OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.h

   1 /*
   2  * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 /*!
  26  @header SOSAccount.h
  27  The functions provided in SOSCircle.h provide an interface to a
  28  secure object syncing circle for a single class
  29  */
  30
  31 #ifndef _SOSACCOUNT_H_
  32 #define _SOSACCOUNT_H_
  33
  34 #include <CoreFoundation/CoreFoundation.h>
  35 #include <Foundation/Foundation.h>
  36 #include <Security/SecureObjectSync/SOSAccountPriv.h>
  37 #include <Security/SecureObjectSync/SOSCircle.h>
  38 #include <Security/SecureObjectSync/SOSFullPeerInfo.h>
  39 #include <Security/SecureObjectSync/SOSCloudCircle.h>
  40 #include <Security/SecureObjectSync/SOSCloudCircleInternal.h>
  41 #include <Security/SecureObjectSync/SOSTransportCircle.h>
  42 #include <Security/SecureObjectSync/SOSRing.h>
  43 #include <Security/SecureObjectSync/SOSPeerInfoSecurityProperties.h>
  44 #include <Security/SecureObjectSync/SOSRecoveryKeyBag.h>
  45 #include <Security/SecureObjectSync/SOSAccountTransaction.h>
  46 #include <dispatch/dispatch.h>
  47
  48 @class SOSAccount;
  49
  50 __BEGIN_DECLS
  51
  52 #define RETIREMENT_FINALIZATION_SECONDS (24*60*60)
  53
  54 typedef void (^SOSAccountCircleMembershipChangeBlock)(SOSCircleRef new_circle,
  55                                                       CFSetRef added_peers, CFSetRef removed_peers,
  56                                                       CFSetRef added_applicants, CFSetRef removed_applicants);
  57
  58 CFTypeID SOSAccountGetTypeID(void);
  59
  60 SOSAccount*  SOSAccountCreate(CFAllocatorRef allocator,
  61                                CFDictionaryRef gestalt,
  62                                SOSDataSourceFactoryRef factory);
  63
  64 //
  65 // MARK: Persistent Encode decode
  66 //
  67
  68 //
  69 //MARK: IDS Device ID
  70 CFStringRef SOSAccountCopyDeviceID(SOSAccount*  account, CFErrorRef *error);
  71 bool SOSAccountSetMyDSID(SOSAccountTransaction* txn, CFStringRef IDS, CFErrorRef* errror);
  72 bool SOSAccountSendIDSTestMessage(SOSAccount*  account, CFStringRef message, CFErrorRef *error);
  73 bool SOSAccountStartPingTest(SOSAccount*  account, CFStringRef message, CFErrorRef *error);
  74 bool SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(SOSAccount*  account, CFErrorRef *error);
  75
  76 //
  77 // MARK: Credential management
  78 //
  79
  80 SecKeyRef SOSAccountGetTrustedPublicCredential(SOSAccount*  account, CFErrorRef* error);
  81
  82 SecKeyRef SOSAccountGetPrivateCredential(SOSAccount*  account, CFErrorRef* error);
  83 CFDataRef SOSAccountGetCachedPassword(SOSAccount*  account, CFErrorRef* error);
  84 void      SOSAccountStashAccountKey(SOSAccount* account);
  85 SecKeyRef SOSAccountCopyStashedUserPrivateKey(SOSAccount* account, CFErrorRef *error);
  86
  87 void SOSAccountSetParameters(SOSAccount*  account, CFDataRef parameters);
  88
  89 void SOSAccountPurgePrivateCredential(SOSAccount*  account);
  90
  91 void SOSAccountRestartPrivateCredentialTimer(SOSAccount*  account);
  92
  93 bool SOSAccountTryUserCredentials(SOSAccount*  account,
  94                                   CFStringRef user_account, CFDataRef user_password,
  95                                   CFErrorRef *error);
  96
  97 bool SOSAccountTryUserPrivateKey(SOSAccount* account, SecKeyRef user_private, CFErrorRef *error);
  98
  99 bool SOSAccountValidateAccountCredential(SOSAccount* account, SecKeyRef accountPrivateKey, CFErrorRef *error);
