]> git.saurik.com Git - apple/security.git/blob - keychain/SecureObjectSync/SOSAccountCloudParameters.m
Security-59306.11.20.tar.gz
[apple/security.git] / keychain / SecureObjectSync / SOSAccountCloudParameters.m
1 //
2 // AccountCloudParameters.c
3 // sec
4 //
5
6 #include "SOSAccountPriv.h"
7 #include "keychain/SecureObjectSync/SOSTransportKeyParameter.h"
8 #include "keychain/SecureObjectSync/SOSCircleDer.h"
9 //
10 // Cloud Paramters encode/decode
11 //
12
13 static size_t der_sizeof_cloud_parameters(SecKeyRef publicKey, CFDataRef paramters, CFErrorRef* error)
14 {
15 size_t public_key_size = der_sizeof_public_bytes(publicKey, error);
16 size_t parameters_size = der_sizeof_data_or_null(paramters, error);
17
18 return ccder_sizeof(CCDER_CONSTRUCTED_SEQUENCE, public_key_size + parameters_size);
19 }
20
21 static uint8_t* der_encode_cloud_parameters(SecKeyRef publicKey, CFDataRef paramters, CFErrorRef* error,
22 const uint8_t* der, uint8_t* der_end)
23 {
24 uint8_t* original_der_end = der_end;
25
26 return ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, original_der_end, der,
27 der_encode_public_bytes(publicKey, error, der,
28 der_encode_data_or_null(paramters, error, der, der_end)));
29 }
30
31 const uint8_t* der_decode_cloud_parameters(CFAllocatorRef allocator,
32 CFIndex algorithmID, SecKeyRef* publicKey,
33 CFDataRef *parameters,
34 CFErrorRef* error,
35 const uint8_t* der, const uint8_t* der_end)
36 {
37 const uint8_t *sequence_end;
38 der = ccder_decode_sequence_tl(&sequence_end, der, der_end);
39 der = der_decode_public_bytes(allocator, algorithmID, publicKey, error, der, sequence_end);
40 der = der_decode_data_or_null(allocator, parameters, error, der, sequence_end);
41
42 return der;
43 }
44
45
46 bool SOSAccountPublishCloudParameters(SOSAccount* account, CFErrorRef* error){
47 bool success = false;
48 CFIndex cloud_der_len = der_sizeof_cloud_parameters(account.accountKey,
49 (__bridge CFDataRef)(account.accountKeyDerivationParamters),
50 error);
51
52 CFMutableDataRef cloudParameters = CFDataCreateMutableWithScratch(kCFAllocatorDefault, cloud_der_len);
53
54 if (der_encode_cloud_parameters(account.accountKey, (__bridge CFDataRef)(account.accountKeyDerivationParamters), error,
55 CFDataGetMutableBytePtr(cloudParameters),
56 CFDataGetMutablePastEndPtr(cloudParameters)) != NULL) {
57
58 CFErrorRef changeError = NULL;
59
60 if ([account.key_transport SOSTransportKeyParameterPublishCloudParameters:account.key_transport data:cloudParameters err:error]) {
61 success = true;
62 } else {
63 SOSCreateErrorWithFormat(kSOSErrorSendFailure, changeError, error, NULL,
64 CFSTR("update parameters key failed [%@]"), cloudParameters);
65 }
66 CFReleaseSafe(changeError);
67 } else {
68 SOSCreateError(kSOSErrorEncodeFailure, CFSTR("Encoding parameters failed"), NULL, error);
69 }
70
71 CFReleaseNull(cloudParameters);
72
73 return success;
74 }
75
76 bool SOSAccountRetrieveCloudParameters(SOSAccount* account, SecKeyRef *newKey,
77 CFDataRef derparms,
78 CFDataRef *newParameters, CFErrorRef* error) {
79 const uint8_t *parse_end = der_decode_cloud_parameters(kCFAllocatorDefault, kSecECDSAAlgorithmID,
80 newKey, newParameters, error,
81 CFDataGetBytePtr(derparms), CFDataGetPastEndPtr(derparms));
82
83 if (parse_end == CFDataGetPastEndPtr(derparms)) return true;
84 return false;
85 }
86