//
// SOSPeerOTRTimer.m
//
#import <Foundation/Foundation.h>
#include <Security/SecureObjectSync/SOSPeer.h>
#include <Security/SecureObjectSync/SOSPeerCoder.h>
#include <Security/SecureObjectSync/SOSTransportMessage.h>
#include <Security/SecureObjectSync/SOSAccount.h>
#include <Security/SecureObjectSync/SOSCoder.h>
#include <Security/SecureObjectSync/SOSEngine.h>
#include <Security/SecureObjectSync/SOSDataSource.h>
#include <Security/SecureObjectSync/SOSAccountTransaction.h>
#include <Security/SecureObjectSync/SOSKVSKeys.h>
#include <Security/SecureObjectSync/SOSPeerOTRTimer.h>
#include <Security/CKBridge/SOSCloudKeychainClient.h>
#include <utilities/SecADWrapper.h>
#include <utilities/debugging.h>
#include <utilities/SecCFWrappers.h>
#include <AssertMacros.h>
#include "SOSInternal.h"
//AGGD
NSString* const SecSOSAggdMaxRenegotiation = @"com.apple.security.sos.otrrenegotiationmaxretries";
__unused static int initialOTRTimeoutValue = 60; //best round trip time in KVS plus extra for good measure
static int maxRetryCount = 7; //max number of times to attempt restarting OTR negotiation
bool SOSPeerOTRTimerHaveReachedMaxRetryAllowance(SOSAccount* account, NSString* peerid){
bool reachedMax = false;
NSMutableDictionary* attemptsPerPeer = (__bridge NSMutableDictionary*)SOSAccountGetValue(account, kSOSAccountRenegotiationRetryCount, NULL);
if(!attemptsPerPeer){
attemptsPerPeer = [NSMutableDictionary dictionary];
}
NSNumber* attempt = [attemptsPerPeer objectForKey:peerid];
if(attempt && [attempt intValue] >= maxRetryCount)
{
reachedMax = true;
SecADAddValueForScalarKey((__bridge CFStringRef) SecSOSAggdMaxRenegotiation,1);
}
return reachedMax;
}
//used when evaluating whether or not securityd should start a timer for negotiation
bool SOSPeerOTRTimerHaveAnRTTAvailable(SOSAccount* account, NSString* peerid)
{
CFErrorRef error = NULL;
CFNumberRef timeout = NULL;
bool doesRTTExist = false;
CFMutableDictionaryRef timeouts = (CFMutableDictionaryRef)asDictionary(SOSAccountGetValue(account, kSOSAccountPeerNegotiationTimeouts, &error), NULL);
require_action_quiet(timeouts, exit, secnotice("otrtimer", "do not have an rtt yet"));
timeout = CFDictionaryGetValue(timeouts, (__bridge CFStringRef)peerid);
require_action_quiet(timeout, exit, secnotice("otrtimer", "do not have an rtt yet"));
doesRTTExist = true;
exit:
return doesRTTExist;
}
//call when a timer has fired, remove the current rtt entry as the existing one isn't working
void SOSPeerOTRTimerRemoveRTTTimeoutForPeer(SOSAccount* account, NSString* peerid)
{
CFNumberRef timeout = NULL;
CFErrorRef error = NULL;
CFMutableDictionaryRef timeouts = (CFMutableDictionaryRef)asDictionary(SOSAccountGetValue(account, kSOSAccountPeerNegotiationTimeouts, &error), NULL);
require_action_quiet(timeouts && (error == NULL), exit, secnotice("otrtimer","timeout dictionary doesn't exist"));
timeout = CFDictionaryGetValue(timeouts, (__bridge CFStringRef)peerid);
require_action_quiet(timeout, exit, secnotice("otrtimer","timeout for peerid:
CFDictionaryRemoveValue(timeouts, (__bridge CFStringRef)peerid);
SOSAccountSetValue(account, kSOSAccountPeerNegotiationTimeouts, timeouts, &error);
if(error){
secnotice("otrtimer","SOSAccountSetValue threw an error for key kSOSAccountPeerNegotiationTimeouts: }
exit:
CFReleaseNull(error);
}
void SOSPeerOTRTimerRemoveLastSentMessageTimestamp(SOSAccount* account, NSString* peerid)
