static int tls_create_trust_from_certs(const SSLCertificate *cert, SecTrustRef *trustRef) { int err; CFMutableArrayRef certArray = NULL; CFDataRef certData = NULL; SecCertificateRef cfCert = NULL; if(cert==NULL) { test_printf("No certs, do not create SecTrustRef\n"); *trustRef = NULL; return 0; } certArray = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); while(cert) { base64_dump(cert->derCert, "CERTIFICATE"); require_action((certData = CFDataCreate(kCFAllocatorDefault, cert->derCert.data, cert->derCert.length)), out, err = errSecAllocate); require_action((cfCert = SecCertificateCreateWithData(kCFAllocatorDefault, certData)), out, err = errSecAllocate); CFArrayAppendValue(certArray, cfCert); CFReleaseNull(cfCert); CFReleaseNull(certData); cert=cert->next; } require_noerr((err=SecTrustCreateWithCertificates(certArray, NULL, trustRef)), out); out: CFReleaseSafe(certData); CFReleaseSafe(cfCert); CFReleaseSafe(certArray); return err; }
const uint8_t* der_decode_array(CFAllocatorRef allocator, CFOptionFlags mutability, CFArrayRef* array, CFErrorRef *error, const uint8_t* der, const uint8_t *der_end) { if (NULL == der) return NULL; CFMutableArrayRef result = CFArrayCreateMutable(allocator, 0, &kCFTypeArrayCallBacks); const uint8_t *elements_end; const uint8_t *current_element = ccder_decode_sequence_tl(&elements_end, der, der_end); while (current_element != NULL && current_element < elements_end) { CFPropertyListRef element = NULL; current_element = der_decode_plist(allocator, mutability, &element, error, current_element, elements_end); if (current_element) { CFArrayAppendValue(result, element); CFReleaseNull(element); } } if (current_element) { *array = result; result = NULL; } CFReleaseNull(result); return current_element; }
static const uint8_t* der_decode_key_value(CFAllocatorRef allocator, CFOptionFlags mutability, CFPropertyListRef* key, CFPropertyListRef* value, CFErrorRef *error, const uint8_t* der, const uint8_t *der_end) { const uint8_t *payload_end = 0; const uint8_t *payload = ccder_decode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, &payload_end, der, der_end); if (NULL == payload) { SecCFDERCreateError(kSecDERErrorUnknownEncoding, CFSTR("Unknown data encoding, expected CCDER_CONSTRUCTED_SEQUENCE"), NULL, error); return NULL; } CFTypeRef keyObject = NULL; CFTypeRef valueObject = NULL; payload = der_decode_plist(allocator, mutability, &keyObject, error, payload, payload_end); payload = der_decode_plist(allocator, mutability, &valueObject, error, payload, payload_end); if (payload != NULL) { *key = keyObject; *value = valueObject; } else { CFReleaseNull(keyObject); CFReleaseNull(valueObject); } return payload; }
static void SOSRecoveryKeyBagDestroy(CFTypeRef aObj) { SOSRecoveryKeyBagRef rb = (SOSRecoveryKeyBagRef) aObj; CFReleaseNull(rb->accountDSID); CFReleaseNull(rb->generation); CFReleaseNull(rb->recoveryKeyBag); }
static void ensureKeychainExists(void) { CFDictionaryRef query = CFDictionaryCreate(0, &kSecClass, &kSecClassInternetPassword, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFTypeRef results = NULL; is_status(SecItemCopyMatching(query, &results), errSecItemNotFound, "expected nothing got %@", results); CFReleaseNull(query); CFReleaseNull(results); }
