SecDbKeychainItem.c   [plain text]

/*
 * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 *  SecDbKeychainItem.c - CoreFoundation-based constants and functions for
    access to Security items (certificates, keys, identities, and
    passwords.)
 */

#include <securityd/SecDbKeychainItem.h>

#include <securityd/SecItemSchema.h>
#include <CommonCrypto/CommonCryptor.h>
#include <CommonCrypto/CommonCryptorSPI.h>
#include <Security/SecBasePriv.h>
#include <Security/SecItem.h>
#include <Security/SecItemInternal.h>
#include <Security/SecRandom.h>
#include <Security/SecAccessControl.h>
#include <Security/SecAccessControlPriv.h>
#include <utilities/der_plist.h>

#if USE_KEYSTORE
#include <LocalAuthentication/LAPublicDefines.h>
#include <LocalAuthentication/LAPrivateDefines.h>
#include <coreauthd_spi.h>
#include <libaks_acl_cf_keys.h>
#include <securityd/spi.h>
#endif /* USE_KEYSTORE */

pthread_key_t CURRENT_CONNECTION_KEY;

// From SecItemServer, should be a acl-check block
bool itemInAccessGroup(CFDictionaryRef item, CFArrayRef accessGroups);

static keyclass_t kc_parse_keyclass(CFTypeRef value, CFErrorRef *error);
static CFTypeRef kc_encode_keyclass(keyclass_t keyclass);
static CFDataRef kc_copy_protection_data(SecAccessControlRef access_control);
static CFTypeRef kc_copy_protection_from_data(CFDataRef data);
static CFMutableDictionaryRef s3dl_item_v2_decode(CFDataRef plain, CFErrorRef *error);
static CFMutableDictionaryRef s3dl_item_v3_decode(CFDataRef plain, CFErrorRef *error);
#if USE_KEYSTORE
static CFDataRef kc_copy_constraints_data(SecAccessControlRef access_control, CFDictionaryRef auth_attributes);
static void kc_dict_from_auth_data(const SecDbClass *class, const uint8_t *der, const uint8_t *der_end, CFMutableDictionaryRef *authenticated_attributes, CFMutableDictionaryRef *acl);
static CFDataRef kc_copy_access_groups_data(CFArrayRef access_groups, CFErrorRef *error);
#endif
    
/* Given plainText create and return a CFDataRef containing:
 BULK_KEY = RandomKey()
 version || keyclass|ACL || KeyStore_WRAP(keyclass, BULK_KEY) ||
 AES(BULK_KEY, NULL_IV, plainText || padding)
 */
bool ks_encrypt_data(keybag_handle_t keybag, SecAccessControlRef access_control, CFTypeRef *cred_handle,
                     CFDictionaryRef attributes, CFDictionaryRef authenticated_attributes, CFDataRef *pBlob, CFErrorRef *error) {
    CFMutableDataRef blob = NULL;
    CFDataRef ac_data = NULL;
    bool ok = true;
    //check(keybag >= 0);

    /* Precalculate output blob length. */
    const uint32_t bulkKeySize = 32; /* Use 256 bit AES key for bulkKey. */
    const uint32_t maxKeyWrapOverHead = 8 + 32;
    uint8_t bulkKey[bulkKeySize];
    CFMutableDataRef bulkKeyWrapped = CFDataCreateMutable(NULL, 0);
    CFDataSetLength(bulkKeyWrapped, bulkKeySize + maxKeyWrapOverHead);
    uint32_t key_wrapped_size;
    
#if USE_KEYSTORE
    CFDataRef access_control_data = NULL;
    CFDataRef constraint_data = NULL;
    CFDataRef acm_context = NULL;
#endif
    
    /* If access_control specifies only protection and no ACL, use legacy blob format version 3,
     which has better support for sync/backup.  Otherwise, force new format v4. */
    const uint32_t version = SecAccessControlGetConstraints(access_control) ? 4 : 3;
    CFDataRef plainText = NULL;
    if (version < 4) {
        CFMutableDictionaryRef attributes_dict = CFDictionaryCreateMutableCopy(NULL, 0, attributes);
        if (authenticated_attributes) {
            CFDictionaryForEach(authenticated_attributes, ^(const void *key, const void *value) {
                CFDictionaryAddValue(attributes_dict, key, value);
            });
        }
        
        if (attributes_dict) {
            // Drop the accc attribute for non v4 items during encode.
            CFDictionaryRemoveValue(attributes_dict, kSecAttrAccessControl);
            plainText = kc_plist_copy_der(attributes_dict, error);
            CFRelease(attributes_dict);
        }
    } else {
#if USE_KEYSTORE
        if (attributes) {
            plainText = kc_plist_copy_der(attributes, error);
        }
#else
        CFMutableDictionaryRef attributes_dict = CFDictionaryCreateMutableCopy(NULL, 0, attributes);
        if (authenticated_attributes) {
            CFDictionaryForEach(authenticated_attributes, ^(const void *key, const void *value) {
                CFDictionaryAddValue(attributes_dict, key, value);
            });
        }
        
        if (attributes_dict) {
            plainText = kc_plist_copy_der(attributes_dict, error);
            CFRelease(attributes_dict);
        }
#endif
    }
    
    if (!plainText || CFGetTypeID(plainText) != CFDataGetTypeID()
        || access_control == 0) {
        ok = SecError(errSecParam, error, CFSTR("ks_encrypt_data: invalid plain text"));
        goto out;
    }

    size_t ptLen = CFDataGetLength(plainText);
    size_t ctLen = ptLen;
    size_t tagLen = 16;
    keyclass_t actual_class;
    
    if (SecRandomCopyBytes(kSecRandomDefault, bulkKeySize, bulkKey)) {
        ok = SecError(errSecAllocate, error, CFSTR("ks_encrypt_data: SecRandomCopyBytes failed"));
        goto out;
    }

