projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| ecaf5866 A |
1 | /* |
| 2 | * Copyright (c) 2017 Apple Inc. All Rights Reserved. | |
| 3 | * | |
| 4 | * @APPLE_LICENSE_HEADER_START@ | |
| 5 | * | |
| 6 | * This file contains Original Code and/or Modifications of Original Code | |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. Please obtain a copy of the License at | |
| 10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
| 11 | * file. | |
| 12 | * | |
| 13 | * The Original Code and all software distributed under the License are | |
| 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 18 | * Please see the License for the specific language governing rights and | |
| 19 | * limitations under the License. | |
| 20 | * | |
| 21 | * @APPLE_LICENSE_HEADER_END@ | |
| 22 | */ | |
| 23 | ||
| 24 | #if __OBJC2__ | |
| 25 | ||
| 26 | #import <Foundation/NSXPCConnection_Private.h> | |
| 27 | #import <xpc/xpc.h> | |
| 28 | ||
| 29 | #import <Security/SecItemPriv.h> | |
| 30 | ||
| 31 | #import "keychain/ot/OTControl.h" | |
| 32 | #import "keychain/ot/OTControlProtocol.h" | |
| 33 | #import "keychain/ot/OctagonControlServer.h" | |
| 34 | ||
| 35 | #include <security_utilities/debugging.h> | |
| 36 | ||
| 37 | @interface OTControl () | |
| 38 | @property NSXPCConnection *connection; | |
| 39 | @end | |
| 40 | ||
| 41 | @implementation OTControl | |
| 42 | ||
| 43 | - (instancetype)initWithConnection:(NSXPCConnection*)connection { | |
| 44 | if(self = [super init]) { | |
| 45 | _connection = connection; | |
| 46 | } | |
| 47 | return self; | |
| 48 | } | |
| 49 | ||
| 50 | - (void)restore:(NSString *)contextID dsid:(NSString *)dsid secret:(NSData*)secret escrowRecordID:(NSString*)escrowRecordID | |
| 51 | reply:(void (^)(NSData* signingKeyData, NSData* encryptionKeyData, NSError* _Nullable error))reply | |
| 52 | { | |
| 53 | [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) { | |
| 54 | reply(nil, nil, error); | |
| 55 | }] restore:contextID dsid:dsid secret:secret escrowRecordID:escrowRecordID reply:^(NSData* signingKeyData, NSData* encryptionKeyData, NSError *error) { | |
| 56 | reply(signingKeyData, encryptionKeyData, error); | |
| 57 | }]; | |
| 58 | ||
| 59 | } | |
| 60 | ||
| 61 | -(void)reset:(void (^)(BOOL result, NSError* _Nullable error))reply | |
| 62 | { | |
| 63 | [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) { | |
| 64 | reply(NO, error); | |
| 65 | }] reset:^(BOOL result, NSError * _Nullable error) { | |
| 66 | reply(result, error); | |
| 67 | }]; | |
| 68 | } | |
| 69 | ||
| 70 | - (void)signingKey:(void (^)(NSData* result, NSError* _Nullable error))reply | |
| 71 | { | |
| 72 | [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) { | |
| 73 | reply(nil, error); | |
| 74 | }] octagonSigningPublicKey:^(NSData *signingKey, NSError * _Nullable error) { | |
| 75 | reply(signingKey, error); | |
| 76 | }]; | |
| 77 | ||
| 78 | } | |
| 79 | ||
| 80 | - (void)encryptionKey:(void (^)(NSData* result, NSError* _Nullable error))reply | |
| 81 | { | |
| 82 | [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) { | |
| 83 | reply(nil, error); | |
| 84 | }] octagonEncryptionPublicKey:^(NSData *encryptionKey, NSError * _Nullable error) { | |
| 85 | reply(encryptionKey, error); | |
| 86 | }]; | |
| 87 | ||
| 88 | } | |
| 89 | ||
| 90 | - (void)listOfRecords:(void (^)(NSArray* list, NSError* _Nullable error))reply | |
| 91 | { | |
