SOSCircle.h
1 /* 2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25 /*! 26 @header SOSCircle.h 27 The functions provided in SOSCircle.h provide an interface to a 28 secure object syncing circle for a single class 29 */ 30 31 #ifndef _SOSCIRCLE_H_ 32 #define _SOSCIRCLE_H_ 33 34 #include <Security/Security.h> 35 #include "keychain/SecureObjectSync/SOSFullPeerInfo.h" 36 #include "keychain/SecureObjectSync/SOSPeerInfo.h" 37 #include "keychain/SecureObjectSync/SOSPeer.h" 38 #include "keychain/SecureObjectSync/SOSConcordanceTrust.h" 39 #include "keychain/SecureObjectSync/SOSGenCount.h" 40 #include "keychain/SecureObjectSync/SOSPiggyback.h" 41 42 43 __BEGIN_DECLS 44 45 typedef struct __OpaqueSOSCircle *SOSCircleRef; 46 47 CFTypeID SOSCircleGetTypeID(void); 48 49 SOSCircleRef SOSCircleCreate(CFAllocatorRef allocator, CFStringRef circleName, CFErrorRef *error); 50 SOSCircleRef SOSCircleCreateFromDER(CFAllocatorRef allocator, CFErrorRef* error, 51 const uint8_t** der_p, const uint8_t *der_end); 52 SOSCircleRef SOSCircleCreateFromData(CFAllocatorRef allocator, CFDataRef circleData, CFErrorRef *error); 53 SOSCircleRef SOSCircleCopyCircle(CFAllocatorRef allocator, SOSCircleRef otherCircle, CFErrorRef *error); 54 55 CFStringRef SOSCircleCopyHashString(SOSCircleRef circle); 56 57 bool SOSCircleSetSignature(SOSCircleRef circle, SecKeyRef pubkey, CFDataRef signature, CFErrorRef *error); 58 CFDataRef SOSCircleGetSignature(SOSCircleRef circle, SecKeyRef pubkey, CFErrorRef *error); 59 CFDictionaryRef SOSCircleCopyAllSignatures(SOSCircleRef circle); 60 bool SOSCircleSign(SOSCircleRef circle, SecKeyRef privkey, CFErrorRef *error); 61 bool SOSCircleVerifySignatureExists(SOSCircleRef circle, SecKeyRef pubKey, CFErrorRef *error); 62 bool SOSCircleVerifyPeerSignatureExists(SOSCircleRef circle, SOSPeerInfoRef peer); 63 bool SOSCircleVerify(SOSCircleRef circle, SecKeyRef pubkey, CFErrorRef *error); 64 65 bool SOSCircleVerifyPeerSigned(SOSCircleRef circle, SOSPeerInfoRef peer, CFErrorRef *error); 66 67 bool SOSCircleGenerationSign(SOSCircleRef circle, SecKeyRef user_approver, SOSFullPeerInfoRef peerinfo, CFErrorRef *error); 68 bool SOSCircleSignOldStyleResetToOfferingCircle(SOSCircleRef circle, SOSFullPeerInfoRef peerinfo, SecKeyRef user_approver, CFErrorRef *error); 69 70 71 size_t SOSCircleGetDEREncodedSize(SOSCircleRef cir, CFErrorRef *error); 72 uint8_t* SOSCircleEncodeToDER(SOSCircleRef cir, CFErrorRef* error, const uint8_t* der, uint8_t* der_end); 73 CFDataRef SOSCircleCopyEncodedData(SOSCircleRef circle, CFAllocatorRef allocator, CFErrorRef *error); 74 75 size_t SOSCircleGetDEREncodedSize(SOSCircleRef cir, CFErrorRef *error); 76 uint8_t* SOSCircleEncodeToDER(SOSCircleRef cir, CFErrorRef* error, const uint8_t* der, uint8_t* der_end); 77 CFDataRef SOSCircleCopyEncodedData(SOSCircleRef circle, CFAllocatorRef allocator, CFErrorRef *error); 78 79 int SOSCircleCountApplicants(SOSCircleRef circle); 80 bool SOSCircleHasApplicant(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error); 81 CFMutableSetRef SOSCircleCopyApplicants(SOSCircleRef c, CFAllocatorRef allocator); 82 void SOSCircleForEachApplicant(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)); 83 84 int SOSCircleCountRejectedApplicants(SOSCircleRef circle); 85 bool SOSCircleHasRejectedApplicant(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error); 86 SOSPeerInfoRef