    /* Extract keyclass from access control. */
    keyclass_t keyclass = kc_parse_keyclass(SecAccessControlGetProtection(access_control), error);
    if (!keyclass)
        goto out;

#if USE_KEYSTORE
    if (version >= 4) {
        if (*cred_handle == NULL || isData(*cred_handle)) {
            CFTypeRef auth_ref = VRCreateNewReferenceWithACMContext(*cred_handle, error);
            if (!auth_ref) {
                ok = false;
                goto out;
            }
            CFReleaseSafe(*cred_handle);
            *cred_handle = auth_ref;
        }
        
        access_control_data = SecAccessControlCopyData(access_control);
        CFErrorRef authError = NULL;
        ok = VRValidateACL(*cred_handle, access_control_data, &authError);
        if (!ok) {
            ok = SecCFCreateError(errSecParam, kSecErrorDomain, CFSTR("Invalid ACL"), authError, error);
            CFReleaseSafe(authError);
            goto out;
        }

        constraint_data = kc_copy_constraints_data(access_control, authenticated_attributes);
        require_quiet(ok = ks_crypt_acl(kSecKsWrap, keybag,
                                        keyclass, bulkKeySize, bulkKey, bulkKeyWrapped, constraint_data, NULL, NULL, error), out);
    }
    else {
#endif
    /* Encrypt bulkKey. */
    require_quiet(ok = ks_crypt(kSecKsWrap, keybag,
                                keyclass, bulkKeySize, bulkKey,
                                &actual_class, bulkKeyWrapped,
                                error), out);
#if USE_KEYSTORE
    }
#endif
    
    key_wrapped_size = (uint32_t)CFDataGetLength(bulkKeyWrapped);
    UInt8 *cursor;
    size_t blobLen = sizeof(version);
    uint32_t prot_length;

    if (version == 3) {
        blobLen += sizeof(actual_class);
    } else {
        require_quiet(ac_data = kc_copy_protection_data(access_control), out);
        prot_length = (uint32_t)CFDataGetLength(ac_data);
        blobLen += sizeof(prot_length) + prot_length;
    }

    blobLen += sizeof(key_wrapped_size) + key_wrapped_size + ctLen + tagLen;
    require_quiet(blob = CFDataCreateMutable(NULL, blobLen), out);
    CFDataSetLength(blob, blobLen);
    cursor = CFDataGetMutableBytePtr(blob);

    *((uint32_t *)cursor) = version;
    cursor += sizeof(version);

    //secerror("class: %d actual class: %d", keyclass, actual_class);
    if (version == 3) {
        *((keyclass_t *)cursor) = actual_class;
        cursor += sizeof(keyclass);
    } else {
        *((uint32_t *)cursor) = prot_length;
        cursor += sizeof(prot_length);

        CFDataGetBytes(ac_data, CFRangeMake(0, prot_length), cursor);
        cursor += prot_length;
    }

    *((uint32_t *)cursor) = key_wrapped_size;
    cursor += sizeof(key_wrapped_size);

    memcpy(cursor, CFDataGetBytePtr(bulkKeyWrapped), key_wrapped_size);
    cursor += key_wrapped_size;

    /* Encrypt the plainText with the bulkKey. */
    CCCryptorStatus ccerr = CCCryptorGCM(kCCEncrypt, kCCAlgorithmAES128,
                                         bulkKey, bulkKeySize,
                                         NULL, 0,  /* iv */
                                         NULL, 0,  /* auth data */
                                         CFDataGetBytePtr(plainText), ptLen,
                                         cursor,
                                         cursor + ctLen, &tagLen);
    if (ccerr) {
        ok = SecError(errSecInternal, error, CFSTR("ks_encrypt_data: CCCryptorGCM failed: %d"), ccerr);
        goto out;
    }
    if (tagLen != 16) {
        ok = SecError(errSecInternal, error, CFSTR("ks_encrypt_data: CCCryptorGCM expected: 16 got: %ld byte tag"), tagLen);
        goto out;
    }

out:
    memset(bulkKey, 0, sizeof(bulkKey));
    CFReleaseSafe(ac_data);
    CFReleaseSafe(bulkKeyWrapped);
    CFReleaseSafe(plainText);
	if (!ok) {
		CFReleaseSafe(blob);
	} else {
		*pBlob = blob;
	}
    
#if USE_KEYSTORE
    CFReleaseSafe(access_control_data);
    CFReleaseSafe(constraint_data);
    CFReleaseSafe(acm_context);
#endif
    return ok;
}

