+++ /dev/null
-/*
- * Created by Michael Brouwer on 7/17/12.
- * Copyright 2012 Apple Inc. All Rights Reserved.
- */
-
-/*
- * SOSEngine.c - Implementation of a secure object syncing engine
- */
-
-#include <SecureObjectSync/SOSEngine.h>
-#include <SecureObjectSync/SOSPeer.h>
-#include <SecureObjectSync/SOSPeerInfo.h>
-#include <corecrypto/ccder.h>
-#include <stdlib.h>
-#include <stdbool.h>
-#include <utilities/SecCFError.h>
-#include <utilities/SecCFRelease.h>
-#include <utilities/SecCFWrappers.h>
-#include <utilities/der_plist.h>
-#include <utilities/der_plist_internal.h>
-#include <utilities/debugging.h>
-#include <utilities/iCloudKeychainTrace.h>
-#include <AssertMacros.h>
-#include <CoreFoundation/CoreFoundation.h>
-#include <SecItemServer.h>
-#include <SecItemPriv.h>
-
-/* DataSource helper macros and functions. */
-
-// TODO: Change to create with DER.
-#define SOSObjectCreateWithPropertyList(dataSource, plist, error) (dataSource->createWithPropertyList(dataSource, plist, error))
-
-#define SOSObjectCopyPropertyList(dataSource, object, error) (dataSource->copyPropertyList(object, error))
-#define SOSObjectCopyDigest(dataSource, object, error) (dataSource->copyDigest(object, error))
-#define SOSObjectCopyPrimaryKey(dataSource, object, error) (dataSource->copyPrimaryKey(object, error))
-#define SOSObjectCopyMergedObject(dataSource, object1, object2, error) (dataSource->copyMergedObject(object1, object2, error))
-
-#define kSOSMaxObjectPerMessage (500)
-
-static CFArrayRef SOSDataSourceCopyObjectArray(SOSDataSourceRef data_source, SOSManifestRef manifest, CFErrorRef *error) {
- CFMutableArrayRef objects = CFArrayCreateMutable(0, 0, &kCFTypeArrayCallBacks);
-
- // Delta sync by only sending a max of kSOSMaxObjectPerMessage objects at a time.
- SOSManifestRef toSend = NULL;
- if (SOSManifestGetCount(manifest) > kSOSMaxObjectPerMessage) {
- toSend = SOSManifestCreateWithBytes(SOSManifestGetBytePtr(manifest), kSOSMaxObjectPerMessage * SOSDigestSize, error);
- } else {
- toSend = manifest;
- CFRetain(toSend);
- }
-
- if (!data_source->foreach_object(data_source, toSend, error, ^bool (SOSObjectRef object, CFErrorRef *localError) {
- CFDictionaryRef plist = SOSObjectCopyPropertyList(data_source, object, localError);
- if (plist) {
- CFArrayAppendValue(objects, plist);
- CFRelease(plist);
- }
- return plist;
- })) {
- CFReleaseNull(objects);
- }
- CFRetainSafe(toSend);
- return objects;
-}
-
-static CFDataRef SOSDataSourceCopyManifestDigest(SOSDataSourceRef ds, CFErrorRef *error) {
- CFMutableDataRef manifestDigest = CFDataCreateMutable(0, SOSDigestSize);
- CFDataSetLength(manifestDigest, SOSDigestSize);
- if (!ds->get_manifest_digest(ds, CFDataGetMutableBytePtr(manifestDigest), error))
- CFReleaseNull(manifestDigest);
-
- return manifestDigest;
-}
-
-static SOSManifestRef SOSDataSourceCopyManifest(SOSDataSourceRef ds, CFErrorRef *error) {
- return ds->copy_manifest(ds, error);
-}
-
-static void SOSDataSourceRelease(SOSDataSourceRef ds) {
- ds->release(ds);
-}
-
-
-/* SOSEngine implementation. */
-
-static CFStringRef sErrorDomain = CFSTR("com.apple.security.sos.engine.error");
-
-static bool SOSEngineCreateError(CFIndex errorCode, CFStringRef descriptionString, CFErrorRef previousError, CFErrorRef *newError) {
- SecCFCreateError(errorCode, descriptionString, sErrorDomain, previousError, newError);
- return true;
-}
-
-struct __OpaqueSOSEngine {
- SOSDataSourceRef dataSource;
-};
-
-SOSEngineRef SOSEngineCreate(SOSDataSourceRef dataSource, CFErrorRef *error) {
- SOSEngineRef engine = calloc(1, sizeof(struct __OpaqueSOSEngine));
- engine->dataSource = dataSource;
-
- return engine;
-}
-
-void SOSEngineDispose(SOSEngineRef engine) {
- SOSDataSourceRelease(engine->dataSource);
- free(engine);
-}
-
-/* SOSEngine. */
-enum SOSMessageType {
- SOSManifestInvalidMessageType = 0,
- SOSManifestDigestMessageType = 1,
- SOSManifestMessageType = 2,
- SOSManifestDeltaAndObjectsMessageType = 3,
-};
-
-/* H(): SHA1 hash function.
