]> git.saurik.com Git - apple/security.git/blob - OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.h
Security-58286.270.3.0.1.tar.gz
[apple/security.git] / OSX / sec / SOSCircle / SecureObjectSync / SOSAccount.h
1 /*
2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 /*!
26 @header SOSAccount.h
27 The functions provided in SOSCircle.h provide an interface to a
28 secure object syncing circle for a single class
29 */
30
31 #ifndef _SOSACCOUNT_H_
32 #define _SOSACCOUNT_H_
33
34 #include <CoreFoundation/CoreFoundation.h>
35 #include <Foundation/Foundation.h>
36 #include <Security/SecureObjectSync/SOSAccountPriv.h>
37 #include <Security/SecureObjectSync/SOSCircle.h>
38 #include <Security/SecureObjectSync/SOSFullPeerInfo.h>
39 #include <Security/SecureObjectSync/SOSCloudCircle.h>
40 #include <Security/SecureObjectSync/SOSCloudCircleInternal.h>
41 #include <Security/SecureObjectSync/SOSTransportCircle.h>
42 #include <Security/SecureObjectSync/SOSRing.h>
43 #include <Security/SecureObjectSync/SOSRecoveryKeyBag.h>
44 #include <Security/SecureObjectSync/SOSAccountTransaction.h>
45 #include <dispatch/dispatch.h>
46
47 @class SOSAccount;
48
49 __BEGIN_DECLS
50
51 #define RETIREMENT_FINALIZATION_SECONDS (24*60*60)
52
53 typedef void (^SOSAccountCircleMembershipChangeBlock)(SOSAccount* account,
54 SOSCircleRef new_circle,
55 CFSetRef added_peers, CFSetRef removed_peers,
56 CFSetRef added_applicants, CFSetRef removed_applicants);
57
58 CFTypeID SOSAccountGetTypeID(void);
59
60 SOSAccount* SOSAccountCreate(CFAllocatorRef allocator,
61 CFDictionaryRef gestalt,
62 SOSDataSourceFactoryRef factory);
63
64 //
65 // MARK: Credential management
66 //
67
68 SecKeyRef SOSAccountGetTrustedPublicCredential(SOSAccount* account, CFErrorRef* error);
69
70 SecKeyRef SOSAccountGetPrivateCredential(SOSAccount* account, CFErrorRef* error);
71 CFDataRef SOSAccountGetCachedPassword(SOSAccount* account, CFErrorRef* error);
72 void SOSAccountStashAccountKey(SOSAccount* account);
73 SecKeyRef SOSAccountCopyStashedUserPrivateKey(SOSAccount* account, CFErrorRef *error);
74
75 void SOSAccountSetParameters(SOSAccount* account, CFDataRef parameters);
76
77 void SOSAccountPurgePrivateCredential(SOSAccount* account);
78
79 void SOSAccountRestartPrivateCredentialTimer(SOSAccount* account);
80
81 bool SOSAccountTryUserCredentials(SOSAccount* account,
82 CFStringRef user_account, CFDataRef user_password,
83 CFErrorRef *error);
84
85 bool SOSAccountTryUserPrivateKey(SOSAccount* account, SecKeyRef user_private, CFErrorRef *error);
86
87 bool SOSAccountValidateAccountCredential(SOSAccount* account, SecKeyRef accountPrivateKey, CFErrorRef *error);
88 bool SOSAccountAssertStashedAccountCredential(SOSAccount* account, CFErrorRef *error);
89 bool SOSAccountAssertUserCredentials(SOSAccount* account,
90 CFStringRef user_account, CFDataRef user_password,
91 CFErrorRef *error);
92
93 bool SOSAccountRetryUserCredentials(SOSAccount* account);
94 void SOSAccountSetUnTrustedUserPublicKey(SOSAccount* account, SecKeyRef publicKey);
95
96 bool SOSAccountGenerationSignatureUpdate(SOSAccount* account, CFErrorRef *error);
97
98 //
99 // MARK: Circle management
100 //
101
102 bool SOSAccountUpdateCircle(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error);
103 void SOSTransportEachMessage(SOSAccount* account, CFDictionaryRef updates, CFErrorRef *error);
104
105
106 CFStringRef SOSAccountGetSOSCCStatusString(SOSCCStatus status);
107 SOSCCStatus SOSAccountGetSOSCCStatusFromString(CFStringRef status);
108 bool SOSAccountJoinCircles(SOSAccountTransaction* aTxn, CFErrorRef* error);
109 bool SOSAccountJoinCirclesWithAnalytics(SOSAccountTransaction* aTxn, NSData* parentEvent, CFErrorRef* error);
110 bool SOSAccountJoinCirclesAfterRestore(SOSAccountTransaction* aTxn, CFErrorRef* error);
111 bool SOSAccountJoinCirclesAfterRestoreWithAnalytics(SOSAccountTransaction* aTxn, NSData* parentEvent, CFErrorRef* error);
112 bool SOSAccountRemovePeersFromCircle(SOSAccount* account, CFArrayRef peers, CFErrorRef* error);
113 bool SOSAccountRemovePeersFromCircleWithAnalytics(SOSAccount* account, CFArrayRef peers, NSData* parentEvent, CFErrorRef* error);