/* Given cipherText containing:
 version || keyclass || KeyStore_WRAP(keyclass, BULK_KEY) ||
 AES(BULK_KEY, NULL_IV, plainText || padding)
 return the plainText. */
bool ks_decrypt_data(keybag_handle_t keybag, enum SecKsCryptoOp cryptoOp, SecAccessControlRef *paccess_control, CFTypeRef *cred_handle,
                     CFDataRef blob, const SecDbClass *db_class, CFArrayRef caller_access_groups,
                     CFMutableDictionaryRef *attributes_p, uint32_t *version_p, CFErrorRef *error) {
    const uint32_t v0KeyWrapOverHead = 8;
    CFMutableDataRef bulkKey = CFDataCreateMutable(0, 32); /* Use 256 bit AES key for bulkKey. */
    CFDataSetLength(bulkKey, 32); /* Use 256 bit AES key for bulkKey. */
    bool ok = true;
    SecAccessControlRef access_control = NULL;
    
    CFMutableDataRef plainText = NULL;
    CFMutableDictionaryRef attributes = NULL;
    uint32_t version = 0;
    CFDataRef access_control_data = NULL;
    
#if USE_KEYSTORE
    CFDataRef acm_context = NULL;
    CFMutableDictionaryRef authenticated_attributes = NULL;
    CFDataRef caller_access_groups_data = NULL;
    
#if TARGET_OS_IPHONE
    check(keybag >= 0);
#else
    check((keybag >= 0) || (keybag == session_keybag_handle));
#endif
#endif

    if (!blob) {
        ok = SecError(errSecParam, error, CFSTR("ks_decrypt_data: invalid blob"));
        goto out;
    }

    size_t blobLen = CFDataGetLength(blob);
    const uint8_t *cursor = CFDataGetBytePtr(blob);
    keyclass_t keyclass;
    uint32_t wrapped_key_size;

    /* Check for underflow, ensuring we have at least one full AES block left. */
    if (blobLen < sizeof(version) + sizeof(keyclass) +
        CFDataGetLength(bulkKey) + v0KeyWrapOverHead + 16) {
        ok = SecError(errSecDecode, error, CFSTR("ks_decrypt_data: Check for underflow"));
        goto out;
    }

    version = *((uint32_t *)cursor);
    cursor += sizeof(version);

    size_t minimum_blob_len = sizeof(version) + 16;
    size_t ctLen = blobLen - sizeof(version);

    if (version == 4) {
        /* Deserialize SecAccessControl object from the blob. */
        uint32_t prot_length = *((uint32_t *)cursor);
        cursor += sizeof(prot_length);

        CFDataRef protection_data = CFDataCreate(kCFAllocatorDefault, cursor, prot_length);
        CFTypeRef protection = kc_copy_protection_from_data(protection_data);
        CFRelease(protection_data);
        if (!protection) {
            ok = SecError(errSecDecode, error, CFSTR("ks_decrypt_data: invalid ACL"));
            goto out;
        }
        else {
            access_control = SecAccessControlCreate(NULL, NULL);
            require_quiet(access_control, out);
            ok = SecAccessControlSetProtection(access_control, protection, NULL);
            CFRelease(protection);
            if (!ok) {
                SecError(errSecDecode, error, CFSTR("ks_decrypt_data: invalid ACL"));
                goto out;
            }
        }
        
        cursor += prot_length;

        minimum_blob_len += sizeof(prot_length) + prot_length;
        ctLen -= sizeof(prot_length) + prot_length;

        /* Get numeric value of keyclass from the access_control. */
        keyclass = kc_parse_keyclass(SecAccessControlGetProtection(access_control), error);
        if (!keyclass) {
            ok = SecError(errSecDecode, error, CFSTR("ks_decrypt_data: invalid ACL"));
            goto out;
        }
    } else {
        keyclass = *((keyclass_t *)cursor);
	//secerror("class: %d keyclass: %d", keyclass, keyclass & key_class_last);
#if USE_KEYSTORE
        CFTypeRef protection = kc_encode_keyclass(keyclass & key_class_last); // mask out generation
#else
        CFTypeRef protection = kc_encode_keyclass(keyclass);
#endif
        if (protection) {
            access_control = SecAccessControlCreateWithFlags(kCFAllocatorDefault, protection, 0, error);
        }
        if (!access_control) {
            ok = SecError(errSecDecode, error, CFSTR("ks_decrypt_data: invalid keyclass detected"));
            goto out;
        }
        cursor += sizeof(keyclass);

        minimum_blob_len += sizeof(keyclass);
        ctLen -= sizeof(keyclass);
    }

    size_t tagLen = 0;
    switch (version) {
        case 0:
            wrapped_key_size = (uint32_t)CFDataGetLength(bulkKey) + v0KeyWrapOverHead;
            break;
        case 2:
        case 3:
            /* DROPTHROUGH */
            /* v2 and v3 have the same crypto, just different dictionary encodings. */
            /* Difference between v3 and v4 is already handled above, so treat v3 as v4. */
        case 4:
            tagLen = 16;
            minimum_blob_len -= 16; // Remove PKCS7 padding block requirement
            ctLen -= tagLen;        // Remove tagLen from ctLen
            /* DROPTHROUGH */
        case 1:
            wrapped_key_size = *((uint32_t *)cursor);
            cursor += sizeof(wrapped_key_size);
            minimum_blob_len += sizeof(wrapped_key_size);
            ctLen -= sizeof(wrapped_key_size);
            break;
        default:
            ok = SecError(errSecDecode, error, CFSTR("ks_decrypt_data: invalid version %d"), version);
            goto out;
    }

