2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 #import "keychain/ot/OctagonStateMachineHelpers.h"
27 #import "keychain/ot/OTStates.h"
28 #import "keychain/ot/ObjCImprovements.h"
29 #import "keychain/ot/OTDefines.h"
30 #import "keychain/ot/OTConstants.h"
31 #import "keychain/categories/NSError+UsefulConstructors.h"
33 OctagonState* const OctagonStateNoAccount = (OctagonState*) @"no_account";
35 OctagonState* const OctagonStateWaitForHSA2 = (OctagonState*) @"wait_for_hsa2";
37 OctagonState* const OctagonStateUntrusted = (OctagonState*) @"untrusted";
38 OctagonState* const OctagonStateBecomeUntrusted = (OctagonState*) @"become_untrusted";
40 OctagonState* const OctagonStateReady = (OctagonState*) @"ready";
41 OctagonState* const OctagonStateBecomeReady = (OctagonState*) @"become_ready";
43 OctagonState* const OctagonStateEnsureConsistency = (OctagonState*) @"consistency_check";
44 OctagonState* const OctagonStateEnsureOctagonKeysAreConsistent = (OctagonState*)@"key_consistency_check";
45 OctagonState* const OctagonStateEnsureUpdatePreapprovals = (OctagonState*)@"ensure_preapprovals_updated";
47 OctagonState* const OctagonStateInitializing = (OctagonState*) @"initializing";
48 OctagonState* const OctagonStateWaitingForCloudKitAccount = (OctagonState*) @"waiting_for_cloudkit_account";
49 OctagonState* const OctagonStateCloudKitNewlyAvailable = (OctagonState*) @"account_newly_available";
50 OctagonState* const OctagonStateCheckTrustState = (OctagonState*) @"check_trust_state";
52 OctagonState* const OctagonStateUpdateSOSPreapprovals = (OctagonState*) @"update_sos_preapprovals";
54 /*Piggybacking and ProximitySetup as Initiator Octagon only*/
55 OctagonState* const OctagonStateInitiatorUpdateDeviceList = (OctagonState*) @"initiator_device_list_update";
56 OctagonState* const OctagonStateInitiatorAwaitingVoucher = (OctagonState*)@"await_voucher";
57 OctagonState* const OctagonStateInitiatorJoin = (OctagonState*)@"join";
58 OctagonState* const OctagonStateInitiatorJoinCKKSReset = (OctagonState*)@"join_ckks_reset";
59 OctagonState* const OctagonStateInitiatorJoinAfterCKKSReset = (OctagonState*)@"join_after_ckks_reset";
61 /* used in restore (join with bottle)*/
62 OctagonState* const OctagonStateInitiatorCreateIdentity = (OctagonState*)@"create_identity";
63 OctagonState* const OctagonStateInitiatorVouchWithBottle = (OctagonState*)@"vouchWithBottle";
64 OctagonState* const OctagonStateCreateIdentityForRecoveryKey = (OctagonState*)@"vouchWithRecovery";
66 /* used in resotre (join with recovery key)*/
67 OctagonState* const OctagonStateVouchWithRecoveryKey = (OctagonState*)@"vouchWithRecoveryKey";
69 OctagonState* const OctagonStateStartCompanionPairing = (OctagonState*)@"start_companion_pairing";
71 // Untrusted cuttlefish notification.
72 OctagonState* const OctagonStateUntrustedUpdated = (OctagonState*)@"untrusted_update";
74 // Cuttlefish notifiation while ready.
