]> git.saurik.com Git - apple/security.git/blob - keychain/ot/CuttlefishXPCWrapper.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.41.2.tar.gz
[apple/security.git] / keychain / ot / CuttlefishXPCWrapper.m
1 /*
2 * Copyright (c) 2019 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #import "keychain/ot/CuttlefishXPCWrapper.h"
25
26 @implementation CuttlefishXPCWrapper
27 - (instancetype) initWithCuttlefishXPCConnection: (id<NSXPCProxyCreating>)cuttlefishXPCConnection
28 {
29 if ((self = [super init])) {
30 _cuttlefishXPCConnection = cuttlefishXPCConnection;
31 }
32 return self;
33 }
34
35 + (bool)retryable:(NSError *_Nonnull)error
36 {
37 return error.domain == NSCocoaErrorDomain && error.code == NSXPCConnectionInterrupted;
38 }
39
40 enum {NUM_RETRIES = 5};
41
42 - (void)pingWithReply:(void (^)(void))reply
43 {
44 __block int i = 0;
45 __block bool retry;
46 do {
47 retry = false;
48 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
49 if (i < NUM_RETRIES && [self.class retryable:error]) {
50 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
51 retry = true;
52 } else {
53 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
54 }
55 ++i;
56 }] pingWithReply:reply];
57 } while (retry);
58 }
59
60 - (void)dumpWithContainer:(NSString *)container
61 context:(NSString *)context
62 reply:(void (^)(NSDictionary * _Nullable, NSError * _Nullable))reply
63 {
64 __block int i = 0;
65 __block bool retry;
66 do {
67 retry = false;
68 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
69 if (i < NUM_RETRIES && [self.class retryable:error]) {
70 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
71 retry = true;
72 } else {
73 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
74 reply(nil, error);
75 }
76 ++i;
77 }] dumpWithContainer:container context:context reply:reply];
78 } while (retry);
79 }
80
81 - (void)departByDistrustingSelfWithContainer:(NSString *)container
82 context:(NSString *)context
83 reply:(void (^)(NSError * _Nullable))reply
84 {
85 __block int i = 0;
86 __block bool retry;
87 do {
88 retry = false;
89 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
90 if (i < NUM_RETRIES && [self.class retryable:error]) {
91 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
92 retry = true;
93 } else {
94 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
95 reply(error);
96 }
97 ++i;
98 }] departByDistrustingSelfWithContainer:container context:context reply:reply];
99 } while (retry);
100 }
101
102 - (void)distrustPeerIDsWithContainer:(NSString *)container
103 context:(NSString *)context
104 peerIDs:(NSSet<NSString*>*)peerIDs
105 reply:(void (^)(NSError * _Nullable))reply
106 {
107 __block int i = 0;
108 __block bool retry;
109 do {
110 retry = false;
111 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
112 if (i < NUM_RETRIES && [self.class retryable:error]) {
113 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
114 retry = true;
115 } else {
116 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
117 reply(error);
118 }
119 ++i;
120 }] distrustPeerIDsWithContainer:container context:context peerIDs:peerIDs reply:reply];
121 } while (retry);
122 }
123
124 - (void)trustStatusWithContainer:(NSString *)container
125 context:(NSString *)context
126 reply:(void (^)(TrustedPeersHelperEgoPeerStatus *status,
127 NSError* _Nullable error))reply
128 {
129 __block int i = 0;
130 __block bool retry;
131 do {
132 retry = false;
133 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
134 if (i < NUM_RETRIES && [self.class retryable:error]) {
135 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
136 retry = true;
137 } else {
138 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
139 reply(nil, error);
140 }
141 ++i;
142 }] trustStatusWithContainer:container context:context reply:reply];
143 } while (retry);
144 }
145
146 - (void)resetWithContainer:(NSString *)container
147 context:(NSString *)context
148 resetReason:(CuttlefishResetReason)reason
149 reply:(void (^)(NSError * _Nullable error))reply
150 {
151 __block int i = 0;
152 __block bool retry;
153 do {
154 retry = false;
155 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
156 if (i < NUM_RETRIES && [self.class retryable:error]) {
157 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
158 retry = true;
159 } else {
160 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
161 reply(error);
162 }
163 ++i;
164 }] resetWithContainer:container context:context resetReason:reason reply:reply];
165 } while (retry);
166 }
167
168 - (void)localResetWithContainer:(NSString *)container
169 context:(NSString *)context
170 reply:(void (^)(NSError * _Nullable error))reply