    /* Validate key wrap length against total length */
    require(blobLen - minimum_blob_len - tagLen >= wrapped_key_size, out);
    ctLen -= wrapped_key_size;
    if (version < 2 && (ctLen & 0xF) != 0) {
        ok = SecError(errSecDecode, error, CFSTR("ks_decrypt_data: invalid version"));
        goto out;
    }

#if USE_KEYSTORE
    if (version >= 4) {
        /* Verify before we try to unwrap the key. */
        if (*cred_handle == NULL || isData(*cred_handle)) {
            CFTypeRef auth_ref = VRCreateNewReferenceWithACMContext(*cred_handle, error);
            if (!auth_ref) {
                ok = false;
                goto out;
            }
            CFReleaseSafe(*cred_handle);
            *cred_handle = auth_ref;
        }
        
        CFMutableDictionaryRef acl = NULL;
        kc_dict_from_auth_data(db_class, cursor, cursor + wrapped_key_size, &authenticated_attributes, &acl);
        SecAccessControlSetConstraints(access_control, acl);
        CFReleaseSafe(acl);
        access_control_data = SecAccessControlCopyData(access_control);
        
        static CFDictionaryRef hints = NULL;
        static dispatch_once_t onceToken;
        dispatch_once(&onceToken, ^{
            CFNumberRef noninteractiveKey = CFNumberCreateWithCFIndex(kCFAllocatorDefault, kLAOptionNotInteractive);
            hints = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, noninteractiveKey, kCFBooleanTrue, NULL);
            CFRelease(noninteractiveKey);
        });

        CFErrorRef authError = NULL;
        ok = VREvaluateACL(*cred_handle, access_control_data, (cryptoOp == kSecKsDelete)?kAKSKeyOpDelete:kAKSKeyOpDecrypt, hints, &authError);
        if (!ok) {
            if (CFEqual(CFErrorGetDomain(authError), CFSTR(kLAErrorDomain)) &&
                CFErrorGetCode(authError) == kLAErrorNotInteractive) {
                /* UI is needed, but this is not really an error, just leave with no output data. */
                ok = true;
            } else {
                ok = SecCFCreateError(errSecAuthFailed, kSecErrorDomain, CFSTR("CoreAuthentication failed"), authError, error);
            }
            CFReleaseSafe(authError);
            goto out;
        }
        
        acm_context = VRCopyACMContext(*cred_handle, error);
        
        if (caller_access_groups) {
            caller_access_groups_data = kc_copy_access_groups_data(caller_access_groups, error);
            require_quiet(ok = (caller_access_groups_data != NULL), out);
        }
        require_quiet(ok = ks_crypt_acl(cryptoOp, keybag,
                                        keyclass, wrapped_key_size, cursor, bulkKey, NULL, acm_context, caller_access_groups_data, error), out);
        if (cryptoOp == kSecKsDelete) {
            attributes = CFRetainSafe(authenticated_attributes);
            goto out;
        }
    }
    else {
#endif
        /* Now unwrap the bulk key using a key in the keybag. */
        require_quiet(ok = ks_crypt(kSecKsUnwrap, keybag,
            keyclass, wrapped_key_size, cursor, NULL, bulkKey, error), out);
#if USE_KEYSTORE
    }
#endif
    
    cursor += wrapped_key_size;

    plainText = CFDataCreateMutable(NULL, ctLen);
    if (!plainText) {
        ok = SecError(errSecDecode, error, CFSTR("ks_decrypt_data: failed to allocate data for plain text"));
        goto out;
    }
    CFDataSetLength(plainText, ctLen);

    /* Decrypt the cipherText with the bulkKey. */
    CCCryptorStatus ccerr;
    if (tagLen) {
        uint8_t tag[tagLen];
        ccerr = CCCryptorGCM(kCCDecrypt, kCCAlgorithmAES128,
                             CFDataGetBytePtr(bulkKey), CFDataGetLength(bulkKey),
                             NULL, 0,  /* iv */
                             NULL, 0,  /* auth data */
                             cursor, ctLen,
                             CFDataGetMutableBytePtr(plainText),
                             tag, &tagLen);
        if (ccerr) {
            /* TODO: Should this be errSecDecode once AppleKeyStore correctly
             identifies uuid unwrap failures? */
            /* errSecInteractionNotAllowed; */
            ok = SecError(errSecDecode, error, CFSTR("ks_decrypt_data: CCCryptorGCM failed: %d"), ccerr);
            goto out;
        }
        if (tagLen != 16) {
            ok = SecError(errSecInternal, error, CFSTR("ks_decrypt_data: CCCryptorGCM expected: 16 got: %ld byte tag"), tagLen);
            goto out;
        }
        cursor += ctLen;
        if (memcmp(tag, cursor, tagLen)) {
            ok = SecError(errSecDecode, error, CFSTR("ks_decrypt_data: CCCryptorGCM computed tag not same as tag in blob"));
            goto out;
        }
    } else {
        size_t ptLen;
        ccerr = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                        CFDataGetBytePtr(bulkKey), CFDataGetLength(bulkKey), NULL, cursor, ctLen,
                        CFDataGetMutableBytePtr(plainText), ctLen, &ptLen);
        if (ccerr) {
            /* TODO: Should this be errSecDecode once AppleKeyStore correctly
             identifies uuid unwrap failures? */
            /* errSecInteractionNotAllowed; */
            ok = SecError(errSecDecode, error, CFSTR("ks_decrypt_data: CCCrypt failed: %d"), ccerr);
            goto out;
        }
        CFDataSetLength(plainText, ptLen);
    }
    
    if (version < 2) {
        attributes = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
        CFDictionaryAddValue(attributes, CFSTR("v_Data"), plainText);
    } else if (version < 3) {
        attributes = s3dl_item_v2_decode(plainText, error);
    } else {
        attributes = s3dl_item_v3_decode(plainText, error);
        