- M: Manifest of peer p
- MSG: H(M).
-
-
- SOSPeerMessage := SEQUENCE {
- messageType INTEGER (manifestDigest, manifest, manifestDeltaAndObjects)
- version INTEGER OPTIONAL default v0
- content ANY defined by messageType
- }
-
- ManifestDigest := OCTECT STRING (length 20)
- Manifest := OCTECT STRING (length 20 * number of entries)
-
-
- Value := CHOICE {
- bool Boolean
- number INTEGER
- string UTF8String
- data OCTECT STRING
- date GENERAL TIME
- dictionary Object
- array Array
- }
-
- KVPair := SEQUENCE {
- key UTF8String
- value Value
- }
-
- Array := SEQUENCE of Value
- Dictionary := SET of KVPair
-
- Object := SEQUENCE {
- [0] conflict OCTECT STRING OPTIONAL
- [1] change OCTECT STRING OPTIONAL
- object Dictionary
-
-
- ManifestDeltaAndObjects := SEQUENCE {
- manfestDigest ManifestDigest
- removals Manifest
- additions Manifest
- addedObjects SEQUENCE of Object
- }
-
- manifestDigest content = OCTECT STRING
- manifest content := OCTECT STRING
- manifestDeltaAndObjects := SEQUENCE {
- manfestDigest ManifestDigest
- }
-
- */
-
-
-/* ManifestDigest message */
-static size_t der_sizeof_manifest_digest_message(void) {
- return ccder_sizeof(CCDER_CONSTRUCTED_SEQUENCE,
- (ccder_sizeof_uint64(SOSManifestDigestMessageType) +
- ccder_sizeof_raw_octet_string(SOSDigestSize)));
-}
-
-static uint8_t *der_encode_manifest_digest_message(const uint8_t digest[SOSDigestSize], const uint8_t *der, uint8_t *der_end) {
- return ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der,
- ccder_encode_uint64(SOSManifestDigestMessageType, der,
- ccder_encode_raw_octet_string(SOSDigestSize, digest, der, der_end)));
-}
-
-/* This message is sent to each peer that joins a circle and can also be sent
- as a form of ACK to confirm that the local peer is in sync with the peer
- this is beig sent to. */
-CFDataRef SOSEngineCreateManifestDigestMessage(SOSEngineRef engine, SOSPeerRef peer, CFErrorRef *error) {
- /* TODO: avoid copying the digest here by inlining der_encode_manifest_digest_message(). */
-
- uint8_t digest[SOSDigestSize];
- if (!engine->dataSource->get_manifest_digest(engine->dataSource, &digest[0], error)) {
- return NULL;
- }
-
- size_t der_size = der_sizeof_manifest_digest_message();
- CFMutableDataRef message = CFDataCreateMutable(NULL, der_size);
- if (message == NULL) {
- return NULL;
- }
- CFDataSetLength(message, der_size);
- uint8_t *der_end = CFDataGetMutableBytePtr(message);
- const uint8_t *der = der_end;
- der_end += der_size;
-
- der_end = der_encode_manifest_digest_message(digest, der, der_end);
- assert(der == der_end);
-
- return message;
-}
-
-
-/* Manifest message */
-static size_t der_sizeof_manifest_message(SOSManifestRef manifest) {
- return ccder_sizeof(CCDER_CONSTRUCTED_SEQUENCE,
- (ccder_sizeof_uint64(SOSManifestMessageType) +
- ccder_sizeof_raw_octet_string(SOSManifestGetSize(manifest))));
-}
-
-static uint8_t *der_encode_manifest_message(SOSManifestRef manifest, const uint8_t *der, uint8_t *der_end) {
- return ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der,
- ccder_encode_uint64(SOSManifestMessageType, der,
- ccder_encode_raw_octet_string(SOSManifestGetSize(manifest),
- SOSManifestGetBytePtr(manifest), der, der_end)));
-}
-
-/* This message is sent in response to a manifestDigest if our manifestDigest
- differs from that of the received manifestDigest, or in response to a
- manifestAndObjects message if the manifestDigest in the received message
- doesn't match our own manifestDigest. */
-CFDataRef SOSEngineCreateManifestMessage(SOSEngineRef engine, SOSPeerRef peer, CFErrorRef *error) {
- SOSManifestRef manifest = SOSDataSourceCopyManifest(engine->dataSource, error);
- if (!manifest)
- return NULL;
-
- size_t der_size = der_sizeof_manifest_message(manifest);
- CFMutableDataRef message = CFDataCreateMutable(NULL, der_size);
- CFDataSetLength(message, der_size);
- uint8_t *der_end = CFDataGetMutableBytePtr(message);
- const uint8_t *der = der_end;
