3
* contains methods to access user specific certificates IDs and more.
5
* Copyright (c) 2008 Jonathan Beck All Rights Reserved.
7
* This library is free software; you can redistribute it and/or
8
* modify it under the terms of the GNU Lesser General Public
9
* License as published by the Free Software Foundation; either
10
* version 2.1 of the License, or (at your option) any later version.
12
* This library is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15
* Lesser General Public License for more details.
17
* You should have received a copy of the GNU Lesser General Public
18
* License along with this library; if not, write to the Free Software
19
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
30
#include <openssl/pem.h>
31
#include <openssl/rsa.h>
32
#include <openssl/x509.h>
33
#include <openssl/x509v3.h>
35
#include <gnutls/gnutls.h>
36
#include <gnutls/x509.h>
52
#define LIBIMOBILEDEVICE_CONF_DIR "libimobiledevice"
53
#define LIBIMOBILEDEVICE_CONF_FILE "libimobiledevicerc"
55
#define LIBIMOBILEDEVICE_ROOT_PRIVKEY "RootPrivateKey.pem"
56
#define LIBIMOBILEDEVICE_HOST_PRIVKEY "HostPrivateKey.pem"
57
#define LIBIMOBILEDEVICE_ROOT_CERTIF "RootCertificate.pem"
58
#define LIBIMOBILEDEVICE_HOST_CERTIF "HostCertificate.pem"
62
#define DIR_SEP_S "\\"
68
static char __config_dir[512] = {0, };
71
static char *userpref_utf16_to_utf8(wchar_t *unistr, long len, long *items_read, long *items_written)
73
if (!unistr || (len <= 0)) return NULL;
74
char *outbuf = (char*)malloc(3*(len+1));
83
outbuf[p++] = (char)(0xE0 + ((wc >> 12) & 0xF));
84
outbuf[p++] = (char)(0x80 + ((wc >> 6) & 0x3F));
85
outbuf[p++] = (char)(0x80 + (wc & 0x3F));
86
} else if (wc >= 0x80) {
87
outbuf[p++] = (char)(0xC0 + ((wc >> 6) & 0x1F));
88
outbuf[p++] = (char)(0x80 + (wc & 0x3F));
90
outbuf[p++] = (char)(wc & 0x7F);
105
static const char *userpref_get_tmp_dir()
107
const char *cdir = getenv("TMPDIR");
110
cdir = getenv("TMP");
113
cdir = getenv("TEMP");
119
static const char *userpref_get_config_dir()
121
if (__config_dir[0]) return __config_dir;
123
wchar_t path[MAX_PATH+1];
125
LPITEMIDLIST pidl = NULL;
128
hr = SHGetSpecialFolderLocation (NULL, CSIDL_LOCAL_APPDATA, &pidl);
130
b = SHGetPathFromIDListW (pidl, path);
132
char *cdir = userpref_utf16_to_utf8 (path, wcslen(path), NULL, NULL);
133
strcpy(__config_dir, cdir);
135
CoTaskMemFree (pidl);
139
const char *cdir = getenv("XDG_CONFIG_HOME");
141
cdir = getenv("HOME");
142
if (!cdir || !cdir[0]) {
143
const char *tdir = userpref_get_tmp_dir();
144
strcpy(__config_dir, tdir);
145
strcat(__config_dir, DIR_SEP_S);
146
strcat(__config_dir, "root");
148
strcpy(__config_dir, cdir);
150
strcat(__config_dir, DIR_SEP_S);
151
strcat(__config_dir, ".config");
153
strcpy(__config_dir, cdir);
156
strcat(__config_dir, DIR_SEP_S);
157
strcat(__config_dir, LIBIMOBILEDEVICE_CONF_DIR);
159
int i = strlen(__config_dir)-1;
160
while ((i > 0) && (__config_dir[i] == DIR_SEP)) {
161
__config_dir[i--] = '\0';
167
static int __mkdir(const char *dir, int mode)
172
return mkdir(dir, mode);
176
