[apple/security.git] / keychain / ckks / CKKSTLKShareRecord.h

/*
 * Copyright (c) 2017 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

#if OCTAGON

#import <Foundation/Foundation.h>

#import "keychain/ckks/CKKS.h"
#import "keychain/ckks/CKKSItem.h"
#import "keychain/ckks/CKKSKey.h"
#import "keychain/ckks/CKKSPeer.h"
#import "keychain/ckks/CKKSTLKShare.h"

#import <SecurityFoundation/SFEncryptionOperation.h>
#import <SecurityFoundation/SFKey.h>

NS_ASSUME_NONNULL_BEGIN

@interface CKKSTLKShareRecord : CKKSCKRecordHolder
@property CKKSTLKShare* share;

// Passthroughs to the underlying share
@property (readonly) NSString* tlkUUID;

@property (readonly) NSString* senderPeerID;

@property (readonly) NSInteger epoch;
@property (readonly) NSInteger poisoned;

@property (readonly, nullable) NSData* wrappedTLK;
@property (readonly, nullable) NSData* signature;

- (instancetype)init NS_UNAVAILABLE;

- (CKKSKey* _Nullable)recoverTLK:(id<CKKSSelfPeer>)recoverer trustedPeers:(NSSet<id<CKKSPeer>>*)peers error:(NSError**)error;

+ (CKKSTLKShareRecord* _Nullable)share:(CKKSKey*)key
                              as:(id<CKKSSelfPeer>)sender
                              to:(id<CKKSPeer>)receiver
                           epoch:(NSInteger)epoch
                        poisoned:(NSInteger)poisoned
                           error:(NSError**)error;

- (bool)signatureVerifiesWithPeerSet:(NSSet<id<CKKSPeer>>*)peerSet error:(NSError**)error;

- (NSData*)dataForSigning;

// Database loading
+ (instancetype _Nullable)fromDatabase:(NSString*)uuid
                        receiverPeerID:(NSString*)receiverPeerID
                          senderPeerID:(NSString*)senderPeerID
                                zoneID:(CKRecordZoneID*)zoneID
                                 error:(NSError* __autoreleasing*)error;
+ (instancetype _Nullable)tryFromDatabase:(NSString*)uuid
                           receiverPeerID:(NSString*)receiverPeerID
                             senderPeerID:(NSString*)senderPeerID
                                   zoneID:(CKRecordZoneID*)zoneID
                                    error:(NSError**)error;
+ (NSArray<CKKSTLKShareRecord*>*)allFor:(NSString*)receiverPeerID
                          keyUUID:(NSString*)uuid
                           zoneID:(CKRecordZoneID*)zoneID
                            error:(NSError* __autoreleasing*)error;
+ (NSArray<CKKSTLKShareRecord*>*)allForUUID:(NSString*)uuid zoneID:(CKRecordZoneID*)zoneID error:(NSError**)error;
+ (NSArray<CKKSTLKShareRecord*>*)allInZone:(CKRecordZoneID*)zoneID error:(NSError**)error;
+ (instancetype _Nullable)tryFromDatabaseFromCKRecordID:(CKRecordID*)recordID error:(NSError**)error;

// Returns a prefix that all every CKKSTLKShare CKRecord will have
+ (NSString*)ckrecordPrefix;

// For tests
- (CKKSKey* _Nullable)unwrapUsing:(id<CKKSSelfPeer>)localPeer error:(NSError**)error;
- (NSData* _Nullable)signRecord:(SFECKeyPair*)signingKey error:(NSError**)error;
- (bool)verifySignature:(NSData*)signature verifyingPeer:(id<CKKSPeer>)peer error:(NSError**)error;
@end

