]> git.saurik.com Git - apple/security.git/blob - keychain/SecureObjectSync/SOSAccount.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.101.1.tar.gz
[apple/security.git] / keychain / SecureObjectSync / SOSAccount.h
1 /*
2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 /*!
26 @header SOSAccount.h
27 The functions provided in SOSCircle.h provide an interface to a
28 secure object syncing circle for a single class
29 */
30
31 #ifndef _SOSACCOUNT_H_
32 #define _SOSACCOUNT_H_
33
34 #include <CoreFoundation/CoreFoundation.h>
35 #include <Foundation/Foundation.h>
36 #include "keychain/SecureObjectSync/SOSAccountPriv.h"
37 #include "keychain/SecureObjectSync/SOSCircle.h"
38 #include "keychain/SecureObjectSync/SOSFullPeerInfo.h"
39 #include <Security/SecureObjectSync/SOSCloudCircle.h>
40 #include <Security/SecureObjectSync/SOSCloudCircleInternal.h>
41 #include "keychain/SecureObjectSync/SOSTransportCircle.h"
42 #include "keychain/SecureObjectSync/SOSRing.h"
43 #include "keychain/SecureObjectSync/SOSRecoveryKeyBag.h"
44 #import "keychain/SecureObjectSync/SOSAccountTransaction.h"
45 #include <dispatch/dispatch.h>
46
47 @class SOSAccount;
48
49 __BEGIN_DECLS
50
51 #define RETIREMENT_FINALIZATION_SECONDS (24*60*60)
52
53 typedef void (^SOSAccountCircleMembershipChangeBlock)(SOSAccount* account,
54 SOSCircleRef new_circle,
55 CFSetRef added_peers, CFSetRef removed_peers,
56 CFSetRef added_applicants, CFSetRef removed_applicants);
57
58 CFTypeID SOSAccountGetTypeID(void);
59
60 SOSAccount* SOSAccountCreate(CFAllocatorRef allocator,
61 CFDictionaryRef gestalt,
62 SOSDataSourceFactoryRef factory);
63
64 //
65 // MARK: Credential management
66 //
67
68 SecKeyRef SOSAccountGetTrustedPublicCredential(SOSAccount* account, CFErrorRef* error);
69
70 SecKeyRef SOSAccountGetPrivateCredential(SOSAccount* account, CFErrorRef* error);
71 CFDataRef SOSAccountGetCachedPassword(SOSAccount* account, CFErrorRef* error);
72 void SOSAccountStashAccountKey(SOSAccount* account);
73 SecKeyRef SOSAccountCopyStashedUserPrivateKey(SOSAccount* account, CFErrorRef *error);
74
75 void SOSAccountSetParameters(SOSAccount* account, CFDataRef parameters);
76
77 void SOSAccountPurgePrivateCredential(SOSAccount* account);
78
79 void SOSAccountRestartPrivateCredentialTimer(SOSAccount* account);
80
81 bool SOSAccountTryUserCredentials(SOSAccount* account,
82 CFStringRef user_account, CFDataRef user_password,
83 CFErrorRef *error);
84
85 bool SOSAccountTryUserPrivateKey(SOSAccount* account, SecKeyRef user_private, CFErrorRef *error);
86
87 bool SOSAccountValidateAccountCredential(SOSAccount* account, SecKeyRef accountPrivateKey, CFErrorRef *error);
88 bool SOSAccountAssertStashedAccountCredential(SOSAccount* account, CFErrorRef *error);
89 bool SOSAccountAssertUserCredentials(SOSAccount* account,
90 CFStringRef user_account, CFDataRef user_password,
91 CFErrorRef *error);
92
93 bool SOSAccountRetryUserCredentials(SOSAccount* account);
94 void SOSAccountSetUnTrustedUserPublicKey(SOSAccount* account, SecKeyRef publicKey);
95
96 bool SOSAccountGenerationSignatureUpdate(SOSAccount* account, CFErrorRef *error);
97
98 //
99 // MARK: Circle management
100 //
101
102 bool SOSAccountUpdateCircle(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error);
103 void SOSTransportEachMessage(SOSAccount* account, CFDictionaryRef updates, CFErrorRef *error);
104
105
106 CFStringRef SOSAccountGetSOSCCStatusString(SOSCCStatus status);
107 SOSCCStatus SOSAccountGetSOSCCStatusFromString(CFStringRef status);
108 bool SOSAccountJoinCircles(SOSAccountTransaction* aTxn, CFErrorRef* error);
109 bool SOSAccountJoinCirclesWithAnalytics(SOSAccountTransaction* aTxn, NSData* parentEvent, CFErrorRef* error);
110 bool SOSAccountJoinCirclesAfterRestore(SOSAccountTransaction* aTxn, CFErrorRef* error);
111 bool SOSAccountJoinCirclesAfterRestoreWithAnalytics(SOSAccountTransaction* aTxn, NSData* parentEvent, CFErrorRef* error);
112 bool SOSAccountRemovePeersFromCircle(SOSAccount* account, CFArrayRef peers, CFErrorRef* error);
113 bool SOSAccountRemovePeersFromCircleWithAnalytics(SOSAccount* account, CFArrayRef peers, NSData* parentEvent, CFErrorRef* error);
