keychain/ckks/CKKSSIV.h

   1 /*
   2  * Copyright (c) 2017 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if OCTAGON
  25
  26 #import <Foundation/Foundation.h>
  27
  28 NS_ASSUME_NONNULL_BEGIN
  29
  30 // For AES-SIV 512.
  31
  32 #define CKKSKeySize (512 / 8)
  33 #define CKKSWrappedKeySize (CKKSKeySize + 16)
  34
  35 @interface CKKSBaseAESSIVKey : NSObject <NSCopying>
  36 {
  37    @package
  38     uint8_t key[CKKSWrappedKeySize];  // subclasses can use less than the whole buffer, and set key to be precise
  39     size_t size;
  40 }
  41 - (instancetype)init;
  42 - (instancetype)initWithBytes:(uint8_t*)bytes len:(size_t)len;
  43 - (void)zeroKey;
  44 - (instancetype)copyWithZone:(NSZone* _Nullable)zone;
  45
  46 // Mostly for testing.
  47 - (instancetype)initWithBase64:(NSString*)base64bytes;
  48 - (BOOL)isEqual:(id _Nullable)object;
  49 @end
  50
  51 @interface CKKSWrappedAESSIVKey : CKKSBaseAESSIVKey <NSSecureCoding>
  52 - (instancetype)initWithData:(NSData*)data;
  53 - (NSData*)wrappedData;
  54 - (NSString*)base64WrappedKey;
  55 @end
  56
  57 @interface CKKSAESSIVKey : CKKSBaseAESSIVKey
  58 + (instancetype _Nullable)randomKey:(NSError*__autoreleasing*)error;
  59
  60 - (CKKSWrappedAESSIVKey* _Nullable)wrapAESKey:(CKKSAESSIVKey*)keyToWrap
  61                                         error:(NSError* __autoreleasing*)error;
  62
  63 - (CKKSAESSIVKey* _Nullable)unwrapAESKey:(CKKSWrappedAESSIVKey*)keyToUnwrap
  64                                    error:(NSError* __autoreleasing*)error;
  65
  66 // Encrypt and decrypt data into buffers. Adds a nonce for ciphertext protection.
  67 - (NSData* _Nullable)encryptData:(NSData*)plaintext
  68                authenticatedData:(NSDictionary<NSString*, NSData*>* _Nullable)ad
  69                            error:(NSError* __autoreleasing*)error;
  70 - (NSData* _Nullable)decryptData:(NSData*)ciphertext
  71                authenticatedData:(NSDictionary<NSString*, NSData*>* _Nullable)ad
  72                            error:(NSError* __autoreleasing*)error;
  73
  74 @end
  75
  76 NS_ASSUME_NONNULL_END
  77
  78 #endif  // OCTAGON