#include <Security/SecItemBackup.h>
#include <Security/SecItemPriv.h>
#include <Security/SecuritydXPC.h>
#include <Security/SecFramework.h>
#include <securityd/SecItemServer.h>
#include <ipc/securityd_client.h>
#include <Security/SecureObjectSync/SOSBackupEvent.h>
#include <Security/SecureObjectSync/SOSCloudCircle.h>
#include <Security/SecureObjectSync/SOSViews.h>
#include <corecrypto/ccsha1.h>
#include <utilities/SecCFError.h>
#include <utilities/SecCFRelease.h>
#include <utilities/SecCFCCWrappers.h>
#include <utilities/array_size.h>
#include <utilities/der_plist.h>
#include <utilities/der_plist_internal.h>
#include <AssertMacros.h>
#include <os/activity.h>
#include <notify.h>
#include <sys/stat.h>
static CFDataRef client_data_data_bool_to_data_error_request(enum SecXPCOperation op, SecurityClient *client, CFDataRef keybag, CFDataRef passcode, bool emcs, CFErrorRef *error) {
__block CFDataRef result = NULL;
securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetDataOptional(message, kSecXPCKeyKeybag, keybag, error)
&& SecXPCDictionarySetDataOptional(message, kSecXPCKeyUserPassword, passcode, error)
&& SecXPCDictionarySetBool(message, kSecXPCKeyEMCSBackup, emcs, NULL);
}, ^bool(xpc_object_t response, CFErrorRef *error) {
return (result = SecXPCDictionaryCopyData(response, kSecXPCKeyResult, error));
});
return result;
}
static bool data_client_data_data_to_error_request(enum SecXPCOperation op, CFDataRef backup, SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error) {
return securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetData(message, kSecXPCKeyBackup, backup, error)
&& SecXPCDictionarySetData(message, kSecXPCKeyKeybag, keybag, error)
&& SecXPCDictionarySetDataOptional(message, kSecXPCKeyUserPassword, passcode, error);
} , NULL);
}
static bool dict_data_data_to_error_request(enum SecXPCOperation op, CFDictionaryRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error) {
return securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetPList(message, kSecXPCKeyBackup, backup, error)
&& SecXPCDictionarySetData(message, kSecXPCKeyKeybag, keybag, error)
&& SecXPCDictionarySetDataOptional(message, kSecXPCKeyUserPassword, passcode, error);
} , NULL);
}
static CFDictionaryRef data_data_dict_to_dict_error_request(enum SecXPCOperation op, CFDictionaryRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error) {
__block CFDictionaryRef dict = NULL;
securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetPListOptional(message, kSecXPCKeyBackup, backup, error)
&& SecXPCDictionarySetData(message, kSecXPCKeyKeybag, keybag, error)
&& SecXPCDictionarySetDataOptional(message, kSecXPCKeyUserPassword, passcode, error);
}, ^bool(xpc_object_t response, CFErrorRef *error) {
return (dict = SecXPCDictionaryCopyDictionary(response, kSecXPCKeyResult, error));
});
return dict;
}
static int string_to_fd_error_request(enum SecXPCOperation op, CFStringRef backupName, CFErrorRef *error) {
__block int fd = -1;
securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetString(message, kSecXPCKeyBackup, backupName, error);
}, ^bool(xpc_object_t response, CFErrorRef *error) {
fd = SecXPCDictionaryDupFileDescriptor(response, kSecXPCKeyResult, error);
return true;
});
return fd;
}
static bool string_data_data_to_bool_error_request(enum SecXPCOperation op, CFStringRef backupName, CFDataRef keybagDigest, CFDataRef manifest, CFErrorRef *error)
{
return securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetString(message, kSecXPCKeyBackup, backupName, error) &&
SecXPCDictionarySetDataOptional(message, kSecXPCKeyKeybag, keybagDigest, error) &&
