keychain/ckks/CKKSConstants.m

   1
   2 #import <Foundation/Foundation.h>
   3 #include <sys/sysctl.h>
   4
   5 #import "keychain/ckks/CKKS.h"
   6
   7 const SecCKKSItemEncryptionVersion currentCKKSItemEncryptionVersion = CKKSItemEncryptionVersion2;
   8
   9 NSString* const SecCKKSActionAdd = @"add";
  10 NSString* const SecCKKSActionDelete = @"delete";
  11 NSString* const SecCKKSActionModify = @"modify";
  12
  13 CKKSItemState* const SecCKKSStateNew = (CKKSItemState*) @"new";
  14 CKKSItemState* const SecCKKSStateUnauthenticated = (CKKSItemState*) @"unauthenticated";
  15 CKKSItemState* const SecCKKSStateInFlight = (CKKSItemState*) @"inflight";
  16 CKKSItemState* const SecCKKSStateReencrypt = (CKKSItemState*) @"reencrypt";
  17 CKKSItemState* const SecCKKSStateError = (CKKSItemState*) @"error";
  18 CKKSItemState* const SecCKKSStateDeleted = (CKKSItemState*) @"deleted";
  19 CKKSItemState* const SecCKKSStateMismatchedView = (CKKSItemState*) @"mismatched_view";
  20
  21 CKKSProcessedState* const SecCKKSProcessedStateLocal = (CKKSProcessedState*) @"local";
  22 CKKSProcessedState* const SecCKKSProcessedStateRemote = (CKKSProcessedState*) @"remote";
  23
  24 CKKSKeyClass* const SecCKKSKeyClassTLK = (CKKSKeyClass*) @"tlk";
  25 CKKSKeyClass* const SecCKKSKeyClassA = (CKKSKeyClass*) @"classA";
  26 CKKSKeyClass* const SecCKKSKeyClassC = (CKKSKeyClass*) @"classC";
  27
  28 NSString* SecCKKSContainerName = @"com.apple.security.keychain";
  29 bool SecCKKSContainerUsePCS = false;
  30
  31 NSString* const SecCKKSSubscriptionID = @"keychain-changes";
  32 NSString* const SecCKKSAPSNamedPort = @"com.apple.securityd.aps";
  33
  34 NSString* const SecCKRecordItemType = @"item";
  35 NSString* const SecCKRecordHostOSVersionKey = @"uploadver";
  36 NSString* const SecCKRecordEncryptionVersionKey = @"encver";
  37 NSString* const SecCKRecordDataKey = @"data";
  38 NSString* const SecCKRecordParentKeyRefKey = @"parentkeyref";
  39 NSString* const SecCKRecordWrappedKeyKey = @"wrappedkey";
  40 NSString* const SecCKRecordGenerationCountKey = @"gen";
  41
  42 NSString* const SecCKRecordPCSServiceIdentifier = @"pcsservice";
  43 NSString* const SecCKRecordPCSPublicKey = @"pcspublickey";
  44 NSString* const SecCKRecordPCSPublicIdentity = @"pcspublicidentity";
  45 NSString* const SecCKRecordServerWasCurrent = @"server_wascurrent";
  46
  47 NSString* const SecCKRecordIntermediateKeyType = @"synckey";
  48 NSString* const SecCKRecordKeyClassKey = @"class";
  49
  50 NSString* const SecCKRecordTLKShareType = @"tlkshare";
  51 NSString* const SecCKRecordSenderPeerID = @"sender";
  52 NSString* const SecCKRecordReceiverPeerID = @"receiver";
  53 NSString* const SecCKRecordReceiverPublicEncryptionKey = @"receiverPublicEncryptionKey";
  54 NSString* const SecCKRecordCurve = @"curve";
  55 NSString* const SecCKRecordEpoch = @"epoch";
  56 NSString* const SecCKRecordPoisoned = @"poisoned";
  57 NSString* const SecCKRecordSignature = @"signature";
  58 NSString* const SecCKRecordVersion = @"version";
  59
  60 NSString* const SecCKRecordCurrentKeyType = @"currentkey";
  61
  62 NSString* const SecCKRecordCurrentItemType = @"currentitem";
  63 NSString* const SecCKRecordItemRefKey = @"item";
  64
  65 NSString* const SecCKRecordDeviceStateType = @"devicestate";
  66 NSString* const SecCKRecordOctagonPeerID = @"octagonpeerid";
