]> git.saurik.com Git - apple/security.git/blob - keychain/ot/OTStates.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / keychain / ot / OTStates.m
1 /*
2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #if OCTAGON
25
26 #import "keychain/ot/OctagonStateMachineHelpers.h"
27 #import "keychain/ot/OTStates.h"
28 #import "keychain/ot/ObjCImprovements.h"
29 #import "keychain/ot/OTDefines.h"
30 #import "keychain/ot/OTConstants.h"
31 #import "keychain/categories/NSError+UsefulConstructors.h"
32
33 OctagonState* const OctagonStateNoAccount = (OctagonState*) @"no_account";
34
35 OctagonState* const OctagonStateWaitForHSA2 = (OctagonState*) @"wait_for_hsa2";
36
37 OctagonState* const OctagonStateUntrusted = (OctagonState*) @"untrusted";
38 OctagonState* const OctagonStateBecomeUntrusted = (OctagonState*) @"become_untrusted";
39
40 OctagonState* const OctagonStateReady = (OctagonState*) @"ready";
41 OctagonState* const OctagonStateBecomeReady = (OctagonState*) @"become_ready";
42
43 OctagonState* const OctagonStateEnsureConsistency = (OctagonState*) @"consistency_check";
44 OctagonState* const OctagonStateEnsureOctagonKeysAreConsistent = (OctagonState*)@"key_consistency_check";
45 OctagonState* const OctagonStateEnsureUpdatePreapprovals = (OctagonState*)@"ensure_preapprovals_updated";
46
47 OctagonState* const OctagonStateInitializing = (OctagonState*) @"initializing";
48 OctagonState* const OctagonStateWaitingForCloudKitAccount = (OctagonState*) @"waiting_for_cloudkit_account";
49 OctagonState* const OctagonStateCloudKitNewlyAvailable = (OctagonState*) @"account_newly_available";
50 OctagonState* const OctagonStateCheckTrustState = (OctagonState*) @"check_trust_state";
51
52 OctagonState* const OctagonStateUpdateSOSPreapprovals = (OctagonState*) @"update_sos_preapprovals";
53
54 /*Piggybacking and ProximitySetup as Initiator Octagon only*/
55 OctagonState* const OctagonStateInitiatorUpdateDeviceList = (OctagonState*) @"initiator_device_list_update";
56 OctagonState* const OctagonStateInitiatorAwaitingVoucher = (OctagonState*)@"await_voucher";
57 OctagonState* const OctagonStateInitiatorJoin = (OctagonState*)@"join";
58 OctagonState* const OctagonStateInitiatorJoinCKKSReset = (OctagonState*)@"join_ckks_reset";
59 OctagonState* const OctagonStateInitiatorJoinAfterCKKSReset = (OctagonState*)@"join_after_ckks_reset";
60
61 /* used in restore (join with bottle)*/
62 OctagonState* const OctagonStateInitiatorCreateIdentity = (OctagonState*)@"create_identity";
63 OctagonState* const OctagonStateInitiatorVouchWithBottle = (OctagonState*)@"vouchWithBottle";
64 OctagonState* const OctagonStateCreateIdentityForRecoveryKey = (OctagonState*)@"vouchWithRecovery";
65
66 /* used in resotre (join with recovery key)*/
67 OctagonState* const OctagonStateVouchWithRecoveryKey = (OctagonState*)@"vouchWithRecoveryKey";
68
69 OctagonState* const OctagonStateStartCompanionPairing = (OctagonState*)@"start_companion_pairing";
70
71 // Untrusted cuttlefish notification.
72 OctagonState* const OctagonStateUntrustedUpdated = (OctagonState*)@"untrusted_update";
73
74 // Cuttlefish notifiation while ready.
