#ifndef CKKS_h
#define CKKS_h
#include <dispatch/dispatch.h>
#include "ipc/securityd_client.h"
#include "utilities/SecCFWrappers.h"
#include "utilities/SecDb.h"
#include <xpc/xpc.h>
#ifdef __OBJC__
#import <Foundation/Foundation.h>
#import "keychain/ot/OctagonStateMachine.h"
#endif
CF_ASSUME_NONNULL_BEGIN
#ifdef __OBJC__
typedef NS_ENUM(NSUInteger, SecCKKSItemEncryptionVersion) {
CKKSItemEncryptionVersionNone = 0, CKKSItemEncryptionVersion1 = 1, CKKSItemEncryptionVersion2 = 2, };
extern const SecCKKSItemEncryptionVersion currentCKKSItemEncryptionVersion;
extern NSString* const SecCKKSActionAdd;
extern NSString* const SecCKKSActionDelete;
extern NSString* const SecCKKSActionModify;
@protocol SecCKKSItemState <NSObject>
@end
typedef NSString<SecCKKSItemState> CKKSItemState;
extern CKKSItemState* const SecCKKSStateNew;
extern CKKSItemState* const SecCKKSStateUnauthenticated;
extern CKKSItemState* const SecCKKSStateInFlight;
extern CKKSItemState* const SecCKKSStateReencrypt;
extern CKKSItemState* const SecCKKSStateError;
extern CKKSItemState* const SecCKKSStateDeleted; extern CKKSItemState* const SecCKKSStateMismatchedView;
@protocol SecCKKSProcessedState <NSObject>
@end
typedef NSString<SecCKKSProcessedState> CKKSProcessedState;
extern CKKSProcessedState* const SecCKKSProcessedStateLocal;
extern CKKSProcessedState* const SecCKKSProcessedStateRemote;
@protocol SecCKKSKeyClass <NSObject>
@end
typedef NSString<SecCKKSKeyClass> CKKSKeyClass;
extern CKKSKeyClass* const SecCKKSKeyClassTLK;
extern CKKSKeyClass* const SecCKKSKeyClassA;
extern CKKSKeyClass* const SecCKKSKeyClassC;
extern NSString* SecCKKSContainerName;
extern bool SecCKKSContainerUsePCS;
extern NSString* const SecCKKSSubscriptionID;
extern NSString* const SecCKKSAPSNamedPort;
extern NSString* const SecCKRecordItemType;
extern NSString* const SecCKRecordHostOSVersionKey;
extern NSString* const SecCKRecordEncryptionVersionKey;
extern NSString* const SecCKRecordParentKeyRefKey;
extern NSString* const SecCKRecordDataKey;
extern NSString* const SecCKRecordWrappedKeyKey;
extern NSString* const SecCKRecordGenerationCountKey;
extern NSString* const SecCKRecordPCSServiceIdentifier;
extern NSString* const SecCKRecordPCSPublicKey;
extern NSString* const SecCKRecordPCSPublicIdentity;
extern NSString* const SecCKRecordServerWasCurrent;
extern NSString* const SecCKRecordIntermediateKeyType;
extern NSString* const SecCKRecordKeyClassKey;
extern NSString* const SecCKRecordTLKShareType;
extern NSString* const SecCKRecordSenderPeerID;
extern NSString* const SecCKRecordReceiverPeerID;
extern NSString* const SecCKRecordReceiverPublicEncryptionKey;
extern NSString* const SecCKRecordCurve;
extern NSString* const SecCKRecordEpoch;
extern NSString* const SecCKRecordPoisoned;
extern NSString* const SecCKRecordSignature;
extern NSString* const SecCKRecordVersion;
extern NSString* const SecCKRecordCurrentKeyType;
extern NSString* const SecCKRecordCurrentItemType;
extern NSString* const SecCKRecordItemRefKey;
extern NSString* const SecCKRecordDeviceStateType;
extern NSString* const SecCKRecordCirclePeerID;
extern NSString* const SecCKRecordOctagonPeerID;
extern NSString* const SecCKRecordOctagonStatus;
extern NSString* const SecCKRecordCircleStatus;
extern NSString* const SecCKRecordKeyState;
extern NSString* const SecCKRecordCurrentTLK;
extern NSString* const SecCKRecordCurrentClassA;
extern NSString* const SecCKRecordCurrentClassC;
extern NSString* const SecCKSRecordLastUnlockTime;
extern NSString* const SecCKSRecordOSVersionKey;
extern NSString* const SecCKRecordManifestType;
extern NSString* const SecCKRecordManifestDigestValueKey;
extern NSString* const SecCKRecordManifestGenerationCountKey;
extern NSString* const SecCKRecordManifestLeafRecordIDsKey;
extern NSString* const SecCKRecordManifestPeerManifestRecordIDsKey;