SOSCircleCopyRejectedApplicant(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error); 87 CFMutableArrayRef SOSCircleCopyRejectedApplicants(SOSCircleRef c, CFAllocatorRef allocator); 88 void SOSCircleSetGeneration(SOSCircleRef circle, SOSGenCountRef gencount); 89 90 CFStringRef SOSCircleGetName(SOSCircleRef circle); 91 const char *SOSCircleGetNameC(SOSCircleRef circle); 92 93 void SOSCircleGenerationSetValue(SOSCircleRef circle, int64_t value); 94 SOSGenCountRef SOSCircleGetGeneration(SOSCircleRef circle); 95 int64_t SOSCircleGetGenerationSint(SOSCircleRef circle); 96 void SOSCircleGenerationIncrement(SOSCircleRef circle); 97 98 CFMutableSetRef SOSCircleCopyPeers(SOSCircleRef circle, CFAllocatorRef allocator); 99 CFMutableSetRef SOSCircleCopyBackupCapablePeersForView(SOSCircleRef circle, CFAllocatorRef allocator, SecKeyRef userPubKey, CFStringRef viewName); 100 bool SOSCircleAppendConcurringPeers(SOSCircleRef circle, CFMutableArrayRef appendHere, CFErrorRef *error); 101 CFMutableArrayRef SOSCircleCopyConcurringPeers(SOSCircleRef circle, CFErrorRef* error); 102 SOSPeerInfoRef SOSCircleCopyPeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error); 103 104 int SOSCircleCountPeers(SOSCircleRef circle); 105 int SOSCircleCountActivePeers(SOSCircleRef circle); 106 int SOSCircleCountActiveValidPeers(SOSCircleRef circle, SecKeyRef pubkey); 107 int SOSCircleCountValidSyncingPeers(SOSCircleRef circle, SecKeyRef pubkey); 108 109 int SOSCircleCountRetiredPeers(SOSCircleRef circle); 110 111 void SOSCircleForEachPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)); 112 void SOSCircleForEachRetiredPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)); 113 void SOSCircleForEachiCloudIdentityPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)); 114 void SOSCircleForEachActivePeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)); 115 void SOSCircleForEachActiveValidPeer(SOSCircleRef circle, SecKeyRef user_public_key, void (^action)(SOSPeerInfoRef peer)); 116 void SOSCircleForEachValidPeer(SOSCircleRef circle, SecKeyRef user_public_key, void (^action)(SOSPeerInfoRef peer)); 117 void SOSCircleForEachValidSyncingPeer(SOSCircleRef circle, SecKeyRef user_public_key, void (^action)(SOSPeerInfoRef peer)); 118 void SOSCircleForEachBackupCapablePeerForView(SOSCircleRef circle, SecKeyRef user_public_key, CFStringRef viewName, void (^action)(SOSPeerInfoRef peer)); 119 120 bool SOSCircleHasPeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error); 121 122 bool SOSCircleHasPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error); 123 bool SOSCircleHasActivePeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error); 124 bool SOSCircleHasActivePeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error); 125 bool SOSCircleHasActiveValidPeerWithID(SOSCircleRef circle, CFStringRef peerid, SecKeyRef user_public_key, CFErrorRef *error); 126 bool SOSCircleHasActiveValidPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, SecKeyRef user_public_key, CFErrorRef *error); 127 bool SOSCircleHasValidSyncingPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, SecKeyRef user_public_key, CFErrorRef *error); 128 129 bool SOSCircleResetToOffering(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error); 130 bool SOSCircleResetToEmpty(SOSCircleRef circle, CFErrorRef *error); 131 bool SOSCircleResetToEmptyWithSameGeneration(SOSCircleRef