SecError(errSecParam, error, CFSTR("keybag %@ not a data"), keybag));
4439 ok = _SecServerRestoreTruthInTheCloud(keybag, password, backup, error);