{
NSMutableDictionary *peerToTimeLastSentDict = (__bridge NSMutableDictionary*)SOSAccountGetValue(account, kSOSAccountPeerLastSentTimestamp, NULL);
if(peerToTimeLastSentDict){
NSDate* storedDate = [peerToTimeLastSentDict objectForKey:peerid];
if(storedDate){
[peerToTimeLastSentDict removeObjectForKey:peerid];
SOSAccountSetValue(account, kSOSAccountPeerLastSentTimestamp, (__bridge CFMutableDictionaryRef)peerToTimeLastSentDict, NULL);
}
}
}
void SOSPeerOTRTimerIncreaseOTRNegotiationRetryCount(SOSAccount* account, NSString* peerid)
{
NSMutableDictionary* attemptsPerPeer = (__bridge NSMutableDictionary*)SOSAccountGetValue(account, kSOSAccountRenegotiationRetryCount, NULL);
if(!attemptsPerPeer){
attemptsPerPeer = [NSMutableDictionary dictionary];
}
NSNumber* attempt = [attemptsPerPeer objectForKey:peerid];
if(!attempt){
attempt = [[NSNumber alloc] initWithInt:1];
[attemptsPerPeer setObject:attempt forKey:peerid];
}
else{
NSNumber* newCount = [[NSNumber alloc]initWithInt:([attempt intValue]+1)];
[attemptsPerPeer setObject:newCount forKey:peerid];
secnotice("otr","OTR negotiation retry count: }
SOSAccountSetValue(account, kSOSAccountRenegotiationRetryCount, (__bridge CFMutableDictionaryRef)attemptsPerPeer, NULL);
}
int SOSPeerOTRTimerTimeoutValue(SOSAccount* account, SOSPeerRef peer)
{
CFErrorRef error = NULL;
int timeoutIntValue = 0;
CFMutableDictionaryRef timeouts = (CFMutableDictionaryRef)asDictionary(SOSAccountGetValue(account, kSOSAccountPeerNegotiationTimeouts, &error), NULL);
require_action_quiet(timeouts, xit, secnotice("otrtimer","deadline value not available yet"));
CFNumberRef timeout = CFDictionaryGetValue(timeouts, SOSPeerGetID(peer));
require_action_quiet(timeout, xit, secnotice("otrtimer","deadline value not available yet"));
secnotice("otrtimer", "decided to wait timeoutIntValue = [(__bridge NSNumber*)timeout intValue];
xit:
return timeoutIntValue;
}
void SOSPeerOTRTimerSetupAwaitingTimer(SOSAccount* account, SOSPeerRef peer, SOSEngineRef engine, SOSCoderRef coder)
{
//check which timeout value to use
int timeoutValue = SOSPeerOTRTimerTimeoutValue(account, peer);
CFStringRef peerid = CFRetainSafe(SOSPeerGetID(peer));
secnotice("otrtimer", "setting timer for peer: __block dispatch_source_t timer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, dispatch_get_main_queue());
dispatch_source_set_timer(timer, dispatch_time(DISPATCH_TIME_NOW, timeoutValue * NSEC_PER_SEC), DISPATCH_TIME_FOREVER, 0);
dispatch_source_set_event_handler(timer, ^{
secnotice("otrtimer","otrTimerFired fired");
SOSCCResetOTRNegotiation_Server(peerid);
});
dispatch_source_set_cancel_handler(timer, ^{
CFReleaseSafe(peerid);
});
dispatch_resume(timer);
SOSPeerSetOTRTimer(peer, timer);
}
//clear the max retry counter in the account object
void SOSPeerOTRTimerClearMaxRetryCount(SOSAccount* account, NSString* peerid)
{
secnotice("otrtimer", "negotiation finished! clearing max retry counter");
NSMutableDictionary* attemptsPerPeer = (__bridge NSMutableDictionary*)SOSAccountGetValue(account, kSOSAccountRenegotiationRetryCount, NULL);
if(!attemptsPerPeer){
attemptsPerPeer = [NSMutableDictionary dictionary];
}
[attemptsPerPeer removeObjectForKey:peerid];
SOSAccountSetValue(account, kSOSAccountRenegotiationRetryCount, (__bridge CFMutableDictionaryRef)attemptsPerPeer, NULL);
}