#if USE_KEYSTORE
        if (version >= 4 && authenticated_attributes != NULL) {
            CFDictionaryForEach(authenticated_attributes, ^(const void *key, const void *value) {
                CFDictionaryAddValue(attributes, key, value);
            });
        }
#endif
    }
    
    if (!attributes) {
        secerror("decode v%d failed: %@ [item: %@]", version, error ? *error : NULL, plainText);
        ok = false;
    }
out:
    memset(CFDataGetMutableBytePtr(bulkKey), 0, CFDataGetLength(bulkKey));
    CFReleaseSafe(bulkKey);
    CFReleaseSafe(plainText);
    
    // Always copy access control data (if present), because if we fail it may indicate why.
    if (paccess_control)
        *paccess_control = access_control;
    else
        CFReleaseSafe(access_control);
    
    if (ok) {
        if (attributes_p)
            *attributes_p = CFRetainSafe(attributes);
        if (version_p)
            *version_p = version;
	}
    CFReleaseSafe(attributes);
    CFReleaseSafe(access_control_data);
#if USE_KEYSTORE
    CFReleaseSafe(acm_context);
    CFReleaseSafe(authenticated_attributes);
    CFReleaseSafe(caller_access_groups_data);
#endif
    return ok;
}

// TODO: Move to utilities - CFPropertyListCopyDERData()
CFDataRef kc_plist_copy_der(CFPropertyListRef plist, CFErrorRef *error) {
    size_t len = der_sizeof_plist(plist, error);
    CFMutableDataRef encoded = CFDataCreateMutable(0, len);
    CFDataSetLength(encoded, len);
    uint8_t *der_end = CFDataGetMutableBytePtr(encoded);
    const uint8_t *der = der_end;
    der_end += len;
    der_end = der_encode_plist(plist, error, der, der_end);
    if (!der_end) {
        CFReleaseNull(encoded);
    } else {
        assert(!der_end || der_end == der);
    }
    return encoded;
}

static CFDataRef kc_copy_digest(const struct ccdigest_info *di, size_t len,
                                const void *data, CFErrorRef *error) {
    CFMutableDataRef digest = CFDataCreateMutable(0, di->output_size);
    CFDataSetLength(digest, di->output_size);
    ccdigest(di, len, data, CFDataGetMutableBytePtr(digest));
    return digest;
}

CFDataRef kc_copy_sha1(size_t len, const void *data, CFErrorRef *error) {
    return kc_copy_digest(ccsha1_di(), len, data, error);
}

CFDataRef kc_copy_plist_sha1(CFPropertyListRef plist, CFErrorRef *error) {
    CFDataRef der = kc_plist_copy_der(plist, error);
    CFDataRef digest = NULL;
    if (der) {
        digest = kc_copy_sha1(CFDataGetLength(der), CFDataGetBytePtr(der), error);
        CFRelease(der);
    }
    return digest;
}

static keyclass_t kc_parse_keyclass(CFTypeRef value, CFErrorRef *error) {
    if (!isString(value)) {
        SecError(errSecParam, error, CFSTR("accessible attribute %@ not a string"), value);
    } else if (CFEqual(value, kSecAttrAccessibleWhenUnlocked)) {
        return key_class_ak;
    } else if (CFEqual(value, kSecAttrAccessibleAfterFirstUnlock)) {
        return key_class_ck;
    } else if (CFEqual(value, kSecAttrAccessibleAlways)) {
        return key_class_dk;
    } else if (CFEqual(value, kSecAttrAccessibleWhenUnlockedThisDeviceOnly)) {
        return key_class_aku;
    } else if (CFEqual(value, kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly)) {
        return key_class_cku;
    } else if (CFEqual(value, kSecAttrAccessibleAlwaysThisDeviceOnly)) {
        return key_class_dku;
    } else if (CFEqual(value, kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly)) {
        return key_class_akpu;
    } else {
        SecError(errSecParam, error, CFSTR("accessible attribute %@ unknown"), value);
    }
    return 0;
}

static CFTypeRef kc_encode_keyclass(keyclass_t keyclass) {
    switch (keyclass) {
        case key_class_ak:
            return kSecAttrAccessibleWhenUnlocked;
        case key_class_ck:
            return kSecAttrAccessibleAfterFirstUnlock;
        case key_class_dk:
            return kSecAttrAccessibleAlways;
        case key_class_aku:
            return kSecAttrAccessibleWhenUnlockedThisDeviceOnly;
        case key_class_cku:
            return kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly;
        case key_class_dku:
            return kSecAttrAccessibleAlwaysThisDeviceOnly;
        case key_class_akpu:
            return kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly;
        default:
            return 0;
    }
}