75 OctagonState* const OctagonStateReadyUpdated = (OctagonState*)@"ready_update";
77 OctagonState* const OctagonStateError = (OctagonState*) @"error";
78 OctagonState* const OctagonStateDisabled = (OctagonState*) @"disabled";
80 OctagonState* const OctagonStateDetermineiCloudAccountState = (OctagonState*) @"determine_icloud_account";
81 OctagonState* const OctagonStateAttemptSOSUpgrade = (OctagonState*) @"sosupgrade";
82 OctagonState* const OctagonStateSOSUpgradeCKKSReset = (OctagonState*) @"sosupgrade_ckks_reset";
83 OctagonState* const OctagonStateSOSUpgradeAfterCKKSReset = (OctagonState*) @"sosupgrade_after_ckks_reset";
84 OctagonState* const OctagonStateUnimplemented = (OctagonState*) @"unimplemented";
86 /* Reset and establish */
87 OctagonState* const OctagonStateResetBecomeUntrusted = (OctagonState*) @"reset_become_untrusted";
88 OctagonState* const OctagonStateResetAndEstablish = (OctagonState*) @"reset_and_establish";
89 OctagonState* const OctagonStateResetAnyMissingTLKCKKSViews = (OctagonState*) @"reset_ckks_missing_views";
90 OctagonState* const OctagonStateReEnactDeviceList = (OctagonState*) @"reenact_device_list";
91 OctagonState* const OctagonStateReEnactPrepare = (OctagonState*) @"reenact_prepare";
92 OctagonState* const OctagonStateReEnactReadyToEstablish = (OctagonState*) @"reenact_ready_to_establish";
93 OctagonState* const OctagonStateEstablishCKKSReset = (OctagonState*) @"reenact_ckks_reset";
94 OctagonState* const OctagonStateEstablishAfterCKKSReset = (OctagonState*) @"reenact_establish_after_ckks_reset";
96 /* used for trust health checks */
97 OctagonState* const OctagonStateHSA2HealthCheck = (OctagonState*) @"health_hsa2_check";
98 OctagonState* const OctagonStateTPHTrustCheck = (OctagonState*) @"tph_trust_check";
99 OctagonState* const OctagonStateCuttlefishTrustCheck = (OctagonState*) @"cuttlefish_trust_check";
100 OctagonState* const OctagonStatePostRepairCFU = (OctagonState*) @"post_repair_cfu";
101 OctagonState* const OctagonStateSecurityTrustCheck = (OctagonState*) @"security_trust_check";
102 OctagonState* const OctagonStateHealthCheckReset = (OctagonState*) @"health_check_reset";
104 OctagonState* const OctagonStateNoAccountDoReset = (OctagonState*) @"no_account_do_reset";
106 OctagonState* const OctagonStateWaitForUnlock = (OctagonState*) @"wait_for_unlock";
108 OctagonState* const OctagonStateAssistCKKSTLKUpload = (OctagonState*) @"assist_ckks_tlk_upload";
109 OctagonState* const OctagonStateAssistCKKSTLKUploadCKKSReset = (OctagonState*) @"assist_ckks_tlk_upload_ckks_reset";
110 OctagonState* const OctagonStateAssistCKKSTLKUploadAfterCKKSReset = (OctagonState*) @"assist_ckks_tlk_upload_after_ckks_reset";
113 OctagonState* const OctagonStateEscrowTriggerUpdate = (OctagonState*) @"escrow-trigger-update";
115 NSDictionary<OctagonState*, NSNumber*>* OctagonStateMap(void) {
116 static NSDictionary<OctagonState*, NSNumber*>* map = nil;
117 static dispatch_once_t onceToken;
118 dispatch_once(&onceToken, ^{
120 OctagonStateReady: @0U,
121 OctagonStateError: @1U,
122 OctagonStateInitializing: @2U,
123 OctagonStateMachineNotStarted: @3U,
124 OctagonStateDisabled: @4U,
125 OctagonStateUntrusted: @5U,
127 //Removed: OctagonStateInitiatorAwaitingAcceptorEpoch: @9U,
128 //Removed: OctagonStateInitiatorReadyToSendIdentity: @10U,
130 OctagonStateInitiatorUpdateDeviceList: @8U,
131 OctagonStateInitiatorAwaitingVoucher: @11U,
132 OctagonStateInitiatorJoin: @12U,
134 //Removed: OctagonStateIdentityPrepared: @6U,
135 //Removed: OctagonStateDeviceListUpdated: @7U,
137 OctagonStateAttemptSOSUpgrade: @8U,
139 OctagonStateUnimplemented: @9U,
140 OctagonStateDetermineiCloudAccountState: @10U,
141 OctagonStateNoAccount: @11U,
143 OctagonStateResetAndEstablish: @12U,
144 OctagonStateReEnactDeviceList: @13U,
145 OctagonStateReEnactPrepare: @14U,
146 OctagonStateReEnactReadyToEstablish: @15U,
147 OctagonStateNoAccountDoReset: @16U,
148 OctagonStateInitiatorVouchWithBottle: @17U,
149 OctagonStateInitiatorCreateIdentity: @18U,
150 OctagonStateCloudKitNewlyAvailable: @19U,
151 OctagonStateCheckTrustState: @20U,
152 OctagonStateBecomeUntrusted: @21U,
