[apple/security.git] / OSX / sec / SOSCircle / SecureObjectSync / SOSRingV0.c

//
//  SOSRingV0.c
//  sec
//
//  Created by Richard Murphy on 3/5/15.
//
//

#include "SOSRingV0.h"

#include <AssertMacros.h>

#include <Security/SecureObjectSync/SOSInternal.h>
#include <Security/SecureObjectSync/SOSPeerInfoInternal.h>
#include <Security/SecureObjectSync/SOSPeerInfoCollections.h>
#include <Security/SecureObjectSync/SOSCircle.h>
#include <Security/SecFramework.h>

#include <Security/SecKey.h>
#include <Security/SecKeyPriv.h>
#include <CoreFoundation/CoreFoundation.h>

#include <utilities/SecCFWrappers.h>

#include <stdlib.h>
#include <assert.h>

#include "SOSRingUtils.h"
#include "SOSRingTypes.h"

// MARK: V0 Ring Ops - same operation as V0 Circles

static SOSRingRef SOSRingCreate_V0(CFStringRef name, CFStringRef myPeerID, CFErrorRef *error) {
    SOSRingRef retval = NULL;
    retval = SOSRingCreate_Internal(name, 0, error);
    if(!retval) return NULL;
    SOSRingSetLastModifier(retval, myPeerID);
    return retval;
}

static bool SOSRingResetToEmpty_V0(SOSRingRef ring, CFStringRef myPeerID, CFErrorRef *error) {
    return SOSRingResetToEmpty_Internal(ring, error) && SOSRingSetLastModifier(ring, myPeerID);
}

static bool SOSRingResetToOffering_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
    CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
    SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
    bool retval = priv && myPeerID &&
    SOSRingResetToEmpty_Internal(ring, error) &&
    SOSRingAddPeerID(ring, myPeerID) &&
    SOSRingSetLastModifier(ring, myPeerID) &&
    SOSRingGenerationSign_Internal(ring, user_privkey, error);
    SOSRingConcordanceSign_Internal(ring, priv, error);
    CFReleaseNull(priv);
    return retval;
}

static SOSRingStatus SOSRingDeviceIsInRing_V0(SOSRingRef ring, CFStringRef peerID) {
    if(SOSRingHasPeerID(ring, peerID)) return kSOSRingMember;
    if(SOSRingHasApplicant(ring, peerID)) return kSOSRingApplicant;
    if(SOSRingHasRejection(ring, peerID)) return kSOSRingReject;
    return kSOSRingNotInRing;
}

static bool SOSRingApply_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
    bool retval = false;
    CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
    if(SOSRingDeviceIsInRing_V0(ring, myPeerID) == kSOSRingReject) SOSRingRemoveRejection(ring, myPeerID);
    require_action_quiet(SOSRingDeviceIsInRing_V0(ring, myPeerID) == kSOSRingNotInRing, errOut, secnotice("ring", "Already associated with ring"));
    retval = myPeerID &&
    SOSRingAddApplicant(ring, myPeerID) &&
    SOSRingSetLastModifier(ring, myPeerID);
errOut:
    return retval;
}

static bool SOSRingWithdraw_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
    CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
    SOSRingSetLastModifier(ring, myPeerID);
    if(SOSRingHasPeerID(ring, myPeerID)) {
        SOSRingRemovePeerID(ring, myPeerID);// Maybe we need a retired peerID list?
        SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
        SOSRingGenerationSign_Internal(ring, priv, error);
        if(user_privkey) SOSRingGenerationSign_Internal(ring, user_privkey, error);
        CFReleaseNull(priv);
    } else if(SOSRingHasApplicant(ring, myPeerID)) {
        SOSRingRemoveApplicant(ring, myPeerID);
    } else if(SOSRingHasRejection(ring, myPeerID)) {
        SOSRingRemoveRejection(ring, myPeerID);
    } else {
        SOSCreateError(kSOSErrorPeerNotFound, CFSTR("Not associated with Ring"), NULL, error);
        return false;
    }

    return true;
}

static bool SOSRingGenerationSign_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
    CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
    SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
    bool retval = priv && myPeerID &&
    SOSRingSetLastModifier(ring, myPeerID) &&
    SOSRingGenerationSign_Internal(ring, priv, error);
    if(user_privkey) SOSRingGenerationSign_Internal(ring, user_privkey, error);
    CFReleaseNull(priv);
    return retval;
}

static bool SOSRingConcordanceSign_V0(SOSRingRef ring, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
    CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
    SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
    bool retval = priv && myPeerID &&
    SOSRingSetLastModifier(ring, myPeerID) &&
    SOSRingConcordanceSign_Internal(ring, priv, error);
    CFReleaseNull(priv);
    return retval;
}


