]> git.saurik.com Git - apple/security.git/blob - keychain/ot/OTStates.m
Security-59754.60.13.tar.gz
[apple/security.git] / keychain / ot / OTStates.m
1 /*
2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #if OCTAGON
25
26 #import "keychain/ot/OctagonStateMachineHelpers.h"
27 #import "keychain/ot/OTStates.h"
28 #import "keychain/ot/ObjCImprovements.h"
29 #import "keychain/ot/OTDefines.h"
30 #import "keychain/ot/OTConstants.h"
31 #import "keychain/categories/NSError+UsefulConstructors.h"
32
33 OctagonState* const OctagonStateNoAccount = (OctagonState*) @"no_account";
34
35 OctagonState* const OctagonStateWaitForHSA2 = (OctagonState*) @"wait_for_hsa2";
36 OctagonState* const OctagonStateWaitForCDP = (OctagonState*) @"wait_for_cdp_enable";
37
38 OctagonState* const OctagonStateUntrusted = (OctagonState*) @"untrusted";
39 OctagonState* const OctagonStateBecomeUntrusted = (OctagonState*) @"become_untrusted";
40
41 OctagonState* const OctagonStateReady = (OctagonState*) @"ready";
42 OctagonState* const OctagonStateBecomeReady = (OctagonState*) @"become_ready";
43
44 OctagonState* const OctagonStateEnsureConsistency = (OctagonState*) @"consistency_check";
45 OctagonState* const OctagonStateEnsureOctagonKeysAreConsistent = (OctagonState*)@"key_consistency_check";
46 OctagonState* const OctagonStateEnsureUpdatePreapprovals = (OctagonState*)@"ensure_preapprovals_updated";
47
48 OctagonState* const OctagonStateInitializing = (OctagonState*) @"initializing";
49 OctagonState* const OctagonStateWaitingForCloudKitAccount = (OctagonState*) @"waiting_for_cloudkit_account";
50 OctagonState* const OctagonStateCloudKitNewlyAvailable = (OctagonState*) @"account_newly_available";
51 OctagonState* const OctagonStateRefetchCKKSPolicy = (OctagonState*) @"ckks_fetch_policy";
52 OctagonState* const OctagonStateDetermineCDPState = (OctagonState*) @"check_cdp_state";
53 OctagonState* const OctagonStateCheckTrustState = (OctagonState*) @"check_trust_state";
54
55 OctagonState* const OctagonStateEnableUserControllableViews = (OctagonState*) @"ckks_set_user_controllable_views_on";
56 OctagonState* const OctagonStateDisableUserControllableViews = (OctagonState*) @"ckks_set_user_controlable_views_off";
57 OctagonState* const OctagonStateSetUserControllableViewsToPeerConsensus = (OctagonState*) @"ckks_set_user_controlable_views_peer_consensus";
58
59 OctagonState* const OctagonStateUpdateSOSPreapprovals = (OctagonState*) @"update_sos_preapprovals";
60
61 /*Piggybacking and ProximitySetup as Initiator Octagon only*/
62 OctagonState* const OctagonStateInitiatorSetCDPBit = (OctagonState*) @"initiator_set_cdp";
63 OctagonState* const OctagonStateInitiatorUpdateDeviceList = (OctagonState*) @"initiator_device_list_update";
64 OctagonState* const OctagonStateInitiatorAwaitingVoucher = (OctagonState*)@"await_voucher";
65 OctagonState* const OctagonStateInitiatorJoin = (OctagonState*)@"join";
66 OctagonState* const OctagonStateInitiatorJoinCKKSReset = (OctagonState*)@"join_ckks_reset";
67 OctagonState* const OctagonStateInitiatorJoinAfterCKKSReset = (OctagonState*)@"join_after_ckks_reset";
68
69 /* used in restore (join with bottle)*/
70 OctagonState* const OctagonStateBottleJoinCreateIdentity = (OctagonState*)@"bottle_join_create_identity";
71 OctagonState* const OctagonStateBottleJoinVouchWithBottle = (OctagonState*)@"bottle_join_vouch_with_bottle";
72 OctagonState* const OctagonStateCreateIdentityForRecoveryKey = (OctagonState*)@"vouchWithRecovery";
73 OctagonState* const OctagonStateBottlePreloadOctagonKeysInSOS = (OctagonState*)@"bottle_preload_octagon_keys_in_sos";
74
75 /* used in resotre (join with recovery key)*/
76 OctagonState* const OctagonStateVouchWithRecoveryKey = (OctagonState*)@"vouchWithRecoveryKey";
77
78 OctagonState* const OctagonStateStartCompanionPairing = (OctagonState*)@"start_companion_pairing";
79
80 OctagonState* const OctagonStateWaitForCDPUpdated = (OctagonState*)@"wait_for_cdp_update";
81
82 // Untrusted cuttlefish notification.