/* Convert cert in DER format into an CFArray of SecCertificateRef */ CFArrayRef tls_get_peer_certs(const SSLCertificate *certs) { const SSLCertificate *cert; CFMutableArrayRef certArray = NULL; CFDataRef certData = NULL; SecCertificateRef cfCert = NULL; certArray = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); require(certArray, out); cert = certs; while(cert) { require((certData = CFDataCreate(kCFAllocatorDefault, cert->derCert.data, cert->derCert.length)), out); require((cfCert = SecCertificateCreateWithData(kCFAllocatorDefault, certData)), out); CFArrayAppendValue(certArray, cfCert); CFReleaseNull(cfCert); CFReleaseNull(certData); cert=cert->next; } return certArray; out: CFReleaseNull(cfCert); CFReleaseNull(certData); CFReleaseNull(certArray); return NULL; }
static CFDictionaryRef SecItemCopyAttributeDictionary(CFTypeRef ref) { CFDictionaryRef refDictionary = NULL; CFTypeID typeID = CFGetTypeID(ref); if (typeID == SecKeyGetTypeID()) { refDictionary = SecKeyCopyAttributeDictionary((SecKeyRef)ref); } else if (typeID == SecCertificateGetTypeID()) { refDictionary = SecCertificateCopyAttributeDictionary((SecCertificateRef)ref); } else if (typeID == SecIdentityGetTypeID()) { assert(false); SecIdentityRef identity = (SecIdentityRef)ref; SecCertificateRef cert = NULL; SecKeyRef key = NULL; if (!SecIdentityCopyCertificate(identity, &cert) && !SecIdentityCopyPrivateKey(identity, &key)) { CFDataRef data = SecCertificateCopyData(cert); CFDictionaryRef key_dict = SecKeyCopyAttributeDictionary(key); if (key_dict && data) { refDictionary = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, 0, key_dict); CFDictionarySetValue((CFMutableDictionaryRef)refDictionary, CFSTR(CERTIFICATE_DATA_COLUMN_LABEL), data); } CFReleaseNull(key_dict); CFReleaseNull(data); } CFReleaseNull(cert); CFReleaseNull(key); } else { refDictionary = NULL; } return refDictionary; }
static void tests(void) { SOSCircleRef circle = SOSCircleCreate(NULL, CFSTR("TEST DOMAIN"), NULL); ok(NULL != circle, "Circle creation"); ok(0 == SOSCircleCountPeers(circle), "Zero peers"); //SecKeyRef publicKey = NULL; SecKeyRef dev_a_key = NULL; SecKeyRef dev_b_key = NULL; CFErrorRef error = NULL; CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10); if(cfpassword == NULL) printf("WTF\n"); CFDataRef parameters = SOSUserKeyCreateGenerateParameters(&error); ok(parameters, "No parameters!"); ok(error == NULL, "Error: (%@)", error); CFReleaseNull(error); SecKeyRef user_privkey = SOSUserKeygen(cfpassword, parameters, &error); CFReleaseNull(parameters); SOSFullPeerInfoRef peer_a_full_info = SOSCreateFullPeerInfoFromName(CFSTR("Peer A"), &dev_a_key, NULL); SOSFullPeerInfoRef peer_b_full_info = SOSCreateFullPeerInfoFromName(CFSTR("Peer B"), &dev_b_key, NULL); ok(SOSCircleRequestAdmission(circle, user_privkey, peer_a_full_info, NULL)); ok(SOSCircleRequestAdmission(circle, user_privkey, peer_a_full_info, NULL)); ok(SOSCircleRequestAdmission(circle, user_privkey, peer_a_full_info, NULL)); ok(SOSCircleAcceptRequest(circle, user_privkey, peer_a_full_info, SOSFullPeerInfoGetPeerInfo(peer_a_full_info), NULL)); ok(!SOSCircleRequestAdmission(circle, user_privkey, peer_a_full_info, NULL)); ok(SOSCircleRequestAdmission(circle, user_privkey, peer_b_full_info, NULL)); ok(SOSCircleCountPeers(circle) == 1, "Peer count"); size_t size = SOSCircleGetDEREncodedSize(circle, &error); uint8_t