#if USE_KEYSTORE
static void kc_dict_from_auth_data(const SecDbClass *class, const uint8_t *der, const uint8_t *der_end, CFMutableDictionaryRef *authenticated_attributes, CFMutableDictionaryRef *acl)
{
    CFPropertyListRef aks_data = NULL;
    der = der_decode_plist(NULL, kCFPropertyListImmutable, &aks_data, NULL, der, der_end);
    if(der == der_end) {
        CFDictionaryRef authenticated_data = CFDictionaryGetValue(aks_data, kAKSKeyAuthData);
        if (authenticated_data) {
            *acl = CFDictionaryCreateMutableCopy(NULL, 0, authenticated_data);
            SecDbForEachAttrWithMask(class, attr_desc, kSecDbInAuthenticatedDataFlag) {
                CFDictionaryRemoveValue(*acl, attr_desc->name);
                CFTypeRef value = CFDictionaryGetValue(authenticated_data, attr_desc->name);
                if (value) {
                    if (!*authenticated_attributes)
                        *authenticated_attributes = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
                    
                    CFDictionaryAddValue(*authenticated_attributes, attr_desc->name, value);
                }
            }
        }
    }
    
    CFReleaseSafe(aks_data);
}

static CFDataRef kc_copy_constraints_data(SecAccessControlRef access_control, CFDictionaryRef auth_attributes) {
    CFDictionaryRef constraints = SecAccessControlGetConstraints(access_control);
    CFMutableDictionaryRef auth_data = CFDictionaryCreateMutableCopy(NULL, 0, constraints);
    if (auth_attributes) {
        CFDictionaryForEach(auth_attributes, ^(const void *key, const void *value) {
            CFDictionaryAddValue(auth_data, key, value);
        });
    }
    
    CFDataRef encoded = kc_plist_copy_der(auth_data, NULL);
    CFReleaseSafe(auth_data);
    return encoded;
}

static CFDataRef kc_copy_access_groups_data(CFArrayRef access_groups, CFErrorRef *error)
{
    size_t ag_size = der_sizeof_plist(access_groups, error);
    CFMutableDataRef result = CFDataCreateMutable(kCFAllocatorDefault, 0);
    CFDataSetLength(result, ag_size);
    if (!der_encode_plist(access_groups, error, CFDataGetMutableBytePtr(result), CFDataGetMutableBytePtr(result) + ag_size)) {
        CFRelease(result);
        return NULL;
    }
    else
        return result;
}

#endif /* USE_KEYSTORE */

static CFDataRef kc_copy_protection_data(SecAccessControlRef access_control)
{
    CFTypeRef protection = SecAccessControlGetProtection(access_control);
    size_t protection_size = der_sizeof_plist(protection, NULL);
    CFMutableDataRef result = CFDataCreateMutable(NULL, 0);
    CFDataSetLength(result, protection_size);
    if (!der_encode_plist(protection, NULL, CFDataGetMutableBytePtr(result), CFDataGetMutableBytePtr(result) + protection_size)) {
        CFRelease(result);
        return NULL;
    }
    else
        return result;
}

static CFTypeRef kc_copy_protection_from_data(CFDataRef data)
{
    CFTypeRef result = NULL;
    der_decode_plist(NULL, kCFPropertyListImmutable, &result, NULL, CFDataGetBytePtr(data), CFDataGetBytePtr(data) + CFDataGetLength(data));
    return result;
}

/* Return a (mutable) dictionary if plist is a dictionary, return NULL and set error otherwise.  Does nothing if plist is already NULL. */
static CF_RETURNS_RETAINED
CFMutableDictionaryRef dictionaryFromPlist(CFPropertyListRef plist CF_CONSUMED, CFErrorRef *error) {
    if (plist && !isDictionary(plist)) {
        CFStringRef typeName = CFCopyTypeIDDescription(CFGetTypeID((CFTypeRef)plist));
        SecError(errSecDecode, error, CFSTR("plist is a %@, expecting a dictionary"), typeName);
        CFReleaseSafe(typeName);
        CFReleaseNull(plist);
    }
    return (CFMutableDictionaryRef)plist;
}

static CF_RETURNS_RETAINED
CFMutableDictionaryRef s3dl_item_v2_decode(CFDataRef plain, CFErrorRef *error) {
    CFPropertyListRef item;
    item = CFPropertyListCreateWithData(0, plain, kCFPropertyListMutableContainers, NULL, error);
    return dictionaryFromPlist(item, error);
}

static CF_RETURNS_RETAINED
CFMutableDictionaryRef s3dl_item_v3_decode(CFDataRef plain, CFErrorRef *error) {
    CFPropertyListRef item = NULL;
    const uint8_t *der = CFDataGetBytePtr(plain);
    const uint8_t *der_end = der + CFDataGetLength(plain);
    der = der_decode_plist(0, kCFPropertyListMutableContainers, &item, error, der, der_end);
    if (der && der != der_end) {
        SecCFCreateError(errSecDecode, kSecErrorDomain, CFSTR("trailing garbage at end of decrypted item"), NULL, error);
        CFReleaseNull(item);
    }
    return dictionaryFromPlist(item, error);
}

bool s3dl_item_from_data(CFDataRef edata, Query *q, CFArrayRef accessGroups,
                         CFMutableDictionaryRef *item, SecAccessControlRef *access_control, CFErrorRef *error) {
    SecAccessControlRef ac = NULL;
    CFDataRef ac_data = NULL;
    bool ok = false;