83 OctagonState* const OctagonStateUntrustedUpdated = (OctagonState*)@"untrusted_update";
84
85 // Cuttlefish notifiation while ready.
86 OctagonState* const OctagonStateReadyUpdated = (OctagonState*)@"ready_update";
87
88 OctagonState* const OctagonStateError = (OctagonState*) @"error";
89 OctagonState* const OctagonStateDisabled = (OctagonState*) @"disabled";
90
91 OctagonState* const OctagonStateDetermineiCloudAccountState = (OctagonState*) @"determine_icloud_account";
92
93 OctagonState* const OctagonStateAttemptSOSUpgradeDetermineCDPState = (OctagonState*) @"sosupgrade_cdp_check";
94 OctagonState* const OctagonStateAttemptSOSUpgrade = (OctagonState*) @"sosupgrade";
95 OctagonState* const OctagonStateSOSUpgradeCKKSReset = (OctagonState*) @"sosupgrade_ckks_reset";
96 OctagonState* const OctagonStateSOSUpgradeAfterCKKSReset = (OctagonState*) @"sosupgrade_after_ckks_reset";
97 OctagonState* const OctagonStateUnimplemented = (OctagonState*) @"unimplemented";
98
99 /* Reset and establish */
100 OctagonState* const OctagonStateResetBecomeUntrusted = (OctagonState*) @"reset_become_untrusted";
101 OctagonState* const OctagonStateResetAndEstablish = (OctagonState*) @"reset_and_establish";
102 OctagonState* const OctagonStateResetAnyMissingTLKCKKSViews = (OctagonState*) @"reset_ckks_missing_views";
103 OctagonState* const OctagonStateEstablishEnableCDPBit = (OctagonState*) @"reenact_cdp_bit";
104 OctagonState* const OctagonStateReEnactDeviceList = (OctagonState*) @"reenact_device_list";
105 OctagonState* const OctagonStateReEnactPrepare = (OctagonState*) @"reenact_prepare";
106 OctagonState* const OctagonStateReEnactReadyToEstablish = (OctagonState*) @"reenact_ready_to_establish";
107 OctagonState* const OctagonStateEstablishCKKSReset = (OctagonState*) @"reenact_ckks_reset";
108 OctagonState* const OctagonStateEstablishAfterCKKSReset = (OctagonState*) @"reenact_establish_after_ckks_reset";
109
110 /* used for trust health checks */
111 OctagonState* const OctagonStateHSA2HealthCheck = (OctagonState*) @"health_hsa2_check";
112 OctagonState* const OctagonStateCDPHealthCheck = (OctagonState*) @"health_cdp_check";
113 OctagonState* const OctagonStateTPHTrustCheck = (OctagonState*) @"tph_trust_check";
114 OctagonState* const OctagonStateCuttlefishTrustCheck = (OctagonState*) @"cuttlefish_trust_check";
115 OctagonState* const OctagonStatePostRepairCFU = (OctagonState*) @"post_repair_cfu";
116 OctagonState* const OctagonStateSecurityTrustCheck = (OctagonState*) @"security_trust_check";
117 OctagonState* const OctagonStateHealthCheckReset = (OctagonState*) @"health_check_reset";
118 /* signout */
119 OctagonState* const OctagonStateNoAccountDoReset = (OctagonState*) @"no_account_do_reset";
120
121 OctagonState* const OctagonStateWaitForUnlock = (OctagonState*) @"wait_for_unlock";
122 OctagonState* const OctagonStateWaitForClassCUnlock = (OctagonState*) @"wait_for_class_c_unlock";
123
124 OctagonState* const OctagonStateAssistCKKSTLKUpload = (OctagonState*) @"assist_ckks_tlk_upload";
