]> git.saurik.com Git - apple/security.git/blob - keychain/ot/CuttlefishXPCWrapper.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.101.1.tar.gz
[apple/security.git] / keychain / ot / CuttlefishXPCWrapper.m
1 /*
2 * Copyright (c) 2019 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #import "keychain/ot/CuttlefishXPCWrapper.h"
25
26 @implementation CuttlefishXPCWrapper
27 - (instancetype) initWithCuttlefishXPCConnection: (id<NSXPCProxyCreating>)cuttlefishXPCConnection
28 {
29 if ((self = [super init])) {
30 _cuttlefishXPCConnection = cuttlefishXPCConnection;
31 }
32 return self;
33 }
34
35 + (bool)retryable:(NSError *_Nonnull)error
36 {
37 return error.domain == NSCocoaErrorDomain && error.code == NSXPCConnectionInterrupted;
38 }
39
40 enum {NUM_RETRIES = 5};
41
42 - (void)pingWithReply:(void (^)(void))reply
43 {
44 __block int i = 0;
45 __block bool retry;
46 do {
47 retry = false;
48 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
49 if (i < NUM_RETRIES && [self.class retryable:error]) {
50 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
51 retry = true;
52 } else {
53 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
54 }
55 ++i;
56 }] pingWithReply:reply];
57 } while (retry);
58 }
59
60 - (void)dumpWithContainer:(NSString *)container
61 context:(NSString *)context
62 reply:(void (^)(NSDictionary * _Nullable, NSError * _Nullable))reply
63 {
64 __block int i = 0;
65 __block bool retry;
66 do {
67 retry = false;
68 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
69 if (i < NUM_RETRIES && [self.class retryable:error]) {
70 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
71 retry = true;
72 } else {
73 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
74 reply(nil, error);
75 }
76 ++i;
77 }] dumpWithContainer:container context:context reply:reply];
78 } while (retry);
79 }
80
81 - (void)departByDistrustingSelfWithContainer:(NSString *)container
82 context:(NSString *)context
83 reply:(void (^)(NSError * _Nullable))reply
84 {
85 __block int i = 0;
86 __block bool retry;
87 do {
88 retry = false;
89 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
90 if (i < NUM_RETRIES && [self.class retryable:error]) {
91 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
92 retry = true;
93 } else {
94 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
95 reply(error);
96 }
97 ++i;
98 }] departByDistrustingSelfWithContainer:container context:context reply:reply];
99 } while (retry);
100 }
101
102 - (void)distrustPeerIDsWithContainer:(NSString *)container
103 context:(NSString *)context
104 peerIDs:(NSSet<NSString*>*)peerIDs
105 reply:(void (^)(NSError * _Nullable))reply
106 {
107 __block int i = 0;
108 __block bool retry;
109 do {
110 retry = false;
111 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
112 if (i < NUM_RETRIES && [self.class retryable:error]) {
113 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
114 retry = true;
115 } else {
116 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
117 reply(error);
118 }
119 ++i;
120 }] distrustPeerIDsWithContainer:container context:context peerIDs:peerIDs reply:reply];
121 } while (retry);
122 }
123
124 - (void)trustStatusWithContainer:(NSString *)container
125 context:(NSString *)context
126 reply:(void (^)(TrustedPeersHelperEgoPeerStatus *status,
127 NSError* _Nullable error))reply
128 {
129 __block int i = 0;
130 __block bool retry;
131 do {
132 retry = false;
133 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
134 if (i < NUM_RETRIES && [self.class retryable:error]) {
135 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
136 retry = true;
137 } else {
138 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
139 reply(nil, error);
140 }
141 ++i;
142 }] trustStatusWithContainer:container context:context reply:reply];
143 } while (retry);
144 }
145
146 - (void)resetWithContainer:(NSString *)container
147 context:(NSString *)context
148 resetReason:(CuttlefishResetReason)reason
149 reply:(void (^)(NSError * _Nullable error))reply
150 {
151 __block int i = 0;
152 __block bool retry;
153 do {
154 retry = false;
155 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
156 if (i < NUM_RETRIES && [self.class retryable:error]) {
157 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
158 retry = true;
159 } else {
