]> git.saurik.com Git - apple/security.git/blob - OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPriv.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57337.20.44.tar.gz
[apple/security.git] / OSX / sec / SOSCircle / SecureObjectSync / SOSAccountPriv.h
1 //
2 // SOSAccountPriv.h
3 // sec
4 //
5
6 #ifndef sec_SOSAccountPriv_h
7 #define sec_SOSAccountPriv_h
8
9 #include "SOSAccount.h"
10
11 #include <CoreFoundation/CoreFoundation.h>
12 #include <CoreFoundation/CFRuntime.h>
13 #include <utilities/SecCFWrappers.h>
14 #include <utilities/SecCFError.h>
15 #include <utilities/SecAKSWrappers.h>
16
17
18 #include <Security/SecKeyPriv.h>
19
20 #include <utilities/der_plist.h>
21 #include <utilities/der_plist_internal.h>
22 #include <corecrypto/ccder.h>
23
24 #include <AssertMacros.h>
25 #include <assert.h>
26
27 #import <notify.h>
28
29 #include <Security/SecureObjectSync/SOSInternal.h>
30 #include <Security/SecureObjectSync/SOSCircle.h>
31 #include <Security/SecureObjectSync/SOSCircleV2.h>
32 #include <Security/SecureObjectSync/SOSRing.h>
33 #include <Security/SecureObjectSync/SOSRingUtils.h>
34 #include <Security/SecureObjectSync/SOSCloudCircle.h>
35 #include <securityd/SOSCloudCircleServer.h>
36 #include <Security/SecureObjectSync/SOSEngine.h>
37 #include <Security/SecureObjectSync/SOSPeer.h>
38 #include <Security/SecureObjectSync/SOSFullPeerInfo.h>
39 #include <Security/SecureObjectSync/SOSPeerInfo.h>
40 #include <Security/SecureObjectSync/SOSPeerInfoInternal.h>
41 #include <Security/SecureObjectSync/SOSUserKeygen.h>
42 #include <utilities/iCloudKeychainTrace.h>
43
44 #include <Security/SecItemPriv.h>
45
46
47 struct __OpaqueSOSAccount {
48 CFRuntimeBase _base;
49
50 CFDictionaryRef gestalt;
51
52 CFDataRef backup_key;
53
54 SOSFullPeerInfoRef my_identity;
55 SOSCircleRef trusted_circle;
56
57 CFMutableDictionaryRef trusted_rings;
58 CFMutableDictionaryRef backups;
59
60 CFMutableSetRef retirees;
61
62 bool user_public_trusted;
63 CFDataRef user_key_parameters;
64 SecKeyRef user_public;
65 SecKeyRef previous_public;
66 enum DepartureReason departure_code;
67 CFMutableDictionaryRef expansion; // All CFTypes and Keys
68
69 // Non-persistent data
70 dispatch_queue_t queue;
71 CFMutableDictionaryRef notification_cleanups;
72
73 SOSDataSourceFactoryRef factory;
74 SecKeyRef _user_private;
75 CFDataRef _password_tmp;
76
77 dispatch_source_t user_private_timer;
78 int lock_notification_token;
79
80 SOSTransportKeyParameterRef key_transport;
81 SOSTransportCircleRef circle_transport;
82 SOSTransportMessageRef kvs_message_transport;
83 SOSTransportMessageRef ids_message_transport;
84
85 //indicates if changes in circle, rings, or retirements need to be pushed
86 bool circle_rings_retirements_need_attention;
87
88 // Live Notification
89 CFMutableArrayRef change_blocks;
90 };
91 extern const CFStringRef kSOSEscrowRecord;
92
93 SOSAccountRef SOSAccountCreateBasic(CFAllocatorRef allocator,
94 CFDictionaryRef gestalt,
95 SOSDataSourceFactoryRef factory);
96
97 bool SOSAccountEnsureFactoryCircles(SOSAccountRef a);
98
99 void SOSAccountSetToNew(SOSAccountRef a);
100
101 bool SOSAccountIsMyPeerActive(SOSAccountRef account, CFErrorRef* error);
102
103 SOSTransportMessageRef SOSAccountGetMessageTransportFor(SOSAccountRef account, SOSPeerInfoRef peerInfo);
104
105 // MARK: In Sync checking
106