SecXPCDictionarySetDataOptional(message, kSecXPCData, manifest, error);
}, ^bool(xpc_object_t response, __unused CFErrorRef *error) {
return xpc_dictionary_get_bool(response, kSecXPCKeyResult);
});
}
static bool string_string_data_data_data_to_bool_error_request(enum SecXPCOperation op, CFStringRef backupName, CFStringRef peerID, CFDataRef keybag, CFDataRef secret, CFDataRef backup, CFErrorRef *error)
{
return securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetString(message, kSecXPCKeyBackup, backupName, error) &&
SecXPCDictionarySetStringOptional(message, kSecXPCKeyDigest, peerID, error) &&
SecXPCDictionarySetData(message, kSecXPCKeyKeybag, keybag, error) &&
SecXPCDictionarySetData(message, kSecXPCKeyUserPassword, secret, error) &&
SecXPCDictionarySetData(message, kSecXPCData, backup, error);
}, ^bool(xpc_object_t response, __unused CFErrorRef *error) {
return xpc_dictionary_get_bool(response, kSecXPCKeyResult);
});
}
static CFArrayRef to_array_error_request(enum SecXPCOperation op, CFErrorRef *error)
{
__block CFArrayRef result = NULL;
securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return true;
}, ^bool(xpc_object_t response, CFErrorRef *error) {
return result = SecXPCDictionaryCopyArray(response, kSecXPCKeyResult, error);
});
return result;
}
static int SecItemBackupHandoffFD(CFStringRef backupName, CFErrorRef *error) {
__block int fileDesc = -1;
os_activity_initiate("SecItemBackupHandoffFD", OS_ACTIVITY_FLAG_DEFAULT, ^{
fileDesc = SECURITYD_XPC(sec_item_backup_handoff_fd, string_to_fd_error_request, backupName, error);
});
return fileDesc;
}
CFDataRef _SecKeychainCopyOTABackup(void) {
__block CFDataRef result;
os_activity_initiate("_SecKeychainCopyOTABackup", OS_ACTIVITY_FLAG_DEFAULT, ^{
result = SECURITYD_XPC(sec_keychain_backup, client_data_data_bool_to_data_error_request, SecSecurityClientGet(), NULL, NULL, false, NULL);
});
return result;
}
CFDataRef _SecKeychainCopyBackup(CFDataRef backupKeybag, CFDataRef password) {
__block CFDataRef result;
os_activity_initiate("_SecKeychainCopyBackup", OS_ACTIVITY_FLAG_DEFAULT, ^{
result = SECURITYD_XPC(sec_keychain_backup, client_data_data_bool_to_data_error_request, SecSecurityClientGet(), backupKeybag, password, false, NULL);
});
return result;
}
CFDataRef _SecKeychainCopyEMCSBackup(CFDataRef backupKeybag) {
__block CFDataRef result;
os_activity_initiate("_SecKeychainCopyEMCSBackup", OS_ACTIVITY_FLAG_DEFAULT, ^{
result = SECURITYD_XPC(sec_keychain_backup, client_data_data_bool_to_data_error_request, SecSecurityClientGet(), backupKeybag, NULL, true, NULL);
});
return result;
}
bool _SecKeychainWriteBackupToFileDescriptor(CFDataRef backupKeybag, CFDataRef password, int fd, CFErrorRef *error) {
__block bool result = false;
os_activity_initiate("_SecKeychainWriteBackupToFile", OS_ACTIVITY_FLAG_DEFAULT, ^{
securityd_send_sync_and_do(sec_keychain_backup_id, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetDataOptional(message, kSecXPCKeyKeybag, backupKeybag, error)
&& SecXPCDictionarySetDataOptional(message, kSecXPCKeyUserPassword, password, error)
&& SecXPCDictionarySetFileDescriptor(message, kSecXPCKeyFileDescriptor, fd, error);
}, ^bool(xpc_object_t response, CFErrorRef *error) {
return (result = SecXPCDictionaryGetBool(response, kSecXPCKeyResult, error));
});
});
return result;
}
bool
_SecKeychainRestoreBackupFromFileDescriptor(int fd, CFDataRef backupKeybag, CFDataRef password, CFErrorRef *error)
{
__block bool result;
os_activity_initiate("_SecKeychainRestoreBackup", OS_ACTIVITY_FLAG_DEFAULT, ^{
