]> git.saurik.com Git - apple/security.git/blob - keychain/SecureObjectSync/SOSAccount.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.60.13.tar.gz
[apple/security.git] / keychain / SecureObjectSync / SOSAccount.h
1 /*
2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 /*!
26 @header SOSAccount.h
27 The functions provided in SOSCircle.h provide an interface to a
28 secure object syncing circle for a single class
29 */
30
31 #ifndef _SOSACCOUNT_H_
32 #define _SOSACCOUNT_H_
33
34 #include <CoreFoundation/CoreFoundation.h>
35 #include <Foundation/Foundation.h>
36 #include "keychain/SecureObjectSync/SOSAccountPriv.h"
37 #include "keychain/SecureObjectSync/SOSCircle.h"
38 #include "keychain/SecureObjectSync/SOSFullPeerInfo.h"
39 #include <Security/SecureObjectSync/SOSCloudCircle.h>
40 #include <Security/SecureObjectSync/SOSCloudCircleInternal.h>
41 #include "keychain/SecureObjectSync/SOSTransportCircle.h"
42 #include "keychain/SecureObjectSync/SOSRing.h"
43 #include "keychain/SecureObjectSync/SOSRecoveryKeyBag.h"
44 #import "keychain/SecureObjectSync/SOSAccountTransaction.h"
45 #include <dispatch/dispatch.h>
46
47 extern NSString* const kSOSIdentityStatusCompleteIdentity;
48 extern NSString* const kSOSIdentityStatusKeyOnly;
49 extern NSString* const kSOSIdentityStatusPeerOnly;
50
51 @class SOSAccount;
52
53 __BEGIN_DECLS
54
55 #define RETIREMENT_FINALIZATION_SECONDS (24*60*60)
56
57 typedef void (^SOSAccountCircleMembershipChangeBlock)(SOSAccount* account,
58 SOSCircleRef new_circle,
59 CFSetRef added_peers, CFSetRef removed_peers,
60 CFSetRef added_applicants, CFSetRef removed_applicants);
61
62 CFTypeID SOSAccountGetTypeID(void);
63
64 SOSAccount* SOSAccountCreate(CFAllocatorRef allocator,
65 CFDictionaryRef gestalt,
66 SOSDataSourceFactoryRef factory);
67
68 //
69 // MARK: Credential management
70 //
71
72 SecKeyRef SOSAccountGetTrustedPublicCredential(SOSAccount* account, CFErrorRef* error);
73
74 SecKeyRef SOSAccountGetPrivateCredential(SOSAccount* account, CFErrorRef* error);
75 CFDataRef SOSAccountGetCachedPassword(SOSAccount* account, CFErrorRef* error);
76 void SOSAccountStashAccountKey(SOSAccount* account);
77 SecKeyRef SOSAccountCopyStashedUserPrivateKey(SOSAccount* account, CFErrorRef *error);
78
79 void SOSAccountSetParameters(SOSAccount* account, CFDataRef parameters);
80
81 void SOSAccountPurgePrivateCredential(SOSAccount* account);
82
83 void SOSAccountRestartPrivateCredentialTimer(SOSAccount* account);
84
85 bool SOSAccountTryUserCredentials(SOSAccount* account,
86 CFStringRef user_account, CFDataRef user_password,
87 CFErrorRef *error);
88
89 bool SOSAccountTryUserPrivateKey(SOSAccount* account, SecKeyRef user_private, CFErrorRef *error);
90
91 bool SOSAccountValidateAccountCredential(SOSAccount* account, SecKeyRef accountPrivateKey, CFErrorRef *error);
92 bool SOSAccountAssertStashedAccountCredential(SOSAccount* account, CFErrorRef *error);
93 bool SOSAccountAssertUserCredentials(SOSAccount* account,
94 CFStringRef user_account, CFDataRef user_password,
95 CFErrorRef *error);
96
97 bool SOSAccountRetryUserCredentials(SOSAccount* account);
98 void SOSAccountSetUnTrustedUserPublicKey(SOSAccount* account, SecKeyRef publicKey);
99
100 bool SOSAccountGenerationSignatureUpdate(SOSAccount* account, CFErrorRef *error);
101
102 //
103 // MARK: Circle management
104 //
105
106 bool SOSAccountUpdateCircle(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error);
107 void SOSTransportEachMessage(SOSAccount* account, CFDictionaryRef updates, CFErrorRef *error);
108
109
110 CFStringRef SOSAccountGetSOSCCStatusString(SOSCCStatus status);
111 SOSCCStatus SOSAccountGetSOSCCStatusFromString(CFStringRef status);
112 bool SOSAccountJoinCircles(SOSAccountTransaction* aTxn, CFErrorRef* error);
113 bool SOSAccountJoinCirclesAfterRestore(SOSAccountTransaction* aTxn, CFErrorRef* error);
114 bool SOSAccountRemovePeersFromCircle(SOSAccount* account, CFArrayRef peers, CFErrorRef* error);
115 bool SOSAccountBail(SOSAccount* account, uint64_t limit_in_seconds, CFErrorRef* error);
116 bool SOSAccountAcceptApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error);
117 bool SOSAccountRejectApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error);
118
