//
// All unlocking activity ultimately funnels through this method.
// This unlocks a DbCommon using the secrets setup in its crypto core
// component, and performs all the housekeeping needed to represent
// the state change.
// Returns true if unlock was successful, false if it failed due to
// invalid/insufficient secrets. Throws on other errors.
//
bool KeychainDbCommon::unlockDb(DbBlob *blob, void **privateAclBlob)
{
try {
// Tell the cryptocore to (try to) decode itself. This will fail
// in an astonishing variety of ways if the passphrase is wrong.
assert(hasMaster());
decodeCore(blob, privateAclBlob);
secdebug("KCdb", "%p unlock successful", this);
} catch (...) {
secdebug("KCdb", "%p unlock failed", this);
return false;
}
// get the database parameters only if we haven't got them yet
if (!mValidParams) {
mParams = blob->params;
n2hi(mParams.idleTimeout);
mValidParams = true; // sticky
}
bool isLocked = mIsLocked;
setUnlocked(); // mark unlocked
if (isLocked) {
// broadcast unlock notification, but only if we were previously locked
notify(kNotificationEventUnlocked);
SECURITYD_KEYCHAIN_UNLOCK(this, (char*)this->dbName());
}
return true;
}
void KeychainKey::getHeader(CssmKey::Header &hdr)
{
assert(mValidBlob);
hdr = mBlob->header;
n2hi(hdr); // correct for endian-ness
}