]> git.saurik.com Git - apple/security.git/blob - keychain/SecureObjectSync/SOSAccount.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / keychain / SecureObjectSync / SOSAccount.h
1 /*
2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 /*!
26 @header SOSAccount.h
27 The functions provided in SOSCircle.h provide an interface to a
28 secure object syncing circle for a single class
29 */
30
31 #ifndef _SOSACCOUNT_H_
32 #define _SOSACCOUNT_H_
33
34 #include <CoreFoundation/CoreFoundation.h>
35 #include <Foundation/Foundation.h>
36 #include "keychain/SecureObjectSync/SOSAccountPriv.h"
37 #include "keychain/SecureObjectSync/SOSCircle.h"
38 #include "keychain/SecureObjectSync/SOSFullPeerInfo.h"
39 #include <Security/SecureObjectSync/SOSCloudCircle.h>
40 #include <Security/SecureObjectSync/SOSCloudCircleInternal.h>
41 #include "keychain/SecureObjectSync/SOSTransportCircle.h"
42 #include "keychain/SecureObjectSync/SOSRing.h"
43 #include "keychain/SecureObjectSync/SOSRecoveryKeyBag.h"
44 #import "keychain/SecureObjectSync/SOSAccountTransaction.h"
45 #include <dispatch/dispatch.h>
46
47 @class SOSAccount;
48
49 __BEGIN_DECLS
50
51 #define RETIREMENT_FINALIZATION_SECONDS (24*60*60)
52
53 typedef void (^SOSAccountCircleMembershipChangeBlock)(SOSAccount* account,
54 SOSCircleRef new_circle,
55 CFSetRef added_peers, CFSetRef removed_peers,
56 CFSetRef added_applicants, CFSetRef removed_applicants);
57
58 CFTypeID SOSAccountGetTypeID(void);
59
60 SOSAccount* SOSAccountCreate(CFAllocatorRef allocator,
61 CFDictionaryRef gestalt,
62 SOSDataSourceFactoryRef factory);
63
64 //
65 // MARK: Credential management
66 //
67
68 SecKeyRef SOSAccountGetTrustedPublicCredential(SOSAccount* account, CFErrorRef* error);
69
70 SecKeyRef SOSAccountGetPrivateCredential(SOSAccount* account, CFErrorRef* error);
71 CFDataRef SOSAccountGetCachedPassword(SOSAccount* account, CFErrorRef* error);
72 void SOSAccountStashAccountKey(SOSAccount* account);
73 SecKeyRef SOSAccountCopyStashedUserPrivateKey(SOSAccount* account, CFErrorRef *error);
74
75 void SOSAccountSetParameters(SOSAccount* account, CFDataRef parameters);
76
77 void SOSAccountPurgePrivateCredential(SOSAccount* account);
78
79 void SOSAccountRestartPrivateCredentialTimer(SOSAccount* account);
80
81 bool SOSAccountTryUserCredentials(SOSAccount* account,
82 CFStringRef user_account, CFDataRef user_password,
83 CFErrorRef *error);
84
85 bool SOSAccountTryUserPrivateKey(SOSAccount* account, SecKeyRef user_private, CFErrorRef *error);
86
87 bool SOSAccountValidateAccountCredential(SOSAccount* account, SecKeyRef accountPrivateKey, CFErrorRef *error);
88 bool SOSAccountAssertStashedAccountCredential(SOSAccount* account, CFErrorRef *error);
89 bool SOSAccountAssertUserCredentials(SOSAccount* account,
90 CFStringRef user_account, CFDataRef user_password,
91 CFErrorRef *error);
92
93 bool SOSAccountRetryUserCredentials(SOSAccount* account);
94 void SOSAccountSetUnTrustedUserPublicKey(SOSAccount* account, SecKeyRef publicKey);
95
96 bool SOSAccountGenerationSignatureUpdate(SOSAccount* account, CFErrorRef *error);
97
98 //
