]> git.saurik.com Git - apple/security.git/blob - keychain/SecureObjectSync/SOSRingV0.m
Security-59306.101.1.tar.gz
[apple/security.git] / keychain / SecureObjectSync / SOSRingV0.m
1 //
2 // SOSRingV0.c
3 // sec
4 //
5 // Created by Richard Murphy on 3/5/15.
6 //
7 //
8
9 #include "SOSRingV0.h"
10
11 #include <AssertMacros.h>
12
13 #include "keychain/SecureObjectSync/SOSInternal.h"
14 #include "keychain/SecureObjectSync/SOSPeerInfoInternal.h"
15 #include "keychain/SecureObjectSync/SOSPeerInfoCollections.h"
16 #include "keychain/SecureObjectSync/SOSCircle.h"
17 #include <Security/SecFramework.h>
18
19 #include <Security/SecKey.h>
20 #include <Security/SecKeyPriv.h>
21 #include <CoreFoundation/CoreFoundation.h>
22
23 #include <utilities/SecCFWrappers.h>
24
25 #include <stdlib.h>
26 #include <assert.h>
27
28 #include "SOSRingUtils.h"
29 #include "SOSRingTypes.h"
30
31 // MARK: V0 Ring Ops - same operation as V0 Circles
32
33 static SOSRingRef SOSRingCreate_V0(CFStringRef name, CFStringRef myPeerID, CFErrorRef *error) {
34 SOSRingRef retval = NULL;
35 retval = SOSRingCreate_Internal(name, 0, error);
36 if(!retval) return NULL;
37 SOSRingSetLastModifier(retval, myPeerID);
38 return retval;
39 }
40
41 static bool SOSRingResetToEmpty_V0(SOSRingRef ring, CFStringRef myPeerID, CFErrorRef *error) {
42 return SOSRingResetToEmpty_Internal(ring, error) && SOSRingSetLastModifier(ring, myPeerID);
43 }
44
45 static bool SOSRingResetToOffering_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
46 CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
47 SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
48 bool retval = priv && myPeerID &&
49 SOSRingResetToEmpty_Internal(ring, error) &&
50 SOSRingAddPeerID(ring, myPeerID) &&
51 SOSRingSetLastModifier(ring, myPeerID) &&
52 SOSRingGenerationSign_Internal(ring, user_privkey, error);
53 SOSRingConcordanceSign_Internal(ring, priv, error);
54 CFReleaseNull(priv);
55 return retval;
56 }
57
58 static SOSRingStatus SOSRingDeviceIsInRing_V0(SOSRingRef ring, CFStringRef peerID) {
59 if(SOSRingHasPeerID(ring, peerID)) return kSOSRingMember;
60 if(SOSRingHasApplicant(ring, peerID)) return kSOSRingApplicant;
61 if(SOSRingHasRejection(ring, peerID)) return kSOSRingReject;
62 return kSOSRingNotInRing;
63 }
64
65 static bool SOSRingApply_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
66 bool retval = false;
67 CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
68 if(SOSRingDeviceIsInRing_V0(ring, myPeerID) == kSOSRingReject) SOSRingRemoveRejection(ring, myPeerID);
69 require_action_quiet(SOSRingDeviceIsInRing_V0(ring, myPeerID) == kSOSRingNotInRing, errOut, secnotice("ring", "Already associated with ring"));
70 retval = myPeerID &&
71 SOSRingAddApplicant(ring, myPeerID) &&
72 SOSRingSetLastModifier(ring, myPeerID);
73 errOut:
74 return retval;
75 }
76
77 static bool SOSRingWithdraw_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
78 CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
79 SOSRingSetLastModifier(ring, myPeerID);
80 if(SOSRingHasPeerID(ring, myPeerID)) {
81 SOSRingRemovePeerID(ring, myPeerID);// Maybe we need a retired peerID list?
82 SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
83 SOSRingGenerationSign_Internal(ring, priv, error);
84 if(user_privkey) SOSRingGenerationSign_Internal(ring, user_privkey, error);
85 CFReleaseNull(priv);
86 } else if(SOSRingHasApplicant(ring, myPeerID)) {
87 SOSRingRemoveApplicant(ring, myPeerID);
88 } else if(SOSRingHasRejection(ring, myPeerID)) {
89 SOSRingRemoveRejection(ring, myPeerID);
90 } else {
91 SOSCreateError(kSOSErrorPeerNotFound, CFSTR("Not associated with Ring"), NULL, error);
92 return false;
93 }
94
95 return true;
96 }
97
98 static bool SOSRingGenerationSign_V0(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
99 CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
100 SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
101 bool retval = priv && myPeerID &&
102 SOSRingSetLastModifier(ring, myPeerID) &&
103 SOSRingGenerationSign_Internal(ring, priv, error);
104 if(user_privkey) SOSRingGenerationSign_Internal(ring, user_privkey, error);
105 CFReleaseNull(priv);
106 return retval;
107 }
108
109 static bool SOSRingConcordanceSign_V0(SOSRingRef ring, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
110 CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor));
111 SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error);
112 bool retval = priv && myPeerID &&
113 SOSRingSetLastModifier(ring, myPeerID) &&
114 SOSRingConcordanceSign_Internal(ring, priv, error);
115 CFReleaseNull(priv);
116 return retval;
117 }
118
119
120 ringFuncStruct ringsV0 = {
121 "V0",
122 1,
123 SOSRingCreate_V0,
124 SOSRingResetToEmpty_V0,
125 SOSRingResetToOffering_V0,
126 SOSRingDeviceIsInRing_V0,
127 SOSRingApply_V0,
128 SOSRingWithdraw_V0,
129 SOSRingGenerationSign_V0,
130 SOSRingConcordanceSign_V0,
131 SOSRingUserKeyConcordanceTrust,
132 NULL,
133 NULL
134 };