]> git.saurik.com Git - apple/security.git/blob - keychain/ckks/CKKSControl.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-58286.200.222.tar.gz
[apple/security.git] / keychain / ckks / CKKSControl.m
1 /*
2 * Copyright (c) 2017 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #if __OBJC2__
25
26 #import <Foundation/NSXPCConnection_Private.h>
27 #import <xpc/xpc.h>
28
29 #import <Security/SecItemPriv.h>
30
31 #import "keychain/ckks/CKKSControl.h"
32 #import "keychain/ckks/CKKSControlProtocol.h"
33 #import "keychain/ckks/CKKSControlServer.h"
34
35 #include <security_utilities/debugging.h>
36
37 @interface CKKSControl ()
38 @property xpc_endpoint_t endpoint;
39 @property NSXPCConnection *connection;
40 @end
41
42 @implementation CKKSControl
43
44 - (instancetype)initWithConnection:(NSXPCConnection*)connection {
45 if(self = [super init]) {
46 _connection = connection;
47 }
48 return self;
49 }
50
51 - (void)rpcStatus:(NSString*)viewName reply:(void(^)(NSArray<NSDictionary*>* result, NSError* error)) reply {
52 [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
53 reply(nil, error);
54
55 }] rpcStatus:viewName reply:^(NSArray<NSDictionary*>* result, NSError* error){
56 reply(result, error);
57 }];
58 }
59
60 - (void)rpcResetLocal:(NSString*)viewName reply:(void(^)(NSError* error))reply {
61 [[self.connection remoteObjectProxyWithErrorHandler:^(NSError* error) {
62 reply(error);
63 }] rpcResetLocal:viewName reply:^(NSError* error){
64 reply(error);
65 }];
66 }
67
68 - (void)rpcResetCloudKit:(NSString*)viewName reply:(void(^)(NSError* error))reply {
69 [[self.connection remoteObjectProxyWithErrorHandler:^(NSError* error) {
70 reply(error);
71 }] rpcResetCloudKit:viewName reason:[NSString stringWithFormat:@"%s", getprogname()] reply:^(NSError* error){
72 reply(error);
73 }];
74 }
75
76 - (void)rpcResetCloudKit:(NSString*)viewName reason:(NSString *)reason reply:(void(^)(NSError* error))reply {
77 [[self.connection remoteObjectProxyWithErrorHandler:^(NSError* error) {
78 reply(error);
79 }] rpcResetCloudKit:viewName reason:reason reply:^(NSError* error){
80 reply(error);
81 }];
82 }
83
84
85 - (void)rpcResync:(NSString*)viewName reply:(void(^)(NSError* error))reply {
86 [[self.connection remoteObjectProxyWithErrorHandler:^(NSError* error) {
87 reply(error);
88 }] rpcResync:viewName reply:^(NSError* error){
89 reply(error);
90 }];
91 }
92 - (void)rpcFetchAndProcessChanges:(NSString*)viewName reply:(void(^)(NSError* error))reply {
93 [[self.connection remoteObjectProxyWithErrorHandler:^(NSError* error) {
94 reply(error);
95 }] rpcFetchAndProcessChanges:viewName reply:^(NSError* error){
96 reply(error);
97 }];
98 }
99 - (void)rpcFetchAndProcessClassAChanges:(NSString*)viewName reply:(void(^)(NSError* error))reply {
100 [[self.connection remoteObjectProxyWithErrorHandler:^(NSError* error) {
101 reply(error);
102 }] rpcFetchAndProcessClassAChanges:viewName reply:^(NSError* error){
103 reply(error);
104 }];
105 }
106 - (void)rpcPushOutgoingChanges:(NSString*)viewName reply:(void(^)(NSError* error))reply {
107 [[self.connection remoteObjectProxyWithErrorHandler:^(NSError* error) {
108 reply(error);
109 }] rpcPushOutgoingChanges:viewName reply:^(NSError* error){
110 reply(error);
111 }];
112 }
113
