OSX/sec/ProjectHeaders/Security/SecureObjectSync/SOSAccountPriv.h

   1 //
   2 //  SOSAccountPriv.h
   3 //  sec
   4 //
   5
   6 #ifndef sec_SOSAccountPriv_h
   7 #define sec_SOSAccountPriv_h
   8
   9 #include "SOSAccount.h"
  10
  11 #include <CoreFoundation/CoreFoundation.h>
  12 #include <CoreFoundation/CFRuntime.h>
  13 #include <utilities/SecCFWrappers.h>
  14 #include <utilities/SecCFError.h>
  15 #include <utilities/SecAKSWrappers.h>
  16
  17
  18 #include <Security/SecKeyPriv.h>
  19
  20 #include <utilities/der_plist.h>
  21 #include <utilities/der_plist_internal.h>
  22 #include <corecrypto/ccder.h>
  23
  24 #include <AssertMacros.h>
  25 #include <assert.h>
  26
  27 #import <notify.h>
  28
  29 #include <Security/SecureObjectSync/SOSInternal.h>
  30 #include <Security/SecureObjectSync/SOSCircle.h>
  31 #include <Security/SecureObjectSync/SOSCircleV2.h>
  32 #include <Security/SecureObjectSync/SOSRing.h>
  33 #include <Security/SecureObjectSync/SOSRingUtils.h>
  34 #include <Security/SecureObjectSync/SOSCloudCircle.h>
  35 #include <securityd/SOSCloudCircleServer.h>
  36 #include <Security/SecureObjectSync/SOSEngine.h>
  37 #include <Security/SecureObjectSync/SOSPeer.h>
  38 #include <Security/SecureObjectSync/SOSFullPeerInfo.h>
  39 #include <Security/SecureObjectSync/SOSPeerInfo.h>
  40 #include <Security/SecureObjectSync/SOSPeerInfoInternal.h>
  41 #include <Security/SecureObjectSync/SOSUserKeygen.h>
  42 #include <utilities/iCloudKeychainTrace.h>
  43
  44 #include <Security/SecItemPriv.h>
  45
  46 // TODO: Make this happier.
  47 #define ENABLE_V2_BACKUP 0
  48
  49 struct __OpaqueSOSAccount {
  50     CFRuntimeBase           _base;
  51
  52     CFDictionaryRef         gestalt;
  53
  54     CFDataRef               backup_key;
  55
  56     SOSFullPeerInfoRef      my_identity;
  57     SOSCircleRef            trusted_circle;
  58
  59     CFMutableDictionaryRef  trusted_rings;
  60     CFMutableDictionaryRef  backups;
  61
  62     CFMutableSetRef         retirees;
  63
  64     bool      user_public_trusted;
  65     CFDataRef user_key_parameters;
  66     SecKeyRef user_public;
  67     SecKeyRef previous_public;
  68     enum DepartureReason    departure_code;
  69     CFMutableDictionaryRef  expansion; // All CFTypes and Keys
  70
  71     // Non-persistent data
  72     dispatch_queue_t        queue;
  73     CFMutableDictionaryRef  notification_cleanups;
  74
  75     SOSDataSourceFactoryRef factory;
  76     SecKeyRef _user_private;
  77     CFDataRef _password_tmp;
  78
  79     dispatch_source_t user_private_timer;
  80     int               lock_notification_token;
  81
  82     SOSTransportKeyParameterRef key_transport;
  83     SOSTransportCircleRef       circle_transport;
  84     SOSTransportMessageRef      kvs_message_transport;
  85     SOSTransportMessageRef      ids_message_transport;
  86
  87     //indicates if changes in circle, rings, or retirements need to be pushed
  88     bool                         circle_rings_retirements_need_attention;
  89
  90     // Live Notification
  91     CFMutableArrayRef       change_blocks;
  92 };
  93
  94 SOSAccountRef SOSAccountCreateBasic(CFAllocatorRef allocator,
  95                                     CFDictionaryRef gestalt,
  96                                     SOSDataSourceFactoryRef factory);
  97
  98 bool SOSAccountEnsureFactoryCircles(SOSAccountRef a);
  99
 100 void SOSAccountSetToNew(SOSAccountRef a);
 101
 102 bool SOSAccountIsMyPeerActive(SOSAccountRef account, CFErrorRef* error);
 103
 104 SOSTransportMessageRef SOSAccountGetMessageTransportFor(SOSAccountRef account, SOSPeerInfoRef peerInfo);
 105
 106 // MARK: In Sync checking
 107
 108 void SOSAccountEnsureSyncChecking(SOSAccountRef account);
 109 void SOSAccountCancelSyncChecking(SOSAccountRef account);
