SecOTRFullIdentity.c   [plain text]

/*
 *  SecOTRFullIdentity.c
 *  libsecurity_libSecOTR
 *
 *  Created by Mitch Adler on 2/9/11.
 *  Copyright 2011 Apple Inc. All rights reserved.
 *
 */

#include "SecOTR.h"
#include "SecOTRIdentityPriv.h"
#include <utilities/array_size.h>
#include <utilities/SecCFWrappers.h>

#include <AssertMacros.h>

#include <CoreFoundation/CFNumber.h>
#include <CoreFoundation/CFString.h>
#include <CoreFoundation/CFData.h>

#include <Security/SecItem.h>
#include <Security/SecKeyPriv.h>

#include <Security/oidsalg.h>
#include <Security/SecCertificatePriv.h>

#include "SecOTRErrors.h"

#include <TargetConditionals.h>

//
// Algorthim ID initialization
//

#define kMessageIdentityRSAKeyBits 1280
#define kMessageIdentityECKeyBits 256

void EnsureOTRAlgIDInited(void)
{
    static dispatch_once_t kSignatureAlgID_ONCE;
    static SecAsn1AlgId kOTRECSignatureAlgID;

    dispatch_once(&kSignatureAlgID_ONCE, ^{
        kOTRECSignatureAlgID.algorithm = CSSMOID_ECDSA_WithSHA1;
        kOTRSignatureAlgIDPtr = &kOTRECSignatureAlgID;
    });
}


static CFStringRef sSigningKeyName = CFSTR("OTR Signing Key");

//
// SecOTRFullIdentity implementation
//

CFGiblisFor(SecOTRFullIdentity);

static CF_RETURNS_RETAINED CFStringRef SecOTRFullIdentityCopyDescription(CFTypeRef cf) {
    SecOTRFullIdentityRef requestor = (SecOTRFullIdentityRef)cf;
    return CFStringCreateWithFormat(kCFAllocatorDefault,NULL,CFSTR("<SecOTRPublicIdentity: %p %02x%02x%02x%02x%02x%02x%02x%02x>"),
                                    requestor,
                                    requestor->publicIDHash[0], requestor->publicIDHash[1],
                                    requestor->publicIDHash[2], requestor->publicIDHash[3],
                                    requestor->publicIDHash[4], requestor->publicIDHash[5],
                                    requestor->publicIDHash[6], requestor->publicIDHash[7]);
}

static void SecOTRFullIdentityDestroy(CFTypeRef cf) {
    SecOTRFullIdentityRef requestor = (SecOTRFullIdentityRef)cf;

    CFReleaseNull(requestor->privateSigningKey);
    CFReleaseNull(requestor->publicSigningKey);
}


//
// Shared statics
//

static OSStatus SecOTRFIPurgeFromKeychainByValue(SecKeyRef key, CFStringRef label)
{
    OSStatus status;
    const void *keys[] =   { kSecClass,
        kSecAttrLabel,
        kSecValueRef,
    };
    const void *values[] = { kSecClassKey,
        label,
        key,
    };
    CFDictionaryRef dict = CFDictionaryCreate(NULL, keys, values, array_size(values), NULL, NULL);
    status = SecItemDelete(dict);
    CFReleaseSafe(dict);

    return status;
}

static bool SecKeyDigestAndSignWithError(
                                  SecKeyRef           key,            /* Private key */
                                  const SecAsn1AlgId  *algId,         /* algorithm oid/params */
                                  const uint8_t       *dataToDigest,	/* signature over this data */
                                  size_t              dataToDigestLen,/* length of dataToDigest */
                                  uint8_t             *sig,			/* signature, RETURNED */
                                  size_t              *sigLen,		/* IN/OUT */
                                  CFErrorRef          *error) {

    OSStatus status = SecKeyDigestAndSign(key, algId, dataToDigest, dataToDigestLen, sig, sigLen);
    require_noerr(status, fail);
    return true;
fail:
    SecOTRCreateError(secOTRErrorOSError, status, CFSTR("Error signing message. OSStatus in error code."), NULL, error);
    return false;
}

//
// SecOTRFullIdentity Functions
//

static bool SecOTRFICachePublicHash(SecOTRFullIdentityRef fullID, CFErrorRef *error)
{
    SecOTRPublicIdentityRef pubID = SecOTRPublicIdentityCopyFromPrivate(NULL, fullID, error);

    require(pubID, fail);

    SecOTRPICopyHash(pubID, fullID->publicIDHash);

fail:
    CFReleaseSafe(pubID);
    return (pubID != NULL); // This is safe because we're not accessing the value after release, just checking if it ever had a value of some nature.
}

