//
// SOSPeerInfoDER.c
// sec
//
// Created by Richard Murphy on 2/9/15.
//
//
#include <AssertMacros.h>
#include <SOSPeerInfoDER.h>
#include <Security/SecureObjectSync/SOSPeerInfo.h>
#include <Security/SecureObjectSync/SOSPeerInfoInternal.h>
#include <Security/SecureObjectSync/SOSPeerInfoPriv.h>
#include <Security/SecureObjectSync/SOSPeerInfoV2.h>
#include <Security/SecureObjectSync/SOSInternal.h>
#include <utilities/der_plist.h>
#include <utilities/der_plist_internal.h>
#include <corecrypto/ccder.h>
#include <utilities/der_date.h>
#include <utilities/SecCFError.h>
size_t SOSPeerInfoGetDEREncodedSize(SOSPeerInfoRef peer, CFErrorRef *error) {
size_t plist_size = der_sizeof_plist(peer->description, error);
if (plist_size == 0)
return 0;
size_t signature_size = der_sizeof_data(peer->signature, error);
if (signature_size == 0)
return 0;
return ccder_sizeof(CCDER_CONSTRUCTED_SEQUENCE,
plist_size + signature_size);
}
uint8_t* SOSPeerInfoEncodeToDER(SOSPeerInfoRef peer, CFErrorRef* error, const uint8_t* der, uint8_t* der_end) {
if(peer->version >= 2) SOSPeerInfoPackV2Data(peer);
return ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der,
der_encode_plist(peer->description, error, der,
der_encode_data(peer->signature, error, der, der_end)));
}
CFDataRef SOSPeerInfoCopyEncodedData(SOSPeerInfoRef peer, CFAllocatorRef allocator, CFErrorRef *error) {
return CFDataCreateWithDER(kCFAllocatorDefault, SOSPeerInfoGetDEREncodedSize(peer, error), ^uint8_t*(size_t size, uint8_t *buffer) {
return SOSPeerInfoEncodeToDER(peer, error, buffer, (uint8_t *) buffer + size);
});
}
SOSPeerInfoRef SOSPeerInfoCreateFromDER(CFAllocatorRef allocator, CFErrorRef* error,
const uint8_t** der_p, const uint8_t *der_end) {
SOSPeerInfoRef pi = SOSPeerInfoAllocate(allocator);
SecKeyRef pubKey = NULL;
const uint8_t *sequence_end;
CFPropertyListRef pl = NULL;
pi->gestalt = NULL;
pi->version = 0; // TODO: Encode this in the DER
*der_p = ccder_decode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, &sequence_end, *der_p, der_end);
*der_p = der_decode_plist(allocator, kCFPropertyListImmutable, &pl, error, *der_p, sequence_end);
*der_p = der_decode_data(allocator, kCFPropertyListImmutable, &pi->signature, error, *der_p, sequence_end);
if (*der_p == NULL || *der_p != sequence_end) {
SOSCreateError(kSOSErrorBadFormat, CFSTR("Bad Format of Peer Info DER"), NULL, error);
goto fail;
}
if (CFGetTypeID(pl) != CFDictionaryGetTypeID()) {
CFStringRef description = CFCopyTypeIDDescription(CFGetTypeID(pl));
SOSCreateErrorWithFormat(kSOSErrorUnexpectedType, NULL, error, NULL,
CFSTR("Expected dictionary got CFReleaseSafe(description);
goto fail;
}
pi->description = (CFMutableDictionaryRef) pl;
CFRetain(pi->description);
CFReleaseNull(pl);
CFNumberRef versionNumber = CFDictionaryGetValue(pi->description, sVersionKey);
if (versionNumber) {
if (CFGetTypeID(versionNumber) != CFNumberGetTypeID()) {
CFStringRef description = CFCopyTypeIDDescription(CFGetTypeID(versionNumber));
SOSCreateErrorWithFormat(kSOSErrorUnexpectedType, NULL, error, NULL,
CFSTR("Expected (version) number got CFReleaseSafe(description);
goto fail;
}
CFNumberGetValue(versionNumber, kCFNumberCFIndexType, &pi->version);
}
CFDictionaryRef gestalt = CFDictionaryGetValue(pi->description, sGestaltKey);
if (gestalt == NULL) {
SOSCreateErrorWithFormat(kSOSErrorUnexpectedType, NULL, error, NULL,
CFSTR("gestalt key missing"));
goto fail;
}
if (!isDictionary(gestalt)) {
CFStringRef description = CFCopyTypeIDDescription(CFGetTypeID(gestalt));
SOSCreateErrorWithFormat(kSOSErrorUnexpectedType, NULL, error, NULL,
CFSTR("Expected dictionary got CFReleaseSafe(description);
goto fail;
}
pi->gestalt = gestalt;
CFRetain(pi->gestalt);
pubKey = SOSPeerInfoCopyPubKey(pi, error);
require_quiet(pubKey, fail);
pi->peerID = SOSCopyIDOfKey(pubKey, error);
require_quiet(pi->peerID, fail);
if(pi->version >= 2) SOSPeerInfoExpandV2Data(pi, error);
if(!SOSPeerInfoVerify(pi, error)) {
SOSCreateErrorWithFormat(kSOSErrorBadSignature, NULL, error, NULL, CFSTR("Signature doesn't validate"));
if (error) {
secerror("Can't validate PeerInfo: }
goto fail;
}
CFReleaseNull(pubKey);
return pi;
fail:
CFReleaseNull(pi);
CFReleaseNull(pl);
CFReleaseNull(pubKey);
return NULL;
}
SOSPeerInfoRef SOSPeerInfoCreateFromData(CFAllocatorRef allocator, CFErrorRef* error,
CFDataRef peerinfo_data) {
const uint8_t *der = CFDataGetBytePtr(peerinfo_data);
CFIndex len = CFDataGetLength(peerinfo_data);
return SOSPeerInfoCreateFromDER(NULL, error, &der, der+len);
}