171 {
172 __block int i = 0;
173 __block bool retry;
174 do {
175 retry = false;
176 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
177 if (i < NUM_RETRIES && [self.class retryable:error]) {
178 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
179 retry = true;
180 } else {
181 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
182 reply(error);
183 }
184 ++i;
185 }] localResetWithContainer:container context:context reply:reply];
186 } while (retry);
187 }
188
189 - (void)setAllowedMachineIDsWithContainer:(NSString *)container
190 context:(NSString *)context
191 allowedMachineIDs:(NSSet<NSString*> *)allowedMachineIDs
192 reply:(void (^)(BOOL listDifferences, NSError * _Nullable error))reply
193 {
194 __block int i = 0;
195 __block bool retry;
196 do {
197 retry = false;
198 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
199 if (i < NUM_RETRIES && [self.class retryable:error]) {
200 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
201 retry = true;
202 } else {
203 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
204 reply(NO, error);
205 }
206 ++i;
207 }] setAllowedMachineIDsWithContainer:container context:context allowedMachineIDs:allowedMachineIDs reply:reply];
208 } while (retry);
209 }
210
211 - (void)addAllowedMachineIDsWithContainer:(NSString *)container
212 context:(NSString *)context
213 machineIDs:(NSArray<NSString*> *)machineIDs
214 reply:(void (^)(NSError * _Nullable error))reply
215 {
216 __block int i = 0;
217 __block bool retry;
218 do {
219 retry = false;
220 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
221 if (i < NUM_RETRIES && [self.class retryable:error]) {
222 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
223 retry = true;
224 } else {
225 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
226 reply(error);
227 }
228 ++i;
229 }] addAllowedMachineIDsWithContainer:container
230 context:context
231 machineIDs:machineIDs
232 reply:reply];
233 } while (retry);
234 }
235
236 - (void)removeAllowedMachineIDsWithContainer:(NSString *)container
237 context:(NSString *)context
238 machineIDs:(NSArray<NSString*> *)machineIDs
239 reply:(void (^)(NSError * _Nullable error))reply
240 {
241 __block int i = 0;
242 __block bool retry;
243 do {
244 retry = false;
245 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
246 if (i < NUM_RETRIES && [self.class retryable:error]) {
247 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
248 retry = true;
249 } else {
250 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
251 reply(error);
252 }
253 ++i;
254 }] removeAllowedMachineIDsWithContainer:container context:context machineIDs:machineIDs reply:reply];
255 } while (retry);
256 }
257
258 - (void)fetchEgoEpochWithContainer:(NSString *)container
259 context:(NSString *)context
260 reply:(void (^)(unsigned long long epoch,
261 NSError * _Nullable error))reply
262 {
263 __block int i = 0;
264 __block bool retry;
265 do {
266 retry = false;
267 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
268 if (i < NUM_RETRIES && [self.class retryable:error]) {
269 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
270 retry = true;
271 } else {
272 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
273 reply(0, error);
274 }
275 ++i;
276 }] fetchEgoEpochWithContainer:container context:context reply:reply];
277 } while (retry);
278 }
279
280 - (void)prepareWithContainer:(NSString *)container
281 context:(NSString *)context
282 epoch:(unsigned long long)epoch
283 machineID:(NSString *)machineID
284 bottleSalt:(NSString *)bottleSalt
285 bottleID:(NSString *)bottleID
286 modelID:(NSString *)modelID
287 deviceName:(nullable NSString*)deviceName
288 serialNumber:(NSString *)serialNumber
289 osVersion:(NSString *)osVersion
290 policyVersion:(nullable NSNumber *)policyVersion
291 policySecrets:(nullable NSDictionary<NSString*,NSData*> *)policySecrets
292 signingPrivKeyPersistentRef:(nullable NSData *)spkPr
293 encPrivKeyPersistentRef:(nullable NSData*)epkPr
294 reply:(void (^)(NSString * _Nullable peerID,
295 NSData * _Nullable permanentInfo,
296 NSData * _Nullable permanentInfoSig,
297 NSData * _Nullable stableInfo,
298 NSData * _Nullable stableInfoSig,
299 NSError * _Nullable error))reply
300 {
301 __block int i = 0;
302 __block bool retry;
303 do {
304 retry = false;
305 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
306 if (i < NUM_RETRIES && [self.class retryable:error]) {
307 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
308 retry = true;
309 } else {
310 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
311 reply(nil, nil, nil, nil, nil, error);
312 }
313 ++i;
