SecKeybagSupport.h [plain text]
#ifndef _SECURITYD_SECKEYBAGSUPPORT_H_
#define _SECURITYD_SECKEYBAGSUPPORT_H_
#include <CoreFoundation/CoreFoundation.h>
#include <utilities/SecAKSWrappers.h>
#include <libaks_acl_cf_keys.h>
#ifndef USE_KEYSTORE
#define USE_KEYSTORE TARGET_HAS_KEYSTORE
#endif
#if USE_KEYSTORE
#include <Kernel/IOKit/crypto/AppleKeyStoreDefs.h>
#include <Security/SecAccessControlPriv.h>
#endif
__BEGIN_DECLS
#if !USE_KEYSTORE
typedef int32_t keyclass_t;
typedef int32_t key_handle_t;
enum key_classes {
key_class_ak = 6,
key_class_ck,
key_class_dk,
key_class_aku,
key_class_cku,
key_class_dku,
key_class_akpu
};
#endif
#define KEYBAG_NONE (-1)
#define KEYBAG_DEVICE (g_keychain_keybag)
extern keybag_handle_t g_keychain_keybag;
bool use_hwaes(void);
bool ks_crypt(CFTypeRef operation, keybag_handle_t keybag,
keyclass_t keyclass, uint32_t textLength, const uint8_t *source, keyclass_t *actual_class,
CFMutableDataRef dest, CFErrorRef *error);
#if USE_KEYSTORE
bool ks_encrypt_acl(keybag_handle_t keybag, keyclass_t keyclass, uint32_t textLength, const uint8_t *source,
CFMutableDataRef dest, CFDataRef auth_data, CFDataRef acm_context,
SecAccessControlRef access_control, CFErrorRef *error);
bool ks_decrypt_acl(aks_ref_key_t ref_key, CFDataRef encrypted_data, CFMutableDataRef dest,
CFDataRef acm_context, CFDataRef caller_access_groups,
SecAccessControlRef access_control, CFErrorRef *error);
bool ks_delete_acl(aks_ref_key_t ref_key, CFDataRef encrypted_data,
CFDataRef acm_context, CFDataRef caller_access_groups,
SecAccessControlRef access_control, CFErrorRef *error);
const void* ks_ref_key_get_external_data(keybag_handle_t keybag, CFDataRef key_data,
aks_ref_key_t *ref_key, size_t *external_data_len, CFErrorRef *error);
bool ks_separate_data_and_key(CFDictionaryRef blob_dict, CFDataRef *ed_data, CFDataRef *key_data);
#endif
bool ks_open_keybag(CFDataRef keybag, CFDataRef password, keybag_handle_t *handle, CFErrorRef *error);
bool ks_close_keybag(keybag_handle_t keybag, CFErrorRef *error);
__END_DECLS
#endif