2 // KCJoiningAcceptSession.m
7 #import <Foundation/Foundation.h>
9 #import <KeychainCircle/KCJoiningSession.h>
11 #import <KeychainCircle/KCError.h>
12 #import <KeychainCircle/KCDer.h>
13 #import <KeychainCircle/KCJoiningMessages.h>
15 #import <KeychainCircle/NSError+KCCreationHelpers.h>
17 #include <corecrypto/ccder.h>
18 #include <corecrypto/ccrng.h>
19 #include <corecrypto/ccsha2.h>
20 #include <corecrypto/ccdh_gp.h>
21 #include <utilities/debugging.h>
22 #include <CommonCrypto/CommonRandomSPI.h>
29 } KCJoiningAcceptSessionState;
31 @interface KCJoiningAcceptSession ()
32 @property (readonly) uint64_t dsid;
33 @property (readonly) NSObject<KCJoiningAcceptSecretDelegate>* secretDelegate;
34 @property (readonly) NSObject<KCJoiningAcceptCircleDelegate>* circleDelegate;
35 @property (readonly) KCSRPServerContext* context;
36 @property (readonly) KCAESGCMDuplexSession* session;
37 @property (readonly) KCJoiningAcceptSessionState state;
38 @property (readwrite) NSData* startMessage;
39 @property (readwrite) NSString *piggy_uuid;
40 @property (readwrite) PiggyBackProtocolVersion piggy_version;
43 @implementation KCJoiningAcceptSession
45 + (nullable instancetype) sessionWithInitialMessage: (NSData*) message
46 secretDelegate: (NSObject<KCJoiningAcceptSecretDelegate>*) secretDelegate
47 circleDelegate: (NSObject<KCJoiningAcceptCircleDelegate>*) circleDelegate
49 error: (NSError**) error {
52 struct ccrng_state * rng = ccrng(&cc_error);
55 CoreCryptoError(cc_error, error, @"RNG fetch failed");
59 return [[KCJoiningAcceptSession alloc] initWithSecretDelegate: secretDelegate
60 circleDelegate: circleDelegate
66 - (bool) setupSession: (NSError**) error {
67 NSData* key = [self->_context getKey];
70 KCJoiningErrorCreate(kInternalError, error, @"No session key available");
74 self->_session = [KCAESGCMDuplexSession sessionAsReceiver:key context:self.dsid];
76 return self.session != nil;
79 - (nullable instancetype) initWithSecretDelegate: (NSObject<KCJoiningAcceptSecretDelegate>*) secretDelegate
80 circleDelegate: (NSObject<KCJoiningAcceptCircleDelegate>*) circleDelegate
82 rng: (struct ccrng_state *)rng
83 error: (NSError**) error {
86 NSString* name = [NSString stringWithFormat: @"%llu", dsid];
88 self->_context = [[KCSRPServerContext alloc] initWithUser: name
89 password: [secretDelegate secret]
90 digestInfo: ccsha256_di()
91 group: ccsrp_gp_rfc5054_3072()
93 self->_secretDelegate = secretDelegate;
94 self->_circleDelegate = circleDelegate;
95 self->_state = kExpectingA;
97 self->_piggy_uuid = nil;
98 self->_piggy_version = kPiggyV1;
103 - (NSString*) stateString {
104 switch (self.state) {
105 case kExpectingA: return @"→A";
106 case kExpectingM: return @"→M";
107 case kExpectingPeerInfo: return @"→PeerInfo";
108 case kAcceptDone: return @"done";
109 default: return [NSString stringWithFormat:@"%d", self.state];
113 - (NSString *)description {
114 return [NSString stringWithFormat: @"<KCJoiningAcceptSession@%p %lld %@ %@>", self, self.dsid, [self stateString], self.context];
117 - (NSData*) copyChallengeMessage: (NSError**) error {
118 NSData* challenge = [self.context copyChallengeFor: self.startMessage error: error];
119 if (challenge == nil) return nil;
121 NSData* srpMessage = [NSData dataWithEncodedSequenceData:self.context.salt data:challenge error:error];
123 if (![self setupSession:error]) return nil;
128 - (NSData*) processInitialMessage: (NSData*) initialMessage error: (NSError**) error {
129 uint64_t version = 0;
130 NSString *uuid = nil;
132 self.startMessage = extractStartFromInitialMessage(initialMessage, &version, &uuid, error);
133 self.piggy_uuid = uuid;
134 self.piggy_version = (PiggyBackProtocolVersion)version;
136 if (self.startMessage == nil) return nil;
138 NSData* srpMessage = [self copyChallengeMessage: error];
139 if (srpMessage == nil) return nil;
141 self->_state = kExpectingM;
142 return [[KCJoiningMessage messageWithType:kChallenge
147 - (NSData*) processResponse: (KCJoiningMessage*) message error:(NSError**) error {
148 if ([message type] != kResponse) {
149 KCJoiningErrorCreate(kUnexpectedMessage, error, @"Expected response!");
153 // We handle failure, don't capture the error.
