projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| 5c19dc3a A |
1 | // |
| 2 | // SOSPeerInfoSecurityProperties.c | |
| 3 | // sec | |
| 4 | // | |
| 5 | // Created by Richard Murphy on 3/14/15. | |
| 6 | // | |
| 7 | // | |
| 8 | ||
| 9 | ||
| 10 | #include <AssertMacros.h> | |
| 11 | #include <TargetConditionals.h> | |
| 12 | ||
| 13 | #include "SOSPeerInfoSecurityProperties.h" | |
| 14 | #include <utilities/SecCFWrappers.h> | |
| 15 | #include <utilities/SecCFRelease.h> | |
| 16 | #include <utilities/SecCFError.h> | |
| 17 | #include <Security/SecureObjectSync/SOSInternal.h> | |
| 18 | ||
| 19 | #include <Security/SecureObjectSync/SOSPeerInfo.h> | |
| 20 | #include <Security/SecureObjectSync/SOSPeerInfoV2.h> | |
| 21 | #include <Security/SecureObjectSync/SOSPeerInfoPriv.h> | |
| 22 | #include <Security/SecureObjectSync/SOSCloudCircle.h> | |
| 23 | #include <Security/SecureObjectSync/SOSAccount.h> | |
| 24 | #include <Security/SecureObjectSync/SOSAccountPriv.h> | |
| 25 | ||
| 26 | CFStringRef secpropMemError = CFSTR("Failed to get memory for SecurityProperties in PeerInfo"); | |
| 27 | CFStringRef secpropUnknownError = CFSTR("Unknown Security Property(%@) (SOSSecurityPropertyResultCode=%d)"); | |
| 28 | CFStringRef secpropInvalidError = CFSTR("Peer is invalid for this security property(%@) (SOSSecurityPropertyResultCode=%d)"); | |
| 29 | ||
| 30 | const CFStringRef kSOSSecPropertyHasEntropy = CFSTR("SecPropEntropy"); | |
| 31 | const CFStringRef kSOSSecPropertyScreenLock = CFSTR("SecPropScreenLock"); | |
| 32 | const CFStringRef kSOSSecPropertySEP = CFSTR("SecPropSEP"); | |
| 33 | const CFStringRef kSOSSecPropertyIOS = CFSTR("SecPropIOS"); | |
| 34 | ||
| 35 | ||
| 36 | CFSetRef SOSSecurityPropertyGetAllCurrent(void) { | |
| 37 | static dispatch_once_t dot; | |
| 38 | static CFMutableSetRef allSecurityProperties = NULL; | |
| 39 | dispatch_once(&dot, ^{ | |
| 40 | allSecurityProperties = CFSetCreateMutable(NULL, 0, &kCFTypeSetCallBacks); | |
| 41 | CFSetAddValue(allSecurityProperties, kSOSSecPropertyHasEntropy); | |
| 42 | CFSetAddValue(allSecurityProperties, kSOSSecPropertyScreenLock); | |
| 43 | CFSetAddValue(allSecurityProperties, kSOSSecPropertySEP); | |
| 44 | CFSetAddValue(allSecurityProperties, kSOSSecPropertyIOS); | |
| 45 | }); | |
| 46 | return allSecurityProperties; | |
| 47 | } | |
| 48 | ||
| 49 | static bool SOSSecurityPropertyIsKnownProperty(CFStringRef secPropName) { | |
| 50 | CFSetRef allSecurityProperties = SOSSecurityPropertyGetAllCurrent(); | |
| 51 | if(CFSetContainsValue(allSecurityProperties, secPropName)) return true; | |
| 52 | secnotice("SecurityProperties","Not a known Security Property"); | |
| 53 | return false; | |
| 54 | } | |
| 55 | ||
| 56 | ||
| 57 | static CFMutableSetRef CFSetCreateMutableForSOSSecurityProperties(CFAllocatorRef allocator) { | |
| 58 | return CFSetCreateMutable(allocator, 0, &kCFTypeSetCallBacks); | |
| 59 | } | |
| 60 | ||
| 61 | CFMutableSetRef SOSPeerInfoCopySecurityProperty(SOSPeerInfoRef pi) { | |
| 62 | if (!SOSPeerInfoVersionHasV2Data(pi)) { | |
| 63 | return NULL; | |
| 64 | } else { | |
| 65 | CFMutableSetRef secproperty = (CFMutableSetRef)SOSPeerInfoV2DictionaryCopySet(pi, sSecurityPropertiesKey); | |
| 66 | if (!secproperty) | |
| 67 | secerror("%@ v2 peer has no security properties", SOSPeerInfoGetPeerID(pi)); | |
| 68 | return secproperty; | |
| 69 | } | |
| 70 | } | |
| 71 | ||
| 72 | static void SOSPeerInfoSetSecurityProperty(SOSPeerInfoRef pi, CFSetRef newproperties) { | |
| 73 | if(!newproperties) { | |
| 74 | secnotice("secproperty","Asked to swap to NULL Security Properties"); | |
| 75 | return; | |
| 76 | } | |
| 77 | SOSPeerInfoV2DictionarySetValue(pi, sSecurityPropertiesKey, newproperties); | |
| 78 | } | |
| 79 | ||
| 80 | static bool SOSPeerInfoSecurityPropertyIsValid(SOSPeerInfoRef pi, CFStringRef propertyname) { | |
| 81 | return true; | |
| 82 | } | |
| 83 | ||
