]> git.saurik.com Git - apple/security.git/blob - keychain/ot/OTStates.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.101.1.tar.gz
[apple/security.git] / keychain / ot / OTStates.m
1 /*
2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #if OCTAGON
25
26 #import "keychain/ot/OctagonStateMachineHelpers.h"
27 #import "keychain/ot/OTStates.h"
28 #import "keychain/ot/ObjCImprovements.h"
29 #import "keychain/ot/OTDefines.h"
30 #import "keychain/ot/OTConstants.h"
31 #import "keychain/categories/NSError+UsefulConstructors.h"
32
33 OctagonState* const OctagonStateNoAccount = (OctagonState*) @"no_account";
34
35 OctagonState* const OctagonStateWaitForHSA2 = (OctagonState*) @"wait_for_hsa2";
36 OctagonState* const OctagonStateWaitForCDP = (OctagonState*) @"wait_for_cdp_enable";
37
38 OctagonState* const OctagonStateUntrusted = (OctagonState*) @"untrusted";
39 OctagonState* const OctagonStateBecomeUntrusted = (OctagonState*) @"become_untrusted";
40
41 OctagonState* const OctagonStateReady = (OctagonState*) @"ready";
42 OctagonState* const OctagonStateBecomeReady = (OctagonState*) @"become_ready";
43
44 OctagonState* const OctagonStateEnsureConsistency = (OctagonState*) @"consistency_check";
45 OctagonState* const OctagonStateEnsureOctagonKeysAreConsistent = (OctagonState*)@"key_consistency_check";
46 OctagonState* const OctagonStateEnsureUpdatePreapprovals = (OctagonState*)@"ensure_preapprovals_updated";
47
48 OctagonState* const OctagonStateInitializing = (OctagonState*) @"initializing";
49 OctagonState* const OctagonStateWaitingForCloudKitAccount = (OctagonState*) @"waiting_for_cloudkit_account";
50 OctagonState* const OctagonStateCloudKitNewlyAvailable = (OctagonState*) @"account_newly_available";
51 OctagonState* const OctagonStateRefetchCKKSPolicy = (OctagonState*) @"ckks_fetch_policy";
52 OctagonState* const OctagonStateDetermineCDPState = (OctagonState*) @"check_cdp_state";
53 OctagonState* const OctagonStateCheckTrustState = (OctagonState*) @"check_trust_state";
54
55 OctagonState* const OctagonStateUpdateSOSPreapprovals = (OctagonState*) @"update_sos_preapprovals";
56
57 /*Piggybacking and ProximitySetup as Initiator Octagon only*/
58 OctagonState* const OctagonStateInitiatorSetCDPBit = (OctagonState*) @"initiator_set_cdp";
59 OctagonState* const OctagonStateInitiatorUpdateDeviceList = (OctagonState*) @"initiator_device_list_update";
60 OctagonState* const OctagonStateInitiatorAwaitingVoucher = (OctagonState*)@"await_voucher";
61 OctagonState* const OctagonStateInitiatorJoin = (OctagonState*)@"join";
62 OctagonState* const OctagonStateInitiatorJoinCKKSReset = (OctagonState*)@"join_ckks_reset";
63 OctagonState* const OctagonStateInitiatorJoinAfterCKKSReset = (OctagonState*)@"join_after_ckks_reset";
64
65 /* used in restore (join with bottle)*/
66 OctagonState* const OctagonStateBottleJoinCreateIdentity = (OctagonState*)@"bottle_join_create_identity";
67 OctagonState* const OctagonStateBottleJoinVouchWithBottle = (OctagonState*)@"bottle_join_vouch_with_bottle";
68 OctagonState* const OctagonStateCreateIdentityForRecoveryKey = (OctagonState*)@"vouchWithRecovery";
69
70 /* used in resotre (join with recovery key)*/
71 OctagonState* const OctagonStateVouchWithRecoveryKey = (OctagonState*)@"vouchWithRecoveryKey";
72
73 OctagonState* const OctagonStateStartCompanionPairing = (OctagonState*)@"start_companion_pairing";
74
75 OctagonState* const OctagonStateWaitForCDPUpdated = (OctagonState*)@"wait_for_cdp_update";
76
77 // Untrusted cuttlefish notification.
78 OctagonState* const OctagonStateUntrustedUpdated = (OctagonState*)@"untrusted_update";
79
80 // Cuttlefish notifiation while ready.