 110 bool SOSAccountCheckHasBeenInSync(SOSAccountRef account);
 111
 112 void SOSAccountCleanupNotificationForAllPeers(SOSAccountRef account);
 113
 114
 115 // MARK: DER Stuff
 116
 117
 118 size_t der_sizeof_data_or_null(CFDataRef data, CFErrorRef* error);
 119
 120 uint8_t* der_encode_data_or_null(CFDataRef data, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
 121
 122 const uint8_t* der_decode_data_or_null(CFAllocatorRef allocator, CFDataRef* data,
 123                                        CFErrorRef* error,
 124                                        const uint8_t* der, const uint8_t* der_end);
 125
 126 size_t der_sizeof_fullpeer_or_null(SOSFullPeerInfoRef data, CFErrorRef* error);
 127
 128 uint8_t* der_encode_fullpeer_or_null(SOSFullPeerInfoRef data, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
 129
 130 const uint8_t* der_decode_fullpeer_or_null(CFAllocatorRef allocator, SOSFullPeerInfoRef* data,
 131                                        CFErrorRef* error,
 132                                        const uint8_t* der, const uint8_t* der_end);
 133
 134
 135 size_t der_sizeof_public_bytes(SecKeyRef publicKey, CFErrorRef* error);
 136
 137 uint8_t* der_encode_public_bytes(SecKeyRef publicKey, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
 138
 139 const uint8_t* der_decode_public_bytes(CFAllocatorRef allocator, CFIndex algorithmID, SecKeyRef* publicKey, CFErrorRef* error, const uint8_t* der, const uint8_t* der_end);
 140
 141
 142 // Persistence
 143
 144 SOSAccountRef SOSAccountCreateFromDER(CFAllocatorRef allocator,
 145                                       SOSDataSourceFactoryRef factory,
 146                                       CFErrorRef* error,
 147                                       const uint8_t** der_p, const uint8_t *der_end);
 148
 149 SOSAccountRef SOSAccountCreateFromData(CFAllocatorRef allocator, CFDataRef circleData,
 150                                        SOSDataSourceFactoryRef factory,
 151                                        CFErrorRef* error);
 152
 153 size_t SOSAccountGetDEREncodedSize(SOSAccountRef account, CFErrorRef *error);
 154
 155 uint8_t* SOSAccountEncodeToDER(SOSAccountRef account, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
 156
 157 CFDataRef SOSAccountCopyEncodedData(SOSAccountRef account, CFAllocatorRef allocator, CFErrorRef *error);
 158
 159 // Update
 160
 161 bool SOSAccountHandleCircleMessage(SOSAccountRef account,
 162                                    CFStringRef circleName, CFDataRef encodedCircleMessage, CFErrorRef *error);
 163
 164 CF_RETURNS_RETAINED
 165 CFDictionaryRef SOSAccountHandleRetirementMessages(SOSAccountRef account, CFDictionaryRef circle_retirement_messages, CFErrorRef *error);
 166
 167
 168 bool SOSAccountHandleUpdateCircle(SOSAccountRef account,
 169                                   SOSCircleRef prospective_circle,
 170                                   bool writeUpdate,
 171                                   CFErrorRef *error);
 172
 173 void SOSAccountNotifyEngines(SOSAccountRef account);
 174
 175 bool SOSAccountSyncingV0(SOSAccountRef account);
 176
 177 // My Peer
 178 bool SOSAccountHasFullPeerInfo(SOSAccountRef account, CFErrorRef* error);
 179 SOSPeerInfoRef SOSAccountGetMyPeerInfo(SOSAccountRef account);
 180 SOSFullPeerInfoRef SOSAccountGetMyFullPeerInfo(SOSAccountRef account);
 181 CFStringRef SOSAccountGetMyPeerID(SOSAccountRef a);
 182 bool SOSAccountIsMyPeerInBackupAndCurrentInView(SOSAccountRef account, CFStringRef viewname);
 183 bool SOSAccountUpdateOurPeerInBackup(SOSAccountRef account, SOSRingRef oldRing, CFErrorRef *error);
 184 bool SOSAccountIsPeerInBackupAndCurrentInView(SOSAccountRef account, SOSPeerInfoRef testPeer, CFStringRef viewname);
 185
 186 // Currently permitted backup rings.
