1/*
2 * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*!
25 @header SecKeybagSupport.h - The thing that does the stuff with the gibli.
26 */
27
28#ifndef _SECURITYD_SECKEYBAGSUPPORT_H_
29#define _SECURITYD_SECKEYBAGSUPPORT_H_
30
31#include <CoreFoundation/CoreFoundation.h>
32#include <utilities/SecAKSWrappers.h>
33
34#if TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_IPHONE_SIMULATOR)
35#define USE_KEYSTORE  1
36#elif TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR
37#define USE_KEYSTORE  1
38#else /* no keystore on this platform */
39#define USE_KEYSTORE  0
40#endif
41
42#if USE_KEYSTORE
43#include <Kernel/IOKit/crypto/AppleKeyStoreDefs.h>
44#endif /* USE_KEYSTORE */
45
46__BEGIN_DECLS
47
48// TODO: Get this out of this file
49#if USE_KEYSTORE
50typedef int32_t keyclass_t;
51#else
52
53/* TODO: this needs to be available in the sim! */
54typedef int32_t keyclass_t;
55typedef int32_t key_handle_t;
56enum key_classes {
57    key_class_ak = 6,
58    key_class_ck,
59    key_class_dk,
60    key_class_aku,
61    key_class_cku,
62    key_class_dku,
63    key_class_akpu
64};
65#endif /* !USE_KEYSTORE */
66
67enum SecKsCryptoOp {
68    kSecKsWrap = 10,
69    kSecKsUnwrap,
70    kSecKsDelete
71};
72
73
74/* KEYBAG_NONE is private to security and have special meaning.
75 They should not collide with AppleKeyStore constants, but are only referenced
76 in here.
77 */
78#define KEYBAG_NONE (-1)   /* Set q_keybag to KEYBAG_NONE to obtain cleartext data. */
79#define KEYBAG_DEVICE (g_keychain_keybag) /* actual keybag used to encrypt items */
80extern keybag_handle_t g_keychain_keybag;
81
82bool use_hwaes(void);
83bool ks_crypt(uint32_t operation, keybag_handle_t keybag,
84              keyclass_t keyclass, uint32_t textLength, const uint8_t *source, keyclass_t *actual_class,
85              CFMutableDataRef dest, CFErrorRef *error);
86#if USE_KEYSTORE
87bool ks_crypt_acl(uint32_t operation, keybag_handle_t keybag,
88                  keyclass_t keyclass, uint32_t textLength, const uint8_t *source,
89                  CFMutableDataRef dest, CFDataRef acl, CFDataRef acm_context, CFDataRef caller_access_groups,
90                  CFErrorRef *error);
91#endif
92bool ks_open_keybag(CFDataRef keybag, CFDataRef password, keybag_handle_t *handle, CFErrorRef *error);
93bool ks_close_keybag(keybag_handle_t keybag, CFErrorRef *error);
94
95__END_DECLS
96
97#endif /* _SECURITYD_SECKEYBAGSUPPORT_H_ */
98