#include <AssertMacros.h>
#include <CoreFoundation/CFArray.h>
#include <Security/SecureObjectSync/SOSCircle.h>
#include <Security/SecureObjectSync/SOSCloudCircleInternal.h>
#include <Security/SecureObjectSync/SOSInternal.h>
#include <Security/SecureObjectSync/SOSEngine.h>
#include <Security/SecureObjectSync/SOSPeer.h>
#include <Security/SecureObjectSync/SOSPeerInfoInternal.h>
#include <Security/SecureObjectSync/SOSGenCount.h>
#include <Security/SecureObjectSync/SOSPeerInfoCollections.h>
#include <Security/SecureObjectSync/SOSGenCount.h>
#include <CoreFoundation/CoreFoundation.h>
#include <Security/SecFramework.h>
#include <Security/SecKey.h>
#include <Security/SecKeyPriv.h>
#include <utilities/SecCFWrappers.h>
#include <Security/SecureObjectSync/SOSCirclePriv.h>
#include <corecrypto/ccder.h>
#include <corecrypto/ccdigest.h>
#include <corecrypto/ccsha2.h>
#include <stdlib.h>
#include <assert.h>
CFGiblisWithCompareFor(SOSCircle);
SOSCircleRef SOSCircleCreate(CFAllocatorRef allocator, CFStringRef name, CFErrorRef *error) {
SOSCircleRef c = CFTypeAllocate(SOSCircle, struct __OpaqueSOSCircle, allocator);
int64_t gen = 1;
assert(name);
c->name = CFStringCreateCopy(allocator, name);
c->generation = CFNumberCreate(allocator, kCFNumberSInt64Type, &gen);
c->peers = CFSetCreateMutableForSOSPeerInfosByID(allocator);
c->applicants = CFSetCreateMutableForSOSPeerInfosByID(allocator);
c->rejected_applicants = CFSetCreateMutableForSOSPeerInfosByID(allocator);
c->signatures = CFDictionaryCreateMutableForCFTypes(allocator);
return c;
}
static CFNumberRef SOSCircleGenerationCopy(CFNumberRef generation) {
int64_t value;
CFAllocatorRef allocator = CFGetAllocator(generation);
CFNumberGetValue(generation, kCFNumberSInt64Type, &value);
return CFNumberCreate(allocator, kCFNumberSInt64Type, &value);
}
static CFMutableSetRef CFSetOfPeerInfoDeepCopy(CFAllocatorRef allocator, CFSetRef peerInfoSet)
{
__block CFMutableSetRef result = CFSetCreateMutableForSOSPeerInfosByID(allocator);
CFSetForEach(peerInfoSet, ^(const void *value) {
SOSPeerInfoRef pi = (SOSPeerInfoRef) value;
CFErrorRef localError = NULL;
SOSPeerInfoRef copiedPeer = SOSPeerInfoCreateCopy(allocator, pi, &localError);
if (copiedPeer) {
CFSetAddValue(result, copiedPeer);
} else {
secerror("Failed to copy peer: %@ (%@)", pi, localError);
}
CFReleaseSafe(copiedPeer);
CFReleaseSafe(localError);
});
return result;
}
SOSCircleRef SOSCircleCopyCircle(CFAllocatorRef allocator, SOSCircleRef otherCircle, CFErrorRef *error)
{
SOSCircleRef c = CFTypeAllocate(SOSCircle, struct __OpaqueSOSCircle, allocator);
assert(otherCircle);
c->name = CFStringCreateCopy(allocator, otherCircle->name);
c->generation = SOSCircleGenerationCopy(otherCircle->generation);
c->peers = CFSetOfPeerInfoDeepCopy(allocator, otherCircle->peers);
c->applicants = CFSetOfPeerInfoDeepCopy(allocator, otherCircle->applicants);
c->rejected_applicants = CFSetOfPeerInfoDeepCopy(allocator, otherCircle->rejected_applicants);
c->signatures = CFDictionaryCreateMutableCopy(allocator, 0, otherCircle->signatures);
return c;
}
static Boolean SOSCircleCompare(CFTypeRef lhs, CFTypeRef rhs) {
if (CFGetTypeID(lhs) != SOSCircleGetTypeID()
|| CFGetTypeID(rhs) != SOSCircleGetTypeID())
return false;
SOSCircleRef left = SOSCircleConvertAndAssertStable(lhs);
SOSCircleRef right = SOSCircleConvertAndAssertStable(rhs);
return NULL != left && NULL != right
&& CFEqualSafe(left->generation, right->generation)
&& SOSPeerInfoSetContainsIdenticalPeers(left->peers, right->peers)
&& SOSPeerInfoSetContainsIdenticalPeers(left->applicants, right->applicants)
&& SOSPeerInfoSetContainsIdenticalPeers(left->rejected_applicants, right->rejected_applicants)
&& CFEqualSafe(left->signatures, right->signatures);
}
static CFMutableArrayRef CFSetCopyValuesCFArray(CFSetRef set)
{
CFIndex count = CFSetGetCount(set);
CFMutableArrayRef result = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
if (count > 0) {
const void * values[count];
CFSetGetValues(set, values);
for (int current = 0; current < count; ++current) {
CFArrayAppendValue(result, values[current]);
}
}
return result;
}
static bool SOSCircleDigestArray(const struct ccdigest_info *di, CFMutableArrayRef array, void *hash_result, CFErrorRef *error)
{
__block bool success = true;
ccdigest_di_decl(di, array_digest);
const void * a_digest = array_digest;
ccdigest_init(di, array_digest);
CFArraySortValues(array, CFRangeMake(0, CFArrayGetCount(array)), SOSPeerInfoCompareByID, SOSPeerCmpPubKeyHash);
CFArrayForEach(array, ^(const void *peer) {
if (!SOSPeerInfoUpdateDigestWithPublicKeyBytes((SOSPeerInfoRef)peer, di, a_digest, error))
success = false;
});
ccdigest_final(di, array_digest, hash_result);
return success;
}
static bool SOSCircleDigestSet(const struct ccdigest_info *di, CFMutableSetRef set, void *hash_result, CFErrorRef *error)
{
CFMutableArrayRef values = CFSetCopyValuesCFArray(set);
bool result = SOSCircleDigestArray(di, values, hash_result, error);