- der_end += der_size;
-
- der_end = der_encode_manifest_message(manifest, der, der_end);
- assert(der == der_end);
-
- return message;
-}
-
-
-/* ManifestDeltaAndObjects message */
-static size_t der_sizeof_manifest_and_objects_message(SOSManifestRef removals, SOSManifestRef additions, CFArrayRef objects, CFErrorRef *error) {
- size_t objects_size = der_sizeof_plist(objects, error);
- if (objects_size == 0)
- return objects_size;
-
- return ccder_sizeof(CCDER_CONSTRUCTED_SEQUENCE,
- (ccder_sizeof_uint64(SOSManifestDeltaAndObjectsMessageType) +
- ccder_sizeof(CCDER_CONSTRUCTED_SEQUENCE,
- (ccder_sizeof_raw_octet_string(SOSDigestSize) +
- ccder_sizeof_raw_octet_string(SOSManifestGetSize(removals)) +
- ccder_sizeof_raw_octet_string(SOSManifestGetSize(additions)) +
- objects_size))));
-}
-
-static uint8_t *der_encode_manifest_and_objects_message(CFDataRef digest, SOSManifestRef removals, SOSManifestRef additions, CFArrayRef objects, CFErrorRef *error, const uint8_t *der, uint8_t *der_end) {
- assert(CFDataGetLength(digest) == SOSDigestSize);
- return ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der,
- ccder_encode_uint64(SOSManifestDeltaAndObjectsMessageType, der,
- ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der,
- ccder_encode_raw_octet_string(SOSDigestSize, CFDataGetBytePtr(digest), der,
- ccder_encode_raw_octet_string(SOSManifestGetSize(removals), SOSManifestGetBytePtr(removals), der,
- ccder_encode_raw_octet_string(SOSManifestGetSize(additions), SOSManifestGetBytePtr(additions), der,
- der_encode_plist(objects, error, der, der_end)))))));
-}
-
-/* This message is sent in response to a local change that needs to be
- propagated to our peers or in response to a manifest or manifestDigest
- message from a peer that is not in sync with us yet. */
-CFDataRef SOSEngineCreateManifestAndObjectsMessage(SOSEngineRef engine, SOSPeerRef peer, CFErrorRef *error) {
- /* Assumptions:
- peer has a manifest that corresponds to peers real manifest.
- we send everything in our datasource that's not in peers manifest already to peer.
- */
- CFMutableDataRef message = NULL;
- SOSManifestRef manifest, peerManifest, additions, removals;
-
-retry:
- manifest = SOSDataSourceCopyManifest(engine->dataSource, error);
- if (!manifest)
- goto errOut4;
-
- peerManifest = SOSPeerCopyManifest(peer, error);
- if (!peerManifest)
- goto errOut3;
-
- if (!SOSManifestDiff(manifest, peerManifest, &additions, &removals, error))
- goto errOut2;
-
- CFErrorRef localError = NULL;
- CFArrayRef objects = SOSDataSourceCopyObjectArray(engine->dataSource, additions, &localError);
- if (!objects) {
- if(SecErrorGetOSStatus(localError)==errSecDecode) {
- secnotice("engine", "Corrupted item found: %@", localError);
- CFReleaseNull(manifest);
- CFReleaseNull(additions);
- CFReleaseNull(removals);
- CFReleaseNull(peerManifest);
- CFReleaseNull(localError);
- goto retry;
- }
- if(error && *error==NULL)
- *error=localError;
- else
- CFReleaseNull(localError);
- goto errOut1;
- }
-
- size_t der_size = der_sizeof_manifest_and_objects_message(removals, additions, objects, error);
- if (der_size == 0)
- goto errOut0;
-
- /* TODO: avoid copying the digest here by inlining der_encode_manifest_and_objects_message(). */
- CFDataRef peerDigest = SOSPeerCopyManifestDigest(peer, error);
- if (!peerDigest)
- goto errOut0;
-
- message = CFDataCreateMutable(NULL, der_size);
- CFDataSetLength(message, der_size);
- uint8_t *der_end = CFDataGetMutableBytePtr(message);
- const uint8_t *der = der_end;
- der_end += der_size;
-
- der_end = der_encode_manifest_and_objects_message(peerDigest, removals, additions, objects, error, der, der_end);
- assert(der == der_end);
- if (der_end == NULL) {
- CFReleaseNull(message);
- goto errOut_;
- }
-
- /* Record the peers new manifest assuming that peer will accept all the
- changes we are about to send them. */
- SOSPeerSetManifest(peer, manifest, error);
-
-errOut_:
