projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| 427c49bc | 1 | /* |
| d8f41ccd A |
2 | * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. |
| 3 | * | |
| 4 | * @APPLE_LICENSE_HEADER_START@ | |
| 5 | * | |
| 6 | * This file contains Original Code and/or Modifications of Original Code | |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. Please obtain a copy of the License at | |
| 10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
| 11 | * file. | |
| 12 | * | |
| 13 | * The Original Code and all software distributed under the License are | |
| 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 18 | * Please see the License for the specific language governing rights and | |
| 19 | * limitations under the License. | |
| 20 | * | |
| 21 | * @APPLE_LICENSE_HEADER_END@ | |
| 427c49bc A |
22 | */ |
| 23 | ||
| d8f41ccd | 24 | |
| 427c49bc A |
25 | /*! |
| 26 | @header SOSAccount.h | |
| 27 | The functions provided in SOSCircle.h provide an interface to a | |
| 28 | secure object syncing circle for a single class | |
| 29 | */ | |
| 30 | ||
| 31 | #ifndef _SOSACCOUNT_H_ | |
| 32 | #define _SOSACCOUNT_H_ | |
| 33 | ||
| 34 | #include <CoreFoundation/CoreFoundation.h> | |
| 866f8763 | 35 | #include <Foundation/Foundation.h> |
| b54c578e A |
36 | #include "keychain/SecureObjectSync/SOSAccountPriv.h" |
| 37 | #include "keychain/SecureObjectSync/SOSCircle.h" | |
| 38 | #include "keychain/SecureObjectSync/SOSFullPeerInfo.h" | |
| 5c19dc3a A |
39 | #include <Security/SecureObjectSync/SOSCloudCircle.h> |
| 40 | #include <Security/SecureObjectSync/SOSCloudCircleInternal.h> | |
| b54c578e A |
41 | #include "keychain/SecureObjectSync/SOSTransportCircle.h" |
| 42 | #include "keychain/SecureObjectSync/SOSRing.h" | |
| 43 | #include "keychain/SecureObjectSync/SOSRecoveryKeyBag.h" | |
| 44 | #import "keychain/SecureObjectSync/SOSAccountTransaction.h" | |
| 427c49bc A |
45 | #include <dispatch/dispatch.h> |
| 46 | ||
| d64be36e A |
47 | extern NSString* const kSOSIdentityStatusCompleteIdentity; |
| 48 | extern NSString* const kSOSIdentityStatusKeyOnly; | |
| 49 | extern NSString* const kSOSIdentityStatusPeerOnly; | |
| 50 | ||
| 866f8763 A |
51 | @class SOSAccount; |
| 52 | ||
| 427c49bc A |
53 | __BEGIN_DECLS |
| 54 | ||
| 55 | #define RETIREMENT_FINALIZATION_SECONDS (24*60*60) | |
| 56 | ||
| 79b9da22 A |
57 | typedef void (^SOSAccountCircleMembershipChangeBlock)(SOSAccount* account, |
| 58 | SOSCircleRef new_circle, | |
| d8f41ccd A |
59 | CFSetRef added_peers, CFSetRef removed_peers, |
| 60 | CFSetRef added_applicants, CFSetRef removed_applicants); | |
| 427c49bc | 61 | |
| 866f8763 A |
62 | CFTypeID SOSAccountGetTypeID(void); |
| 63 | ||
| 64 | SOSAccount* SOSAccountCreate(CFAllocatorRef allocator, | |
| d8f41ccd A |
65 | CFDictionaryRef gestalt, |
| 66 | SOSDataSourceFactoryRef factory); | |
| 427c49bc | 67 | |
| 427c49bc A |
68 | // |
| 69 | // MARK: Credential management | |
| 70 | // | |
| 71 | ||
| 866f8763 A |
72 | SecKeyRef SOSAccountGetTrustedPublicCredential(SOSAccount* account, CFErrorRef* error); |
| 73 | ||
| 74 | SecKeyRef SOSAccountGetPrivateCredential(SOSAccount* account, CFErrorRef* error); | |
| 75 | CFDataRef SOSAccountGetCachedPassword(SOSAccount* account, CFErrorRef* error); | |
| 76 | void SOSAccountStashAccountKey(SOSAccount* account); | |