  67 NSString* const SecCKRecordOctagonStatus = @"octagonstatus";
  68 NSString* const SecCKRecordCirclePeerID = @"peerid";
  69 NSString* const SecCKRecordCircleStatus = @"circle";
  70 NSString* const SecCKRecordKeyState = @"keystate";
  71 NSString* const SecCKRecordCurrentTLK = @"currentTLK";
  72 NSString* const SecCKRecordCurrentClassA = @"currentClassA";
  73 NSString* const SecCKRecordCurrentClassC = @"currentClassC";
  74 NSString* const SecCKSRecordLastUnlockTime = @"lastunlock";
  75 NSString* const SecCKSRecordOSVersionKey = @"osver";
  76
  77 NSString* const SecCKRecordManifestType = @"manifest";
  78 NSString* const SecCKRecordManifestDigestValueKey = @"digest_value";
  79 NSString* const SecCKRecordManifestGenerationCountKey = @"generation_count";
  80 NSString* const SecCKRecordManifestLeafRecordIDsKey = @"leaf_records";
  81 NSString* const SecCKRecordManifestPeerManifestRecordIDsKey = @"peer_manifests";
  82 NSString* const SecCKRecordManifestCurrentItemsKey = @"current_items";
  83 NSString* const SecCKRecordManifestSignaturesKey = @"signatures";
  84 NSString* const SecCKRecordManifestSignerIDKey = @"signer_id";
  85 NSString* const SecCKRecordManifestSchemaKey = @"schema";
  86
  87 NSString* const SecCKRecordManifestLeafType = @"manifest_leaf";
  88 NSString* const SecCKRecordManifestLeafDERKey = @"der";
  89 NSString* const SecCKRecordManifestLeafDigestKey = @"digest";
  90
  91 CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForCloudKitAccountStatus = (CKKSZoneKeyState*)@"wait_for_ck_account_status";
  92
  93 CKKSZoneKeyState* const SecCKKSZoneKeyStateReady = (CKKSZoneKeyState*) @"ready";
  94 CKKSZoneKeyState* const SecCKKSZoneKeyStateBecomeReady = (CKKSZoneKeyState*) @"become_ready";
  95 CKKSZoneKeyState* const SecCKKSZoneKeyStateReadyPendingUnlock = (CKKSZoneKeyState*) @"readypendingunlock";
  96 CKKSZoneKeyState* const SecCKKSZoneKeyStateError = (CKKSZoneKeyState*) @"error";
  97
  98 CKKSZoneKeyState* const SecCKKSZoneKeyStateInitializing = (CKKSZoneKeyState*) @"initializing";
  99 CKKSZoneKeyState* const SecCKKSZoneKeyStateInitialized = (CKKSZoneKeyState*) @"initialized";
 100 CKKSZoneKeyState* const SecCKKSZoneKeyStateBeginFetch = (CKKSZoneKeyState*) @"begin_fetch";
 101 CKKSZoneKeyState* const SecCKKSZoneKeyStateFetch = (CKKSZoneKeyState*) @"fetching";
 102 CKKSZoneKeyState* const SecCKKSZoneKeyStateFetchComplete = (CKKSZoneKeyState*) @"fetchcomplete";
 103 CKKSZoneKeyState* const SecCKKSZoneKeyStateNeedFullRefetch = (CKKSZoneKeyState*) @"needrefetch";
 104
 105 CKKSZoneKeyState* const SecCKKSZoneKeyStateTLKMissing = (CKKSZoneKeyState*) @"tlkmissing";
 106 CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForTLK = (CKKSZoneKeyState*) @"waitfortlk";
 107
 108 CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForTLKCreation = (CKKSZoneKeyState*) @"waitfortlkcreation";
 109 CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForTLKUpload = (CKKSZoneKeyState*) @"waitfortlkupload";
 110 CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForUnlock = (CKKSZoneKeyState*) @"waitforunlock";
 111 CKKSZoneKeyState* const SecCKKSZoneKeyStateLoseTrust = (CKKSZoneKeyState*) @"lose_trust";
 112 CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForTrust = (CKKSZoneKeyState*) @"waitfortrust";
 113 CKKSZoneKeyState* const SecCKKSZoneKeyStateUnhealthy = (CKKSZoneKeyState*) @"unhealthy";