securityd_send_sync_and_do(sec_keychain_restore_id, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetFileDescriptor(message, kSecXPCKeyFileDescriptor, fd, error)
&& SecXPCDictionarySetData(message, kSecXPCKeyKeybag, backupKeybag, error)
&& SecXPCDictionarySetDataOptional(message, kSecXPCKeyUserPassword, password, error);
}, ^bool(xpc_object_t response, CFErrorRef *error) {
return (result = SecXPCDictionaryGetBool(response, kSecXPCKeyResult, error));
});
});
return result;
}
CFStringRef
_SecKeychainCopyKeybagUUIDFromFileDescriptor(int fd, CFErrorRef *error)
{
__block CFStringRef result = NULL;
os_activity_initiate("_SecKeychainCopyKeybagUUID", OS_ACTIVITY_FLAG_DEFAULT, ^{
securityd_send_sync_and_do(sec_keychain_backup_keybag_uuid_id, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetFileDescriptor(message, kSecXPCKeyFileDescriptor, fd, error);
}, ^bool(xpc_object_t response, CFErrorRef *error) {
return (result = SecXPCDictionaryCopyString(response, kSecXPCKeyResult, error));
});
});
return result;
}
OSStatus _SecKeychainRestoreBackup(CFDataRef backup, CFDataRef backupKeybag,
CFDataRef password) {
__block OSStatus result;
os_activity_initiate("_SecKeychainRestoreBackup", OS_ACTIVITY_FLAG_DEFAULT, ^{
result = SecOSStatusWith(^bool (CFErrorRef *error) {
return SECURITYD_XPC(sec_keychain_restore, data_client_data_data_to_error_request, backup, SecSecurityClientGet(), backupKeybag, password, error);
});
});
return result;
}
static int compareDigests(const void *l, const void *r) {
return memcmp(l, r, CCSHA1_OUTPUT_SIZE);
}
CFDataRef SecItemBackupCreateManifest(CFDictionaryRef backup, CFErrorRef *error)
{
CFIndex count = backup ? CFDictionaryGetCount(backup) : 0;
CFMutableDataRef manifest = CFDataCreateMutable(kCFAllocatorDefault, CCSHA1_OUTPUT_SIZE * count);
if (backup) {
CFDictionaryForEach(backup, ^void (const void *key, const void *value) {
if (isDictionary(value)) {
CFDataRef sha1 = CFDictionaryGetValue(value, kSecItemBackupHashKey);
if (isData(sha1) && CFDataGetLength(sha1) == CCSHA1_OUTPUT_SIZE) {
CFDataAppend(manifest, sha1);
} else {
CFStringRef sha1Hex = CFDataCopyHexString(sha1);
secerror("bad hash %@ in backup", sha1Hex);
CFReleaseSafe(sha1Hex);
}
}
});
qsort(CFDataGetMutableBytePtr(manifest), CFDataGetLength(manifest) / CCSHA1_OUTPUT_SIZE, CCSHA1_OUTPUT_SIZE, compareDigests);
}
return manifest;
}
OSStatus _SecKeychainBackupSyncable(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in, CFDictionaryRef *backup_out)
{
return SecOSStatusWith(^bool (CFErrorRef *error) {
*backup_out = SECURITYD_XPC(sec_keychain_backup_syncable, data_data_dict_to_dict_error_request, backup_in, keybag, password, error);
return *backup_out != NULL;
});
}
OSStatus _SecKeychainRestoreSyncable(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in)
{
__block OSStatus result;
os_activity_initiate("_SecKeychainRestoreSyncable", OS_ACTIVITY_FLAG_DEFAULT, ^{
result = SecOSStatusWith(^bool (CFErrorRef *error) {
return SECURITYD_XPC(sec_keychain_restore_syncable, dict_data_data_to_error_request, backup_in, keybag, password, error);
});
});
return result;
}
static bool SecKeychainWithBackupFile(CFStringRef backupName, CFErrorRef *error, void(^with)(FILE *bufile)) {
int fd = SecItemBackupHandoffFD(backupName, error);
if (fd < 0) {
secdebug("backup", "SecItemBackupHandoffFD returned %d", fd);
return false;
}
if (lseek(fd, 0, SEEK_SET)) {
secdebug("backup", "Could not seek in fd %d for %@", fd, backupName);
return SecCheckErrno(true, error, CFSTR("lseek"));
}
FILE *backup = fdopen(fd, "r");
if (!backup) {
secdebug("backup", "Receiving file for %@ failed, %d", backupName, errno);
SecCheckErrno(!backup, error, CFSTR("fdopen"));