| 77 | SecKeyRef SOSAccountCopyStashedUserPrivateKey(SOSAccount* account, CFErrorRef *error); | |
| fa7225c8 | 78 | |
| 866f8763 | 79 | void SOSAccountSetParameters(SOSAccount* account, CFDataRef parameters); |
| 5c19dc3a | 80 | |
| 866f8763 | 81 | void SOSAccountPurgePrivateCredential(SOSAccount* account); |
| e0e0d90e | 82 | |
| 866f8763 | 83 | void SOSAccountRestartPrivateCredentialTimer(SOSAccount* account); |
| 427c49bc | 84 | |
| 866f8763 | 85 | bool SOSAccountTryUserCredentials(SOSAccount* account, |
| 427c49bc A |
86 | CFStringRef user_account, CFDataRef user_password, |
| 87 | CFErrorRef *error); | |
| 88 | ||
| 866f8763 A |
89 | bool SOSAccountTryUserPrivateKey(SOSAccount* account, SecKeyRef user_private, CFErrorRef *error); |
| 90 | ||
| 91 | bool SOSAccountValidateAccountCredential(SOSAccount* account, SecKeyRef accountPrivateKey, CFErrorRef *error); | |
| 92 | bool SOSAccountAssertStashedAccountCredential(SOSAccount* account, CFErrorRef *error); | |
| 93 | bool SOSAccountAssertUserCredentials(SOSAccount* account, | |
| 427c49bc A |
94 | CFStringRef user_account, CFDataRef user_password, |
| 95 | CFErrorRef *error); | |
| 96 | ||
| 866f8763 A |
97 | bool SOSAccountRetryUserCredentials(SOSAccount* account); |
| 98 | void SOSAccountSetUnTrustedUserPublicKey(SOSAccount* account, SecKeyRef publicKey); | |
| 5c19dc3a | 99 | |
| 866f8763 | 100 | bool SOSAccountGenerationSignatureUpdate(SOSAccount* account, CFErrorRef *error); |
| 427c49bc A |
101 | |
| 102 | // | |
| 103 | // MARK: Circle management | |
| 104 | // | |
| 427c49bc | 105 | |
| 866f8763 A |
106 | bool SOSAccountUpdateCircle(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error); |
| 107 | void SOSTransportEachMessage(SOSAccount* account, CFDictionaryRef updates, CFErrorRef *error); | |
| 427c49bc A |
108 | |
| 109 | ||
| fa7225c8 | 110 | CFStringRef SOSAccountGetSOSCCStatusString(SOSCCStatus status); |
| 866f8763 | 111 | SOSCCStatus SOSAccountGetSOSCCStatusFromString(CFStringRef status); |
| d64be36e A |
112 | bool SOSAccountJoinCircles(SOSAccountTransaction* aTxn, CFErrorRef* error); |
| 113 | bool SOSAccountJoinCirclesAfterRestore(SOSAccountTransaction* aTxn, CFErrorRef* error); | |
| 114 | bool SOSAccountRemovePeersFromCircle(SOSAccount* account, CFArrayRef peers, CFErrorRef* error); | |
| 866f8763 A |
115 | bool SOSAccountBail(SOSAccount* account, uint64_t limit_in_seconds, CFErrorRef* error); |
| 116 | bool SOSAccountAcceptApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error); | |
| 117 | bool SOSAccountRejectApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error); | |
| 427c49bc | 118 | |
| 866f8763 A |
119 | bool SOSValidateUserPublic(SOSAccount* account, CFErrorRef* error); |
| 120 | ||
| 121 | void SOSAccountForEachCirclePeerExceptMe(SOSAccount* account, void (^action)(SOSPeerInfoRef peer)); | |
| 122 | ||
| 123 | CFArrayRef SOSAccountCopyApplicants(SOSAccount* account, CFErrorRef *error); | |
| 124 | CFArrayRef SOSAccountCopyGeneration(SOSAccount* account, CFErrorRef *error); | |
| 125 | CFArrayRef SOSAccountCopyValidPeers(SOSAccount* account, CFErrorRef *error); | |
| 126 | CFArrayRef SOSAccountCopyPeersToListenTo(SOSAccount* account, CFErrorRef *error); | |
| 127 | CFArrayRef SOSAccountCopyNotValidPeers(SOSAccount* account, CFErrorRef *error); | |
| 128 | CFArrayRef SOSAccountCopyRetired(SOSAccount* account, CFErrorRef *error); | |
