keychain/ot/OTFetchCKKSKeysOperation.m

   1
   2 #if OCTAGON
   3
   4 #import "keychain/ckks/CKKSNewTLKOperation.h"
   5 #import "keychain/ot/OTFetchCKKSKeysOperation.h"
   6 #import "keychain/ot/ObjCImprovements.h"
   7
   8 @interface OTFetchCKKSKeysOperation ()
   9 @property NSSet<CKKSKeychainView*>* views;
  10 @property CKKSViewManager* manager;
  11
  12 @property BOOL fetchBeforeGettingKeyset;
  13 @end
  14
  15 @implementation OTFetchCKKSKeysOperation
  16
  17 - (instancetype)initWithDependencies:(OTOperationDependencies*)dependencies
  18                        refetchNeeded:(BOOL)refetchNeeded
  19 {
  20     if((self = [super init])) {
  21         _manager = dependencies.viewManager;
  22         _views = nil;
  23         _viewKeySets = @[];
  24         _tlkShares = @[];
  25         _pendingTLKShares = @[];
  26         _incompleteKeySets = @[];
  27
  28         _desiredTimeout = SecCKKSTestsEnabled() ? 5*NSEC_PER_SEC : 15*NSEC_PER_SEC;
  29
  30         _fetchBeforeGettingKeyset = refetchNeeded;
  31
  32         _viewsTimedOutWithoutKeysets = [NSSet set];
  33     }
  34     return self;
  35 }
  36
  37 - (instancetype)initWithViews:(NSSet<CKKSKeychainView*>*)views
  38 {
  39     if((self = [super init])) {
  40         _views = views;
  41         _manager = nil;
  42         _viewKeySets = @[];
  43         _tlkShares = @[];
  44         _pendingTLKShares = @[];
  45         _incompleteKeySets = @[];
  46
  47         _desiredTimeout = SecCKKSTestsEnabled() ? 5*NSEC_PER_SEC : 15*NSEC_PER_SEC;
  48
  49         _fetchBeforeGettingKeyset = NO;
  50
  51         _viewsTimedOutWithoutKeysets = [NSSet set];
  52     }
  53     return self;
  54 }
  55
  56 - (void)groupStart
  57 {
  58     NSMutableArray<CKKSResultOperation<CKKSKeySetProviderOperationProtocol>*>* keyOps = [NSMutableArray array];
  59
  60     if (self.views == nil) {
  61         NSMutableSet<CKKSKeychainView*>* mutViews = [NSMutableSet<CKKSKeychainView*> set];
  62         for (id key in self.manager.views) {
  63             CKKSKeychainView* view = self.manager.views[key];
  64             [mutViews addObject: view];
  65         }
  66         self.views = mutViews;
  67     }
  68
  69     for (CKKSKeychainView* view in self.views) {
  70         secnotice("octagon-ckks", "Waiting for %@", view);
  71         [keyOps addObject:[[view findKeySet:self.fetchBeforeGettingKeyset] timeout:self.desiredTimeout]];
  72     }
  73
  74     WEAKIFY(self);
  75     CKKSResultOperation* proceedWithKeys = [CKKSResultOperation named:@"proceed-with-ckks-keys"
  76                                                             withBlock:^{
  77         STRONGIFY(self);
  78
  79         NSMutableArray<CKKSKeychainBackedKeySet*>* viewKeySets = [NSMutableArray array];
  80         NSMutableArray<CKKSCurrentKeySet*>* ckksBrokenKeySets = [NSMutableArray array];
  81         NSMutableArray<CKKSTLKShare*>* tlkShares = [NSMutableArray array];
  82         NSMutableArray<CKKSTLKShare*>* pendingTLKShares = [NSMutableArray array];
  83
  84         NSMutableSet<NSString*>* viewsMIA = [NSMutableSet set];
  85
  86         for(CKKSResultOperation<CKKSKeySetProviderOperationProtocol>* op in keyOps) {
  87             if(op.error) {
  88                 secnotice("octagon-ckks", "No keys for zone %@: %@", op.zoneName, op.error);
  89
  90                 if([op.error.domain isEqualToString:CKKSResultErrorDomain] && op.error.code == CKKSResultTimedOut) {
  91                     [viewsMIA addObject:op.zoneName];
  92                 }
  93                 continue;
  94             }
  95
  96             NSError* localerror = nil;
  97             CKKSCurrentKeySet* keyset = op.keyset;
  98             CKKSKeychainBackedKeySet* keychainBackedKeyset = [keyset asKeychainBackedSet:&localerror];
  99
 100             if(keychainBackedKeyset) {
 101                 secnotice("octagon-ckks", "Have proposed keys: %@", keyset);
 102                 [viewKeySets addObject:keychainBackedKeyset];
 103             } else {
 104                 if(keyset) {
 105                     secnotice("octagon-ckks", "Unable to convert proposed keys: %@ %@", keyset, localerror);
 106                     [ckksBrokenKeySets addObject:op.keyset];
 107                 }
 108             }
 109
 110             for(CKKSTLKShareRecord* tlkShareRecord in op.keyset.tlkShares) {
 111                 [tlkShares addObject:tlkShareRecord.share];
 112             }
 113
 114             for(CKKSTLKShareRecord* tlkShareRecord in op.keyset.pendingTLKShares) {
 115                 [pendingTLKShares addObject:tlkShareRecord.share];
 116             }
 117             secnotice("octagon-ckks", "Have %u tlk shares, %u pending tlk shares",
 118                       (uint32_t)op.keyset.tlkShares.count,
 119                       (uint32_t)op.keyset.pendingTLKShares.count);
 120         }
 121
 122         self.viewKeySets = viewKeySets;
 123         self.incompleteKeySets = ckksBrokenKeySets;
 124         self.tlkShares = tlkShares;
 125         self.pendingTLKShares = pendingTLKShares;
 126         self.viewsTimedOutWithoutKeysets = viewsMIA;
 127
 128         secnotice("octagon-ckks", "Fetched %d key sets, %d broken key sets, %d tlk shares, %d pendingTLKShares, and %d views timing out",
 129                   (int)self.viewKeySets.count,
 130                   (int)self.incompleteKeySets.count,
 131                   (int)self.tlkShares.count,
 132                   (int)self.pendingTLKShares.count,
 133                   (int)self.viewsTimedOutWithoutKeysets.count);
 134     }];
 135
 136     for(CKKSResultOperation<CKKSKeySetProviderOperationProtocol>* op in keyOps) {
 137         [proceedWithKeys addDependency: op];
 138     }
 139
 140     [self runBeforeGroupFinished:proceedWithKeys];
 141 }
 142 @end
 143
 144 #endif // OCTAGON