]> git.saurik.com Git - apple/security.git/blob - OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPriv.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / sec / SOSCircle / SecureObjectSync / SOSAccountPriv.h
1 //
2 // SOSAccountPriv.h
3 // sec
4 //
5
6 #ifndef sec_SOSAccountPriv_h
7 #define sec_SOSAccountPriv_h
8
9 #include "SOSAccount.h"
10
11 #include <CoreFoundation/CoreFoundation.h>
12 #include <CoreFoundation/CFRuntime.h>
13 #include <utilities/SecCFWrappers.h>
14 #include <utilities/SecCFError.h>
15 #include <utilities/SecAKSWrappers.h>
16
17
18 #include <Security/SecKeyPriv.h>
19
20 #include <utilities/der_plist.h>
21 #include <utilities/der_plist_internal.h>
22 #include <corecrypto/ccder.h>
23
24 #include <AssertMacros.h>
25 #include <assert.h>
26
27 #import <notify.h>
28
29 #include <Security/SecureObjectSync/SOSInternal.h>
30 #include <Security/SecureObjectSync/SOSCircle.h>
31 #include <Security/SecureObjectSync/SOSCircleV2.h>
32 #include <Security/SecureObjectSync/SOSRing.h>
33 #include <Security/SecureObjectSync/SOSRingUtils.h>
34 #include <Security/SecureObjectSync/SOSCloudCircle.h>
35 #include <securityd/SOSCloudCircleServer.h>
36 #include <Security/SecureObjectSync/SOSEngine.h>
37 #include <Security/SecureObjectSync/SOSPeer.h>
38 #include <Security/SecureObjectSync/SOSFullPeerInfo.h>
39 #include <Security/SecureObjectSync/SOSPeerInfo.h>
40 #include <Security/SecureObjectSync/SOSPeerInfoInternal.h>
41 #include <Security/SecureObjectSync/SOSUserKeygen.h>
42 #include <Security/SecureObjectSync/SOSAccountTransaction.h>
43 #include <utilities/iCloudKeychainTrace.h>
44
45 #include <Security/SecItemPriv.h>
46
47
48 struct __OpaqueSOSAccount {
49 CFRuntimeBase _base;
50
51 CFDictionaryRef gestalt;
52
53 CFDataRef backup_key;
54
55 SOSFullPeerInfoRef my_identity;
56 SOSCircleRef trusted_circle;
57
58 CFStringRef deviceID;
59
60 CFMutableDictionaryRef backups;
61
62 CFMutableSetRef retirees;
63
64 bool user_public_trusted;
65 CFDataRef user_key_parameters;
66 SecKeyRef user_public;
67 SecKeyRef previous_public;
68 enum DepartureReason departure_code;
69 CFMutableDictionaryRef expansion; // All CFTypes and Keys
70
71 // Non-persistent data
72 dispatch_queue_t queue;
73
74 SOSDataSourceFactoryRef factory;
75 SecKeyRef _user_private;
76 CFDataRef _password_tmp;
77
78 bool isListeningForSync;
79
80 dispatch_source_t user_private_timer;
81 int lock_notification_token;
82
83 SOSTransportKeyParameterRef key_transport;
84 SOSTransportCircleRef circle_transport;
85 SOSTransportMessageRef kvs_message_transport;
86 SOSTransportMessageRef ids_message_transport;
87
88 //indicates if changes in circle, rings, or retirements need to be pushed
89 bool circle_rings_retirements_need_attention;
90 bool engine_peer_state_needs_repair;
91 bool key_interests_need_updating;
92
93 // Live Notification
94 CFMutableArrayRef change_blocks;
95 CFMutableDictionaryRef waitForInitialSync_blocks;
96
97 SOSAccountSaveBlock saveBlock;
98 };
99 extern const CFStringRef kSOSEscrowRecord;
100
101 SOSAccountRef SOSAccountCreateBasic(CFAllocatorRef allocator,
102 CFDictionaryRef gestalt,
103 SOSDataSourceFactoryRef factory);
104
105 bool SOSAccountEnsureFactoryCircles(SOSAccountRef a);
106
