2 * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 #include "SOSAccountPriv.h"
27 #include "SOSPeerInfoCollections.h"
28 #include "SOSTransport.h"
31 // MARK: User Credential management
34 void SOSAccountSetPreviousPublic(SOSAccountRef account
) {
35 CFReleaseNull(account
->previous_public
);
36 account
->previous_public
= account
->user_public
;
37 CFRetain(account
->previous_public
);
40 static void SOSAccountRemoveInvalidApplications(SOSAccountRef account
, SOSCircleRef circle
)
42 CFMutableSetRef peersToRemove
= CFSetCreateMutableForSOSPeerInfosByID(kCFAllocatorDefault
);
43 SOSCircleForEachApplicant(circle
, ^(SOSPeerInfoRef peer
) {
44 if (!SOSPeerInfoApplicationVerify(peer
, account
->user_public
, NULL
))
45 CFSetAddValue(peersToRemove
, peer
);
48 CFSetForEach(peersToRemove
, ^(const void *value
) {
49 SOSPeerInfoRef peer
= (SOSPeerInfoRef
) value
;
51 SOSCircleWithdrawRequest(circle
, peer
, NULL
);
55 static void SOSAccountGenerationSignatureUpdateWith(SOSAccountRef account
, SecKeyRef privKey
) {
56 if (account
->trusted_circle
&& account
->my_identity
&&
57 SOSCircleHasPeer(account
->trusted_circle
, SOSFullPeerInfoGetPeerInfo(account
->my_identity
), NULL
) &&
58 !SOSCircleVerify(account
->trusted_circle
, account
->user_public
, NULL
)) {
59 SOSAccountModifyCircle(account
, NULL
, ^(SOSCircleRef circle
) {
60 SOSAccountRemoveInvalidApplications(account
, circle
); // We might be updating our signatures so remove, but don't reject applicants
62 SOSFullPeerInfoRef cloud_fpi
= SOSCircleCopyiCloudFullPeerInfoRef(circle
, NULL
);
63 require_quiet(cloud_fpi
!= NULL
, gen_sign
);
64 require_quiet(SOSFullPeerInfoUpgradeSignatures(cloud_fpi
, privKey
, NULL
), gen_sign
);
65 if(!SOSCircleUpdatePeerInfo(circle
, SOSFullPeerInfoGetPeerInfo(cloud_fpi
))) {
67 gen_sign
: // finally generation sign this.
68 SOSCircleGenerationUpdate(circle
, privKey
, account
->my_identity
, NULL
);
69 account
->departure_code
= kSOSNeverLeftCircle
;
75 bool SOSAccountGenerationSignatureUpdate(SOSAccountRef account
, CFErrorRef
*error
) {
77 SecKeyRef priv_key
= SOSAccountGetPrivateCredential(account
, error
);
78 require_quiet(priv_key
, bail
);
80 SOSAccountGenerationSignatureUpdateWith(account
, priv_key
);
87 /* this one is meant to be local - not published over KVS. */
88 static bool SOSAccountPeerSignatureUpdate(SOSAccountRef account
, SecKeyRef privKey
, CFErrorRef
*error
) {
89 return account
->my_identity
&& SOSFullPeerInfoUpgradeSignatures(account
->my_identity
, privKey
, error
);
93 void SOSAccountPurgePrivateCredential(SOSAccountRef account
)
95 CFReleaseNull(account
->_user_private
);
96 CFReleaseNull(account
->_password_tmp
);
97 if (account
->user_private_timer
) {
98 dispatch_source_cancel(account
->user_private_timer
);
99 dispatch_release(account
->user_private_timer
);
100 account
->user_private_timer
= NULL
;
101 xpc_transaction_end();
103 if (account
->lock_notification_token
) {
104 notify_cancel(account
->lock_notification_token
);
105 account
->lock_notification_token
= 0;
110 static void SOSAccountSetTrustedUserPublicKey(SOSAccountRef account
, bool public_was_trusted
, SecKeyRef privKey
)
112 if (!privKey
) return;
113 SecKeyRef publicKey
= SecKeyCreatePublicFromPrivate(privKey
);
115 if (account
->user_public
&& account
->user_public_trusted
&& CFEqual(publicKey
, account
->user_public
)) return;
117 if(public_was_trusted
&& account
->user_public
) {
118 CFReleaseNull(account
->previous_public
);
119 account
->previous_public
= account
->user_public
;
120 CFRetain(account
->previous_public
);
123 CFReleaseNull(account
->user_public
);
124 account
->user_public
= publicKey
;
125 account
->user_public_trusted
= true;
127 if(!account
->previous_public
) {
128 account
->previous_public
= account
->user_public
;
129 CFRetain(account
->previous_public
