]> git.saurik.com Git - apple/security.git/blob - OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-58286.31.2.tar.gz
[apple/security.git] / OSX / sec / SOSCircle / SecureObjectSync / SOSTransportMessageIDS.m
1 //
2 // SOSTransportMessageIDS.c
3 // sec
4 //
5 //
6 #include <Security/SecBasePriv.h>
7 #include <Security/SecureObjectSync/SOSTransport.h>
8 #import <Security/SecureObjectSync/SOSTransportMessage.h>
9 #import <Security/SecureObjectSync/SOSAccountPriv.h>
10 #include <Security/SecureObjectSync/SOSKVSKeys.h>
11 #include <Security/SecureObjectSync/SOSPeerInfoV2.h>
12
13 #include <SOSCloudCircleServer.h>
14 #include <Security/SecureObjectSync/SOSAccountPriv.h>
15 #include <Security/SecureObjectSync/SOSTransportMessageIDS.h>
16
17 #include <utilities/SecCFWrappers.h>
18 #include <SOSInternal.h>
19 #include <AssertMacros.h>
20
21 #include <SOSCircle/CKBridge/SOSCloudKeychainClient.h>
22 #include <SOSCircle/CKBridge/SOSCloudKeychainConstants.h>
23 #include <Security/SecureObjectSync/SOSInternal.h>
24 #include <utilities/SecADWrapper.h>
25 #import "Security/SecureObjectSync/SOSAccountTrustClassic.h"
26
27 #define IDS "IDS transport"
28
29 @implementation SOSMessageIDS
30
31 @synthesize useFragmentation = useFragmentation;
32
33 -(CFIndex) SOSTransportMessageGetTransportType
34 {
35 return kIDS;
36 }
37
38 -(void) SOSTransportMessageIDSSetFragmentationPreference:(SOSMessageIDS*) transport pref:(CFBooleanRef) preference
39 {
40 useFragmentation = preference;
41 }
42
43 -(CFBooleanRef) SOSTransportMessageIDSGetFragmentationPreference:(SOSMessageIDS*) transport
44 {
45 return useFragmentation;
46 }
47
48 -(id) initWithAcount:(SOSAccount*)acct circleName:(CFStringRef)name
49 {
50 self = [super init];
51
52 if (self) {
53 self.useFragmentation = kCFBooleanTrue;
54 self.account = acct;
55 self.circleName = [[NSString alloc]initWithString:(__bridge NSString*)name];
56 [self SOSTransportMessageIDSGetIDSDeviceID:account];
57 SOSRegisterTransportMessage((SOSMessage*)self);
58 }
59
60 return self;
61 }
62
63 -(CFDictionaryRef) CF_RETURNS_RETAINED SOSTransportMessageHandlePeerMessageReturnsHandledCopy:(SOSMessage*) transport peerMessages:(CFMutableDictionaryRef) circle_peer_messages_table err:(CFErrorRef *)error
64 {
65 return CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
66 }
67
68 static HandleIDSMessageReason checkMessageValidity(SOSAccount* account, CFStringRef fromDeviceID, CFStringRef fromPeerID, CFStringRef *peerID, SOSPeerInfoRef *theirPeerInfo){
69 SOSAccountTrustClassic *trust = account.trust;
70 __block HandleIDSMessageReason reason = kHandleIDSMessageDontHandle;
71
72 SOSCircleForEachPeer(trust.trustedCircle, ^(SOSPeerInfoRef peer) {
73 CFStringRef deviceID = SOSPeerInfoCopyDeviceID(peer);
74 CFStringRef pID = SOSPeerInfoGetPeerID(peer);
75
76 if( deviceID && pID && fromPeerID && fromDeviceID && CFStringGetLength(fromPeerID) != 0 ){
77 if(CFStringCompare(pID, fromPeerID, 0) == 0){
78 if(CFStringGetLength(deviceID) == 0){
79 secnotice("ids transport", "device ID was empty in the peer list, holding on to message");
80 CFReleaseNull(deviceID);
81 reason = kHandleIDSMessageNotReady;
82 return;
83 }
84 else if(CFStringCompare(fromDeviceID, deviceID, 0) != 0){ //IDSids do not match, ghost
85 reason = kHandleIDSmessageDeviceIDMismatch;
86 CFReleaseNull(deviceID);
87 return;
88 }
89 else if(CFStringCompare(deviceID, fromDeviceID, 0) == 0){
90 *peerID = pID;
91 *theirPeerInfo = peer;
92 CFReleaseNull(deviceID);
93 reason = kHandleIDSMessageSuccess;
94 return;
95 }
96 }
97 }
98 CFReleaseNull(deviceID);
99 });
100
101 return reason;
102 }
103
104 -(HandleIDSMessageReason) SOSTransportMessageIDSHandleMessage:(SOSAccount*)acct m:(CFDictionaryRef) message err:(CFErrorRef *)error
105 {
106 secnotice("IDS Transport", "SOSTransportMessageIDSHandleMessage!");
