keychain/ot/OTControl.m

   1 /*
   2  * Copyright (c) 2017 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if __OBJC2__
  25
  26 #import <Foundation/NSXPCConnection_Private.h>
  27 #import <xpc/xpc.h>
  28
  29 #import <Security/SecItemPriv.h>
  30
  31 #import "keychain/ot/OTControl.h"
  32 #import "keychain/ot/OTControlProtocol.h"
  33 #import "keychain/ot/OctagonControlServer.h"
  34
  35 #include <security_utilities/debugging.h>
  36
  37 #if OCTAGON
  38 #import <SecurityFoundation/SFKey.h>
  39 #endif
  40
  41 @interface OTControl ()
  42 @property NSXPCConnection *connection;
  43 @end
  44
  45 @implementation OTControl
  46
  47 - (instancetype)initWithConnection:(NSXPCConnection*)connection {
  48     if(self = [super init]) {
  49         _connection = connection;
  50     }
  51     return self;
  52 }
  53
  54 - (void)restore:(NSString *)contextID dsid:(NSString *)dsid secret:(NSData*)secret escrowRecordID:(NSString*)escrowRecordID
  55          reply:(void (^)(NSData* signingKeyData, NSData* encryptionKeyData, NSError* _Nullable error))reply
  56 {
  57     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
  58         reply(nil, nil, error);
  59     }] restore:contextID dsid:dsid secret:secret escrowRecordID:escrowRecordID reply:^(NSData* signingKeyData, NSData* encryptionKeyData, NSError *error) {
  60         reply(signingKeyData, encryptionKeyData, error);
  61     }];
  62
  63 }
  64
  65 -(void)reset:(void (^)(BOOL result, NSError* _Nullable error))reply
  66 {
  67     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
  68         reply(NO, error);
  69     }] reset:^(BOOL result, NSError * _Nullable error) {
  70         reply(result, error);
  71     }];
  72 }
  73
  74 - (void)signingKey:(void (^)(NSData* result, NSError* _Nullable error))reply
  75 {
  76     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
  77         reply(nil, error);
  78     }] octagonSigningPublicKey:^(NSData *signingKey, NSError * _Nullable error) {
  79         reply(signingKey, error);
  80     }];
  81
  82 }
  83
  84 - (void)encryptionKey:(void (^)(NSData* result, NSError* _Nullable error))reply
  85 {
  86     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
  87         reply(nil, error);
  88     }] octagonEncryptionPublicKey:^(NSData *encryptionKey, NSError * _Nullable error) {
  89         reply(encryptionKey, error);
  90     }];
  91
  92 }
  93
  94 - (void)listOfRecords:(void (^)(NSArray* list, NSError* _Nullable error))reply
  95 {
  96     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
  97         reply(nil, error);
  98     }] listOfEligibleBottledPeerRecords:^(NSArray *list, NSError * _Nullable error) {
  99         reply(list, error);
 100     }];
 101
 102 }
 103
 104 - (void)signIn:(NSString*)dsid reply:(void (^)(BOOL result, NSError * _Nullable error))reply{
 105     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
 106         reply(NO, error);
 107     }] signIn:dsid reply:^(BOOL result, NSError * _Nullable error) {
 108         reply(result, error);
 109     }];
 110 }
 111
 112 - (void)signOut:(void (^)(BOOL result, NSError * _Nullable error))reply
 113 {
 114     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
 115         reply(NO, error);
 116     }] signOut:^(BOOL result, NSError * _Nullable error) {
 117         reply(result, error);
 118     }];
 119
 120 }
 121
 122
 123 - (void)preflightBottledPeer:(NSString*)contextID
 124                         dsid:(NSString*)dsid
 125                        reply:(void (^)(NSData* _Nullable entropy,
 126                                        NSString* _Nullable bottleID,
 127                                        NSData* _Nullable signingPublicKey,
 128                                        NSError* _Nullable error))reply
 129 {
 130     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
 131         reply(nil, nil, nil, error);
 132     }] preflightBottledPeer:contextID dsid:dsid reply:^(NSData* _Nullable entropy,
 133                                                         NSString* _Nullable bottleID,
 134                                                         NSData* _Nullable signingPublicKey,
 135                                                         NSError* _Nullable error) {
 136         reply(entropy, bottleID, signingPublicKey, error);
 137     }];
 138 }
 139
 140 - (void)launchBottledPeer:(NSString*)contextID
 141                  bottleID:(NSString*)bottleID
 142                     reply:(void (^ _Nullable)(NSError* _Nullable))reply
 143 {
 144     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
 145         reply(error);
 146     }] launchBottledPeer:contextID bottleID:bottleID reply:^(NSError * _Nullable error) {
 147         reply(error);
 148     }];
 149 }
 150
 151 - (void)scrubBottledPeer:(NSString*)contextID
 152                 bottleID:(NSString*)bottleID
 153                    reply:(void (^ _Nullable)(NSError* _Nullable))reply
 154 {
 155     [[self.connection remoteObjectProxyWithErrorHandler: ^(NSError* error) {
 156         reply(error);
 157     }] scrubBottledPeer:contextID bottleID:bottleID reply:reply];
 158 }
 159
 160 + (OTControl*)controlObject:(NSError* __autoreleasing *)error {
 161
 162     NSXPCConnection* connection = [[NSXPCConnection alloc] initWithMachServiceName:@(kSecuritydOctagonServiceName) options:0];
 163
 164     if (connection == nil) {
 165         if(error) {
 166             *error =  [NSError errorWithDomain:@"securityd" code:-1 userInfo:@{NSLocalizedDescriptionKey: @"Couldn't create connection (no reason given)"}];
 167         }
 168         return nil;
 169     }
 170
 171     NSXPCInterface *interface = OTSetupControlProtocol([NSXPCInterface interfaceWithProtocol:@protocol(OTControlProtocol)]);
 172     connection.remoteObjectInterface = interface;
 173     [connection resume];
 174
 175     OTControl* c = [[OTControl alloc] initWithConnection:connection];
 176     return c;
 177 }
 178
 179 @end
 180
 181 #endif // __OBJC2__