NS_ASSUME_NONNULL_END

#endif  // OCTAGON
Commit	Line	Data
b54c578e A	1	/*
	2	* Copyright (c) 2017 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	#if OCTAGON
	25
	26	#import <Foundation/Foundation.h>
	27
	28	#import "keychain/ckks/CKKS.h"
	29	#import "keychain/ckks/CKKSItem.h"
	30	#import "keychain/ckks/CKKSKey.h"
	31	#import "keychain/ckks/CKKSPeer.h"
	32	#import "keychain/ckks/CKKSTLKShare.h"
	33
	34	#import <SecurityFoundation/SFEncryptionOperation.h>
	35	#import <SecurityFoundation/SFKey.h>
	36
	37	NS_ASSUME_NONNULL_BEGIN
	38
	39	@interface CKKSTLKShareRecord : CKKSCKRecordHolder
	40	@property CKKSTLKShare* share;
	41
	42	// Passthroughs to the underlying share
	43	@property (readonly) NSString* tlkUUID;
	44
	45	@property (readonly) NSString* senderPeerID;
	46
	47	@property (readonly) NSInteger epoch;
	48	@property (readonly) NSInteger poisoned;
	49
	50	@property (readonly, nullable) NSData* wrappedTLK;
	51	@property (readonly, nullable) NSData* signature;
	52
	53	- (instancetype)init NS_UNAVAILABLE;
	54
	55	- (CKKSKey* _Nullable)recoverTLK:(id<CKKSSelfPeer>)recoverer trustedPeers:(NSSet<id<CKKSPeer>>)peers error:(NSError*)error;
	56
	57	+ (CKKSTLKShareRecord* _Nullable)share:(CKKSKey*)key
	58	as:(id<CKKSSelfPeer>)sender
	59	to:(id<CKKSPeer>)receiver
	60	epoch:(NSInteger)epoch
	61	poisoned:(NSInteger)poisoned
	62	error:(NSError**)error;
	63
	64	- (bool)signatureVerifiesWithPeerSet:(NSSet<id<CKKSPeer>>)peerSet error:(NSError*)error;
65
66	- (NSData*)dataForSigning;
67
68	// Database loading
69	+ (instancetype _Nullable)fromDatabase:(NSString*)uuid
70	receiverPeerID:(NSString*)receiverPeerID
71	senderPeerID:(NSString*)senderPeerID
72	zoneID:(CKRecordZoneID*)zoneID
73	error:(NSError* __autoreleasing*)error;
74	+ (instancetype _Nullable)tryFromDatabase:(NSString*)uuid
75	receiverPeerID:(NSString*)receiverPeerID
76	senderPeerID:(NSString*)senderPeerID
77	zoneID:(CKRecordZoneID*)zoneID
78	error:(NSError**)error;
79	+ (NSArray<CKKSTLKShareRecord>)allFor:(NSString*)receiverPeerID
80	keyUUID:(NSString*)uuid
81	zoneID:(CKRecordZoneID*)zoneID
82	error:(NSError* __autoreleasing*)error;
83	+ (NSArray<CKKSTLKShareRecord>)allForUUID:(NSString)uuid zoneID:(CKRecordZoneID)zoneID error:(NSError**)error;
84	+ (NSArray<CKKSTLKShareRecord>)allInZone:(CKRecordZoneID)zoneID error:(NSError*)error;
85	+ (instancetype _Nullable)tryFromDatabaseFromCKRecordID:(CKRecordID)recordID error:(NSError*)error;
86
87	// Returns a prefix that all every CKKSTLKShare CKRecord will have
88	+ (NSString*)ckrecordPrefix;
89
90	// For tests
91	- (CKKSKey* _Nullable)unwrapUsing:(id<CKKSSelfPeer>)localPeer error:(NSError**)error;
92	- (NSData* _Nullable)signRecord:(SFECKeyPair)signingKey error:(NSError*)error;
93	- (bool)verifySignature:(NSData)signature verifyingPeer:(id<CKKSPeer>)peer error:(NSError*)error;
94	@end
95
96	NS_ASSUME_NONNULL_END
97
98	#endif // OCTAGON