buffer[size]; uint8_t* start = SOSCircleEncodeToDER(circle, &error, buffer, buffer + sizeof(buffer)); ok(start, "successful encoding"); ok(start == buffer, "Used whole buffer"); const uint8_t *der = buffer; SOSCircleRef inflated = SOSCircleCreateFromDER(NULL, &error, &der, buffer + sizeof(buffer)); ok(inflated, "inflated"); ok(CFEqualSafe(inflated, circle), "Compares"); ok(SOSCircleRemovePeer(circle, user_privkey, peer_a_full_info, SOSFullPeerInfoGetPeerInfo(peer_a_full_info), NULL)); ok(SOSCircleCountPeers(circle) == 0, "Peer count"); CFReleaseNull(dev_a_key); CFReleaseNull(cfpassword); }
void asynchttp_free(asynchttp_t *http) { if (http) { CFReleaseNull(http->request); CFReleaseNull(http->response); CFReleaseNull(http->data); CFReleaseNull(http->stream); dispatch_release_null(http->timer); } }
static void persistentRefIs(CFDataRef pref, CFDataRef data) { CFMutableDictionaryRef dict = CFDictionaryCreateMutable(NULL, 0, NULL, NULL); CFTypeRef result = NULL; CFDictionaryAddValue(dict, kSecValuePersistentRef, pref); CFDictionaryAddValue(dict, kSecReturnData, kCFBooleanTrue); ok_status(SecItemCopyMatching(dict, &result), "lookup item data by persistent ref"); ok(CFEqual(data, result), "result %@ equals expected data %@", result, data); CFReleaseNull(result); CFReleaseNull(dict); }
void SOSCoderDispose(SOSCoderRef coder) { if (coder) { CFReleaseNull(coder->sessRef); CFReleaseNull(coder->pendingResponse); CFReleaseNull(coder->peer_id); free(coder); } coder = NULL; }
static uint8_t* AppendEncryptedSignature(SecOTRSessionRef session, const cc_unit* s, bool usePrime, CFMutableDataRef appendTo) { CFMutableDataRef signature = CFDataCreateMutable(kCFAllocatorDefault, 0); CFMutableDataRef mbData = CFDataCreateMutable(kCFAllocatorDefault, 0); CFMutableDataRef mb = CFDataCreateMutable(kCFAllocatorDefault, 0); SecFDHKAppendPublicSerialization(session->_myKey, mbData); SecPDHKAppendSerialization(session->_theirKey, mbData); CFIndex publicKeyOffset = CFDataGetLength(mbData); SecOTRPublicIdentityRef myPublic = SecOTRPublicIdentityCopyFromPrivate(kCFAllocatorDefault, session->_me, NULL); AppendPublicKey(mbData, myPublic); CFReleaseNull(myPublic); AppendLong(mbData, session->_keyID); DeriveAndAppendSHA256HMAC(mb, kExponentiationUnits, s, usePrime ? kM1Prime : kM1, (size_t)CFDataGetLength(mbData), CFDataGetBytePtr(mbData)); CFDataDeleteBytes(mbData, CFRangeMake(0, publicKeyOffset)); CFMutableDataRef xb = mbData; mbData = NULL; SecOTRFIAppendSignature(session->_me, mb, signature, NULL); CFReleaseNull(mb); AppendCFDataAsDATA(xb, signature); CFReleaseNull(signature); CFIndex dataLength = CFDataGetLength(xb); CFIndex signatureStartIndex = CFDataGetLength(appendTo); /* 64 bits cast: We are appending the signature we just generated, which is never bigger than 2^32 bytes. */ assert(((unsigned long)dataLength)<=UINT32_MAX); /* debug check, correct as long as CFIndex is a signed long */ AppendLong(appendTo, (uint32_t)dataLength); uint8_t *destination = CFDataIncreaseLengthAndGetMutableBytes(appendTo, dataLength); uint8_t c[kOTRAuthKeyBytes]; DeriveOTR128BitPairFromS(kCs, kExponentiationUnits, s, sizeof(c), usePrime ? NULL : c, sizeof(c), usePrime ? c : NULL); AES_CTR_IV0_Transform(sizeof(c), c, (size_t)dataLength, CFDataGetBytePtr(xb), destination); bzero(c, sizeof(c)); CFReleaseNull(xb); return CFDataGetMutableBytePtr(appendTo) + signatureStartIndex; }