#if !TARGET_OS_IPHONE && !TARGET_IPHONE_SIMULATOR
#define SEC_CONST_DECL(k,v) CFTypeRef k = (CFTypeRef)(CFSTR(v));
SEC_CONST_DECL (kSecAttrAccessible, "pdmn");
SEC_CONST_DECL (kSecAttrAccessibleAlwaysThisDeviceOnly, "dku");
#endif

SecOTRFullIdentityRef SecOTRFullIdentityCreate(CFAllocatorRef allocator, CFErrorRef *error)
{
    CFDictionaryRef keygen_parameters = NULL;
    SecOTRFullIdentityRef newID = CFTypeAllocate(SecOTRFullIdentity, struct _SecOTRFullIdentity, allocator);
    SecKeyRef tempSigningKey = NULL;

    newID->publicSigningKey = NULL;
    newID->privateSigningKey = NULL;

    require(newID, out);

    EnsureOTRAlgIDInited();

    const int signing_keySizeLocal = kMessageIdentityECKeyBits;
    CFNumberRef signing_bitsize = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &signing_keySizeLocal);

    const void *signing_keygen_keys[] = { kSecAttrKeyType,
                                          kSecAttrKeySizeInBits,
                                          kSecAttrIsPermanent,
                                          kSecAttrAccessible,
                                          kSecAttrLabel,
                                        };

    const void *signing_keygen_vals[] = { kSecAttrKeyTypeEC,
                                          signing_bitsize,
                                          kCFBooleanTrue,
                                          kSecAttrAccessibleAlwaysThisDeviceOnly,
                                          sSigningKeyName
                                        };
    keygen_parameters = CFDictionaryCreate(kCFAllocatorDefault,
                                           signing_keygen_keys, signing_keygen_vals, array_size(signing_keygen_vals),
                                           &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks );
    CFReleaseNull(signing_bitsize);
    require_noerr(SecKeyGeneratePair(keygen_parameters, &tempSigningKey, &newID->privateSigningKey), out);
    CFReleaseNull(keygen_parameters);

    newID->publicSigningKey = SecKeyCreatePublicFromPrivate(tempSigningKey);

    (void) SecOTRFIPurgeFromKeychainByValue(tempSigningKey, sSigningKeyName);
    CFReleaseNull(tempSigningKey);

    require(SecOTRFICachePublicHash(newID, error), out);

    return newID;

out:
    if (NULL != newID) {
        SecOTRFIPurgeFromKeychain(newID, NULL);
    }
    CFReleaseSafe(keygen_parameters);
    CFReleaseSafe(newID);
    CFReleaseSafe(tempSigningKey);
    return NULL;
}


static
OSStatus SecOTRFICreatePrivateKeyReadPersistentRef(const uint8_t **bytes, size_t *size, SecKeyRef* privateKey)
{
    OSStatus status = errSecParam;
    uint16_t dataSize;
    CFDataRef persistentRef = NULL;

    require_noerr_quiet(readSize(bytes, size, &dataSize), fail);
    require_quiet(dataSize <= *size, fail);

    SecKeyRef lookedUpKey = NULL;
    persistentRef = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, *bytes, dataSize, kCFAllocatorNull);
    require_quiet(persistentRef, fail);

    require_noerr_quiet(SecKeyFindWithPersistentRef(persistentRef, &lookedUpKey), fail);

    *privateKey = lookedUpKey;

    *bytes += dataSize;
    *size -= dataSize;

    status = errSecSuccess;

fail:
    CFReleaseSafe(persistentRef);

    return status;
}

static
OSStatus SecOTRFICreateKeysFromReadPersistentRef(const uint8_t **bytes, size_t *size, SecKeyRef *publicKey, SecKeyRef* privateKey)
{
    SecKeyRef foundKey = NULL;

    OSStatus status = SecOTRFICreatePrivateKeyReadPersistentRef(bytes, size, &foundKey);
    require_noerr_quiet(status, fail);
    require_quiet(foundKey, fail);

    *publicKey = SecKeyCreatePublicFromPrivate(*privateKey);
    require_action_quiet(*publicKey, fail, status = errSecParam);

    *privateKey = foundKey;
    foundKey = NULL;

    status = errSecSuccess;

fail:
    CFReleaseSafe(foundKey);
    return status;
}

typedef SecKeyRef (*SecOTRPublicKeyCreateFunction)(CFAllocatorRef allocator, const uint8_t** data, size_t* limit);

static
OSStatus SecOTRFICreateKeysFromReadPersistentRefAndPublicKey(const uint8_t **bytes, size_t *size, SecKeyRef *publicKey, SecKeyRef* privateKey, SecOTRPublicKeyCreateFunction createPublic)
{
    SecKeyRef foundKey = NULL;

    OSStatus status = SecOTRFICreatePrivateKeyReadPersistentRef(bytes, size, &foundKey);
    require_noerr_quiet(status, fail);
    require_quiet(foundKey, fail);