125 OctagonState* const OctagonStateAssistCKKSTLKUploadCKKSReset = (OctagonState*) @"assist_ckks_tlk_upload_ckks_reset";
126 OctagonState* const OctagonStateAssistCKKSTLKUploadAfterCKKSReset = (OctagonState*) @"assist_ckks_tlk_upload_after_ckks_reset";
127
128 OctagonState* const OctagonStateHealthCheckLeaveClique = (OctagonState*) @"leave_clique";
129
130 /* escrow */
131 OctagonState* const OctagonStateEscrowTriggerUpdate = (OctagonState*) @"escrow-trigger-update";
132
133 NSDictionary<OctagonState*, NSNumber*>* OctagonStateMap(void) {
134 static NSDictionary<OctagonState*, NSNumber*>* map = nil;
135 static dispatch_once_t onceToken;
136 dispatch_once(&onceToken, ^{
137 map = @{
138 OctagonStateReady: @0U,
139 OctagonStateError: @1U,
140 OctagonStateInitializing: @2U,
141 OctagonStateMachineNotStarted: @3U,
142 OctagonStateDisabled: @4U,
143 OctagonStateUntrusted: @5U,
144
145 //Removed: OctagonStateInitiatorAwaitingAcceptorEpoch: @9U,
146 //Removed: OctagonStateInitiatorReadyToSendIdentity: @10U,
147
148 OctagonStateInitiatorUpdateDeviceList: @8U,
149 OctagonStateInitiatorAwaitingVoucher: @11U,
150 OctagonStateInitiatorJoin: @12U,
151
152 //Removed: OctagonStateIdentityPrepared: @6U,
153 //Removed: OctagonStateDeviceListUpdated: @7U,
154
155 OctagonStateAttemptSOSUpgrade: @8U,
156
157 OctagonStateUnimplemented: @9U,
158 OctagonStateDetermineiCloudAccountState: @10U,
159 OctagonStateNoAccount: @11U,
160
161 OctagonStateResetAndEstablish: @12U,
162 OctagonStateReEnactDeviceList: @13U,
163 OctagonStateReEnactPrepare: @14U,
164 OctagonStateReEnactReadyToEstablish: @15U,
165 OctagonStateNoAccountDoReset: @16U,
166 OctagonStateBottleJoinVouchWithBottle: @17U,
167 OctagonStateBottleJoinCreateIdentity: @18U,
168 OctagonStateCloudKitNewlyAvailable: @19U,
169 OctagonStateCheckTrustState: @20U,
170 OctagonStateBecomeUntrusted: @21U,
171 OctagonStateWaitForUnlock: @22U,
172 OctagonStateWaitingForCloudKitAccount: @23U,
173 OctagonStateBecomeReady: @24U,
174 OctagonStateVouchWithRecoveryKey: @25U,
175 OctagonStateCreateIdentityForRecoveryKey: @26U,
176 OctagonStateUpdateSOSPreapprovals: @27U,
177 OctagonStateWaitForHSA2: @28U,
178 OctagonStateAssistCKKSTLKUpload: @29U,
179 OctagonStateStartCompanionPairing: @30U,
180 OctagonStateEscrowTriggerUpdate: @31U,
181 OctagonStateEnsureConsistency: @32U,
182 OctagonStateResetBecomeUntrusted: @33U,
183 OctagonStateUntrustedUpdated: @34U,
184 OctagonStateReadyUpdated: @35U,
185 OctagonStateTPHTrustCheck: @36U,
186 OctagonStateCuttlefishTrustCheck: @37U,
187 OctagonStatePostRepairCFU: @38U,
188 OctagonStateSecurityTrustCheck: @39U,
189 OctagonStateEnsureOctagonKeysAreConsistent: @40U,
190 OctagonStateEnsureUpdatePreapprovals: @41U,
191 OctagonStateResetAnyMissingTLKCKKSViews: @42U,
192 OctagonStateEstablishCKKSReset: @43U,
193 OctagonStateEstablishAfterCKKSReset: @44U,
194 OctagonStateSOSUpgradeCKKSReset: @45U,
195 OctagonStateSOSUpgradeAfterCKKSReset: @46U,
196 OctagonStateInitiatorJoinCKKSReset: @47U,
197 OctagonStateInitiatorJoinAfterCKKSReset: @48U,
