[apple/security.git] / keychain / KeychainStasher / KeychainStasher.m

#import <xpc/private.h>

#import "utilities/debugging.h"
#import <Security/SecItemPriv.h>
#import "LocalKeychainAnalytics.h"

#import "KeychainStasher.h"

NSString* const kApplicationIdentifier = @"com.apple.security.KeychainStasher";

@implementation KeychainStasher

- (NSError*)errorWithStatus:(OSStatus)status message:(NSString*)format, ... NS_FORMAT_FUNCTION(2, 3)
{
    if (status == errSecSuccess) {
        return nil;
    }

    NSString* desc;
    if (format) {
        va_list ap;
        va_start(ap, format);
        desc = [[NSString alloc] initWithFormat:format arguments:ap];
        va_end(ap);
    }
    return [NSError errorWithDomain:NSOSStatusErrorDomain
                               code:status
                           userInfo:desc ? @{NSLocalizedDescriptionKey : desc} : nil];
}

- (NSMutableDictionary*)baseQuery {
    return [@{
        (id)kSecUseDataProtectionKeychain : @YES,
        (id)kSecAttrAccessible : (id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
        // Prevents backups in case this ever comes to the Mac, prevents sync
        (id)kSecAttrSysBound : @(kSecSecAttrSysBoundPreserveDuringRestore),
        // Belt-and-suspenders prohibition on syncing
        (id)kSecAttrSynchronizable : @NO,
        (id)kSecClass : (id)kSecClassKey,
        (id)kSecAttrApplicationLabel : @"loginstash",
        // This is the default, but just making sure
        (id)kSecAttrAccessGroup : kApplicationIdentifier,
    } mutableCopy];
}

- (void)stashKey:(NSData*)key withReply:(void (^)(NSError*))reply {
    secnotice("stashkey", "Will attempt to stash key");
    if (!key || key.length == 0) {
        reply([self errorWithStatus:errSecParam message:@"nil or empty key passed"]);
        return;
    }

    NSMutableDictionary* query = [self baseQuery];
    query[(id)kSecValueData] = key;

    OSStatus status = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
    secnotice("stashkey", "SecItemAdd result: %ld", (long)status);

    if (status == errSecDuplicateItem) {
        [[LocalKeychainAnalytics logger] logResultForEvent:LKAEventStash hardFailure:NO result:[self errorWithStatus:status message:nil]];
        query[(id)kSecValueData] = nil;
        NSDictionary* update = @{(id)kSecValueData : key};
        status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)update);
        secnotice("stashkey", "SecItemUpdate result: %ld", (long)status);
    }

    [[LocalKeychainAnalytics logger] logResultForEvent:LKAEventStash hardFailure:YES result:[self errorWithStatus:status message:nil]];
    if (status == errSecSuccess) {
        reply(nil);
    } else {
        reply([self errorWithStatus:status message:@"Stash failed with keychain error"]);
    }
}

- (void)loadKeyWithReply:(void (^)(NSData*, NSError*))reply {
    secnotice("KeychainStasher", "Will attempt to retrieve stashed key");

    NSMutableDictionary* query = [self baseQuery];
    query[(id)kSecReturnData] = @YES;

    CFTypeRef object = NULL;
    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &object);

    if (status != errSecSuccess) {
        if (status == errSecItemNotFound) {
            reply(nil, [self errorWithStatus:status message:@"No stashed key found"]);
        } else {
            reply(nil, [self errorWithStatus:status message:@"Keychain error"]);
        }
        [[LocalKeychainAnalytics logger] logResultForEvent:LKAEventStashLoad hardFailure:YES result:[self errorWithStatus:status message:nil]];
        return;
    }

    NSData* key;
    if (!object || CFGetTypeID(object) != CFDataGetTypeID() || !(key = CFBridgingRelease(object))) {
        reply(nil, [self errorWithStatus:errSecInternalError
                                 message:@"No or bad object: %d / %lu / %d",
                                         object != NULL, object ? CFGetTypeID(object) : 0, key != nil]);
        [[LocalKeychainAnalytics logger] logResultForEvent:LKAEventStashLoad
                                               hardFailure:YES
                                                    result:[self errorWithStatus:errSecInternalError message:nil]];
        return;
    }

    // Caller does not need to wait for our delete
    reply(key, nil);

    query[(id)kSecReturnData] = nil;
    status = SecItemDelete((__bridge CFDictionaryRef)query);
    if (status != errSecSuccess) {
        seccritical("Unable to delete masterkey after load: %d", (int)status);
    }
    [[LocalKeychainAnalytics logger] logResultForEvent:LKAEventStashLoad hardFailure:NO result:[self errorWithStatus:status message:nil]];
}