99 // MARK: Circle management
100 //
101
102 bool SOSAccountUpdateCircle(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error);
103 void SOSTransportEachMessage(SOSAccount* account, CFDictionaryRef updates, CFErrorRef *error);
104
105
106 CFStringRef SOSAccountGetSOSCCStatusString(SOSCCStatus status);
107 SOSCCStatus SOSAccountGetSOSCCStatusFromString(CFStringRef status);
108 bool SOSAccountJoinCircles(SOSAccountTransaction* aTxn, CFErrorRef* error);
109 bool SOSAccountJoinCirclesWithAnalytics(SOSAccountTransaction* aTxn, NSData* parentEvent, CFErrorRef* error);
110 bool SOSAccountJoinCirclesAfterRestore(SOSAccountTransaction* aTxn, CFErrorRef* error);
111 bool SOSAccountJoinCirclesAfterRestoreWithAnalytics(SOSAccountTransaction* aTxn, NSData* parentEvent, CFErrorRef* error);
112 bool SOSAccountRemovePeersFromCircle(SOSAccount* account, CFArrayRef peers, CFErrorRef* error);
113 bool SOSAccountRemovePeersFromCircleWithAnalytics(SOSAccount* account, CFArrayRef peers, NSData* parentEvent, CFErrorRef* error);
114 bool SOSAccountBail(SOSAccount* account, uint64_t limit_in_seconds, CFErrorRef* error);
115 bool SOSAccountAcceptApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error);
116 bool SOSAccountRejectApplicants(SOSAccount* account, CFArrayRef applicants, CFErrorRef* error);
117
118 bool SOSValidateUserPublic(SOSAccount* account, CFErrorRef* error);
119
120 void SOSAccountForEachCirclePeerExceptMe(SOSAccount* account, void (^action)(SOSPeerInfoRef peer));
121
122 CFArrayRef SOSAccountCopyApplicants(SOSAccount* account, CFErrorRef *error);
123 CFArrayRef SOSAccountCopyGeneration(SOSAccount* account, CFErrorRef *error);
124 CFArrayRef SOSAccountCopyValidPeers(SOSAccount* account, CFErrorRef *error);
125 CFArrayRef SOSAccountCopyPeersToListenTo(SOSAccount* account, CFErrorRef *error);
126 CFArrayRef SOSAccountCopyNotValidPeers(SOSAccount* account, CFErrorRef *error);
127 CFArrayRef SOSAccountCopyRetired(SOSAccount* account, CFErrorRef *error);
128 CFArrayRef SOSAccountCopyViewUnaware(SOSAccount* account, CFErrorRef *error);
129 CFArrayRef SOSAccountCopyPeers(SOSAccount* account, CFErrorRef *error);
130 CFArrayRef SOSAccountCopyActivePeers(SOSAccount* account, CFErrorRef *error);
131 CFArrayRef CF_RETURNS_RETAINED SOSAccountCopyActiveValidPeers(SOSAccount* account, CFErrorRef *error);
132 CFArrayRef SOSAccountCopyConcurringPeers(SOSAccount* account, CFErrorRef *error);
133
134 bool SOSAccountIsAccountIdentity(SOSAccount* account, SOSPeerInfoRef peer_info, CFErrorRef *error);
135
136 enum DepartureReason SOSAccountGetLastDepartureReason(SOSAccount* account, CFErrorRef* error);
137
138 //
139 // MARK: iCloud Identity
140 //
141 bool SOSAccountRemoveIncompleteiCloudIdentities(SOSAccount* account, SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error);
142
143 //
144 // MARK: Change blocks
145 //
146 void SOSAccountAddChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock);
147 void SOSAccountRemoveChangeBlock(SOSAccount* a, SOSAccountCircleMembershipChangeBlock changeBlock);
148
149
150 //
151 // MARK: Local device gestalt change.