160 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
161 reply(error);
162 }
163 ++i;
164 }] resetWithContainer:container context:context resetReason:reason reply:reply];
165 } while (retry);
166 }
167
168 - (void)localResetWithContainer:(NSString *)container
169 context:(NSString *)context
170 reply:(void (^)(NSError * _Nullable error))reply
171 {
172 __block int i = 0;
173 __block bool retry;
174 do {
175 retry = false;
176 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
177 if (i < NUM_RETRIES && [self.class retryable:error]) {
178 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
179 retry = true;
180 } else {
181 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
182 reply(error);
183 }
184 ++i;
185 }] localResetWithContainer:container context:context reply:reply];
186 } while (retry);
187 }
188
189 - (void)setAllowedMachineIDsWithContainer:(NSString *)container
190 context:(NSString *)context
191 allowedMachineIDs:(NSSet<NSString*> *)allowedMachineIDs
192 honorIDMSListChanges:(BOOL)accountIsDemo
193 reply:(void (^)(BOOL listDifferences, NSError * _Nullable error))reply
194 {
195 __block int i = 0;
196 __block bool retry;
197 do {
198 retry = false;
199 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
200 if (i < NUM_RETRIES && [self.class retryable:error]) {
201 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
202 retry = true;
203 } else {
204 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
205 reply(NO, error);
206 }
207 ++i;
208 }] setAllowedMachineIDsWithContainer:container context:context allowedMachineIDs:allowedMachineIDs honorIDMSListChanges:accountIsDemo reply:reply];
209 } while (retry);
210 }
211
212 - (void)addAllowedMachineIDsWithContainer:(NSString *)container
213 context:(NSString *)context
214 machineIDs:(NSArray<NSString*> *)machineIDs
215 reply:(void (^)(NSError * _Nullable error))reply
216 {
217 __block int i = 0;
218 __block bool retry;
219 do {
220 retry = false;
221 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
222 if (i < NUM_RETRIES && [self.class retryable:error]) {
223 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
224 retry = true;
225 } else {
226 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
227 reply(error);
228 }
229 ++i;
230 }] addAllowedMachineIDsWithContainer:container
231 context:context
232 machineIDs:machineIDs
233 reply:reply];
234 } while (retry);
235 }
236
237 - (void)removeAllowedMachineIDsWithContainer:(NSString *)container
238 context:(NSString *)context
239 machineIDs:(NSArray<NSString*> *)machineIDs
240 reply:(void (^)(NSError * _Nullable error))reply
241 {
242 __block int i = 0;
243 __block bool retry;
244 do {
245 retry = false;
246 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
247 if (i < NUM_RETRIES && [self.class retryable:error]) {
248 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
249 retry = true;
250 } else {
251 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
252 reply(error);
253 }
254 ++i;
255 }] removeAllowedMachineIDsWithContainer:container context:context machineIDs:machineIDs reply:reply];
256 } while (retry);
257 }
258
259
260 - (void)fetchAllowedMachineIDsWithContainer:(nonnull NSString *)container
261 context:(nonnull NSString *)context
262 reply:(nonnull void (^)(NSSet<NSString *> * _Nullable, NSError * _Nullable))reply {
263 __block int i = 0;
264 __block bool retry;
265 do {
266 retry = false;
267 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
268 if (i < NUM_RETRIES && [self.class retryable:error]) {
269 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
270 retry = true;
271 } else {
272 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
273 reply(nil, error);
274 }
275 ++i;
276 }] fetchAllowedMachineIDsWithContainer:container context:context reply:reply];
277 } while (retry);
278 }
279
280
281 - (void)fetchEgoEpochWithContainer:(NSString *)container
282 context:(NSString *)context
283 reply:(void (^)(unsigned long long epoch,
284 NSError * _Nullable error))reply
285 {
286 __block int i = 0;
287 __block bool retry;
288 do {
289 retry = false;
290 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
291 if (i < NUM_RETRIES && [self.class retryable:error]) {
292 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
293 retry = true;
294 } else {
295 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