- CFRelease(peerDigest);
-errOut0:
- CFRelease(objects);
-errOut1:
- SOSManifestDispose(removals);
- SOSManifestDispose(additions);
-errOut2:
- SOSManifestDispose(peerManifest);
-errOut3:
- SOSManifestDispose(manifest);
-errOut4:
-
- return message;
-}
-
-static const uint8_t *der_decode_msg_type(enum SOSMessageType *msg_type,
- const uint8_t *der,
- const uint8_t *der_end,
- CFErrorRef *error) {
- const uint8_t *body_end;
- der = ccder_decode_sequence_tl(&body_end, der, der_end);
- if (!der)
- return NULL;
-
- if (body_end != der_end) {
- SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Trailing garbage at end of message"), NULL, error);
- return NULL;
- }
-
- uint64_t msgType;
- der = ccder_decode_uint64(&msgType, der, der_end);
- if (msgType < 1 || msgType > SOSManifestDeltaAndObjectsMessageType) {
- SecCFCreateErrorWithFormat(kSOSEngineInvalidMessageError, sErrorDomain,
- NULL, error, NULL,
- CFSTR("Bad message type: %llu"), msgType);
- return NULL;
- }
- *msg_type = (enum SOSMessageType)msgType;
- return der;
-}
-
-static const uint8_t *
-der_decode_manifest_digest(CFDataRef *digest, CFErrorRef *error,
- const uint8_t *der, const uint8_t *der_end) {
- require_quiet(der, errOut);
- size_t len;
- der = ccder_decode_tl(CCDER_OCTET_STRING, &len, der, der_end);
- require_action_quiet(der, errOut, SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Failed to find string"), NULL, error));
- require_action_quiet(len == SOSDigestSize, errOut, SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Invalid digest size"), NULL, error));
-
- *digest = CFDataCreate(0, der, len);
- require_action_quiet(*digest, errOut, SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Failed to create digest"), NULL, error));
-
- der += len;
- require_action_quiet(der, errOut, CFReleaseNull(*digest); SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Failed to find string"), NULL, error));
-
- return der;
-
-errOut:
- return NULL;
-}
-
-static const uint8_t *
-der_decode_manifest(SOSManifestRef *manifest, CFErrorRef *error,
- const uint8_t *der, const uint8_t *der_end) {
- if (!der)
- goto errOut;
- size_t len;
- der = ccder_decode_tl(CCDER_OCTET_STRING, &len, der, der_end);
- if (!der) {
- SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Failed to decode manifest"), NULL, error);
- goto errOut;
- }
- if (len % SOSDigestSize != 0) {
- SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("manifest not a multiple of digest size"), NULL, error);
- goto errOut;
- }
- *manifest = SOSManifestCreateWithBytes(der, len, error);
- if (!*manifest)
- goto errOut;
-
- return der += len;
-
-errOut:
- return NULL;
-}
-
-static const uint8_t *
-der_decode_manifest_digest_message(CFDataRef *digest, CFErrorRef *error,
- const uint8_t *der, const uint8_t *der_end) {
- der = der_decode_manifest_digest(digest, error, der, der_end);
- if (der && der != der_end) {
- SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Trailing garbage after digest"), NULL, error);
- CFReleaseNull(*digest);
- der = NULL;
- }
- return der;
-}
-
-static const uint8_t *
-der_decode_manifest_message(SOSManifestRef *manifest, CFErrorRef *error,
- const uint8_t *der, const uint8_t *der_end) {
- der = der_decode_manifest(manifest, error, der, der_end);
- if (der && der != der_end) {
- SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Trailing garbage after manifest"), NULL, error);
- SOSManifestDispose(*manifest);
- *manifest = NULL;
- der = NULL;
- }
- return der;
-}
-
-static const uint8_t *
-der_decode_manifest_and_objects_message(CFDataRef *peerManifestDigest,
- SOSManifestRef *removals,
- SOSManifestRef *additions,
- CFArrayRef *objects,
- CFErrorRef *error, const uint8_t *der,
- const uint8_t *der_end) {
- const uint8_t *body_end;
- der = ccder_decode_sequence_tl(&body_end, der, der_end);
- if (!der) {
- SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Failed to decode top level sequence"), NULL, error);