extern NSString* const SecCKRecordManifestCurrentItemsKey;
extern NSString* const SecCKRecordManifestSignaturesKey;
extern NSString* const SecCKRecordManifestSignerIDKey;
extern NSString* const SecCKRecordManifestSchemaKey;
extern NSString* const SecCKRecordManifestLeafType;
extern NSString* const SecCKRecordManifestLeafDERKey;
extern NSString* const SecCKRecordManifestLeafDigestKey;
#if OCTAGON
typedef OctagonState CKKSZoneKeyState;
#else
@protocol SecCKKSZoneKeyState <NSObject>
@end
typedef NSString<SecCKKSZoneKeyState> CKKSZoneKeyState;
#endif
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForCloudKitAccountStatus;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateLoggedOut;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateInitializing;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateInitialized;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateZoneCreationFailed;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateBecomeReady;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateReady;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateReadyPendingUnlock;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateBeginFetch;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateFetch;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateFetchComplete;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateNeedFullRefetch;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateTLKMissing;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForTLK;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForTLKCreation;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForTLKUpload;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForUnlock;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateLoseTrust;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForTrust;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateUnhealthy;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateBadCurrentPointers;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateNewTLKsFailed;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateHealTLKShares;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateHealTLKSharesFailed;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForFixupOperation;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateProcess;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateResettingZone;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateResettingLocalData;
extern CKKSZoneKeyState* const SecCKKSZoneKeyStateError;
NSDictionary<CKKSZoneKeyState*, NSNumber*>* CKKSZoneKeyStateMap(void);
NSDictionary<NSNumber*, CKKSZoneKeyState*>* CKKSZoneKeyStateInverseMap(void);
NSNumber* CKKSZoneKeyToNumber(CKKSZoneKeyState* state);
CKKSZoneKeyState* CKKSZoneKeyRecover(NSNumber* stateNumber);
NSSet<CKKSZoneKeyState*>* CKKSKeyStateNonTransientStates(void);
extern const NSUInteger SecCKKSItemPaddingBlockSize;
extern NSString* const SecCKKSAggdPropagationDelay;
extern NSString* const SecCKKSAggdPrimaryKeyConflict;
extern NSString* const SecCKKSAggdViewKeyCount;
extern NSString* const SecCKKSAggdItemReencryption;
extern NSString* const SecCKKSUserDefaultsSuite;
extern NSString* const CKKSErrorDomain;
extern NSString* const CKKSServerExtensionErrorDomain;
#define SecCKKSOutgoingQueueItemsAtOnce 100
#define SecCKKSIncomingQueueItemsAtOnce 50
NSString* SecCKKSHostOSVersion(void);
#endif // OBJ-C
void SecCKKSInitialize(SecDbRef db);
void SecCKKSNotifyBlock(SecDbConnectionRef dbconn, SecDbTransactionPhase phase, SecDbTransactionSource source, CFArrayRef changes);
void SecCKKS24hrNotification(void);
void CKKSRegisterSyncStatusCallback(CFStringRef cfuuid, SecBoolCFErrorCallback callback);
void SecCKKSPerformLocalResync(void);
bool SecCKKSIsEnabled(void);
bool SecCKKSEnable(void);
bool SecCKKSDisable(void);
bool SecCKKSResetSyncing(void);