if (close(fd)) {
secdebug("backup", "Encountered error closing file %@: %d", backupName, errno);
SecCheckErrno(true, error, CFSTR("close"));
}
return false;
} else {
struct stat sb;
if (fstat(fd, &sb)) {
secdebug("backup", "Unable to get file metadata for %@, fd %d", backupName, fd);
SecCheckErrno(true, error, CFSTR("fstat"));
if (fclose(backup)) {
secdebug("backup", "Encountered error closing file %@: %d", backupName, errno);
SecCheckErrno(true, error, CFSTR("fclose"));
}
return false;
}
secdebug("backup", "Receiving file for %@ with fd %d of size %llu", backupName, fd, sb.st_size);
}
with(backup);
if (fclose(backup)) {
secdebug("backup", "Encountered error %d closing file %@ after backup handler", errno, backupName);
SecCheckErrno(true, error, CFSTR("fclose"));
}
return true;
}
static CFArrayRef SecItemBackupCopyNames(CFErrorRef *error)
{
__block CFArrayRef result;
os_activity_initiate("SecItemBackupCopyNames", OS_ACTIVITY_FLAG_DEFAULT, ^{
result = SECURITYD_XPC(sec_item_backup_copy_names, to_array_error_request, error);
});
return result;
}
bool SecItemBackupWithRegisteredBackups(CFErrorRef *error, void(^backup)(CFStringRef backupName)) {
CFArrayRef backupNames = SecItemBackupCopyNames(error);
if (!backupNames) return false;
CFStringRef name;
CFArrayForEachC(backupNames, name) {
backup(name);
}
CFRelease(backupNames);
return true;
}
static bool SecItemBackupDoResetEventBody(const uint8_t *der, const uint8_t *der_end, CFErrorRef *error, void (^handleEvent)(SecBackupEventType et, CFTypeRef key, CFTypeRef item)) {
size_t sequence_len;
const uint8_t *sequence_body = ccder_decode_len(&sequence_len, der, der_end);
bool ok = sequence_body;
if (ok && sequence_body + sequence_len != der_end) {
SecError(errSecDecode, error, CFSTR("trailing junk after reset"));
ok = false;
}
if (ok) {
CFDataRef keybag = NULL;
if (sequence_body != der_end) {
size_t keybag_len = 0;
const uint8_t *keybag_start = ccder_decode_tl(CCDER_OCTET_STRING, &keybag_len, sequence_body, der_end);
if (!keybag_start) {
ok = SecError(errSecDecode, error, CFSTR("failed to decode keybag"));
} else if (keybag_start + keybag_len != der_end) {
ok = SecError(errSecDecode, error, CFSTR("trailing junk after keybag"));
} else {
keybag = CFDataCreate(kCFAllocatorDefault, keybag_start, keybag_len);
}
}
handleEvent(kSecBackupEventReset, keybag, NULL);
CFReleaseSafe(keybag);
}
return ok;
}
static bool SecItemBackupDoAddEvent(const uint8_t *der, const uint8_t *der_end, CFErrorRef *error, void (^handleEvent)(SecBackupEventType et, CFTypeRef key, CFTypeRef item)) {
CFDictionaryRef eventDict = NULL;
const uint8_t *der_end_of_dict = der_decode_dictionary(kCFAllocatorDefault, kCFPropertyListImmutable, &eventDict, error, der, der_end);
if (der_end_of_dict && der_end_of_dict != der_end) {
SecError(errSecDecode, error, CFSTR("trailing junk after add"));
der_end_of_dict = NULL;
}
if (der_end_of_dict) {
CFDataRef hash = CFDictionaryGetValue(eventDict, kSecItemBackupHashKey);
handleEvent(kSecBackupEventAdd, hash, eventDict);
}
CFReleaseSafe(eventDict);
return der_end_of_dict;
}
static bool SecItemBackupDoCompleteEvent(const uint8_t *der, const uint8_t *der_end, CFErrorRef *error, void (^handleEvent)(SecBackupEventType et, CFTypeRef key, CFTypeRef item)) {
uint64_t event_num = 0;
const uint8_t *der_end_of_num = ccder_decode_uint64(&event_num, der, der_end);
if (der_end_of_num && der_end_of_num != der_end) {
SecError(errSecDecode, error, CFSTR("trailing junk after complete"));
der_end_of_num = NULL;
}
if (der_end_of_num) {
handleEvent(kSecBackupEventComplete, NULL, NULL);
}
return der_end_of_num;
}