bool SOSAccountSetHSAPubKeyExpected(SOSAccountRef account, CFDataRef pubKeyBytes, CFErrorRef *error) { bool retval = false; SecKeyRef publicKey = SecKeyCreateFromPublicBytes(NULL, kSecECDSAAlgorithmID, CFDataGetBytePtr(pubKeyBytes), CFDataGetLength(pubKeyBytes)); CFStringRef peerID = SOSCopyIDOfKey(publicKey, error); require(sosAccountSetPreApprovedInfo(account, peerID, error), errOut); retval = true; errOut: CFReleaseNull(publicKey); CFReleaseNull(peerID); return retval; }
static int countPeers(SOSAccountRef account, bool active) { CFErrorRef error = NULL; CFArrayRef peers; if(active) peers = SOSAccountCopyActivePeers(account, &error); else peers = SOSAccountCopyPeers(account, &error); int retval = (int) CFArrayGetCount(peers); CFReleaseNull(error); CFReleaseNull(peers); return retval; }
/* Test basic add delete update copy matching stuff. */ static void tests(SecKeyDescriptor *descriptor) { const uint8_t *keyData = (const uint8_t *)"abc"; CFIndex keyDataLength = 3; SecKeyEncoding encoding = kSecKeyEncodingRaw; ok(customKey = SecKeyCreate(kCFAllocatorDefault, descriptor, keyData, keyDataLength, encoding), "create custom key"); is(customKey, initedCustomKey, "CustomKeyInit got the right key"); SecPadding padding = kSecPaddingPKCS1; const uint8_t *src = (const uint8_t *)"defgh"; size_t srcLen = 5; uint8_t dst[5]; size_t dstLen = 5; ok_status(SecKeyDecrypt(customKey, padding, src, srcLen, dst, &dstLen), "SecKeyDecrypt"); ok_status(SecKeyEncrypt(customKey, padding, src, srcLen, dst, &dstLen), "SecKeyEncrypt"); ok_status(SecKeyRawSign(customKey, padding, src, srcLen, dst, &dstLen), "SecKeyRawSign"); ok_status(SecKeyRawVerify(customKey, padding, src, srcLen, dst, dstLen), "SecKeyRawVerify"); is(SecKeyGetSize(customKey, kSecKeyKeySizeInBits), (size_t)5*8, "SecKeyGetSize"); CFDictionaryRef attrDict = NULL; ok(attrDict = SecKeyCopyAttributeDictionary(customKey), "SecKeyCopyAttributeDictionary"); CFReleaseNull(attrDict); CFDataRef pubdata = NULL; ok(SecKeyCopyPublicBytes(customKey, &pubdata) != 0, "SecKeyCopyPublicBytes"); CFReleaseNull(pubdata); CFDataRef wrapped; wrapped = _SecKeyCopyWrapKey(customKey, kSecKeyWrapPublicKeyPGP, pubdata, NULL, NULL, NULL); ok(wrapped == NULL, "_SecKeyCopyWrapKey"); CFReleaseNull(wrapped); wrapped = _SecKeyCopyUnwrapKey(customKey, kSecKeyWrapPublicKeyPGP, pubdata, NULL, NULL, NULL); ok(wrapped == NULL, "_SecKeyCopyUnwrapKey"); CFReleaseNull(wrapped); //ok(SecKeyGeneratePair(customKey, ), "SecKeyGeneratePair"); ok(SecKeyGetTypeID() != 0, "SecKeyGetTypeID works"); if (customKey) { CFRelease(customKey); customKey = NULL; } }
bool SOSTransportMessageSendMessageIfNeeded(SOSTransportMessageRef transport, CFStringRef circle_id, CFStringRef peer_id, CFErrorRef *error) { SOSEnginePeerMessageSentBlock sent = NULL; CFDataRef message_to_send = NULL; bool ok = false; SOSPeerRef peer = SOSPeerCreateWithEngine(SOSTransportMessageGetEngine(transport), peer_id); CFDataRef coderData = SOSEngineGetCoderData(SOSTransportMessageGetEngine(transport), peer_id); require(coderData, fail); SOSCoderRef coder = SOSCoderCreateFromData(coderData, error); require(coder, fail); SOSPeerSetCoder(peer, coder); ok = SOSPeerCoderSendMessageIfNeeded(peer, &message_to_send, circle_id, peer_id, &sent, error); coder = SOSPeerGetCoder(peer); if (message_to_send) { CFDictionaryRef peer_dict = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, peer_id, message_to_send, NULL); CFDictionaryRef circle_peers = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, circle_id, peer_dict, NULL); ok = ok && SOSTransportMessageSendMessages(transport, circle_peers, error); SOSPeerCoderConsume(&sent, ok); CFReleaseSafe(peer_dict); CFReleaseSafe(circle_peers); } Block_release(sent); CFReleaseSafe(message_to_send); coderData = SOSCoderCopyDER(coder, error); if(!SOSEngineSetCoderData(SOSTransportMessageGetEngine(transport), peer_id, coderData, error)){ secerror("SOSTransportMessageSendMessageIfNeeded, Could not save peer state"); } CFReleaseNull(coderData); if (coder) SOSCoderDispose(coder); fail: CFReleaseNull(peer); return ok; }
static bool acceptApplicants(SOSAccountRef account, CFIndex count) { bool retval = false; CFErrorRef error = NULL; CFArrayRef applicants = SOSAccountCopyApplicants(account, &error); ok(applicants && CFArrayGetCount(applicants) == count, "See %ld applicants %@ (%@)", count, applicants, error); CFReleaseNull(error); require_quiet(CFArrayGetCount(applicants) == count, xit); ok((retval=SOSAccountAcceptApplicants(account, applicants, &error)), "Accept applicants into the fold"); CFReleaseNull(error); CFReleaseSafe(applicants); xit: return retval; }
SOSCoderRef SOSCoderCreate(SOSPeerInfoRef peerInfo, SOSFullPeerInfoRef myPeerInfo, CFErrorRef *error) { CFAllocatorRef allocator = CFGetAllocator(peerInfo); SOSCoderRef coder = calloc(1, sizeof(struct __OpaqueSOSCoder)); CFErrorRef localError = NULL; SecOTRFullIdentityRef myRef = NULL; SecOTRPublicIdentityRef peerRef = NULL; SecKeyRef privateKey = NULL; SecKeyRef publicKey = NULL; if (myPeerInfo && peerInfo) { privateKey = SOSFullPeerInfoCopyDeviceKey(myPeerInfo, &localError); require_quiet(privateKey, errOut); myRef = SecOTRFullIdentityCreateFromSecKeyRef(allocator, privateKey, &localError); require_quiet(myRef, errOut); CFReleaseNull(privateKey); publicKey = SOSPeerInfoCopyPubKey(peerInfo); peerRef = SecOTRPublicIdentityCreateFromSecKeyRef(allocator, publicKey, &localError); require_quiet(peerRef, errOut); coder->sessRef = SecOTRSessionCreateFromID(allocator, myRef, peerRef); require(coder->sessRef, errOut); coder->waitingForDataPacket = false; coder->pendingResponse = NULL; CFReleaseNull(publicKey); CFReleaseNull(privateKey); CFReleaseNull(myRef); CFReleaseNull(peerRef); } else { secnotice("coder", "NULL Coder requested, no transport security"); } SOSCoderStart(coder, NULL); return coder; errOut: secerror("Coder create failed: %@\n", localError ? localError : (CFTypeRef)CFSTR("No local error in SOSCoderCreate")); secerror("Coder create failed: %@\n", error ? *error : (CFTypeRef)CFSTR("WTF NULL?")); CFReleaseNull(myRef); CFReleaseNull(peerRef); CFReleaseNull(publicKey); CFReleaseNull(privateKey); free(coder); return NULL; }
static CFStringRef SOSRecoveryKeyBagCopyFormatDescription(CFTypeRef aObj, CFDictionaryRef formatOptions) { SOSRecoveryKeyBagRef rb = (SOSRecoveryKeyBagRef) aObj; CFStringRef gcString = SOSGenerationCountCopyDescription(rb->generation); CFStringRef rkbID = SOSCopyIDOfDataBufferWithLength(rb->recoveryKeyBag, 8, NULL); CFMutableStringRef description = CFStringCreateMutable(kCFAllocatorDefault, 0); CFStringAppendFormat(description, NULL, CFSTR("<SOSRecoveryKeyBag@%p DSID: %@ version: %d gencount: %@ RecoveryKeyID: %@ "), rb, rb->accountDSID, (int) rb->rkbVersion, gcString, rkbID); CFStringAppend(description, CFSTR(">")); CFReleaseNull(gcString); CFReleaseNull(rkbID); return description; }