circle, CFErrorRef *error); 132 bool SOSCircleRequestAdmission(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error); 133 bool SOSCircleRequestReadmission(SOSCircleRef circle, SecKeyRef user_pubkey, SOSPeerInfoRef requestor, CFErrorRef *error); 134 135 bool SOSCircleAcceptRequest(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, SOSPeerInfoRef peerInfo, CFErrorRef *error); 136 bool SOSCircleRejectRequest(SOSCircleRef circle, SOSFullPeerInfoRef device_approver, SOSPeerInfoRef peerInfo, CFErrorRef *error); 137 bool SOSCircleWithdrawRequest(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error); 138 bool SOSCircleRemoveRejectedPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error); 139 bool SOSCirclePeerSigUpdate(SOSCircleRef circle, SecKeyRef userPrivKey, SOSFullPeerInfoRef fpi, 140 CFErrorRef *error); 141 142 // 143 // Update a peer's meta information. 144 // No resigning of the circle is done, only updates to their own self signed description. 145 // 146 bool SOSCircleUpdatePeerInfo(SOSCircleRef circle, SOSPeerInfoRef replacement_peer_info); 147 bool SOSCircleRemovePeersByIDUnsigned(SOSCircleRef circle, CFSetRef peersToRemove); 148 149 bool SOSCircleRemovePeer(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, SOSPeerInfoRef peerInfo, CFErrorRef *error); 150 bool SOSCircleRemovePeers(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, CFSetRef peerInfo, CFErrorRef *error); 151 bool SOSCircleRemovePeersByID(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, CFSetRef peerIDs, CFErrorRef *error); 152 bool SOSCircleRemoveRetired(SOSCircleRef circle, CFErrorRef *error); 153 154 bool SOSCircleAcceptRequests(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, CFErrorRef *error); 155 156 // Stuff above this line is really SOSCircleInfo below the line is the active SOSCircle functionality 157 158 CF_RETURNS_RETAINED SOSFullPeerInfoRef SOSCircleCopyiCloudFullPeerInfoRef(SOSCircleRef circle, CFErrorRef *error); 159 CF_RETURNS_RETAINED SOSFullPeerInfoRef SOSCircleCopyiCloudFullPeerInfoVerifier(SOSCircleRef circle, CFErrorRef *error); 160 161 bool SOSCircleConcordanceSign(SOSCircleRef circle, SOSFullPeerInfoRef peerinfo, CFErrorRef *error); 162 163 bool SOSCircleSharedTrustedPeers(SOSCircleRef current, SOSCircleRef proposed, SOSPeerInfoRef me); 164 165 bool SOSCircleIsOlderGeneration(SOSCircleRef current, SOSCircleRef proposed); 166 167 SOSConcordanceStatus SOSCircleConcordanceTrust(SOSCircleRef known_circle, SOSCircleRef proposed_circle, 168 SecKeyRef known_pubkey, SecKeyRef user_pubkey, 169 SOSPeerInfoRef exclude, CFErrorRef *error); 170 171 CFDataRef SOSCircleCopyNextGenSignatureWithPeerAdded(SOSCircleRef circle, SOSPeerInfoRef peer, SecKeyRef privKey, CFErrorRef *error); 172 bool SOSCirclePreGenerationSign(SOSCircleRef circle, SecKeyRef userPubKey, CFErrorRef *error); 173 174 // 175 // Testing routines: 176 // 177 178 CFDataRef SOSCircleCreateIncompatibleCircleDER(CFErrorRef* error); 179 void debugDumpCircle(CFStringRef message, SOSCircleRef circle); 180 void SOSCircleLogState(char *category, SOSCircleRef circle, SecKeyRef pubKey, CFStringRef myPID); 181 182 bool SOSCircleAcceptPeerFromHSA2(SOSCircleRef circle, SecKeyRef userKey, SOSGenCountRef gencount, SecKeyRef pPubKey, CFDataRef signature, SOSFullPeerInfoRef fpi, CFErrorRef *error); 183 184 __END_DECLS 185 186 #endif /* !_SOSCIRCLE_H_ */