154 NSData* confirmation = [self.context copyConfirmationFor:message.firstData error:NULL];
156 // Find out what kind of error we should send.
157 NSData* errorData = nil;
159 switch ([self.secretDelegate verificationFailed: error]) {
161 // We fill in an error if they didn't, but if they did this wont bother.
162 KCJoiningErrorCreate(kInternalError, error, @"Delegate returned error without filling in error: %@", self.secretDelegate);
164 case kKCRetryWithSameChallenge:
165 errorData = [NSData data];
167 case kKCRetryWithNewChallenge:
168 if ([self.context resetWithPassword:[self.secretDelegate secret] error:error]) {
169 errorData = [self copyChallengeMessage: error];
173 if (errorData == nil) return nil;
175 return [[KCJoiningMessage messageWithType:kError
180 NSData* encoded = [NSData dataWithEncodedString:[self.secretDelegate accountCode] error:error];
184 NSData* encrypted = [self.session encrypt:encoded error:error];
185 if (encrypted == nil) return nil;
187 self->_state = kExpectingPeerInfo;
189 return [[KCJoiningMessage messageWithType:kVerification
195 - (NSData*) processApplication: (KCJoiningMessage*) message error:(NSError**) error {
196 if ([message type] != kPeerInfo) {
197 KCJoiningErrorCreate(kUnexpectedMessage, error, @"Expected peerInfo!");
201 NSData* decryptedPayload = [self.session decryptAndVerify:message.firstData error:error];
202 if (decryptedPayload == nil) return nil;
204 CFErrorRef cfError = NULL;
205 SOSPeerInfoRef ref = SOSPeerInfoCreateFromData(NULL, &cfError, (__bridge CFDataRef) decryptedPayload);
207 if (error) *error = (__bridge_transfer NSError*) cfError;
212 NSData* joinData = [self.circleDelegate circleJoinDataFor:ref error:error];
218 if (joinData == nil) return nil;
220 if(self->_piggy_version == kPiggyV1){
221 //grab iCloud Identities, TLKs
222 secnotice("acceptor", "piggy version is 1");
223 NSError *localV1Error = nil;
224 NSData* initialSyncData = [self.circleDelegate circleGetInitialSyncViews:&localV1Error];
226 secnotice("piggy", "PB v1 threw an error: %@", localV1Error);
229 NSMutableData* growPacket = [[NSMutableData alloc] initWithData:joinData];
230 [growPacket appendData:initialSyncData];
231 joinData = growPacket;
235 NSData* encryptedOutgoing = [self.session encrypt:joinData error:error];
236 if (encryptedOutgoing == nil) return nil;
238 self->_state = kAcceptDone;
240 return [[KCJoiningMessage messageWithType:kCircleBlob
241 data:encryptedOutgoing
246 - (nullable NSData*) processMessage: (NSData*) incomingMessage error: (NSError**) error {
247 NSData* result = nil;
249 KCJoiningMessage *message = (self.state != kExpectingA) ? [KCJoiningMessage messageWithDER:incomingMessage error:error] : nil;
253 return [self processInitialMessage:incomingMessage error: error];
255 if (message == nil) return nil;
256 return [self processResponse:message error: error];
258 case kExpectingPeerInfo:
259 if (message == nil) return nil;
260 return [self processApplication:message error: error];
263 KCJoiningErrorCreate(kUnexpectedMessage, error, @"Unexpected message while done");
270 return self.state == kAcceptDone;