static int mkdir_with_parents(const char *dir, int mode)
179
if (__mkdir(dir, mode) == 0) {
182
if (errno == EEXIST) return 0;
185
char *parent = strdup(dir);
186
parent = dirname(parent);
188
res = mkdir_with_parents(parent, mode);
194
mkdir_with_parents(dir, mode);
199
static int config_write(const char *cfgfile, plist_t dict)
201
if (!cfgfile || !dict || (plist_get_node_type(dict) != PLIST_DICT)) {
206
#if 1 // old style config
207
plist_t hostid = plist_dict_get_item(dict, "HostID");
208
if (hostid && (plist_get_node_type(hostid) == PLIST_STRING)) {
209
char *hostidstr = NULL;
210
plist_get_string_val(hostid, &hostidstr);
212
FILE *fd = fopen(cfgfile, "wb");
214
fprintf(fd, "\n[Global]\nHostID=%s\n", hostidstr);
218
debug_info("could not open '%s' for writing: %s", cfgfile, strerror(errno));
228
plist_to_xml(dict, &xml, &length);
233
FILE *fd = fopen(cfgfile, "wb");
239
if (fwrite(xml, 1, length, fd) == length) {
242
fprintf(stderr, "%s: ERROR: failed to write configuration to '%s'\n", __func__, cfgfile);
251
static int config_read(const char *cfgfile, plist_t *dict)
253
if (!cfgfile || !dict) {
258
FILE *fd = fopen(cfgfile, "rb");
260
debug_info("could not open '%s' for reading: %s", cfgfile, strerror(errno));
264
fseek(fd, 0, SEEK_END);
265
unsigned long int size = ftell(fd);
266
fseek(fd, 0, SEEK_SET);
267
unsigned char *contents = NULL;
269
contents = malloc(size);
270
if (fread(contents, 1, size, fd) != size) {
275
plist_t plist = NULL;
277
if (!memcmp(contents, "bplist00", 8)) {
278
plist_from_bin((const char*)contents, (uint32_t)size, &plist);
281
if (memchr(contents, '<', size)) {
282
plist_from_xml((const char*)contents, (uint32_t)size, &plist);
287
// try parsing old format config file
289
fseek(fd, 0, SEEK_SET);
290
while (fgets(line, 256, fd)) {
292
size_t llen = strlen(p)-1;
293
while ((llen > 0) && ((p[llen] == '\n') || (p[llen] == '\r'))) {
297
if (llen == 0) continue;
298
while ((p[0] == '\n') || (p[0] == '\r')) {
301
if (!strncmp(p, "HostID=", 7)) {
302
plist = plist_new_dict();
303
plist_dict_insert_item(plist, "HostID", plist_new_string(p+7));
310
// write new format config
311
config_write(cfgfile, plist);
325
* Creates a freedesktop compatible configuration directory.
327
static void userpref_create_config_dir(void)
329
const char *config_path = userpref_get_config_dir();
331
if (stat(config_path, &st) != 0) {
332
mkdir_with_parents(config_path, 0755);
336
static int get_rand(int min, int max)
338
int retval = (rand() % (max - min)) + min;
343
* Generates a valid HostID (which is actually a UUID).
345
* @return A null terminated string containing a valid HostID.
347
static char *userpref_generate_host_id()
349
/* HostID's are just UUID's, and UUID's are 36 characters long */
350
char *hostid = (char *) malloc(sizeof(char) * 37);
351
const char *chars = "ABCDEF0123456789";
355
for (i = 0; i < 36; i++) {
356
if (i == 8 || i == 13 || i == 18 || i == 23) {
360
hostid[i] = chars[get_rand(0, 16)];
363
/* make it a real string */
369
* Store HostID in config file.
371
* @param host_id A null terminated string containing a valid HostID.