static bool SOSTestAcceptApplicant(SOSAccountRef acceptor, CFIndex appsExpected, CFErrorRef *error) { bool retval = true; CFArrayRef applicants = SOSAccountCopyApplicants(acceptor, error); CFStringRef acceptorName = SOSAccountCopyName(acceptor); ok(applicants && CFArrayGetCount(applicants) == appsExpected, "See %ld applicant %@ (%@)", appsExpected, applicants, *error); if(CFArrayGetCount(applicants) != appsExpected) retval = false; ok(retval && (retval = SOSAccountAcceptApplicants(acceptor, applicants, error)), "%@ accepts (%@)", acceptorName, *error); CFReleaseNull(*error); CFReleaseNull(applicants); CFReleaseNull(acceptorName); return retval; }
const uint8_t* der_decode_dictionary(CFAllocatorRef allocator, CFOptionFlags mutability, CFDictionaryRef* dictionary, CFErrorRef *error, const uint8_t* der, const uint8_t *der_end) { if (NULL == der) return NULL; const uint8_t *payload_end = 0; const uint8_t *payload = ccder_decode_constructed_tl(CCDER_CONSTRUCTED_SET, &payload_end, der, der_end); if (NULL == payload) { SecCFDERCreateError(kSecDERErrorUnknownEncoding, CFSTR("Unknown data encoding, expected CCDER_CONSTRUCTED_SET"), NULL, error); return NULL; } CFMutableDictionaryRef dict = CFDictionaryCreateMutable(allocator, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); if (NULL == dict) { SecCFDERCreateError(kSecDERErrorAllocationFailure, CFSTR("Failed to create dictionary"), NULL, error); payload = NULL; goto exit; } while (payload != NULL && payload < payload_end) { CFTypeRef key = NULL; CFTypeRef value = NULL; payload = der_decode_key_value(allocator, mutability, &key, &value, error, payload, payload_end); if (payload) { CFDictionaryAddValue(dict, key, value); } CFReleaseNull(key); CFReleaseNull(value); } exit: if (payload == payload_end) { *dictionary = dict; dict = NULL; } CFReleaseNull(dict); return payload; }
bool SOSAccountSendIKSPSyncList(SOSAccountRef account, CFErrorRef *error){ bool result = true; __block CFErrorRef localError = NULL; __block CFMutableArrayRef ids = NULL; SOSCircleRef circle = NULL; require_action_quiet(SOSAccountIsInCircle(account, NULL), xit, SOSCreateError(kSOSErrorNoCircle, CFSTR("This device is not in circle"), NULL, &localError)); circle = SOSAccountGetCircle(account, error); ids = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); SOSCircleForEachValidPeer(circle, account->user_public, ^(SOSPeerInfoRef peer) { if (!SOSAccountIsThisPeerIDMe(account, SOSPeerInfoGetPeerID(peer))) { if(SOSPeerInfoShouldUseIDSTransport(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer) && SOSPeerInfoShouldUseIDSMessageFragmentation(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer) && !SOSPeerInfoShouldUseACKModel(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer)){ SOSTransportMessageIDSSetFragmentationPreference(account->ids_message_transport, kCFBooleanTrue); CFStringRef deviceID = SOSPeerInfoCopyDeviceID(peer); if(deviceID != NULL){ CFArrayAppendValue(ids, deviceID); } CFReleaseNull(deviceID); } } });