 187 void SOSAccountForEachBackupRingName(SOSAccountRef account, void (^operation)(CFStringRef value));
 188
 189 // My Circle
 190 bool SOSAccountHasCircle(SOSAccountRef account, CFErrorRef* error);
 191 SOSCircleRef SOSAccountGetCircle(SOSAccountRef a, CFErrorRef *error);
 192 SOSCircleRef SOSAccountEnsureCircle(SOSAccountRef a, CFStringRef name, CFErrorRef *error);
 193
 194 bool SOSAccountUpdateCircleFromRemote(SOSAccountRef account, SOSCircleRef newCircle, CFErrorRef *error);
 195 bool SOSAccountUpdateCircle(SOSAccountRef account, SOSCircleRef newCircle, CFErrorRef *error);
 196 bool SOSAccountModifyCircle(SOSAccountRef account,
 197                             CFErrorRef* error,
 198                             bool (^action)(SOSCircleRef circle));
 199
 200 void AppendCircleKeyName(CFMutableArrayRef array, CFStringRef name);
 201
 202 CFStringRef SOSInterestListCopyDescription(CFArrayRef interests);
 203
 204
 205 // FullPeerInfos - including Cloud Identity
 206 SOSFullPeerInfoRef CopyCloudKeychainIdentity(SOSPeerInfoRef cloudPeer, CFErrorRef *error);
 207
 208 SecKeyRef GeneratePermanentFullECKey(int keySize, CFStringRef name, CFErrorRef* error);
 209
 210 bool SOSAccountEnsureFullPeerAvailable(SOSAccountRef account, CFErrorRef * error);
 211
 212 bool SOSAccountIsAccountIdentity(SOSAccountRef account, SOSPeerInfoRef peer_info, CFErrorRef *error);
 213
 214 SOSPeerInfoRef GenerateNewCloudIdentityPeerInfo(CFErrorRef *error);
 215
 216 // Credentials
 217 bool SOSAccountHasPublicKey(SOSAccountRef account, CFErrorRef* error);
 218 void SOSAccountSetPreviousPublic(SOSAccountRef account);
 219 bool SOSAccountPublishCloudParameters(SOSAccountRef account, CFErrorRef* error);
 220 bool SOSAccountRetrieveCloudParameters(SOSAccountRef account, SecKeyRef *newKey,
 221                                        CFDataRef derparms,
 222                                        CFDataRef *newParameters, CFErrorRef* error);
 223
 224 //DSID
 225 bool SOSAccountUpdateDSID(SOSAccountRef account, CFStringRef dsid);
 226
 227 //
 228 // Key extraction
 229 //
 230
 231 SecKeyRef SOSAccountCopyDeviceKey(SOSAccountRef account, CFErrorRef *error);
 232 SecKeyRef SOSAccountCopyPublicKeyForPeer(SOSAccountRef account, CFStringRef peer_id, CFErrorRef *error);
 233
 234 // Testing
 235 void SOSAccountSetLastDepartureReason(SOSAccountRef account, enum DepartureReason reason);
 236 void SOSAccountSetUserPublicTrustedForTesting(SOSAccountRef account);
 237
 238 static inline void CFArrayAppendValueIfNot(CFMutableArrayRef array, CFTypeRef value, CFTypeRef excludedValue)
 239 {
 240     if (!CFEqualSafe(value, excludedValue))
 241         CFArrayAppendValue(array, value);
 242 }
 243
 244 static inline CFMutableDictionaryRef CFDictionaryEnsureCFDictionaryAndGetCurrentValue(CFMutableDictionaryRef dict, CFTypeRef key)
 245 {
 246     CFMutableDictionaryRef result = (CFMutableDictionaryRef) CFDictionaryGetValue(dict, key);
 247
 248     if (!isDictionary(result)) {
 249         result = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
 250         CFDictionarySetValue(dict, key, result);
 251         CFReleaseSafe(result);
 252     }
 253
 254     return result;
 255 }
 256