373
static int userpref_set_host_id(const char *host_id)
375
const char *config_path;
381
/* Make sure config directory exists */
382
userpref_create_config_dir();
384
config_path = userpref_get_config_dir();
385
config_file = (char*)malloc(strlen(config_path)+1+strlen(LIBIMOBILEDEVICE_CONF_FILE)+1);
386
strcpy(config_file, config_path);
387
strcat(config_file, DIR_SEP_S);
388
strcat(config_file, LIBIMOBILEDEVICE_CONF_FILE);
390
/* Now parse file to get the HostID */
391
plist_t config = NULL;
392
config_read(config_file, &config);
394
config = plist_new_dict();
395
plist_dict_insert_item(config, "HostID", plist_new_string(host_id));
397
plist_t n = plist_dict_get_item(config, "HostID");
399
plist_set_string_val(n, host_id);
401
plist_dict_insert_item(config, "HostID", plist_new_string(host_id));
405
/* Store in config file */
406
debug_info("setting hostID to %s", host_id);
408
config_write(config_file, config);
416
* Reads the HostID from a previously generated configuration file.
418
* @note It is the responsibility of the calling function to free the returned host_id
420
* @return The string containing the HostID or NULL
422
void userpref_get_host_id(char **host_id)
424
const char *config_path;
427
config_path = userpref_get_config_dir();
428
config_file = (char*)malloc(strlen(config_path)+1+strlen(LIBIMOBILEDEVICE_CONF_FILE)+1);
429
strcpy(config_file, config_path);
430
strcat(config_file, DIR_SEP_S);
431
strcat(config_file, LIBIMOBILEDEVICE_CONF_FILE);
433
/* now parse file to get the HostID */
434
plist_t config = NULL;
435
if (config_read(config_file, &config) == 0) {
436
plist_t n_host_id = plist_dict_get_item(config, "HostID");
437
if (n_host_id && (plist_get_node_type(n_host_id) == PLIST_STRING)) {
438
plist_get_string_val(n_host_id, host_id);
445
/* no config, generate host_id */
446
*host_id = userpref_generate_host_id();
447
userpref_set_host_id(*host_id);
450
debug_info("Using %s as HostID", *host_id);
454
* Determines whether this device has been connected to this system before.
456
* @param udid The device UDID as given by the device.
458
* @return 1 if the device has been connected previously to this configuration
461
int userpref_has_device_public_key(const char *udid)
464
const char *config_path;
470
/* first get config file */
471
config_path = userpref_get_config_dir();
472
config_file = (char*)malloc(strlen(config_path)+1+strlen(udid)+4+1);
473
strcpy(config_file, config_path);
474
strcat(config_file, DIR_SEP_S);
475
strcat(config_file, udid);
476
strcat(config_file, ".pem");
478
if ((stat(config_file, &st) == 0) && S_ISREG(st.st_mode))
485
* Fills a list with UDIDs of devices that have been connected to this
486
* system before, i.e. for which a public key file exists.
488
* @param list A pointer to a char** initially pointing to NULL that will
489
* hold a newly allocated list of UDIDs upon successful return.
490
* The caller is responsible for freeing the memory. Note that if
491
* no public key file was found the list has to be freed too as it
492
* points to a terminating NULL element.
493
* @param count The number of UDIDs found. This parameter can be NULL if it
496
* @return USERPREF_E_SUCCESS on success, or USERPREF_E_INVALID_ARG if the
497
* list parameter is not pointing to NULL.
