keychain/ot/OTSetRecoveryKeyOperation.m

   1 /*
   2  * Copyright (c) 2019 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if OCTAGON
  25
  26 #import <utilities/debugging.h>
  27
  28 #import "keychain/ot/OTSetRecoveryKeyOperation.h"
  29 #import "keychain/ot/OTClientStateMachine.h"
  30 #import "keychain/ot/OTCuttlefishContext.h"
  31 #import "keychain/ot/OTFetchCKKSKeysOperation.h"
  32
  33 #import "keychain/TrustedPeersHelper/TrustedPeersHelperProtocol.h"
  34 #import "keychain/ot/ObjCImprovements.h"
  35
  36 @interface OTSetRecoveryKeyOperation ()
  37 @property OTOperationDependencies* deps;
  38
  39 @property NSOperation* finishOp;
  40 @end
  41
  42 @implementation OTSetRecoveryKeyOperation
  43
  44 - (instancetype)initWithDependencies:(OTOperationDependencies*)dependencies
  45                          recoveryKey:(NSString*)recoveryKey
  46 {
  47     if((self = [super init])) {
  48         _deps = dependencies;
  49         _recoveryKey = recoveryKey;
  50     }
  51     return self;
  52 }
  53
  54 - (void)groupStart
  55 {
  56     self.finishOp = [[NSOperation alloc] init];
  57     [self dependOnBeforeGroupFinished:self.finishOp];
  58
  59     NSString* salt = nil;
  60
  61     NSError *authKitError = nil;
  62     NSString *altDSID = [self.deps.authKitAdapter primaryiCloudAccountAltDSID:&authKitError];
  63
  64     if (altDSID) {
  65         salt = altDSID;
  66     }
  67     else {
  68         secnotice("octagon", "authkit doesn't know about the altdsid, using stored value: %@", authKitError);
  69
  70         NSError* accountError = nil;
  71         OTAccountMetadataClassC* account = [self.deps.stateHolder loadOrCreateAccountMetadata:&accountError];
  72
  73         if(account && !accountError) {
  74             secnotice("octagon", "retrieved account, altdsid is: %@", account.altDSID);
  75             salt = account.altDSID;
  76         }
  77         if(accountError || !account){
  78             secerror("failed to rerieve account object: %@", accountError);
  79         }
  80     }
  81
  82     WEAKIFY(self);
  83
  84     OTFetchCKKSKeysOperation* fetchKeysOp = [[OTFetchCKKSKeysOperation alloc] initWithDependencies:self.deps
  85                                                                                      refetchNeeded:NO];
  86     [self runBeforeGroupFinished:fetchKeysOp];
  87
  88     CKKSResultOperation* proceedWithKeys = [CKKSResultOperation named:@"setting-recovery-tlks"
  89                                                             withBlock:^{
  90                                                                 STRONGIFY(self);
  91                                                                 [self proceedWithKeys:fetchKeysOp.viewKeySets salt:salt];
  92                                                             }];
  93
  94     [proceedWithKeys addDependency:fetchKeysOp];
  95     [self runBeforeGroupFinished:proceedWithKeys];
  96 }
  97
  98 - (void)proceedWithKeys:(NSArray<CKKSKeychainBackedKeySet*>*)viewKeySets salt:(NSString*)salt
  99 {
 100     WEAKIFY(self);
 101
 102     [self.deps.cuttlefishXPCWrapper setRecoveryKeyWithContainer:self.deps.containerName
 103                                                         context:self.deps.contextID
 104                                                     recoveryKey:self.recoveryKey
 105                                                            salt:salt
 106                                                        ckksKeys:viewKeySets
 107                                                           reply:^(NSArray<CKRecord*>* _Nullable keyHierarchyRecords,
 108                                                                   NSError * _Nullable setError) {
 109             STRONGIFY(self);
 110             if(setError){
 111                 [[CKKSAnalytics logger] logResultForEvent:OctagonEventSetRecoveryKey hardFailure:true result:setError];
 112                 secerror("octagon: Error setting recovery key: %@", setError);
 113                 self.error = setError;
 114                 [self runBeforeGroupFinished:self.finishOp];
 115             } else {
 116                 secnotice("octagon", "successfully set recovery key");
 117
 118                 for (id key in self.deps.viewManager.views) {
 119                     CKKSKeychainView* view = self.deps.viewManager.views[key];
 120                     secnotice("octagon-ckks", "Providing setRecoveryKey() records to %@", view);
 121                     [view receiveTLKUploadRecords:keyHierarchyRecords];
 122                 }
 123                 [self runBeforeGroupFinished:self.finishOp];
 124             }
 125         }];
 126 }
 127
 128 @end
 129
 130 #endif // OCTAGON