 100 bool SOSAccountAssertStashedAccountCredential(SOSAccount* account, CFErrorRef *error);
 101 bool SOSAccountAssertUserCredentials(SOSAccount*  account,
 102                                      CFStringRef user_account, CFDataRef user_password,
 103                                      CFErrorRef *error);
 104
 105 bool SOSAccountRetryUserCredentials(SOSAccount*  account);
 106 void SOSAccountSetUnTrustedUserPublicKey(SOSAccount*  account, SecKeyRef publicKey);
 107
 108 bool SOSAccountGenerationSignatureUpdate(SOSAccount*  account, CFErrorRef *error);
 109
 110 //
 111 // MARK: Circle management
 112 //
 113
 114 bool SOSAccountUpdateCircle(SOSAccount*  account, SOSCircleRef circle, CFErrorRef *error);
 115 void SOSTransportEachMessage(SOSAccount*  account, CFDictionaryRef updates, CFErrorRef *error);
 116
 117
 118 CFStringRef SOSAccountGetSOSCCStatusString(SOSCCStatus status);
 119 SOSCCStatus SOSAccountGetSOSCCStatusFromString(CFStringRef status);
 120 bool SOSAccountJoinCircles(SOSAccountTransaction* aTxn, CFErrorRef* error);
 121 bool SOSAccountJoinCirclesAfterRestore(SOSAccountTransaction* aTxn, CFErrorRef* error);
 122 bool SOSAccountRemovePeersFromCircle(SOSAccount*  account, CFArrayRef peers, CFErrorRef* error);
 123 bool SOSAccountBail(SOSAccount*  account, uint64_t limit_in_seconds, CFErrorRef* error);
 124 bool SOSAccountAcceptApplicants(SOSAccount*  account, CFArrayRef applicants, CFErrorRef* error);
 125 bool SOSAccountRejectApplicants(SOSAccount*  account, CFArrayRef applicants, CFErrorRef* error);
 126
 127 bool SOSValidateUserPublic(SOSAccount*  account, CFErrorRef* error);
 128
 129 void SOSAccountForEachCirclePeerExceptMe(SOSAccount*  account, void (^action)(SOSPeerInfoRef peer));
 130
 131 CFArrayRef SOSAccountCopyApplicants(SOSAccount*  account, CFErrorRef *error);
 132 CFArrayRef SOSAccountCopyGeneration(SOSAccount*  account, CFErrorRef *error);
 133 CFArrayRef SOSAccountCopyValidPeers(SOSAccount*  account, CFErrorRef *error);
 134 CFArrayRef SOSAccountCopyPeersToListenTo(SOSAccount*  account, CFErrorRef *error);
 135 CFArrayRef SOSAccountCopyNotValidPeers(SOSAccount*  account, CFErrorRef *error);
 136 CFArrayRef SOSAccountCopyRetired(SOSAccount*  account, CFErrorRef *error);
 137 CFArrayRef SOSAccountCopyViewUnaware(SOSAccount*  account, CFErrorRef *error);
 138 CFArrayRef SOSAccountCopyPeers(SOSAccount*  account, CFErrorRef *error);
 139 CFArrayRef SOSAccountCopyActivePeers(SOSAccount*  account, CFErrorRef *error);
 140 CFArrayRef CF_RETURNS_RETAINED SOSAccountCopyActiveValidPeers(SOSAccount*  account, CFErrorRef *error);
 141 CFArrayRef SOSAccountCopyConcurringPeers(SOSAccount*  account, CFErrorRef *error);
 142
 143 bool SOSAccountIsAccountIdentity(SOSAccount*  account, SOSPeerInfoRef peer_info, CFErrorRef *error);
 144
 145 enum DepartureReason SOSAccountGetLastDepartureReason(SOSAccount*  account, CFErrorRef* error);
 146
 147 //
 148 // MARK: iCloud Identity
 149 //
 150 bool SOSAccountRemoveIncompleteiCloudIdentities(SOSAccount*  account, SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error);
 151
 152 //
 153 // MARK: Change blocks
 154 //
 155 void SOSAccountAddChangeBlock(SOSAccount*  a, SOSAccountCircleMembershipChangeBlock changeBlock);
 156 void SOSAccountRemoveChangeBlock(SOSAccount*  a, SOSAccountCircleMembershipChangeBlock changeBlock);
 157
 158
 159 //
 160 // MARK: Local device gestalt change.