bool SOSAccountPublishCloudParameters(SOSAccountRef account, CFErrorRef* error){ bool success = false; CFIndex cloud_der_len = der_sizeof_cloud_parameters( account->user_public, account->user_key_parameters, error); CFMutableDataRef cloudParameters = CFDataCreateMutableWithScratch(kCFAllocatorDefault, cloud_der_len); if (der_encode_cloud_parameters(account->user_public, account->user_key_parameters, error, CFDataGetMutableBytePtr(cloudParameters), CFDataGetMutablePastEndPtr(cloudParameters)) != NULL) { CFErrorRef changeError = NULL; if (SOSTrasnportKeyParameterPublishCloudParameters(account->key_transport, cloudParameters, error)) { success = true; } else { SOSCreateErrorWithFormat(kSOSErrorSendFailure, changeError, error, NULL, CFSTR("update parameters key failed [%@]"), cloudParameters); } CFReleaseSafe(changeError); } else { SOSCreateError(kSOSErrorEncodeFailure, CFSTR("Encoding parameters failed"), NULL, error); } CFReleaseNull(cloudParameters); return success; }
CFDataRef SOSUserKeyCreateGenerateParameters(CFErrorRef *error) { size_t saltlen = SALTMAX; uint8_t salt[saltlen]; size_t iterations = ITERATIONMIN; size_t keysize = 256; if(CCRandomCopyBytes(kCCRandomDefault, salt, sizeof(salt)) != kCCSuccess) { SOSCreateError(kSOSErrorProcessingFailure, CFSTR("CCRandomCopyBytes failed"), NULL, error); return NULL; } CFMutableDataRef result = CFDataCreateMutable(kCFAllocatorDefault, 0); CFDataSetLength(result, der_sizeof_pbkdf2_params(saltlen, salt, iterations, keysize)); uint8_t * encode = der_encode_pbkdf2_params(saltlen, salt, iterations, keysize, CFDataGetBytePtr(result), CFDataGetMutableBytePtr(result) + CFDataGetLength(result)); if (!encode) CFReleaseNull(result); if (result) { secnotice("keygen", "Created new parameters: iterations %zd, keysize %zd: %@", iterations, keysize, result); } return result; }
static void debugShowSignerInfo(SecCmsSignedDataRef signedData) { #ifndef NDEBUG int numberOfSigners = SecCmsSignedDataSignerInfoCount (signedData); dtprintf("numberOfSigners : %d\n", numberOfSigners); int ix; for (ix=0;ix < numberOfSigners;ix++) { SecCmsSignerInfoRef sigi = SecCmsSignedDataGetSignerInfo(signedData,ix); if (sigi) { CFStringRef commonName = SecCmsSignerInfoGetSignerCommonName(sigi); const char *signerhdr = " signer : "; if (commonName) { char *cn = cfStringToChar(commonName); dtprintf("%s%s\n", signerhdr, cn); if (cn) free(cn); CFReleaseNull(commonName); } else dtprintf("%s<NULL>\n", signerhdr); } } #endif }
static OSStatus EAPSecIdentityListCreate(CFArrayRef * ret_array) { const void * keys[] = { kSecClass, kSecReturnRef, kSecMatchLimit }; CFDictionaryRef query; CFTypeRef results = NULL; OSStatus status = errSecSuccess; const void * values[] = { kSecClassIdentity, kCFBooleanTrue, kSecMatchLimitAll }; query = CFDictionaryCreate(NULL, keys, values, array_size(keys), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); ok_status(status = SecItemCopyMatching(query, &results), "SecItemCopyMatching"); CFReleaseNull(query); if (status == errSecSuccess) { *ret_array = results; } return (status); }
/* * Free a privKey object. */ extern OSStatus sslFreePrivKey(SSLPrivKey **privKey) { if (privKey && *privKey) { CFReleaseNull(SECKEYREF(*privKey)); } return noErr; }