| 84 | static bool secPropertyErrorReport(CFIndex errorCode, CFErrorRef *error, CFStringRef format, CFStringRef propertyname, int retval) { | |
| 85 | return SOSCreateErrorWithFormat(errorCode, NULL, error, NULL, format, propertyname, retval); | |
| 86 | } | |
| 87 | ||
| 88 | CFMutableSetRef SOSSecurityPropertiesCreateDefault(SOSPeerInfoRef pi, CFErrorRef *error) { | |
| 89 | return CFSetCreateMutableForSOSSecurityProperties(NULL); | |
| 90 | } | |
| 91 | ||
| 92 | SOSSecurityPropertyResultCode SOSSecurityPropertyEnable(SOSPeerInfoRef pi, CFStringRef propertyname, CFErrorRef *error) { | |
| 93 | SOSSecurityPropertyResultCode retval = kSOSCCGeneralSecurityPropertyError; | |
| 94 | ||
| 95 | CFMutableSetRef newSecurityProperties = SOSPeerInfoCopySecurityProperty(pi); | |
| 96 | require_action_quiet(newSecurityProperties, fail, | |
| 97 | SOSCreateError(kSOSErrorAllocationFailure, secpropMemError, NULL, error)); | |
| 98 | require_action_quiet(SOSSecurityPropertyIsKnownProperty(propertyname), fail, | |
| 99 | secPropertyErrorReport(kSOSErrorNameMismatch, error, secpropUnknownError, propertyname, retval = kSOSCCNoSuchSecurityProperty)); | |
| 100 | require_action_quiet(SOSPeerInfoSecurityPropertyIsValid(pi, propertyname), fail, | |
| 101 | secPropertyErrorReport(kSOSErrorNameMismatch, error, secpropInvalidError, propertyname, retval = kSOSCCSecurityPropertyNotQualified)); | |
| 102 | CFSetAddValue(newSecurityProperties, propertyname); | |
| 103 | SOSPeerInfoSetSecurityProperty(pi, newSecurityProperties); | |
| 104 | CFReleaseSafe(newSecurityProperties); | |
| 105 | return kSOSCCSecurityPropertyValid; | |
| 106 | ||
| 107 | fail: | |
| 108 | CFReleaseNull(newSecurityProperties); | |
| 109 | secnotice("SecurityProperties","Failed to enable Security Property(%@): %@", propertyname, *error); | |
| 110 | return retval; | |
| 111 | } | |
| 112 | ||
| 113 | SOSSecurityPropertyResultCode SOSSecurityPropertyDisable(SOSPeerInfoRef pi, CFStringRef propertyname, CFErrorRef *error) { | |
| 114 | SOSSecurityPropertyResultCode retval = kSOSCCGeneralSecurityPropertyError; | |
| 115 | CFMutableSetRef newSecurityProperties = SOSPeerInfoCopySecurityProperty(pi); | |
| 116 | require_action_quiet(newSecurityProperties, fail, | |
| 117 | SOSCreateError(kSOSErrorAllocationFailure, secpropMemError, NULL, error)); | |
| 118 | require_action_quiet(SOSSecurityPropertyIsKnownProperty(propertyname), fail, | |
| 119 | secPropertyErrorReport(kSOSErrorNameMismatch, error, secpropUnknownError, propertyname, retval = kSOSCCNoSuchSecurityProperty)); | |
| 120 | ||
| 121 | CFSetRemoveValue(newSecurityProperties, propertyname); | |
| 122 | SOSPeerInfoSetSecurityProperty(pi, newSecurityProperties); | |
| 123 | CFReleaseSafe(newSecurityProperties); | |
| 124 | return kSOSCCSecurityPropertyNotValid; | |
| 125 | ||
| 126 | fail: | |
| 127 | CFReleaseNull(newSecurityProperties); | |
| 128 | secnotice("SecurityProperties","Failed to disable Security Property(%@): %@", propertyname, *error); | |
| 129 | return retval; | |
| 130 | } | |
| 131 | ||
| 132 | SOSSecurityPropertyResultCode SOSSecurityPropertyQuery(SOSPeerInfoRef pi, CFStringRef propertyname, CFErrorRef *error) { | |
| 133 | SOSSecurityPropertyResultCode retval = kSOSCCNoSuchSecurityProperty; | |
| 134 | secnotice("SecurityProperties", "Querying %@", propertyname); | |
| 135 | require_action_quiet(SOSSecurityPropertyIsKnownProperty(propertyname), fail, | |
| 136 | SOSCreateError(kSOSErrorNameMismatch, secpropUnknownError, NULL, error)); | |
| 137 | CFMutableSetRef secproperty = SOSPeerInfoCopySecurityProperty(pi); | |
| 138 | if(!secproperty) return kSOSCCSecurityPropertyNotValid; | |
| 139 | retval = (CFSetContainsValue(secproperty, propertyname)) ? kSOSCCSecurityPropertyValid: kSOSCCSecurityPropertyNotValid; | |
| 140 | CFReleaseNull(secproperty); | |
| 141 | ||
| 142 | fail: | |
| 143 | secnotice("SecurityProperties","Failed to query Security Property(%@): %@", propertyname, *error); | |
| 144 | return retval; | |
| 145 | } | |
| 146 |