107 void SOSAccountEnsureSyncChecking(SOSAccountRef account);
108 void SOSAccountCancelSyncChecking(SOSAccountRef account);
109 bool SOSAccountCheckHasBeenInSync(SOSAccountRef account);
110
111 void SOSAccountCleanupNotificationForAllPeers(SOSAccountRef account);
112
113
114 // MARK: DER Stuff
115
116
117 size_t der_sizeof_data_or_null(CFDataRef data, CFErrorRef* error);
118
119 uint8_t* der_encode_data_or_null(CFDataRef data, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
120
121 const uint8_t* der_decode_data_or_null(CFAllocatorRef allocator, CFDataRef* data,
122 CFErrorRef* error,
123 const uint8_t* der, const uint8_t* der_end);
124
125 size_t der_sizeof_fullpeer_or_null(SOSFullPeerInfoRef data, CFErrorRef* error);
126
127 uint8_t* der_encode_fullpeer_or_null(SOSFullPeerInfoRef data, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
128
129 const uint8_t* der_decode_fullpeer_or_null(CFAllocatorRef allocator, SOSFullPeerInfoRef* data,
130 CFErrorRef* error,
131 const uint8_t* der, const uint8_t* der_end);
132
133
134 size_t der_sizeof_public_bytes(SecKeyRef publicKey, CFErrorRef* error);
135
136 uint8_t* der_encode_public_bytes(SecKeyRef publicKey, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
137
138 const uint8_t* der_decode_public_bytes(CFAllocatorRef allocator, CFIndex algorithmID, SecKeyRef* publicKey, CFErrorRef* error, const uint8_t* der, const uint8_t* der_end);
139
140
141 // Persistence
142
143 SOSAccountRef SOSAccountCreateFromDER(CFAllocatorRef allocator,
144 SOSDataSourceFactoryRef factory,
145 CFErrorRef* error,
146 const uint8_t** der_p, const uint8_t *der_end);
147
148 SOSAccountRef SOSAccountCreateFromData(CFAllocatorRef allocator, CFDataRef circleData,
149 SOSDataSourceFactoryRef factory,
150 CFErrorRef* error);
151
152 size_t SOSAccountGetDEREncodedSize(SOSAccountRef account, CFErrorRef *error);
153
154 uint8_t* SOSAccountEncodeToDER(SOSAccountRef account, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
155
156 CFDataRef SOSAccountCopyEncodedData(SOSAccountRef account, CFAllocatorRef allocator, CFErrorRef *error);
157
158 // Update
159
160 bool SOSAccountHandleCircleMessage(SOSAccountRef account,
161 CFStringRef circleName, CFDataRef encodedCircleMessage, CFErrorRef *error);
162
163 CF_RETURNS_RETAINED
164 CFDictionaryRef SOSAccountHandleRetirementMessages(SOSAccountRef account, CFDictionaryRef circle_retirement_messages, CFErrorRef *error);
165
166
167 bool SOSAccountHandleUpdateCircle(SOSAccountRef account,
168 SOSCircleRef prospective_circle,
169 bool writeUpdate,
170 CFErrorRef *error);
171
172 void SOSAccountNotifyEngines(SOSAccountRef account);
173
174 bool SOSAccountSyncingV0(SOSAccountRef account);
175
176 // My Peer
177 bool SOSAccountHasFullPeerInfo(SOSAccountRef account, CFErrorRef* error);
178 SOSPeerInfoRef SOSAccountGetMyPeerInfo(SOSAccountRef account);
179 SOSFullPeerInfoRef SOSAccountGetMyFullPeerInfo(SOSAccountRef account);
180 CFStringRef SOSAccountGetMyPeerID(SOSAccountRef a);
181 bool SOSAccountIsMyPeerInBackupAndCurrentInView(SOSAccountRef account, CFStringRef viewname);
182 bool SOSAccountUpdateOurPeerInBackup(SOSAccountRef account, SOSRingRef oldRing, CFErrorRef *error);
183 bool SOSAccountIsPeerInBackupAndCurrentInView(SOSAccountRef account, SOSPeerInfoRef testPeer, CFStringRef viewname);
184
185 // Currently permitted backup rings.