198 OctagonStateHSA2HealthCheck: @49U,
199 OctagonStateHealthCheckReset: @50U,
200 OctagonStateAssistCKKSTLKUploadCKKSReset: @51U,
201 OctagonStateAssistCKKSTLKUploadAfterCKKSReset: @52U,
202 OctagonStateWaitForCDP: @53U,
203 OctagonStateDetermineCDPState: @54U,
204 OctagonStateWaitForCDPUpdated: @55U,
205 OctagonStateEstablishEnableCDPBit: @56U,
206 OctagonStateInitiatorSetCDPBit: @57U,
207 OctagonStateCDPHealthCheck: @58U,
208 OctagonStateHealthCheckLeaveClique: @59U,
209 OctagonStateRefetchCKKSPolicy: @60U,
210 OctagonStateEnableUserControllableViews: @61U,
211 OctagonStateDisableUserControllableViews: @62U,
212 OctagonStateSetUserControllableViewsToPeerConsensus: @63U,
213 OctagonStateWaitForClassCUnlock: @64U,
214 OctagonStateBottlePreloadOctagonKeysInSOS: @65U,
215 OctagonStateAttemptSOSUpgradeDetermineCDPState: @66U,
216 };
217 });
218 return map;
219 }
220
221 NSDictionary<NSNumber*, OctagonState*>* OctagonStateInverseMap(void) {
222 static NSDictionary<NSNumber*, OctagonState*>* backwardMap = nil;
223 static dispatch_once_t onceToken;
224 dispatch_once(&onceToken, ^{
225 NSDictionary<OctagonState*, NSNumber*>* forwardMap = OctagonStateMap();
226 backwardMap = [NSDictionary dictionaryWithObjects:[forwardMap allKeys] forKeys:[forwardMap allValues]];
227 });
228 return backwardMap;
229 }
230
231 NSSet<OctagonState*>* OctagonInAccountStates(void)
232 {
233 static NSSet<OctagonState*>* s = nil;
234 static dispatch_once_t onceToken;
235 dispatch_once(&onceToken, ^{
236 NSMutableSet* sourceStates = [NSMutableSet setWithArray: OctagonStateMap().allKeys];
237
238 // NoAccount is obviously not in-account, but we also include the startup states that determine
239 // apple account and icloud account status:
240 [sourceStates removeObject:OctagonStateNoAccount];
241 [sourceStates removeObject:OctagonStateNoAccountDoReset];
242 [sourceStates removeObject:OctagonStateInitializing];
243 [sourceStates removeObject:OctagonStateDetermineiCloudAccountState];
244 [sourceStates removeObject:OctagonStateWaitingForCloudKitAccount];
245 [sourceStates removeObject:OctagonStateCloudKitNewlyAvailable];
246 [sourceStates removeObject:OctagonStateWaitForHSA2];
247
248 // If the device hasn't unlocked yet, we don't know what we wrote down for iCloud account status
249 [sourceStates removeObject:OctagonStateWaitForClassCUnlock];
250
251 s = sourceStates;
252 });
253 return s;
254 }
255
256 NSSet<OctagonState *>* OctagonHealthSourceStates(void)
257 {
258 static NSSet<OctagonState*>* s = nil;
259 static dispatch_once_t onceToken;
260 dispatch_once(&onceToken, ^{
261 NSMutableSet* sourceStates = [NSMutableSet set];
262
263 [sourceStates addObject:OctagonStateReady];
264 [sourceStates addObject:OctagonStateError];
265 [sourceStates addObject:OctagonStateUntrusted];
266 [sourceStates addObject:OctagonStateWaitForHSA2];
267 [sourceStates addObject:OctagonStateWaitForUnlock];
268 [sourceStates addObject:OctagonStateWaitForCDP];
269
270 s = sourceStates;
271 });
272 return s;
273 }
274
