#ifndef _SECAKSWRAPPERS_H_
#define _SECAKSWRAPPERS_H_
#include <TargetConditionals.h>
#include "utilities/SecCFError.h"
#include <AssertMacros.h>
#include <dispatch/dispatch.h>
#include <CoreFoundation/CFData.h>
#if defined(USE_KEYSTORE)
#define TARGET_HAS_KEYSTORE USE_KEYSTORE
#else
#if RC_HORIZON
#define TARGET_HAS_KEYSTORE 0
#elif TARGET_OS_SIMULATOR
#define TARGET_HAS_KEYSTORE 0
#elif TARGET_OS_OSX
#if TARGET_CPU_X86
#define TARGET_HAS_KEYSTORE 0
#else
#define TARGET_HAS_KEYSTORE 1
#endif
#elif TARGET_OS_IPHONE
#define TARGET_HAS_KEYSTORE 1
#else
#error "unknown keystore status for this platform"
#endif
#endif // USE_KEYSTORE
#if __has_include(<libaks.h>)
#include <libaks.h>
#else
#undef INCLUDE_MOCK_AKS
#define INCLUDE_MOCK_AKS 1
#endif
#if __has_include(<MobileKeyBag/MobileKeyBag.h>)
#include <MobileKeyBag/MobileKeyBag.h>
#else
#undef INCLUDE_MOCK_AKS
#define INCLUDE_MOCK_AKS 1
#endif
#if INCLUDE_MOCK_AKS
#include "tests/secdmockaks/mockaks.h"
#endif
bool hwaes_key_available(void);
enum {
user_keybag_handle = (TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR) ? device_keybag_handle : session_keybag_handle,
};
extern const char * const kUserKeybagStateChangeNotification;
static inline bool SecAKSGetLockedState(keybag_state_t *state, CFErrorRef* error)
{
kern_return_t status = aks_get_lock_state(user_keybag_handle, state);
return SecKernError(status, error, CFSTR("aks_get_lock_state failed: %x"), status);
}
static inline bool SecAKSLockedAnyStateBitIsSet(bool* isSet, keybag_state_t bits, CFErrorRef* error)
{
keybag_state_t state;
bool success = SecAKSGetLockedState(&state, error);
require_quiet(success, exit);
if (isSet)
*isSet = (state & bits);
exit:
return success;
}
static inline bool SecAKSGetIsLocked(bool* isLocked, CFErrorRef* error)
{
return SecAKSLockedAnyStateBitIsSet(isLocked, keybag_state_locked, error);
}
static inline bool SecAKSGetIsUnlocked(bool* isUnlocked, CFErrorRef* error)
{
bool isLocked = false;
bool success = SecAKSGetIsLocked(&isLocked, error);
if (success && isUnlocked)
*isUnlocked = !isLocked;
return success;
}
static inline bool SecAKSGetHasBeenUnlocked(bool* hasBeenUnlocked, CFErrorRef* error)
{
return SecAKSLockedAnyStateBitIsSet(hasBeenUnlocked, keybag_state_been_unlocked, error);
}
bool SecAKSDoWithUserBagLockAssertion(CFErrorRef *error, dispatch_block_t action);
bool SecAKSDoWithUserBagLockAssertionSoftly(dispatch_block_t action);
bool SecAKSUserKeybagDropLockAssertion(CFErrorRef *error);
bool SecAKSUserKeybagHoldLockAssertion(uint64_t timeout, CFErrorRef *error);
CFDataRef SecAKSCopyBackupBagWithSecret(size_t size, uint8_t *secret, CFErrorRef *error);
keyclass_t SecAKSSanitizedKeyclass(keyclass_t keyclass);
#endif