);
132 secnotice("keygen", "trusting new public key: %@", account
->user_public
);
135 void SOSAccountSetUnTrustedUserPublicKey(SOSAccountRef account
, SecKeyRef publicKey
) {
136 if(account
->user_public_trusted
&& account
->user_public
) {
137 secnotice("keygen", "Moving : %@ to previous_public", account
->user_public
);
138 CFRetainAssign(account
->previous_public
, account
->user_public
);
141 CFReleaseNull(account
->user_public
);
142 account
->user_public
= publicKey
;
143 account
->user_public_trusted
= false;
145 if(!account
->previous_public
) {
146 CFRetainAssign(account
->previous_public
, account
->user_public
);
149 secnotice("keygen", "not trusting new public key: %@", account
->user_public
);
153 static void SOSAccountSetPrivateCredential(SOSAccountRef account
, SecKeyRef
private, CFDataRef password
) {
155 return SOSAccountPurgePrivateCredential(account
);
158 CFReleaseSafe(account
->_user_private
);
159 account
->_user_private
= private;
160 CFReleaseSafe(account
->_password_tmp
);
161 account
->_password_tmp
= CFDataCreateCopy(kCFAllocatorDefault
, password
);
163 bool resume_timer
= false;
164 if (!account
->user_private_timer
) {
165 xpc_transaction_begin();
167 account
->user_private_timer
= dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER
, 0, 0, account
->queue
);
168 dispatch_source_set_event_handler(account
->user_private_timer
, ^{
169 SOSAccountPurgePrivateCredential(account
);
172 notify_register_dispatch(kUserKeybagStateChangeNotification
, &account
->lock_notification_token
, account
->queue
, ^(int token
) {
174 CFErrorRef lockCheckError
= NULL
;
176 if (!SecAKSGetIsLocked(&locked
, &lockCheckError
)) {
177 secerror("Checking for locked after change failed: %@", lockCheckError
);
181 SOSAccountPurgePrivateCredential(account
);
186 // (Re)set the timer's fire time to now + 120 seconds with a 5 second fuzz factor.
187 dispatch_time_t purgeTime
= dispatch_time(DISPATCH_TIME_NOW
, (int64_t)(10 * 60 * NSEC_PER_SEC
));
188 dispatch_source_set_timer(account
->user_private_timer
, purgeTime
, DISPATCH_TIME_FOREVER
, (int64_t)(5 * NSEC_PER_SEC
));
190 dispatch_resume(account
->user_private_timer
);
193 SecKeyRef
SOSAccountGetPrivateCredential(SOSAccountRef account
, CFErrorRef
* error
)
195 if (account
->_user_private
== NULL
) {
196 SOSCreateError(kSOSErrorPrivateKeyAbsent
, CFSTR("Private Key not available - failed to prompt user recently"), NULL
, error
);
198 return account
->_user_private
;
201 CFDataRef
SOSAccountGetCachedPassword(SOSAccountRef account
, CFErrorRef
* error
)
203 if (account
->_password_tmp
== NULL
) {
204 secnotice("keygen", "Password cache expired");
206 return account
->_password_tmp
;
210 bool SOSAccountHasPublicKey(SOSAccountRef account
, CFErrorRef
* error
)
212 if (account
->user_public
== NULL
|| account
->user_public_trusted
== false) {
213 SOSCreateError(kSOSErrorPublicKeyAbsent
, CFSTR("Public Key not available - failed to register before call"), NULL
, error
);
220 static void sosAccountSetTrustedCredentials(SOSAccountRef account
, CFDataRef user_password
, SecKeyRef user_private
, bool public_was_trusted
) {
221 (void) SOSAccountPeerSignatureUpdate(account
, user_private
, NULL
);
222 SOSAccountSetTrustedUserPublicKey(account
, public_was_trusted
, user_private
);
223 SOSAccountSetPrivateCredential(account
, user_private
, user_password
);
226 static bool sosAccountValidatePasswordOrFail(SOSAccountRef account
, CFDataRef user_password
, CFErrorRef
*error
) {
227 bool public_was_trusted
= account
->user_public_trusted
;
228 account
->user_public_trusted
= false;
229 SecKeyRef user_private
= NULL
;
231 if (account
->user_public
&& account
->user_key_parameters
) {
232 // We have an untrusted public key – see if our generation makes the same key:
233 // if so we trust it and we have the private key.