314 }] prepareWithContainer:container context:context epoch:epoch machineID:machineID bottleSalt:bottleSalt bottleID:bottleID modelID:modelID deviceName:deviceName serialNumber:serialNumber osVersion:osVersion policyVersion:policyVersion policySecrets:policySecrets signingPrivKeyPersistentRef:spkPr encPrivKeyPersistentRef:epkPr reply:reply];
315 } while (retry);
316 }
317
318 - (void)establishWithContainer:(NSString *)container
319 context:(NSString *)context
320 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)viewKeySets
321 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
322 preapprovedKeys:(nullable NSArray<NSData*> *)preapprovedKeys
323 reply:(void (^)(NSString * _Nullable peerID,
324 NSArray<CKRecord*>* _Nullable keyHierarchyRecords,
325 NSError * _Nullable error))reply
326 {
327 __block int i = 0;
328 __block bool retry;
329 do {
330 retry = false;
331 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
332 if (i < NUM_RETRIES && [self.class retryable:error]) {
333 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
334 retry = true;
335 } else {
336 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
337 reply(nil, nil, error);
338 }
339 ++i;
340 }] establishWithContainer:container context:context ckksKeys:viewKeySets tlkShares:tlkShares preapprovedKeys:preapprovedKeys reply:reply];
341 } while (retry);
342 }
343
344 - (void)vouchWithContainer:(NSString *)container
345 context:(NSString *)context
346 peerID:(NSString *)peerID
347 permanentInfo:(NSData *)permanentInfo
348 permanentInfoSig:(NSData *)permanentInfoSig
349 stableInfo:(NSData *)stableInfo
350 stableInfoSig:(NSData *)stableInfoSig
351 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)viewKeySets
352 reply:(void (^)(NSData * _Nullable voucher,
353 NSData * _Nullable voucherSig,
354 NSError * _Nullable error))reply
355 {
356 __block int i = 0;
357 __block bool retry;
358 do {
359 retry = false;
360 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
361 if (i < NUM_RETRIES && [self.class retryable:error]) {
362 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
363 retry = true;
364 } else {
365 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
366 reply(nil, nil, error);
367 }
368 ++i;
369 }] vouchWithContainer:container context:context peerID:peerID permanentInfo:permanentInfo permanentInfoSig:permanentInfoSig stableInfo:stableInfo stableInfoSig:stableInfoSig ckksKeys:viewKeySets reply:reply];
370 } while (retry);
371 }
372
373
374 - (void)preflightVouchWithBottleWithContainer:(nonnull NSString *)container
375 context:(nonnull NSString *)context
376 bottleID:(nonnull NSString *)bottleID
377 reply:(nonnull void (^)(NSString * _Nullable, NSError * _Nullable))reply {
378 __block int i = 0;
379 __block bool retry;
380 do {
381 retry = false;
382 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
383 if (i < NUM_RETRIES && [self.class retryable:error]) {
384 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
385 retry = true;
386 } else {
387 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
388 reply(nil, error);
389 }
390 ++i;
391 }] preflightVouchWithBottleWithContainer:container
392 context:context
393 bottleID:bottleID
394 reply:reply];
395 } while (retry);
396 }
397
398 - (void)vouchWithBottleWithContainer:(NSString *)container
399 context:(NSString *)context
400 bottleID:(NSString*)bottleID
401 entropy:(NSData*)entropy
402 bottleSalt:(NSString*)bottleSalt
403 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
404 reply:(void (^)(NSData * _Nullable voucher,
405 NSData * _Nullable voucherSig,
406 NSError * _Nullable error))reply
407 {
408 __block int i = 0;
409 __block bool retry;
410 do {
411 retry = false;
412 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
413 if (i < NUM_RETRIES && [self.class retryable:error]) {
414 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
415 retry = true;
416 } else {
417 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
418 reply(nil, nil, error);
419 }
420 ++i;
421 }] vouchWithBottleWithContainer:container context:context bottleID:bottleID entropy:entropy bottleSalt:bottleSalt tlkShares:tlkShares reply:reply];
422 } while (retry);
423 }
424
425 - (void)vouchWithRecoveryKeyWithContainer:(NSString *)container
426 context:(NSString *)context
427 recoveryKey:(NSString*)recoveryKey
428 salt:(NSString*)salt
429 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
430 reply:(void (^)(NSData * _Nullable voucher,
431 NSData * _Nullable voucherSig,
432 NSError * _Nullable error))reply
433 {
434 __block int i = 0;
435 __block bool retry;
436 do {
437 retry = false;
438 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