CFReleaseSafe(values);
return result;
}
static bool SOSCircleHash(const struct ccdigest_info *di, SOSCircleRef circle, void *hash_result, CFErrorRef *error) {
ccdigest_di_decl(di, circle_digest);
ccdigest_init(di, circle_digest);
int64_t gen = SOSCircleGetGenerationSint(circle);
ccdigest_update(di, circle_digest, sizeof(gen), &gen);
SOSCircleDigestSet(di, circle->peers, hash_result, error);
ccdigest_update(di, circle_digest, di->output_size, hash_result);
ccdigest_final(di, circle_digest, hash_result);
return true;
}
static bool SOSCircleSetSignature(SOSCircleRef circle, SecKeyRef pubkey, CFDataRef signature, CFErrorRef *error) {
bool result = false;
CFStringRef pubKeyID = SOSCopyIDOfKey(pubkey, error);
require_quiet(pubKeyID, fail);
CFDictionarySetValue(circle->signatures, pubKeyID, signature);
result = true;
fail:
CFReleaseSafe(pubKeyID);
return result;
}
static bool SOSCircleRemoveSignatures(SOSCircleRef circle, CFErrorRef *error) {
CFDictionaryRemoveAllValues(circle->signatures);
return true;
}
static CFDataRef SOSCircleGetSignature(SOSCircleRef circle, SecKeyRef pubkey, CFErrorRef *error) {
CFStringRef pubKeyID = SOSCopyIDOfKey(pubkey, error);
CFDataRef result = NULL;
require_quiet(pubKeyID, fail);
CFTypeRef value = (CFDataRef)CFDictionaryGetValue(circle->signatures, pubKeyID);
if (isData(value)) result = (CFDataRef) value;
fail:
CFReleaseSafe(pubKeyID);
return result;
}
bool SOSCircleSign(SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error) {
if (!privKey) return false; CFAllocatorRef allocator = CFGetAllocator(circle);
uint8_t tmp[4096];
size_t tmplen = 4096;
const struct ccdigest_info *di = ccsha256_di();
uint8_t hash_result[di->output_size];
SOSCircleHash(di, circle, hash_result, error);
OSStatus stat = SecKeyRawSign(privKey, kSecPaddingNone, hash_result, di->output_size, tmp, &tmplen);
if(stat) {
secerror("Bad Circle SecKeyRawSign, stat: %ld", (long)stat);
SOSCreateError(kSOSErrorBadFormat, CFSTR("Bad Circle SecKeyRawSign"), (error != NULL) ? *error : NULL, error);
return false;
};
CFDataRef signature = CFDataCreate(allocator, tmp, tmplen);
SecKeyRef publicKey = SecKeyCreatePublicFromPrivate(privKey);
SOSCircleSetSignature(circle, publicKey, signature, error);
CFReleaseNull(publicKey);
CFRelease(signature);
return true;
}
static bool SOSCircleConcordanceRingSign(SOSCircleRef circle, SecKeyRef privKey, CFErrorRef *error) {
secnotice("Development", "SOSCircleEnsureRingConsistency requires ring signing op", NULL);
return true;
}
bool SOSCircleVerifySignatureExists(SOSCircleRef circle, SecKeyRef pubKey, CFErrorRef *error) {
if(!pubKey) {
secerror("SOSCircleVerifySignatureExists no pubKey");
SOSCreateError(kSOSErrorBadFormat, CFSTR("SOSCircleVerifySignatureExists no pubKey"), (error != NULL) ? *error : NULL, error);
return false;
}
CFDataRef signature = SOSCircleGetSignature(circle, pubKey, error);
return NULL != signature;
}
bool SOSCircleVerify(SOSCircleRef circle, SecKeyRef pubKey, CFErrorRef *error) {
const struct ccdigest_info *di = ccsha256_di();
uint8_t hash_result[di->output_size];
SOSCircleHash(di, circle, hash_result, error);
CFDataRef signature = SOSCircleGetSignature(circle, pubKey, error);
if(!signature) return false;
return SecKeyRawVerify(pubKey, kSecPaddingNone, hash_result, di->output_size,
CFDataGetBytePtr(signature), CFDataGetLength(signature)) == errSecSuccess;
}
bool SOSCircleVerifyPeerSigned(SOSCircleRef circle, SOSPeerInfoRef peer, CFErrorRef *error) {
SecKeyRef pub_key = SOSPeerInfoCopyPubKey(peer);
bool result = SOSCircleVerify(circle, pub_key, error);
CFReleaseSafe(pub_key);
return result;
}
static void CFSetRemoveAllPassing(CFMutableSetRef set, bool (^test)(const void *) ){
CFMutableArrayRef toBeRemoved = CFArrayCreateMutable(kCFAllocatorDefault, 0, NULL);
CFSetForEach(set, ^(const void *value) {
if (test(value))
CFArrayAppendValue(toBeRemoved, value);
});
CFArrayForEach(toBeRemoved, ^(const void *value) {
CFSetRemoveValue(set, value);
});
CFReleaseNull(toBeRemoved);
}
static void SOSCircleRejectNonValidApplicants(SOSCircleRef circle, SecKeyRef pubkey) {
CFMutableSetRef applicants = SOSCircleCopyApplicants(circle, NULL);
CFSetForEach(applicants, ^(const void *value) {
SOSPeerInfoRef pi = (SOSPeerInfoRef) value;
if(!SOSPeerInfoApplicationVerify(pi, pubkey, NULL)) {
CFSetTransferObject(pi, circle->applicants, circle->rejected_applicants);
}
});
CFReleaseNull(applicants);
}
static SOSPeerInfoRef SOSCircleCopyPeerInfo(SOSCircleRef circle, CFStringRef peer_id, CFErrorRef *error) {
__block SOSPeerInfoRef result = NULL;
CFSetForEach(circle->peers, ^(const void *value) {
if (result == NULL) {
SOSPeerInfoRef tpi = (SOSPeerInfoRef)value;
if (CFEqual(SOSPeerInfoGetPeerID(tpi), peer_id))
result = tpi;
}
});
CFRetainSafe(result);
return result;
}
static bool SOSCircleUpgradePeerInfo(SOSCircleRef circle, SecKeyRef user_approver, SOSFullPeerInfoRef peerinfo) {
bool retval = false;
SecKeyRef userPubKey = SecKeyCreatePublicFromPrivate(user_approver);