234 // if not we still don't trust it.
235 require_quiet(user_private
= SOSUserKeygen(user_password
, account
->user_key_parameters
, error
), errOut
);
236 SecKeyRef public_candidate
= SecKeyCreatePublicFromPrivate(user_private
);
238 if (!CFEqualSafe(account
->user_public
, public_candidate
)) { // We don't trust the account->user_public
239 secnotice("keygen", "Public keys don't match: expected: %@, calculated: %@", account
->user_public
, public_candidate
);
240 debugDumpUserParameters(CFSTR("params"), account
->user_key_parameters
);
241 } else { // We trust the account->user_public
242 sosAccountSetTrustedCredentials(account
, user_password
, user_private
, public_was_trusted
);
244 CFReleaseNull(user_private
);
245 CFReleaseSafe(public_candidate
);
248 return account
->user_public_trusted
;
251 bool SOSAccountAssertUserCredentials(SOSAccountRef account
, CFStringRef user_account __unused
, CFDataRef user_password
, CFErrorRef
*error
)
253 bool public_was_trusted
= account
->user_public_trusted
;
254 account
->user_public_trusted
= false;
255 SecKeyRef user_private
= NULL
;
257 if (!sosAccountValidatePasswordOrFail(account
, user_password
, error
)) {
258 // We may or may not have parameters here.
259 // In any case we tried using them and they didn't match
260 // So forget all that and start again, assume we're the first to push anything useful.
262 if (CFDataGetLength(user_password
) > 20) {
263 secwarning("Long password (>20 byte utf8) being used to derive account key – this may be a PET by mistake!!");
266 CFReleaseNull(account
->user_key_parameters
);
267 account
->user_key_parameters
= SOSUserKeyCreateGenerateParameters(error
);
268 require_quiet(user_private
= SOSUserKeygen(user_password
, account
->user_key_parameters
, error
), errOut
);
270 sosAccountSetTrustedCredentials(account
, user_password
, user_private
, public_was_trusted
);
272 CFErrorRef publishError
= NULL
;
273 if (!SOSAccountPublishCloudParameters(account
, &publishError
))
274 secerror("Failed to publish new cloud parameters: %@", publishError
);
276 CFReleaseSafe(publishError
);
280 SOSUpdateKeyInterest();
282 CFReleaseSafe(user_private
);
284 return account
->user_public_trusted
;
288 bool SOSAccountTryUserCredentials(SOSAccountRef account
, CFStringRef user_account __unused
, CFDataRef user_password
, CFErrorRef
*error
)
290 bool success
= false;
292 if (!SOSAccountHasPublicKey(account
, error
))
295 if (account
->user_key_parameters
) {
296 SecKeyRef new_key
= SOSUserKeygen(user_password
, account
->user_key_parameters
, error
);
298 SecKeyRef new_public_key
= SecKeyCreatePublicFromPrivate(new_key
);
300 if (CFEqualSafe(new_public_key
, account
->user_public
)) {
301 SOSAccountSetPrivateCredential(account
, new_key
, user_password
);
304 SOSCreateError(kSOSErrorWrongPassword
, CFSTR("Password passed in incorrect: ▇█████▇▇██"), NULL
, error
);
306 CFReleaseSafe(new_public_key
);
307 CFReleaseSafe(new_key
);
310 SOSCreateError(kSOSErrorProcessingFailure
, CFSTR("Have public key but no parameters??"), NULL
, error
);
316 bool SOSAccountRetryUserCredentials(SOSAccountRef account
) {
317 CFDataRef cached_password
= SOSAccountGetCachedPassword(account
, NULL
);
318 return (cached_password
!= NULL
) && sosAccountValidatePasswordOrFail(account
, cached_password
, NULL
);