]> git.saurik.com Git - apple/security.git/blob - keychain/SecureObjectSync/SOSInternal.h
Security-59754.41.1.tar.gz
[apple/security.git] / keychain / SecureObjectSync / SOSInternal.h
1 /*
2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #ifndef _SOSINTERNAL_H_
26 #define _SOSINTERNAL_H_
27
28 #include <CoreFoundation/CoreFoundation.h>
29
30 #include <Security/SecKey.h>
31
32 #include <Security/SecItemShim.h>
33
34 #include <Security/SecureObjectSync/SOSCloudCircle.h>
35
36 #include <utilities/SecCFWrappers.h>
37
38 #include <corecrypto/ccec.h>
39
40 __BEGIN_DECLS
41
42 #define SOS_ACCOUNT_PRIORITY DISPATCH_QUEUE_PRIORITY_LOW
43 #define SOS_ENGINE_PRIORITY DISPATCH_QUEUE_PRIORITY_BACKGROUND
44 #define SOS_TRANSPORT_PRIORITY DISPATCH_QUEUE_PRIORITY_LOW
45
46 #define ENABLE_IDS 0
47
48 #define kSOSPeerIDLengthMax (26)
49 #define CC_STATISVALID 0x8000000000000000
50 #define CC_UKEY_TRUSTED 0x4000000000000000
51 #define CC_CAN_AUTH 0x2000000000000000
52 #define CC_PEER_IS_IN 0x1000000000000000
53 #define CC_MASK 0x0fffffffffffffff
54
55 enum {
56 // Public errors are first (See SOSCloudCircle)
57
58 kSOSErrorFirstPrivateError = 1024,
59
60 kSOSErrorAllocationFailure = 1024,
61 kSOSErrorEncodeFailure = 1025,
62 kSOSErrorNameMismatch = 1026,
63 kSOSErrorSendFailure = 1027,
64 kSOSErrorProcessingFailure = 1028,
65 kSOSErrorDecodeFailure = 1029,
66
67 kSOSErrorAlreadyPeer = 1030,
68 kSOSErrorNotApplicant = 1031,
69 kSOSErrorPeerNotFound = 1032,
70
71 kSOSErrorNoKey = 1033,
72 kSOSErrorBadKey = 1034,
73 kSOSErrorBadFormat = 1035,
74 kSOSErrorNoCircleName = 1036,
75 kSOSErrorNoCircle = 1037,
76 kSOSErrorBadSignature = 1038,
77 kSOSErrorReplay = 1039,
78
79 kSOSErrorUnexpectedType = 1040,
80
81 kSOSErrorUnsupported = 1041,
82 kSOSErrorInvalidMessage = 1042,
83 kSOSErrorNoRing = 1043,
84
85 kSOSErrorNoiCloudPeer = 1044,
86 kSOSErrorParam = 1045,
87 kSOSErrorNotInCircle = 1046,
88 kSOSErrorKeysNeedAttention = 1047,
89 kSOSErrorNoAccount = 1048,
90 };
91
92 extern const CFStringRef SOSTransportMessageTypeIDSV2;
93 extern const CFStringRef SOSTransportMessageTypeKVS;
94 extern const CFStringRef kSOSDSIDKey;
95 extern const SOSCCStatus kSOSNoCachedValue;
96 extern const CFStringRef kSOSCountKey;
97
98 dispatch_queue_t SOSCCCredentialQueue(void);
99
100 // Returns false unless errorCode is 0.
101 bool SOSErrorCreate(CFIndex errorCode, CFErrorRef *error, CFDictionaryRef formatOptions, CFStringRef descriptionString, ...);
102
103 bool SOSCreateError(CFIndex errorCode, CFStringRef descriptionString, CFErrorRef previousError, CFErrorRef *newError);
104
105 bool SOSCreateErrorWithFormat(CFIndex errorCode, CFErrorRef previousError, CFErrorRef *newError,