| 92 | [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) { | |
| 93 | reply(nil, error); | |
| 94 | }] listOfEligibleBottledPeerRecords:^(NSArray *list, NSError * _Nullable error) { | |
| 95 | reply(list, error); | |
| 96 | }]; | |
| 97 | ||
| 98 | } | |
| 99 | ||
| 100 | - (void)signIn:(NSString*)dsid reply:(void (^)(BOOL result, NSError * _Nullable error))reply{ | |
| 101 | [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) { | |
| 102 | reply(NO, error); | |
| 103 | }] signIn:dsid reply:^(BOOL result, NSError * _Nullable error) { | |
| 104 | reply(result, error); | |
| 105 | }]; | |
| 106 | } | |
| 107 | ||
| 108 | - (void)signOut:(void (^)(BOOL result, NSError * _Nullable error))reply | |
| 109 | { | |
| 110 | [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) { | |
| 111 | reply(NO, error); | |
| 112 | }] signOut:^(BOOL result, NSError * _Nullable error) { | |
| 113 | reply(result, error); | |
| 114 | }]; | |
| 115 | ||
| 116 | } | |
| 117 | ||
| 118 | ||
| 119 | - (void)preflightBottledPeer:(NSString*)contextID | |
| 120 | dsid:(NSString*)dsid | |
| 121 | reply:(void (^)(NSData* _Nullable entropy, | |
| 122 | NSString* _Nullable bottleID, | |
| 123 | NSData* _Nullable signingPublicKey, | |
| 124 | NSError* _Nullable error))reply | |
| 125 | { | |
| 126 | [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) { | |
| 127 | reply(nil, nil, nil, error); | |
| 128 | }] preflightBottledPeer:contextID dsid:dsid reply:^(NSData* _Nullable entropy, | |
| 129 | NSString* _Nullable bottleID, | |
| 130 | NSData* _Nullable signingPublicKey, | |
| 131 | NSError* _Nullable error) { | |
| 132 | reply(entropy, bottleID, signingPublicKey, error); | |
| 133 | }]; | |
| 134 | } | |
| 135 | ||
| 136 | - (void)launchBottledPeer:(NSString*)contextID | |
| 137 | bottleID:(NSString*)bottleID | |
| 138 | reply:(void (^ _Nullable)(NSError* _Nullable))reply | |
| 139 | { | |
| 140 | [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) { | |
| 141 | reply(error); | |
| 142 | }] launchBottledPeer:contextID bottleID:bottleID reply:^(NSError * _Nullable error) { | |
| 143 | reply(error); | |
| 144 | }]; | |
| 145 | } | |
| 146 | ||
| 147 | - (void)scrubBottledPeer:(NSString*)contextID | |
| 148 | bottleID:(NSString*)bottleID | |
| 149 | reply:(void (^ _Nullable)(NSError* _Nullable))reply | |
| 150 | { | |
| 151 | [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) { | |
| 152 | reply(error); | |
| 153 | }] scrubBottledPeer:contextID bottleID:bottleID reply:reply]; | |
| 154 | } | |
| 155 | ||
| 156 | + (OTControl*)controlObject:(NSError* __autoreleasing *)error { | |
| 157 | ||
| 158 | NSXPCConnection* connection = [[NSXPCConnection alloc] initWithMachServiceName:@(kSecuritydOctagonServiceName) options:0]; | |
| 159 | ||
| 160 | if (connection == nil) { | |
| 161 | if(error) { | |
| 162 | *error = [NSError errorWithDomain:@"securityd" code:-1 userInfo:@{NSLocalizedDescriptionKey: @"Couldn't create connection (no reason given)"}]; | |
| 163 | } | |
| 164 | return nil; | |
| 165 | } | |
| 166 | ||
| 167 | NSXPCInterface *interface = OTSetupControlProtocol([NSXPCInterface interfaceWithProtocol:@protocol(OTControlProtocol)]); | |
| 168 | connection.remoteObjectInterface = interface; | |
| 169 | [connection resume]; | |
| 170 | ||
| 171 | OTControl* c = [[OTControl alloc] initWithConnection:connection]; | |
| 172 | return c; | |
| 173 | } | |
| 174 | ||
| 175 | @end | |
| 176 | ||
| 177 | #endif // __OBJC2__ |