296 reply(0, error);
297 }
298 ++i;
299 }] fetchEgoEpochWithContainer:container context:context reply:reply];
300 } while (retry);
301 }
302
303 - (void)prepareWithContainer:(NSString *)container
304 context:(NSString *)context
305 epoch:(unsigned long long)epoch
306 machineID:(NSString *)machineID
307 bottleSalt:(NSString *)bottleSalt
308 bottleID:(NSString *)bottleID
309 modelID:(NSString *)modelID
310 deviceName:(nullable NSString*)deviceName
311 serialNumber:(NSString *)serialNumber
312 osVersion:(NSString *)osVersion
313 policyVersion:(nullable TPPolicy *)policyVersion
314 policySecrets:(nullable NSDictionary<NSString*,NSData*> *)policySecrets
315 signingPrivKeyPersistentRef:(nullable NSData *)spkPr
316 encPrivKeyPersistentRef:(nullable NSData*)epkPr
317 reply:(void (^)(NSString * _Nullable peerID,
318 NSData * _Nullable permanentInfo,
319 NSData * _Nullable permanentInfoSig,
320 NSData * _Nullable stableInfo,
321 NSData * _Nullable stableInfoSig,
322 NSSet<NSString*>* syncingViews,
323 TPPolicy* _Nullable syncingPolicy,
324 NSError * _Nullable error))reply
325 {
326 __block int i = 0;
327 __block bool retry;
328 do {
329 retry = false;
330 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
331 if (i < NUM_RETRIES && [self.class retryable:error]) {
332 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
333 retry = true;
334 } else {
335 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
336 reply(nil, nil, nil, nil, nil, nil, nil, error);
337 }
338 ++i;
339 }] prepareWithContainer:container
340 context:context
341 epoch:epoch
342 machineID:machineID
343 bottleSalt:bottleSalt
344 bottleID:bottleID
345 modelID:modelID
346 deviceName:deviceName
347 serialNumber:serialNumber
348 osVersion:osVersion
349 policyVersion:policyVersion
350 policySecrets:policySecrets
351 signingPrivKeyPersistentRef:spkPr
352 encPrivKeyPersistentRef:epkPr
353 reply:reply];
354 } while (retry);
355 }
356
357 - (void)establishWithContainer:(NSString *)container
358 context:(NSString *)context
359 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)viewKeySets
360 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
361 preapprovedKeys:(nullable NSArray<NSData*> *)preapprovedKeys
362 reply:(void (^)(NSString * _Nullable peerID,
363 NSArray<CKRecord*>* _Nullable keyHierarchyRecords,
364 NSError * _Nullable error))reply
365 {
366 __block int i = 0;
367 __block bool retry;
368 do {
369 retry = false;
370 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
371 if (i < NUM_RETRIES && [self.class retryable:error]) {
372 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
373 retry = true;
374 } else {
375 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
376 reply(nil, nil, error);
377 }
378 ++i;
379 }] establishWithContainer:container context:context ckksKeys:viewKeySets tlkShares:tlkShares preapprovedKeys:preapprovedKeys reply:reply];
380 } while (retry);
381 }
382
383 - (void)vouchWithContainer:(NSString *)container
384 context:(NSString *)context
385 peerID:(NSString *)peerID
386 permanentInfo:(NSData *)permanentInfo
387 permanentInfoSig:(NSData *)permanentInfoSig
388 stableInfo:(NSData *)stableInfo
389 stableInfoSig:(NSData *)stableInfoSig
390 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)viewKeySets
391 reply:(void (^)(NSData * _Nullable voucher,
392 NSData * _Nullable voucherSig,
393 NSError * _Nullable error))reply
394 {
395 __block int i = 0;
396 __block bool retry;
397 do {
398 retry = false;
399 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
400 if (i < NUM_RETRIES && [self.class retryable:error]) {
401 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
402 retry = true;
403 } else {
404 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
405 reply(nil, nil, error);
406 }
407 ++i;
408 }] vouchWithContainer:container context:context peerID:peerID permanentInfo:permanentInfo permanentInfoSig:permanentInfoSig stableInfo:stableInfo stableInfoSig:stableInfoSig ckksKeys:viewKeySets reply:reply];
409 } while (retry);
410 }
411
412
413 - (void)preflightVouchWithBottleWithContainer:(nonnull NSString *)container
414 context:(nonnull NSString *)context
415 bottleID:(nonnull NSString *)bottleID
416 reply:(nonnull void (^)(NSString * _Nullable,
417 NSSet<NSString*>* _Nullable peerSyncingViewList,
