SOSAccountCredentials.c   [plain text]

/*
 * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


#include <stdio.h>
#include "SOSAccountPriv.h"
#include "SOSPeerInfoCollections.h"
#include "SOSTransport.h"

//
// MARK: User Credential management
//

void SOSAccountSetPreviousPublic(SOSAccountRef account) {
    CFReleaseNull(account->previous_public);
    account->previous_public = account->user_public;
    CFRetain(account->previous_public);
}

static void SOSAccountRemoveInvalidApplications(SOSAccountRef account, SOSCircleRef circle)
{
    CFMutableSetRef peersToRemove = CFSetCreateMutableForSOSPeerInfosByID(kCFAllocatorDefault);
    SOSCircleForEachApplicant(circle, ^(SOSPeerInfoRef peer) {
        if (!SOSPeerInfoApplicationVerify(peer, account->user_public, NULL))
            CFSetAddValue(peersToRemove, peer);
    });

    CFSetForEach(peersToRemove, ^(const void *value) {
        SOSPeerInfoRef peer = (SOSPeerInfoRef) value;

        SOSCircleWithdrawRequest(circle, peer, NULL);
    });
}

// List of things to do
// Update myFullPeerInfo in circle if needed
// Fix iCloud Identity if needed
// Gen sign if private key changed

static bool sosAccountUpgradeiCloudIdentity(SOSCircleRef circle, SecKeyRef privKey) {
    bool retval = false;
    SOSFullPeerInfoRef cloud_fpi = SOSCircleCopyiCloudFullPeerInfoRef(circle, NULL);
    require_quiet(cloud_fpi != NULL, errOut);
    require_quiet(SOSFullPeerInfoUpgradeSignatures(cloud_fpi, privKey, NULL), errOut);
    retval = SOSCircleUpdatePeerInfo(circle, SOSFullPeerInfoGetPeerInfo(cloud_fpi));
errOut:
    return retval;
}

static void SOSAccountGenerationSignatureUpdateWith(SOSAccountRef account, SecKeyRef privKey) {
    if (account->trusted_circle && account->my_identity) {
        SOSAccountModifyCircle(account, NULL, ^(SOSCircleRef circle) {
            SOSPeerInfoRef myPI = SOSAccountGetMyPeerInfo(account);
            bool iAmPeer = SOSCircleHasPeer(account->trusted_circle, myPI, NULL);
            bool change = SOSCircleUpdatePeerInfo(circle, myPI);
            if(iAmPeer && !SOSCircleVerify(circle, account->user_public, NULL)) {
                change |= sosAccountUpgradeiCloudIdentity(circle, privKey);
                SOSAccountRemoveInvalidApplications(account, circle);
                change |= SOSCircleGenerationSign(circle, privKey, account->my_identity, NULL);
                account->departure_code = kSOSNeverLeftCircle;
            } else if(iAmPeer) {
                SOSFullPeerInfoRef icfpi = SOSCircleCopyiCloudFullPeerInfoRef(circle, NULL);
                if(!icfpi) {
                    SOSAccountRemoveIncompleteiCloudIdentities(account, circle, privKey, NULL);
                    change |= SOSAccountAddiCloudIdentity(account, circle, privKey, NULL);
                } else {
                    CFReleaseNull(icfpi);
                }
            }
            secnotice("updatingGenSignature", "we changed the circle? %@", change ? CFSTR("YES") : CFSTR("NO"));
            return change;
        });
    }
}

bool SOSAccountGenerationSignatureUpdate(SOSAccountRef account, CFErrorRef *error) {
    bool result = false;
    SecKeyRef priv_key = SOSAccountGetPrivateCredential(account, error);
    require_quiet(priv_key, bail);

    SOSAccountGenerationSignatureUpdateWith(account, priv_key);
    
    result = true;
bail:
    return result;
}

/* this one is meant to be local - not published over KVS. */
static bool SOSAccountPeerSignatureUpdate(SOSAccountRef account, SecKeyRef privKey, CFErrorRef *error) {
    return account->my_identity && SOSFullPeerInfoUpgradeSignatures(account->my_identity, privKey, error);
}


void SOSAccountPurgePrivateCredential(SOSAccountRef account)
{
    CFReleaseNull(account->_user_private);
    CFReleaseNull(account->_password_tmp);
    if (account->user_private_timer) {
        dispatch_source_cancel(account->user_private_timer);
        dispatch_release(account->user_private_timer);
        account->user_private_timer = NULL;
        xpc_transaction_end();
    }
    if (account->lock_notification_token != NOTIFY_TOKEN_INVALID) {
        notify_cancel(account->lock_notification_token);
        account->lock_notification_token = NOTIFY_TOKEN_INVALID;
    }
}