__unused static bool SOSRingSetPayload_V0(SOSRingRef ring, SecKeyRef user_privkey, CFDataRef payload, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
    CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
    SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
    bool retval = priv && myPeerID &&
    SOSRingSetLastModifier(ring, myPeerID) &&
    SOSRingSetPayload_Internal(ring, payload) &&
    SOSRingGenerationSign_Internal(ring, priv, error);
    if(user_privkey) SOSRingConcordanceSign_Internal(ring, user_privkey, error);
    CFReleaseNull(priv);
    return retval;
}

__unused static CFDataRef SOSRingGetPayload_V0(SOSRingRef ring, CFErrorRef *error) {
    return SOSRingGetPayload_Internal(ring);
}


ringFuncStruct basic = {
    "V0",
    1,
    SOSRingCreate_V0,
    SOSRingResetToEmpty_V0,
    SOSRingResetToOffering_V0,
    SOSRingDeviceIsInRing_V0,
    SOSRingApply_V0,
    SOSRingWithdraw_V0,
    SOSRingGenerationSign_V0,
    SOSRingConcordanceSign_V0,
    SOSRingUserKeyConcordanceTrust,
    NULL,
    NULL
};
Commit	Line	Data
5c19dc3a A	1	//
	2	// SOSRingV0.c
	3	// sec
	4	//
	5	// Created by Richard Murphy on 3/5/15.
	6	//
	7	//
	8
	9	#include "SOSRingV0.h"
	10
	11	#include <AssertMacros.h>
	12
	13	#include <Security/SecureObjectSync/SOSInternal.h>
	14	#include <Security/SecureObjectSync/SOSPeerInfoInternal.h>
	15	#include <Security/SecureObjectSync/SOSPeerInfoCollections.h>
	16	#include <Security/SecureObjectSync/SOSCircle.h>
	17	#include <Security/SecFramework.h>
	18
	19	#include <Security/SecKey.h>
	20	#include <Security/SecKeyPriv.h>
	21	#include <CoreFoundation/CoreFoundation.h>
	22
	23	#include <utilities/SecCFWrappers.h>
	24
	25	#include <stdlib.h>
	26	#include <assert.h>
	27
	28	#include "SOSRingUtils.h"
	29	#include "SOSRingTypes.h"
	30
	31	// MARK: V0 Ring Ops - same operation as V0 Circles
	32
	33	static SOSRingRef SOSRingCreate_V0(CFStringRef name, CFStringRef myPeerID, CFErrorRef *error) {
	34	SOSRingRef retval = NULL;
	35	retval = SOSRingCreate_Internal(name, 0, error);
	36	if(!retval) return NULL;
	37	SOSRingSetLastModifier(retval, myPeerID);
	38	return retval;
	39	}
	40
	41	static bool SOSRingResetToEmpty_V0(SOSRingRef ring, CFStringRef myPeerID, CFErrorRef *error) {
	42	return SOSRingResetToEmpty_Internal(ring, error) && SOSRingSetLastModifier(ring, myPeerID);
	43	}
	44
	45	static bool SOSRingResetToOffering_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
	46	CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
	47	SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
	48	bool retval = priv && myPeerID &&
	49	SOSRingResetToEmpty_Internal(ring, error) &&
	50	SOSRingAddPeerID(ring, myPeerID) &&
	51	SOSRingSetLastModifier(ring, myPeerID) &&
	52	SOSRingGenerationSign_Internal(ring, user_privkey, error);
	53	SOSRingConcordanceSign_Internal(ring, priv, error);
	54	CFReleaseNull(priv);
	55	return retval;
	56	}
	57
	58	static SOSRingStatus SOSRingDeviceIsInRing_V0(SOSRingRef ring, CFStringRef peerID) {
	59	if(SOSRingHasPeerID(ring, peerID)) return kSOSRingMember;
	60	if(SOSRingHasApplicant(ring, peerID)) return kSOSRingApplicant;
	61	if(SOSRingHasRejection(ring, peerID)) return kSOSRingReject;
	62	return kSOSRingNotInRing;
	63	}
	64
65	static bool SOSRingApply_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