static bool SecItemBackupDoDeleteEventBody(const uint8_t *der, const uint8_t *der_end, CFErrorRef *error, void (^handleEvent)(SecBackupEventType et, CFTypeRef key, CFTypeRef item)) {
size_t digest_len = 0;
const uint8_t *digest_start = ccder_decode_len(&digest_len, der, der_end);
if (digest_start && digest_start + digest_len != der_end) {
SecError(errSecDecode, error, CFSTR("trailing junk after delete"));
digest_start = NULL;
}
if (digest_start) {
CFDataRef hash = CFDataCreate(kCFAllocatorDefault, digest_start, digest_len);
handleEvent(kSecBackupEventRemove, hash, NULL);
CFRelease(hash);
}
return digest_start;
}
static void debugDisplayBackupEventTag(ccder_tag tag) {
#if !defined(NDEBUG)
const char *eventDesc;
switch (tag) {
case CCDER_CONSTRUCTED_SEQUENCE: eventDesc = "ResetEvent"; break;
case CCDER_CONSTRUCTED_SET: eventDesc = "AddEvent"; break;
case CCDER_INTEGER: eventDesc = "ResetEvent"; break;
case CCDER_OCTET_STRING: eventDesc = "DeleteEvent"; break;
default: eventDesc = "UnknownEvent"; break;
}
secdebug("backup", "processing event %s (tag %08lX)", eventDesc, tag);
#endif
}
static bool SecItemBackupDoEvent(const uint8_t *der, const uint8_t *der_end, CFErrorRef *error, void (^handleEvent)(SecBackupEventType et, CFTypeRef key, CFTypeRef item)) {
ccder_tag tag;
const uint8_t *der_start_of_len = ccder_decode_tag(&tag, der, der_end);
debugDisplayBackupEventTag(tag);
switch (tag) {
case CCDER_CONSTRUCTED_SEQUENCE:
return SecItemBackupDoResetEventBody(der_start_of_len, der_end, error, handleEvent);
case CCDER_CONSTRUCTED_SET:
return SecItemBackupDoAddEvent(der, der_end, error, handleEvent);
case CCDER_INTEGER:
return SecItemBackupDoCompleteEvent(der, der_end, error, handleEvent);
case CCDER_OCTET_STRING:
return SecItemBackupDoDeleteEventBody(der_start_of_len, der_end, error, handleEvent);
default:
return SecError(errSecDecode, error, CFSTR("unsupported event tag: %lu"), tag);
}
}
static const uint8_t *ccder_decode_len_unchecked(size_t *lenp, const uint8_t *der, const uint8_t *der_end) {
if (der && der < der_end) {
size_t len = *der++;
if (len < 0x80) {
} else if (len == 0x81) {
if (der_end - der < 1) goto errOut;
len = *der++;
} else if (len == 0x82) {
if (der_end - der < 2) goto errOut;
len = *(der++) << 8;
len += *der++;
} else if (len == 0x83) {
if (der_end - der < 3) goto errOut;
len = *(der++) << 16;
len += *(der++) << 8;
len += *(der++);
} else {
goto errOut;
}
*lenp = len;
return der;
}
errOut:
return NULL;
}
static bool SecKeychainWithBackupFileParse(FILE *backup, CFErrorRef *error, void (^handleEvent)(SecBackupEventType et, CFTypeRef key, CFTypeRef item)) {
__block bool ok = true;
size_t buf_remaining = 0;
const size_t read_ahead = 16;
size_t buf_len = read_ahead;
uint8_t *buf = malloc(buf_len);
for (;;) {
const size_t bytes_read = fread(buf + buf_remaining, 1, read_ahead - buf_remaining, backup);
if (bytes_read <= 0) {
if (!feof(backup))
ok = SecCheckErrno(true, error, CFSTR("read backup event header"));
else if (!buf_remaining) {
}
break;
}
const size_t buf_avail = bytes_read + buf_remaining;
const uint8_t *der = buf;
const uint8_t *der_end = der + buf_avail;
ccder_tag tag;
size_t body_len;
der = ccder_decode_tag(&tag, der, der_end);
der = ccder_decode_len_unchecked(&body_len, der, der_end);
if (!der) {
ok = SecError(errSecDecode, error, CFSTR("failed to decode backup event header"));
break;
}
const size_t decoded_len = der - buf;
size_t event_len = decoded_len + body_len;
if (event_len > buf_avail) {
if (buf_len < event_len) {
uint8_t *new_buf = realloc(buf, event_len);
if (!new_buf) {
ok = SecError(errSecAllocate, error, CFSTR("realloc buf failed"));