static void SOSAccountSetTrustedUserPublicKey(SOSAccountRef account, bool public_was_trusted, SecKeyRef privKey)
{
    if (!privKey) return;
    SecKeyRef publicKey = SecKeyCreatePublicFromPrivate(privKey);
    
    if (account->user_public && account->user_public_trusted && CFEqual(publicKey, account->user_public)) {
        CFReleaseNull(publicKey);
        return;
    }
    
    if(public_was_trusted && account->user_public) {
        CFReleaseNull(account->previous_public);
        account->previous_public = account->user_public;
        CFRetain(account->previous_public);
    }
    
    CFReleaseNull(account->user_public);
    account->user_public = publicKey;
    account->user_public_trusted = true;
    
    if(!account->previous_public) {
        account->previous_public = account->user_public;
        CFRetain(account->previous_public);
    }
    
	secnotice("keygen", "trusting new public key: %@", account->user_public);
}

void SOSAccountSetUnTrustedUserPublicKey(SOSAccountRef account, SecKeyRef publicKey) {
    if(account->user_public_trusted && account->user_public) {
        secnotice("keygen", "Moving : %@ to previous_public", account->user_public);
        CFRetainAssign(account->previous_public, account->user_public);
    }
    
    CFReleaseNull(account->user_public);
    account->user_public = publicKey;
    account->user_public_trusted = false;
    
    if(!account->previous_public) {
        CFRetainAssign(account->previous_public, account->user_public);
    }
    
    secnotice("keygen", "not trusting new public key: %@", account->user_public);
}


static void SOSAccountSetPrivateCredential(SOSAccountRef account, SecKeyRef private, CFDataRef password) {
    if (!private)
        return SOSAccountPurgePrivateCredential(account);
    
    CFRetain(private);
    CFReleaseSafe(account->_user_private);
    account->_user_private = private;
    CFReleaseSafe(account->_password_tmp);
    account->_password_tmp = CFDataCreateCopy(kCFAllocatorDefault, password);
    
    bool resume_timer = false;
    if (!account->user_private_timer) {
        xpc_transaction_begin();
        resume_timer = true;
        account->user_private_timer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, account->queue);
        dispatch_source_set_event_handler(account->user_private_timer, ^{
            SOSAccountPurgePrivateCredential(account);
        });
        
        notify_register_dispatch(kUserKeybagStateChangeNotification, &account->lock_notification_token, account->queue, ^(int token) {
            bool locked = false;
            CFErrorRef lockCheckError = NULL;
            
            if (!SecAKSGetIsLocked(&locked, &lockCheckError)) {
                secerror("Checking for locked after change failed: %@", lockCheckError);
            }
            
            if (locked) {
                SOSAccountPurgePrivateCredential(account);
            }
        });
    }
    
    // (Re)set the timer's fire time to now + 120 seconds with a 5 second fuzz factor.
    dispatch_time_t purgeTime = dispatch_time(DISPATCH_TIME_NOW, (int64_t)(10 * 60 * NSEC_PER_SEC));
    dispatch_source_set_timer(account->user_private_timer, purgeTime, DISPATCH_TIME_FOREVER, (int64_t)(5 * NSEC_PER_SEC));
    if (resume_timer)
        dispatch_resume(account->user_private_timer);
}

SecKeyRef SOSAccountGetPrivateCredential(SOSAccountRef account, CFErrorRef* error)
{
    if (account->_user_private == NULL) {
        SOSCreateError(kSOSErrorPrivateKeyAbsent, CFSTR("Private Key not available - failed to prompt user recently"), NULL, error);
    }
    return account->_user_private;
}

CFDataRef SOSAccountGetCachedPassword(SOSAccountRef account, CFErrorRef* error)
{
    if (account->_password_tmp == NULL) {
        secnotice("keygen", "Password cache expired");
    }
    return account->_password_tmp;
}