SOSPeerInfoRef fpi_pi = SOSFullPeerInfoGetPeerInfo(peerinfo);
SOSPeerInfoRef pi = SOSCircleCopyPeerInfo(circle, SOSPeerInfoGetPeerID(fpi_pi), NULL);
require_quiet(pi, out);
require_quiet(SOSPeerInfoApplicationVerify(pi, userPubKey, NULL), re_sign);
CFReleaseNull(userPubKey);
CFReleaseNull(pi);
return true;
re_sign:
secnotice("circle", "SOSCircleGenerationSign: Upgraded peer's Application Signature");
SecKeyRef device_key = SOSFullPeerInfoCopyDeviceKey(peerinfo, NULL);
require_quiet(device_key, out);
SOSPeerInfoRef new_pi = SOSPeerInfoCopyAsApplication(pi, user_approver, device_key, NULL);
if(SOSCircleUpdatePeerInfo(circle, new_pi))
retval = true;
CFReleaseNull(new_pi);
CFReleaseNull(device_key);
out:
CFReleaseNull(userPubKey);
CFReleaseNull(pi);
return retval;
}
static bool SOSCircleEnsureRingConsistency(SOSCircleRef circle, CFErrorRef *error) {
secnotice("Development", "SOSCircleEnsureRingConsistency requires ring membership and generation count consistency check", NULL);
return true;
}
bool SOSCircleSignOldStyleResetToOfferingCircle(SOSCircleRef circle, SOSFullPeerInfoRef peerinfo, SecKeyRef user_approver, CFErrorRef *error){
SecKeyRef ourKey = SOSFullPeerInfoCopyDeviceKey(peerinfo, error);
SecKeyRef publicKey = NULL;
require_quiet(ourKey, fail);
require_quiet(SOSCircleUpgradePeerInfo(circle, user_approver, peerinfo), fail);
SOSCircleRemoveRetired(circle, error); CFSetRemoveAllValues(circle->rejected_applicants); publicKey = SecKeyCreatePublicFromPrivate(user_approver);
SOSCircleRejectNonValidApplicants(circle, publicKey);
require_quiet(SOSCircleEnsureRingConsistency(circle, error), fail);
require_quiet(SOSCircleRemoveSignatures(circle, error), fail);
require_quiet(SOSCircleSign(circle, user_approver, error), fail);
require_quiet(SOSCircleSign(circle, ourKey, error), fail);
CFReleaseNull(ourKey);
CFReleaseNull(publicKey);
return true;
fail:
CFReleaseNull(ourKey);
CFReleaseNull(publicKey);
return false;
}
bool SOSCircleGenerationSign(SOSCircleRef circle, SecKeyRef user_approver, SOSFullPeerInfoRef peerinfo, CFErrorRef *error) {
SecKeyRef ourKey = SOSFullPeerInfoCopyDeviceKey(peerinfo, error);
SecKeyRef publicKey = NULL;
require_quiet(ourKey, fail);
require_quiet(SOSCircleUpgradePeerInfo(circle, user_approver, peerinfo), fail);
SOSCircleRemoveRetired(circle, error); CFSetRemoveAllValues(circle->rejected_applicants); publicKey = SecKeyCreatePublicFromPrivate(user_approver);
SOSCircleRejectNonValidApplicants(circle, publicKey);
SOSCircleGenerationIncrement(circle);
require_quiet(SOSCircleEnsureRingConsistency(circle, error), fail);
require_quiet(SOSCircleRemoveSignatures(circle, error), fail);
require_quiet(SOSCircleSign(circle, user_approver, error), fail);
require_quiet(SOSCircleSign(circle, ourKey, error), fail);
CFReleaseNull(ourKey);
CFReleaseNull(publicKey);
return true;
fail:
CFReleaseNull(ourKey);
CFReleaseNull(publicKey);
return false;
}
bool SOSCircleGenerationUpdate(SOSCircleRef circle, SecKeyRef user_approver, SOSFullPeerInfoRef peerinfo, CFErrorRef *error) {
return SOSCircleGenerationSign(circle, user_approver, peerinfo, error);
#if 0
bool success = false;
SecKeyRef ourKey = SOSFullPeerInfoCopyDeviceKey(peerinfo, error);
require_quiet(ourKey, fail);
require_quiet(SOSCircleSign(circle, user_approver, error), fail);
require_quiet(SOSCircleSign(circle, ourKey, error), fail);
success = true;
fail:
CFReleaseNull(ourKey);
return success;
#endif
}
bool SOSCircleConcordanceSign(SOSCircleRef circle, SOSFullPeerInfoRef peerinfo, CFErrorRef *error) {
bool success = false;
SecKeyRef ourKey = SOSFullPeerInfoCopyDeviceKey(peerinfo, error);
require_quiet(ourKey, exit);
success = SOSCircleSign(circle, ourKey, error);
SOSCircleConcordanceRingSign(circle, ourKey, error);
exit:
CFReleaseNull(ourKey);
return success;
}
static inline SOSConcordanceStatus CheckPeerStatus(SOSCircleRef circle, SOSPeerInfoRef peer, SecKeyRef user_public_key, CFErrorRef *error) {
SOSConcordanceStatus result = kSOSConcordanceNoPeer;
SecKeyRef pubKey = SOSPeerInfoCopyPubKey(peer);
require_action_quiet(SOSCircleHasActiveValidPeer(circle, peer, user_public_key, error), exit, result = kSOSConcordanceNoPeer);
require_action_quiet(SOSCircleVerifySignatureExists(circle, pubKey, error), exit, result = kSOSConcordanceNoPeerSig);
require_action_quiet(SOSCircleVerify(circle, pubKey, error), exit, result = kSOSConcordanceBadPeerSig);
result = kSOSConcordanceTrusted;
exit:
CFReleaseNull(pubKey);
return result;
}
static inline SOSConcordanceStatus CombineStatus(SOSConcordanceStatus status1, SOSConcordanceStatus status2)
{
if (status1 == kSOSConcordanceTrusted || status2 == kSOSConcordanceTrusted)
return kSOSConcordanceTrusted;
if (status1 == kSOSConcordanceBadPeerSig || status2 == kSOSConcordanceBadPeerSig)
return kSOSConcordanceBadPeerSig;
if (status1 == kSOSConcordanceNoPeerSig || status2 == kSOSConcordanceNoPeerSig)
return kSOSConcordanceNoPeerSig;
return status1;
}
static inline bool SOSCircleIsEmpty(SOSCircleRef circle) {
