keychain/ot/OTControl.m

   1 /*
   2  * Copyright (c) 2017 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if __OBJC2__
  25
  26 #import <Foundation/NSXPCConnection_Private.h>
  27 #import <xpc/xpc.h>
  28
  29 #import <Security/SecItemPriv.h>
  30
  31 #import "keychain/ot/OTControl.h"
  32 #import "keychain/ot/OTControlProtocol.h"
  33 #import "keychain/ot/OctagonControlServer.h"
  34
  35 #include <security_utilities/debugging.h>
  36
  37 @interface OTControl ()
  38 @property NSXPCConnection *connection;
  39 @end
  40
  41 @implementation OTControl
  42
  43 - (instancetype)initWithConnection:(NSXPCConnection*)connection {
  44     if(self = [super init]) {
  45         _connection = connection;
  46     }
  47     return self;
  48 }
  49
  50 - (void)restore:(NSString *)contextID dsid:(NSString *)dsid secret:(NSData*)secret escrowRecordID:(NSString*)escrowRecordID
  51          reply:(void (^)(NSData* signingKeyData, NSData* encryptionKeyData, NSError* _Nullable error))reply
  52 {
  53     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
  54         reply(nil, nil, error);
  55     }] restore:contextID dsid:dsid secret:secret escrowRecordID:escrowRecordID reply:^(NSData* signingKeyData, NSData* encryptionKeyData, NSError *error) {
  56         reply(signingKeyData, encryptionKeyData, error);
  57     }];
  58
  59 }
  60
  61 -(void)reset:(void (^)(BOOL result, NSError* _Nullable error))reply
  62 {
  63     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
  64         reply(NO, error);
  65     }] reset:^(BOOL result, NSError * _Nullable error) {
  66         reply(result, error);
  67     }];
  68 }
  69
  70 - (void)signingKey:(void (^)(NSData* result, NSError* _Nullable error))reply
  71 {
  72     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
  73         reply(nil, error);
  74     }] octagonSigningPublicKey:^(NSData *signingKey, NSError * _Nullable error) {
  75         reply(signingKey, error);
  76     }];
  77
  78 }
  79
  80 - (void)encryptionKey:(void (^)(NSData* result, NSError* _Nullable error))reply
  81 {
  82     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
  83         reply(nil, error);
  84     }] octagonEncryptionPublicKey:^(NSData *encryptionKey, NSError * _Nullable error) {
  85         reply(encryptionKey, error);
  86     }];
  87
  88 }
  89
  90 - (void)listOfRecords:(void (^)(NSArray* list, NSError* _Nullable error))reply
  91 {
  92     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
  93         reply(nil, error);
  94     }] listOfEligibleBottledPeerRecords:^(NSArray *list, NSError * _Nullable error) {
  95         reply(list, error);
  96     }];
  97
  98 }
  99
 100 - (void)signIn:(NSString*)dsid reply:(void (^)(BOOL result, NSError * _Nullable error))reply{
 101     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
 102         reply(NO, error);
 103     }] signIn:dsid reply:^(BOOL result, NSError * _Nullable error) {
 104         reply(result, error);
 105     }];
 106 }
 107
 108 - (void)signOut:(void (^)(BOOL result, NSError * _Nullable error))reply
 109 {
 110     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
 111         reply(NO, error);
 112     }] signOut:^(BOOL result, NSError * _Nullable error) {
 113         reply(result, error);
 114     }];
 115
 116 }
 117
 118
 119 - (void)preflightBottledPeer:(NSString*)contextID
 120                         dsid:(NSString*)dsid
 121                        reply:(void (^)(NSData* _Nullable entropy,
 122                                        NSString* _Nullable bottleID,
 123                                        NSData* _Nullable signingPublicKey,
 124                                        NSError* _Nullable error))reply
 125 {
 126     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
 127         reply(nil, nil, nil, error);
 128     }] preflightBottledPeer:contextID dsid:dsid reply:^(NSData* _Nullable entropy,
 129                                                         NSString* _Nullable bottleID,
 130                                                         NSData* _Nullable signingPublicKey,
 131                                                         NSError* _Nullable error) {
 132         reply(entropy, bottleID, signingPublicKey, error);
 133     }];
 134 }
 135
 136 - (void)launchBottledPeer:(NSString*)contextID
 137                  bottleID:(NSString*)bottleID
 138                     reply:(void (^ _Nullable)(NSError* _Nullable))reply
 139 {
 140     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
 141         reply(error);
 142     }] launchBottledPeer:contextID bottleID:bottleID reply:^(NSError * _Nullable error) {
 143         reply(error);
 144     }];
 145 }
 146
 147 - (void)scrubBottledPeer:(NSString*)contextID
 148                 bottleID:(NSString*)bottleID
 149                    reply:(void (^ _Nullable)(NSError* _Nullable))reply
 150 {
 151     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
 152         reply(error);
 153     }] scrubBottledPeer:contextID bottleID:bottleID reply:reply];
 154 }
 155
 156 + (OTControl*)controlObject:(NSError* __autoreleasing *)error {
 157
 158     NSXPCConnection* connection = [[NSXPCConnection alloc] initWithMachServiceName:@(kSecuritydOctagonServiceName) options:0];
 159
 160     if (connection == nil) {
 161         if(error) {
 162             *error =  [NSError errorWithDomain:@"securityd" code:-1 userInfo:@{NSLocalizedDescriptionKey: @"Couldn't create connection (no reason given)"}];
 163         }
 164         return nil;
 165     }
 166
 167     NSXPCInterface *interface = OTSetupControlProtocol([NSXPCInterface interfaceWithProtocol:@protocol(OTControlProtocol)]);
 168     connection.remoteObjectInterface = interface;
 169     [connection resume];
 170
 171     OTControl* c = [[OTControl alloc] initWithConnection:connection];
 172     return c;
 173 }
 174
 175 @end
 176
 177 #endif // __OBJC2__