107
108 CFStringRef dataKey = CFStringCreateWithCString(kCFAllocatorDefault, kMessageKeyIDSDataMessage, kCFStringEncodingASCII);
109 CFStringRef deviceIDKey = CFStringCreateWithCString(kCFAllocatorDefault, kMessageKeyDeviceID, kCFStringEncodingASCII);
110 CFStringRef sendersPeerIDKey = CFStringCreateWithCString(kCFAllocatorDefault, kMessageKeySendersPeerID, kCFStringEncodingASCII);
111 CFStringRef ourPeerIdKey = CFStringCreateWithCString(kCFAllocatorDefault, kMessageKeyPeerID, kCFStringEncodingASCII);
112
113 HandleIDSMessageReason result = kHandleIDSMessageSuccess;
114
115 CFDataRef messageData = asData(CFDictionaryGetValue(message, dataKey), NULL);
116 __block CFStringRef fromDeviceID = asString(CFDictionaryGetValue(message, deviceIDKey), NULL);
117 __block CFStringRef fromPeerID = (CFStringRef)CFDictionaryGetValue(message, sendersPeerIDKey);
118 CFStringRef ourPeerID = asString(CFDictionaryGetValue(message, ourPeerIdKey), NULL);
119
120 CFStringRef peerID = NULL;
121 SOSPeerInfoRef theirPeer = NULL;
122
123 require_action_quiet(fromDeviceID, exit, result = kHandleIDSMessageDontHandle);
124 require_action_quiet(fromPeerID, exit, result = kHandleIDSMessageDontHandle);
125 require_action_quiet(messageData && CFDataGetLength(messageData) != 0, exit, result = kHandleIDSMessageDontHandle);
126 require_action_quiet(SOSAccountHasFullPeerInfo(account, error), exit, result = kHandleIDSMessageNotReady);
127 require_action_quiet(ourPeerID && [account.peerID isEqual: (__bridge NSString*) ourPeerID], exit, result = kHandleIDSMessageDontHandle; secnotice("IDS Transport","ignoring message for: %@", ourPeerID));
128
129 require_quiet((result = checkMessageValidity( account, fromDeviceID, fromPeerID, &peerID, &theirPeer)) == kHandleIDSMessageSuccess, exit);
130
131 if ([account.ids_message_transport SOSTransportMessageHandlePeerMessage:account.ids_message_transport id:peerID cm:messageData err:error]) {
132 CFMutableDictionaryRef peersToSyncWith = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
133 CFMutableSetRef peerIDs = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
134 CFSetAddValue(peerIDs, peerID);
135 SOSAccountTrustClassic* trust = account.trust;
136 //sync using fragmentation?
137 if(SOSPeerInfoShouldUseIDSMessageFragmentation(trust.peerInfo, theirPeer)){
138 //set useFragmentation bit
139 [account.ids_message_transport SOSTransportMessageIDSSetFragmentationPreference:account.ids_message_transport pref: kCFBooleanTrue];
140 }
141 else{
142 [account.ids_message_transport SOSTransportMessageIDSSetFragmentationPreference:account.ids_message_transport pref: kCFBooleanFalse];
143 }
144
145 if(![account.ids_message_transport SOSTransportMessageSyncWithPeers:account.ids_message_transport p:peerIDs err:error]){
146 secerror("SOSTransportMessageIDSHandleMessage Could not sync with all peers: %@", *error);
147 }else{
148 secnotice("IDS Transport", "Synced with all peers!");
149 }
150
151 CFReleaseNull(peersToSyncWith);
152 CFReleaseNull(peerIDs);
153 }else{
154 if(error && *error != NULL){
155 CFStringRef errorMessage = CFErrorCopyDescription(*error);
156 if (-25308 == CFErrorGetCode(*error)) { // tell KeychainSyncingOverIDSProxy to call us back when device unlocks
157 result = kHandleIDSMessageLocked;
158 }else{ //else drop it, couldn't handle the message
159 result = kHandleIDSMessageDontHandle;
160 }
161 secerror("IDS Transport Could not handle message: %@, %@", messageData, *error);
162 CFReleaseNull(errorMessage);
163
164 }
165 else{ //no error but failed? drop it, log message
166 secerror("IDS Transport Could not handle message: %@", messageData);
167 result = kHandleIDSMessageDontHandle;
168
169 }
170 }
171
172 exit:
173 CFReleaseNull(ourPeerIdKey);
174 CFReleaseNull(sendersPeerIDKey);