186 void SOSAccountForEachBackupRingName(SOSAccountRef account, void (^operation)(CFStringRef value));
187
188 // My Circle
189 bool SOSAccountHasCircle(SOSAccountRef account, CFErrorRef* error);
190 SOSCircleRef SOSAccountGetCircle(SOSAccountRef a, CFErrorRef *error);
191 SOSCircleRef SOSAccountEnsureCircle(SOSAccountRef a, CFStringRef name, CFErrorRef *error);
192
193 bool SOSAccountUpdateCircleFromRemote(SOSAccountRef account, SOSCircleRef newCircle, CFErrorRef *error);
194 bool SOSAccountUpdateCircle(SOSAccountRef account, SOSCircleRef newCircle, CFErrorRef *error);
195 bool SOSAccountModifyCircle(SOSAccountRef account,
196 CFErrorRef* error,
197 bool (^action)(SOSCircleRef circle));
198
199 void AppendCircleKeyName(CFMutableArrayRef array, CFStringRef name);
200
201 CFStringRef SOSInterestListCopyDescription(CFArrayRef interests);
202
203
204 // FullPeerInfos - including Cloud Identity
205 SOSFullPeerInfoRef CopyCloudKeychainIdentity(SOSPeerInfoRef cloudPeer, CFErrorRef *error);
206
207 SecKeyRef GeneratePermanentFullECKey(int keySize, CFStringRef name, CFErrorRef* error);
208
209 bool SOSAccountEnsureFullPeerAvailable(SOSAccountRef account, CFErrorRef * error);
210
211 bool SOSAccountIsAccountIdentity(SOSAccountRef account, SOSPeerInfoRef peer_info, CFErrorRef *error);
212 bool SOSAccountFullPeerInfoVerify(SOSAccountRef account, SecKeyRef privKey, CFErrorRef *error);
213 SOSPeerInfoRef GenerateNewCloudIdentityPeerInfo(CFErrorRef *error);
214
215 // Credentials
216 bool SOSAccountHasPublicKey(SOSAccountRef account, CFErrorRef* error);
217 void SOSAccountSetPreviousPublic(SOSAccountRef account);
218 bool SOSAccountPublishCloudParameters(SOSAccountRef account, CFErrorRef* error);
219 bool SOSAccountRetrieveCloudParameters(SOSAccountRef account, SecKeyRef *newKey,
220 CFDataRef derparms,
221 CFDataRef *newParameters, CFErrorRef* error);
222
223 //DSID
224 bool SOSAccountUpdateDSID(SOSAccountRef account, CFStringRef dsid);
225
226 //
227 // Key extraction
228 //
229
230 SecKeyRef SOSAccountCopyDeviceKey(SOSAccountRef account, CFErrorRef *error);
231 SecKeyRef SOSAccountCopyPublicKeyForPeer(SOSAccountRef account, CFStringRef peer_id, CFErrorRef *error);
232
233 // Testing
234 void SOSAccountSetLastDepartureReason(SOSAccountRef account, enum DepartureReason reason);
235 void SOSAccountSetUserPublicTrustedForTesting(SOSAccountRef account);
236
237 static inline void CFArrayAppendValueIfNot(CFMutableArrayRef array, CFTypeRef value, CFTypeRef excludedValue)
238 {
239 if (!CFEqualSafe(value, excludedValue))
240 CFArrayAppendValue(array, value);
241 }
242
243 static inline CFMutableDictionaryRef CFDictionaryEnsureCFDictionaryAndGetCurrentValue(CFMutableDictionaryRef dict, CFTypeRef key)
244 {
245 CFMutableDictionaryRef result = (CFMutableDictionaryRef) CFDictionaryGetValue(dict, key);
246
247 if (!isDictionary(result)) {
248 result = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
249 CFDictionarySetValue(dict, key, result);
250 CFReleaseSafe(result);
251 }
252
253 return result;
254 }
255
256 static inline CFMutableArrayRef CFDictionaryEnsureCFArrayAndGetCurrentValue(CFMutableDictionaryRef dict, CFTypeRef key)
257 {
258 CFMutableArrayRef result = (CFMutableArrayRef) CFDictionaryGetValue(dict, key);
259
260 if (!isArray(result)) {
