keychain/ckks/CKKSItem.h

   1 /*
   2  * Copyright (c) 2016 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if OCTAGON
  25
  26 #import <CloudKit/CloudKit.h>
  27 #include <securityd/SecDbItem.h>
  28 #include <utilities/SecDb.h>
  29 #import "keychain/ckks/CKKS.h"
  30 #import "keychain/ckks/CKKSRecordHolder.h"
  31 #import "keychain/ckks/CKKSSQLDatabaseObject.h"
  32
  33 NS_ASSUME_NONNULL_BEGIN
  34
  35 @class CKKSWrappedAESSIVKey;
  36
  37 // Helper base class that includes UUIDs and key information
  38 @interface CKKSItem : CKKSCKRecordHolder
  39
  40 @property (copy) NSString* uuid;
  41 @property (copy) NSString* parentKeyUUID;
  42 @property (nullable, copy) NSData* encitem;
  43
  44 @property (nullable, getter=base64Item, setter=setBase64Item:) NSString* base64encitem;
  45
  46 @property (nullable, copy) CKKSWrappedAESSIVKey* wrappedkey;
  47 @property NSUInteger generationCount;
  48 @property enum SecCKKSItemEncryptionVersion encver;
  49
  50 @property (nullable) NSNumber* plaintextPCSServiceIdentifier;
  51 @property (nullable) NSData* plaintextPCSPublicKey;
  52 @property (nullable) NSData* plaintextPCSPublicIdentity;
  53
  54 // Used for item encryption and decryption. Attempts to be future-compatible for new CloudKit record fields with an optional
  55 // olditem field, which may contain a CK record. Any fields in that record that we don't understand will be added to the authenticated data dictionary.
  56 - (NSDictionary<NSString*, NSData*>*)makeAuthenticatedDataDictionaryUpdatingCKKSItem:(CKKSItem* _Nullable)olditem
  57                                                                    encryptionVersion:(SecCKKSItemEncryptionVersion)encversion;
  58
  59
  60 - (instancetype)initWithCKRecord:(CKRecord*)record;
  61 - (instancetype)initCopyingCKKSItem:(CKKSItem*)item;
  62
  63 // Use this one if you really don't have any more information
  64 - (instancetype)initWithUUID:(NSString*)uuid parentKeyUUID:(NSString*)parentKeyUUID zoneID:(CKRecordZoneID*)zoneID;
  65
  66 // Use this one if you don't have a CKRecord yet
  67 - (instancetype)initWithUUID:(NSString*)uuid
  68                parentKeyUUID:(NSString*)parentKeyUUID
  69                       zoneID:(CKRecordZoneID*)zoneID
  70                      encItem:(NSData* _Nullable)encitem
  71                   wrappedkey:(CKKSWrappedAESSIVKey* _Nullable)wrappedkey
  72              generationCount:(NSUInteger)genCount
  73                       encver:(NSUInteger)encver;
  74
  75 - (instancetype)initWithUUID:(NSString*)uuid
  76                parentKeyUUID:(NSString*)parentKeyUUID
  77                       zoneID:(CKRecordZoneID*)zoneID
  78              encodedCKRecord:(NSData* _Nullable)encodedrecord
  79                      encItem:(NSData* _Nullable)encitem
  80                   wrappedkey:(CKKSWrappedAESSIVKey* _Nullable)wrappedkey
  81              generationCount:(NSUInteger)genCount
  82                       encver:(NSUInteger)encver;
  83
  84 - (instancetype)initWithUUID:(NSString*)uuid
  85                     parentKeyUUID:(NSString*)parentKeyUUID
  86                            zoneID:(CKRecordZoneID*)zoneID
  87                   encodedCKRecord:(NSData* _Nullable)encodedrecord
  88                           encItem:(NSData* _Nullable)encitem
  89                        wrappedkey:(CKKSWrappedAESSIVKey* _Nullable)wrappedkey
  90                   generationCount:(NSUInteger)genCount
  91                            encver:(NSUInteger)encver
  92     plaintextPCSServiceIdentifier:(NSNumber* _Nullable)pcsServiceIdentifier
  93             plaintextPCSPublicKey:(NSData* _Nullable)pcsPublicKey
  94        plaintextPCSPublicIdentity:(NSData* _Nullable)pcsPublicIdentity;
  95
  96 // Convenience function: set the upload version for this record to be the current OS version
  97 + (void)setOSVersionInRecord:(CKRecord*)record;
  98
  99
 100 @end
 101
 102 @interface CKKSSQLDatabaseObject (CKKSZoneExtras)
 103 // Convenience function: get all UUIDs of this type on this particular zone
 104 + (NSArray<NSString*>*)allUUIDs:(CKRecordZoneID*)zoneID error:(NSError * __autoreleasing *)error;
 105
 106 // Convenience function: get all objects in this particular zone
 107 + (NSArray*)all:(CKRecordZoneID*)zoneID error:(NSError* _Nullable __autoreleasing* _Nullable)error;
 108
 109 // Convenience function: delete all records of this type with this zoneID
 110 + (bool)deleteAll:(CKRecordZoneID*)zoneID error:(NSError* _Nullable __autoreleasing* _Nullable)error;
 111 @end
 112
 113 NS_ASSUME_NONNULL_END
 114 #endif