- goto errOut;
- }
-
- if (body_end != der_end) {
- SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Trailing garbage at end of message"), NULL, error);
- goto errOut;
- }
-
- der = der_decode_manifest_digest(peerManifestDigest, error, der, der_end);
- if (!der)
- goto errOut;
- der = der_decode_manifest(removals, error, der, der_end);
- if (!der)
- goto errOut1;
- der = der_decode_manifest(additions, error, der, der_end);
- if (!der)
- goto errOut2;
-
- CFPropertyListRef pl;
- der = der_decode_plist(0, 0, &pl, error, der, der_end);
- if (!der)
- goto errOut3;
-
- if (der != der_end) {
- SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("Trailing garbage at end of message body"), NULL, error);
- goto errOut4;
- }
-
- // TODO Check that objects is in fact an array. */
- if (CFArrayGetTypeID() != CFGetTypeID(pl)) {
- SOSEngineCreateError(kSOSEngineInvalidMessageError, CFSTR("objects is not an array"), NULL, error);
- goto errOut4;
- }
- *objects = pl;
-
- return der;
-
-errOut4:
- CFRelease(pl);
-errOut3:
- CFRelease(additions);
-errOut2:
- CFRelease(removals);
-errOut1:
- CFRelease(peerManifestDigest);
-errOut:
- return NULL;
-}
-
-
-#if 0
-enum SOSMessageType SOSMessageGetType(CFDataRef message) {
- const uint8_t *der = CFDataGetBytePtr(message);
- const uint8_t *der_end = der + CFDataGetLength(message);
- enum SOSMessageType msg_type;
- der_decode_msg_type(&msg_type, der, der_end, NULL);
- if (!der) {
- return SOSManifestInvalidMessageType;
- }
-
- return msg_type;
-}
-#endif
-
-/* H(): SHA1 hash function.
- M: Manifest of peer p
- MSG: H(M) */
-static CFDataRef SOSEngineCopyManifestDigestReply(SOSEngineRef engine,
- SOSPeerRef peer,
- CFDataRef digest,
- CFErrorRef *error) {
- CFDataRef reply = NULL;
- CFDataRef peerDigest = SOSPeerCopyManifestDigest(peer, NULL);
- CFDataRef manifestDigest = SOSDataSourceCopyManifestDigest(engine->dataSource, error);
- if (manifestDigest) {
- if (CFEqual(manifestDigest, digest)) {
- /* Our dataSources manifest and that of the peer are equal, we are in sync. */
- if (peerDigest && CFEqual(peerDigest, digest)) {
- /* The last known digest we had for peer already matched the digest peer
- sent us, so this message is redundant, consider it an ack of our last
- message to peer. */
- reply = CFDataCreate(kCFAllocatorDefault, NULL, 0);
- } else {
- /* Our peer just sent us a manifest digest that matches our own, but the digest
- we have for the peer (if any) doesn't match that. Peer must have the same
- manifest we do, so record that. */
- SOSManifestRef manifest = SOSDataSourceCopyManifest(engine->dataSource, error);
- if (manifest) {
- bool ok = SOSPeerSetManifest(peer, manifest, error);
- SOSManifestDispose(manifest);
- if (ok) {
- /* Since we got lucky and happen to have the same digest as our peer, we
- send back an ack to ensure our peer ends up knowning our manifest as well. */
- reply = SOSEngineCreateManifestDigestMessage(engine, peer, error);
- }
- }
- }
- } else if (peerDigest && CFEqual(peerDigest, digest)) {
- /* We know peer's current manifest is correct (the computed digest
- matches the passed in one) but peer and our dataSource
- are not in sync. Send the deltas to peer. */
- reply = SOSEngineCreateManifestAndObjectsMessage(engine, peer, error);
- } else {
- /* Our peer has no digest yet, or the manifestDigest peer just sent
- us doesn't match the digest of the manifest we think peer has.
- We need to get peer to tell us their manifest, to do so we sent
- it ours and hope it responds with deltas. */
- reply = SOSEngineCreateManifestMessage(engine, peer, error);
- }
- CFRelease(manifestDigest);
- }
- CFReleaseSafe(peerDigest);
- return reply;
-}
-
-/* M: Manifest of peer p
- MSG: M */
-static CFDataRef SOSEngineCopyManifestReply(SOSEngineRef engine, SOSPeerRef peer,
- SOSManifestRef manifest,
- CFErrorRef *error) {
- CFDataRef reply = NULL;
- // Peer just told us what his manifest was. Let's roll with it.