return SOSCircleCountPeers(circle) == 0;
}
static inline bool SOSCircleIsOffering(SOSCircleRef circle) {
return SOSCircleCountPeers(circle) == 1;
}
static inline bool SOSCircleHasDegenerateGeneration(SOSCircleRef deGenCircle){
int testPtr;
CFNumberRef genCountTest = SOSCircleGetGeneration(deGenCircle);
CFNumberGetValue(genCountTest, kCFNumberCFIndexType, &testPtr);
return (testPtr== 0);
}
static inline bool SOSCircleIsDegenerateReset(SOSCircleRef deGenCircle){
return SOSCircleHasDegenerateGeneration(deGenCircle) && SOSCircleIsEmpty(deGenCircle);
}
__unused static inline bool SOSCircleIsResignOffering(SOSCircleRef circle, SecKeyRef pubkey) {
return SOSCircleCountActiveValidPeers(circle, pubkey) == 1;
}
static inline SOSConcordanceStatus GetSignersStatus(SOSCircleRef signers_circle, SOSCircleRef status_circle,
SecKeyRef user_pubKey, SOSPeerInfoRef exclude, CFErrorRef *error) {
CFStringRef excluded_id = exclude ? SOSPeerInfoGetPeerID(exclude) : NULL;
__block SOSConcordanceStatus status = kSOSConcordanceNoPeer;
SOSCircleForEachActivePeer(signers_circle, ^(SOSPeerInfoRef peer) {
SOSConcordanceStatus peerStatus = CheckPeerStatus(status_circle, peer, user_pubKey, error);
if (peerStatus == kSOSConcordanceNoPeerSig &&
(CFEqualSafe(SOSPeerInfoGetPeerID(peer), excluded_id) || SOSPeerInfoIsCloudIdentity(peer)))
peerStatus = kSOSConcordanceNoPeer;
status = CombineStatus(status, peerStatus); });
return status;
}
static inline bool isOlderGeneration(SOSCircleRef current, SOSCircleRef proposed) {
return CFNumberCompare(current->generation, proposed->generation, NULL) == kCFCompareGreaterThan;
}
static inline bool SOSCircleIsValidReset(SOSCircleRef current, SOSCircleRef proposed) {
return (!isOlderGeneration(current, proposed)) && SOSCircleIsEmpty(proposed); }
bool SOSCircleSharedTrustedPeers(SOSCircleRef current, SOSCircleRef proposed, SOSPeerInfoRef me) {
__block bool retval = false;
SOSCircleForEachPeer(current, ^(SOSPeerInfoRef peer) {
if(!CFEqual(me, peer) && SOSCircleHasPeer(proposed, peer, NULL)) retval = true;
});
return retval;
}
SOSConcordanceStatus SOSCircleConcordanceTrust(SOSCircleRef known_circle, SOSCircleRef proposed_circle,
SecKeyRef known_pubkey, SecKeyRef user_pubkey,
SOSPeerInfoRef me, CFErrorRef *error) {
if(user_pubkey == NULL) {
SOSCreateError(kSOSErrorPublicKeyAbsent, CFSTR("Concordance with no public key"), NULL, error);
return kSOSConcordanceNoUserKey; }
if(SOSCircleIsDegenerateReset(proposed_circle)) {
return kSOSConcordanceTrusted;
}
if (SOSCircleIsValidReset(known_circle, proposed_circle)) {
return kSOSConcordanceTrusted;
}
if(!SOSCircleVerifySignatureExists(proposed_circle, user_pubkey, error)) {
SOSCreateError(kSOSErrorBadSignature, CFSTR("No public signature"), (error != NULL) ? *error : NULL, error);
return kSOSConcordanceNoUserSig;
}
if(!SOSCircleVerify(proposed_circle, user_pubkey, error)) {
SOSCreateError(kSOSErrorBadSignature, CFSTR("Bad public signature"), (error != NULL) ? *error : NULL, error);
debugDumpCircle(CFSTR("proposed_circle"), proposed_circle);
return kSOSConcordanceBadUserSig;
}
if (SOSCircleIsEmpty(known_circle)) {
return GetSignersStatus(proposed_circle, proposed_circle, user_pubkey, NULL, error);
}
if(SOSCircleHasDegenerateGeneration(proposed_circle) && SOSCircleIsOffering(proposed_circle)){
return GetSignersStatus(proposed_circle, proposed_circle, user_pubkey, NULL, error);
}
if(isOlderGeneration(known_circle, proposed_circle)) {
SOSCreateError(kSOSErrorReplay, CFSTR("Bad generation"), NULL, error);
debugDumpCircle(CFSTR("isOlderGeneration known_circle"), known_circle);
debugDumpCircle(CFSTR("isOlderGeneration proposed_circle"), proposed_circle);
return kSOSConcordanceGenOld;
}
if(SOSCircleIsOffering(proposed_circle)){
return GetSignersStatus(proposed_circle, proposed_circle, user_pubkey, NULL, error);
}
return GetSignersStatus(known_circle, proposed_circle, user_pubkey, me, error);
}
static void SOSCircleDestroy(CFTypeRef aObj) {
SOSCircleRef c = (SOSCircleRef) aObj;
CFReleaseNull(c->name);
CFReleaseNull(c->generation);
CFReleaseNull(c->peers);
CFReleaseNull(c->applicants);
CFReleaseNull(c->rejected_applicants);
CFReleaseNull(c->signatures);
}
static CFMutableStringRef defaultDescription(CFTypeRef aObj){
SOSCircleRef c = (SOSCircleRef) aObj;
CFMutableStringRef description = CFStringCreateMutable(kCFAllocatorDefault, 0);
SOSGenerationCountWithDescription(c->generation, ^(CFStringRef genDescription) {
CFStringAppendFormat(description, NULL, CFSTR("<SOSCircle@%p: '%@' %@ P:["), c, c->name, genDescription);
});
__block CFStringRef separator = CFSTR("");
SOSCircleForEachActivePeer(c, ^(SOSPeerInfoRef peer) {
CFStringRef sig = NULL;
if (SOSCircleVerifyPeerSigned(c, peer, NULL)) {
sig = CFSTR("√");
} else {
SecKeyRef pub_key = SOSPeerInfoCopyPubKey(peer);
CFDataRef signature = SOSCircleGetSignature(c, pub_key, NULL);
sig = (signature == NULL) ? CFSTR("-") : CFSTR("?");
CFReleaseNull(pub_key);
}
