]> git.saurik.com Git - apple/security.git/blob - keychain/SecureObjectSync/SOSAccount.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.120.7.tar.gz
[apple/security.git] / keychain / SecureObjectSync / SOSAccount.h
1 /*
2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 /*!
26 @header SOSAccount.h
27 The functions provided in SOSCircle.h provide an interface to a
28 secure object syncing circle for a single class
29 */
30
31 #ifndef _SOSACCOUNT_H_
32 #define _SOSACCOUNT_H_
33
34 #include <CoreFoundation/CoreFoundation.h>
35 #include <Foundation/Foundation.h>
36 #include "keychain/SecureObjectSync/SOSAccountPriv.h"
37 #include "keychain/SecureObjectSync/SOSCircle.h"
38 #include "keychain/SecureObjectSync/SOSFullPeerInfo.h"
39 #include <Security/SecureObjectSync/SOSCloudCircle.h>
40 #include <Security/SecureObjectSync/SOSCloudCircleInternal.h>
41 #include "keychain/SecureObjectSync/SOSTransportCircle.h"
42 #include "keychain/SecureObjectSync/SOSRing.h"
43 #include "keychain/SecureObjectSync/SOSRecoveryKeyBag.h"
44 #import "keychain/SecureObjectSync/SOSAccountTransaction.h"
45 #include <dispatch/dispatch.h>
46
47 @class SOSAccount;
48
49 __BEGIN_DECLS
50
51 #define RETIREMENT_FINALIZATION_SECONDS (24*60*60)
52
53 typedef void (^SOSAccountCircleMembershipChangeBlock)(SOSAccount* account,
54 SOSCircleRef new_circle,
55 CFSetRef added_peers, CFSetRef removed_peers,
56 CFSetRef added_applicants, CFSetRef removed_applicants);
57
58 CFTypeID SOSAccountGetTypeID(void);
59
60 SOSAccount* SOSAccountCreate(CFAllocatorRef allocator,
61 CFDictionaryRef gestalt,
62 SOSDataSourceFactoryRef factory);
63
64 //
65 // MARK: Credential management
66 //
67
68 SecKeyRef SOSAccountGetTrustedPublicCredential(SOSAccount* account, CFErrorRef* error);
69
70 SecKeyRef SOSAccountGetPrivateCredential(SOSAccount* account, CFErrorRef* error);
71 CFDataRef SOSAccountGetCachedPassword(SOSAccount* account, CFErrorRef* error);
72 void SOSAccountStashAccountKey(SOSAccount* account);
73 SecKeyRef SOSAccountCopyStashedUserPrivateKey(SOSAccount* account, CFErrorRef *error);
74
75 void SOSAccountSetParameters(SOSAccount* account, CFDataRef parameters);
76
77 void SOSAccountPurgePrivateCredential(SOSAccount* account);
78
79 void SOSAccountRestartPrivateCredentialTimer(SOSAccount* account);
80
81 bool SOSAccountTryUserCredentials(SOSAccount* account,
82 CFStringRef user_account, CFDataRef user_password,
83 CFErrorRef *error);
84
85 bool SOSAccountTryUserPrivateKey(SOSAccount* account, SecKeyRef user_private, CFErrorRef *error);
86
87 bool SOSAccountValidateAccountCredential(SOSAccount* account, SecKeyRef accountPrivateKey, CFErrorRef *error);
88 bool SOSAccountAssertStashedAccountCredential(SOSAccount* account, CFErrorRef *error);
89 bool SOSAccountAssertUserCredentials(SOSAccount* account,
90 CFStringRef user_account, CFDataRef user_password,
91 CFErrorRef *error);
92
93 bool SOSAccountRetryUserCredentials(SOSAccount* account);
94 void SOSAccountSetUnTrustedUserPublicKey(SOSAccount* account, SecKeyRef publicKey);
95
96 bool SOSAccountGenerationSignatureUpdate(SOSAccount* account, CFErrorRef *error);
97
98 //
99 // MARK: Circle management
100 //
101
102 bool SOSAccountUpdateCircle(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error);
103 void SOSTransportEachMessage(SOSAccount* account, CFDictionaryRef updates, CFErrorRef *error);
104
105
106 CFStringRef SOSAccountGetSOSCCStatusString(SOSCCStatus status);
107 SOSCCStatus SOSAccountGetSOSCCStatusFromString(CFStringRef status);
108 bool SOSAccountJoinCircles(SOSAccountTransaction* aTxn, NSData* parentEvent, CFErrorRef* error);
109 bool SOSAccountJoinCirclesAfterRestore(SOSAccountTransaction* aTxn, NSData* parentEvent, CFErrorRef* error);
110 bool SOSAccountRemovePeersFromCircle(SOSAccount* account, CFArrayRef peers, NSData* parentEvent, CFErrorRef* error);
111 bool SOSAccountBail(SOSAccount* account, uint64_t limit_in_seconds, CFErrorRef* error);
112 bool SOSAccountAcceptApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error);
113 bool SOSAccountRejectApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error);