    /* Decrypt and decode the item and check the decoded attributes against the query. */
    uint32_t version = 0;
    require_quiet((ok = ks_decrypt_data(q->q_keybag, q->q_crypto_op, &ac, &q->q_use_cred_handle, edata, q->q_class, q->q_caller_access_groups, item, &version, error)), out);
    if (version < 2) {
        goto out;
    }

    ac_data = SecAccessControlCopyData(ac);
    if (!*item) {
        /* Item cannot be decrypted, because interactive authentication is needed. */
        if (!q->q_required_access_controls) {
            ok = SecError(errSecInteractionNotAllowed, error, CFSTR("item would need ui for decrypting"));
            goto out;
        }
        CFArrayAppendValue(q->q_required_access_controls, ac_data);
        *item = NULL;
        goto out;
    }

    if (*item && !itemInAccessGroup(*item, accessGroups)) {
        secerror("items accessGroup %@ not in %@",
                 CFDictionaryGetValue(*item, kSecAttrAccessGroup),
                 accessGroups);
        ok = SecError(errSecDecode, error, CFSTR("items accessGroup %@ not in %@"),
                                                 CFDictionaryGetValue(*item, kSecAttrAccessGroup),
                                                 accessGroups);
        CFReleaseNull(*item);
    }

    /* AccessControl attribute does not exist in the db, so synthesize it. */
    if (*item) {
        CFDictionarySetValue(*item, kSecAttrAccessControl, ac_data);
    }

    /* TODO: Validate access_control attribute. */

out:
    if (access_control)
        *access_control = CFRetainSafe(ac);
    CFReleaseSafe(ac);
    CFReleaseSafe(ac_data);
    return ok;
}

/* Infer accessibility and access group for pre-v2 (iOS4.x and earlier) items
 being imported from a backup.  */
static bool SecDbItemImportMigrate(SecDbItemRef item, CFErrorRef *error) {
    bool ok = true;
    CFStringRef agrp = SecDbItemGetCachedValueWithName(item, kSecAttrAccessGroup);
    CFStringRef accessible = SecDbItemGetCachedValueWithName(item, kSecAttrAccessible);

    if (!isString(agrp) || !isString(accessible))
        return ok;
    if (SecDbItemGetClass(item) == &genp_class && CFEqual(accessible, kSecAttrAccessibleAlways)) {
        CFStringRef svce = SecDbItemGetCachedValueWithName(item, kSecAttrService);
        if (!isString(svce)) return ok;
        if (CFEqual(agrp, CFSTR("apple"))) {
            if (CFEqual(svce, CFSTR("AirPort"))) {
                ok = SecDbItemSetValueWithName(item, kSecAttrAccessible, kSecAttrAccessibleAfterFirstUnlock, error);
            } else if (CFEqual(svce, CFSTR("com.apple.airplay.password"))) {
                ok = SecDbItemSetValueWithName(item, kSecAttrAccessible, kSecAttrAccessibleWhenUnlocked, error);
            } else if (CFEqual(svce, CFSTR("YouTube"))) {
                ok = (SecDbItemSetValueWithName(item, kSecAttrAccessible, kSecAttrAccessibleWhenUnlocked, error) &&
                      SecDbItemSetValueWithName(item, kSecAttrAccessGroup, CFSTR("com.apple.youtube.credentials"), error));
            } else {
                CFStringRef desc = SecDbItemGetCachedValueWithName(item, kSecAttrDescription);
                if (!isString(desc)) return ok;
                if (CFEqual(desc, CFSTR("IPSec Shared Secret")) || CFEqual(desc, CFSTR("PPP Password"))) {
                    ok = SecDbItemSetValueWithName(item, kSecAttrAccessible, kSecAttrAccessibleAfterFirstUnlock, error);
                }
            }
        }
    } else if (SecDbItemGetClass(item) == &inet_class && CFEqual(accessible, kSecAttrAccessibleAlways)) {
        if (CFEqual(agrp, CFSTR("PrintKitAccessGroup"))) {
            ok = SecDbItemSetValueWithName(item, kSecAttrAccessible, kSecAttrAccessibleWhenUnlocked, error);
        } else if (CFEqual(agrp, CFSTR("apple"))) {
            CFTypeRef ptcl = SecDbItemGetCachedValueWithName(item, kSecAttrProtocol);
            bool is_proxy = false;
            if (isNumber(ptcl)) {
                SInt32 iptcl;
                CFNumberGetValue(ptcl, kCFNumberSInt32Type, &iptcl);
                is_proxy = (iptcl == FOUR_CHAR_CODE('htpx') ||
                            iptcl == FOUR_CHAR_CODE('htsx') ||
                            iptcl == FOUR_CHAR_CODE('ftpx') ||
                            iptcl == FOUR_CHAR_CODE('rtsx') ||
                            iptcl == FOUR_CHAR_CODE('xpth') ||
                            iptcl == FOUR_CHAR_CODE('xsth') ||
                            iptcl == FOUR_CHAR_CODE('xptf') ||
                            iptcl == FOUR_CHAR_CODE('xstr'));
            } else if (isString(ptcl)) {
                is_proxy = (CFEqual(ptcl, kSecAttrProtocolHTTPProxy) ||
                            CFEqual(ptcl, kSecAttrProtocolHTTPSProxy) ||
                            CFEqual(ptcl, kSecAttrProtocolRTSPProxy) ||
                            CFEqual(ptcl, kSecAttrProtocolFTPProxy));
            }
            if (is_proxy)
                ok = SecDbItemSetValueWithName(item, kSecAttrAccessible, kSecAttrAccessibleWhenUnlocked, error);
        }
    }
    return ok;
}