CFStringAppendFormat(description, NULL, CFSTR("%@%@ %@"), separator, peer, sig);
separator = CFSTR(",");
});
CFStringAppend(description, CFSTR("], A:["));
separator = CFSTR("");
if(CFSetGetCount(c->applicants) == 0 )
CFStringAppendFormat(description, NULL, CFSTR("-"));
else{
SOSCircleForEachApplicant(c, ^(SOSPeerInfoRef peer) {
CFStringAppendFormat(description, NULL, CFSTR("%@%@"), separator, peer);
separator = CFSTR(",");
});
}
CFStringAppend(description, CFSTR("], R:["));
separator = CFSTR("");
if(CFSetGetCount(c->rejected_applicants) == 0)
CFStringAppendFormat(description, NULL, CFSTR("-"));
else{
CFSetForEach(c->rejected_applicants, ^(const void *value) {
SOSPeerInfoRef peer = (SOSPeerInfoRef) value;
CFStringAppendFormat(description, NULL, CFSTR("%@%@"), separator, peer);
separator = CFSTR(",");
});
}
CFStringAppend(description, CFSTR("]>"));
return description;
}
static CFMutableStringRef descriptionWithFormatOptions(CFTypeRef aObj, CFDictionaryRef formatOptions){
SOSCircleRef c = (SOSCircleRef) aObj;
CFMutableStringRef description = CFStringCreateMutable(kCFAllocatorDefault, 0);
if(CFDictionaryContainsKey(formatOptions, CFSTR("SyncD"))) {
CFStringRef generationDescription = SOSGenerationCountCopyDescription(c->generation);
CFStringAppendFormat(description, NULL, CFSTR("<C: gen:'%@' %@>\n"), generationDescription, c->name);
CFReleaseNull(generationDescription);
__block CFStringRef separator = CFSTR("\t\t");
SOSCircleForEachActivePeer(c, ^(SOSPeerInfoRef peer) {
CFStringRef sig = NULL;
if (SOSCircleVerifyPeerSigned(c, peer, NULL)) {
sig = CFSTR("√");
} else {
SecKeyRef pub_key = SOSPeerInfoCopyPubKey(peer);
CFDataRef signature = SOSCircleGetSignature(c, pub_key, NULL);
sig = (signature == NULL) ? CFSTR("-") : CFSTR("?");
CFReleaseNull(pub_key);
}
CFStringAppendFormat(description, formatOptions, CFSTR("%@%@ %@"), separator, peer, sig);
separator = CFSTR("\n\t\t");
});
CFStringAppend(description, CFSTR("\n\t\t<A:["));
separator = CFSTR("");
if(CFSetGetCount(c->applicants) == 0 )
CFStringAppendFormat(description, NULL, CFSTR("-"));
else{
SOSCircleForEachApplicant(c, ^(SOSPeerInfoRef peer) {
CFStringAppendFormat(description, formatOptions, CFSTR("%@A: %@"), separator, peer);
separator = CFSTR("\n\t\t\t");
});
}
CFStringAppend(description, CFSTR("]> \n\t\t<R:["));
separator = CFSTR("");
if(CFSetGetCount(c->rejected_applicants) == 0)
CFStringAppendFormat(description, NULL, CFSTR("-"));
else{
CFSetForEach(c->rejected_applicants, ^(const void *value) {
SOSPeerInfoRef peer = (SOSPeerInfoRef) value;
CFStringAppendFormat(description, formatOptions, CFSTR("%@R: %@"), separator, peer);
separator = CFSTR("\n\t\t");
});
}
CFStringAppend(description, CFSTR("]>"));
}
else{
CFReleaseNull(description);
description = defaultDescription(aObj);
}
return description;
}
static CFStringRef SOSCircleCopyFormatDescription(CFTypeRef aObj, CFDictionaryRef formatOptions) {
SOSCircleRef c = (SOSCircleRef) aObj;
SOSCircleAssertStable(c);
CFMutableStringRef description = NULL;
if(formatOptions != NULL){
description = descriptionWithFormatOptions(aObj, formatOptions);
}
else{
description = defaultDescription(aObj);
}
return description;
}
CFStringRef SOSCircleGetName(SOSCircleRef circle) {
assert(circle);
assert(circle->name);
return circle->name;
}
const char *SOSCircleGetNameC(SOSCircleRef circle) {
CFStringRef name = SOSCircleGetName(circle);
if (!name)
return strdup("");
return CFStringToCString(name);
}
CFNumberRef SOSCircleGetGeneration(SOSCircleRef circle) {
assert(circle);
assert(circle->generation);
return circle->generation;
}
void SOSCircleSetGeneration(SOSCircleRef circle, CFNumberRef gencount) {
assert(circle);
CFReleaseNull(circle->generation);
circle->generation = CFRetainSafe(gencount);
}
int64_t SOSCircleGetGenerationSint(SOSCircleRef circle) {
CFNumberRef gen = SOSCircleGetGeneration(circle);
int64_t value;
if(!gen) return 0;
CFNumberGetValue(gen, kCFNumberSInt64Type, &value);
return value;
}
void SOSCircleGenerationSetValue(SOSCircleRef circle, int64_t value)
{
CFAllocatorRef allocator = CFGetAllocator(circle->generation);
CFAssignRetained(circle->generation, CFNumberCreate(allocator, kCFNumberSInt64Type, &value));
}
static int64_t GenerationSetHighBits(int64_t value, int32_t high_31)
{
value &= 0xFFFFFFFF; value |= ((int64_t) high_31) << 32;
return value;
}
void SOSCircleGenerationIncrement(SOSCircleRef circle) {
int64_t value = SOSCircleGetGenerationSint(circle);
if ((value >> 32) == 0) {
uint32_t seconds = CFAbsoluteTimeGetCurrent(); value = GenerationSetHighBits(value, (seconds >> 1));
}
value++;
SOSCircleGenerationSetValue(circle, value);
}
int SOSCircleCountPeers(SOSCircleRef circle) {
SOSCircleAssertStable(circle);
__block int count = 0;
SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) {
++count;
});
return count;
}
int SOSCircleCountActivePeers(SOSCircleRef circle) {
SOSCircleAssertStable(circle);
__block int count = 0;
SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