114
115 bool SOSValidateUserPublic(SOSAccount* account, CFErrorRef* error);
116
117 void SOSAccountForEachCirclePeerExceptMe(SOSAccount* account, void (^action)(SOSPeerInfoRef peer));
118
119 CFArrayRef SOSAccountCopyApplicants(SOSAccount* account, CFErrorRef *error);
120 CFArrayRef SOSAccountCopyGeneration(SOSAccount* account, CFErrorRef *error);
121 CFArrayRef SOSAccountCopyValidPeers(SOSAccount* account, CFErrorRef *error);
122 CFArrayRef SOSAccountCopyPeersToListenTo(SOSAccount* account, CFErrorRef *error);
123 CFArrayRef SOSAccountCopyNotValidPeers(SOSAccount* account, CFErrorRef *error);
124 CFArrayRef SOSAccountCopyRetired(SOSAccount* account, CFErrorRef *error);
125 CFArrayRef SOSAccountCopyViewUnaware(SOSAccount* account, CFErrorRef *error);
126 CFArrayRef SOSAccountCopyPeers(SOSAccount* account, CFErrorRef *error);
127 CFArrayRef SOSAccountCopyActivePeers(SOSAccount* account, CFErrorRef *error);
128 CFArrayRef CF_RETURNS_RETAINED SOSAccountCopyActiveValidPeers(SOSAccount* account, CFErrorRef *error);
129 CFArrayRef SOSAccountCopyConcurringPeers(SOSAccount* account, CFErrorRef *error);
130
131 bool SOSAccountIsAccountIdentity(SOSAccount* account, SOSPeerInfoRef peer_info, CFErrorRef *error);
132
133 enum DepartureReason SOSAccountGetLastDepartureReason(SOSAccount* account, CFErrorRef* error);
134
135 //
136 // MARK: iCloud Identity
137 //
138 bool SOSAccountRemoveIncompleteiCloudIdentities(SOSAccount* account, SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error);
139
140 //
141 // MARK: Change blocks
142 //
143 void SOSAccountAddChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock);
144 void SOSAccountRemoveChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock);
145
146
147 //
148 // MARK: Local device gestalt change.
149 //
150 CFDictionaryRef SOSAccountCopyGestalt(SOSAccount* account);
151
152 CFDictionaryRef SOSAccountCopyV2Dictionary(SOSAccount* account);
153
154 void SOSAccountPendDisableViewSet(SOSAccount* account, CFSetRef disabledViews);
155
156 void SOSAccountUpdateOutOfSyncViews(SOSAccountTransaction* aTxn, CFSetRef viewsInSync);
157 void SOSAccountPeerGotInSync(SOSAccountTransaction* aTxn, CFStringRef peerID, CFSetRef views);
158
159 bool SOSAccountHandleParametersChange(SOSAccount* account, CFDataRef updates, CFErrorRef *error);
160
161 //
162 // MARK: Requests for syncing later
163 //
164 bool SOSAccountRequestSyncWithAllPeers(SOSAccountTransaction* txn, CFErrorRef *error);
165 CF_RETURNS_RETAINED CFMutableSetRef SOSAccountSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peerIDs, CFErrorRef *error);
166 CFSetRef SOSAccountSyncWithPeersOverKVS(SOSAccountTransaction* txn, CFSetRef peers);
167 bool SOSAccountInflateTransports(SOSAccount* account, CFStringRef circleName, CFErrorRef *error);
168
169 void
170 SOSAccountTriggerSyncWithBackupPeer(CFStringRef peer);
171
172 //
173 // MARK: Outgoing/Sync functions
174 //
175
176 bool SOSAccountSyncWithKVSPeerWithMessage(SOSAccountTransaction* txn, CFStringRef peerid, CFDataRef message, CFErrorRef *error);
177
178 CF_RETURNS_RETAINED CFSetRef SOSAccountProcessSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peers, CFSetRef /* CFStringRef */ backupPeers, CFErrorRef *error);
179 CF_RETURNS_RETAINED CFSetRef SOSAccountCopyBackupPeersAndForceSync(SOSAccountTransaction* txn, CFErrorRef *error);
180
181 //
182 // MARK: Cleanup functions
183 //
184
185 bool SOSAccountScanForRetired(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error);
186 CF_RETURNS_RETAINED SOSCircleRef SOSAccountCloneCircleWithRetirement(SOSAccount* account, SOSCircleRef starting_circle, CFErrorRef *error);
187
188 //
189 // MARK: Backup functions
190 //
191
192 bool SOSAccountIsBackupRingEmpty(SOSAccount* account, CFStringRef viewName);
193 bool SOSAccountNewBKSBForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error);
194
195 void SOSAccountProcessBackupRings(SOSAccount* account, CFErrorRef *error);
196 bool SOSAccountValidateBackupRingForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error);
