keychain/SecureObjectSync/SOSAccountRecovery.m

   1 /*
   2  * Copyright (c) 2016 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 //  SOSAccountRecovery.c
  26 //  Security
  27 //
  28
  29 #include <AssertMacros.h>
  30 #include "SOSAccountPriv.h"
  31 #include "SOSCloudKeychainClient.h"
  32
  33 #include "keychain/SecureObjectSync/SOSPeerInfoCollections.h"
  34 #include <Security/SecureObjectSync/SOSViews.h>
  35 #include "keychain/SecureObjectSync/SOSAccountTrustClassic+Circle.h"
  36 #include "keychain/SecureObjectSync/SOSAccountTrustClassic+Expansion.h"
  37
  38 #include "keychain/SecureObjectSync/SOSInternal.h"
  39 #include "SecADWrapper.h"
  40
  41 #include "keychain/SecureObjectSync/SOSRecoveryKeyBag.h"
  42 #include "keychain/SecureObjectSync/SOSRingRecovery.h"
  43
  44 CFStringRef kRecoveryRingKey = CFSTR("recoveryKeyBag");
  45
  46 // When a recovery key is harvested from a recovery ring it's sent here
  47 bool SOSAccountSetRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error) {
  48     bool result = false;
  49     if(rkbg == NULL) {
  50         result = SOSAccountClearValue(account, kRecoveryRingKey, error);
  51     } else {
  52         CFDataRef recoverKeyData = SOSRecoveryKeyBagGetKeyData(rkbg, NULL);
  53         if(CFEqualSafe(recoverKeyData, SOSRKNullKey())) {
  54             result = SOSAccountClearValue(account, kRecoveryRingKey, error);
  55         } else {
  56             CFDataRef rkbg_as_data = SOSRecoveryKeyBagCopyEncoded(rkbg, error);
  57             result = rkbg_as_data && SOSAccountSetValue(account, kRecoveryRingKey, rkbg_as_data, error);
  58             CFReleaseNull(rkbg_as_data);
  59         }
  60     }
  61     return result;
  62 }
  63
  64 SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error) {
  65     SOSRecoveryKeyBagRef retval = NULL;
  66     CFDataRef rkbg_as_data = asData(SOSAccountGetValue(account, kRecoveryRingKey, error), error);
  67     require_quiet(rkbg_as_data, errOut);
  68     retval = SOSRecoveryKeyBagCreateFromData(allocator, rkbg_as_data, error);
  69 errOut:
  70     return retval;
  71 }
  72
  73 CFDataRef SOSAccountCopyRecoveryPublic(CFAllocatorRef allocator, SOSAccount* account, CFErrorRef *error) {
  74     SOSRecoveryKeyBagRef rkbg = SOSAccountCopyRecoveryKeyBagEntry(allocator, account, error);
  75     CFDataRef recKey = NULL;
  76     require_quiet(rkbg, errOut);
  77     CFDataRef tmpKey = SOSRecoveryKeyBagGetKeyData(rkbg, error);
  78     require_quiet(tmpKey, errOut);
  79     require_quiet(!CFEqualSafe(tmpKey, SOSRKNullKey()), errOut);
  80     recKey = CFDataCreateCopy(kCFAllocatorDefault, tmpKey);
  81 errOut:
  82     CFReleaseNull(rkbg);
  83     if(!recKey) {
  84         if(error && !(*error)) SOSErrorCreate(kSOSErrorNoKey, error, NULL, CFSTR("No recovery key available"));
  85     }
  86     return recKey;
  87 }
  88
  89 static bool SOSAccountUpdateRecoveryRing(SOSAccount* account, CFErrorRef *error,
  90                                          SOSRingRef (^modify)(SOSRingRef existing, CFErrorRef *error)) {
  91     bool result = SOSAccountUpdateNamedRing(account, kSOSRecoveryRing, error, ^SOSRingRef(CFStringRef ringName, CFErrorRef *error) {
  92         return SOSRingCreate(ringName, (__bridge CFStringRef)(account.peerID), kSOSRingRecovery, error);
  93     }, modify);
  94
  95     return result;
  96 }
  97
  98 bool SOSAccountRemoveRecoveryKey(SOSAccount* account, CFErrorRef *error) {
  99     return SOSAccountSetRecoveryKey(account, NULL, error);
 100 }
 101
 102
 103 // Recovery Setting From a Local Client goes through here
 104 bool SOSAccountSetRecoveryKey(SOSAccount* account, CFDataRef pubData, CFErrorRef *error) {
 105     __block bool result = false;
 106     CFDataRef oldRecoveryKey = NULL;
 107     SOSRecoveryKeyBagRef rkbg = NULL;
 108
 109     if(![account isInCircle:error]) return false;
 110     oldRecoveryKey = SOSAccountCopyRecoveryPublic(kCFAllocatorDefault, account, NULL); // ok to fail here. don't collect error
 111
 112     CFDataPerformWithHexString(pubData, ^(CFStringRef recoveryKeyString) {
 113         CFDataPerformWithHexString(oldRecoveryKey, ^(CFStringRef oldRecoveryKeyString) {
 114             secnotice("recovery", "SetRecoveryPublic: %@ from %@", recoveryKeyString, oldRecoveryKeyString);