114 bool SOSAccountBail(SOSAccount* account, uint64_t limit_in_seconds, CFErrorRef* error);
115 bool SOSAccountAcceptApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error);
116 bool SOSAccountRejectApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error);
117
118 bool SOSValidateUserPublic(SOSAccount* account, CFErrorRef* error);
119
120 void SOSAccountForEachCirclePeerExceptMe(SOSAccount* account, void (^action)(SOSPeerInfoRef peer));
121
122 CFArrayRef SOSAccountCopyApplicants(SOSAccount* account, CFErrorRef *error);
123 CFArrayRef SOSAccountCopyGeneration(SOSAccount* account, CFErrorRef *error);
124 CFArrayRef SOSAccountCopyValidPeers(SOSAccount* account, CFErrorRef *error);
125 CFArrayRef SOSAccountCopyPeersToListenTo(SOSAccount* account, CFErrorRef *error);
126 CFArrayRef SOSAccountCopyNotValidPeers(SOSAccount* account, CFErrorRef *error);
127 CFArrayRef SOSAccountCopyRetired(SOSAccount* account, CFErrorRef *error);
128 CFArrayRef SOSAccountCopyViewUnaware(SOSAccount* account, CFErrorRef *error);
129 CFArrayRef SOSAccountCopyPeers(SOSAccount* account, CFErrorRef *error);
130 CFArrayRef SOSAccountCopyActivePeers(SOSAccount* account, CFErrorRef *error);
131 CFArrayRef CF_RETURNS_RETAINED SOSAccountCopyActiveValidPeers(SOSAccount* account, CFErrorRef *error);
132 CFArrayRef SOSAccountCopyConcurringPeers(SOSAccount* account, CFErrorRef *error);
133
134 bool SOSAccountIsAccountIdentity(SOSAccount* account, SOSPeerInfoRef peer_info, CFErrorRef *error);
135
136 enum DepartureReason SOSAccountGetLastDepartureReason(SOSAccount* account, CFErrorRef* error);
137
138 //
139 // MARK: iCloud Identity
140 //
141 bool SOSAccountRemoveIncompleteiCloudIdentities(SOSAccount* account, SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error);
142
143 //
144 // MARK: Change blocks
145 //
146 void SOSAccountAddChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock);
147 void SOSAccountRemoveChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock);
148
149
150 //
151 // MARK: Local device gestalt change.
152 //
153 CFDictionaryRef SOSAccountCopyGestalt(SOSAccount* account);
154
155 CFDictionaryRef SOSAccountCopyV2Dictionary(SOSAccount* account);
156
157 void SOSAccountPendDisableViewSet(SOSAccount* account, CFSetRef disabledViews);
158
159 void SOSAccountUpdateOutOfSyncViews(SOSAccountTransaction* aTxn, CFSetRef viewsInSync);
160 void SOSAccountPeerGotInSync(SOSAccountTransaction* aTxn, CFStringRef peerID, CFSetRef views);
161
162 bool SOSAccountHandleParametersChange(SOSAccount* account, CFDataRef updates, CFErrorRef *error);
163
164 //
165 // MARK: Requests for syncing later
166 //
167 bool SOSAccountRequestSyncWithAllPeers(SOSAccountTransaction* txn, CFErrorRef *error);
168 CF_RETURNS_RETAINED CFMutableSetRef SOSAccountSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peerIDs, CFErrorRef *error);
169 CFSetRef SOSAccountSyncWithPeersOverKVS(SOSAccountTransaction* txn, CFSetRef peers);
170 bool SOSAccountInflateTransports(SOSAccount* account, CFStringRef circleName, CFErrorRef *error);
171
172 //
173 // MARK: Outgoing/Sync functions
174 //
175
176 bool SOSAccountSyncWithKVSPeerWithMessage(SOSAccountTransaction* txn, CFStringRef peerid, CFDataRef message, CFErrorRef *error);
177
178 CF_RETURNS_RETAINED CFSetRef SOSAccountProcessSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peers, CFSetRef /* CFStringRef */ backupPeers, CFErrorRef *error);
179 CF_RETURNS_RETAINED CFSetRef SOSAccountCopyBackupPeersAndForceSync(SOSAccountTransaction* txn, CFErrorRef *error);
180
181 //
182 // MARK: Cleanup functions
183 //
184
185 bool SOSAccountScanForRetired(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error);
186 CF_RETURNS_RETAINED SOSCircleRef SOSAccountCloneCircleWithRetirement(SOSAccount* account, SOSCircleRef starting_circle, CFErrorRef *error);
187
188 //
189 // MARK: Version incompatibility Functions
190 //
191 CFStringRef SOSAccountCopyIncompatibilityInfo(SOSAccount* account, CFErrorRef* error);
192
193 //
194 // MARK: Backup functions
195 //
196
197 bool SOSAccountIsBackupRingEmpty(SOSAccount* account, CFStringRef viewName);
198 bool SOSAccountNewBKSBForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error);
199
200
201 bool SOSAccountSetBackupPublicKey(SOSAccountTransaction* aTxn, CFDataRef backupKey, CFErrorRef *error);
202 bool SOSAccountRemoveBackupPublickey(SOSAccountTransaction* aTxn, CFErrorRef *error);
203 bool SOSAccountBackupUpdateBackupPublicKey(SOSAccount *account, CFDataRef backupKey);
204 bool SOSAccountSetBSKBagForAllSlices(SOSAccount* account, CFDataRef backupSlice, bool setupV0Only, CFErrorRef *error);
205
206 CF_RETURNS_RETAINED SOSBackupSliceKeyBagRef SOSAccountBackupSliceKeyBagForView(SOSAccount* account, CFStringRef viewName, CFErrorRef* error);
207
208 bool SOSAccountIsLastBackupPeer(SOSAccount* account, CFErrorRef *error);
209
210
211 //
212 // MARK: Recovery Public Key Functions
213 //
214 bool SOSAccountRegisterRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
215 CFDataRef SOSAccountCopyRecoveryPublicKey(SOSAccountTransaction* txn, CFErrorRef *error);
216 bool SOSAccountClearRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
217 bool SOSAccountSetRecoveryKey(SOSAccount* account, CFDataRef pubData, CFErrorRef *error);
218 bool SOSAccountRemoveRecoveryKey(SOSAccount* account, CFErrorRef *error);
219 SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBag(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
220 CFDataRef SOSAccountCopyRecoveryPublic(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
221 bool SOSAccountRecoveryKeyIsInBackupAndCurrentInView(SOSAccount* account, CFStringRef viewname);
222 bool SOSAccountSetRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error);
223 SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
224 void SOSAccountEnsureRecoveryRing(SOSAccount* account);
225
226 //
227 // MARK: Private functions
228 //
229
230 dispatch_queue_t SOSAccountGetQueue(SOSAccount* account);
231
232 typedef bool (^SOSAccountSendBlock)(CFStringRef key, CFDataRef message, CFErrorRef *error);
233
234 //
235 // MARK: Utility functions
236 //
237
238 CFStringRef SOSInterestListCopyDescription(CFArrayRef interests);
239
240 //
241 // MARK: HSA2 Piggyback Support Functions
242 //
243 SOSPeerInfoRef SOSAccountCopyApplication(SOSAccount* account, CFErrorRef*);
244 CFDataRef SOSAccountCopyCircleJoiningBlob(SOSAccount* account, SOSPeerInfoRef applicant, CFErrorRef *error);
245 bool SOSAccountJoinWithCircleJoiningBlob(SOSAccount* account, CFDataRef joiningBlob, PiggyBackProtocolVersion version, CFErrorRef *error);
246 CFDataRef SOSAccountCopyInitialSyncData(SOSAccount* account, CFErrorRef *error);
247
248 //
249 // MARK: Initial-Sync
250 //
251 CFMutableSetRef SOSAccountCopyUnsyncedInitialViews(SOSAccount* account);
252
253 //
254 // MARK: State Logging
255 //
256 void SOSAccountLogState(SOSAccount* account);
257 void SOSAccountLogViewState(SOSAccount* account);
258 void SOSAccountConsiderLoggingEngineState(SOSAccountTransaction* txn);
259
260 //
261 // MARK: Checking other peer views
262 //
263
264 CFBooleanRef SOSAccountPeersHaveViewsEnabled(SOSAccount* account, CFArrayRef viewNames, CFErrorRef *error);
265
266 void SOSAccountSetTestSerialNumber(SOSAccount* account, CFStringRef serial);
267 SOSViewResultCode SOSAccountVirtualV0Behavior(SOSAccount* account, SOSViewActionCode actionCode);
268
269
270 bool SOSAccountIsPeerRetired(SOSAccount* account, CFSetRef peers);
271 void SOSAccountNotifyOfChange(SOSAccount* account, SOSCircleRef oldCircle, SOSCircleRef newCircle);
272
273
274 //
275 // MARK: Syncing status functions
276 //
277 bool SOSAccountMessageFromPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
278 bool SOSAccountSendToPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
279
280 //
281 // MARK: OTR
282 //
283 void SOSAccountResetOTRNegotiationCoder(SOSAccount* account, CFStringRef peerid);
284 void SOSAccountTimerFiredSendNextMessage(SOSAccountTransaction* txn, NSString* peerid, NSString* accessGroup);
285
286 NSMutableArray* SOSAccountGetAllTLKs(void);
287 CF_RETURNS_RETAINED CFMutableArrayRef SOSAccountCopyiCloudIdentities(SOSAccount* account);
288
289 __END_DECLS
290
291 #endif /* !_SOSACCOUNT_H_ */