@end
Commit	Line	Data
d64be36e A	1	#import <xpc/private.h>
	2
	3	#import "utilities/debugging.h"
	4	#import <Security/SecItemPriv.h>
	5	#import "LocalKeychainAnalytics.h"
	6
	7	#import "KeychainStasher.h"
	8
	9	NSString* const kApplicationIdentifier = @"com.apple.security.KeychainStasher";
	10
	11	@implementation KeychainStasher
	12
	13	- (NSError)errorWithStatus:(OSStatus)status message:(NSString)format, ... NS_FORMAT_FUNCTION(2, 3)
	14	{
	15	if (status == errSecSuccess) {
	16	return nil;
	17	}
	18
	19	NSString* desc;
	20	if (format) {
	21	va_list ap;
	22	va_start(ap, format);
	23	desc = [[NSString alloc] initWithFormat:format arguments:ap];
	24	va_end(ap);
	25	}
	26	return [NSError errorWithDomain:NSOSStatusErrorDomain
	27	code:status
	28	userInfo:desc ? @{NSLocalizedDescriptionKey : desc} : nil];
	29	}
	30
	31	- (NSMutableDictionary*)baseQuery {
	32	return [@{
	33	(id)kSecUseDataProtectionKeychain : @YES,
	34	(id)kSecAttrAccessible : (id)kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
	35	// Prevents backups in case this ever comes to the Mac, prevents sync
	36	(id)kSecAttrSysBound : @(kSecSecAttrSysBoundPreserveDuringRestore),
	37	// Belt-and-suspenders prohibition on syncing
	38	(id)kSecAttrSynchronizable : @NO,
	39	(id)kSecClass : (id)kSecClassKey,
	40	(id)kSecAttrApplicationLabel : @"loginstash",
	41	// This is the default, but just making sure
	42	(id)kSecAttrAccessGroup : kApplicationIdentifier,
	43	} mutableCopy];
	44	}
	45
	46	- (void)stashKey:(NSData)key withReply:(void (^)(NSError))reply {
	47	secnotice("stashkey", "Will attempt to stash key");
	48	if (!key \|\| key.length == 0) {
	49	reply([self errorWithStatus:errSecParam message:@"nil or empty key passed"]);
	50	return;
	51	}
	52
	53	NSMutableDictionary* query = [self baseQuery];
	54	query[(id)kSecValueData] = key;
	55
	56	OSStatus status = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
	57	secnotice("stashkey", "SecItemAdd result: %ld", (long)status);
	58
	59	if (status == errSecDuplicateItem) {
	60	[[LocalKeychainAnalytics logger] logResultForEvent:LKAEventStash hardFailure:NO result:[self errorWithStatus:status message:nil]];
	61	query[(id)kSecValueData] = nil;
	62	NSDictionary* update = @{(id)kSecValueData : key};
	63	status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)update);
	64	secnotice("stashkey", "SecItemUpdate result: %ld", (long)status);
65	}
66
67	[[LocalKeychainAnalytics logger] logResultForEvent:LKAEventStash hardFailure:YES result:[self errorWithStatus:status message:nil]];
68	if (status == errSecSuccess) {
69	reply(nil);
70	} else {
71	reply([self errorWithStatus:status message:@"Stash failed with keychain error"]);
72	}
73	}
74
75	- (void)loadKeyWithReply:(void (^)(NSData, NSError))reply {
76	secnotice("KeychainStasher", "Will attempt to retrieve stashed key");
77
78	NSMutableDictionary* query = [self baseQuery];
79	query[(id)kSecReturnData] = @YES;
80
81	CFTypeRef object = NULL;
82	OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &object);
83
84	if (status != errSecSuccess) {
85	if (status == errSecItemNotFound) {
86	reply(nil, [self errorWithStatus:status message:@"No stashed key found"]);
87	} else {
88	reply(nil, [self errorWithStatus:status message:@"Keychain error"]);
89	}
90	[[LocalKeychainAnalytics logger] logResultForEvent:LKAEventStashLoad hardFailure:YES result:[self errorWithStatus:status message:nil]];
91	return;
92	}
93
94	NSData* key;
95	if (!object \|\| CFGetTypeID(object) != CFDataGetTypeID() \|\| !(key = CFBridgingRelease(object))) {
96	reply(nil, [self errorWithStatus:errSecInternalError
97	message:@"No or bad object: %d / %lu / %d",
98	object != NULL, object ? CFGetTypeID(object) : 0, key != nil]);
99	[[LocalKeychainAnalytics logger] logResultForEvent:LKAEventStashLoad
100	hardFailure:YES
101	result:[self errorWithStatus:errSecInternalError message:nil]];
102	return;
103	}
104
105	// Caller does not need to wait for our delete
106	reply(key, nil);
107
108	query[(id)kSecReturnData] = nil;
109	status = SecItemDelete((__bridge CFDictionaryRef)query);
110	if (status != errSecSuccess) {
111	seccritical("Unable to delete masterkey after load: %d", (int)status);
112	}
113	[[LocalKeychainAnalytics logger] logResultForEvent:LKAEventStashLoad hardFailure:NO result:[self errorWithStatus:status message:nil]];
114	}
115
116	@end