107 void SOSAccountSetToNew(SOSAccountRef a);
108
109 bool SOSAccountIsMyPeerActive(SOSAccountRef account, CFErrorRef* error);
110
111 SOSTransportMessageRef SOSAccountGetMessageTransportFor(SOSAccountRef account, SOSPeerInfoRef peerInfo);
112
113 // MARK: Transactional
114
115 void SOSAccountWithTransaction_Locked(SOSAccountRef account, void (^action)(SOSAccountRef account, SOSAccountTransactionRef txn));
116
117 void SOSAccountWithTransaction(SOSAccountRef account, bool sync, void (^action)(SOSAccountRef account, SOSAccountTransactionRef txn));
118 void SOSAccountWithTransactionSync(SOSAccountRef account, void (^action)(SOSAccountRef account, SOSAccountTransactionRef txn));
119 void SOSAccountWithTransactionAsync(SOSAccountRef account, bool sync, void (^action)(SOSAccountRef account, SOSAccountTransactionRef txn));
120
121 void SOSAccountRecordRetiredPeersInCircle(SOSAccountRef account);
122
123 // MARK: In Sync checking
124
125 CF_RETURNS_RETAINED CFStringRef SOSAccountCallWhenInSync(SOSAccountRef account, SOSAccountWaitForInitialSyncBlock syncBlock);
126 bool SOSAccountUnregisterCallWhenInSync(SOSAccountRef account, CFStringRef id);
127
128 bool SOSAccountHandleOutOfSyncUpdate(SOSAccountRef account, CFSetRef oldOOSViews, CFSetRef newOOSViews);
129
130 void SOSAccountUpdateOutOfSyncViews(SOSAccountTransactionRef aTxn, CFSetRef viewsInSync);
131
132 void SOSAccountEnsureSyncChecking(SOSAccountRef account);
133 void SOSAccountCancelSyncChecking(SOSAccountRef account);
134
135 CFMutableSetRef SOSAccountCopyOutstandingViews(SOSAccountRef account);
136 CFMutableSetRef SOSAccountCopyIntersectionWithOustanding(SOSAccountRef account, CFSetRef inSet);
137 bool SOSAccountIntersectsWithOutstanding(SOSAccountRef account, CFSetRef views);
138 bool SOSAccountIsViewOutstanding(SOSAccountRef account, CFStringRef view);
139 bool SOSAccountHasOustandingViews(SOSAccountRef account);
140
141
142 // MARK: DER Stuff
143
144
145 size_t der_sizeof_data_or_null(CFDataRef data, CFErrorRef* error);
146
147 uint8_t* der_encode_data_or_null(CFDataRef data, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
148
149 const uint8_t* der_decode_data_or_null(CFAllocatorRef allocator, CFDataRef* data,
150 CFErrorRef* error,
151 const uint8_t* der, const uint8_t* der_end);
152
153 size_t der_sizeof_fullpeer_or_null(SOSFullPeerInfoRef data, CFErrorRef* error);
154
155 uint8_t* der_encode_fullpeer_or_null(SOSFullPeerInfoRef data, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
156
157 const uint8_t* der_decode_fullpeer_or_null(CFAllocatorRef allocator, SOSFullPeerInfoRef* data,
158 CFErrorRef* error,
159 const uint8_t* der, const uint8_t* der_end);
160
161
162 size_t der_sizeof_public_bytes(SecKeyRef publicKey, CFErrorRef* error);
163
164 uint8_t* der_encode_public_bytes(SecKeyRef publicKey, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
165
166 const uint8_t* der_decode_public_bytes(CFAllocatorRef allocator, CFIndex algorithmID, SecKeyRef* publicKey, CFErrorRef* error, const uint8_t* der, const uint8_t* der_end);
167
168
169 // Persistence
170
171 SOSAccountRef SOSAccountCreateFromDER(CFAllocatorRef allocator,
172 SOSDataSourceFactoryRef factory,
173 CFErrorRef* error,
174 const uint8_t** der_p, const uint8_t *der_end);