175 CFReleaseNull(deviceIDKey);
176 CFReleaseNull(dataKey);
177 return result;
178 }
179
180
181 static bool sendToPeer(SOSMessageIDS* transport, bool shouldUseAckModel, CFStringRef circleName, CFStringRef deviceID, CFStringRef peerID,CFDictionaryRef message, CFErrorRef *error)
182 {
183 __block bool success = false;
184 CFStringRef errorMessage = NULL;
185 CFDictionaryRef userInfo;
186 CFStringRef operation = NULL;
187 CFDataRef operationData = NULL;
188 CFMutableDataRef mutableData = NULL;
189 SOSAccount* account = [transport SOSTransportMessageGetAccount];
190 CFStringRef ourPeerID = SOSPeerInfoGetPeerID(account.peerInfo);
191 CFStringRef operationToString = NULL;
192
193 CFDictionaryRef messagetoSend = NULL;
194
195 if(deviceID == NULL || CFStringGetLength(deviceID) == 0){
196 errorMessage = CFSTR("Need an IDS Device ID to sync");
197 userInfo = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, kCFErrorLocalizedDescriptionKey, errorMessage, NULL);
198 if(error != NULL){
199 *error =CFErrorCreate(kCFAllocatorDefault, CFSTR("com.apple.security.ids.error"), kSecIDSErrorNoDeviceID, userInfo);
200 secerror("%@", *error);
201 }
202 CFReleaseNull(messagetoSend);
203 CFReleaseNull(operation);
204 CFReleaseNull(operationData);
205 CFReleaseNull(mutableData);
206 CFReleaseNull(userInfo);
207 CFReleaseNull(operationToString);
208
209 return success;
210 }
211
212 if(CFDictionaryGetValue(message, kIDSOperationType) == NULL && [transport SOSTransportMessageIDSGetFragmentationPreference:transport] == kCFBooleanTrue){
213 //handle a keychain data blob using fragmentation!
214 secnotice("IDS Transport","sendToPeer: using fragmentation!");
215
216 operationToString = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%d"), kIDSKeychainSyncIDSFragmentation);
217 messagetoSend = CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
218 kIDSOperationType, operationToString,
219 kIDSMessageRecipientDeviceID, deviceID,
220 kIDSMessageRecipientPeerID, peerID,
221 kIDSMessageUsesAckModel, (shouldUseAckModel ? CFSTR("YES") : CFSTR("NO")),
222 kIDSMessageToSendKey, message,
223 NULL);
224 }
225 else{ //otherhandle handle the test message without fragmentation
226 secnotice("IDS Transport","sendToPeer: not going to fragment message");
227
228 CFMutableDictionaryRef annotatedMessage = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, 0, message);
229 CFDictionaryAddValue(annotatedMessage, kIDSMessageRecipientPeerID, peerID);
230 CFDictionaryAddValue(annotatedMessage, kIDSMessageRecipientDeviceID, deviceID);
231 CFDictionaryAddValue(annotatedMessage, kIDSMessageUsesAckModel, (shouldUseAckModel ? CFSTR("YES") : CFSTR("NO")));
232 CFTransferRetained(messagetoSend, annotatedMessage);
233 CFReleaseNull(annotatedMessage);
234 }
235
236 dispatch_semaphore_t wait_for = dispatch_semaphore_create(0);
237
238 secnotice("IDS Transport", "Starting");
239 SecADAddValueForScalarKey(CFSTR("com.apple.security.sos.sendids"), 1);
240
241 SOSCloudKeychainSendIDSMessage(messagetoSend, deviceID, ourPeerID, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), [transport SOSTransportMessageIDSGetFragmentationPreference:transport], ^(CFDictionaryRef returnedValues, CFErrorRef sync_error) {
242 success = (sync_error == NULL);
243 if (sync_error && error) {
244 CFRetainAssign(*error, sync_error);
245 }
246
247 dispatch_semaphore_signal(wait_for);
248 });
249
250 if (dispatch_semaphore_wait(wait_for, dispatch_time(DISPATCH_TIME_NOW, NSEC_PER_SEC * 2)) != 0) {
251 secerror("IDS Transport: timed out waiting for message send to complete");
252 }
253
254 if(!success){
255 if(error != NULL)
256 secerror("IDS Transport: Failed to send message to peer! %@", *error);
257 else
258 secerror("IDS Transport: Failed to send message to peer");
259 }
260 else{