499
userpref_error_t userpref_get_paired_udids(char ***list, unsigned int *count)
506
const char *config_path;
507
struct slist_t *udids = NULL;
509
unsigned int found = 0;
511
if (!list || (list && *list)) {
512
debug_info("ERROR: The list parameter needs to point to NULL!");
513
return USERPREF_E_INVALID_ARG;
520
config_path = userpref_get_config_dir();
521
config_dir = opendir(config_path);
523
struct dirent *entry;
524
struct slist_t *listp = udids;
525
while ((entry = readdir(config_dir))) {
526
char *ext = strstr(entry->d_name, ".pem");
527
if (ext && ((ext - entry->d_name) == 40) && (strlen(entry->d_name) == 44)) {
528
struct slist_t *ne = (struct slist_t*)malloc(sizeof(struct slist_t));
529
ne->name = (char*)malloc(41);
530
strncpy(ne->name, entry->d_name, 40);
543
closedir(config_dir);
545
*list = (char**)malloc(sizeof(char*) * (found+1));
548
(*list)[i++] = udids->name;
549
struct slist_t *old = udids;
559
return USERPREF_E_SUCCESS;
563
* Mark the device (as represented by the key) as having connected to this
566
* @param udid The device UDID as given by the device
567
* @param public_key The public key given by the device
569
* @return 1 on success and 0 if no public key is given or if it has already
570
* been marked as connected previously.
572
userpref_error_t userpref_set_device_public_key(const char *udid, key_data_t public_key)
574
if (NULL == public_key.data)
575
return USERPREF_E_INVALID_ARG;
577
if (userpref_has_device_public_key(udid))
578
return USERPREF_E_SUCCESS;
580
/* ensure config directory exists */
581
userpref_create_config_dir();
583
/* build file path */
584
const char *config_path = userpref_get_config_dir();
585
char *pem = (char*)malloc(strlen(config_path)+1+strlen(udid)+4+1);
586
strcpy(pem, config_path);
587
strcat(pem, DIR_SEP_S);
592
FILE *pFile = fopen(pem, "wb");
594
fwrite(public_key.data, 1, public_key.size, pFile);
597
debug_info("could not open '%s' for writing: %s", pem, strerror(errno));
601
return USERPREF_E_SUCCESS;
605
* Remove the public key stored for the device with udid from this host.
607
* @param udid The udid of the device
609
* @return USERPREF_E_SUCCESS on success.
611
userpref_error_t userpref_remove_device_public_key(const char *udid)
613
if (!userpref_has_device_public_key(udid))
614
return USERPREF_E_SUCCESS;
616
/* build file path */
617
const char *config_path = userpref_get_config_dir();
618
char *pem = (char*)malloc(strlen(config_path)+1+strlen(udid)+4+1);
619
strcpy(pem, config_path);
620
strcat(pem, DIR_SEP_S);
629
return USERPREF_E_SUCCESS;
633
* Private function which reads the given file into a key_data_t structure.
635
* @param file The filename of the file to read
636
* @param data The pointer at which to store the data.
638
* @return 1 if the file contents where read successfully and 0 otherwise.
640
static int userpref_get_file_contents(const char *file, key_data_t * data)
643
unsigned long int size = 0;
644
unsigned char *content = NULL;
645
const char *config_path;
649
if (NULL == file || NULL == data)
653
config_path = userpref_get_config_dir();
654
filepath = (char*)malloc(strlen(config_path)+1+strlen(file)+1);
655
strcpy(filepath, config_path);
656
strcat(filepath, DIR_SEP_S);
657
strcat(filepath, file);
659
fd = fopen(filepath, "rb");
661
fseek(fd, 0, SEEK_END);
663
fseek(fd, 0, SEEK_SET);
665
// prevent huge files
666
if (size > 0xFFFFFF) {
667
fprintf(stderr, "%s: file is too big (> 16MB). Refusing to read the contents to memory!", __func__);
670
content = (unsigned char*)malloc(size);
672
p += fread(content+p, 1, size-p, fd);
673
if (ferror(fd) != 0) {
687
/* Add it to the key_data_t structure */
689
data->data = (uint8_t*) content;
697
* Private function which generate private keys and certificates.
