keychain/ot/OTVouchWithRecoveryKeyOperation.m

   1 /*
   2  * Copyright (c) 2019 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if OCTAGON
  25
  26 #import <utilities/debugging.h>
  27
  28 #import "keychain/ot/OTVouchWithRecoveryKeyOperation.h"
  29 #import "keychain/ot/OTClientStateMachine.h"
  30 #import "keychain/ot/OTCuttlefishContext.h"
  31 #import "keychain/ot/OTFetchCKKSKeysOperation.h"
  32
  33 #import "keychain/TrustedPeersHelper/TrustedPeersHelperProtocol.h"
  34 #import "keychain/ot/ObjCImprovements.h"
  35
  36 @interface OTVouchWithRecoveryKeyOperation ()
  37 @property OTOperationDependencies* deps;
  38
  39 @property NSOperation* finishOp;
  40 @end
  41
  42 @implementation OTVouchWithRecoveryKeyOperation
  43 @synthesize intendedState = _intendedState;
  44
  45 - (instancetype)initWithDependencies:(OTOperationDependencies*)dependencies
  46                        intendedState:(OctagonState*)intendedState
  47                           errorState:(OctagonState*)errorState
  48                          recoveryKey:(NSString*)recoveryKey
  49 {
  50     if((self = [super init])) {
  51         _deps = dependencies;
  52         _intendedState = intendedState;
  53         _nextState = errorState;
  54
  55         _recoveryKey = recoveryKey;
  56     }
  57     return self;
  58 }
  59
  60 - (void)groupStart
  61 {
  62     secnotice("octagon", "creating voucher using a recovery key");
  63
  64     self.finishOp = [[NSOperation alloc] init];
  65     [self dependOnBeforeGroupFinished:self.finishOp];
  66
  67     NSString* salt = nil;
  68
  69     if(self.salt != nil) {
  70         secnotice("octagon", "using passed in altdsid, altdsid is: %@", self.salt);
  71         salt = self.salt;
  72     } else{
  73         if(self.deps.authKitAdapter.primaryiCloudAccountAltDSID){
  74             secnotice("octagon", "using auth kit adapter, altdsid is: %@", self.deps.authKitAdapter.primaryiCloudAccountAltDSID);
  75             salt = self.deps.authKitAdapter.primaryiCloudAccountAltDSID;
  76         }
  77         else {
  78             NSError* accountError = nil;
  79             OTAccountMetadataClassC* account = [self.deps.stateHolder loadOrCreateAccountMetadata:&accountError];
  80
  81             if(account && !accountError) {
  82                 secnotice("octagon", "retrieved account, altdsid is: %@", account.altDSID);
  83                 salt = account.altDSID;
  84             }
  85             if(accountError || !account){
  86                 secerror("failed to rerieve account object: %@", accountError);
  87             }
  88         }
  89     }
  90
  91     WEAKIFY(self);
  92
  93     // After a vouch, we also want to acquire all TLKs that the bottled peer might have had
  94     OTFetchCKKSKeysOperation* fetchKeysOp = [[OTFetchCKKSKeysOperation alloc] initWithDependencies:self.deps];
  95     [self runBeforeGroupFinished:fetchKeysOp];
  96
  97     CKKSResultOperation* proceedWithKeys = [CKKSResultOperation named:@"recovery-tlks"
  98                                                             withBlock:^{
  99                                                                 STRONGIFY(self);
 100                                                                 [self proceedWithKeys:fetchKeysOp.viewKeySets tlkShares:fetchKeysOp.tlkShares salt:salt];
 101                                                             }];
 102
 103     [proceedWithKeys addDependency:fetchKeysOp];
 104     [self runBeforeGroupFinished:proceedWithKeys];
 105 }
 106
 107 - (void)proceedWithKeys:(NSArray<CKKSKeychainBackedKeySet*>*)viewKeySets tlkShares:(NSArray<CKKSTLKShare*>*)tlkShares salt:(NSString*)salt
 108 {
 109     WEAKIFY(self);
 110
 111     [[self.deps.cuttlefishXPC remoteObjectProxyWithErrorHandler:^(NSError * _Nonnull error) {
 112         STRONGIFY(self);
 113         secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
 114         [[CKKSAnalytics logger] logRecoverableError:error forEvent:OctagonEventVoucherWithBottle withAttributes:NULL];
 115         self.error = error;
 116         [self runBeforeGroupFinished:self.finishOp];
 117
 118     }]  vouchWithRecoveryKeyWithContainer:self.deps.containerName
 119      context:self.deps.contextID
 120      recoveryKey:self.recoveryKey
 121      salt:salt
 122      tlkShares:tlkShares
 123      reply:^(NSData * _Nullable voucher, NSData * _Nullable voucherSig, NSError * _Nullable error) {
 124          if(error){
 125              [[CKKSAnalytics logger] logResultForEvent:OctagonEventVoucherWithRecoveryKey hardFailure:true result:error];
 126              secerror("octagon: Error preparing voucher using recovery key: %@", error);
 127              self.error = error;
 128              [self runBeforeGroupFinished:self.finishOp];
 129              return;
 130          }
 131          self.voucher = voucher;
 132          self.voucherSig = voucherSig;
 133          self.nextState = self.intendedState;
 134          [self runBeforeGroupFinished:self.finishOp];
 135      }];
 136 }
 137
 138 @end
 139
 140 #endif // OCTAGON