152 //
153 CFDictionaryRef SOSAccountCopyGestalt(SOSAccount* account);
154
155 CFDictionaryRef SOSAccountCopyV2Dictionary(SOSAccount* account);
156
157 void SOSAccountPendDisableViewSet(SOSAccount* account, CFSetRef disabledViews);
158
159 void SOSAccountUpdateOutOfSyncViews(SOSAccountTransaction* aTxn, CFSetRef viewsInSync);
160 void SOSAccountPeerGotInSync(SOSAccountTransaction* aTxn, CFStringRef peerID, CFSetRef views);
161
162 bool SOSAccountHandleParametersChange(SOSAccount* account, CFDataRef updates, CFErrorRef *error);
163
164 //
165 // MARK: Requests for syncing later
166 //
167 bool SOSAccountRequestSyncWithAllPeers(SOSAccountTransaction* txn, CFErrorRef *error);
168 CF_RETURNS_RETAINED CFMutableSetRef SOSAccountSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peerIDs, CFErrorRef *error);
169 CFSetRef SOSAccountSyncWithPeersOverKVS(SOSAccountTransaction* txn, CFSetRef peers);
170 bool SOSAccountInflateTransports(SOSAccount* account, CFStringRef circleName, CFErrorRef *error);
171
172 //
173 // MARK: Outgoing/Sync functions
174 //
175
176 bool SOSAccountSyncWithKVSPeerWithMessage(SOSAccountTransaction* txn, CFStringRef peerid, CFDataRef message, CFErrorRef *error);
177
178 CF_RETURNS_RETAINED CFSetRef SOSAccountProcessSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peers, CFSetRef /* CFStringRef */ backupPeers, CFErrorRef *error);
179 CF_RETURNS_RETAINED CFSetRef SOSAccountCopyBackupPeersAndForceSync(SOSAccountTransaction* txn, CFErrorRef *error);
180
181 //
182 // MARK: Cleanup functions
183 //
184
185 bool SOSAccountScanForRetired(SOSAccount* account, SOSCircleRef circle, CFErrorRef *error);
186 CF_RETURNS_RETAINED SOSCircleRef SOSAccountCloneCircleWithRetirement(SOSAccount* account, SOSCircleRef starting_circle, CFErrorRef *error);
187
188 //
189 // MARK: Version incompatibility Functions
190 //
191 CFStringRef SOSAccountCopyIncompatibilityInfo(SOSAccount* account, CFErrorRef* error);
192
193 //
194 // MARK: Backup functions
195 //
196
197 bool SOSAccountIsBackupRingEmpty(SOSAccount* account, CFStringRef viewName);
198 bool SOSAccountNewBKSBForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error);
199
200 void SOSAccountProcessBackupRings(SOSAccount* account, CFErrorRef *error);
201 bool SOSAccountValidateBackupRingForView(SOSAccount* account, CFStringRef viewName, CFErrorRef *error);
202 bool SOSAccountSetBackupPublicKey(SOSAccountTransaction* aTxn, CFDataRef backupKey, CFErrorRef *error);
203 bool SOSAccountRemoveBackupPublickey(SOSAccountTransaction* aTxn, CFErrorRef *error);
204 bool SOSAccountBackupUpdateBackupPublicKey(SOSAccount *account, CFDataRef backupKey);
205 bool SOSAccountSetBSKBagForAllSlices(SOSAccount* account, CFDataRef backupSlice, bool setupV0Only, CFErrorRef *error);
206
207 CF_RETURNS_RETAINED SOSBackupSliceKeyBagRef SOSAccountBackupSliceKeyBagForView(SOSAccount* account, CFStringRef viewName, CFErrorRef* error);
208
209 bool SOSAccountIsLastBackupPeer(SOSAccount* account, CFErrorRef *error);
210
211
212 //
213 // MARK: Recovery Public Key Functions
214 //
215 bool SOSAccountRegisterRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
216 CFDataRef SOSAccountCopyRecoveryPublicKey(SOSAccountTransaction* txn, CFErrorRef *error);