    *publicKey = (*createPublic)(NULL, bytes, size);
    require_action_quiet(*publicKey, fail, status = errSecParam);

    *privateKey = foundKey;

fail:
    return status;
}

static
OSStatus SecOTRFIInitFromV1Bytes(SecOTRFullIdentityRef newID, CFAllocatorRef allocator,
                                const uint8_t **bytes,size_t *size) {
    require(**bytes == 1, fail);
    ++*bytes;
    --*size;

    require_noerr_quiet(SecOTRFICreateKeysFromReadPersistentRef(bytes, size, &newID->publicSigningKey, &newID->privateSigningKey), fail);

    return errSecSuccess;

fail:
    CFReleaseNull(newID->publicSigningKey);
    CFReleaseNull(newID->privateSigningKey);

    return errSecParam;
}

static
OSStatus SecOTRFIInitFromV2Bytes(SecOTRFullIdentityRef newID, CFAllocatorRef allocator,
                                const uint8_t **bytes,size_t *size) {
    require(**bytes == 2, fail);
    ++*bytes;
    --*size;

    require_noerr_quiet(SecOTRFICreateKeysFromReadPersistentRefAndPublicKey(bytes, size, &newID->publicSigningKey, &newID->privateSigningKey, &CreateECPublicKeyFrom), fail);

    return errSecSuccess;

fail:
    CFReleaseNull(newID->publicSigningKey);
    CFReleaseNull(newID->privateSigningKey);

    return errSecParam;
}

SecOTRFullIdentityRef SecOTRFullIdentityCreateFromSecKeyRef(CFAllocatorRef allocator, SecKeyRef privateKey,
                                                            CFErrorRef *error) {
    // TODO - make sure this is an appropriate key type
    SecOTRFullIdentityRef newID = CFTypeAllocate(SecOTRFullIdentity, struct _SecOTRFullIdentity, allocator);
    newID->privateSigningKey = privateKey;
    CFRetain(newID->privateSigningKey);
    newID->publicSigningKey = SecKeyCreatePublicFromPrivate(privateKey);
    require(SecOTRFICachePublicHash(newID, error), fail);
    return newID;
fail:
    CFRelease(newID->privateSigningKey);
    CFRelease(newID->publicSigningKey);
    CFReleaseSafe(newID);
    return NULL;
}

SecOTRFullIdentityRef SecOTRFullIdentityCreateFromBytes(CFAllocatorRef allocator, const uint8_t**bytes, size_t *size, CFErrorRef *error)
{
    SecOTRFullIdentityRef newID = CFTypeAllocate(SecOTRFullIdentity, struct _SecOTRFullIdentity, allocator);
    EnsureOTRAlgIDInited();

    require(*size > 0, fail);

    switch (**bytes) {
        case 1:
            require_noerr_quiet(SecOTRFIInitFromV1Bytes(newID, allocator, bytes, size), fail);
            break;
        case 2:
            require_noerr_quiet(SecOTRFIInitFromV2Bytes(newID, allocator, bytes, size), fail);
            break;
        case 0: // Version 0 was used in seeds of 5.0, transition from those seeds unsupported - keys were in exported data.
        default:
            require(false, fail);
            break;
    }

    require(SecOTRFICachePublicHash(newID, error), fail);

    return newID;

fail:
    if (NULL != newID) {
        SecOTRFIPurgeFromKeychain(newID, NULL);
    }
    CFReleaseSafe(newID);
    return NULL;
}

SecOTRFullIdentityRef SecOTRFullIdentityCreateFromData(CFAllocatorRef allocator, CFDataRef data, CFErrorRef *error)
{
    if (data == NULL)
        return NULL;

    size_t size = (size_t)CFDataGetLength(data);
    const uint8_t* bytes = CFDataGetBytePtr(data);

    return SecOTRFullIdentityCreateFromBytes(allocator, &bytes, &size, error);
}

bool SecOTRFIPurgeFromKeychain(SecOTRFullIdentityRef thisID, CFErrorRef *error)
{
    OSStatus result = SecOTRFIPurgeFromKeychainByValue(thisID->privateSigningKey, sSigningKeyName);
    if (errSecSuccess == result) {
        return true;
    } else {
        SecOTRCreateError(secOTRErrorOSError, result, CFSTR("OSStatus returned in error code"), NULL, error);
        return false;
    }
}