439 if (i < NUM_RETRIES && [self.class retryable:error]) {
440 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
441 retry = true;
442 } else {
443 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
444 reply(nil, nil, error);
445 }
446 ++i;
447 }] vouchWithRecoveryKeyWithContainer:container context:context recoveryKey:recoveryKey salt:salt tlkShares:tlkShares reply:reply];
448 } while (retry);
449 }
450
451 - (void)joinWithContainer:(NSString *)container
452 context:(NSString *)context
453 voucherData:(NSData *)voucherData
454 voucherSig:(NSData *)voucherSig
455 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)viewKeySets
456 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
457 preapprovedKeys:(NSArray<NSData*> *)preapprovedKeys
458 reply:(void (^)(NSString * _Nullable peerID,
459 NSArray<CKRecord*>* _Nullable keyHierarchyRecords,
460 NSError * _Nullable error))reply
461 {
462 __block int i = 0;
463 __block bool retry;
464 do {
465 retry = false;
466 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
467 if (i < NUM_RETRIES && [self.class retryable:error]) {
468 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
469 retry = true;
470 } else {
471 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
472 reply(nil, nil, error);
473 }
474 ++i;
475 }] joinWithContainer:container context:context voucherData:voucherData voucherSig:voucherSig ckksKeys:viewKeySets tlkShares:tlkShares preapprovedKeys:preapprovedKeys reply:reply];
476 } while (retry);
477 }
478
479 - (void)preflightPreapprovedJoinWithContainer:(NSString *)container
480 context:(NSString *)context
481 reply:(void (^)(BOOL launchOkay,
482 NSError * _Nullable error))reply
483 {
484 __block int i = 0;
485 __block bool retry;
486 do {
487 retry = false;
488 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
489 if (i < NUM_RETRIES && [self.class retryable:error]) {
490 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
491 retry = true;
492 } else {
493 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
494 reply(NO, error);
495 }
496 ++i;
497 }] preflightPreapprovedJoinWithContainer:container context:context reply:reply];
498 } while (retry);
499 }
500
501 - (void)attemptPreapprovedJoinWithContainer:(NSString *)container
502 context:(NSString *)context
503 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)ckksKeys
504 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
505 preapprovedKeys:(NSArray<NSData*> *)preapprovedKeys
506 reply:(void (^)(NSString * _Nullable peerID,
507 NSArray<CKRecord*>* _Nullable keyHierarchyRecords,
508 NSError * _Nullable error))reply
509 {
510 __block int i = 0;
511 __block bool retry;
512 do {
513 retry = false;
514 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
515 if (i < NUM_RETRIES && [self.class retryable:error]) {
516 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
517 retry = true;
518 } else {
519 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
520 reply(nil, nil, error);
521 }
522 ++i;
523 }] attemptPreapprovedJoinWithContainer:container context:context ckksKeys:ckksKeys tlkShares:tlkShares preapprovedKeys:preapprovedKeys reply:reply];
524 } while (retry);
525 }
526
527 - (void)updateWithContainer:(NSString *)container
528 context:(NSString *)context
529 deviceName:(nullable NSString *)deviceName
530 serialNumber:(nullable NSString *)serialNumber
531 osVersion:(nullable NSString *)osVersion
532 policyVersion:(nullable NSNumber *)policyVersion
533 policySecrets:(nullable NSDictionary<NSString*,NSData*> *)policySecrets
534 reply:(void (^)(TrustedPeersHelperPeerState* _Nullable peerState, NSError * _Nullable error))reply
535 {
536 __block int i = 0;
537 __block bool retry;
538 do {
539 retry = false;
540 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
541 if (i < NUM_RETRIES && [self.class retryable:error]) {
542 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
543 retry = true;
544 } else {
545 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
546 reply(nil, error);
547 }
548 ++i;
549 }] updateWithContainer:container context:context deviceName:deviceName serialNumber:serialNumber osVersion:osVersion policyVersion:policyVersion policySecrets:policySecrets reply:reply];
550 } while (retry);
551 }
552
553 - (void)setPreapprovedKeysWithContainer:(NSString *)container
554 context:(NSString *)context
555 preapprovedKeys:(NSArray<NSData*> *)preapprovedKeys
556 reply:(void (^)(NSError * _Nullable error))reply
557 {
558 __block int i = 0;
559 __block bool retry;
560 do {
561 retry = false;
562 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
563 if (i < NUM_RETRIES && [self.class retryable:error]) {