217 bool SOSAccountClearRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
218
219
220 // Internal calls that sets or clears Recovery Keys for the Account Object Provided by Clients
221 bool SOSAccountSetRecoveryKey(SOSAccount* account, CFDataRef pubData, CFErrorRef *error);
222 bool SOSAccountRemoveRecoveryKey(SOSAccount* account, CFErrorRef *error);
223
224
225 CFDataRef SOSAccountCopyRecoveryPublic(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
226 bool SOSAccountRecoveryKeyIsInBackupAndCurrentInView(SOSAccount* account, CFStringRef viewname);
227 bool SOSAccountSetRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error);
228 SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
229 void SOSAccountEnsureRecoveryRing(SOSAccount* account);
230
231 //
232 // MARK: Private functions
233 //
234
235 dispatch_queue_t SOSAccountGetQueue(SOSAccount* account);
236
237 typedef bool (^SOSAccountSendBlock)(CFStringRef key, CFDataRef message, CFErrorRef *error);
238
239 //
240 // MARK: Utility functions
241 //
242
243 CFStringRef SOSInterestListCopyDescription(CFArrayRef interests);
244
245 //
246 // MARK: HSA2 Piggyback Support Functions
247 //
248 SOSPeerInfoRef SOSAccountCopyApplication(SOSAccount* account, CFErrorRef*);
249 CFDataRef SOSAccountCopyCircleJoiningBlob(SOSAccount* account, SOSPeerInfoRef applicant, CFErrorRef *error);
250 bool SOSAccountJoinWithCircleJoiningBlob(SOSAccount* account, CFDataRef joiningBlob, PiggyBackProtocolVersion version, CFErrorRef *error);
251 CFDataRef SOSAccountCopyInitialSyncData(SOSAccount* account, CFErrorRef *error);
252
253 //
254 // MARK: Initial-Sync
255 //
256 CFMutableSetRef SOSAccountCopyUnsyncedInitialViews(SOSAccount* account);
257
258 //
259 // MARK: State Logging
260 //
261 void SOSAccountLogState(SOSAccount* account);
262 void SOSAccountLogViewState(SOSAccount* account);
263 void SOSAccountConsiderLoggingEngineState(SOSAccountTransaction* txn);
264
265 //
266 // MARK: Checking other peer views
267 //
268
269 CFBooleanRef SOSAccountPeersHaveViewsEnabled(SOSAccount* account, CFArrayRef viewNames, CFErrorRef *error);
270
271 void SOSAccountSetTestSerialNumber(SOSAccount* account, CFStringRef serial);
272 SOSViewResultCode SOSAccountVirtualV0Behavior(SOSAccount* account, SOSViewActionCode actionCode);
273
274
275 bool SOSAccountIsPeerRetired(SOSAccount* account, CFSetRef peers);
276 void SOSAccountNotifyOfChange(SOSAccount* account, SOSCircleRef oldCircle, SOSCircleRef newCircle);
277
278
279 //
280 // MARK: Syncing status functions
281 //
282 bool SOSAccountMessageFromPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
283 bool SOSAccountSendToPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
284
285 //
286 // MARK: OTR
287 //
288 void SOSAccountResetOTRNegotiationCoder(SOSAccount* account, CFStringRef peerid);
289 void SOSAccountTimerFiredSendNextMessage(SOSAccountTransaction* txn, NSString* peerid, NSString* accessGroup);
290
291 NSMutableArray* SOSAccountGetAllTLKs(void);
292 CF_RETURNS_RETAINED CFMutableArrayRef SOSAccountCopyiCloudIdentities(SOSAccount* account);
293
294 __END_DECLS
295
296 #endif /* !_SOSACCOUNT_H_ */
mirror of Security