keychain/ckks/CKKSSIV.h

   1 /*
   2  * Copyright (c) 2017 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if OCTAGON
  25
  26 #import <Foundation/Foundation.h>
  27
  28 // For AES-SIV 512.
  29
  30 #define CKKSKeySize (512 / 8)
  31 #define CKKSWrappedKeySize (CKKSKeySize + 16)
  32
  33 @interface CKKSBaseAESSIVKey : NSObject <NSCopying>
  34 {
  35    @package
  36     uint8_t key[CKKSWrappedKeySize];  // subclasses can use less than the whole buffer, and set key to be precise
  37     size_t size;
  38 }
  39 - (instancetype)init;
  40 - (instancetype)initWithBytes:(uint8_t*)bytes len:(size_t)len;
  41 - (void)zeroKey;
  42 - (instancetype)copyWithZone:(NSZone*)zone;
  43
  44 // Mostly for testing.
  45 - (instancetype)initWithBase64:(NSString*)base64bytes;
  46 - (BOOL)isEqual:(id)object;
  47 @end
  48
  49 @interface CKKSWrappedAESSIVKey : CKKSBaseAESSIVKey
  50 - (instancetype)initWithData:(NSData*)data;
  51 - (NSData*)wrappedData;
  52 - (NSString*)base64WrappedKey;
  53 @end
  54
  55 @interface CKKSAESSIVKey : CKKSBaseAESSIVKey
  56 + (instancetype)randomKey;
  57
  58 - (CKKSWrappedAESSIVKey*)wrapAESKey:(CKKSAESSIVKey*)keyToWrap error:(NSError* __autoreleasing*)error;
  59 - (CKKSAESSIVKey*)unwrapAESKey:(CKKSWrappedAESSIVKey*)keyToUnwrap error:(NSError* __autoreleasing*)error;
  60
  61 // Encrypt and decrypt data into buffers. Adds a nonce for ciphertext protection.
  62 - (NSData*)encryptData:(NSData*)plaintext
  63      authenticatedData:(NSDictionary<NSString*, NSData*>*)ad
  64                  error:(NSError* __autoreleasing*)error;
  65 - (NSData*)decryptData:(NSData*)ciphertext
  66      authenticatedData:(NSDictionary<NSString*, NSData*>*)ad
  67                  error:(NSError* __autoreleasing*)error;
  68
  69 @end
  70
  71 #endif  // OCTAGON