153 OctagonStateWaitForUnlock: @22U,
154 OctagonStateWaitingForCloudKitAccount: @23U,
155 OctagonStateBecomeReady: @24U,
156 OctagonStateVouchWithRecoveryKey: @25U,
157 OctagonStateCreateIdentityForRecoveryKey: @26U,
158 OctagonStateUpdateSOSPreapprovals: @27U,
159 OctagonStateWaitForHSA2: @28U,
160 OctagonStateAssistCKKSTLKUpload: @29U,
161 OctagonStateStartCompanionPairing: @30U,
162 OctagonStateEscrowTriggerUpdate: @31U,
163 OctagonStateEnsureConsistency: @32U,
164 OctagonStateResetBecomeUntrusted: @33U,
165 OctagonStateUntrustedUpdated: @34U,
166 OctagonStateReadyUpdated: @35U,
167 OctagonStateTPHTrustCheck: @36U,
168 OctagonStateCuttlefishTrustCheck: @37U,
169 OctagonStatePostRepairCFU: @38U,
170 OctagonStateSecurityTrustCheck: @39U,
171 OctagonStateEnsureOctagonKeysAreConsistent: @40U,
172 OctagonStateEnsureUpdatePreapprovals: @41U,
173 OctagonStateResetAnyMissingTLKCKKSViews: @42U,
174 OctagonStateEstablishCKKSReset: @43U,
175 OctagonStateEstablishAfterCKKSReset: @44U,
176 OctagonStateSOSUpgradeCKKSReset: @45U,
177 OctagonStateSOSUpgradeAfterCKKSReset: @46U,
178 OctagonStateInitiatorJoinCKKSReset: @47U,
179 OctagonStateInitiatorJoinAfterCKKSReset: @48U,
180 OctagonStateHSA2HealthCheck: @49U,
181 OctagonStateHealthCheckReset: @50U,
182 OctagonStateAssistCKKSTLKUploadCKKSReset: @51U,
183 OctagonStateAssistCKKSTLKUploadAfterCKKSReset: @52U,
189 NSDictionary<NSNumber*, OctagonState*>* OctagonStateInverseMap(void) {
190 static NSDictionary<NSNumber*, OctagonState*>* backwardMap = nil;
191 static dispatch_once_t onceToken;
192 dispatch_once(&onceToken, ^{
193 NSDictionary<OctagonState*, NSNumber*>* forwardMap = OctagonStateMap();
194 backwardMap = [NSDictionary dictionaryWithObjects:[forwardMap allKeys] forKeys:[forwardMap allValues]];
199 NSSet<OctagonState*>* OctagonInAccountStates(void)
201 static NSSet<OctagonState*>* s = nil;
202 static dispatch_once_t onceToken;
203 dispatch_once(&onceToken, ^{
204 NSMutableSet* sourceStates = [NSMutableSet setWithArray: OctagonStateMap().allKeys];
206 // NoAccount is obviously not in-account, but we also include the startup states that determine
207 // apple account and icloud account status:
208 [sourceStates removeObject:OctagonStateNoAccount];
209 [sourceStates removeObject:OctagonStateNoAccountDoReset];
210 [sourceStates removeObject:OctagonStateInitializing];
211 [sourceStates removeObject:OctagonStateDetermineiCloudAccountState];
212 [sourceStates removeObject:OctagonStateWaitingForCloudKitAccount];
213 [sourceStates removeObject:OctagonStateCloudKitNewlyAvailable];
214 [sourceStates removeObject:OctagonStateWaitForHSA2];
221 NSSet<OctagonState *>* OctagonHealthSourceStates(void)
223 static NSSet<OctagonState*>* s = nil;
224 static dispatch_once_t onceToken;
225 dispatch_once(&onceToken, ^{
226 NSMutableSet* sourceStates = [NSMutableSet set];
228 [sourceStates addObject:OctagonStateReady];
229 [sourceStates addObject:OctagonStateError];
230 [sourceStates addObject:OctagonStateUntrusted];
231 [sourceStates addObject:OctagonStateWaitForHSA2];
232 [sourceStates addObject:OctagonStateWaitForUnlock];
240 OctagonFlag* const OctagonFlagIDMSLevelChanged = (OctagonFlag*) @"idms_level";
241 OctagonFlag* const OctagonFlagEgoPeerPreapproved = (OctagonFlag*) @"preapproved";
242 OctagonFlag* const OctagonFlagCKKSRequestsTLKUpload = (OctagonFlag*) @"tlk_upload_needed";
243 OctagonFlag* const OctagonFlagCuttlefishNotification = (OctagonFlag*) @"recd_push";
244 OctagonFlag* const OctagonFlagAccountIsAvailable = (OctagonFlag*)@"account_available";
245 OctagonFlag* const OctagonFlagAttemptSOSUpgrade = (OctagonFlag*)@"attempt_sos_upgrade";
246 OctagonFlag* const OctagonFlagFetchAuthKitMachineIDList = (OctagonFlag*)@"attempt_machine_id_list";
247 OctagonFlag* const OctagonFlagUnlocked = (OctagonFlag*)@"unlocked";
248 OctagonFlag* const OctagonFlagAttemptSOSUpdatePreapprovals = (OctagonFlag*)@"attempt_sos_update_preapprovals";
249 OctagonFlag* const OctagonFlagAttemptSOSConsistency = (OctagonFlag*)@"attempt_sos_consistency";
250 OctagonFlag* const OctagonFlagEscrowRequestInformCloudServicesOperation = (OctagonFlag*)@"escrowrequest_inform_cloudservices";