 161 //
 162 CFDictionaryRef SOSAccountCopyGestalt(SOSAccount*  account);
 163
 164 CFDictionaryRef SOSAccountCopyV2Dictionary(SOSAccount*  account);
 165
 166 void SOSAccountPendDisableViewSet(SOSAccount*  account, CFSetRef disabledViews);
 167
 168 void SOSAccountUpdateOutOfSyncViews(SOSAccountTransaction* aTxn, CFSetRef viewsInSync);
 169 void SOSAccountPeerGotInSync(SOSAccountTransaction* aTxn, CFStringRef peerID, CFSetRef views);
 170
 171 bool SOSAccountHandleParametersChange(SOSAccount*  account, CFDataRef updates, CFErrorRef *error);
 172
 173 //
 174 // MARK: Requests for syncing later
 175 //
 176 bool SOSAccountRequestSyncWithAllPeers(SOSAccountTransaction* txn, CFErrorRef *error);
 177 CF_RETURNS_RETAINED CFMutableSetRef SOSAccountSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peerIDs, CFErrorRef *error);
 178 CF_RETURNS_RETAINED CFSetRef SOSAccountSyncWithPeersOverIDS(SOSAccountTransaction* txn,  CFSetRef peers);
 179 CFSetRef SOSAccountSyncWithPeersOverKVS(SOSAccountTransaction* txn,  CFSetRef peers);
 180 bool SOSAccountInflateTransports(SOSAccount* account, CFStringRef circleName, CFErrorRef *error);
 181
 182 //
 183 // MARK: Outgoing/Sync functions
 184 //
 185
 186 bool SOSAccountSyncWithKVSPeerWithMessage(SOSAccountTransaction* txn, CFStringRef peerid, CFDataRef message, CFErrorRef *error);
 187 bool SOSAccountClearPeerMessageKey(SOSAccountTransaction* txn, CFStringRef peerID, CFErrorRef *error);
 188
 189 CF_RETURNS_RETAINED CFSetRef SOSAccountProcessSyncWithPeers(SOSAccountTransaction* txn, CFSetRef /* CFStringRef */ peers, CFSetRef /* CFStringRef */ backupPeers, CFErrorRef *error);
 190 CF_RETURNS_RETAINED CFSetRef SOSAccountCopyBackupPeersAndForceSync(SOSAccountTransaction* txn, CFErrorRef *error);
 191
 192 bool SOSAccountSendIKSPSyncList(SOSAccount* account, CFErrorRef *error);
 193 bool SOSAccountSyncWithKVSUsingIDSID(SOSAccount* account, CFStringRef deviceID, CFErrorRef *error);
 194
 195
 196 //
 197 // MARK: Cleanup functions
 198 //
 199
 200 bool SOSAccountScanForRetired(SOSAccount*  account, SOSCircleRef circle, CFErrorRef *error);
 201 CF_RETURNS_RETAINED SOSCircleRef SOSAccountCloneCircleWithRetirement(SOSAccount*  account, SOSCircleRef starting_circle, CFErrorRef *error);
 202
 203 //
 204 // MARK: Version incompatibility Functions
 205 //
 206 CFStringRef SOSAccountCopyIncompatibilityInfo(SOSAccount*  account, CFErrorRef* error);
 207
 208 //
 209 // MARK: Backup functions
 210 //
 211
 212 bool SOSAccountIsBackupRingEmpty(SOSAccount*  account, CFStringRef viewName);
 213 bool SOSAccountNewBKSBForView(SOSAccount*  account, CFStringRef viewName, CFErrorRef *error);
 214
 215 bool SOSAccountSetBackupPublicKey(SOSAccountTransaction* aTxn, CFDataRef backupKey, CFErrorRef *error);
 216 bool SOSAccountRemoveBackupPublickey(SOSAccountTransaction* aTxn, CFErrorRef *error);
 217 bool SOSAccountSetBSKBagForAllSlices(SOSAccount*  account, CFDataRef backupSlice, bool setupV0Only, CFErrorRef *error);
 218
 219 CF_RETURNS_RETAINED SOSBackupSliceKeyBagRef SOSAccountBackupSliceKeyBagForView(SOSAccount*  account, CFStringRef viewName, CFErrorRef* error);
 220
 221 bool SOSAccountIsLastBackupPeer(SOSAccount*  account, CFErrorRef *error);
 222
 223
 224 //
 225 // MARK: Recovery Public Key Functions
 226 //
 227 bool SOSAccountRegisterRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