break;
}
buf = new_buf;
buf_len = event_len;
}
const size_t tail_len = fread(buf + buf_avail, 1, event_len - buf_avail, backup);
if (tail_len < event_len - buf_avail) {
if (!feof(backup)) {
ok = SecCheckErrno(true, error, CFSTR("failed to read event body"));
} else {
ok = SecError(errSecDecode, error, CFSTR("unexpected end of event file %zu of %zu bytes read"), tail_len, event_len - buf_avail);
}
break;
}
}
der_end = buf + event_len;
ok &= SecItemBackupDoEvent(buf, der_end, error, handleEvent);
if (event_len < buf_avail) {
buf_remaining = buf_avail - event_len;
memmove(buf, der_end, buf_remaining);
} else {
buf_remaining = 0;
}
}
free(buf);
return ok;
}
bool SecItemBackupWithChanges(CFStringRef backupName, CFErrorRef *error, void (^handleEvent)(SecBackupEventType et, CFTypeRef key, CFTypeRef item)) {
__block bool ok = true;
__block CFErrorRef localError = NULL;
ok &= SecKeychainWithBackupFile(backupName, &localError, ^(FILE *backup) {
ok &= SecKeychainWithBackupFileParse(backup, &localError, handleEvent);
});
if (!ok) { secdebug("backup", "SecItemBackupWithChanges failed: %@", localError);
handleEvent(kSecBackupEventComplete, NULL, NULL);
CFErrorPropagate(localError, error);
}
return ok;
}
bool SecItemBackupSetConfirmedManifest(CFStringRef backupName, CFDataRef keybagDigest, CFDataRef manifest, CFErrorRef *error) {
__block bool result;
os_activity_initiate("SecItemBackupSetConfirmedManifest", OS_ACTIVITY_FLAG_DEFAULT, ^{
result = SECURITYD_XPC(sec_item_backup_set_confirmed_manifest, string_data_data_to_bool_error_request, backupName, keybagDigest, manifest, error);
});
return result;
}
void SecItemBackupRestore(CFStringRef backupName, CFStringRef peerID, CFDataRef keybag, CFDataRef secret, CFTypeRef backup, void (^completion)(CFErrorRef error)) {
__block CFErrorRef localError = NULL;
os_activity_initiate("SecItemBackupRestore", OS_ACTIVITY_FLAG_DEFAULT, ^{
SECURITYD_XPC(sec_item_backup_restore, string_string_data_data_data_to_bool_error_request, backupName, peerID, keybag, secret, backup, &localError);
});
completion(localError);
CFReleaseSafe(localError);
}
CFDictionaryRef SecItemBackupCopyMatching(CFDataRef keybag, CFDataRef secret, CFDictionaryRef backup, CFDictionaryRef query, CFErrorRef *error) {
SecError(errSecUnimplemented, error, CFSTR("SecItemBackupCopyMatching unimplemented"));
return NULL;
}
bool SecBackupKeybagAdd(CFDataRef passcode, CFDataRef *identifier, CFURLRef *pathinfo, CFErrorRef *error) {
__block bool result = false;
os_activity_initiate("_SecServerBackupKeybagAdd", OS_ACTIVITY_FLAG_DEFAULT, ^{
securityd_send_sync_and_do(kSecXPCOpBackupKeybagAdd, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetDataOptional(message, kSecXPCKeyUserPassword, passcode, error);
}, ^bool(xpc_object_t response, CFErrorRef *error) {
result = SecXPCDictionaryCopyDataOptional(response, kSecXPCKeyBackupKeybagIdentifier, identifier, error) &&
SecXPCDictionaryCopyURLOptional(response, kSecXPCKeyBackupKeybagPath, pathinfo, error) &&
SecXPCDictionaryGetBool(response, kSecXPCKeyResult, error);
return result;
});
});
return result;
}
bool SecBackupKeybagDelete(CFDictionaryRef query, CFErrorRef *error) {
__block bool result = false;
os_activity_initiate("_SecBackupKeybagDelete", OS_ACTIVITY_FLAG_DEFAULT, ^{
securityd_send_sync_and_do(kSecXPCOpBackupKeybagDelete, error, ^bool(xpc_object_t message, CFErrorRef *error) {
return SecXPCDictionarySetPList(message, kSecXPCKeyQuery, query, error);
}, ^bool(xpc_object_t response, CFErrorRef *error) {
result = SecXPCDictionaryGetBool(response, kSecXPCKeyResult, error);
return result;
});
});
return result;
}