]> git.saurik.com Git - apple/security.git/blob - keychain/TrustedPeersHelper/TrustedPeersHelperProtocol.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.101.1.tar.gz
[apple/security.git] / keychain / TrustedPeersHelper / TrustedPeersHelperProtocol.m
1
2 #import <Foundation/Foundation.h>
3
4 #if OCTAGON
5 #import "keychain/TrustedPeersHelper/TrustedPeersHelperProtocol.h"
6 #import "utilities/debugging.h"
7 #import <CloudKit/CloudKit.h>
8 #import <CloudKit/CloudKit_Private.h>
9 #endif
10
11 NSXPCInterface* TrustedPeersHelperSetupProtocol(NSXPCInterface* interface)
12 {
13 #if OCTAGON
14 static NSMutableSet *errClasses;
15
16 static dispatch_once_t onceToken;
17 dispatch_once(&onceToken, ^{
18 errClasses = [NSMutableSet setWithSet:CKAcceptableValueClasses()];
19
20 char *classes[] = {
21 "CKPrettyError",
22 "CKRecordID",
23 "NSArray",
24 "NSData",
25 "NSDate",
26 "NSDictionary",
27 "NSError",
28 "NSNull",
29 "NSNumber",
30 "NSOrderedSet",
31 "NSSet",
32 "NSString",
33 "NSURL",
34 };
35
36 for (unsigned n = 0; n < sizeof(classes)/sizeof(classes[0]); n++) {
37 Class cls = objc_getClass(classes[n]);
38 if (cls) {
39 [errClasses addObject:cls];
40 }
41 }
42 });
43
44 @try {
45 NSSet* arrayOfKeySets = [NSSet setWithArray:@[[NSArray class], [CKKSKeychainBackedKeySet class]]];
46 NSSet* arrayOfTLKShares = [NSSet setWithArray:@[[NSArray class], [CKKSTLKShare class]]];
47 NSSet* arrayOfCKRecords = [NSSet setWithArray:@[[NSArray class], [CKRecord class]]];
48 NSSet* arrayOfStrings = [NSSet setWithArray:@[[NSArray class], [NSString class]]];
49 NSSet* trustedPeersHelperPeerState = [NSSet setWithObject:[TrustedPeersHelperPeerState class]];
50
51 NSSet* arrayOfTrustedPeersHelperPeer = [NSSet setWithArray:@[[NSArray class], [TrustedPeersHelperPeer class]]];
52
53 [interface setClasses:arrayOfStrings forSelector:@selector(addAllowedMachineIDsWithContainer:context:machineIDs:reply:) argumentIndex:2 ofReply:NO];
54 [interface setClasses:arrayOfStrings forSelector:@selector(removeAllowedMachineIDsWithContainer:context:machineIDs:reply:) argumentIndex:2 ofReply:NO];
55
56 [interface setClasses:arrayOfKeySets forSelector:@selector(establishWithContainer:context:ckksKeys:tlkShares:preapprovedKeys:reply:) argumentIndex:2 ofReply:NO];
57 [interface setClasses:arrayOfTLKShares forSelector:@selector(establishWithContainer:context:ckksKeys:tlkShares:preapprovedKeys:reply:) argumentIndex:3 ofReply:NO];
58 [interface setClasses:arrayOfCKRecords forSelector:@selector(establishWithContainer:context:ckksKeys:tlkShares:preapprovedKeys:reply:) argumentIndex:1 ofReply:YES];
59
60 [interface setClasses:arrayOfKeySets forSelector:@selector(joinWithContainer:context:voucherData:voucherSig:ckksKeys:tlkShares:preapprovedKeys:reply:) argumentIndex:4 ofReply:NO];
61 [interface setClasses:arrayOfTLKShares forSelector:@selector(joinWithContainer:context:voucherData:voucherSig:ckksKeys:tlkShares:preapprovedKeys:reply:) argumentIndex:5 ofReply:NO];
