]> git.saurik.com Git - apple/security.git/blob - keychain/ot/OTFetchCKKSKeysOperation.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / keychain / ot / OTFetchCKKSKeysOperation.m
1
2 #if OCTAGON
3
4 #import "keychain/ckks/CKKSNewTLKOperation.h"
5 #import "keychain/ot/OTFetchCKKSKeysOperation.h"
6 #import "keychain/ot/ObjCImprovements.h"
7
8 @interface OTFetchCKKSKeysOperation ()
9 @property NSSet<CKKSKeychainView*>* views;
10 @property CKKSViewManager* manager;
11 @end
12
13 @implementation OTFetchCKKSKeysOperation
14
15 - (instancetype)initWithDependencies:(OTOperationDependencies*)dependencies
16 {
17 if((self = [super init])) {
18 _manager = dependencies.viewManager;
19 _views = nil;
20 _viewKeySets = @[];
21 _tlkShares = @[];
22 _pendingTLKShares = @[];
23 _incompleteKeySets = @[];
24 }
25 return self;
26 }
27
28 - (instancetype)initWithViews:(NSSet<CKKSKeychainView*>*)views
29 {
30 if((self = [super init])) {
31 _views = views;
32 _manager = nil;
33 _viewKeySets = @[];
34 _tlkShares = @[];
35 _pendingTLKShares = @[];
36 _incompleteKeySets = @[];
37 }
38 return self;
39 }
40
41 - (void)groupStart
42 {
43 NSMutableArray<CKKSResultOperation<CKKSKeySetProviderOperationProtocol>*>* keyOps = [NSMutableArray array];
44
45 if (self.views == nil) {
46 NSMutableSet<CKKSKeychainView*>* mutViews = [NSMutableSet<CKKSKeychainView*> set];
47 for (id key in self.manager.views) {
48 CKKSKeychainView* view = self.manager.views[key];
49 [mutViews addObject: view];
50 }
51 self.views = mutViews;
52 }
53
54 for (CKKSKeychainView* view in self.views) {
55 secnotice("octagon-ckks", "Waiting for %@", view);
56 [keyOps addObject:[[view findKeySet] timeout:45*NSEC_PER_SEC]];
57 }
58
59 WEAKIFY(self);
60 CKKSResultOperation* proceedWithKeys = [CKKSResultOperation named:@"proceed-with-ckks-keys"
61 withBlock:^{
62 STRONGIFY(self);
63
64 NSMutableArray<CKKSKeychainBackedKeySet*>* viewKeySets = [NSMutableArray array];
65 NSMutableArray<CKKSCurrentKeySet*>* ckksBrokenKeySets = [NSMutableArray array];
66 NSMutableArray<CKKSTLKShare*>* tlkShares = [NSMutableArray array];
67 NSMutableArray<CKKSTLKShare*>* pendingTLKShares = [NSMutableArray array];
68
69 for(CKKSResultOperation<CKKSKeySetProviderOperationProtocol>* op in keyOps) {
70 if(op.error) {
71 secnotice("octagon-ckks", "No keys for zone %@: %@", op.zoneName, op.error);
72 continue;
73 }
74
75 NSError* localerror = nil;
76 CKKSKeychainBackedKeySet* keyset = [op.keyset asKeychainBackedSet:&localerror];
77
78 if(keyset) {
79 secnotice("octagon-ckks", "Have proposed keys: %@", op.keyset);
80 [viewKeySets addObject:keyset];
81 } else {
82 secnotice("octagon-ckks", "Unable to convert proposed keys: %@ %@", op.keyset, localerror);
83 if(op.keyset) {
84 [ckksBrokenKeySets addObject:op.keyset];
85 }
86 }
87
88 for(CKKSTLKShareRecord* tlkShareRecord in op.keyset.tlkShares) {
89 [tlkShares addObject:tlkShareRecord.share];
90 }
91 secnotice("octagon-ckks", "Have %u tlk shares", (uint32_t)op.keyset.tlkShares.count);
92
93 for(CKKSTLKShareRecord* tlkShareRecord in op.keyset.pendingTLKShares) {
94 [pendingTLKShares addObject:tlkShareRecord.share];
95 }
96 secnotice("octagon-ckks", "Have %u pending tlk shares", (uint32_t)op.keyset.pendingTLKShares.count);
97 }
98
99 self.viewKeySets = viewKeySets;
100 self.incompleteKeySets = ckksBrokenKeySets;
101 self.tlkShares = tlkShares;
102 self.pendingTLKShares = pendingTLKShares;
103
104 secnotice("octagon-ckks", "Fetched %d key sets, %d broken key set,s %d tlk shares, and %d pendingTLKShares",
105 (int)self.viewKeySets.count,
106 (int)self.incompleteKeySets.count,
107 (int)self.tlkShares.count,
108 (int)self.pendingTLKShares.count);
109 }];
110
111 for(CKKSResultOperation<CKKSKeySetProviderOperationProtocol>* op in keyOps) {
112 [proceedWithKeys addDependency: op];
113 }
114
115 [self runBeforeGroupFinished:proceedWithKeys];
116 }
117 @end
118
119 #endif // OCTAGON
mirror of Security