106 CFDictionaryRef formatOptions, CFStringRef formatString, ...)
107 CF_FORMAT_FUNCTION(5,6);
108
109 bool SOSCreateErrorWithFormatAndArguments(CFIndex errorCode, CFErrorRef previousError, CFErrorRef *newError,
110 CFDictionaryRef formatOptions, CFStringRef formatString, va_list args)
111 CF_FORMAT_FUNCTION(5,0);
112
113
114 static inline bool SOSClearErrorIfTrue(bool condition, CFErrorRef *error) {
115 if(condition && error && *error) {
116 secdebug("errorBug", "Got Success and Error (dropping error): %@", *error);
117 CFReleaseNull(*error);
118 }
119 return true;
120 }
121
122 static inline bool isSOSErrorCoded(CFErrorRef error, CFIndex sosErrorCode) {
123 return error && CFErrorGetCode(error) == sosErrorCode && CFEqualSafe(CFErrorGetDomain(error), kSOSErrorDomain);
124 }
125
126 //
127 // Backup Key handling
128 //
129 ccec_const_cp_t SOSGetBackupKeyCurveParameters(void);
130 bool SOSGenerateDeviceBackupFullKey(ccec_full_ctx_t generatedKey, ccec_const_cp_t cp, CFDataRef entropy, CFErrorRef* error);
131
132 bool SOSPerformWithDeviceBackupFullKey(ccec_const_cp_t cp, CFDataRef entropy, CFErrorRef *error, void (^operation)(ccec_full_ctx_t fullKey));
133
134 //
135 // Wrapping and Unwrapping
136 //
137
138 CFMutableDataRef SOSCopyECWrappedData(ccec_pub_ctx_t ec_ctx, CFDataRef data, CFErrorRef *error);
139 bool SOSPerformWithUnwrappedData(ccec_full_ctx_t ec_ctx, CFDataRef data, CFErrorRef *error,
140 void (^operation)(size_t size, uint8_t *buffer));
141 CFMutableDataRef SOSCopyECUnwrappedData(ccec_full_ctx_t ec_ctx, CFDataRef data, CFErrorRef *error);
142 //
143 // Utility Functions
144 //
145 OSStatus GenerateECPair(int keySize, SecKeyRef* public, SecKeyRef *full);
146 OSStatus GeneratePermanentECPair(int keySize, SecKeyRef* public, SecKeyRef *full);
147
148 CFStringRef SOSItemsChangedCopyDescription(CFDictionaryRef changes, bool is_sender);
149
150 CFStringRef SOSCopyHashBufAsString(uint8_t *digest, size_t len);
151 CFStringRef SOSCopyIDOfDataBuffer(CFDataRef data, CFErrorRef *error);
152 CFStringRef SOSCopyIDOfDataBufferWithLength(CFDataRef data, CFIndex len, CFErrorRef *error);
153
154 CFStringRef SOSCopyIDOfKey(SecKeyRef key, CFErrorRef *error);
155 CFStringRef SOSCopyIDOfKeyWithLength(SecKeyRef key, CFIndex len, CFErrorRef *error);
156
157 //
158 // Der encoding accumulation
159 //
160 OS_WARN_RESULT
161 static inline bool accumulate_size(size_t *accumulator, size_t size) {
162 *accumulator += size;
163 return size != 0;
164 }
165
166 // Used for simple timestamping that's DERable (not durable)
167 CFDataRef SOSDateCreate(void);
168
169 CFDataRef CFDataCreateWithDER(CFAllocatorRef allocator, CFIndex size, uint8_t*(^operation)(size_t size, uint8_t *buffer));
170
171
172 // Expanded notification utilities
173 #if __OBJC__
174 @interface SOSCachedNotification : NSObject
175 - (instancetype)init NS_UNAVAILABLE;
176 + (NSString *)notificationName:(const char *)notificationString;
177 @end
178 #endif
179
180 bool SOSCachedNotificationOperation(const char *notificationString, bool (^operation) (int token, bool gtg));
181 uint64_t SOSGetCachedCircleBitmask(void);
182 SOSCCStatus SOSGetCachedCircleStatus(CFErrorRef *error);
183 uint64_t SOSCachedViewBitmask(void);
184 CFSetRef SOSCreateCachedViewStatus(void);
185
186 #if __OBJC__
187 NSDate *SOSCreateRandomDateBetweenNowPlus(NSTimeInterval starting, NSTimeInterval ending);
188 #endif
189
190
191
192 __END_DECLS
193
194 #endif