261 secnotice("IDS Transport", "Sent message to peer!");
262 }
263
264 CFReleaseNull(messagetoSend);
265 CFReleaseNull(operation);
266 CFReleaseNull(operationData);
267 CFReleaseNull(mutableData);
268 CFReleaseNull(operationToString);
269 return success;
270 }
271
272
273 -(bool) SOSTransportMessageSyncWithPeers:(SOSMessageIDS*) transport p:(CFSetRef) peers err:(CFErrorRef *)error
274 {
275 // Each entry is keyed by circle name and contains a list of peerIDs
276 __block bool result = true;
277
278 CFSetForEach(peers, ^(const void *value) {
279 CFStringRef peerID = asString(value, NULL);
280
281 result &= [transport SOSTransportMessageSendMessageIfNeeded:transport id:(__bridge CFStringRef)(transport.circleName) pID:peerID err:error];
282 });
283
284 return result;
285 }
286
287 -(bool) SOSTransportMessageSendMessages:(SOSMessageIDS*) transport pm:(CFDictionaryRef) peer_messages err:(CFErrorRef *)error
288 {
289 __block bool result = true;
290
291 SOSPeerInfoRef myPeer = transport->account.peerInfo;
292 CFStringRef myID = SOSPeerInfoGetPeerID(myPeer);
293 if(!myPeer)
294 return result;
295
296 CFDictionaryForEach(peer_messages, ^(const void *key, const void *value) {
297 CFErrorRef error = NULL;
298
299 SOSPeerInfoRef peer = NULL;
300 CFStringRef deviceID = NULL;
301 CFDictionaryRef message = NULL;
302
303 CFStringRef peerID = asString(key, &error);
304 require_quiet(peerID, skip);
305 require_quiet(!CFEqualSafe(myID, key), skip);
306
307 message = CFRetainSafe(asDictionary(value, &error));
308 if (message == NULL) {
309 // If it's not a data, return the error
310 CFDataRef messageData = asData(value, NULL);
311 if (messageData) {
312 CFReleaseNull(error);
313 message = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, peerID, messageData, NULL);
314 }
315 }
316 require_quiet(message, skip);
317
318 peer = SOSAccountCopyPeerWithID(transport->account, peerID, &error);
319 require_quiet(peer, skip);
320
321 deviceID = SOSPeerInfoCopyDeviceID(peer);
322 require_action_quiet(deviceID, skip, SOSErrorCreate(kSOSErrorSendFailure, &error, NULL, CFSTR("No IDS ID")));
323
324 [transport SOSTransportMessageIDSSetFragmentationPreference:transport
325 pref:SOSPeerInfoShouldUseIDSMessageFragmentation(myPeer, peer) ? kCFBooleanTrue : kCFBooleanFalse];
326 bool shouldUseAckModel = SOSPeerInfoShouldUseACKModel(myPeer, peer);
327
328 result &= sendToPeer(transport, shouldUseAckModel, (__bridge CFStringRef)(transport.circleName), deviceID, peerID, message, &error);
329
330 skip:
331 if (error) {
332 secerror("Failed to sync to %@ over IDS: %@", peerID, error);
333 }
334
335 CFReleaseNull(peer);
336 CFReleaseNull(deviceID);
337 CFReleaseNull(message);
338
339 CFReleaseNull(error);
340 });
341
342 return result;
343 }
344
345
346 -(bool) SOSTransportMessageFlushChanges:(SOSMessageIDS*) transport err:(CFErrorRef *)error
347 {
348 return true;
349 }
350
351 -(bool) SOSTransportMessageCleanupAfterPeerMessages:(SOSMessageIDS*) transport peers:(CFDictionaryRef) peers err:(CFErrorRef*) error
352 {
353 return true;
354 }
355
356 -(bool) SOSTransportMessageIDSGetIDSDeviceID:(SOSAccount*)acct
357 {
358 SOSAccountTrustClassic* trust = acct.trust;
359 CFStringRef deviceID = SOSPeerInfoCopyDeviceID(trust.peerInfo);
360 bool hasDeviceID = deviceID != NULL && CFStringGetLength(deviceID) != 0;
361 CFReleaseNull(deviceID);
362
363 if(!hasDeviceID){
364 SOSCloudKeychainGetIDSDeviceID(^(CFDictionaryRef returnedValues, CFErrorRef sync_error){
365 bool success = (sync_error == NULL);
366 if (!success) {
367 secerror("Could not ask KeychainSyncingOverIDSProxy for Device ID: %@", sync_error);
368 }
369 else{
370 secnotice("IDS Transport", "Successfully attempting to retrieve the IDS Device ID");
371 }
372 });
373 }
374
375 return hasDeviceID;
376 }
377 @end
mirror of Security