++count;
});
return count;
}
int SOSCircleCountActiveValidPeers(SOSCircleRef circle, SecKeyRef pubkey) {
SOSCircleAssertStable(circle);
__block int count = 0;
SOSCircleForEachActiveValidPeer(circle, pubkey, ^(SOSPeerInfoRef peer) {
++count;
});
return count;
}
int SOSCircleCountRetiredPeers(SOSCircleRef circle) {
SOSCircleAssertStable(circle);
__block int count = 0;
SOSCircleForEachRetiredPeer(circle, ^(SOSPeerInfoRef peer) {
++count;
});
return count;
}
int SOSCircleCountApplicants(SOSCircleRef circle) {
SOSCircleAssertStable(circle);
return (int)CFSetGetCount(circle->applicants);
}
bool SOSCircleHasApplicant(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
SOSCircleAssertStable(circle);
return CFSetContainsValue(circle->applicants, peerInfo);
}
CFMutableSetRef SOSCircleCopyApplicants(SOSCircleRef circle, CFAllocatorRef allocator) {
SOSCircleAssertStable(circle);
return CFSetCreateMutableCopy(allocator, 0, circle->applicants);
}
int SOSCircleCountRejectedApplicants(SOSCircleRef circle) {
SOSCircleAssertStable(circle);
return (int)CFSetGetCount(circle->rejected_applicants);
}
bool SOSCircleHasRejectedApplicant(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
SOSCircleAssertStable(circle);
return CFSetContainsValue(circle->rejected_applicants, peerInfo);
}
SOSPeerInfoRef SOSCircleCopyRejectedApplicant(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
SOSCircleAssertStable(circle);
return CFRetainSafe((SOSPeerInfoRef)CFSetGetValue(circle->rejected_applicants, peerInfo));
}
CFMutableArrayRef SOSCircleCopyRejectedApplicants(SOSCircleRef circle, CFAllocatorRef allocator) {
SOSCircleAssertStable(circle);
return CFSetCopyValuesCFArray(circle->rejected_applicants);
}
bool SOSCircleHasPeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) {
SOSCircleAssertStable(circle);
__block bool found = false;
SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) {
if(peerid && peer && CFEqualSafe(peerid, SOSPeerInfoGetPeerID(peer))) found = true;
});
return found;
}
SOSPeerInfoRef SOSCircleCopyPeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) {
SOSCircleAssertStable(circle);
__block SOSPeerInfoRef found = NULL;
SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) {
if(peerid && peer && CFEqualSafe(peerid, SOSPeerInfoGetPeerID(peer))) found = peer;
});
return found ? SOSPeerInfoCreateCopy(kCFAllocatorDefault, found, NULL) : NULL;
}
bool SOSCircleHasPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
if(!peerInfo) return false;
return SOSCircleHasPeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), error);
}
bool SOSCircleHasActivePeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) {
SOSCircleAssertStable(circle);
__block bool found = false;
SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
if(peerid && peer && CFEqualSafe(peerid, SOSPeerInfoGetPeerID(peer))) found = true;
});
return found;
}
bool SOSCircleHasActivePeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
if(!peerInfo) return false;
return SOSCircleHasActivePeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), error);
}
bool SOSCircleHasActiveValidPeerWithID(SOSCircleRef circle, CFStringRef peerid, SecKeyRef user_public_key, CFErrorRef *error) {
SOSCircleAssertStable(circle);
__block bool found = false;
SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
if(peerid && peer && CFEqualSafe(peerid, SOSPeerInfoGetPeerID(peer)) && SOSPeerInfoApplicationVerify(peer, user_public_key, NULL)) found = true;
});
return found;
}
bool SOSCircleHasActiveValidPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, SecKeyRef user_public_key, CFErrorRef *error) {
if(!peerInfo) return false;
return SOSCircleHasActiveValidPeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), user_public_key, error);
}
bool SOSCircleResetToEmpty(SOSCircleRef circle, CFErrorRef *error) {
CFSetRemoveAllValues(circle->applicants);
CFSetRemoveAllValues(circle->rejected_applicants);
CFSetRemoveAllValues(circle->peers);
CFDictionaryRemoveAllValues(circle->signatures);
int64_t old_value = SOSCircleGetGenerationSint(circle);
SOSCircleGenerationSetValue(circle, 0);
SOSCircleGenerationIncrement(circle);
int64_t new_value = SOSCircleGetGenerationSint(circle);
if (new_value <= old_value) {
int64_t new_new_value = GenerationSetHighBits(new_value, (old_value >> 32) + 1);
SOSCircleGenerationSetValue(circle, new_new_value);
}
return true;
}
bool SOSCircleResetToOffering(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error){
return SOSCircleResetToEmpty(circle, error)
&& SOSCircleRequestAdmission(circle, user_privkey, requestor, error)
&& SOSCircleAcceptRequest(circle, user_privkey, requestor, SOSFullPeerInfoGetPeerInfo(requestor), error);
}
bool SOSCircleRemoveRetired(SOSCircleRef circle, CFErrorRef *error) {
CFSetRemoveAllPassing(circle->peers, ^ bool (const void *element) {
SOSPeerInfoRef peer = (SOSPeerInfoRef) element;
return SOSPeerInfoIsRetirementTicket(peer);
});
return true;
}