SecKeyRef SOSAccountGetTrustedPublicCredential(SOSAccountRef account, CFErrorRef* error)
{
    if (account->user_public == NULL || account->user_public_trusted == false) {
        SOSCreateError(kSOSErrorPublicKeyAbsent, CFSTR("Public Key not available - failed to register before call"), NULL, error);
        return NULL;
    }
    return account->user_public;
}



bool SOSAccountHasPublicKey(SOSAccountRef account, CFErrorRef* error)
{
    return SOSAccountGetTrustedPublicCredential(account, error);
}

static void sosAccountSetTrustedCredentials(SOSAccountRef account, CFDataRef user_password, SecKeyRef user_private, bool public_was_trusted) {
    if(!SOSAccountFullPeerInfoVerify(account, user_private, NULL))    (void) SOSAccountPeerSignatureUpdate(account, user_private, NULL);
    SOSAccountSetTrustedUserPublicKey(account, public_was_trusted, user_private);
    SOSAccountSetPrivateCredential(account, user_private, user_password);
}

static SecKeyRef sosAccountCreateKeyIfPasswordIsCorrect(SOSAccountRef account, CFDataRef user_password, CFErrorRef *error) {
    SecKeyRef user_private = NULL;
    require_quiet(account->user_public && account->user_key_parameters, errOut);
    user_private = SOSUserKeygen(user_password, account->user_key_parameters, error);
    require_quiet(user_private, errOut);
    SecKeyRef public_candidate = SecKeyCreatePublicFromPrivate(user_private);
    if(!CFEqualSafe(account->user_public, public_candidate)) {
        secnotice("keygen", "Public keys don't match:  expected: %@, calculated: %@", account->user_public, public_candidate);
        CFReleaseNull(user_private);
    }
    CFReleaseSafe(public_candidate);
errOut:
    return user_private;
}

static bool sosAccountValidatePasswordOrFail(SOSAccountRef account, CFDataRef user_password, CFErrorRef *error) {
    SecKeyRef privKey = sosAccountCreateKeyIfPasswordIsCorrect(account, user_password, error);
    if(!privKey) {
        if(account->user_key_parameters) debugDumpUserParameters(CFSTR("sosAccountValidatePasswordOrFail"), account->user_key_parameters);
        SOSCreateError(kSOSErrorWrongPassword, CFSTR("Could not create correct key with password."), NULL, error);
        return false;
    }
    sosAccountSetTrustedCredentials(account, user_password, privKey, account->user_public_trusted);
    CFReleaseNull(privKey);
    return true;
}

void SOSAccountSetParameters(SOSAccountRef account, CFDataRef parameters) {
    CFRetainAssign(account->user_key_parameters, parameters);
}

bool SOSAccountAssertUserCredentials(SOSAccountRef account, CFStringRef user_account __unused, CFDataRef user_password, CFErrorRef *error)
{
    bool public_was_trusted = account->user_public_trusted;
    account->user_public_trusted = false;
    SecKeyRef user_private = NULL;
    CFDataRef parameters = NULL;
    
    // if this succeeds, skip to the end.  Success will update account->user_public_trusted by side-effect.
    require_quiet(!sosAccountValidatePasswordOrFail(account, user_password, error), errOut);
    
    // We may or may not have parameters here.
    // In any case we tried using them and they didn't match
    // So forget all that and start again, assume we're the first to push anything useful.

    if (CFDataGetLength(user_password) > 20) {
        secwarning("Long password (>20 byte utf8) being used to derive account key – this may be a PET by mistake!!");
    }
    
    parameters = SOSUserKeyCreateGenerateParameters(error);
    require_quiet(user_private = SOSUserKeygen(user_password, parameters, error), errOut);
    SOSAccountSetParameters(account, parameters);
    sosAccountSetTrustedCredentials(account, user_password, user_private, public_was_trusted);

    CFErrorRef publishError = NULL;
    if (!SOSAccountPublishCloudParameters(account, &publishError)) {
        secerror("Failed to publish new cloud parameters: %@", publishError);
    }
    
    CFReleaseSafe(publishError);
    
errOut:
    CFReleaseSafe(parameters);
    CFReleaseSafe(user_private);
    account->key_interests_need_updating = true;
    return account->user_public_trusted;
}


bool SOSAccountTryUserCredentials(SOSAccountRef account, CFStringRef user_account __unused, CFDataRef user_password, CFErrorRef *error) {
    bool success = sosAccountValidatePasswordOrFail(account, user_password, error);
    account->key_interests_need_updating = true;
    return success;
}

bool SOSAccountRetryUserCredentials(SOSAccountRef account) {
    CFDataRef cachedPassword = SOSAccountGetCachedPassword(account, NULL);
    return (cachedPassword != NULL) && SOSAccountTryUserCredentials(account, NULL, cachedPassword, NULL);
}