275 // Flags
276 OctagonFlag* const OctagonFlagIDMSLevelChanged = (OctagonFlag*) @"idms_level";
277 OctagonFlag* const OctagonFlagEgoPeerPreapproved = (OctagonFlag*) @"preapproved";
278 OctagonFlag* const OctagonFlagCKKSRequestsTLKUpload = (OctagonFlag*) @"tlk_upload_needed";
279 OctagonFlag* const OctagonFlagCKKSRequestsPolicyCheck = (OctagonFlag*) @"policy_check_needed";;
280 OctagonFlag* const OctagonFlagCKKSViewSetChanged = (OctagonFlag*) @"ckks_views_changed";
281 OctagonFlag* const OctagonFlagCuttlefishNotification = (OctagonFlag*) @"recd_push";
282 OctagonFlag* const OctagonFlagAccountIsAvailable = (OctagonFlag*)@"account_available";
283 OctagonFlag* const OctagonFlagCDPEnabled = (OctagonFlag*) @"cdp_enabled";
284 OctagonFlag* const OctagonFlagAttemptSOSUpgrade = (OctagonFlag*)@"attempt_sos_upgrade";
285 OctagonFlag* const OctagonFlagFetchAuthKitMachineIDList = (OctagonFlag*)@"attempt_machine_id_list";
286 OctagonFlag* const OctagonFlagUnlocked = (OctagonFlag*)@"unlocked";
287 OctagonFlag* const OctagonFlagAttemptSOSUpdatePreapprovals = (OctagonFlag*)@"attempt_sos_update_preapprovals";
288 OctagonFlag* const OctagonFlagAttemptSOSConsistency = (OctagonFlag*)@"attempt_sos_consistency";
289 OctagonFlag* const OctagonFlagEscrowRequestInformCloudServicesOperation = (OctagonFlag*)@"escrowrequest_inform_cloudservices";
290 OctagonFlag* const OctagonFlagWarmEscrowRecordCache = (OctagonFlag*)@"warm_escrow_cache";
291 OctagonFlag* const OctagonFlagAttemptBottleTLKExtraction = (OctagonFlag*)@"retry_bottle_tlk_extraction";
292 OctagonFlag* const OctagonFlagAttemptRecoveryKeyTLKExtraction = (OctagonFlag*)@"retry_rk_tlk_extraction";
293
294 OctagonFlag* const OctagonFlagAttemptUserControllableViewStatusUpgrade = (OctagonFlag*)@"attempt_ucv_upgrade";
295
296 NSSet<OctagonFlag *>* AllOctagonFlags(void)
297 {
298 static NSSet<OctagonFlag*>* f = nil;
299 static dispatch_once_t onceToken;
300 dispatch_once(&onceToken, ^{
301 NSMutableSet* flags = [NSMutableSet set];
302
303 [flags addObject:OctagonFlagIDMSLevelChanged];
304 [flags addObject:OctagonFlagEgoPeerPreapproved];
305 [flags addObject:OctagonFlagCKKSRequestsTLKUpload];
306 [flags addObject:OctagonFlagCKKSRequestsPolicyCheck];
307 [flags addObject:OctagonFlagCKKSViewSetChanged];
308 [flags addObject:OctagonFlagCuttlefishNotification];
309 [flags addObject:OctagonFlagAccountIsAvailable];
310 [flags addObject:OctagonFlagCDPEnabled];
311 [flags addObject:OctagonFlagAttemptSOSUpgrade];
312 [flags addObject:OctagonFlagFetchAuthKitMachineIDList];
313 [flags addObject:OctagonFlagUnlocked];
314 [flags addObject:OctagonFlagAttemptSOSUpdatePreapprovals];
315 [flags addObject:OctagonFlagAttemptSOSConsistency];
316 [flags addObject:OctagonFlagWarmEscrowRecordCache];
317 [flags addObject:OctagonFlagAttemptUserControllableViewStatusUpgrade];
318 [flags addObject:OctagonFlagAttemptBottleTLKExtraction];
319 [flags addObject:OctagonFlagAttemptRecoveryKeyTLKExtraction];
320
321 f = flags;
322 });
323 return f;
324 }
325
326 #endif // OCTAGON