]> git.saurik.com Git - apple/security.git/blob - keychain/ckks/CKKSLockStateTracker.m
Security-58286.220.15.tar.gz
[apple/security.git] / keychain / ckks / CKKSLockStateTracker.m
1 /*
2 * Copyright (c) 2017 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #if OCTAGON
25
26 #include <notify.h>
27 #include <dispatch/dispatch.h>
28 #include <utilities/SecAKSWrappers.h>
29
30 #import "keychain/ckks/CKKS.h"
31 #import "keychain/ckks/CKKSResultOperation.h"
32 #import "keychain/ckks/CKKSGroupOperation.h"
33 #import "keychain/ckks/CKKSLockStateTracker.h"
34
35 @interface CKKSLockStateTracker ()
36 @property (readwrite) bool isLocked;
37 @property dispatch_queue_t queue;
38 @property NSOperationQueue* operationQueue;
39 @property NSHashTable<id<CKKSLockStateNotification>> *observers;
40
41 @property (nullable) NSDate* lastUnlockedTime;
42
43 @end
44
45 @implementation CKKSLockStateTracker
46
47 - (instancetype)init {
48 if((self = [super init])) {
49 _queue = dispatch_queue_create("lock-state-tracker", DISPATCH_QUEUE_SERIAL);
50 _operationQueue = [[NSOperationQueue alloc] init];
51
52 _isLocked = true;
53 _observers = [NSHashTable weakObjectsHashTable];
54 [self resetUnlockDependency];
55
56 __weak __typeof(self) weakSelf = self;
57
58 // If this is a live server, register with notify
59 if(!SecCKKSTestsEnabled()) {
60 int token = 0;
61 notify_register_dispatch(kUserKeybagStateChangeNotification, &token, _queue, ^(int t) {
62 [weakSelf _onqueueRecheck];
63 });
64 }
65
66 dispatch_async(_queue, ^{
67 [weakSelf _onqueueRecheck];
68 });
69 }
70 return self;
71 }
72
73 - (NSDate*)lastUnlockTime {
74 // If unlocked, the last unlock time is now. Otherwise, used the cached value.
75 __block NSDate* date = nil;
76 dispatch_sync(self.queue, ^{
77 if(self.isLocked) {
78 date = self.lastUnlockedTime;
79 } else {
80 date = [NSDate date];
81 self.lastUnlockedTime = date;
82 }
83 });
84 return date;
85 }
86
87 -(NSString*)description {
88 return [NSString stringWithFormat: @"<CKKSLockStateTracker: %@ last:%@>",
89 self.isLocked ? @"locked" : @"unlocked",
90 self.isLocked ? self.lastUnlockedTime : @"now"];
91 }
92
93 -(void)resetUnlockDependency {
94 if(self.unlockDependency == nil || ![self.unlockDependency isPending]) {
95 CKKSResultOperation* op = [CKKSResultOperation named:@"keybag-unlocked-dependency" withBlock: ^{
96 secinfo("ckks", "Keybag unlocked");
97 }];
98 op.descriptionErrorCode = CKKSResultDescriptionPendingUnlock;
99 self.unlockDependency = op;
100 }
101 }
102
103 +(bool)queryAKSLocked {
104 CFErrorRef aksError = NULL;
105 bool locked = true;
106
107 if(!SecAKSGetIsLocked(&locked, &aksError)) {
108 secerror("ckks: error querying lock state: %@", aksError);
109 CFReleaseNull(aksError);
110 }
111
112 return locked;
113 }
114
115 -(void)_onqueueRecheck {
116 dispatch_assert_queue(self.queue);
117
118 static bool first = true;
119 bool wasLocked = self.isLocked;
120 self.isLocked = [CKKSLockStateTracker queryAKSLocked];
121
122 if(wasLocked != self.isLocked || first) {
123 first = false;
124 if(self.isLocked) {
125 // We're locked now.
126 [self resetUnlockDependency];
127
128 if(wasLocked) {
129 self.lastUnlockedTime = [NSDate date];
130 }
131 } else {
132 [self.operationQueue addOperation: self.unlockDependency];
133 self.unlockDependency = nil;
134 self.lastUnlockedTime = [NSDate date];
135 }
136
137 bool isUnlocked = (self.isLocked == false);
138 for (id<CKKSLockStateNotification> observer in _observers) {
139 __strong typeof(observer) strongObserver = observer;
140 if (strongObserver == NULL)
141 return;
142 dispatch_async(dispatch_get_global_queue(QOS_CLASS_DEFAULT, 0), ^{
143 [strongObserver lockStateChangeNotification:isUnlocked];
144 });
145 }
146 }
147 }
148
149 -(void)recheck {
150 dispatch_sync(self.queue, ^{
151 [self _onqueueRecheck];
152 });
153 }
154
155 -(bool)isLockedError:(NSError *)error {
156 return ([error.domain isEqualToString:@"securityd"] || [error.domain isEqualToString:(__bridge NSString*)kSecErrorDomain])
157 && error.code == errSecInteractionNotAllowed;
158 }
159
160 -(void)addLockStateObserver:(id<CKKSLockStateNotification>)object
161 {
162 dispatch_async(self.queue, ^{
163 [self->_observers addObject:object];
164 bool isUnlocked = (self.isLocked == false);
165 dispatch_async(dispatch_get_global_queue(QOS_CLASS_DEFAULT, 0), ^{
166 [object lockStateChangeNotification:isUnlocked];
167 });
168 });
169 }
170
171
172 @end
173
174 #endif // OCTAGON