 228 CFDataRef SOSAccountCopyRecoveryPublicKey(SOSAccountTransaction* txn, CFErrorRef *error);
 229 bool SOSAccountClearRecoveryPublicKey(SOSAccountTransaction* txn, CFDataRef recovery_key, CFErrorRef *error);
 230 bool SOSAccountSetRecoveryKey(SOSAccount* account, CFDataRef pubData, CFErrorRef *error);
 231 bool SOSAccountRemoveRecoveryKey(SOSAccount* account, CFErrorRef *error);
 232 SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBag(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
 233 CFDataRef SOSAccountCopyRecoveryPublic(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
 234 bool SOSAccountRecoveryKeyIsInBackupAndCurrentInView(SOSAccount* account, CFStringRef viewname);
 235 bool SOSAccountSetRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error);
 236 SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error);
 237 void SOSAccountEnsureRecoveryRing(SOSAccount* account);
 238
 239 //
 240 // MARK: Private functions
 241 //
 242
 243 dispatch_queue_t SOSAccountGetQueue(SOSAccount*  account);
 244
 245 typedef bool (^SOSAccountSendBlock)(CFStringRef key, CFDataRef message, CFErrorRef *error);
 246
 247 //
 248 // MARK: Utility functions
 249 //
 250
 251 CFStringRef SOSInterestListCopyDescription(CFArrayRef interests);
 252
 253 //
 254 // MARK: HSA2 Piggyback Support Functions
 255 //
 256 SOSPeerInfoRef SOSAccountCopyApplication(SOSAccount*  account, CFErrorRef*);
 257 CFDataRef SOSAccountCopyCircleJoiningBlob(SOSAccount*  account, SOSPeerInfoRef applicant, CFErrorRef *error);
 258 bool SOSAccountJoinWithCircleJoiningBlob(SOSAccount*  account, CFDataRef joiningBlob, PiggyBackProtocolVersion version, CFErrorRef *error);
 259 CFDataRef SOSAccountCopyInitialSyncData(SOSAccount* account, CFErrorRef *error);
 260
 261 //
 262 // MARK: Initial-Sync
 263 //
 264 CFMutableSetRef SOSAccountCopyUnsyncedInitialViews(SOSAccount*  account);
 265
 266 //
 267 // MARK: State Logging
 268 //
 269 void SOSAccountLogState(SOSAccount*  account);
 270 void SOSAccountLogViewState(SOSAccount*  account);
 271 void SOSAccountConsiderLoggingEngineState(SOSAccountTransaction* txn);
 272
 273 //
 274 // MARK: Checking other peer views
 275 //
 276
 277 CFBooleanRef SOSAccountPeersHaveViewsEnabled(SOSAccount*  account, CFArrayRef viewNames, CFErrorRef *error);
 278
 279 void SOSAccountSetTestSerialNumber(SOSAccount*  account, CFStringRef serial);
 280 SOSViewResultCode SOSAccountVirtualV0Behavior(SOSAccount*  account, SOSViewActionCode actionCode);
 281
 282
 283 bool SOSAccountIsPeerRetired(SOSAccount* account, CFSetRef peers);
 284 void SOSAccountNotifyOfChange(SOSAccount* account, SOSCircleRef oldCircle, SOSCircleRef newCircle);
 285
 286
 287 //
 288 // MARK: Syncing status functions
 289 //
 290 bool SOSAccountMessageFromPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
 291 bool SOSAccountSendToPeerIsPending(SOSAccountTransaction* txn, SOSPeerInfoRef peer, CFErrorRef *error);
 292
 293 //
 294 // MARK: OTR
 295 //
 296 void SOSAccountResetOTRNegotiationCoder(SOSAccount* account, CFStringRef peerid);
 297 void SOSAccountTimerFiredSendNextMessage(SOSAccountTransaction* txn, NSString* peerid, NSString* accessGroup);
 298
 299 NSMutableArray* SOSAccountGetAllTLKs(void);
 300 CF_RETURNS_RETAINED CFMutableArrayRef SOSAccountCopyiCloudIdentities(SOSAccount* account);
 301
 302 __END_DECLS
 303
 304 #endif /* !_SOSACCOUNT_H_ */