418 TPPolicy * _Nullable peerSyncingPolicy,
419 NSError * _Nullable))reply {
420 __block int i = 0;
421 __block bool retry;
422 do {
423 retry = false;
424 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
425 if (i < NUM_RETRIES && [self.class retryable:error]) {
426 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
427 retry = true;
428 } else {
429 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
430 reply(nil, nil, nil, error);
431 }
432 ++i;
433 }] preflightVouchWithBottleWithContainer:container
434 context:context
435 bottleID:bottleID
436 reply:reply];
437 } while (retry);
438 }
439
440 - (void)vouchWithBottleWithContainer:(NSString *)container
441 context:(NSString *)context
442 bottleID:(NSString*)bottleID
443 entropy:(NSData*)entropy
444 bottleSalt:(NSString*)bottleSalt
445 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
446 reply:(void (^)(NSData * _Nullable voucher,
447 NSData * _Nullable voucherSig,
448 int64_t uniqueTLKsRecovered,
449 int64_t totalTLKSharesRecovered,
450 NSError * _Nullable error))reply
451 {
452 __block int i = 0;
453 __block bool retry;
454 do {
455 retry = false;
456 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
457 if (i < NUM_RETRIES && [self.class retryable:error]) {
458 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
459 retry = true;
460 } else {
461 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
462 reply(nil, nil, 0, 0, error);
463 }
464 ++i;
465 }] vouchWithBottleWithContainer:container context:context bottleID:bottleID entropy:entropy bottleSalt:bottleSalt tlkShares:tlkShares reply:reply];
466 } while (retry);
467 }
468
469 - (void)preflightVouchWithRecoveryKeyWithContainer:(nonnull NSString *)container
470 context:(nonnull NSString *)context
471 recoveryKey:(NSString*)recoveryKey
472 salt:(NSString*)salt
473 reply:(nonnull void (^)(NSString * _Nullable,
474 NSSet<NSString*>* _Nullable peerSyncingViewList,
475 TPPolicy * _Nullable peerSyncingPolicy,
476 NSError * _Nullable))reply {
477 __block int i = 0;
478 __block bool retry;
479 do {
480 retry = false;
481 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
482 if (i < NUM_RETRIES && [self.class retryable:error]) {
483 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
484 retry = true;
485 } else {
486 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
487 reply(nil, nil, nil, error);
488 }
489 ++i;
490 }] preflightVouchWithRecoveryKeyWithContainer:container
491 context:context
492 recoveryKey:recoveryKey
493 salt:salt
494 reply:reply];
495 } while (retry);
496 }
497
498 - (void)vouchWithRecoveryKeyWithContainer:(NSString *)container
499 context:(NSString *)context
500 recoveryKey:(NSString*)recoveryKey
501 salt:(NSString*)salt
502 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
503 reply:(void (^)(NSData * _Nullable voucher,
504 NSData * _Nullable voucherSig,
505 NSError * _Nullable error))reply
506 {
507 __block int i = 0;
508 __block bool retry;
509 do {
510 retry = false;
511 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
512 if (i < NUM_RETRIES && [self.class retryable:error]) {
513 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
514 retry = true;
515 } else {
516 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
517 reply(nil, nil, error);
518 }
519 ++i;
520 }] vouchWithRecoveryKeyWithContainer:container context:context recoveryKey:recoveryKey salt:salt tlkShares:tlkShares reply:reply];
521 } while (retry);
522 }
523
524 - (void)joinWithContainer:(NSString *)container
525 context:(NSString *)context
526 voucherData:(NSData *)voucherData
527 voucherSig:(NSData *)voucherSig
528 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)viewKeySets
529 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
530 preapprovedKeys:(NSArray<NSData*> *)preapprovedKeys
531 reply:(void (^)(NSString * _Nullable peerID,
532 NSArray<CKRecord*>* _Nullable keyHierarchyRecords,
533 NSSet<NSString*>* _Nullable viewSet,
534 TPPolicy* _Nullable syncingPolicy,
535 NSError * _Nullable error))reply
536 {
537 __block int i = 0;
538 __block bool retry;
539 do {
540 retry = false;
541 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
542 if (i < NUM_RETRIES && [self.class retryable:error]) {
543 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
544 retry = true;
545 } else {