 115         });
 116     });
 117     CFReleaseNull(oldRecoveryKey);
 118
 119     rkbg = SOSRecoveryKeyBagCreateForAccount(kCFAllocatorDefault, (__bridge CFTypeRef)account, pubData, error);
 120     SOSAccountSetRecoveryKeyBagEntry(kCFAllocatorDefault, account, rkbg, NULL);
 121     SOSAccountUpdateRecoveryRing(account, error, ^SOSRingRef(SOSRingRef existing, CFErrorRef *error) {
 122         SOSRingRef newRing = NULL;
 123         CFMutableSetRef peerInfoIDs = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
 124         SOSCircleForEachValidSyncingPeer(account.trust.trustedCircle, account.accountKey, ^(SOSPeerInfoRef peer) {
 125             CFSetAddValue(peerInfoIDs, SOSPeerInfoGetPeerID(peer));
 126         });
 127         SOSRingSetPeerIDs(existing, peerInfoIDs);
 128         if(rkbg) {
 129             SOSRingSetRecoveryKeyBag(existing, account.fullPeerInfo, rkbg, error);
 130         } else {
 131             SOSRecoveryKeyBagRef ringrkbg = SOSRecoveryKeyBagCreateForAccount(kCFAllocatorDefault, (__bridge CFTypeRef)account, SOSRKNullKey(), error);
 132             SOSRingSetRecoveryKeyBag(existing, account.fullPeerInfo, ringrkbg, error);
 133             CFRelease(ringrkbg);
 134         }
 135         SOSRingGenerationSign(existing, NULL, account.trust.fullPeerInfo, error);
 136         newRing = CFRetainSafe(existing);
 137         return newRing;
 138     });
 139     CFReleaseNull(rkbg);
 140
 141     if(SOSPeerInfoHasBackupKey(account.trust.peerInfo)) {
 142         SOSAccountProcessBackupRings(account, error);
 143     }
 144     account.circle_rings_retirements_need_attention = true;
 145     result = true;
 146
 147     SOSClearErrorIfTrue(result, error);
 148     if (!result) {
 149         // if we're failing and something above failed to give an error - make a generic one.
 150         if(error && !(*error)) SOSErrorCreate(kSOSErrorProcessingFailure, error, NULL, CFSTR("Failed to set Recovery Key"));
 151         secnotice("recovery", "SetRecoveryPublic Failed: %@", error ? (CFTypeRef) *error : (CFTypeRef) CFSTR("No error space"));
 152     }
 153     return result;
 154 }
 155
 156 bool SOSAccountRecoveryKeyIsInBackupAndCurrentInView(SOSAccount* account, CFStringRef viewname) {
 157     bool result = false;
 158     CFErrorRef bsError = NULL;
 159     CFDataRef backupSliceData = NULL;
 160     SOSRingRef ring = NULL;
 161     SOSBackupSliceKeyBagRef backupSlice = NULL;
 162
 163     CFDataRef recoveryKeyFromAccount = SOSAccountCopyRecoveryPublic(kCFAllocatorDefault, account, NULL);
 164     require_quiet(recoveryKeyFromAccount, errOut);
 165
 166     CFStringRef ringName = SOSBackupCopyRingNameForView(viewname);
 167     ring = [account.trust copyRing:ringName err:&bsError];
 168     CFReleaseNull(ringName);
 169
 170     require_quiet(ring, errOut);
 171
 172     //grab the backup slice from the ring
 173     backupSliceData = SOSRingGetPayload(ring, &bsError);
 174     require_quiet(backupSliceData, errOut);
 175
 176     backupSlice = SOSBackupSliceKeyBagCreateFromData(kCFAllocatorDefault, backupSliceData, &bsError);
 177     require_quiet(backupSlice, errOut);
 178
 179     result = SOSBKSBPrefixedKeyIsInKeyBag(backupSlice, bskbRkbgPrefix, recoveryKeyFromAccount);
 180     CFReleaseNull(backupSlice);
 181 errOut:
 182     CFReleaseNull(ring);
 183     CFReleaseNull(recoveryKeyFromAccount);
 184
 185     if (bsError) {
 186         secnotice("backup", "Failed to find BKSB: %@, %@ (%@)", backupSliceData, backupSlice, bsError);
 187     }
 188     CFReleaseNull(bsError);
 189     return result;
 190
 191 }
 192
 193 static void sosRecoveryAlertAndNotify(SOSAccount* account, SOSRecoveryKeyBagRef oldRingRKBG, SOSRecoveryKeyBagRef ringRKBG) {
 194     secnotice("recovery", "Recovery Key changed: old %@ new %@", oldRingRKBG, ringRKBG);
 195     notify_post(kSOSCCRecoveryKeyChanged);
 196 }
 197
 198 void SOSAccountEnsureRecoveryRing(SOSAccount* account) {
 199     static SOSRecoveryKeyBagRef oldRingRKBG = NULL;
 200     SOSRecoveryKeyBagRef acctRKBG = SOSAccountCopyRecoveryKeyBagEntry(kCFAllocatorDefault, account, NULL);
 201     if(!CFEqualSafe(acctRKBG, oldRingRKBG)) {
 202         sosRecoveryAlertAndNotify(account, oldRingRKBG, acctRKBG);
 203         CFRetainAssign(oldRingRKBG, acctRKBG);
 204     }
 205 }