keychain/ot/OTVouchWithBottleOperation.m

   1 /*
   2  * Copyright (c) 2018 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if OCTAGON
  25
  26 #import <utilities/debugging.h>
  27
  28 #import "keychain/ot/OTVouchWithBottleOperation.h"
  29 #import "keychain/ot/OTClientStateMachine.h"
  30 #import "keychain/ot/OTCuttlefishContext.h"
  31 #import "keychain/ot/OTFetchCKKSKeysOperation.h"
  32
  33 #import "keychain/TrustedPeersHelper/TrustedPeersHelperProtocol.h"
  34 #import "keychain/ot/ObjCImprovements.h"
  35
  36 @interface OTVouchWithBottleOperation ()
  37 @property OTOperationDependencies* deps;
  38
  39 @property NSOperation* finishedOp;
  40 @end
  41
  42 @implementation OTVouchWithBottleOperation
  43 @synthesize intendedState = _intendedState;
  44
  45 - (instancetype)initWithDependencies:(OTOperationDependencies*)dependencies
  46                        intendedState:(OctagonState*)intendedState
  47                           errorState:(OctagonState*)errorState
  48                             bottleID:(NSString*)bottleID
  49                              entropy:(NSData*)entropy
  50                           bottleSalt:(NSString*)bottleSalt
  51 {
  52     if((self = [super init])) {
  53         _deps = dependencies;
  54         _intendedState = intendedState;
  55         _nextState = errorState;
  56
  57         _bottleID = bottleID;
  58         _entropy = entropy;
  59         _bottleSalt = bottleSalt;
  60     }
  61     return self;
  62 }
  63
  64 - (void)groupStart
  65 {
  66     secnotice("octagon", "creating voucher using a bottle with escrow record id: %@", self.bottleID);
  67
  68     self.finishedOp = [[NSOperation alloc] init];
  69     [self dependOnBeforeGroupFinished:self.finishedOp];
  70
  71     if(self.bottleSalt != nil) {
  72         secnotice("octagon", "using passed in altdsid, altdsid is: %@", self.bottleSalt);
  73     } else{
  74         NSError *error = nil;
  75
  76         NSString* altDSID = [self.deps.authKitAdapter primaryiCloudAccountAltDSID:&error];
  77         if(altDSID){
  78             secnotice("octagon", "fetched altdsid is: %@", altDSID);
  79             self.bottleSalt = altDSID;
  80         }
  81         else {
  82             secnotice("octagon", "authkit doesn't know about the altdsid, using stored value: %@", error);
  83
  84             NSError* accountError = nil;
  85             OTAccountMetadataClassC* account = [self.deps.stateHolder loadOrCreateAccountMetadata:&accountError];
  86
  87             if(account && !accountError) {
  88                 secnotice("octagon", "retrieved account, altdsid is: %@", account.altDSID);
  89                 self.bottleSalt = account.altDSID;
  90             }
  91             if(accountError || !account){
  92                 secerror("failed to rerieve account object: %@", accountError);
  93             }
  94         }
  95     }
  96
  97     WEAKIFY(self);
  98
  99     // After a vouch, we also want to acquire all TLKs that the bottled peer might have had
 100     OTFetchCKKSKeysOperation* fetchKeysOp = [[OTFetchCKKSKeysOperation alloc] initWithDependencies:self.deps];
 101     [self runBeforeGroupFinished:fetchKeysOp];
 102
 103     CKKSResultOperation* proceedWithKeys = [CKKSResultOperation named:@"bottle-tlks"
 104                                                             withBlock:^{
 105                                                                 STRONGIFY(self);
 106                                                                 [self proceedWithKeys:fetchKeysOp.viewKeySets tlkShares:fetchKeysOp.tlkShares];
 107                                                             }];
 108
 109     [proceedWithKeys addDependency:fetchKeysOp];
 110     [self runBeforeGroupFinished:proceedWithKeys];
 111 }
 112
 113 - (void)proceedWithKeys:(NSArray<CKKSKeychainBackedKeySet*>*)viewKeySets tlkShares:(NSArray<CKKSTLKShare*>*)tlkShares
 114 {
 115     // Preflight the vouch: this will tell us the peerID of the recovering peer.
 116     // Then, filter the tlkShares array to include only tlks sent to that peer.
 117     WEAKIFY(self);
 118     [self.deps.cuttlefishXPCWrapper preflightVouchWithBottleWithContainer:self.deps.containerName
 119                                                                   context:self.deps.contextID
 120                                                                  bottleID:self.bottleID
 121                                                                     reply:^(NSString * _Nullable peerID, NSError * _Nullable error) {
 122         STRONGIFY(self);
 123         [[CKKSAnalytics logger] logResultForEvent:OctagonEventPreflightVouchWithBottle hardFailure:true result:error];
 124
 125         if(error){
 126             secerror("octagon: Error preflighting voucher using bottle: %@", error);
 127             self.error = error;
 128             [self runBeforeGroupFinished:self.finishedOp];
 129             return;
 130         }
 131
 132         secnotice("octagon", "Bottle %@ is for peerID %@", self.bottleID, peerID);
 133
 134         NSMutableArray<CKKSTLKShare*>* filteredTLKShares = [NSMutableArray array];
 135         for(CKKSTLKShare* share in tlkShares) {
 136             // If we didn't get a peerID, just pass every tlkshare and hope for the best
 137             if(peerID == nil || [share.receiverPeerID isEqualToString:peerID]) {
 138                 [filteredTLKShares addObject:share];
 139             }
 140         }
 141
 142         [self proceedWithKeys:viewKeySets filteredTLKShares:filteredTLKShares];
 143     }];
 144 }
 145
 146 - (void)proceedWithKeys:(NSArray<CKKSKeychainBackedKeySet*>*)viewKeySets filteredTLKShares:(NSArray<CKKSTLKShare*>*)tlkShares
 147 {
 148     WEAKIFY(self);
 149
 150     [self.deps.cuttlefishXPCWrapper vouchWithBottleWithContainer:self.deps.containerName
 151                                                          context:self.deps.contextID
 152                                                         bottleID:self.bottleID
 153                                                          entropy:self.entropy
 154                                                       bottleSalt:self.bottleSalt
 155                                                        tlkShares:tlkShares
 156                                                            reply:^(NSData * _Nullable voucher, NSData * _Nullable voucherSig, NSError * _Nullable error) {
 157             STRONGIFY(self);
 158             [[CKKSAnalytics logger] logResultForEvent:OctagonEventVoucherWithBottle hardFailure:true result:error];
 159
 160             if(error){
 161                 secerror("octagon: Error preparing voucher using bottle: %@", error);
 162                 self.error = error;
 163                 [self runBeforeGroupFinished:self.finishedOp];
 164                 return;
 165             }
 166
 167             secnotice("octagon", "Received bottle voucher");
 168
 169             self.voucher = voucher;
 170             self.voucherSig = voucherSig;
 171             self.nextState = self.intendedState;
 172             [self runBeforeGroupFinished:self.finishedOp];
 173         }];
 174 }
 175
 176 @end
 177
 178 #endif // OCTAGON