564 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
565 retry = true;
566 } else {
567 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
568 reply(error);
569 }
570 ++i;
571 }] setPreapprovedKeysWithContainer:container context:context preapprovedKeys:preapprovedKeys reply:reply];
572 } while (retry);
573 }
574
575 - (void)updateTLKsWithContainer:(NSString *)container
576 context:(NSString *)context
577 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)ckksKeys
578 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
579 reply:(void (^)(NSArray<CKRecord*>* _Nullable keyHierarchyRecords, NSError * _Nullable error))reply
580 {
581 __block int i = 0;
582 __block bool retry;
583 do {
584 retry = false;
585 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
586 if (i < NUM_RETRIES && [self.class retryable:error]) {
587 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
588 retry = true;
589 } else {
590 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
591 reply(nil, error);
592 }
593 ++i;
594 }] updateTLKsWithContainer:container context:context ckksKeys:ckksKeys tlkShares:tlkShares reply:reply];
595 } while (retry);
596 }
597
598 - (void)fetchViableBottlesWithContainer:(NSString *)container
599 context:(NSString *)context
600 reply:(void (^)(NSArray<NSString*>* _Nullable sortedBottleIDs, NSArray<NSString*>* _Nullable sortedPartialBottleIDs, NSError* _Nullable error))reply
601 {
602 __block int i = 0;
603 __block bool retry;
604 do {
605 retry = false;
606 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
607 if (i < NUM_RETRIES && [self.class retryable:error]) {
608 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
609 retry = true;
610 } else {
611 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
612 reply(nil, nil, error);
613 }
614 ++i;
615 }] fetchViableBottlesWithContainer:container context:context reply:reply];
616 } while (retry);
617 }
618
619 - (void)fetchEscrowContentsWithContainer:(NSString *)container
620 context:(NSString *)context
621 reply:(void (^)(NSData* _Nullable entropy,
622 NSString* _Nullable bottleID,
623 NSData* _Nullable signingPublicKey,
624 NSError* _Nullable error))reply
625 {
626 __block int i = 0;
627 __block bool retry;
628 do {
629 retry = false;
630 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
631 if (i < NUM_RETRIES && [self.class retryable:error]) {
632 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
633 retry = true;
634 } else {
635 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
636 reply(nil, nil, nil, error);
637 }
638 ++i;
639 }] fetchEscrowContentsWithContainer:container context:context reply:reply];
640 } while (retry);
641 }
642
643 - (void)fetchPolicyDocumentsWithContainer:(NSString*)container
644 context:(NSString*)context
645 keys:(NSDictionary<NSNumber*,NSString*>*)keys
646 reply:(void (^)(NSDictionary<NSNumber*,NSArray<NSString*>*>* _Nullable entries,
647 NSError * _Nullable error))reply
648 {
649 __block int i = 0;
650 __block bool retry;
651 do {
652 retry = false;
653 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
654 if (i < NUM_RETRIES && [self.class retryable:error]) {
655 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
656 retry = true;
657 } else {
658 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
659 reply(nil, error);
660 }
661 ++i;
662 }] fetchPolicyDocumentsWithContainer:container context:context keys:keys reply:reply];
663 } while (retry);
664 }
665
666 - (void)fetchPolicyWithContainer:(NSString*)container
667 context:(NSString*)context
668 reply:(void (^)(TPPolicy * _Nullable policy,
669 NSError * _Nullable error))reply
670 {
671 __block int i = 0;
672 __block bool retry;
673 do {
674 retry = false;
675 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
676 if (i < NUM_RETRIES && [self.class retryable:error]) {
677 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
678 retry = true;
679 } else {
680 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
681 reply(nil, error);
682 }
683 ++i;
684 }] fetchPolicyWithContainer:container context:context reply:reply];
685 } while (retry);
686 }
687
688
689 - (void)validatePeersWithContainer:(NSString *)container
690 context:(NSString *)context
691 reply:(void (^)(NSDictionary * _Nullable, NSError * _Nullable))reply
692 {
693 __block int i = 0;
694 __block bool retry;
695 do {
696 retry = false;
697 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
698 if (i < NUM_RETRIES && [self.class retryable:error]) {
699 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
700 retry = true;
701 } else {
702 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
