]> git.saurik.com Git - apple/security.git/blob - Security/sec/SOSCircle/SecureObjectSync/SOSAccountCredentials.c
Security-57031.20.26.tar.gz
[apple/security.git] / Security / sec / SOSCircle / SecureObjectSync / SOSAccountCredentials.c
1 /*
2 * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #include <stdio.h>
26 #include "SOSAccountPriv.h"
27 #include "SOSPeerInfoCollections.h"
28 #include "SOSTransport.h"
29
30 //
31 // MARK: User Credential management
32 //
33
34 void SOSAccountSetPreviousPublic(SOSAccountRef account) {
35 CFReleaseNull(account->previous_public);
36 account->previous_public = account->user_public;
37 CFRetain(account->previous_public);
38 }
39
40 static void SOSAccountRemoveInvalidApplications(SOSAccountRef account, SOSCircleRef circle)
41 {
42 CFMutableSetRef peersToRemove = CFSetCreateMutableForSOSPeerInfosByID(kCFAllocatorDefault);
43 SOSCircleForEachApplicant(circle, ^(SOSPeerInfoRef peer) {
44 if (!SOSPeerInfoApplicationVerify(peer, account->user_public, NULL))
45 CFSetAddValue(peersToRemove, peer);
46 });
47
48 CFSetForEach(peersToRemove, ^(const void *value) {
49 SOSPeerInfoRef peer = (SOSPeerInfoRef) value;
50
51 SOSCircleWithdrawRequest(circle, peer, NULL);
52 });
53 }
54
55 static void SOSAccountGenerationSignatureUpdate(SOSAccountRef account, SecKeyRef privKey) {
56
57 SOSAccountForEachCircle(account, ^(SOSCircleRef circle) {
58 SOSFullPeerInfoRef fpi = SOSAccountGetMyFullPeerInCircle(account, circle, NULL);
59 if(SOSCircleHasPeer(circle, SOSFullPeerInfoGetPeerInfo(fpi), NULL) &&
60 !SOSCircleVerify(circle, account->user_public, NULL)) {
61 SOSAccountModifyCircle(account, SOSCircleGetName(circle), NULL, ^(SOSCircleRef circle) {
62 SOSAccountRemoveInvalidApplications(account, circle); // We might be updating our signatures so remove, but don't reject applicants
63
64 SOSFullPeerInfoRef cloud_fpi = SOSCircleGetiCloudFullPeerInfoRef(circle);
65 require_quiet(cloud_fpi != NULL, gen_sign);
66 require_quiet(SOSFullPeerInfoUpgradeSignatures(cloud_fpi, privKey, NULL), gen_sign);
67 if(!SOSCircleUpdatePeerInfo(circle, SOSFullPeerInfoGetPeerInfo(cloud_fpi))) {
68 }
69 gen_sign: // finally generation sign this.
70 SOSCircleGenerationUpdate(circle, privKey, fpi, NULL);
71 account->departure_code = kSOSNeverLeftCircle;
72 return (bool) true;
73 });
74 }
75 });
76 }
77
78
79 /* this one is meant to be local - not published over KVS. */
80 static void SOSAccountPeerSignatureUpdate(SOSAccountRef account, SecKeyRef privKey) {
81 SOSAccountForEachCircle(account, ^(SOSCircleRef circle) {
82 SOSFullPeerInfoRef fpi = SOSAccountGetMyFullPeerInCircle(account, circle, NULL);
83 if (fpi)
84 SOSFullPeerInfoUpgradeSignatures(fpi, privKey, NULL);
85 });
86 }
87
88
89 void SOSAccountPurgePrivateCredential(SOSAccountRef account)
90 {
91 CFReleaseNull(account->_user_private);
92 if (account->user_private_timer) {
93 dispatch_source_cancel(account->user_private_timer);
94 dispatch_release(account->user_private_timer);
95 account->user_private_timer = NULL;
96 xpc_transaction_end();
97 }
98 if (account->lock_notification_token) {
99 notify_cancel(account->lock_notification_token);
100 account->lock_notification_token = 0;
101 }
102 }
103
104
105 static void SOSAccountSetTrustedUserPublicKey(SOSAccountRef account, bool public_was_trusted, SecKeyRef privKey)
106 {
107 if (!privKey) return;
108 SecKeyRef publicKey = SecKeyCreatePublicFromPrivate(privKey);
109
110 if (account->user_public && account->user_public_trusted && CFEqual(publicKey, account->user_public)) return;
111
112 if(public_was_trusted && account->user_public) {
113 CFReleaseNull(account->previous_public);
114 account->previous_public = account->user_public;
115 CFRetain(account->previous_public);
116 }
117
118 CFReleaseNull(account->user_public);
119 account->user_public = publicKey;
120 account->user_public_trusted = true;
121
122 if(!account->previous_public) {
123 account->previous_public = account->user_public;
124 CFRetain(account->previous_public);
125 }
126
127 secnotice("trust", "trusting new public key: %@", account->user_public);
128 }
129
130
131 static void SOSAccountSetPrivateCredential(SOSAccountRef account, SecKeyRef private) {
132 if (!private)
133 return SOSAccountPurgePrivateCredential(account);
134
135 CFRetain(private);
136 CFReleaseSafe(account->_user_private);
137 account->_user_private = private;
138
139 bool resume_timer = false;
140 if (!account->user_private_timer) {
141 xpc_transaction_begin();
142 resume_timer = true;
143 account->user_private_timer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, account->queue);
144 dispatch_source_set_event_handler(account->user_private_timer, ^{
145 SOSAccountPurgePrivateCredential(account);
146 });
147
148 notify_register_dispatch(kUserKeybagStateChangeNotification, &account->lock_notification_token, account->queue, ^(int token) {
149 bool locked = false;
150 CFErrorRef lockCheckError = NULL;
151
152 if (!SecAKSGetIsLocked(&locked, &lockCheckError)) {
153 secerror("Checking for locked after change failed: %@", lockCheckError);
154 }
155
156 if (locked) {
157 SOSAccountPurgePrivateCredential(account);
158 }
159 });
160 }
161
162 // (Re)set the timer's fire time to now + 120 seconds with a 5 second fuzz factor.