175
176 SOSAccountRef SOSAccountCreateFromData(CFAllocatorRef allocator, CFDataRef circleData,
177 SOSDataSourceFactoryRef factory,
178 CFErrorRef* error);
179
180 size_t SOSAccountGetDEREncodedSize(SOSAccountRef account, CFErrorRef *error);
181
182 uint8_t* SOSAccountEncodeToDER(SOSAccountRef account, CFErrorRef* error, const uint8_t* der, uint8_t* der_end);
183
184 CFDataRef SOSAccountCopyEncodedData(SOSAccountRef account, CFAllocatorRef allocator, CFErrorRef *error);
185
186 // Update
187
188 bool SOSAccountHandleCircleMessage(SOSAccountRef account,
189 CFStringRef circleName, CFDataRef encodedCircleMessage, CFErrorRef *error);
190
191 CF_RETURNS_RETAINED
192 CFDictionaryRef SOSAccountHandleRetirementMessages(SOSAccountRef account, CFDictionaryRef circle_retirement_messages, CFErrorRef *error);
193
194
195 bool SOSAccountHandleUpdateCircle(SOSAccountRef account,
196 SOSCircleRef prospective_circle,
197 bool writeUpdate,
198 CFErrorRef *error);
199
200 void SOSAccountNotifyEngines(SOSAccountRef account);
201
202 bool SOSAccountSyncingV0(SOSAccountRef account);
203
204 // My Peer
205 bool SOSAccountHasFullPeerInfo(SOSAccountRef account, CFErrorRef* error);
206 SOSPeerInfoRef SOSAccountGetMyPeerInfo(SOSAccountRef account);
207 SOSFullPeerInfoRef SOSAccountGetMyFullPeerInfo(SOSAccountRef account);
208 CFStringRef SOSAccountGetMyPeerID(SOSAccountRef a);
209 bool SOSAccountIsMyPeerInBackupAndCurrentInView(SOSAccountRef account, CFStringRef viewname);
210 bool SOSAccountUpdateOurPeerInBackup(SOSAccountRef account, SOSRingRef oldRing, CFErrorRef *error);
211 bool SOSAccountIsPeerInBackupAndCurrentInView(SOSAccountRef account, SOSPeerInfoRef testPeer, CFStringRef viewname);
212 bool SOSDeleteV0Keybag(CFErrorRef *error);
213 void SOSAccountForEachBackupView(SOSAccountRef account, void (^operation)(const void *value));
214 bool SOSAccountUpdatePeerInfo(SOSAccountRef account, CFStringRef updateDescription, CFErrorRef *error, bool (^update)(SOSFullPeerInfoRef fpi, CFErrorRef *error));
215
216 // Currently permitted backup rings.
217 void SOSAccountForEachBackupRingName(SOSAccountRef account, void (^operation)(CFStringRef value));
218
219 // My Circle
220 bool SOSAccountHasCircle(SOSAccountRef account, CFErrorRef* error);
221 SOSCircleRef SOSAccountGetCircle(SOSAccountRef a, CFErrorRef *error);
222 SOSCircleRef SOSAccountEnsureCircle(SOSAccountRef a, CFStringRef name, CFErrorRef *error);
223
224 bool SOSAccountUpdateCircleFromRemote(SOSAccountRef account, SOSCircleRef newCircle, CFErrorRef *error);
225 bool SOSAccountUpdateCircle(SOSAccountRef account, SOSCircleRef newCircle, CFErrorRef *error);
226 bool SOSAccountModifyCircle(SOSAccountRef account,
227 CFErrorRef* error,
228 bool (^action)(SOSCircleRef circle));
229
230 void AppendCircleKeyName(CFMutableArrayRef array, CFStringRef name);
231
232 CFStringRef SOSInterestListCopyDescription(CFArrayRef interests);
233
234
235 // FullPeerInfos - including Cloud Identity
236 SOSFullPeerInfoRef CopyCloudKeychainIdentity(SOSPeerInfoRef cloudPeer, CFErrorRef *error);
237
238 SecKeyRef GeneratePermanentFullECKey(int keySize, CFStringRef name, CFErrorRef* error);
239
240 bool SOSAccountEnsureFullPeerAvailable(SOSAccountRef account, CFErrorRef * error);