66	bool retval = false;
67	CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
68	if(SOSRingDeviceIsInRing_V0(ring, myPeerID) == kSOSRingReject) SOSRingRemoveRejection(ring, myPeerID);
69	require_action_quiet(SOSRingDeviceIsInRing_V0(ring, myPeerID) == kSOSRingNotInRing, errOut, secnotice("ring", "Already associated with ring"));
70	retval = myPeerID &&
71	SOSRingAddApplicant(ring, myPeerID) &&
72	SOSRingSetLastModifier(ring, myPeerID);
73	errOut:
74	return retval;
75	}
76
77	static bool SOSRingWithdraw_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
78	CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
79	SOSRingSetLastModifier(ring, myPeerID);
80	if(SOSRingHasPeerID(ring, myPeerID)) {
81	SOSRingRemovePeerID(ring, myPeerID);// Maybe we need a retired peerID list?
82	SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
83	SOSRingGenerationSign_Internal(ring, priv, error);
84	if(user_privkey) SOSRingGenerationSign_Internal(ring, user_privkey, error);
85	CFReleaseNull(priv);
86	} else if(SOSRingHasApplicant(ring, myPeerID)) {
87	SOSRingRemoveApplicant(ring, myPeerID);
88	} else if(SOSRingHasRejection(ring, myPeerID)) {
89	SOSRingRemoveRejection(ring, myPeerID);
90	} else {
91	SOSCreateError(kSOSErrorPeerNotFound, CFSTR("Not associated with Ring"), NULL, error);
92	return false;
93	}
94
95	return true;
96	}
97
98	static bool SOSRingGenerationSign_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
99	CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
100	SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
101	bool retval = priv && myPeerID &&
102	SOSRingSetLastModifier(ring, myPeerID) &&
103	SOSRingGenerationSign_Internal(ring, priv, error);
104	if(user_privkey) SOSRingGenerationSign_Internal(ring, user_privkey, error);
105	CFReleaseNull(priv);
106	return retval;
107	}
108
109	static bool SOSRingConcordanceSign_V0(SOSRingRef ring, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
110	CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
111	SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
112	bool retval = priv && myPeerID &&
113	SOSRingSetLastModifier(ring, myPeerID) &&
114	SOSRingConcordanceSign_Internal(ring, priv, error);
115	CFReleaseNull(priv);
116	return retval;
117	}
118
119
120	__unused static bool SOSRingSetPayload_V0(SOSRingRef ring, SecKeyRef user_privkey, CFDataRef payload, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
121	CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
122	SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
123	bool retval = priv && myPeerID &&
124	SOSRingSetLastModifier(ring, myPeerID) &&
125	SOSRingSetPayload_Internal(ring, payload) &&
126	SOSRingGenerationSign_Internal(ring, priv, error);
127	if(user_privkey) SOSRingConcordanceSign_Internal(ring, user_privkey, error);
128	CFReleaseNull(priv);
129	return retval;
130	}
131
132	__unused static CFDataRef SOSRingGetPayload_V0(SOSRingRef ring, CFErrorRef *error) {
133	return SOSRingGetPayload_Internal(ring);
134	}
135
136
137	ringFuncStruct basic = {
138	"V0",
139	1,
140	SOSRingCreate_V0,
141	SOSRingResetToEmpty_V0,
142	SOSRingResetToOffering_V0,
143	SOSRingDeviceIsInRing_V0,
144	SOSRingApply_V0,
145	SOSRingWithdraw_V0,
146	SOSRingGenerationSign_V0,
147	SOSRingConcordanceSign_V0,
148	SOSRingUserKeyConcordanceTrust,
149	NULL,
150	NULL
151	};