163 dispatch_time_t purgeTime = dispatch_time(DISPATCH_TIME_NOW, (int64_t)(10 * 60 * NSEC_PER_SEC));
164 dispatch_source_set_timer(account->user_private_timer, purgeTime, DISPATCH_TIME_FOREVER, (int64_t)(5 * NSEC_PER_SEC));
165 if (resume_timer)
166 dispatch_resume(account->user_private_timer);
167 }
168
169 SecKeyRef SOSAccountGetPrivateCredential(SOSAccountRef account, CFErrorRef* error)
170 {
171 if (account->_user_private == NULL) {
172 SOSCreateError(kSOSErrorPrivateKeyAbsent, CFSTR("Private Key not available - failed to prompt user recently"), NULL, error);
173 }
174 return account->_user_private;
175 }
176
177 bool SOSAccountHasPublicKey(SOSAccountRef account, CFErrorRef* error)
178 {
179 if (account->user_public == NULL || account->user_public_trusted == false) {
180 SOSCreateError(kSOSErrorPublicKeyAbsent, CFSTR("Public Key not available - failed to register before call"), NULL, error);
181 return false;
182 }
183
184 return true;
185 }
186
187 bool SOSAccountAssertUserCredentials(SOSAccountRef account, CFStringRef user_account __unused, CFDataRef user_password, CFErrorRef *error)
188 {
189 bool public_was_trusted = account->user_public_trusted;
190 account->user_public_trusted = false;
191 SecKeyRef user_private = NULL;
192
193 if (account->user_public && account->user_key_parameters) {
194 // We have an untrusted public key – see if our generation makes the same key:
195 // if so we trust it and we have the private key.
196 // if not we still don't trust it.
197 require_quiet(user_private = SOSUserKeygen(user_password, account->user_key_parameters, error), exit);
198 SecKeyRef public_candidate = SecKeyCreatePublicFromPrivate(user_private);
199 if (!CFEqualSafe(account->user_public, public_candidate)) {
200 secnotice("trust", "Public keys don't match: calculated: %@, expected: %@",
201 account->user_public, public_candidate);
202 debugDumpUserParameters(CFSTR("params"), account->user_key_parameters);
203 CFReleaseNull(user_private);
204 } else {
205 SOSAccountPeerSignatureUpdate(account, user_private);
206 SOSAccountSetTrustedUserPublicKey(account, public_was_trusted, user_private);
207 }
208 CFReleaseSafe(public_candidate);
209 }
210
211 if (!account->user_public_trusted) {
212 // We may or may not have parameters here.
213 // In any case we tried using them and they didn't match
214 // So forget all that and start again, assume we're the first to push anything useful.
215
216 CFReleaseNull(account->user_key_parameters);
217 account->user_key_parameters = SOSUserKeyCreateGenerateParameters(error);
218 require_quiet(user_private = SOSUserKeygen(user_password, account->user_key_parameters, error), exit);
219
220 SOSAccountPeerSignatureUpdate(account, user_private);
221 SOSAccountSetTrustedUserPublicKey(account, public_was_trusted, user_private);
222
223 CFErrorRef publishError = NULL;
224 if (!SOSAccountPublishCloudParameters(account, &publishError))
225 secerror("Failed to publish new cloud parameters: %@", publishError);
226 CFReleaseSafe(publishError);
227 }
228
229 SOSAccountGenerationSignatureUpdate(account, user_private);
230 SOSAccountSetPrivateCredential(account, user_private);
231 exit:
232 SOSUpdateKeyInterest();
233
234 CFReleaseSafe(user_private);
235
236 return account->user_public_trusted;
237 }
238
239
240 bool SOSAccountTryUserCredentials(SOSAccountRef account, CFStringRef user_account __unused, CFDataRef user_password, CFErrorRef *error)
241 {
242 bool success = false;
243
244 if (!SOSAccountHasPublicKey(account, error))
245 return false;
246
247 if (account->user_key_parameters) {
248 SecKeyRef new_key = SOSUserKeygen(user_password, account->user_key_parameters, error);
249 if (new_key) {
250 SecKeyRef new_public_key = SecKeyCreatePublicFromPrivate(new_key);
251
252 if (CFEqualSafe(new_public_key, account->user_public)) {
253 SOSAccountSetPrivateCredential(account, new_key);
254 success = true;
255 } else {
256 SOSCreateError(kSOSErrorWrongPassword, CFSTR("Password passed in incorrect: ▇█████▇▇██"), NULL, error);
257 }
258 CFReleaseSafe(new_public_key);
259 CFReleaseSafe(new_key);
260 }
261 } else {
262 SOSCreateError(kSOSErrorProcessingFailure, CFSTR("Have public key but no parameters??"), NULL, error);
263 }
264
265 return success;
266 }