bool SecDbItemDecrypt(SecDbItemRef item, CFDataRef edata, CFDataRef *neededAuth, CFErrorRef *error) {
    bool ok = true;
    CFMutableDictionaryRef dict = NULL;
    SecAccessControlRef access_control = NULL;
    uint32_t version = 0;

    if (!ks_decrypt_data(SecDbItemGetKeybag(item), item->cryptoOp, &access_control, &item->credHandle, edata, item->class, item->callerAccessGroups, &dict, &version, error)) {
        // Copy access control data, which might indicate why decryption failed.
        if (neededAuth)
            *neededAuth = SecAccessControlCopyData(access_control);
        ok = false;
        goto out;
    }

    if (!dict) {
        if (neededAuth)
            *neededAuth = SecAccessControlCopyData(access_control);
        else
            require_quiet(ok = SecError(errSecInteractionNotAllowed, error, CFSTR("auth needed, but caller does not provide it")), out);
    } else {
        if (neededAuth)
            *neededAuth = NULL;
        if (version < 2) {
            /* Old V4 style keychain backup being imported. */
            ok = SecDbItemSetValueWithName(item, CFSTR("v_Data"), CFDictionaryGetValue(dict, CFSTR("v_Data")), error) &&
            SecDbItemImportMigrate(item, error);
        } else {
            ok = dict && SecDbItemSetValues(item, dict, error);
        }
    }

    SecAccessControlRef my_access_control = SecDbItemCopyAccessControl(item, error);
    if (!my_access_control) {
        ok = false;
        goto out;
    }

    /* Make sure that the protection of ACL in the dictionary (read from DB) matched what we got
     back from decoding the data blob. */
    if (!CFEqual(SecAccessControlGetProtection(my_access_control), SecAccessControlGetProtection(access_control))) {
        ok = SecError(errSecDecode, error, CFSTR("ACL protection doesn't match the one in blob (%@ : %@)"),
                      SecAccessControlGetProtection(my_access_control),
                      SecAccessControlGetProtection(access_control));
    }
    CFRelease(my_access_control);

    // Update real protection used for decrypting in the item.
    ok = ok && SecDbItemSetAccessControl(item, access_control, error);

out:
    CFReleaseSafe(dict);
    CFReleaseSafe(access_control);
    return ok;
}

/* Automagically make a item syncable, based on various attributes. */
bool SecDbItemInferSyncable(SecDbItemRef item, CFErrorRef *error)
{
    CFStringRef agrp = SecDbItemGetCachedValueWithName(item, kSecAttrAccessGroup);

    if (!isString(agrp))
        return true;

    if (CFEqual(agrp, CFSTR("com.apple.cfnetwork")) && SecDbItemGetClass(item) == &inet_class) {
        CFTypeRef srvr = SecDbItemGetCachedValueWithName(item, kSecAttrServer);
        CFTypeRef ptcl = SecDbItemGetCachedValueWithName(item, kSecAttrProtocol);
        CFTypeRef atyp = SecDbItemGetCachedValueWithName(item, kSecAttrAuthenticationType);

        if (isString(srvr) && isString(ptcl) && isString(atyp)) {
            /* This looks like a Mobile Safari Password,  make syncable */
            secnotice("item", "Make this item syncable: %@", item);
            return SecDbItemSetSyncable(item, true, error);
        }
    }

    return true;
}

/* This create a SecDbItem from the item dictionnary that are exported for backups.
 Item are stored in the backup as a dictionary containing two keys:
 - v_Data: the encrypted data blob
 - v_PersistentRef: a persistent Ref.
 src_keybag is normally the backup keybag.
 dst_keybag is normally the device keybag.
 */
SecDbItemRef SecDbItemCreateWithBackupDictionary(CFAllocatorRef allocator, const SecDbClass *dbclass, CFDictionaryRef dict, keybag_handle_t src_keybag, keybag_handle_t dst_keybag, CFErrorRef *error)
{
    CFDataRef edata = CFDictionaryGetValue(dict, CFSTR("v_Data"));
    SecDbItemRef item = NULL;

    if (edata) {
        item = SecDbItemCreateWithEncryptedData(kCFAllocatorDefault, dbclass, edata, src_keybag, error);
        if (item)
            if (!SecDbItemSetKeybag(item, dst_keybag, error))
                CFReleaseNull(item);
    } else {
        SecError(errSecDecode, error, CFSTR("No v_Data in backup dictionary %@"), dict);
    }

    return item;
}

bool SecDbItemExtractRowIdFromBackupDictionary(SecDbItemRef item, CFDictionaryRef dict, CFErrorRef *error) {
    CFDataRef ref = CFDictionaryGetValue(dict, CFSTR("v_PersistentRef"));
    if (!ref)
        return SecError(errSecDecode, error, CFSTR("No v_PersistentRef in backup dictionary %@"), dict);

    CFStringRef className;
    sqlite3_int64 rowid;
    if (!_SecItemParsePersistentRef(ref, &className, &rowid))
        return SecError(errSecDecode, error, CFSTR("v_PersistentRef %@ failed to decode"), ref);

    if (!CFEqual(SecDbItemGetClass(item)->name, className))
        return SecError(errSecDecode, error, CFSTR("v_PersistentRef has unexpected class %@"), className);

    return SecDbItemSetRowId(item, rowid, error);
}