81 OctagonState* const OctagonStateReadyUpdated = (OctagonState*)@"ready_update";
82
83 OctagonState* const OctagonStateError = (OctagonState*) @"error";
84 OctagonState* const OctagonStateDisabled = (OctagonState*) @"disabled";
85
86 OctagonState* const OctagonStateDetermineiCloudAccountState = (OctagonState*) @"determine_icloud_account";
87 OctagonState* const OctagonStateAttemptSOSUpgrade = (OctagonState*) @"sosupgrade";
88 OctagonState* const OctagonStateSOSUpgradeCKKSReset = (OctagonState*) @"sosupgrade_ckks_reset";
89 OctagonState* const OctagonStateSOSUpgradeAfterCKKSReset = (OctagonState*) @"sosupgrade_after_ckks_reset";
90 OctagonState* const OctagonStateUnimplemented = (OctagonState*) @"unimplemented";
91
92 /* Reset and establish */
93 OctagonState* const OctagonStateResetBecomeUntrusted = (OctagonState*) @"reset_become_untrusted";
94 OctagonState* const OctagonStateResetAndEstablish = (OctagonState*) @"reset_and_establish";
95 OctagonState* const OctagonStateResetAnyMissingTLKCKKSViews = (OctagonState*) @"reset_ckks_missing_views";
96 OctagonState* const OctagonStateEstablishEnableCDPBit = (OctagonState*) @"reenact_cdp_bit";
97 OctagonState* const OctagonStateReEnactDeviceList = (OctagonState*) @"reenact_device_list";
98 OctagonState* const OctagonStateReEnactPrepare = (OctagonState*) @"reenact_prepare";
99 OctagonState* const OctagonStateReEnactReadyToEstablish = (OctagonState*) @"reenact_ready_to_establish";
100 OctagonState* const OctagonStateEstablishCKKSReset = (OctagonState*) @"reenact_ckks_reset";
101 OctagonState* const OctagonStateEstablishAfterCKKSReset = (OctagonState*) @"reenact_establish_after_ckks_reset";
102
103 /* used for trust health checks */
104 OctagonState* const OctagonStateHSA2HealthCheck = (OctagonState*) @"health_hsa2_check";
105 OctagonState* const OctagonStateCDPHealthCheck = (OctagonState*) @"health_cdp_check";
106 OctagonState* const OctagonStateTPHTrustCheck = (OctagonState*) @"tph_trust_check";
107 OctagonState* const OctagonStateCuttlefishTrustCheck = (OctagonState*) @"cuttlefish_trust_check";
108 OctagonState* const OctagonStatePostRepairCFU = (OctagonState*) @"post_repair_cfu";
109 OctagonState* const OctagonStateSecurityTrustCheck = (OctagonState*) @"security_trust_check";
110 OctagonState* const OctagonStateHealthCheckReset = (OctagonState*) @"health_check_reset";
111 /* signout */
112 OctagonState* const OctagonStateNoAccountDoReset = (OctagonState*) @"no_account_do_reset";
113
114 OctagonState* const OctagonStateWaitForUnlock = (OctagonState*) @"wait_for_unlock";
115
116 OctagonState* const OctagonStateAssistCKKSTLKUpload = (OctagonState*) @"assist_ckks_tlk_upload";
117 OctagonState* const OctagonStateAssistCKKSTLKUploadCKKSReset = (OctagonState*) @"assist_ckks_tlk_upload_ckks_reset";
118 OctagonState* const OctagonStateAssistCKKSTLKUploadAfterCKKSReset = (OctagonState*) @"assist_ckks_tlk_upload_after_ckks_reset";
119
120 OctagonState* const OctagonStateHealthCheckLeaveClique = (OctagonState*) @"leave_clique";
121
122 /* escrow */
123 OctagonState* const OctagonStateEscrowTriggerUpdate = (OctagonState*) @"escrow-trigger-update";
124
125 NSDictionary<OctagonState*, NSNumber*>* OctagonStateMap(void) {
126 static NSDictionary<OctagonState*, NSNumber*>* map = nil;
127 static dispatch_once_t onceToken;
128 dispatch_once(&onceToken, ^{
129 map = @{
130 OctagonStateReady: @0U,
131 OctagonStateError: @1U,