static OSStatus SecOTRFIPurgeAllFromKeychainByLabel(CFStringRef label)
{
    OSStatus status;
    const void *keys[] =   { kSecClass,
        kSecAttrKeyClass,
        kSecAttrLabel,
    };
    const void *values[] = { kSecClassKey,
        kSecAttrKeyClassPrivate,
        label,
    };
    CFDictionaryRef dict = CFDictionaryCreate(NULL, keys, values, array_size(values), NULL, NULL);
    bool deleteAtLeastOne = false;
    int loopLimiter = 500;
    do {
        status = SecItemDelete(dict);
        if (status == errSecSuccess) {
            deleteAtLeastOne = true;
        }
        loopLimiter--;
    } while ((status == errSecSuccess) && (loopLimiter > 0));
    if ((status == errSecItemNotFound) && (deleteAtLeastOne)) {
        // We've looped until we can't delete any more keys.
        // Since this will produce an expected 'itemNotFound', but we don't want to break the contract above
        // (and also we want to make sense)
        // we muffle the non-error to a success case, which it is.
        status = errSecSuccess;
    }
    CFReleaseSafe(dict);

    return status;
}

bool SecOTRFIPurgeAllFromKeychain(CFErrorRef *error)
{
    OSStatus result = SecOTRFIPurgeAllFromKeychainByLabel(sSigningKeyName);
    if (errSecSuccess == result) {
        return true;
    } else {
        SecOTRCreateError(secOTRErrorOSError, result, CFSTR("OSStatus returned in error code"), NULL, error);
        return false;
    }
}

static OSStatus appendPersistentRefData(SecKeyRef theKey, CFMutableDataRef serializeInto, CFStringRef name)
{
    OSStatus status;
    CFDataRef persistent_ref = NULL;
    require_noerr(status = SecKeyCopyPersistentRef(theKey, &persistent_ref), fail);

    status = appendSizeAndData(persistent_ref, serializeInto);

fail:
    CFReleaseSafe(persistent_ref);

    return status;
}

static OSStatus SecOTRFIAppendV2Serialization(SecOTRFullIdentityRef fullID, CFMutableDataRef serializeInto)
{
    const uint8_t version = 2;
    CFIndex start = CFDataGetLength(serializeInto);

    CFDataAppendBytes(serializeInto, &version, sizeof(version));

    require(errSecSuccess == appendPersistentRefData(fullID->privateSigningKey, serializeInto, sSigningKeyName), fail);
    require(errSecSuccess == appendPublicOctetsAndSize(fullID->publicSigningKey, serializeInto), fail);
    return errSecSuccess;

fail:
    CFDataSetLength(serializeInto, start);

    return errSecParam;
}


bool SecOTRFIAppendSerialization(SecOTRFullIdentityRef fullID, CFMutableDataRef serializeInto, CFErrorRef *error)
{
    OSStatus status = SecOTRFIAppendV2Serialization(fullID, serializeInto);
    if (errSecSuccess == status) {
        return true;
    } else {
        SecOTRCreateError(secOTRErrorOSError, status, CFSTR("OSStatus returned in error code"), NULL, error);
        return false;
    }
}

size_t SecOTRFISignatureSize(SecOTRFullIdentityRef fullID)
{
    return SecKeyGetSize(fullID->publicSigningKey, kSecKeySignatureSize);
}

bool SecOTRFIAppendSignature(SecOTRFullIdentityRef fullID,
                                CFDataRef dataToHash,
                                CFMutableDataRef appendTo,
                                CFErrorRef *error)
{
    const size_t signatureSize = SecOTRFISignatureSize(fullID);
    const CFIndex sourceLength = CFDataGetLength(dataToHash);
    const uint8_t* sourceData = CFDataGetBytePtr(dataToHash);

    CFIndex start = CFDataGetLength(appendTo);

    require(((CFIndex)signatureSize) >= 0, fail);

    CFDataIncreaseLength(appendTo, (CFIndex)signatureSize + 1);

    uint8_t *size = CFDataGetMutableBytePtr(appendTo) + start;
    uint8_t* signatureStart = size + 1;
    size_t signatureUsed = signatureSize;

   require(SecKeyDigestAndSignWithError(fullID->privateSigningKey, kOTRSignatureAlgIDPtr,
                                    sourceData, (size_t)sourceLength,
                                    signatureStart, &signatureUsed, error), fail);

    require(signatureUsed < 256, fail);
    require(((CFIndex)signatureUsed) >= 0, fail);
    *size = signatureUsed;

    CFDataSetLength(appendTo, start + (CFIndex)signatureUsed + 1);

    return true;

fail:
    CFDataSetLength(appendTo, start);

    return false;
}

void SecOTRFIAppendPublicHash(SecOTRFullIdentityRef fullID, CFMutableDataRef appendTo)
{
    CFDataAppendBytes(appendTo, fullID->publicIDHash, sizeof(fullID->publicIDHash));
}

bool SecOTRFIComparePublicHash(SecOTRFullIdentityRef fullID, const uint8_t hash[kMPIDHashSize])
{
    return 0 == memcmp(hash, fullID->publicIDHash, kMPIDHashSize);
}