- SOSPeerSetManifest(peer, manifest, error);
- CFDataRef peerManifestDigest = SOSPeerCopyManifestDigest(peer, error);
- if (peerManifestDigest) {
- CFDataRef manifestDigest = SOSDataSourceCopyManifestDigest(engine->dataSource, error);
- if (manifestDigest) {
- if (CFEqual(peerManifestDigest, manifestDigest)) {
- /* We're in sync, optionally send peer an ack. */
- reply = SOSEngineCreateManifestDigestMessage(engine, peer, error);
- } else {
- /* Send peer the objects it is missing from our manifest. */
- reply = SOSEngineCreateManifestAndObjectsMessage(engine, peer, error);
- }
- CFRelease(manifestDigest);
- }
- CFRelease(peerManifestDigest);
- }
- return reply;
-}
-
-static bool SOSEngineProccesObjects(SOSEngineRef engine,
- SOSPeerRef peer,
- CFDataRef digest,
- SOSManifestRef removals,
- SOSManifestRef additions,
- CFArrayRef objects,
- CFErrorRef *error) {
- __block bool result = true;
- CFArrayForEach(objects, ^(const void *value) {
- SOSObjectRef ob = SOSObjectCreateWithPropertyList(engine->dataSource, value, error);
- if (ob) {
- SOSMergeResult mr = engine->dataSource->add(engine->dataSource, ob, error);
- if (!mr) {
- result = false;
- // assertion failure, duplicate object added during transaction, that wasn't explicitly listed in removal list.
- // treat as conflict?
- // oa = ds->lookup(pkb);
- // ds->choose_between(oa, ob)
- // TODO: This is needed is we want to allow conflicts with other circles.
- SetCloudKeychainTraceValueForKey(kCloudKeychainNumberOfTimesSyncFailed, 1);
- secerror("assertion failure, add failed: %@",
- error ? *error : (CFErrorRef)CFSTR("error is null"));
- }
- CFRelease(ob);
- }
- });
- return result;
-}
-
-/* H(): SHA1 hash function.
- L: Manifest of local peer.
- M: Manifest of peer p.
- M-L: Manifest of entries in M but not in L
- L-M: Manifest of entries in L but not in M
- O(M): Objects in manifest M
- MSG: H(L) || L-M || M-L || O(M-L) */
-static CFDataRef SOSEngineCopyManifestAndObjectsReply(SOSEngineRef engine,
- SOSPeerRef peer,
- CFDataRef digest,
- SOSManifestRef removals,
- SOSManifestRef additions,
- CFArrayRef objects,
- CFErrorRef *error) {
- CFDataRef reply = NULL;
- CFMutableDataRef manifestDigest = (CFMutableDataRef)SOSDataSourceCopyManifestDigest(engine->dataSource, error);
- if (manifestDigest) {
- SOSManifestRef manifest = SOSDataSourceCopyManifest(engine->dataSource, error);
-
- /* Always proccess the objects after we snapshot our manifest. */
- if (!SOSEngineProccesObjects(engine, peer, digest, removals, additions, objects, error)) {
- secerror("peer: %@ SOSEngineProccesObjects(): %@", SOSPeerGetID(peer), *error);
- }
-
- if (CFEqual(manifestDigest, digest)) {
- SOSManifestRef peerManifest = NULL;
- if (manifest) {
- peerManifest = SOSManifestCreateWithPatch(manifest, removals, additions, error);
- }
- if (peerManifest) {
- if (SOSPeerSetManifest(peer, peerManifest, error)) {
- /* Now proccess the objects. */
- if (!SOSEngineProccesObjects(engine, peer, digest, removals, additions, objects, error)) {
- secerror("peer: %@ SOSEngineProccesObjects(): %@", SOSPeerGetID(peer), *error);
- }
-
- CFDataRef peerDigest = SOSPeerCopyManifestDigest(peer, error);
- if (peerDigest) {
- /* Depending on whether after proccess objects we still have objects that need to be sent back to peer we respond with our digestManifest or with a manifestAndObjectsMessage. */
- if (engine->dataSource->get_manifest_digest(engine->dataSource, CFDataGetMutableBytePtr(manifestDigest), error)) {
- if (CFEqual(manifestDigest, peerDigest)) {
- reply = SOSEngineCreateManifestDigestMessage(engine, peer, error);
- } else {
- reply = SOSEngineCreateManifestAndObjectsMessage(engine, peer, error);
- }
- }
- CFRelease(peerDigest);
- }
- }
- CFRelease(peerManifest);
- } else {
- secerror("Received peer: %@ sent bad message: %@", SOSPeerGetID(peer), *error);