| 129 | CFArrayRef SOSAccountCopyViewUnaware(SOSAccount* account, CFErrorRef *error); | |
| 130 | CFArrayRef SOSAccountCopyPeers(SOSAccount* account, CFErrorRef *error); | |
| 131 | CFArrayRef SOSAccountCopyActivePeers(SOSAccount* account, CFErrorRef *error); | |
| ecaf5866 | 132 | CFArrayRef CF_RETURNS_RETAINED SOSAccountCopyActiveValidPeers(SOSAccount* account, CFErrorRef *error); |
| 866f8763 A |
133 | CFArrayRef SOSAccountCopyConcurringPeers(SOSAccount* account, CFErrorRef *error); |
| 134 | ||
| 135 | bool SOSAccountIsAccountIdentity(SOSAccount* account, SOSPeerInfoRef peer_info, CFErrorRef *error); | |
| 136 | ||
| 137 | enum DepartureReason SOSAccountGetLastDepartureReason(SOSAccount* account, CFErrorRef* error); | |
| fa7225c8 A |
138 | |
| 139 | // | |
| 866f8763 | 140 | // MARK: iCloud Identity |
| fa7225c8 | 141 | // |
| 866f8763 | 142 | bool SOSAccountRemoveIncompleteiCloudIdentities(SOSAccount* account, SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error); |
| fa7225c8 | 143 | |
| 427c49bc A |
144 | // |
| 145 | // MARK: Change blocks | |
| 146 | // | |
| 866f8763 A |
147 | void SOSAccountAddChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock); |
| 148 | void SOSAccountRemoveChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock); | |
| 427c49bc | 149 | |
| d8f41ccd | 150 | |
| 427c49bc A |
151 | // |
| 152 | // MARK: Local device gestalt change. | |
| 153 | // | |
| 866f8763 | 154 | CFDictionaryRef SOSAccountCopyGestalt(SOSAccount* account); |
| 6b200bc3 | 155 | |
| 866f8763 | 156 | CFDictionaryRef SOSAccountCopyV2Dictionary(SOSAccount* account); |
| 6b200bc3 | 157 | |
| 866f8763 | 158 | void SOSAccountPendDisableViewSet(SOSAccount* account, CFSetRef disabledViews); |
| 6b200bc3 | 159 | |
| 866f8763 A |
160 | void SOSAccountUpdateOutOfSyncViews(SOSAccountTransaction* aTxn, CFSetRef viewsInSync); |
| 161 | void SOSAccountPeerGotInSync(SOSAccountTransaction* aTxn, CFStringRef peerID, CFSetRef views); | |
| 5c19dc3a | 162 | |
| 866f8763 | 163 | bool SOSAccountHandleParametersChange(SOSAccount* account, CFDataRef updates, CFErrorRef *error); |
| 427c49bc | 164 | |
| d64be36e A |
165 | // |
| 166 | // MARK: Local device key access from account object - can call without lock without endangering peerinfo. | |
| 167 | // | |
| 168 | SecKeyRef SOSAccountCopyDevicePrivateKey(SOSAccount* account, CFErrorRef *error); | |
| 169 | SecKeyRef SOSAccountCopyDevicePublicKey(SOSAccount* account, CFErrorRef *error); | |
| 170 | ||
| 6b200bc3 A |
171 | // |
| 172 | // MARK: Requests for syncing later | |
| 173 | // | |
| 866f8763 A |
174 | bool SOSAccountRequestSyncWithAllPeers(SOSAccountTransaction* txn, CFErrorRef *error); |
| 175 | CF_RETURNS_RETAINED CFMutableSetRef SOSAccountSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peerIDs, CFErrorRef *error); | |
| 866f8763 A |
176 | CFSetRef SOSAccountSyncWithPeersOverKVS(SOSAccountTransaction* txn, CFSetRef peers); |
| 177 | bool SOSAccountInflateTransports(SOSAccount* account, CFStringRef circleName, CFErrorRef *error); | |
| 6b200bc3 | 178 | |
| 805875f8 A |
179 | void |
| 180 | SOSAccountTriggerSyncWithBackupPeer(CFStringRef peer); | |
| 181 | ||
| 6b200bc3 A |
182 | // |
| 183 | // MARK: Outgoing/Sync functions | |
| 184 | // | |
| 185 | ||