114 - (void)rpcPerformanceCounters:(void(^)(NSDictionary <NSString *,NSNumber *> *,NSError*))reply {
115 [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
116 reply(nil, error);
117 }] performanceCounters:^(NSDictionary <NSString *, NSNumber *> *counters){
118 reply(counters, nil);
119 }];
120 }
121
122 - (void)rpcGetCKDeviceIDWithReply:(void (^)(NSString *))reply {
123 [[self.connection remoteObjectProxyWithErrorHandler:^(NSError * _Nonnull error) {
124 reply(nil);
125 }] rpcGetCKDeviceIDWithReply:^(NSString *ckdeviceID) {
126 reply(ckdeviceID);
127 }];
128 }
129
130 - (void)rpcTLKMissing:(NSString*)viewName reply:(void(^)(bool missing))reply {
131 [self rpcStatus:viewName reply:^(NSArray<NSDictionary*>* results, NSError* blockError) {
132 bool missing = false;
133
134 // Until PCS fixes [<rdar://problem/35103941> PCS: Remove PCS's use of CKKSControlProtocol], we can't add things to the protocol
135 // Use this hack
136 for(NSDictionary* result in results) {
137 NSString* name = result[@"view"];
138 NSString* keystate = result[@"keystate"];
139
140 if([name isEqualToString:@"global"]) {
141 // this is global status; no view implicated
142 continue;
143 }
144
145 if ([keystate isEqualToString:@"waitfortlk"] || [keystate isEqualToString:@"error"]) {
146 missing = true;
147 }
148 }
149
150 reply(missing);
151 }];
152 }
153
154 - (void)rpcKnownBadState:(NSString* _Nullable)viewName reply:(void (^)(CKKSKnownBadState))reply {
155 [self rpcStatus:viewName reply:^(NSArray<NSDictionary*>* results, NSError* blockError) {
156 bool tlkMissing = false;
157 bool waitForUnlock = false;
158
159 CKKSKnownBadState response = CKKSKnownStatePossiblyGood;
160
161 // We can now change this hack, but this change needs to be addition-only: <rdar://problem/36356681> CKKS: remove "global" hack from rpcStatus
162 // Use this hack
163 for(NSDictionary* result in results) {
164 NSString* name = result[@"view"];
165 NSString* keystate = result[@"keystate"];
166
167 if([name isEqualToString:@"global"]) {
168 // this is global status; no view implicated
169 continue;
170 }
171
172 if ([keystate isEqualToString:@"waitfortlk"] || [keystate isEqualToString:@"error"]) {
173 tlkMissing = true;
174 }
175 if ([keystate isEqualToString:@"waitforunlock"]) {
176 waitForUnlock = true;
177 }
178 }
179
180 response = (tlkMissing ? CKKSKnownStateTLKsMissing :
181 (waitForUnlock ? CKKSKnownStateWaitForUnlock :
182 CKKSKnownStatePossiblyGood));
183
184 reply(response);
185 }];
186 }
187
188 + (CKKSControl*)controlObject:(NSError* __autoreleasing *)error {
189
190 NSXPCConnection* connection = [[NSXPCConnection alloc] initWithMachServiceName:@(kSecuritydCKKSServiceName) options:0];
191
192 if (connection == nil) {
193 if(error) {
194 *error = [NSError errorWithDomain:@"securityd" code:-1 userInfo:@{NSLocalizedDescriptionKey: @"Couldn't create connection (no reason given)"}];
195 }
196 return nil;
197 }
198
199 NSXPCInterface *interface = CKKSSetupControlProtocol([NSXPCInterface interfaceWithProtocol:@protocol(CKKSControlProtocol)]);
200 connection.remoteObjectInterface = interface;
201 [connection resume];
202
203 CKKSControl* c = [[CKKSControl alloc] initWithConnection:connection];
204 return c;
205 }
206
207 @end
208
209 #endif // __OBJC2__
mirror of Security