132 OctagonStateInitializing: @2U,
133 OctagonStateMachineNotStarted: @3U,
134 OctagonStateDisabled: @4U,
135 OctagonStateUntrusted: @5U,
136
137 //Removed: OctagonStateInitiatorAwaitingAcceptorEpoch: @9U,
138 //Removed: OctagonStateInitiatorReadyToSendIdentity: @10U,
139
140 OctagonStateInitiatorUpdateDeviceList: @8U,
141 OctagonStateInitiatorAwaitingVoucher: @11U,
142 OctagonStateInitiatorJoin: @12U,
143
144 //Removed: OctagonStateIdentityPrepared: @6U,
145 //Removed: OctagonStateDeviceListUpdated: @7U,
146
147 OctagonStateAttemptSOSUpgrade: @8U,
148
149 OctagonStateUnimplemented: @9U,
150 OctagonStateDetermineiCloudAccountState: @10U,
151 OctagonStateNoAccount: @11U,
152
153 OctagonStateResetAndEstablish: @12U,
154 OctagonStateReEnactDeviceList: @13U,
155 OctagonStateReEnactPrepare: @14U,
156 OctagonStateReEnactReadyToEstablish: @15U,
157 OctagonStateNoAccountDoReset: @16U,
158 OctagonStateBottleJoinVouchWithBottle: @17U,
159 OctagonStateBottleJoinCreateIdentity: @18U,
160 OctagonStateCloudKitNewlyAvailable: @19U,
161 OctagonStateCheckTrustState: @20U,
162 OctagonStateBecomeUntrusted: @21U,
163 OctagonStateWaitForUnlock: @22U,
164 OctagonStateWaitingForCloudKitAccount: @23U,
165 OctagonStateBecomeReady: @24U,
166 OctagonStateVouchWithRecoveryKey: @25U,
167 OctagonStateCreateIdentityForRecoveryKey: @26U,
168 OctagonStateUpdateSOSPreapprovals: @27U,
169 OctagonStateWaitForHSA2: @28U,
170 OctagonStateAssistCKKSTLKUpload: @29U,
171 OctagonStateStartCompanionPairing: @30U,
172 OctagonStateEscrowTriggerUpdate: @31U,
173 OctagonStateEnsureConsistency: @32U,
174 OctagonStateResetBecomeUntrusted: @33U,
175 OctagonStateUntrustedUpdated: @34U,
176 OctagonStateReadyUpdated: @35U,
177 OctagonStateTPHTrustCheck: @36U,
178 OctagonStateCuttlefishTrustCheck: @37U,
179 OctagonStatePostRepairCFU: @38U,
180 OctagonStateSecurityTrustCheck: @39U,
181 OctagonStateEnsureOctagonKeysAreConsistent: @40U,
182 OctagonStateEnsureUpdatePreapprovals: @41U,
183 OctagonStateResetAnyMissingTLKCKKSViews: @42U,
184 OctagonStateEstablishCKKSReset: @43U,
185 OctagonStateEstablishAfterCKKSReset: @44U,
186 OctagonStateSOSUpgradeCKKSReset: @45U,
187 OctagonStateSOSUpgradeAfterCKKSReset: @46U,
188 OctagonStateInitiatorJoinCKKSReset: @47U,
189 OctagonStateInitiatorJoinAfterCKKSReset: @48U,
190 OctagonStateHSA2HealthCheck: @49U,
191 OctagonStateHealthCheckReset: @50U,
192 OctagonStateAssistCKKSTLKUploadCKKSReset: @51U,
193 OctagonStateAssistCKKSTLKUploadAfterCKKSReset: @52U,
194 OctagonStateWaitForCDP: @53U,
195 OctagonStateDetermineCDPState: @54U,
196 OctagonStateWaitForCDPUpdated: @55U,
197 OctagonStateEstablishEnableCDPBit: @56U,
198 OctagonStateInitiatorSetCDPBit: @57U,
199 OctagonStateCDPHealthCheck: @58U,
200 OctagonStateHealthCheckLeaveClique: @59U,
201 OctagonStateRefetchCKKSPolicy: @60U,
202 };
203 });
204 return map;
205 }
206
207 NSDictionary<NSNumber*, OctagonState*>* OctagonStateInverseMap(void) {
208 static NSDictionary<NSNumber*, OctagonState*>* backwardMap = nil;
209 static dispatch_once_t onceToken;
210 dispatch_once(&onceToken, ^{
211 NSDictionary<OctagonState*, NSNumber*>* forwardMap = OctagonStateMap();
212 backwardMap = [NSDictionary dictionaryWithObjects:[forwardMap allKeys] forKeys:[forwardMap allValues]];
213 });
214 return backwardMap;
215 }
216
217 NSSet<OctagonState*>* OctagonInAccountStates(void)
218 {
219 static NSSet<OctagonState*>* s = nil;
220 static dispatch_once_t onceToken;