75 OctagonState* const OctagonStateReadyUpdated = (OctagonState*)@"ready_update";
76
77 OctagonState* const OctagonStateError = (OctagonState*) @"error";
78 OctagonState* const OctagonStateDisabled = (OctagonState*) @"disabled";
79
80 OctagonState* const OctagonStateDetermineiCloudAccountState = (OctagonState*) @"determine_icloud_account";
81 OctagonState* const OctagonStateAttemptSOSUpgrade = (OctagonState*) @"sosupgrade";
82 OctagonState* const OctagonStateSOSUpgradeCKKSReset = (OctagonState*) @"sosupgrade_ckks_reset";
83 OctagonState* const OctagonStateSOSUpgradeAfterCKKSReset = (OctagonState*) @"sosupgrade_after_ckks_reset";
84 OctagonState* const OctagonStateUnimplemented = (OctagonState*) @"unimplemented";
85
86 /* Reset and establish */
87 OctagonState* const OctagonStateResetBecomeUntrusted = (OctagonState*) @"reset_become_untrusted";
88 OctagonState* const OctagonStateResetAndEstablish = (OctagonState*) @"reset_and_establish";
89 OctagonState* const OctagonStateResetAnyMissingTLKCKKSViews = (OctagonState*) @"reset_ckks_missing_views";
90 OctagonState* const OctagonStateReEnactDeviceList = (OctagonState*) @"reenact_device_list";
91 OctagonState* const OctagonStateReEnactPrepare = (OctagonState*) @"reenact_prepare";
92 OctagonState* const OctagonStateReEnactReadyToEstablish = (OctagonState*) @"reenact_ready_to_establish";
93 OctagonState* const OctagonStateEstablishCKKSReset = (OctagonState*) @"reenact_ckks_reset";
94 OctagonState* const OctagonStateEstablishAfterCKKSReset = (OctagonState*) @"reenact_establish_after_ckks_reset";
95
96 /* used for trust health checks */
97 OctagonState* const OctagonStateHSA2HealthCheck = (OctagonState*) @"health_hsa2_check";
98 OctagonState* const OctagonStateTPHTrustCheck = (OctagonState*) @"tph_trust_check";
99 OctagonState* const OctagonStateCuttlefishTrustCheck = (OctagonState*) @"cuttlefish_trust_check";
100 OctagonState* const OctagonStatePostRepairCFU = (OctagonState*) @"post_repair_cfu";
101 OctagonState* const OctagonStateSecurityTrustCheck = (OctagonState*) @"security_trust_check";
102 /* signout */
103 OctagonState* const OctagonStateNoAccountDoReset = (OctagonState*) @"no_account_do_reset";
104
105 OctagonState* const OctagonStateWaitForUnlock = (OctagonState*) @"wait_for_unlock";
106
107 OctagonState* const OctagonStateAssistCKKSTLKUpload = (OctagonState*) @"assist_ckks_tlk_upload";
108
109 /* escrow */
110 OctagonState* const OctagonStateEscrowTriggerUpdate = (OctagonState*) @"escrow-trigger-update";
111
112 NSDictionary<OctagonState*, NSNumber*>* OctagonStateMap(void) {
113 static NSDictionary<OctagonState*, NSNumber*>* map = nil;
114 static dispatch_once_t onceToken;
115 dispatch_once(&onceToken, ^{
116 map = @{
117 OctagonStateReady: @0U,
118 OctagonStateError: @1U,
119 OctagonStateInitializing: @2U,
120 OctagonStateMachineNotStarted: @3U,
121 OctagonStateDisabled: @4U,
122 OctagonStateUntrusted: @5U,
123
124 //Removed: OctagonStateInitiatorAwaitingAcceptorEpoch: @9U,
125 //Removed: OctagonStateInitiatorReadyToSendIdentity: @10U,
126
127 OctagonStateInitiatorUpdateDeviceList: @8U,
128 OctagonStateInitiatorAwaitingVoucher: @11U,
129 OctagonStateInitiatorJoin: @12U,
130
131 //Removed: OctagonStateIdentityPrepared: @6U,
132 //Removed: OctagonStateDeviceListUpdated: @7U,
133
134 OctagonStateAttemptSOSUpgrade: @8U,
135
136 OctagonStateUnimplemented: @9U,
137 OctagonStateDetermineiCloudAccountState: @10U,
138 OctagonStateNoAccount: @11U,
139
140 OctagonStateResetAndEstablish: @12U,
141 OctagonStateReEnactDeviceList: @13U,
142 OctagonStateReEnactPrepare: @14U,
143 OctagonStateReEnactReadyToEstablish: @15U,
144 OctagonStateNoAccountDoReset: @16U,
145 OctagonStateInitiatorVouchWithBottle: @17U,
146 OctagonStateInitiatorCreateIdentity: @18U,
147 OctagonStateCloudKitNewlyAvailable: @19U,
148 OctagonStateCheckTrustState: @20U,
149 OctagonStateBecomeUntrusted: @21U,
150 OctagonStateWaitForUnlock: @22U,
151 OctagonStateWaitingForCloudKitAccount: @23U,
152 OctagonStateBecomeReady: @24U,
153 OctagonStateVouchWithRecoveryKey: @25U,