| 866f8763 | 186 | bool SOSAccountSyncWithKVSPeerWithMessage(SOSAccountTransaction* txn, CFStringRef peerid, CFDataRef message, CFErrorRef *error); |
| 6b200bc3 | 187 | |
| 866f8763 A |
188 | CF_RETURNS_RETAINED CFSetRef SOSAccountProcessSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peers, CFSetRef /* CFStringRef */ backupPeers, CFErrorRef *error); |
| 189 | CF_RETURNS_RETAINED CFSetRef SOSAccountCopyBackupPeersAndForceSync(SOSAccountTransaction* txn, CFErrorRef *error); | |
| fa7225c8 | 190 | |
| 6b200bc3 A |
191 | // |
| 192 | // MARK: Cleanup functions | |
| 193 | // | |
| 427c49bc | 194 | |
| 866f8763 | 195 | bool SOSAccountScanForRetired(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error); |
| ecaf5866 | 196 | CF_RETURNS_RETAINED SOSCircleRef SOSAccountCloneCircleWithRetirement(SOSAccount* account, SOSCircleRef starting_circle, CFErrorRef *error); |
| 5c19dc3a | 197 | |
| 427c49bc | 198 | // |
| 5c19dc3a | 199 | // MARK: Backup functions |
| 427c49bc A |
200 | // |
| 201 | ||
| 866f8763 A |
202 | bool SOSAccountIsBackupRingEmpty(SOSAccount* account, CFStringRef viewName); |
| 203 | bool SOSAccountNewBKSBForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error); | |
| 5c19dc3a | 204 | |
| d64be36e | 205 | void SOSAccountProcessBackupRings(SOSAccount* account); |
| b54c578e | 206 | bool SOSAccountValidateBackupRingForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error); |
| 866f8763 A |
207 | bool SOSAccountSetBackupPublicKey(SOSAccountTransaction* aTxn, CFDataRef backupKey, CFErrorRef *error); |
| 208 | bool SOSAccountRemoveBackupPublickey(SOSAccountTransaction* aTxn, CFErrorRef *error); | |
| 79b9da22 | 209 | bool SOSAccountBackupUpdateBackupPublicKey(SOSAccount *account, CFDataRef backupKey); |
| 866f8763 | 210 | bool SOSAccountSetBSKBagForAllSlices(SOSAccount* account, CFDataRef backupSlice, bool setupV0Only, CFErrorRef *error); |
| 5c19dc3a | 211 | |
| ecaf5866 | 212 | CF_RETURNS_RETAINED SOSBackupSliceKeyBagRef SOSAccountBackupSliceKeyBagForView(SOSAccount* account, CFStringRef viewName, CFErrorRef* error); |
| e3d460c9 | 213 | |
| 6b200bc3 A |
214 | // |
| 215 | // MARK: Recovery Public Key Functions | |
| 216 | // | |
| 866f8763 A |
217 | bool SOSAccountRegisterRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error); |
| 218 | CFDataRef SOSAccountCopyRecoveryPublicKey(SOSAccountTransaction* txn, CFErrorRef *error); | |
| 219 | bool SOSAccountClearRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error); | |
| b54c578e A |
220 | |
| 221 | ||
| 222 | // Internal calls that sets or clears Recovery Keys for the Account Object Provided by Clients | |
| 866f8763 A |
223 | bool SOSAccountSetRecoveryKey(SOSAccount* account, CFDataRef pubData, CFErrorRef *error); |
| 224 | bool SOSAccountRemoveRecoveryKey(SOSAccount* account, CFErrorRef *error); | |
| b54c578e A |
225 | |
| 226 | ||
| 866f8763 A |
227 | CFDataRef SOSAccountCopyRecoveryPublic(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error); |
| 228 | bool SOSAccountRecoveryKeyIsInBackupAndCurrentInView(SOSAccount* account, CFStringRef viewname); | |
| 229 | bool SOSAccountSetRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error); | |
| 230 | SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error); | |
| 231 | void SOSAccountEnsureRecoveryRing(SOSAccount* account); | |
| 6b200bc3 | 232 | |
| 5c19dc3a A |
233 | // |
| 234 | // MARK: Private functions | |