221 dispatch_once(&onceToken, ^{
222 NSMutableSet* sourceStates = [NSMutableSet setWithArray: OctagonStateMap().allKeys];
223
224 // NoAccount is obviously not in-account, but we also include the startup states that determine
225 // apple account and icloud account status:
226 [sourceStates removeObject:OctagonStateNoAccount];
227 [sourceStates removeObject:OctagonStateNoAccountDoReset];
228 [sourceStates removeObject:OctagonStateInitializing];
229 [sourceStates removeObject:OctagonStateDetermineiCloudAccountState];
230 [sourceStates removeObject:OctagonStateWaitingForCloudKitAccount];
231 [sourceStates removeObject:OctagonStateCloudKitNewlyAvailable];
232 [sourceStates removeObject:OctagonStateWaitForHSA2];
233
234 s = sourceStates;
235 });
236 return s;
237 }
238
239 NSSet<OctagonState *>* OctagonHealthSourceStates(void)
240 {
241 static NSSet<OctagonState*>* s = nil;
242 static dispatch_once_t onceToken;
243 dispatch_once(&onceToken, ^{
244 NSMutableSet* sourceStates = [NSMutableSet set];
245
246 [sourceStates addObject:OctagonStateReady];
247 [sourceStates addObject:OctagonStateError];
248 [sourceStates addObject:OctagonStateUntrusted];
249 [sourceStates addObject:OctagonStateWaitForHSA2];
250 [sourceStates addObject:OctagonStateWaitForUnlock];
251 [sourceStates addObject:OctagonStateWaitForCDP];
252
253 s = sourceStates;
254 });
255 return s;
256 }
257
258 // Flags
259 OctagonFlag* const OctagonFlagIDMSLevelChanged = (OctagonFlag*) @"idms_level";
260 OctagonFlag* const OctagonFlagEgoPeerPreapproved = (OctagonFlag*) @"preapproved";
261 OctagonFlag* const OctagonFlagCKKSRequestsTLKUpload = (OctagonFlag*) @"tlk_upload_needed";
262 OctagonFlag* const OctagonFlagCuttlefishNotification = (OctagonFlag*) @"recd_push";
263 OctagonFlag* const OctagonFlagAccountIsAvailable = (OctagonFlag*)@"account_available";
264 OctagonFlag* const OctagonFlagCDPEnabled = (OctagonFlag*) @"cdp_enabled";
265 OctagonFlag* const OctagonFlagAttemptSOSUpgrade = (OctagonFlag*)@"attempt_sos_upgrade";
266 OctagonFlag* const OctagonFlagFetchAuthKitMachineIDList = (OctagonFlag*)@"attempt_machine_id_list";
267 OctagonFlag* const OctagonFlagUnlocked = (OctagonFlag*)@"unlocked";
268 OctagonFlag* const OctagonFlagAttemptSOSUpdatePreapprovals = (OctagonFlag*)@"attempt_sos_update_preapprovals";
269 OctagonFlag* const OctagonFlagAttemptSOSConsistency = (OctagonFlag*)@"attempt_sos_consistency";
270 OctagonFlag* const OctagonFlagEscrowRequestInformCloudServicesOperation = (OctagonFlag*)@"escrowrequest_inform_cloudservices";
271
272 NSSet<OctagonFlag *>* AllOctagonFlags(void)
273 {
274 static NSSet<OctagonFlag*>* f = nil;
275 static dispatch_once_t onceToken;
276 dispatch_once(&onceToken, ^{
277 NSMutableSet* flags = [NSMutableSet set];
278
279 [flags addObject:OctagonFlagIDMSLevelChanged];
280 [flags addObject:OctagonFlagEgoPeerPreapproved];
281 [flags addObject:OctagonFlagCKKSRequestsTLKUpload];
282 [flags addObject:OctagonFlagCuttlefishNotification];
283 [flags addObject:OctagonFlagAccountIsAvailable];
284 [flags addObject:OctagonFlagCDPEnabled];
285 [flags addObject:OctagonFlagAttemptSOSUpgrade];
286 [flags addObject:OctagonFlagFetchAuthKitMachineIDList];
287 [flags addObject:OctagonFlagUnlocked];
288 [flags addObject:OctagonFlagAttemptSOSUpdatePreapprovals];
289 [flags addObject:OctagonFlagAttemptSOSConsistency];
290
291 f = flags;
292 });
293 return f;
294 }
295
296 #endif // OCTAGON
mirror of Security