62 [interface setClasses:arrayOfCKRecords forSelector:@selector(joinWithContainer:context:voucherData:voucherSig:ckksKeys:tlkShares:preapprovedKeys:reply:) argumentIndex:1 ofReply:YES];
63
64 [interface setClasses:arrayOfKeySets forSelector:@selector(attemptPreapprovedJoinWithContainer:context:ckksKeys:tlkShares:preapprovedKeys:reply:) argumentIndex:2 ofReply:NO];
65 [interface setClasses:arrayOfTLKShares forSelector:@selector(attemptPreapprovedJoinWithContainer:context:ckksKeys:tlkShares:preapprovedKeys:reply:) argumentIndex:3 ofReply:NO];
66 [interface setClasses:arrayOfCKRecords forSelector:@selector(attemptPreapprovedJoinWithContainer:context:ckksKeys:tlkShares:preapprovedKeys:reply:) argumentIndex:1 ofReply:YES];
67
68 [interface setClasses:arrayOfKeySets forSelector:@selector(vouchWithContainer:
69 context:
70 peerID:
71 permanentInfo:
72 permanentInfoSig:
73 stableInfo:
74 stableInfoSig:
75 ckksKeys:
76 reply:) argumentIndex:7 ofReply:NO];
77
78 [interface setClasses:arrayOfTLKShares forSelector:@selector(vouchWithBottleWithContainer:
79 context:
80 bottleID:
81 entropy:
82 bottleSalt:
83 tlkShares:
84 reply:) argumentIndex:5 ofReply:NO];
85 [interface setClasses:arrayOfKeySets forSelector:@selector(setRecoveryKeyWithContainer:
86 context:
87 recoveryKey:
88 salt:
89 ckksKeys:
90 reply:) argumentIndex:4 ofReply:NO];
91 [interface setClasses:arrayOfTLKShares forSelector:@selector(vouchWithRecoveryKeyWithContainer:
92 context:
93 recoveryKey:
94 salt:
95 tlkShares:
96 reply:) argumentIndex:4 ofReply:NO];
97
98 [interface setClasses:[NSSet setWithObject:[TPPolicy class]] forSelector:@selector(fetchCurrentPolicyWithContainer:
99 context:
100 reply:) argumentIndex:1 ofReply:YES];
101
102 [interface setClasses:trustedPeersHelperPeerState forSelector:@selector(updateWithContainer:
103 context:
104 deviceName:
105 serialNumber:
106 osVersion:
107 policyVersion:
108 policySecrets:
109 reply:) argumentIndex:0 ofReply:YES];
110
111 [interface setClasses:trustedPeersHelperPeerState forSelector:@selector(fetchTrustStateWithContainer:
112 context:
113 reply:) argumentIndex:0 ofReply:YES];
114 [interface setClasses:arrayOfTrustedPeersHelperPeer forSelector:@selector(fetchTrustStateWithContainer:
115 context:
116 reply:) argumentIndex:1 ofReply:YES];
117
118 [interface setClasses:arrayOfKeySets forSelector:@selector(updateTLKsWithContainer:
119 context:
120 ckksKeys:
121 tlkShares:
122 reply:) argumentIndex:2 ofReply:NO];
123 [interface setClasses:arrayOfTLKShares forSelector:@selector(updateTLKsWithContainer:
124 context:
125 ckksKeys:
126 tlkShares:
127 reply:) argumentIndex:3 ofReply:NO];
128 [interface setClasses:arrayOfCKRecords forSelector:@selector(updateTLKsWithContainer:
129 context:
130 ckksKeys:
131 tlkShares:
132 reply:) argumentIndex:0 ofReply:YES];
133 }
134 @catch(NSException* e) {
135 secerror("TrustedPeersHelperSetupProtocol failed, continuing, but you might crash later: %@", e);
136 #if DEBUG
137 @throw e;
138 #endif
139 }
140 #endif
141
142 return interface;
143 }
144
145 @implementation TrustedPeersHelperPeerState
146