| 235 | // | |
| 427c49bc | 236 | |
| 866f8763 | 237 | dispatch_queue_t SOSAccountGetQueue(SOSAccount* account); |
| 427c49bc | 238 | |
| d8f41ccd | 239 | typedef bool (^SOSAccountSendBlock)(CFStringRef key, CFDataRef message, CFErrorRef *error); |
| 427c49bc A |
240 | |
| 241 | // | |
| 242 | // MARK: Utility functions | |
| 243 | // | |
| 244 | ||
| 245 | CFStringRef SOSInterestListCopyDescription(CFArrayRef interests); | |
| 246 | ||
| fa7225c8 A |
247 | // |
| 248 | // MARK: HSA2 Piggyback Support Functions | |
| 249 | // | |
| 866f8763 A |
250 | SOSPeerInfoRef SOSAccountCopyApplication(SOSAccount* account, CFErrorRef*); |
| 251 | CFDataRef SOSAccountCopyCircleJoiningBlob(SOSAccount* account, SOSPeerInfoRef applicant, CFErrorRef *error); | |
| 252 | bool SOSAccountJoinWithCircleJoiningBlob(SOSAccount* account, CFDataRef joiningBlob, PiggyBackProtocolVersion version, CFErrorRef *error); | |
| 7fb2cbd2 | 253 | CFDataRef SOSAccountCopyInitialSyncData(SOSAccount* account, SOSInitialSyncFlags flags, CFErrorRef *error); |
| 866f8763 | 254 | |
| fa7225c8 A |
255 | // |
| 256 | // MARK: Initial-Sync | |
| 257 | // | |
| 866f8763 | 258 | CFMutableSetRef SOSAccountCopyUnsyncedInitialViews(SOSAccount* account); |
| fa7225c8 A |
259 | |
| 260 | // | |
| 261 | // MARK: State Logging | |
| 262 | // | |
| 866f8763 A |
263 | void SOSAccountLogState(SOSAccount* account); |
| 264 | void SOSAccountLogViewState(SOSAccount* account); | |
| 265 | void SOSAccountConsiderLoggingEngineState(SOSAccountTransaction* txn); | |
| fa7225c8 A |
266 | |
| 267 | // | |
| 268 | // MARK: Checking other peer views | |
| 269 | // | |
| 270 | ||
| 866f8763 | 271 | CFBooleanRef SOSAccountPeersHaveViewsEnabled(SOSAccount* account, CFArrayRef viewNames, CFErrorRef *error); |
| fa7225c8 | 272 | |
| 866f8763 A |
273 | void SOSAccountSetTestSerialNumber(SOSAccount* account, CFStringRef serial); |
| 274 | SOSViewResultCode SOSAccountVirtualV0Behavior(SOSAccount* account, SOSViewActionCode actionCode); | |
| 275 | ||
| 276 | ||
| 277 | bool SOSAccountIsPeerRetired(SOSAccount* account, CFSetRef peers); | |
| 278 | void SOSAccountNotifyOfChange(SOSAccount* account, SOSCircleRef oldCircle, SOSCircleRef newCircle); | |
| 6b200bc3 A |
279 | |
| 280 | ||
| 281 | // | |
| 282 | // MARK: Syncing status functions | |
| 283 | // | |
| 866f8763 A |
284 | bool SOSAccountMessageFromPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error); |
| 285 | bool SOSAccountSendToPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error); | |
| 286 | ||
| 287 | // | |
| 288 | // MARK: OTR | |
| 289 | // | |
| ecaf5866 | 290 | void SOSAccountResetOTRNegotiationCoder(SOSAccount* account, CFStringRef peerid); |
| 866f8763 A |
291 | void SOSAccountTimerFiredSendNextMessage(SOSAccountTransaction* txn, NSString* peerid, NSString* accessGroup); |
| 292 | ||
| 7fb2cbd2 | 293 | NSArray<NSDictionary *>* SOSAccountGetAllTLKs(void); |
| d64be36e A |
294 | NSArray<NSDictionary *>* SOSAccountGetSelectedTLKs(void); |
| 295 | ||
| ecaf5866 | 296 | CF_RETURNS_RETAINED CFMutableArrayRef SOSAccountCopyiCloudIdentities(SOSAccount* account); |
| 6b200bc3 | 297 | |
| 650c69f3 A |
298 | bool SOSAccountEvaluateKeysAndCircle(SOSAccountTransaction *txn, CFErrorRef *block_error); |
| 299 | ||
| 427c49bc A |
300 | __END_DECLS |
| 301 | ||
| 302 | #endif /* !_SOSACCOUNT_H_ */ |