546 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
547 reply(nil, nil, nil, nil, error);
548 }
549 ++i;
550 }] joinWithContainer:container context:context voucherData:voucherData voucherSig:voucherSig ckksKeys:viewKeySets tlkShares:tlkShares preapprovedKeys:preapprovedKeys reply:reply];
551 } while (retry);
552 }
553
554 - (void)preflightPreapprovedJoinWithContainer:(NSString *)container
555 context:(NSString *)context
556 reply:(void (^)(BOOL launchOkay,
557 NSError * _Nullable error))reply
558 {
559 __block int i = 0;
560 __block bool retry;
561 do {
562 retry = false;
563 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
564 if (i < NUM_RETRIES && [self.class retryable:error]) {
565 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
566 retry = true;
567 } else {
568 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
569 reply(NO, error);
570 }
571 ++i;
572 }] preflightPreapprovedJoinWithContainer:container context:context reply:reply];
573 } while (retry);
574 }
575
576 - (void)attemptPreapprovedJoinWithContainer:(NSString *)container
577 context:(NSString *)context
578 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)ckksKeys
579 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
580 preapprovedKeys:(NSArray<NSData*> *)preapprovedKeys
581 reply:(void (^)(NSString * _Nullable peerID,
582 NSArray<CKRecord*>* _Nullable keyHierarchyRecords,
583 NSSet<NSString*>* _Nullable syncingViewList,
584 TPPolicy* _Nullable syncingPolicy,
585 NSError * _Nullable error))reply
586 {
587 __block int i = 0;
588 __block bool retry;
589 do {
590 retry = false;
591 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
592 if (i < NUM_RETRIES && [self.class retryable:error]) {
593 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
594 retry = true;
595 } else {
596 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
597 reply(nil, nil, nil, nil, error);
598 }
599 ++i;
600 }] attemptPreapprovedJoinWithContainer:container context:context ckksKeys:ckksKeys tlkShares:tlkShares preapprovedKeys:preapprovedKeys reply:reply];
601 } while (retry);
602 }
603
604 - (void)updateWithContainer:(NSString *)container
605 context:(NSString *)context
606 deviceName:(nullable NSString *)deviceName
607 serialNumber:(nullable NSString *)serialNumber
608 osVersion:(nullable NSString *)osVersion
609 policyVersion:(nullable NSNumber *)policyVersion
610 policySecrets:(nullable NSDictionary<NSString*,NSData*> *)policySecrets
611 reply:(void (^)(TrustedPeersHelperPeerState* _Nullable peerState, NSError * _Nullable error))reply
612 {
613 __block int i = 0;
614 __block bool retry;
615 do {
616 retry = false;
617 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
618 if (i < NUM_RETRIES && [self.class retryable:error]) {
619 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
620 retry = true;
621 } else {
622 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
623 reply(nil, error);
624 }
625 ++i;
626 }] updateWithContainer:container context:context deviceName:deviceName serialNumber:serialNumber osVersion:osVersion policyVersion:policyVersion policySecrets:policySecrets reply:reply];
627 } while (retry);
628 }
629
630 - (void)setPreapprovedKeysWithContainer:(NSString *)container
631 context:(NSString *)context
632 preapprovedKeys:(NSArray<NSData*> *)preapprovedKeys
633 reply:(void (^)(TrustedPeersHelperPeerState* _Nullable peerState, NSError * _Nullable error))reply
634 {
635 __block int i = 0;
636 __block bool retry;
637 do {
638 retry = false;
639 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
640 if (i < NUM_RETRIES && [self.class retryable:error]) {
641 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
642 retry = true;
643 } else {
644 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
645 reply(nil, error);
646 }
647 ++i;
648 }] setPreapprovedKeysWithContainer:container context:context preapprovedKeys:preapprovedKeys reply:reply];
649 } while (retry);
650 }
651
652 - (void)updateTLKsWithContainer:(NSString *)container
653 context:(NSString *)context
654 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)ckksKeys
655 tlkShares:(NSArray<CKKSTLKShare*> *)tlkShares
656 reply:(void (^)(NSArray<CKRecord*>* _Nullable keyHierarchyRecords, NSError * _Nullable error))reply
657 {
658 __block int i = 0;
659 __block bool retry;
660 do {
661 retry = false;