147 - (instancetype)initWithPeerID:(NSString* _Nullable)peerID
148 isPreapproved:(BOOL)isPreapproved
149 status:(TPPeerStatus)peerStatus
150 memberChanges:(BOOL)memberChanges
151 unknownMachineIDs:(BOOL)unknownMachineIDs
152 osVersion:(NSString *)osVersion
153 {
154 if((self = [super init])) {
155 _peerID = peerID;
156 _identityIsPreapproved = isPreapproved;
157 _peerStatus = peerStatus;
158 _memberChanges = memberChanges;
159 _unknownMachineIDsPresent = unknownMachineIDs;
160 _osVersion = osVersion;
161 }
162 return self;
163 }
164
165 - (NSString*)description
166 {
167 return [NSString stringWithFormat:@"<TPHPeerState: %@ preapproved:%d status:%lld memberChanges: %@ unk. mIDs: %@ osVersion: %@>",
168 self.peerID,
169 self.identityIsPreapproved,
170 (int64_t)self.peerStatus,
171 self.memberChanges ? @"YES" : @"NO",
172 self.unknownMachineIDsPresent ? @"YES" : @"NO",
173 self.osVersion?:@"unknown"];
174 }
175
176 + (BOOL)supportsSecureCoding {
177 return YES;
178 }
179
180 - (instancetype)initWithCoder:(NSCoder *)coder {
181 if ((self = [super init])) {
182 _peerID = [coder decodeObjectOfClass:[NSString class] forKey:@"peerID"];
183 _identityIsPreapproved = [coder decodeBoolForKey:@"identityIsPreapproved"];
184 _peerStatus = (TPPeerStatus)[coder decodeInt64ForKey:@"peerStatus"];
185 _memberChanges = (BOOL)[coder decodeInt64ForKey:@"memberChanges"];
186 _unknownMachineIDsPresent = (BOOL)[coder decodeInt64ForKey:@"unknownMachineIDs"];
187 _osVersion = [coder decodeObjectOfClass:[NSString class] forKey:@"osVersion"];
188 }
189 return self;
190 }
191
192 - (void)encodeWithCoder:(NSCoder *)coder {
193 [coder encodeObject:self.peerID forKey:@"peerID"];
194 [coder encodeBool:self.identityIsPreapproved forKey:@"identityIsPreapproved"];
195 [coder encodeInt64:(int64_t)self.peerStatus forKey:@"peerStatus"];
196 [coder encodeInt64:(int64_t)self.memberChanges forKey:@"memberChanges"];
197 [coder encodeInt64:(int64_t)self.unknownMachineIDsPresent forKey:@"unknownMachineIDs"];
198 [coder encodeObject:self.osVersion forKey:@"osVersion"];
199
200 }
201 @end
202
203 @implementation TrustedPeersHelperEgoPeerStatus
204
205 - (instancetype)initWithEgoPeerID:(NSString* _Nullable)egoPeerID
206 status:(TPPeerStatus)egoStatus
207 viablePeerCountsByModelID:(NSDictionary<NSString*, NSNumber*>*)viablePeerCountsByModelID
208 peerCountsByMachineID:(NSDictionary<NSString *,NSNumber *> * _Nonnull)peerCountsByMachineID
209 isExcluded:(BOOL)isExcluded
210 isLocked:(BOOL)isLocked
211 {
212 if((self = [super init])) {
213 _egoPeerID = egoPeerID;
214 _egoStatus = egoStatus;
215 _viablePeerCountsByModelID = viablePeerCountsByModelID;
216 _peerCountsByMachineID = peerCountsByMachineID;
217 _numberOfPeersInOctagon = 0;
218 for(NSNumber* n in viablePeerCountsByModelID.allValues) {
219 _numberOfPeersInOctagon += [n unsignedIntegerValue];
220 }
221 _isExcluded = isExcluded;
222 _isLocked = isLocked;
223 }
224 return self;
225 }
226
227 - (NSString*)description
228 {
229 return [NSString stringWithFormat:@"<TPHEgoPeerState: %@>", self.egoPeerID];