static bool SOSCircleRecordAdmissionRequest(SOSCircleRef circle, SecKeyRef user_pubkey, SOSPeerInfoRef requestorPeerInfo, CFErrorRef *error) {
SOSCircleAssertStable(circle);
bool isPeer = SOSCircleHasPeer(circle, requestorPeerInfo, error);
require_action_quiet(!isPeer, fail, SOSCreateError(kSOSErrorAlreadyPeer, CFSTR("Cannot request admission when already a peer"), NULL, error));
CFSetTransferObject(requestorPeerInfo, circle->rejected_applicants, circle->applicants);
return true;
fail:
return false;
}
bool SOSCircleRequestReadmission(SOSCircleRef circle, SecKeyRef user_pubkey, SOSPeerInfoRef peer, CFErrorRef *error) {
bool success = false;
require_quiet(SOSPeerInfoApplicationVerify(peer, user_pubkey, error), fail);
success = SOSCircleRecordAdmissionRequest(circle, user_pubkey, peer, error);
fail:
return success;
}
bool SOSCircleRequestAdmission(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) {
bool success = false;
SecKeyRef user_pubkey = SecKeyCreatePublicFromPrivate(user_privkey);
require_action_quiet(user_pubkey, fail, SOSCreateError(kSOSErrorBadKey, CFSTR("No public key for key"), NULL, error));
require(SOSFullPeerInfoPromoteToApplication(requestor, user_privkey, error), fail);
success = SOSCircleRecordAdmissionRequest(circle, user_pubkey, SOSFullPeerInfoGetPeerInfo(requestor), error);
fail:
CFReleaseNull(user_pubkey);
return success;
}
static bool sosCircleUpdatePeerInfoSet(CFMutableSetRef theSet, SOSPeerInfoRef replacement_peer_info) {
CFTypeRef old = NULL;
if(!replacement_peer_info) return false;
if(!(old = CFSetGetValue(theSet, replacement_peer_info))) return false;
if(CFEqualSafe(old, replacement_peer_info)) return false;
CFSetReplaceValue(theSet, replacement_peer_info);
return true;
}
bool SOSCircleUpdatePeerInfo(SOSCircleRef circle, SOSPeerInfoRef replacement_peer_info) {
if(sosCircleUpdatePeerInfoSet(circle->peers, replacement_peer_info)) return true;
if(sosCircleUpdatePeerInfoSet(circle->applicants, replacement_peer_info)) return true;
if(sosCircleUpdatePeerInfoSet(circle->rejected_applicants, replacement_peer_info)) return true;
return false;
}
bool SOSCircleRemovePeer(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, SOSPeerInfoRef peer_to_remove, CFErrorRef *error) {
SOSPeerInfoRef requestor_peer_info = SOSFullPeerInfoGetPeerInfo(requestor);
if (SOSCircleHasApplicant(circle, peer_to_remove, error)) {
return SOSCircleRejectRequest(circle, requestor, peer_to_remove, error);
}
if (!SOSCircleHasPeer(circle, requestor_peer_info, error)) {
SOSCreateError(kSOSErrorAlreadyPeer, CFSTR("Must be peer to remove peer"), NULL, error);
return false;
}
CFSetRemoveValue(circle->peers, peer_to_remove);
SOSCircleGenerationSign(circle, user_privkey, requestor, error);
return true;
}
bool SOSCircleAcceptRequest(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
SOSCircleAssertStable(circle);
SecKeyRef publicKey = NULL;
bool result = false;
require_action_quiet(CFSetContainsValue(circle->applicants, peerInfo), fail,
SOSCreateError(kSOSErrorNotApplicant, CFSTR("Cannot accept non-applicant"), NULL, error));
publicKey = SecKeyCreatePublicFromPrivate(user_privkey);
require_quiet(SOSPeerInfoApplicationVerify(peerInfo, publicKey, error), fail);
CFSetTransferObject(peerInfo, circle->applicants, circle->peers);
result = SOSCircleGenerationSign(circle, user_privkey, device_approver, error);
fail:
CFReleaseNull(publicKey);
return result;
}
bool SOSCircleWithdrawRequest(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
SOSCircleAssertStable(circle);
CFSetRemoveValue(circle->applicants, peerInfo);
return true;
}
bool SOSCircleRemoveRejectedPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) {
SOSCircleAssertStable(circle);
CFSetRemoveValue(circle->rejected_applicants, peerInfo);
return true;
}
bool SOSCircleRejectRequest(SOSCircleRef circle, SOSFullPeerInfoRef device_rejector,
SOSPeerInfoRef peerInfo, CFErrorRef *error) {
SOSCircleAssertStable(circle);
if (CFEqual(SOSPeerInfoGetPeerID(peerInfo), SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(device_rejector))))
return SOSCircleWithdrawRequest(circle, peerInfo, error);
if (!CFSetContainsValue(circle->applicants, peerInfo)) {
SOSCreateError(kSOSErrorNotApplicant, CFSTR("Cannot reject non-applicant"), NULL, error);
return false;
}
CFSetTransferObject(peerInfo, circle->applicants, circle->rejected_applicants);
return true;
}
bool SOSCircleAcceptRequests(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver,
CFErrorRef *error) {
__block bool result = false;
SOSCircleForEachApplicant(circle, ^(SOSPeerInfoRef peer) {
if (!SOSCircleAcceptRequest(circle, user_privkey, device_approver, peer, error)) {
secnotice("circle", "error in SOSCircleAcceptRequest\n");
} else {
secnotice("circle", "Accepted peer: %@", peer);
result = true;
}
});
if (result) {
SOSCircleGenerationSign(circle, user_privkey, device_approver, error);
secnotice("circle", "Countersigned accepted requests");
}
return result;
}