 257 static inline CFMutableArrayRef CFDictionaryEnsureCFArrayAndGetCurrentValue(CFMutableDictionaryRef dict, CFTypeRef key)
 258 {
 259     CFMutableArrayRef result = (CFMutableArrayRef) CFDictionaryGetValue(dict, key);
 260
 261     if (!isArray(result)) {
 262         result = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
 263         CFDictionarySetValue(dict, key, result);
 264         CFReleaseSafe(result);
 265     }
 266
 267     return result;
 268 }
 269
 270 void SOSAccountPurgeIdentity(SOSAccountRef account);
 271 bool sosAccountLeaveCircle(SOSAccountRef account, SOSCircleRef circle, CFErrorRef* error);
 272 bool sosAccountLeaveRing(SOSAccountRef account, SOSRingRef ring, CFErrorRef* error);
 273 CFMutableDictionaryRef SOSAccountGetRings(SOSAccountRef a, CFErrorRef *error);
 274 CFMutableDictionaryRef SOSAccountGetBackups(SOSAccountRef a, CFErrorRef *error);
 275 bool SOSAccountUpdateBackUp(SOSAccountRef account, CFStringRef viewname, CFErrorRef *error);
 276
 277 bool SOSAccountEnsurePeerRegistration(SOSAccountRef account, CFErrorRef *error);
 278
 279 extern CFIndex whichTransportType;
 280 extern const CFStringRef kSOSDSIDKey;
 281 extern const CFStringRef SOSTransportMessageTypeIDS;
 282 extern const CFStringRef SOSTransportMessageTypeKVS;
 283
 284 extern const CFStringRef kSOSUnsyncedViewsKey;
 285
 286 typedef enum{
 287     kSOSTransportIDS = 1,
 288     kSOSTransportKVS = 2,
 289     kSOSTransportFuture = 3,
 290     kSOSTransportPresent = 4
 291 }TransportType;
 292
 293 SOSPeerInfoRef SOSAccountCopyPeerWithID(SOSAccountRef account, CFStringRef peerid, CFErrorRef *error);
 294
 295 bool SOSAccountSetValue(SOSAccountRef account, const void *key, const void *value, CFErrorRef *error);
 296 bool SOSAccountClearValue(SOSAccountRef account, const void *key, CFErrorRef *error);
 297 const void *SOSAccountGetValue(SOSAccountRef account, const void *key, CFErrorRef *error);
 298
 299 bool SOSAccountCheckForRings(SOSAccountRef a, CFErrorRef *error);
 300 bool SOSAccountHandleUpdateRing(SOSAccountRef account, SOSRingRef prospective_ring, bool writeUpdate, CFErrorRef *error);
 301 SOSRingRef SOSAccountGetRing(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
 302 SOSRingRef SOSAccountRingCreateForName(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
 303 bool SOSAccountEnsureRings(SOSAccountRef a, CFErrorRef *error);
 304 bool SOSAccountUpdateRingFromRemote(SOSAccountRef account, SOSRingRef newRing, CFErrorRef *error);
 305 bool SOSAccountUpdateRing(SOSAccountRef account, SOSRingRef newRing, CFErrorRef *error);
 306 bool SOSAccountModifyRing(SOSAccountRef account, CFStringRef ringName,
 307                           CFErrorRef* error,
 308                           bool (^action)(SOSRingRef ring));
 309 CFDataRef SOSAccountRingGetPayload(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error);
 310 SOSRingRef SOSAccountRingCopyWithPayload(SOSAccountRef account, CFStringRef ringName, CFDataRef payload, CFErrorRef *error);
 311 bool SOSAccountRemoveBackupPeers(SOSAccountRef account, CFArrayRef peerIDs, CFErrorRef *error);
 312
 313 //
 314 // MARK: Backup translation functions
 315 //
 316
 317 CFStringRef SOSBackupCopyRingNameForView(CFStringRef viewName);
 318
 319 #endif