241
242 bool SOSAccountIsAccountIdentity(SOSAccountRef account, SOSPeerInfoRef peer_info, CFErrorRef *error);
243 bool SOSAccountFullPeerInfoVerify(SOSAccountRef account, SecKeyRef privKey, CFErrorRef *error);
244 SOSPeerInfoRef GenerateNewCloudIdentityPeerInfo(CFErrorRef *error);
245
246 // Credentials
247 bool SOSAccountHasPublicKey(SOSAccountRef account, CFErrorRef* error);
248 void SOSAccountSetPreviousPublic(SOSAccountRef account);
249 bool SOSAccountPublishCloudParameters(SOSAccountRef account, CFErrorRef* error);
250 bool SOSAccountRetrieveCloudParameters(SOSAccountRef account, SecKeyRef *newKey,
251 CFDataRef derparms,
252 CFDataRef *newParameters, CFErrorRef* error);
253
254 //DSID
255 void SOSAccountAssertDSID(SOSAccountRef account, CFStringRef dsid);
256
257 //
258 // Key extraction
259 //
260
261 SecKeyRef SOSAccountCopyDeviceKey(SOSAccountRef account, CFErrorRef *error);
262 SecKeyRef SOSAccountCopyPublicKeyForPeer(SOSAccountRef account, CFStringRef peer_id, CFErrorRef *error);
263
264 // Testing
265 void SOSAccountSetLastDepartureReason(SOSAccountRef account, enum DepartureReason reason);
266 void SOSAccountSetUserPublicTrustedForTesting(SOSAccountRef account);
267 void SOSAccountPeerGotInSync(SOSAccountTransactionRef aTxn, CFStringRef peerID, CFSetRef views);
268
269 static inline void CFArrayAppendValueIfNot(CFMutableArrayRef array, CFTypeRef value, CFTypeRef excludedValue)
270 {
271 if (!CFEqualSafe(value, excludedValue))
272 CFArrayAppendValue(array, value);
273 }
274
275 static inline CFMutableDictionaryRef CFDictionaryEnsureCFDictionaryAndGetCurrentValue(CFMutableDictionaryRef dict, CFTypeRef key)
276 {
277 CFMutableDictionaryRef result = (CFMutableDictionaryRef) CFDictionaryGetValue(dict, key);
278
279 if (!isDictionary(result)) {
280 result = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
281 CFDictionarySetValue(dict, key, result);
282 CFReleaseSafe(result);
283 }
284
285 return result;
286 }
287
288 static inline CFMutableArrayRef CFDictionaryEnsureCFArrayAndGetCurrentValue(CFMutableDictionaryRef dict, CFTypeRef key)
289 {
290 CFMutableArrayRef result = (CFMutableArrayRef) CFDictionaryGetValue(dict, key);
291
292 if (!isArray(result)) {
293 result = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
294 CFDictionarySetValue(dict, key, result);
295 CFReleaseSafe(result);
296 }
297
298 return result;
299 }
300
301 void SOSAccountPurgeIdentity(SOSAccountRef account);
302 bool sosAccountLeaveCircle(SOSAccountRef account, SOSCircleRef circle, CFErrorRef* error);
303 bool sosAccountLeaveRing(SOSAccountRef account, SOSRingRef ring, CFErrorRef* error);
304 void SOSAccountAddRingDictionary(SOSAccountRef a);
305 bool SOSAccountForEachRing(SOSAccountRef account, SOSRingRef (^action)(CFStringRef name, SOSRingRef ring));
306 CFMutableDictionaryRef SOSAccountGetBackups(SOSAccountRef a, CFErrorRef *error);
307 bool SOSAccountUpdateBackUp(SOSAccountRef account, CFStringRef viewname, CFErrorRef *error);
308 bool SOSAccountEnsureInBackupRings(SOSAccountRef account);
309
310 bool SOSAccountEnsurePeerRegistration(SOSAccountRef account, CFErrorRef *error);
311
312 extern const CFStringRef kSOSDSIDKey;