 114 CKKSZoneKeyState* const SecCKKSZoneKeyStateBadCurrentPointers = (CKKSZoneKeyState*) @"badcurrentpointers";
 115 CKKSZoneKeyState* const SecCKKSZoneKeyStateNewTLKsFailed = (CKKSZoneKeyState*) @"newtlksfailed";
 116 CKKSZoneKeyState* const SecCKKSZoneKeyStateHealTLKShares = (CKKSZoneKeyState*) @"healtlkshares";
 117 CKKSZoneKeyState* const SecCKKSZoneKeyStateHealTLKSharesFailed = (CKKSZoneKeyState*) @"healtlksharesfailed";
 118 CKKSZoneKeyState* const SecCKKSZoneKeyStateWaitForFixupOperation = (CKKSZoneKeyState*) @"waitforfixupoperation";
 119 CKKSZoneKeyState* const SecCKKSZoneKeyStateResettingZone = (CKKSZoneKeyState*) @"resetzone";
 120 CKKSZoneKeyState* const SecCKKSZoneKeyStateResettingLocalData = (CKKSZoneKeyState*) @"resetlocal";
 121 CKKSZoneKeyState* const SecCKKSZoneKeyStateLoggedOut = (CKKSZoneKeyState*) @"loggedout";
 122 CKKSZoneKeyState* const SecCKKSZoneKeyStateZoneCreationFailed = (CKKSZoneKeyState*) @"zonecreationfailed";
 123 CKKSZoneKeyState* const SecCKKSZoneKeyStateProcess = (CKKSZoneKeyState*) @"process_key_hierarchy";
 124
 125 NSString* const CKKSErrorDomain = @"CKKSErrorDomain";
 126 NSString* const CKKSServerExtensionErrorDomain = @"CKKSServerExtensionErrorDomain";
 127
 128 const NSUInteger SecCKKSItemPaddingBlockSize = 20;
 129
 130 NSString* const SecCKKSAggdPropagationDelay   = @"com.apple.security.ckks.propagationdelay";
 131 NSString* const SecCKKSAggdPrimaryKeyConflict = @"com.apple.security.ckks.pkconflict";
 132 NSString* const SecCKKSAggdViewKeyCount = @"com.apple.security.ckks.keycount";
 133 NSString* const SecCKKSAggdItemReencryption = @"com.apple.security.ckks.reencrypt";
 134
 135 NSString* const SecCKKSUserDefaultsSuite = @"com.apple.security.ckks";
 136
 137 NSString* SecCKKSHostOSVersion()
 138 {
 139 #ifdef PLATFORM
 140     // Use complicated macro magic to get the string value passed in as preprocessor define PLATFORM.
 141 #define PLATFORM_VALUE(f) #f
 142 #define PLATFORM_OBJCSTR(f) @PLATFORM_VALUE(f)
 143     NSString* platform = (PLATFORM_OBJCSTR(PLATFORM));
 144 #undef PLATFORM_OBJCSTR
 145 #undef PLATFORM_VALUE
 146 #else
 147     NSString* platform = "unknown";
 148 #warning No PLATFORM defined; why?
 149 #endif
 150
 151     NSString* osversion = nil;
 152
 153     // If we can get the build information from sysctl, use it.
 154     char release[256];
 155     size_t releasesize = sizeof(release);
 156     bool haveSysctlInfo = true;
 157     haveSysctlInfo &= (0 == sysctlbyname("kern.osrelease", release, &releasesize, NULL, 0));
 158
 159     char version[256];
 160     size_t versionsize = sizeof(version);
 161     haveSysctlInfo &= (0 == sysctlbyname("kern.osversion", version, &versionsize, NULL, 0));
 162
 163     if(haveSysctlInfo) {
 164         // Null-terminate for extra safety
 165         release[sizeof(release)-1] = '\0';
 166         version[sizeof(version)-1] = '\0';
 167         osversion = [NSString stringWithFormat:@"%s (%s)", release, version];
 168     }
 169
 170     if(!osversion) {
 171         //  Otherwise, use the not-really-supported fallback.
 172         osversion = [[NSProcessInfo processInfo] operatingSystemVersionString];
 173
 174         // subtly improve osversion (but it's okay if that does nothing)
 175         osversion = [osversion stringByReplacingOccurrencesOfString:@"Version" withString:@""];
 176     }
 177
 178     return [NSString stringWithFormat:@"%@ %@", platform, osversion];
 179 }