261 result = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
262 CFDictionarySetValue(dict, key, result);
263 CFReleaseSafe(result);
264 }
265
266 return result;
267 }
268
269 void SOSAccountPurgeIdentity(SOSAccountRef account);
270 bool sosAccountLeaveCircle(SOSAccountRef account, SOSCircleRef circle, CFErrorRef* error);
271 bool sosAccountLeaveRing(SOSAccountRef account, SOSRingRef ring, CFErrorRef* error);
272 CFMutableDictionaryRef SOSAccountGetRings(SOSAccountRef a, CFErrorRef *error);
273 CFMutableDictionaryRef SOSAccountGetBackups(SOSAccountRef a, CFErrorRef *error);
274 bool SOSAccountUpdateBackUp(SOSAccountRef account, CFStringRef viewname, CFErrorRef *error);
275
276 bool SOSAccountEnsurePeerRegistration(SOSAccountRef account, CFErrorRef *error);
277
278 extern CFIndex whichTransportType;
279 extern const CFStringRef kSOSDSIDKey;
280 extern const CFStringRef SOSTransportMessageTypeIDS;
281 extern const CFStringRef SOSTransportMessageTypeKVS;
282
283 extern const CFStringRef kSOSUnsyncedViewsKey;
284
285 typedef enum{
286 kSOSTransportIDS = 1,
287 kSOSTransportKVS = 2,
288 kSOSTransportFuture = 3,
289 kSOSTransportPresent = 4
290 }TransportType;
291
292 SOSPeerInfoRef SOSAccountCopyPeerWithID(SOSAccountRef account, CFStringRef peerid, CFErrorRef *error);
293
294 bool SOSAccountSetValue(SOSAccountRef account, const void *key, const void *value, CFErrorRef *error);
295 bool SOSAccountClearValue(SOSAccountRef account, const void *key, CFErrorRef *error);
296 const void *SOSAccountGetValue(SOSAccountRef account, const void *key, CFErrorRef *error);
297
298 bool SOSAccountAddEscrowToPeerInfo(SOSAccountRef account, SOSFullPeerInfoRef myPeer, CFErrorRef *error);
299 bool SOSAccountAddEscrowRecords(SOSAccountRef account, CFStringRef dsid, CFDictionaryRef record, CFErrorRef *error);
300 bool SOSAccountCheckForRings(SOSAccountRef a, CFErrorRef *error);
301 bool SOSAccountHandleUpdateRing(SOSAccountRef account, SOSRingRef prospective_ring, bool writeUpdate, CFErrorRef *error);
302 SOSRingRef SOSAccountGetRing(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
303 SOSRingRef SOSAccountRingCreateForName(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
304 bool SOSAccountEnsureRings(SOSAccountRef a, CFErrorRef *error);
305 bool SOSAccountUpdateRingFromRemote(SOSAccountRef account, SOSRingRef newRing, CFErrorRef *error);
306 bool SOSAccountUpdateRing(SOSAccountRef account, SOSRingRef newRing, CFErrorRef *error);
307 bool SOSAccountModifyRing(SOSAccountRef account, CFStringRef ringName,
308 CFErrorRef* error,
309 bool (^action)(SOSRingRef ring));
310 CFDataRef SOSAccountRingGetPayload(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error);
311 SOSRingRef SOSAccountRingCopyWithPayload(SOSAccountRef account, CFStringRef ringName, CFDataRef payload, CFErrorRef *error);
312 bool SOSAccountRemoveBackupPeers(SOSAccountRef account, CFArrayRef peerIDs, CFErrorRef *error);
313 bool SOSAccountResetRing(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error);
314 bool SOSAccountResetAllRings(SOSAccountRef account, CFErrorRef *error);
315 bool SOSAccountCheckPeerAvailability(SOSAccountRef account, CFErrorRef *error);
316
317 //
318 // MARK: Backup translation functions
319 //
320
321 CFStringRef SOSBackupCopyRingNameForView(CFStringRef viewName);
322
323 #endif
mirror of Security