114 bool SOSAccountBail(SOSAccount* account, uint64_t limit_in_seconds, CFErrorRef* error);
115 bool SOSAccountAcceptApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error);
116 bool SOSAccountRejectApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error);
117
118 bool SOSValidateUserPublic(SOSAccount* account, CFErrorRef* error);
119
120 void SOSAccountForEachCirclePeerExceptMe(SOSAccount* account, void (^action)(SOSPeerInfoRef peer));
121
122 CFArrayRef SOSAccountCopyApplicants(SOSAccount* account, CFErrorRef *error);
123 CFArrayRef SOSAccountCopyGeneration(SOSAccount* account, CFErrorRef *error);
124 CFArrayRef SOSAccountCopyValidPeers(SOSAccount* account, CFErrorRef *error);
125 CFArrayRef SOSAccountCopyPeersToListenTo(SOSAccount* account, CFErrorRef *error);
126 CFArrayRef SOSAccountCopyNotValidPeers(SOSAccount* account, CFErrorRef *error);
127 CFArrayRef SOSAccountCopyRetired(SOSAccount* account, CFErrorRef *error);
128 CFArrayRef SOSAccountCopyViewUnaware(SOSAccount* account, CFErrorRef *error);
129 CFArrayRef SOSAccountCopyPeers(SOSAccount* account, CFErrorRef *error);
130 CFArrayRef SOSAccountCopyActivePeers(SOSAccount* account, CFErrorRef *error);
131 CFArrayRef CF_RETURNS_RETAINED SOSAccountCopyActiveValidPeers(SOSAccount* account, CFErrorRef *error);
132 CFArrayRef SOSAccountCopyConcurringPeers(SOSAccount* account, CFErrorRef *error);
133
134 bool SOSAccountIsAccountIdentity(SOSAccount* account, SOSPeerInfoRef peer_info, CFErrorRef *error);
135
136 enum DepartureReason SOSAccountGetLastDepartureReason(SOSAccount* account, CFErrorRef* error);
137
138 //
139 // MARK: iCloud Identity
140 //
141 bool SOSAccountRemoveIncompleteiCloudIdentities(SOSAccount* account, SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error);
142
143 //
144 // MARK: Change blocks
145 //
146 void SOSAccountAddChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock);
147 void SOSAccountRemoveChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock);
148
149
150 //
151 // MARK: Local device gestalt change.
152 //
153 CFDictionaryRef SOSAccountCopyGestalt(SOSAccount* account);
154
155 CFDictionaryRef SOSAccountCopyV2Dictionary(SOSAccount* account);
156
157 void SOSAccountPendDisableViewSet(SOSAccount* account, CFSetRef disabledViews);
158
159 void SOSAccountUpdateOutOfSyncViews(SOSAccountTransaction* aTxn, CFSetRef viewsInSync);
160 void SOSAccountPeerGotInSync(SOSAccountTransaction* aTxn, CFStringRef peerID, CFSetRef views);
161
162 bool SOSAccountHandleParametersChange(SOSAccount* account, CFDataRef updates, CFErrorRef *error);
163
164 //
165 // MARK: Requests for syncing later
166 //
167 bool SOSAccountRequestSyncWithAllPeers(SOSAccountTransaction* txn, CFErrorRef *error);
168 CF_RETURNS_RETAINED CFMutableSetRef SOSAccountSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peerIDs, CFErrorRef *error);
169 CFSetRef SOSAccountSyncWithPeersOverKVS(SOSAccountTransaction* txn, CFSetRef peers);
170 bool SOSAccountInflateTransports(SOSAccount* account, CFStringRef circleName, CFErrorRef *error);
171
172 void
173 SOSAccountTriggerSyncWithBackupPeer(CFStringRef peer);
174
175 //
176 // MARK: Outgoing/Sync functions
177 //
178
179 bool SOSAccountSyncWithKVSPeerWithMessage(SOSAccountTransaction* txn, CFStringRef peerid, CFDataRef message, CFErrorRef *error);
180
181 CF_RETURNS_RETAINED CFSetRef SOSAccountProcessSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peers, CFSetRef /* CFStringRef */ backupPeers, CFErrorRef *error);
182 CF_RETURNS_RETAINED CFSetRef SOSAccountCopyBackupPeersAndForceSync(SOSAccountTransaction* txn, CFErrorRef *error);
183
184 //
185 // MARK: Cleanup functions
186 //
187
188 bool SOSAccountScanForRetired(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error);
189 CF_RETURNS_RETAINED SOSCircleRef SOSAccountCloneCircleWithRetirement(SOSAccount* account, SOSCircleRef starting_circle, CFErrorRef *error);
190
191 //
192 // MARK: Backup functions
193 //
194
195 bool SOSAccountIsBackupRingEmpty(SOSAccount* account, CFStringRef viewName);
196 bool SOSAccountNewBKSBForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error);
197