154 OctagonStateCreateIdentityForRecoveryKey: @26U,
155 OctagonStateUpdateSOSPreapprovals: @27U,
156 OctagonStateWaitForHSA2: @28U,
157 OctagonStateAssistCKKSTLKUpload: @29U,
158 OctagonStateStartCompanionPairing: @30U,
159 OctagonStateEscrowTriggerUpdate: @31U,
160 OctagonStateEnsureConsistency: @32U,
161 OctagonStateResetBecomeUntrusted: @33U,
162 OctagonStateUntrustedUpdated: @34U,
163 OctagonStateReadyUpdated: @35U,
164 OctagonStateTPHTrustCheck: @36U,
165 OctagonStateCuttlefishTrustCheck: @37U,
166 OctagonStatePostRepairCFU: @38U,
167 OctagonStateSecurityTrustCheck: @39U,
168 OctagonStateEnsureOctagonKeysAreConsistent: @40U,
169 OctagonStateEnsureUpdatePreapprovals: @41U,
170 OctagonStateResetAnyMissingTLKCKKSViews: @42U,
171 OctagonStateEstablishCKKSReset: @43U,
172 OctagonStateEstablishAfterCKKSReset: @44U,
173 OctagonStateSOSUpgradeCKKSReset: @45U,
174 OctagonStateSOSUpgradeAfterCKKSReset: @46U,
175 OctagonStateInitiatorJoinCKKSReset: @47U,
176 OctagonStateInitiatorJoinAfterCKKSReset: @48U,
177 OctagonStateHSA2HealthCheck: @49U,
178 };
179 });
180 return map;
181 }
182
183 NSDictionary<NSNumber*, OctagonState*>* OctagonStateInverseMap(void) {
184 static NSDictionary<NSNumber*, OctagonState*>* backwardMap = nil;
185 static dispatch_once_t onceToken;
186 dispatch_once(&onceToken, ^{
187 NSDictionary<OctagonState*, NSNumber*>* forwardMap = OctagonStateMap();
188 backwardMap = [NSDictionary dictionaryWithObjects:[forwardMap allKeys] forKeys:[forwardMap allValues]];
189 });
190 return backwardMap;
191 }
192
193 // This mistakenly includes OctagonStateWaitForHSA2, which should not be considered an "In Account" state.
194 NSSet<OctagonState*>* OctagonInAccountStates(void)
195 {
196 static NSSet<OctagonState*>* s = nil;
197 static dispatch_once_t onceToken;
198 dispatch_once(&onceToken, ^{
199 NSMutableSet* sourceStates = [NSMutableSet setWithArray: OctagonStateMap().allKeys];
200
201 // NoAccount is obviously not in-account, but we also include the startup states that determine
202 // apple account and icloud account status:
203 [sourceStates removeObject:OctagonStateNoAccount];
204 [sourceStates removeObject:OctagonStateNoAccountDoReset];
205 [sourceStates removeObject:OctagonStateInitializing];
206 [sourceStates removeObject:OctagonStateDetermineiCloudAccountState];
207 [sourceStates removeObject:OctagonStateWaitingForCloudKitAccount];
208 [sourceStates removeObject:OctagonStateCloudKitNewlyAvailable];
209
210 s = sourceStates;
211 });
212 return s;
213 }
214
215 NSSet<OctagonState *>* OctagonHealthSourceStates(void)
216 {
217 static NSSet<OctagonState*>* s = nil;
218 static dispatch_once_t onceToken;
219 dispatch_once(&onceToken, ^{
220 NSMutableSet* sourceStates = [NSMutableSet set];
221
222 [sourceStates addObject:OctagonStateReady];
223 [sourceStates addObject:OctagonStateError];
224 [sourceStates addObject:OctagonStateUntrusted];
225 [sourceStates addObject:OctagonStateWaitForHSA2];
226 [sourceStates addObject:OctagonStateWaitForUnlock];
227
228 s = sourceStates;
229 });
230 return s;
231 }
232
233 // Flags
234 OctagonFlag* const OctagonFlagEgoPeerPreapproved = (OctagonFlag*) @"preapproved";
235 OctagonFlag* const OctagonFlagCKKSRequestsTLKUpload = (OctagonFlag*) @"tlk_upload_needed";
236 OctagonFlag* const OctagonFlagCuttlefishNotification = (OctagonFlag*) @"recd_push";
237 OctagonFlag* const OctagonFlagAccountIsAvailable = (OctagonFlag*)@"account_available";
238 OctagonFlag* const OctagonFlagAttemptSOSUpgrade = (OctagonFlag*)@"attempt_sos_upgrade";
239 OctagonFlag* const OctagonFlagFetchAuthKitMachineIDList = (OctagonFlag*)@"attempt_machine_id_list";
240 OctagonFlag* const OctagonFlagUnlocked = (OctagonFlag*)@"unlocked";
241 OctagonFlag* const OctagonFlagAttemptSOSUpdatePreapprovals = (OctagonFlag*)@"attempt_sos_update_preapprovals";
242 OctagonFlag* const OctagonFlagPerformHealthCheck = (OctagonFlag*)@"perform_health_check";
243 OctagonFlag* const OctagonFlagEscrowRequestInformCloudServicesOperation = (OctagonFlag*)@"escrowrequest_inform_cloudservices";
244 #endif // OCTAGON
mirror of Security