- /* We failed to compute peer's digest, let's tell him ours again and hope for a retransmission. */
- /* TODO: Perhaps this should be sent by the top level whenever an error occurs during parsing. */
- reply = SOSEngineCreateManifestDigestMessage(engine, peer, error);
- }
- } else {
- /* ds->manifestDigest != msg->manigestDigest => We received deltas
- against a manifest we don't have respond with our current
- manifest to get back in sync. */
- reply = SOSEngineCreateManifestMessage(engine, peer, error);
- }
- CFReleaseSafe(manifest);
- CFRelease(manifestDigest);
- }
- return reply;
-}
-
-/* Handle incoming message from peer p. Return false if there was an error, true otherwise. */
-bool SOSEngineHandleMessage(SOSEngineRef engine, SOSPeerRef peer,
- CFDataRef message, CFErrorRef *error) {
- CFDataRef reply = NULL;
- SOSManifestRef oldPeerManifest = SOSPeerCopyManifest(peer, NULL);
- const uint8_t *der = CFDataGetBytePtr(message);
- const uint8_t *der_end = der + CFDataGetLength(message);
- enum SOSMessageType msgType;
-
- der = der_decode_msg_type(&msgType, der, der_end, error);
- if (der) switch (msgType) {
- case SOSManifestDigestMessageType:
- {
- CFDataRef digest = NULL; // Make the static analyzer happy by NULL and Release safe
- der = der_decode_manifest_digest_message(&digest, error, der, der_end);
- if (der) {
- reply = SOSEngineCopyManifestDigestReply(engine, peer, digest, error);
- }
- CFReleaseSafe(digest);
- break;
- }
- case SOSManifestMessageType:
- {
- SOSManifestRef manifest;
- der = der_decode_manifest_message(&manifest, error, der, der_end);
- if (der) {
- reply = SOSEngineCopyManifestReply(engine, peer, manifest, error);
- SOSManifestDispose(manifest);
- }
- break;
- }
- case SOSManifestDeltaAndObjectsMessageType:
- {
- CFDataRef peerManifestDigest;
- SOSManifestRef removals;
- SOSManifestRef additions;
- CFArrayRef objects;
- der = der_decode_manifest_and_objects_message(&peerManifestDigest, &removals, &additions, &objects, error, der, der_end);
- if (der) {
- reply = SOSEngineCopyManifestAndObjectsReply(engine, peer, peerManifestDigest, removals, additions, objects, error);
- CFRelease(peerManifestDigest);
- SOSManifestDispose(removals);
- SOSManifestDispose(additions);
- CFRelease(objects);
- }
- break;
- }
- default:
- SecCFCreateErrorWithFormat(kSOSEngineInvalidMessageError, sErrorDomain,
- NULL, error, NULL, CFSTR("Invalid message type %d"), msgType);
- break;
- }
-
- bool ok = reply;
- if (reply && CFDataGetLength(reply)) {
- ok = SOSPeerSendMessage(peer, reply, error);
- if (!ok)
- SOSPeerSetManifest(peer, oldPeerManifest, NULL);
- }
- secnotice("engine", "%@", SOSPeerGetID(peer));
- CFReleaseSafe(oldPeerManifest);
- CFReleaseSafe(reply);
- return ok;
-}
-
-bool SOSEngineSyncWithPeer(SOSEngineRef engine, SOSPeerRef peer, bool force,
- CFErrorRef *error) {
- CFDataRef reply = NULL;
- SOSManifestRef oldPeerManifest = SOSPeerCopyManifest(peer, NULL);
- bool ok = true;
- require_quiet(SOSPeerCanSendMessage(peer), exit);
- CFDataRef peerDigest = SOSPeerCopyManifestDigest(peer, NULL);
- CFMutableDataRef manifestDigest = CFDataCreateMutable(0, SOSDigestSize);
- CFDataSetLength(manifestDigest, SOSDigestSize);
- if (engine->dataSource->get_manifest_digest(engine->dataSource, CFDataGetMutableBytePtr(manifestDigest), error)) {
- if (peerDigest) {
- if (CFEqual(peerDigest, manifestDigest)) {
- /* We are in sync with peer already. */
- if (force) {
- /* If we are at the end of the OTR handshake, we have to send
- something to our peer no matter what to break the symmmetry. */
- reply = SOSEngineCreateManifestDigestMessage(engine, peer, error);
- } else {
- reply = CFDataCreate(kCFAllocatorDefault, NULL, 0);
- }
- } else {
- /* We have have a digest for peer's manifest and it doesn't
- match our current digest, so send deltas to peer. */