662 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
663 if (i < NUM_RETRIES && [self.class retryable:error]) {
664 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
665 retry = true;
666 } else {
667 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
668 reply(nil, error);
669 }
670 ++i;
671 }] updateTLKsWithContainer:container context:context ckksKeys:ckksKeys tlkShares:tlkShares reply:reply];
672 } while (retry);
673 }
674
675 - (void)fetchViableBottlesWithContainer:(NSString *)container
676 context:(NSString *)context
677 reply:(void (^)(NSArray<NSString*>* _Nullable sortedBottleIDs, NSArray<NSString*>* _Nullable sortedPartialBottleIDs, NSError* _Nullable error))reply
678 {
679 __block int i = 0;
680 __block bool retry;
681 do {
682 retry = false;
683 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
684 if (i < NUM_RETRIES && [self.class retryable:error]) {
685 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
686 retry = true;
687 } else {
688 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
689 reply(nil, nil, error);
690 }
691 ++i;
692 }] fetchViableBottlesWithContainer:container context:context reply:reply];
693 } while (retry);
694 }
695
696 - (void)fetchEscrowContentsWithContainer:(NSString *)container
697 context:(NSString *)context
698 reply:(void (^)(NSData* _Nullable entropy,
699 NSString* _Nullable bottleID,
700 NSData* _Nullable signingPublicKey,
701 NSError* _Nullable error))reply
702 {
703 __block int i = 0;
704 __block bool retry;
705 do {
706 retry = false;
707 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
708 if (i < NUM_RETRIES && [self.class retryable:error]) {
709 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
710 retry = true;
711 } else {
712 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
713 reply(nil, nil, nil, error);
714 }
715 ++i;
716 }] fetchEscrowContentsWithContainer:container context:context reply:reply];
717 } while (retry);
718 }
719
720 - (void)fetchPolicyDocumentsWithContainer:(NSString*)container
721 context:(NSString*)context
722 versions:(NSSet<TPPolicyVersion*>*)versions
723 reply:(void (^)(NSDictionary<TPPolicyVersion*, NSData*>* _Nullable entries,
724 NSError * _Nullable error))reply
725 {
726 __block int i = 0;
727 __block bool retry;
728 do {
729 retry = false;
730 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
731 if (i < NUM_RETRIES && [self.class retryable:error]) {
732 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
733 retry = true;
734 } else {
735 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
736 reply(nil, error);
737 }
738 ++i;
739 }] fetchPolicyDocumentsWithContainer:container context:context versions:versions reply:reply];
740 } while (retry);
741 }
742
743 - (void)fetchCurrentPolicyWithContainer:(NSString*)container
744 context:(NSString*)context
745 reply:(void (^)(NSSet<NSString*>* _Nullable viewList,
746 TPPolicy * _Nullable policy,
747 NSError * _Nullable error))reply
748 {
749 __block int i = 0;
750 __block bool retry;
751 do {
752 retry = false;
753 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
754 if (i < NUM_RETRIES && [self.class retryable:error]) {
755 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
756 retry = true;
757 } else {
758 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
759 reply(nil, nil, error);
760 }
761 ++i;
762 }] fetchCurrentPolicyWithContainer:container context:context reply:reply];
763 } while (retry);
764 }
765
766
767 - (void)validatePeersWithContainer:(NSString *)container
768 context:(NSString *)context
769 reply:(void (^)(NSDictionary * _Nullable, NSError * _Nullable))reply
770 {
771 __block int i = 0;
772 __block bool retry;
773 do {
774 retry = false;
775 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
776 if (i < NUM_RETRIES && [self.class retryable:error]) {
777 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
778 retry = true;
779 } else {
780 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
781 reply(nil, error);
782 }
783 ++i;
784 }] validatePeersWithContainer:container context:context reply:reply];
785 } while (retry);
786 }
787
788 - (void)fetchTrustStateWithContainer:(NSString *)container
789 context:(NSString *)context
790 reply:(void (^)(TrustedPeersHelperPeerState* _Nullable selfPeerState,
791 NSArray<TrustedPeersHelperPeer*>* _Nullable trustedPeers,