bool SecCKKSSyncManifests(void);
bool SecCKKSEnableSyncManifests(void);
bool SecCKKSSetSyncManifests(bool value);
bool SecCKKSEnforceManifests(void);
bool SecCKKSEnableEnforceManifests(void);
bool SecCKKSSetEnforceManifests(bool value);
bool SecCKKSReduceRateLimiting(void);
bool SecCKKSSetReduceRateLimiting(bool value);
bool SecCKKSTestsEnabled(void);
bool SecCKKSTestsEnable(void);
bool SecCKKSTestsDisable(void);
void SecCKKSTestResetFlags(void);
bool SecCKKSTestDisableAutomaticUUID(void);
void SecCKKSTestSetDisableAutomaticUUID(bool set);
bool SecCKKSTestDisableSOS(void);
void SecCKKSTestSetDisableSOS(bool set);
bool SecCKKSTestDisableKeyNotifications(void);
void SecCKKSTestSetDisableKeyNotifications(bool set);
bool SecCKKSTestSkipScan(void);
bool SecCKKSSetTestSkipScan(bool value);
typedef CF_ENUM(CFIndex, CKKSErrorCode) {
CKKSNotInitialized = 9,
CKKSNotLoggedIn = 10,
CKKSNoSuchView = 11,
CKKSRemoteItemChangePending = 12,
CKKSLocalItemChangePending = 13,
CKKSItemChanged = 14,
CKKSNoUUIDOnItem = 15,
CKKSItemCreationFailure = 16,
CKKSInvalidKeyClass = 17,
CKKSKeyNotSelfWrapped = 18,
CKKSNoTrustedPeer = 19,
CKKSDataMismatch = 20,
CKKSProtobufFailure = 21,
CKKSNoSuchRecord = 22,
CKKSMissingTLKShare = 23,
CKKSNoPeersAvailable = 24,
CKKSSplitKeyHierarchy = 32,
CKKSOrphanedKey = 33,
CKKSInvalidTLK = 34,
CKKSNoTrustedTLKShares = 35,
CKKSKeyUnknownFormat = 36,
CKKSNoSigningKey = 37,
CKKSNoEncryptionKey = 38,
CKKSNotHSA2 = 40,
CKKSiCloudGreyMode = 41,
CKKSNoFetchesRequested = 50,
CKKSNoMetric = 51,
CKKSLackingTrust = 52,
CKKSKeysMissing = 53,
CKKSCircularKeyReference = 54,
CKKSErrorViewIsPaused = 55,
CKKSErrorPolicyNotLoaded = 56,
CKKSErrorUnexpectedNil = 57,
CKKSErrorGenerationCountMismatch = 58,
};
typedef CF_ENUM(CFIndex, CKKSResultDescriptionErrorCode) {
CKKSResultDescriptionNone = 0,
CKKSResultDescriptionPendingKeyReady = 1,
CKKSResultDescriptionPendingSuccessfulFetch = 2,
CKKSResultDescriptionPendingAccountLoggedIn = 3,
CKKSResultDescriptionPendingUnlock = 4,
CKKSResultDescriptionPendingBottledPeerModifyRecords = 5,
CKKSResultDescriptionPendingBottledPeerFetchRecords = 6,
CKKSResultDescriptionPendingZoneChangeFetchScheduling = 1000,
CKKSResultDescriptionPendingViewChangedScheduling = 1001,
CKKSResultDescriptionPendingZoneInitializeScheduling = 1002, CKKSResultDescriptionPendingOutgoingQueueScheduling = 1003,
CKKSResultDescriptionPendingKeyHierachyPokeScheduling = 1004,
CKKSResultDescriptionPendingCloudKitRetryAfter = 1005,
CKKSResultDescriptionPendingFlag = 1006,
};
typedef CF_ENUM(CFIndex, CKKSServerExtensionErrorCode) {
CKKSServerMissingRecord = 2,
CKKSServerUnexpectedSyncKeyInChain = 9,
};
#if __OBJC__
#define SecTranslateError(nserrorptr, cferror) \
if(nserrorptr) { \
*nserrorptr = (__bridge_transfer NSError*)cferror; \
} else { \
CFReleaseNull(cferror); \
}
extern os_log_t CKKSLogObject(NSString* scope, NSString* _Nullable zoneName);
#define ckkserrorwithzonename(scope, zoneName, format, ...) \
{ \
os_log_with_type(CKKSLogObject(@scope, zoneName), \
OS_LOG_TYPE_ERROR, \
format, \
##__VA_ARGS__); \
}
#define ckkserror(scope, zoneNameBearer, format, ...) \
ckkserrorwithzonename(scope, zoneNameBearer.zoneName, format, ##__VA_ARGS__)
#define ckkserror_global(scope, format, ...) \
ckkserrorwithzonename(scope, nil, format, ##__VA_ARGS__)
#define ckksnotice(scope, zoneNameBearer, format, ...) \
os_log(CKKSLogObject(@scope, zoneNameBearer.zoneName), format, ##__VA_ARGS__)
#define ckksnotice_global(scope, format, ...) \
os_log(CKKSLogObject(@scope, nil), format, ##__VA_ARGS__)
#define ckksinfo(scope, zoneNameBearer, format, ...) \
os_log_debug(CKKSLogObject(@scope, zoneNameBearer.zoneName), format, ##__VA_ARGS__)
#define ckksinfo_global(scope, format, ...) \
os_log_debug(CKKSLogObject(@scope, nil), format, ##__VA_ARGS__)
#endif // __OBJC__
CF_ASSUME_NONNULL_END
#endif