- reply = SOSEngineCreateManifestAndObjectsMessage(engine, peer, error);
- }
- } else {
- /* We have no digest for peer yet, send our manifest digest to peer,
- it should respond with it's manifest so we can sync. */
- reply = SOSEngineCreateManifestDigestMessage(engine, peer, error);
- }
- }
- CFRelease(manifestDigest);
- CFReleaseSafe(peerDigest);
-
- ok = ok && reply;
- if (ok && CFDataGetLength(reply)) {
- ok = SOSPeerSendMessage(peer, reply, error);
- if (!ok)
- SOSPeerSetManifest(peer, oldPeerManifest, NULL);
- }
-
-exit:
- secnotice("engine", "%@", SOSPeerGetID(peer));
- CFReleaseSafe(oldPeerManifest);
- CFReleaseSafe(reply);
- return ok;
-}
-
-#if 0
-static void appendObject(CFMutableStringRef desc, CFDictionaryRef object) {
- __block bool needComma = false;
- CFDictionaryForEach(object, ^(const void *key, const void *value) {
- if (needComma)
- CFStringAppend(desc, CFSTR(","));
- else
- needComma = true;
-
- CFStringAppend(desc, key);
- CFStringAppend(desc, CFSTR("="));
- if (CFEqual(CFSTR("data"), key)) {
- CFStringAppend(desc, CFSTR("<?>"));
- } else if (isData(value)) {
- CFStringAppendHexData(desc, value);
- } else {
- CFStringAppendFormat(desc, 0, CFSTR("%@"), value);
- }
- });
-}
-#endif
-
-static void appendObjects(CFMutableStringRef desc, CFArrayRef objects) {
- __block bool needComma = false;
- CFArrayForEach(objects, ^(const void *value) {
- if (needComma)
- CFStringAppend(desc, CFSTR(","));
- else
- needComma = true;
-
- SecItemServerAppendItemDescription(desc, value);
- });
-}
-
-CFStringRef SOSMessageCopyDescription(CFDataRef message) {
- if (!message)
- return CFSTR("<NULL>");
-
- CFMutableStringRef desc = CFStringCreateMutable(0, 0);
- const uint8_t *der = CFDataGetBytePtr(message);
- const uint8_t *der_end = der + CFDataGetLength(message);
- enum SOSMessageType msgType;
-
- CFStringAppend(desc, CFSTR("<Msg"));
- der = der_decode_msg_type(&msgType, der, der_end, 0);
- if (der) switch (msgType) {
- case SOSManifestDigestMessageType:
- {
- CFStringAppend(desc, CFSTR("ManifestDigest digest: "));
- CFDataRef digest = NULL;
- der = der_decode_manifest_digest_message(&digest, 0, der, der_end);
- if (der) {
- CFStringAppendHexData(desc, digest);
- }
- CFReleaseNull(digest);
-
- break;
- }
- case SOSManifestMessageType:
- {
- CFStringAppend(desc, CFSTR("Manifest"));
-
- SOSManifestRef manifest;
- der = der_decode_manifest_message(&manifest, 0, der, der_end);
- if (der) {
- CFStringRef mfdesc = SOSManifestCopyDescription(manifest);
- if (mfdesc) {
- CFStringAppendFormat(desc, 0, CFSTR(" manifest: %@"), mfdesc);
- CFRelease(mfdesc);
- }
- SOSManifestDispose(manifest);
- }
- break;
- }
- case SOSManifestDeltaAndObjectsMessageType:
- {
- CFStringAppend(desc, CFSTR("ManifestDeltaAndObjects digest:"));
-
- CFDataRef peerManifestDigest;
- SOSManifestRef removals;
- SOSManifestRef additions;
- CFArrayRef objects;
- der = der_decode_manifest_and_objects_message(&peerManifestDigest, &removals, &additions, &objects, 0, der, der_end);
- if (der) {
- CFStringAppendHexData(desc, peerManifestDigest);
- CFStringRef remdesc = SOSManifestCopyDescription(removals);
- if (remdesc) {
- CFStringAppendFormat(desc, 0, CFSTR(" removals: %@"), remdesc);
- CFRelease(remdesc);
- }
- CFStringRef adddesc = SOSManifestCopyDescription(additions);
- if (adddesc) {
- CFStringAppendFormat(desc, 0, CFSTR(" additions: %@"), adddesc);
- CFRelease(adddesc);
- }
- CFStringAppendFormat(desc, 0, CFSTR(" objects: "));
- appendObjects(desc, objects);
-
- CFRelease(peerManifestDigest);
- SOSManifestDispose(removals);
- SOSManifestDispose(additions);
- CFRelease(objects);
- }
- break;
- }
- default:
- CFStringAppendFormat(desc, 0, CFSTR("InvalidType: %d"), msgType);
- break;
- }
-
- CFStringAppend(desc, CFSTR(">"));
-
- return desc;
-}
projects / apple / security.git / blobdiff