static void asynchttp_complete(asynchttp_t *http) { secdebug("http", "http: %p", http); /* Shutdown streams and timer, we're about to invoke our client callback. */ if (http->stream) { CFReadStreamSetClient(http->stream, kCFStreamEventNone, NULL, NULL); CFReadStreamSetDispatchQueue(http->stream, NULL); CFReadStreamClose(http->stream); CFReleaseNull(http->stream); } if (http->timer) { dispatch_source_cancel(http->timer); dispatch_release_null(http->timer); } if (http->completed) { /* This should probably move to our clients. */ CFTimeInterval maxAge = NULL_TIME; if (http->response) { CFStringRef cacheControl = CFHTTPMessageCopyHeaderFieldValue( http->response, CFSTR("cache-control")); if (cacheControl) { CFStringRef maxAgeValue = copyParseMaxAge(cacheControl); CFRelease(cacheControl); if (maxAgeValue) { secdebug("http", "http header max-age: %@", maxAgeValue); maxAge = CFStringGetDoubleValue(maxAgeValue); CFRelease(maxAgeValue); } } } http->completed(http, maxAge); } }
// Der encoding/decoding const uint8_t* der_decode_RecoveryKeyBag(CFAllocatorRef allocator, SOSRecoveryKeyBagRef* RecoveryKeyBag, CFErrorRef *error, const uint8_t* der, const uint8_t *der_end) { if (der == NULL) return der; const uint8_t *result = NULL; SOSRecoveryKeyBagRef rb = CFTypeAllocate(SOSRecoveryKeyBag, struct __OpaqueSOSRecoveryKeyBag, allocator); require_quiet(SecAllocationError(rb, error, CFSTR("Recovery bag allocation failed")), fail); const uint8_t *sequence_end = NULL; der = ccder_decode_sequence_tl(&sequence_end, der, der_end); require_quiet(sequence_end == der_end, fail); der = der_decode_string(kCFAllocatorDefault, kCFPropertyListImmutable, &rb->accountDSID, error, der, sequence_end); rb->generation = SOSGenCountCreateFromDER(kCFAllocatorDefault, error, &der, sequence_end); der = ccder_decode_uint64(&rb->rkbVersion, der, sequence_end); der = der_decode_data(allocator, kCFPropertyListImmutable, &rb->recoveryKeyBag, error, der, sequence_end); require_quiet(SecRequirementError(der == der_end, error, CFSTR("Extra space in sequence")), fail); if (RecoveryKeyBag) CFTransferRetained(*RecoveryKeyBag, rb); result = der; fail: CFReleaseNull(rb); return result; }
// Takes the "context" policies to extract the revocation and apply it to timeStamp. CFArrayRef SecPolicyCreateAppleTimeStampingAndRevocationPolicies(CFTypeRef policyOrArray) { /* can't use SECAPI macros, since this function does not return OSStatus */ CFArrayRef resultPolicyArray=NULL; try { // Set default policy CFRef<CFArrayRef> policyArray = cfArrayize(policyOrArray); CFRef<SecPolicyRef> defaultPolicy = SecPolicyCreateWithOID(kSecPolicyAppleTimeStamping); CFRef<CFMutableArrayRef> appleTimeStampingPolicies = makeCFMutableArray(1,defaultPolicy.get()); // Parse the policy and add revocation related ones CFIndex numPolicies = CFArrayGetCount(policyArray); for(CFIndex dex=0; dex<numPolicies; dex++) { SecPolicyRef secPol = (SecPolicyRef)CFArrayGetValueAtIndex(policyArray, dex); SecPointer<Policy> pol = Policy::required(SecPolicyRef(secPol)); const CssmOid &oid = pol->oid(); if ((oid == CssmOid::overlay(CSSMOID_APPLE_TP_REVOCATION)) || (oid == CssmOid::overlay(CSSMOID_APPLE_TP_REVOCATION_CRL)) || (oid == CssmOid::overlay(CSSMOID_APPLE_TP_REVOCATION_OCSP))) { CFArrayAppendValue(appleTimeStampingPolicies, secPol); } } // Transfer of ownership resultPolicyArray=appleTimeStampingPolicies.yield(); } catch (...) { CFReleaseNull(resultPolicyArray); }; return resultPolicyArray; }