313 extern const CFStringRef SOSTransportMessageTypeIDSV2;
314 extern const CFStringRef SOSTransportMessageTypeKVS;
315
316 extern const CFStringRef kSOSUnsyncedViewsKey;
317 extern const CFStringRef kSOSPendingEnableViewsToBeSetKey;
318 extern const CFStringRef kSOSPendingDisableViewsToBeSetKey;
319
320 typedef enum{
321 kSOSTransportNone = 0,
322 kSOSTransportIDS = 1,
323 kSOSTransportKVS = 2,
324 kSOSTransportFuture = 3,
325 kSOSTransportPresent = 4
326 }TransportType;
327
328 SOSPeerInfoRef SOSAccountCopyPeerWithID(SOSAccountRef account, CFStringRef peerid, CFErrorRef *error);
329
330 bool SOSAccountSetValue(SOSAccountRef account, CFStringRef key, CFTypeRef value, CFErrorRef *error);
331 bool SOSAccountClearValue(SOSAccountRef account, CFStringRef key, CFErrorRef *error);
332 CFTypeRef SOSAccountGetValue(SOSAccountRef account, CFStringRef key, CFErrorRef *error);
333
334 bool SOSAccountAddEscrowToPeerInfo(SOSAccountRef account, SOSFullPeerInfoRef myPeer, CFErrorRef *error);
335 bool SOSAccountAddEscrowRecords(SOSAccountRef account, CFStringRef dsid, CFDictionaryRef record, CFErrorRef *error);
336 bool SOSAccountCheckForRings(SOSAccountRef a, CFErrorRef *error);
337 bool SOSAccountHandleUpdateRing(SOSAccountRef account, SOSRingRef prospective_ring, bool writeUpdate, CFErrorRef *error);
338 SOSRingRef SOSAccountCopyRing(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
339 bool SOSAccountSetRing(SOSAccountRef a, SOSRingRef ring, CFStringRef ringName, CFErrorRef *error);
340 void SOSAccountRemoveRing(SOSAccountRef a, CFStringRef ringName);
341 SOSRingRef SOSAccountCopyRingNamed(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
342 SOSRingRef SOSAccountRingCreateForName(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
343 bool SOSAccountUpdateRingFromRemote(SOSAccountRef account, SOSRingRef newRing, CFErrorRef *error);
344 bool SOSAccountUpdateRing(SOSAccountRef account, SOSRingRef newRing, CFErrorRef *error);
345 bool SOSAccountModifyRing(SOSAccountRef account, CFStringRef ringName,
346 CFErrorRef* error,
347 bool (^action)(SOSRingRef ring));
348 CFDataRef SOSAccountRingCopyPayload(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error);
349 SOSRingRef SOSAccountRingCopyWithPayload(SOSAccountRef account, CFStringRef ringName, CFDataRef payload, CFErrorRef *error);
350 bool SOSAccountRemoveBackupPeers(SOSAccountRef account, CFArrayRef peerIDs, CFErrorRef *error);
351 bool SOSAccountResetRing(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error);
352 bool SOSAccountResetAllRings(SOSAccountRef account, CFErrorRef *error);
353 bool SOSAccountCheckPeerAvailability(SOSAccountRef account, CFErrorRef *error);
354
355 //
356 // MARK: Backup translation functions
357 //
358
359 CFStringRef SOSBackupCopyRingNameForView(CFStringRef viewName);
360
361 //
362 // Security tool test/debug functions
363 //
364
365 CFDataRef SOSAccountCopyAccountStateFromKeychain(CFErrorRef *error);
366 bool SOSAccountDeleteAccountStateFromKeychain(CFErrorRef *error);
367 CFDataRef SOSAccountCopyEngineStateFromKeychain(CFErrorRef *error);
368 bool SOSAccountDeleteEngineStateFromKeychain(CFErrorRef *error);
369
370 bool SOSAccountIsNew(SOSAccountRef account, CFErrorRef *error);
371
372 #endif
mirror of Security