792 NSError* _Nullable error))reply
793 {
794 __block int i = 0;
795 __block bool retry;
796 do {
797 retry = false;
798 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
799 if (i < NUM_RETRIES && [self.class retryable:error]) {
800 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
801 retry = true;
802 } else {
803 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
804 reply(nil, nil, error);
805 }
806 ++i;
807 }] fetchTrustStateWithContainer:container context:context reply:reply];
808 } while (retry);
809 }
810
811 - (void)setRecoveryKeyWithContainer:(NSString *)container
812 context:(NSString *)context
813 recoveryKey:(NSString *)recoveryKey
814 salt:(NSString *)salt
815 ckksKeys:(NSArray<CKKSKeychainBackedKeySet*> *)ckksKeys
816 reply:(void (^)(NSError* _Nullable error))reply
817 {
818 __block int i = 0;
819 __block bool retry;
820 do {
821 retry = false;
822 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
823 if (i < NUM_RETRIES && [self.class retryable:error]) {
824 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
825 retry = true;
826 } else {
827 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
828 reply(error);
829 }
830 ++i;
831 }] setRecoveryKeyWithContainer:container context:context recoveryKey:recoveryKey salt:salt ckksKeys:ckksKeys reply:reply];
832 } while (retry);
833 }
834
835 - (void)reportHealthWithContainer:(NSString *)container
836 context:(NSString *)context
837 stateMachineState:(NSString *)state
838 trustState:(NSString *)trustState
839 reply:(void (^)(NSError* _Nullable error))reply
840 {
841 __block int i = 0;
842 __block bool retry;
843 do {
844 retry = false;
845 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
846 if (i < NUM_RETRIES && [self.class retryable:error]) {
847 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
848 retry = true;
849 } else {
850 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
851 reply(error);
852 }
853 ++i;
854 }] reportHealthWithContainer:container context:context stateMachineState:state trustState:trustState reply:reply];
855 } while (retry);
856 }
857
858 - (void)pushHealthInquiryWithContainer:(NSString *)container
859 context:(NSString *)context
860 reply:(void (^)(NSError* _Nullable error))reply
861 {
862 __block int i = 0;
863 __block bool retry;
864 do {
865 retry = false;
866 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
867 if (i < NUM_RETRIES && [self.class retryable:error]) {
868 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
869 retry = true;
870 } else {
871 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
872 reply(error);
873 }
874 ++i;
875 }] pushHealthInquiryWithContainer:container context:context reply:reply];
876 } while (retry);
877 }
878
879 - (void)requestHealthCheckWithContainer:(NSString *)container
880 context:(NSString *)context
881 requiresEscrowCheck:(BOOL)requiresEscrowCheck
882 reply:(void (^)(BOOL postRepairCFU, BOOL postEscrowCFU, BOOL resetOctagon, BOOL leaveTrust, NSError* _Nullable))reply
883 {
884 __block int i = 0;
885 __block bool retry;
886 do {
887 retry = false;
888 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
889 if (i < NUM_RETRIES && [self.class retryable:error]) {
890 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
891 retry = true;
892 } else {
893 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
894 reply(NO, NO, NO, NO, error);
895 }
896 ++i;
897 }] requestHealthCheckWithContainer:container context:context requiresEscrowCheck:requiresEscrowCheck reply:reply];
898 } while (retry);
899 }
900
901 - (void)getSupportAppInfoWithContainer:(NSString *)container
902 context:(NSString *)context
903 reply:(void (^)(NSData * _Nullable, NSError * _Nullable))reply
904 {
905 __block int i = 0;
906 __block bool retry;
907 do {
908 retry = false;
909 [[self.cuttlefishXPCConnection synchronousRemoteObjectProxyWithErrorHandler:^(NSError *_Nonnull error) {
910 if (i < NUM_RETRIES && [self.class retryable:error]) {
911 secnotice("octagon", "retrying cuttlefish XPC, (%d, %@)", i, error);
912 retry = true;
913 } else {
914 secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
915 reply(nil, error);
916 }
917 ++i;
918 }] getSupportAppInfoWithContainer:container context:context reply:reply];
919 } while (retry);
920
921 }
922
923 @end
mirror of Security