197 bool SOSAccountSetBackupPublicKey(SOSAccountTransaction* aTxn, CFDataRef backupKey, CFErrorRef *error);
198 bool SOSAccountRemoveBackupPublickey(SOSAccountTransaction* aTxn, CFErrorRef *error);
199 bool SOSAccountBackupUpdateBackupPublicKey(SOSAccount *account, CFDataRef backupKey);
200 bool SOSAccountSetBSKBagForAllSlices(SOSAccount* account, CFDataRef backupSlice, bool setupV0Only, CFErrorRef *error);
201
202 CF_RETURNS_RETAINED SOSBackupSliceKeyBagRef SOSAccountBackupSliceKeyBagForView(SOSAccount* account, CFStringRef viewName, CFErrorRef* error);
203
204 //
205 // MARK: Recovery Public Key Functions
206 //
207 bool SOSAccountRegisterRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
208 CFDataRef SOSAccountCopyRecoveryPublicKey(SOSAccountTransaction* txn, CFErrorRef *error);
209 bool SOSAccountClearRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
210
211
212 // Internal calls that sets or clears Recovery Keys for the Account Object Provided by Clients
213 bool SOSAccountSetRecoveryKey(SOSAccount* account, CFDataRef pubData, CFErrorRef *error);
214 bool SOSAccountRemoveRecoveryKey(SOSAccount* account, CFErrorRef *error);
215
216
217 CFDataRef SOSAccountCopyRecoveryPublic(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
218 bool SOSAccountRecoveryKeyIsInBackupAndCurrentInView(SOSAccount* account, CFStringRef viewname);
219 bool SOSAccountSetRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error);
220 SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
221 void SOSAccountEnsureRecoveryRing(SOSAccount* account);
222
223 //
224 // MARK: Private functions
225 //
226
227 dispatch_queue_t SOSAccountGetQueue(SOSAccount* account);
228
229 typedef bool (^SOSAccountSendBlock)(CFStringRef key, CFDataRef message, CFErrorRef *error);
230
231 //
232 // MARK: Utility functions
233 //
234
235 CFStringRef SOSInterestListCopyDescription(CFArrayRef interests);
236
237 //
238 // MARK: HSA2 Piggyback Support Functions
239 //
240 SOSPeerInfoRef SOSAccountCopyApplication(SOSAccount* account, CFErrorRef*);
241 CFDataRef SOSAccountCopyCircleJoiningBlob(SOSAccount* account, SOSPeerInfoRef applicant, CFErrorRef *error);
242 bool SOSAccountJoinWithCircleJoiningBlob(SOSAccount* account, CFDataRef joiningBlob, PiggyBackProtocolVersion version, CFErrorRef *error);
243 CFDataRef SOSAccountCopyInitialSyncData(SOSAccount* account, SOSInitialSyncFlags flags, CFErrorRef *error);
244
245 //
246 // MARK: Initial-Sync
247 //
248 CFMutableSetRef SOSAccountCopyUnsyncedInitialViews(SOSAccount* account);
249
250 //
251 // MARK: State Logging
252 //
253 void SOSAccountLogState(SOSAccount* account);
254 void SOSAccountLogViewState(SOSAccount* account);
255 void SOSAccountConsiderLoggingEngineState(SOSAccountTransaction* txn);
256
257 //
258 // MARK: Checking other peer views
259 //
260
261 CFBooleanRef SOSAccountPeersHaveViewsEnabled(SOSAccount* account, CFArrayRef viewNames, CFErrorRef *error);
262
263 void SOSAccountSetTestSerialNumber(SOSAccount* account, CFStringRef serial);
264 SOSViewResultCode SOSAccountVirtualV0Behavior(SOSAccount* account, SOSViewActionCode actionCode);
265
266
267 bool SOSAccountIsPeerRetired(SOSAccount* account, CFSetRef peers);
268 void SOSAccountNotifyOfChange(SOSAccount* account, SOSCircleRef oldCircle, SOSCircleRef newCircle);
269
270
271 //
272 // MARK: Syncing status functions
273 //
274 bool SOSAccountMessageFromPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
275 bool SOSAccountSendToPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
276
277 //
278 // MARK: OTR
279 //
280 void SOSAccountResetOTRNegotiationCoder(SOSAccount* account, CFStringRef peerid);
281 void SOSAccountTimerFiredSendNextMessage(SOSAccountTransaction* txn, NSString* peerid, NSString* accessGroup);
282
283 NSArray<NSDictionary *>* SOSAccountGetAllTLKs(void);
284 CF_RETURNS_RETAINED CFMutableArrayRef SOSAccountCopyiCloudIdentities(SOSAccount* account);
285
286 bool SOSAccountEvaluateKeysAndCircle(SOSAccountTransaction *txn, CFErrorRef *block_error);
287
288 __END_DECLS
289
290 #endif /* !_SOSACCOUNT_H_ */
mirror of Security