keychain/SecureObjectSync/SOSRingV0.m

   1 //
   2 //  SOSRingV0.c
   3 //  sec
   4 //
   5 //  Created by Richard Murphy on 3/5/15.
   6 //
   7 //
   8
   9 #include "SOSRingV0.h"
  10
  11 #include <AssertMacros.h>
  12
  13 #include "keychain/SecureObjectSync/SOSInternal.h"
  14 #include "keychain/SecureObjectSync/SOSPeerInfoInternal.h"
  15 #include "keychain/SecureObjectSync/SOSPeerInfoCollections.h"
  16 #include "keychain/SecureObjectSync/SOSCircle.h"
  17 #include <Security/SecFramework.h>
  18
  19 #include <Security/SecKey.h>
  20 #include <Security/SecKeyPriv.h>
  21 #include <CoreFoundation/CoreFoundation.h>
  22
  23 #include <utilities/SecCFWrappers.h>
  24
  25 #include <stdlib.h>
  26 #include <assert.h>
  27
  28 #include "SOSRingUtils.h"
  29 #include "SOSRingTypes.h"
  30
  31 // MARK: V0 Ring Ops - same operation as V0 Circles
  32
  33 static SOSRingRef SOSRingCreate_V0(CFStringRef name, CFStringRef myPeerID, CFErrorRef *error) {
  34     SOSRingRef retval = NULL;
  35     retval = SOSRingCreate_Internal(name, 0, error);
  36     if(!retval) return NULL;
  37     SOSRingSetLastModifier(retval, myPeerID);
  38     return retval;
  39 }
  40
  41 static bool SOSRingResetToEmpty_V0(SOSRingRef ring, CFStringRef myPeerID, CFErrorRef *error) {
  42     return SOSRingResetToEmpty_Internal(ring, error) && SOSRingSetLastModifier(ring, myPeerID);
  43 }
  44
  45 static bool SOSRingResetToOffering_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
  46     CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
  47     SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
  48     bool retval = priv && myPeerID &&
  49     SOSRingResetToEmpty_Internal(ring, error) &&
  50     SOSRingAddPeerID(ring, myPeerID) &&
  51     SOSRingSetLastModifier(ring, myPeerID) &&
  52     SOSRingGenerationSign_Internal(ring, user_privkey, error);
  53     SOSRingConcordanceSign_Internal(ring, priv, error);
  54     CFReleaseNull(priv);
  55     return retval;
  56 }
  57
  58 static SOSRingStatus SOSRingDeviceIsInRing_V0(SOSRingRef ring, CFStringRef peerID) {
  59     if(SOSRingHasPeerID(ring, peerID)) return kSOSRingMember;
  60     if(SOSRingHasApplicant(ring, peerID)) return kSOSRingApplicant;
  61     if(SOSRingHasRejection(ring, peerID)) return kSOSRingReject;
  62     return kSOSRingNotInRing;
  63 }
  64
  65 static bool SOSRingApply_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
  66     bool retval = false;
  67     CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
  68     if(SOSRingDeviceIsInRing_V0(ring, myPeerID) == kSOSRingReject) SOSRingRemoveRejection(ring, myPeerID);
  69     require_action_quiet(SOSRingDeviceIsInRing_V0(ring, myPeerID) == kSOSRingNotInRing, errOut, secnotice("ring", "Already associated with ring"));
  70     retval = myPeerID &&
  71     SOSRingAddApplicant(ring, myPeerID) &&
  72     SOSRingSetLastModifier(ring, myPeerID);
  73 errOut:
  74     return retval;
  75 }
  76
  77 static bool SOSRingWithdraw_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
  78     CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
  79     SOSRingSetLastModifier(ring, myPeerID);
  80     if(SOSRingHasPeerID(ring, myPeerID)) {
  81         SOSRingRemovePeerID(ring, myPeerID);// Maybe we need a retired peerID list?
  82         SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
  83         SOSRingGenerationSign_Internal(ring, priv, error);
  84         if(user_privkey) SOSRingGenerationSign_Internal(ring, user_privkey, error);
  85         CFReleaseNull(priv);
  86     } else if(SOSRingHasApplicant(ring, myPeerID)) {
  87         SOSRingRemoveApplicant(ring, myPeerID);
  88     } else if(SOSRingHasRejection(ring, myPeerID)) {
  89         SOSRingRemoveRejection(ring, myPeerID);
  90     } else {
  91         SOSCreateError(kSOSErrorPeerNotFound, CFSTR("Not associated with Ring"), NULL, error);
  92         return false;
  93     }
  94
  95     return true;
  96 }
  97
  98 static bool SOSRingGenerationSign_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
  99     CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
 100     SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
 101     bool retval = priv && myPeerID &&
 102     SOSRingSetLastModifier(ring, myPeerID) &&
 103     SOSRingGenerationSign_Internal(ring, priv, error);
 104     if(user_privkey) SOSRingGenerationSign_Internal(ring, user_privkey, error);
 105     CFReleaseNull(priv);
 106     return retval;
 107 }
 108
 109 static bool SOSRingConcordanceSign_V0(SOSRingRef ring, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
 110     CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
 111     SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
 112     bool retval = priv && myPeerID &&
 113     SOSRingSetLastModifier(ring, myPeerID) &&
 114     SOSRingConcordanceSign_Internal(ring, priv, error);
 115     CFReleaseNull(priv);
 116     return retval;
 117 }
 118
 119
 120 ringFuncStruct ringsV0 = {
 121     "V0",
 122     1,
 123     SOSRingCreate_V0,
 124     SOSRingResetToEmpty_V0,
 125     SOSRingResetToOffering_V0,
 126     SOSRingDeviceIsInRing_V0,
 127     SOSRingApply_V0,
 128     SOSRingWithdraw_V0,
 129     SOSRingGenerationSign_V0,
 130     SOSRingConcordanceSign_V0,
 131     SOSRingUserKeyConcordanceTrust,
 132     NULL,
 133     NULL
 134 };