119 bool SOSValidateUserPublic(SOSAccount* account, CFErrorRef* error);
120
121 void SOSAccountForEachCirclePeerExceptMe(SOSAccount* account, void (^action)(SOSPeerInfoRef peer));
122
123 CFArrayRef SOSAccountCopyApplicants(SOSAccount* account, CFErrorRef *error);
124 CFArrayRef SOSAccountCopyGeneration(SOSAccount* account, CFErrorRef *error);
125 CFArrayRef SOSAccountCopyValidPeers(SOSAccount* account, CFErrorRef *error);
126 CFArrayRef SOSAccountCopyPeersToListenTo(SOSAccount* account, CFErrorRef *error);
127 CFArrayRef SOSAccountCopyNotValidPeers(SOSAccount* account, CFErrorRef *error);
128 CFArrayRef SOSAccountCopyRetired(SOSAccount* account, CFErrorRef *error);
129 CFArrayRef SOSAccountCopyViewUnaware(SOSAccount* account, CFErrorRef *error);
130 CFArrayRef SOSAccountCopyPeers(SOSAccount* account, CFErrorRef *error);
131 CFArrayRef SOSAccountCopyActivePeers(SOSAccount* account, CFErrorRef *error);
132 CFArrayRef CF_RETURNS_RETAINED SOSAccountCopyActiveValidPeers(SOSAccount* account, CFErrorRef *error);
133 CFArrayRef SOSAccountCopyConcurringPeers(SOSAccount* account, CFErrorRef *error);
134
135 bool SOSAccountIsAccountIdentity(SOSAccount* account, SOSPeerInfoRef peer_info, CFErrorRef *error);
136
137 enum DepartureReason SOSAccountGetLastDepartureReason(SOSAccount* account, CFErrorRef* error);
138
139 //
140 // MARK: iCloud Identity
141 //
142 bool SOSAccountRemoveIncompleteiCloudIdentities(SOSAccount* account, SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error);
143
144 //
145 // MARK: Change blocks
146 //
147 void SOSAccountAddChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock);
148 void SOSAccountRemoveChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock);
149
150
151 //
152 // MARK: Local device gestalt change.
153 //
154 CFDictionaryRef SOSAccountCopyGestalt(SOSAccount* account);
155
156 CFDictionaryRef SOSAccountCopyV2Dictionary(SOSAccount* account);
157
158 void SOSAccountPendDisableViewSet(SOSAccount* account, CFSetRef disabledViews);
159
160 void SOSAccountUpdateOutOfSyncViews(SOSAccountTransaction* aTxn, CFSetRef viewsInSync);
161 void SOSAccountPeerGotInSync(SOSAccountTransaction* aTxn, CFStringRef peerID, CFSetRef views);
162
163 bool SOSAccountHandleParametersChange(SOSAccount* account, CFDataRef updates, CFErrorRef *error);
164
165 //
166 // MARK: Local device key access from account object - can call without lock without endangering peerinfo.
167 //
168 SecKeyRef SOSAccountCopyDevicePrivateKey(SOSAccount* account, CFErrorRef *error);
169 SecKeyRef SOSAccountCopyDevicePublicKey(SOSAccount* account, CFErrorRef *error);
170
171 //
172 // MARK: Requests for syncing later
173 //
174 bool SOSAccountRequestSyncWithAllPeers(SOSAccountTransaction* txn, CFErrorRef *error);
175 CF_RETURNS_RETAINED CFMutableSetRef SOSAccountSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peerIDs, CFErrorRef *error);
176 CFSetRef SOSAccountSyncWithPeersOverKVS(SOSAccountTransaction* txn, CFSetRef peers);
177 bool SOSAccountInflateTransports(SOSAccount* account, CFStringRef circleName, CFErrorRef *error);
178
179 void
180 SOSAccountTriggerSyncWithBackupPeer(CFStringRef peer);
181
182 //
183 // MARK: Outgoing/Sync functions
184 //
185
186 bool SOSAccountSyncWithKVSPeerWithMessage(SOSAccountTransaction* txn, CFStringRef peerid, CFDataRef message, CFErrorRef *error);
187
188 CF_RETURNS_RETAINED CFSetRef SOSAccountProcessSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peers, CFSetRef /* CFStringRef */ backupPeers, CFErrorRef *error);
189 CF_RETURNS_RETAINED CFSetRef SOSAccountCopyBackupPeersAndForceSync(SOSAccountTransaction* txn, CFErrorRef *error);
190
191 //
192 // MARK: Cleanup functions
193 //
194
195 bool SOSAccountScanForRetired(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error);
196 CF_RETURNS_RETAINED SOSCircleRef SOSAccountCloneCircleWithRetirement(SOSAccount* account, SOSCircleRef starting_circle, CFErrorRef *error);
197
198 //
199 // MARK: Backup functions
200 //
201
202 bool SOSAccountIsBackupRingEmpty(SOSAccount* account, CFStringRef viewName);
203 bool SOSAccountNewBKSBForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error);
204
205 void SOSAccountProcessBackupRings(SOSAccount* account);
206 bool SOSAccountValidateBackupRingForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error);
207 bool SOSAccountSetBackupPublicKey(SOSAccountTransaction* aTxn, CFDataRef backupKey, CFErrorRef *error);
208 bool SOSAccountRemoveBackupPublickey(SOSAccountTransaction* aTxn, CFErrorRef *error);
209 bool SOSAccountBackupUpdateBackupPublicKey(SOSAccount *account, CFDataRef backupKey);
210 bool SOSAccountSetBSKBagForAllSlices(SOSAccount* account, CFDataRef backupSlice, bool setupV0Only, CFErrorRef *error);
211
212 CF_RETURNS_RETAINED SOSBackupSliceKeyBagRef SOSAccountBackupSliceKeyBagForView(SOSAccount* account, CFStringRef viewName, CFErrorRef* error);
213
214 //
215 // MARK: Recovery Public Key Functions
216 //
217 bool SOSAccountRegisterRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
218 CFDataRef SOSAccountCopyRecoveryPublicKey(SOSAccountTransaction* txn, CFErrorRef *error);
219 bool SOSAccountClearRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
220
221
222 // Internal calls that sets or clears Recovery Keys for the Account Object Provided by Clients
223 bool SOSAccountSetRecoveryKey(SOSAccount* account, CFDataRef pubData, CFErrorRef *error);
224 bool SOSAccountRemoveRecoveryKey(SOSAccount* account, CFErrorRef *error);
225
226
227 CFDataRef SOSAccountCopyRecoveryPublic(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
228 bool SOSAccountRecoveryKeyIsInBackupAndCurrentInView(SOSAccount* account, CFStringRef viewname);
229 bool SOSAccountSetRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error);
230 SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
231 void SOSAccountEnsureRecoveryRing(SOSAccount* account);
232
233 //
234 // MARK: Private functions
235 //
236
237 dispatch_queue_t SOSAccountGetQueue(SOSAccount* account);
238
239 typedef bool (^SOSAccountSendBlock)(CFStringRef key, CFDataRef message, CFErrorRef *error);
240
241 //
242 // MARK: Utility functions
243 //
244
245 CFStringRef SOSInterestListCopyDescription(CFArrayRef interests);
246
247 //
248 // MARK: HSA2 Piggyback Support Functions
249 //
250 SOSPeerInfoRef SOSAccountCopyApplication(SOSAccount* account, CFErrorRef*);
251 CFDataRef SOSAccountCopyCircleJoiningBlob(SOSAccount* account, SOSPeerInfoRef applicant, CFErrorRef *error);
252 bool SOSAccountJoinWithCircleJoiningBlob(SOSAccount* account, CFDataRef joiningBlob, PiggyBackProtocolVersion version, CFErrorRef *error);
253 CFDataRef SOSAccountCopyInitialSyncData(SOSAccount* account, SOSInitialSyncFlags flags, CFErrorRef *error);
254
255 //
256 // MARK: Initial-Sync
257 //
258 CFMutableSetRef SOSAccountCopyUnsyncedInitialViews(SOSAccount* account);
259
260 //
261 // MARK: State Logging
262 //
263 void SOSAccountLogState(SOSAccount* account);
264 void SOSAccountLogViewState(SOSAccount* account);
265 void SOSAccountConsiderLoggingEngineState(SOSAccountTransaction* txn);
266
267 //
268 // MARK: Checking other peer views
269 //
270
271 CFBooleanRef SOSAccountPeersHaveViewsEnabled(SOSAccount* account, CFArrayRef viewNames, CFErrorRef *error);
272
273 void SOSAccountSetTestSerialNumber(SOSAccount* account, CFStringRef serial);
274 SOSViewResultCode SOSAccountVirtualV0Behavior(SOSAccount* account, SOSViewActionCode actionCode);
275
276
277 bool SOSAccountIsPeerRetired(SOSAccount* account, CFSetRef peers);
278 void SOSAccountNotifyOfChange(SOSAccount* account, SOSCircleRef oldCircle, SOSCircleRef newCircle);
279
280
281 //
282 // MARK: Syncing status functions
283 //
284 bool SOSAccountMessageFromPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
285 bool SOSAccountSendToPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
286
287 //
288 // MARK: OTR
289 //
290 void SOSAccountResetOTRNegotiationCoder(SOSAccount* account, CFStringRef peerid);
291 void SOSAccountTimerFiredSendNextMessage(SOSAccountTransaction* txn, NSString* peerid, NSString* accessGroup);
292
293 NSArray<NSDictionary *>* SOSAccountGetAllTLKs(void);
294 NSArray<NSDictionary *>* SOSAccountGetSelectedTLKs(void);
295
296 CF_RETURNS_RETAINED CFMutableArrayRef SOSAccountCopyiCloudIdentities(SOSAccount* account);
297
298 bool SOSAccountEvaluateKeysAndCircle(SOSAccountTransaction *txn, CFErrorRef *block_error);
299
300 __END_DECLS
301
302 #endif /* !_SOSACCOUNT_H_ */
mirror of Security