703 reply(nil, error);
704 }
705 ++i;
706 }] validatePeersWithContainer:container context:context reply:reply];
707 } while (retry);
708 }
709
710 - (void)fetchTrustStateWithContainer:(NSString *)container
711 context:(NSString *)context
712 reply:(void (^)(TrustedPeersHelperPeerState* _Nullable selfPeerState,
713 NSArray<TrustedPeersHelperPeer*>* _Nullable trustedPeers,
714 NSError* _Nullable error))reply
715 {
716 __block int i = 0;
717 __block bool retry;
718 do {
719 retry = false;
720 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
721 if (i < NUM_RETRIES && [self.class retryable:error]) {
722 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
723 retry = true;
724 } else {
725 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
726 reply(nil, nil, error);
727 }
728 ++i;
729 }] fetchTrustStateWithContainer:container context:context reply:reply];
730 } while (retry);
731 }
732
733 - (void)setRecoveryKeyWithContainer:(NSString *)container
734 context:(NSString *)context
735 recoveryKey:(NSString *)recoveryKey
736 salt:(NSString *)salt
737 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)ckksKeys
738 reply:(void (^)(NSError* _Nullable error))reply
739 {
740 __block int i = 0;
741 __block bool retry;
742 do {
743 retry = false;
744 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
745 if (i < NUM_RETRIES && [self.class retryable:error]) {
746 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
747 retry = true;
748 } else {
749 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
750 reply(error);
751 }
752 ++i;
753 }] setRecoveryKeyWithContainer:container context:context recoveryKey:recoveryKey salt:salt ckksKeys:ckksKeys reply:reply];
754 } while (retry);
755 }
756
757 - (void)reportHealthWithContainer:(NSString *)container
758 context:(NSString *)context
759 stateMachineState:(NSString *)state
760 trustState:(NSString *)trustState
761 reply:(void (^)(NSError* _Nullable error))reply
762 {
763 __block int i = 0;
764 __block bool retry;
765 do {
766 retry = false;
767 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
768 if (i < NUM_RETRIES && [self.class retryable:error]) {
769 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
770 retry = true;
771 } else {
772 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
773 reply(error);
774 }
775 ++i;
776 }] reportHealthWithContainer:container context:context stateMachineState:state trustState:trustState reply:reply];
777 } while (retry);
778 }
779
780 - (void)pushHealthInquiryWithContainer:(NSString *)container
781 context:(NSString *)context
782 reply:(void (^)(NSError* _Nullable error))reply
783 {
784 __block int i = 0;
785 __block bool retry;
786 do {
787 retry = false;
788 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
789 if (i < NUM_RETRIES && [self.class retryable:error]) {
790 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
791 retry = true;
792 } else {
793 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
794 reply(error);
795 }
796 ++i;
797 }] pushHealthInquiryWithContainer:container context:context reply:reply];
798 } while (retry);
799 }
800
801 - (void)getViewsWithContainer:(NSString *)container
802 context:(NSString *)context
803 inViews:(NSArray<NSString*>*)inViews
804 reply:(void (^)(NSArray<NSString*>* _Nullable, NSError* _Nullable))reply
805 {
806 __block int i = 0;
807 __block bool retry;
808 do {
809 retry = false;
810 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
811 if (i < NUM_RETRIES && [self.class retryable:error]) {
812 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
813 retry = true;
814 } else {
815 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
816 reply(nil, error);
817 }
818 ++i;
819 }] getViewsWithContainer:container context:context inViews:inViews reply:reply];
820 } while (retry);
821 }
822
823 - (void)requestHealthCheckWithContainer:(NSString *)container
824 context:(NSString *)context
825 requiresEscrowCheck:(BOOL)requiresEscrowCheck
826 reply:(void (^)(BOOL postRepairCFU, BOOL postEscrowCFU, BOOL resetOctagon, NSError* _Nullable))reply
827 {
828 __block int i = 0;
829 __block bool retry;
830 do {
831 retry = false;
832 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
833 if (i < NUM_RETRIES && [self.class retryable:error]) {
834 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
835 retry = true;
836 } else {
837 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
838 reply(NO, NO, NO, error);
839 }
840 ++i;
841 }] requestHealthCheckWithContainer:container context:context requiresEscrowCheck:requiresEscrowCheck reply:reply];
842 } while (retry);
843 }
844 @end
mirror of Security