bool SOSCirclePeerSigUpdate(SOSCircleRef circle, SecKeyRef userPrivKey, SOSFullPeerInfoRef fpi,
CFErrorRef *error) {
__block bool result = false;
SecKeyRef userPubKey = SecKeyCreatePublicFromPrivate(userPrivKey);
SOSCircleForEachApplicant(circle, ^(SOSPeerInfoRef peer) {
if(!SOSPeerInfoApplicationVerify(peer, userPubKey, NULL)) {
if(!SOSCircleRejectRequest(circle, fpi, peer, NULL)) {
}
}
});
result = SOSCircleUpdatePeerInfo(circle, SOSFullPeerInfoGetPeerInfo(fpi));
if (result) {
SOSCircleGenerationSign(circle, userPrivKey, fpi, error);
secnotice("circle", "Generation signed updated signatures on peerinfo");
}
return result;
}
static inline void SOSCircleForEachPeerMatching(SOSCircleRef circle,
void (^action)(SOSPeerInfoRef peer),
bool (^condition)(SOSPeerInfoRef peer)) {
CFSetForEach(circle->peers, ^(const void *value) {
SOSPeerInfoRef peer = (SOSPeerInfoRef) value;
if (condition(peer))
action(peer);
});
}
static inline bool isHiddenPeer(SOSPeerInfoRef peer) {
return SOSPeerInfoIsRetirementTicket(peer) || SOSPeerInfoIsCloudIdentity(peer);
}
void SOSCircleForEachPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) {
SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
return !isHiddenPeer(peer);
});
}
void SOSCircleForEachRetiredPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) {
SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
return SOSPeerInfoIsRetirementTicket(peer);
});
}
void SOSCircleForEachActivePeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) {
SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
return true;
});
}
void SOSCircleForEachActiveValidPeer(SOSCircleRef circle, SecKeyRef user_public_key, void (^action)(SOSPeerInfoRef peer)) {
SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
return SOSPeerInfoApplicationVerify(peer, user_public_key, NULL);
});
}
void SOSCircleForEachValidPeer(SOSCircleRef circle, SecKeyRef user_public_key, void (^action)(SOSPeerInfoRef peer)) {
SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) {
return !isHiddenPeer(peer) && SOSPeerInfoApplicationVerify(peer, user_public_key, NULL);
});
}
void SOSCircleForEachApplicant(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) {
CFSetForEach(circle->applicants, ^(const void*value) { action((SOSPeerInfoRef) value); } );
}
CFMutableSetRef SOSCircleCopyPeers(SOSCircleRef circle, CFAllocatorRef allocator) {
SOSCircleAssertStable(circle);
CFMutableSetRef result = CFSetCreateMutableForSOSPeerInfosByID(allocator);
SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) {
CFSetAddValue(result, peer);
});
return result;
}
bool SOSCircleAppendConcurringPeers(SOSCircleRef circle, CFMutableArrayRef appendHere, CFErrorRef *error) {
SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
CFErrorRef localError = NULL;
if (SOSCircleVerifyPeerSigned(circle, peer, &localError)) {
SOSPeerInfoRef peerInfo = SOSPeerInfoCreateCopy(kCFAllocatorDefault, peer, error);
CFArrayAppendValue(appendHere, peerInfo);
CFRelease(peerInfo);
} else if (error != NULL) {
secerror("Error checking concurrence: %@", localError);
}
CFReleaseNull(localError);
});
return true;
}
CFMutableArrayRef SOSCircleCopyConcurringPeers(SOSCircleRef circle, CFErrorRef* error) {
SOSCircleAssertStable(circle);
CFMutableArrayRef concurringPeers = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
if (!SOSCircleAppendConcurringPeers(circle, concurringPeers, error))
CFReleaseNull(concurringPeers);
return concurringPeers;
}
SOSFullPeerInfoRef SOSCircleCopyiCloudFullPeerInfoRef(SOSCircleRef circle, CFErrorRef *error) {
__block SOSFullPeerInfoRef cloud_full_peer = NULL;
__block CFErrorRef searchError = NULL;
SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
if (SOSPeerInfoIsCloudIdentity(peer)) {
if (cloud_full_peer == NULL) {
if (searchError) {
secerror("More than one cloud identity found, first had error, trying new one.");
}
CFReleaseNull(searchError);
cloud_full_peer = SOSFullPeerInfoCreateCloudIdentity(kCFAllocatorDefault, peer, &searchError);
if (!cloud_full_peer) {
secnotice("icloud-identity", "Failed to make FullPeer for iCloud Identity: %@ (%@)", cloud_full_peer, searchError);
}
} else {
secerror("Additional cloud identity found in circle after successful creation: %@", circle);
}
}
});
if (cloud_full_peer == NULL && searchError == NULL) {
SOSErrorCreate(kSOSErrorNoiCloudPeer, &searchError, NULL, CFSTR("No iCloud identity PeerInfo found in circle"));
secnotice("icloud-identity", "No iCloud identity PeerInfo found in circle");
}
if (error) {
CFTransferRetained(*error, searchError);
}
CFReleaseNull(searchError);
return cloud_full_peer;
}
void debugDumpCircle(CFStringRef message, SOSCircleRef circle) {
CFErrorRef error;
secinfo("circledebug", "%@: %@", message, circle);
if (!circle)
return;
CFDataRef derdata = SOSCircleCopyEncodedData(circle, kCFAllocatorDefault, &error);
if (derdata) {
CFStringRef hex = CFDataCopyHexString(derdata);
secinfo("circledebug", "Full contents: %@", hex);
if (hex) CFRelease(hex);
CFRelease(derdata);
}
}