198 void SOSAccountProcessBackupRings(SOSAccount* account, CFErrorRef *error);
199 bool SOSAccountValidateBackupRingForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error);
200 bool SOSAccountSetBackupPublicKey(SOSAccountTransaction* aTxn, CFDataRef backupKey, CFErrorRef *error);
201 bool SOSAccountRemoveBackupPublickey(SOSAccountTransaction* aTxn, CFErrorRef *error);
202 bool SOSAccountBackupUpdateBackupPublicKey(SOSAccount *account, CFDataRef backupKey);
203 bool SOSAccountSetBSKBagForAllSlices(SOSAccount* account, CFDataRef backupSlice, bool setupV0Only, CFErrorRef *error);
204
205 CF_RETURNS_RETAINED SOSBackupSliceKeyBagRef SOSAccountBackupSliceKeyBagForView(SOSAccount* account, CFStringRef viewName, CFErrorRef* error);
206
207 //
208 // MARK: Recovery Public Key Functions
209 //
210 bool SOSAccountRegisterRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
211 CFDataRef SOSAccountCopyRecoveryPublicKey(SOSAccountTransaction* txn, CFErrorRef *error);
212 bool SOSAccountClearRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
213
214
215 // Internal calls that sets or clears Recovery Keys for the Account Object Provided by Clients
216 bool SOSAccountSetRecoveryKey(SOSAccount* account, CFDataRef pubData, CFErrorRef *error);
217 bool SOSAccountRemoveRecoveryKey(SOSAccount* account, CFErrorRef *error);
218
219
220 CFDataRef SOSAccountCopyRecoveryPublic(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
221 bool SOSAccountRecoveryKeyIsInBackupAndCurrentInView(SOSAccount* account, CFStringRef viewname);
222 bool SOSAccountSetRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error);
223 SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
224 void SOSAccountEnsureRecoveryRing(SOSAccount* account);
225
226 //
227 // MARK: Private functions
228 //
229
230 dispatch_queue_t SOSAccountGetQueue(SOSAccount* account);
231
232 typedef bool (^SOSAccountSendBlock)(CFStringRef key, CFDataRef message, CFErrorRef *error);
233
234 //
235 // MARK: Utility functions
236 //
237
238 CFStringRef SOSInterestListCopyDescription(CFArrayRef interests);
239
240 //
241 // MARK: HSA2 Piggyback Support Functions
242 //
243 SOSPeerInfoRef SOSAccountCopyApplication(SOSAccount* account, CFErrorRef*);
244 CFDataRef SOSAccountCopyCircleJoiningBlob(SOSAccount* account, SOSPeerInfoRef applicant, CFErrorRef *error);
245 bool SOSAccountJoinWithCircleJoiningBlob(SOSAccount* account, CFDataRef joiningBlob, PiggyBackProtocolVersion version, CFErrorRef *error);
246 CFDataRef SOSAccountCopyInitialSyncData(SOSAccount* account, SOSInitialSyncFlags flags, CFErrorRef *error);
247
248 //
249 // MARK: Initial-Sync
250 //
251 CFMutableSetRef SOSAccountCopyUnsyncedInitialViews(SOSAccount* account);
252
253 //
254 // MARK: State Logging
255 //
256 void SOSAccountLogState(SOSAccount* account);
257 void SOSAccountLogViewState(SOSAccount* account);
258 void SOSAccountConsiderLoggingEngineState(SOSAccountTransaction* txn);
259
260 //
261 // MARK: Checking other peer views
262 //
263
264 CFBooleanRef SOSAccountPeersHaveViewsEnabled(SOSAccount* account, CFArrayRef viewNames, CFErrorRef *error);
265
266 void SOSAccountSetTestSerialNumber(SOSAccount* account, CFStringRef serial);
267 SOSViewResultCode SOSAccountVirtualV0Behavior(SOSAccount* account, SOSViewActionCode actionCode);
268
269
270 bool SOSAccountIsPeerRetired(SOSAccount* account, CFSetRef peers);
271 void SOSAccountNotifyOfChange(SOSAccount* account, SOSCircleRef oldCircle, SOSCircleRef newCircle);
272
273
274 //
275 // MARK: Syncing status functions
276 //
277 bool SOSAccountMessageFromPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
278 bool SOSAccountSendToPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
279
280 //
281 // MARK: OTR
282 //
283 void SOSAccountResetOTRNegotiationCoder(SOSAccount* account, CFStringRef peerid);
284 void SOSAccountTimerFiredSendNextMessage(SOSAccountTransaction* txn, NSString* peerid, NSString* accessGroup);
285
286 NSArray<NSDictionary *>* SOSAccountGetAllTLKs(void);
287 CF_RETURNS_RETAINED CFMutableArrayRef SOSAccountCopyiCloudIdentities(SOSAccount* account);
288
289 __END_DECLS
290
291 #endif /* !_SOSACCOUNT_H_ */
mirror of Security