230 }
231
232 + (BOOL)supportsSecureCoding {
233 return YES;
234 }
235
236 - (instancetype)initWithCoder:(NSCoder *)coder {
237 if ((self = [super init])) {
238 _egoPeerID = [coder decodeObjectOfClass:[NSString class] forKey:@"peerID"];
239 _egoStatus = (TPPeerStatus)[coder decodeInt64ForKey:@"egoStatus"];
240 _viablePeerCountsByModelID = [coder decodeObjectOfClasses:[NSSet setWithArray:@[[NSDictionary class], [NSString class], [NSNumber class]]] forKey:@"viablePeerCountsByModelID"];
241 _numberOfPeersInOctagon = 0;
242 for(NSNumber* n in _viablePeerCountsByModelID.allValues) {
243 _numberOfPeersInOctagon += [n unsignedIntegerValue];
244 }
245
246 _peerCountsByMachineID = [coder decodeObjectOfClasses:[NSSet setWithArray:@[[NSDictionary class], [NSString class], [NSNumber class]]] forKey:@"peerCountsByMachineID"];
247
248 _isExcluded = (BOOL)[coder decodeBoolForKey:@"isExcluded"];
249 _isLocked = (BOOL)[coder decodeBoolForKey:@"isLocked"];
250 }
251 return self;
252 }
253
254 - (void)encodeWithCoder:(NSCoder *)coder {
255 [coder encodeObject:self.egoPeerID forKey:@"peerID"];
256 [coder encodeInt64:self.egoStatus forKey:@"egoStatus"];
257 [coder encodeObject:self.viablePeerCountsByModelID forKey:@"viablePeerCountsByModelID"];
258 [coder encodeObject:self.peerCountsByMachineID forKey:@"peerCountsByMachineID"];
259 [coder encodeBool:self.isExcluded forKey:@"isExcluded"];
260 [coder encodeBool:self.isLocked forKey:@"isLocked"];
261 }
262
263 @end
264
265
266 @implementation TrustedPeersHelperPeer
267 - (instancetype)initWithPeerID:(NSString*)peerID
268 signingSPKI:(NSData*)signingSPKI
269 encryptionSPKI:(NSData*)encryptionSPKI
270 viewList:(NSSet<NSString*>*)viewList
271 {
272 if((self = [super init])) {
273 _peerID = peerID;
274 _signingSPKI = signingSPKI;
275 _encryptionSPKI = encryptionSPKI;
276 _viewList = viewList;
277 }
278 return self;
279 }
280
281 - (NSString*)description
282 {
283 return [NSString stringWithFormat:@"<TPHPeer: %@ %@ %@ (%lu views)>",
284 self.peerID,
285 self.signingSPKI,
286 self.encryptionSPKI,
287 (unsigned long)self.viewList.count];
288 }
289
290 + (BOOL)supportsSecureCoding {
291 return YES;
292 }
293
294 - (instancetype)initWithCoder:(NSCoder *)coder {
295 if ((self = [super init])) {
296 _peerID = [coder decodeObjectOfClass:[NSString class] forKey:@"peerID"];
297 _signingSPKI = [coder decodeObjectOfClass:[NSData class] forKey:@"signingSPKI"];
298 _encryptionSPKI = [coder decodeObjectOfClass:[NSData class] forKey:@"encryptionSPKI"];
299 _viewList = [coder decodeObjectOfClasses:[NSSet setWithArray:@[[NSSet class], [NSString class]]] forKey:@"viewList"];
300 }
301 return self;
302 }
303
304 - (void)encodeWithCoder:(NSCoder *)coder {
305 [coder encodeObject:self.peerID forKey:@"peerID"];
306 [coder encodeObject:self.signingSPKI forKey:@"signingSPKI"];
307 [coder encodeObject:self.encryptionSPKI forKey:@"encryptionSPKI"];
308 [coder encodeObject:self.viewList forKey:@"viewList"];
309 }
310 @end
mirror of Security