]> git.saurik.com Git - apple/security.git/blob - keychain/ckks/CKKSLockStateTracker.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-58286.1.32.tar.gz
[apple/security.git] / keychain / ckks / CKKSLockStateTracker.m
1 /*
2 * Copyright (c) 2017 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #if OCTAGON
25
26 #include <notify.h>
27 #include <dispatch/dispatch.h>
28 #include <utilities/SecAKSWrappers.h>
29
30 #import "keychain/ckks/CKKS.h"
31 #import "keychain/ckks/CKKSGroupOperation.h"
32 #import "keychain/ckks/CKKSLockStateTracker.h"
33
34 @interface CKKSLockStateTracker ()
35 @property bool isLocked;
36 @property dispatch_queue_t queue;
37 @property NSOperationQueue* operationQueue;
38 @end
39
40 @implementation CKKSLockStateTracker
41
42 - (instancetype)init {
43 if((self = [super init])) {
44 _queue = dispatch_queue_create("lock-state-tracker", DISPATCH_QUEUE_SERIAL);
45 _operationQueue = [[NSOperationQueue alloc] init];
46
47 _isLocked = true;
48 [self resetUnlockDependency];
49
50 __weak __typeof(self) weakSelf = self;
51
52 // If this is a live server, register with notify
53 if(!SecCKKSTestsEnabled()) {
54 int token = 0;
55 notify_register_dispatch(kUserKeybagStateChangeNotification, &token, _queue, ^(int t) {
56 [weakSelf _onqueueRecheck];
57 });
58 }
59
60 dispatch_async(_queue, ^{
61 [weakSelf _onqueueRecheck];
62 });
63 }
64 return self;
65 }
66
67 -(NSString*)description {
68 return [NSString stringWithFormat: @"<CKKSLockStateTracker: %@>", self.isLocked ? @"locked" : @"unlocked"];
69 }
70
71 -(void)resetUnlockDependency {
72 if(self.unlockDependency == nil || ![self.unlockDependency isPending]) {
73 self.unlockDependency = [NSBlockOperation blockOperationWithBlock: ^{
74 secinfo("ckks", "Keybag unlocked");
75 }];
76 self.unlockDependency.name = @"keybag-unlocked-dependency";
77 }
78 }
79
80 +(bool)queryAKSLocked {
81 CFErrorRef aksError = NULL;
82 bool locked = true;
83
84 if(!SecAKSGetIsLocked(&locked, &aksError)) {
85 secerror("ckks: error querying lock state: %@", aksError);
86 CFReleaseNull(aksError);
87 }
88
89 return locked;
90 }
91
92 -(void)_onqueueRecheck {
93 dispatch_assert_queue(self.queue);
94
95 bool wasLocked = self.isLocked;
96 self.isLocked = [CKKSLockStateTracker queryAKSLocked];
97
98 if(wasLocked != self.isLocked) {
99 if(self.isLocked) {
100 // We're locked now.
101 [self resetUnlockDependency];
102 } else {
103 [self.operationQueue addOperation: self.unlockDependency];
104 self.unlockDependency = nil;
105 }
106 }
107 }
108
109 -(void)recheck {
110 dispatch_sync(self.queue, ^{
111 [self _onqueueRecheck];
112 });
113 }
114
115 -(bool)isLockedError:(NSError *)error {
116 return [error.domain isEqualToString:@"securityd"] && error.code == errSecInteractionNotAllowed;
117 }
118
119
120 @end
121
122 #endif // OCTAGON
mirror of Security