699
* @return 1 if keys were successfully generated, 0 otherwise
701
static userpref_error_t userpref_gen_keys_and_cert(void)
703
userpref_error_t ret = USERPREF_E_SSL_ERROR;
705
key_data_t root_key_pem = { NULL, 0 };
706
key_data_t root_cert_pem = { NULL, 0 };
707
key_data_t host_key_pem = { NULL, 0 };
708
key_data_t host_cert_pem = { NULL, 0 };
710
debug_info("Generating keys and certificates");
712
RSA* root_keypair = RSA_generate_key(2048, 65537, NULL, NULL);
713
RSA* host_keypair = RSA_generate_key(2048, 65537, NULL, NULL);
715
EVP_PKEY* root_pkey = EVP_PKEY_new();
716
EVP_PKEY_assign_RSA(root_pkey, root_keypair);
718
EVP_PKEY* host_pkey = EVP_PKEY_new();
719
EVP_PKEY_assign_RSA(host_pkey, host_keypair);
721
/* generate root certificate */
722
X509* root_cert = X509_new();
724
/* set serial number */
725
ASN1_INTEGER* sn = ASN1_INTEGER_new();
726
ASN1_INTEGER_set(sn, 0);
727
X509_set_serialNumber(root_cert, sn);
728
ASN1_INTEGER_free(sn);
731
X509_set_version(root_cert, 2);
733
/* set x509v3 basic constraints */
735
if (!(ext = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, (char*)"critical,CA:TRUE"))) {
736
debug_info("ERROR: X509V3_EXT_conf_nid failed");
738
X509_add_ext(root_cert, ext, -1);
740
/* set key validity */
741
ASN1_TIME* asn1time = ASN1_TIME_new();
742
ASN1_TIME_set(asn1time, time(NULL));
743
X509_set_notBefore(root_cert, asn1time);
744
ASN1_TIME_set(asn1time, time(NULL) + (60 * 60 * 24 * 365 * 10));
745
X509_set_notAfter(root_cert, asn1time);
746
ASN1_TIME_free(asn1time);
748
/* use root public key for root cert */
749
X509_set_pubkey(root_cert, root_pkey);
750
/* sign root cert with root private key */
751
X509_sign(root_cert, root_pkey, EVP_sha1());
754
/* create host certificate */
755
X509* host_cert = X509_new();
757
/* set serial number */
758
ASN1_INTEGER* sn = ASN1_INTEGER_new();
759
ASN1_INTEGER_set(sn, 0);
760
X509_set_serialNumber(host_cert, sn);
761
ASN1_INTEGER_free(sn);
764
X509_set_version(host_cert, 2);
766
/* set x509v3 basic constraints */
768
if (!(ext = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, (char*)"critical,CA:FALSE"))) {
769
debug_info("ERROR: X509V3_EXT_conf_nid failed");
771
X509_add_ext(host_cert, ext, -1);
773
/* set x509v3 key usage */
774
if (!(ext = X509V3_EXT_conf_nid(NULL, NULL, NID_key_usage, (char*)"digitalSignature,keyEncipherment"))) {
775
debug_info("ERROR: X509V3_EXT_conf_nid failed");
777
X509_add_ext(host_cert, ext, -1);
779
/* set key validity */
780
ASN1_TIME* asn1time = ASN1_TIME_new();
781
ASN1_TIME_set(asn1time, time(NULL));
782
X509_set_notBefore(host_cert, asn1time);
783
ASN1_TIME_set(asn1time, time(NULL) + (60 * 60 * 24 * 365 * 10));
784
X509_set_notAfter(host_cert, asn1time);
785
ASN1_TIME_free(asn1time);
787
/* use host public key for host cert */
788
X509_set_pubkey(host_cert, host_pkey);
790
/* sign host cert with root private key */
791
X509_sign(host_cert, root_pkey, EVP_sha1());
794
if (root_cert && root_pkey && host_cert && host_pkey) {
797
membp = BIO_new(BIO_s_mem());
798
if (PEM_write_bio_X509(membp, root_cert) > 0) {
799
root_cert_pem.size = BIO_get_mem_data(membp, &root_cert_pem.data);
801
membp = BIO_new(BIO_s_mem());
802
if (PEM_write_bio_PrivateKey(membp, root_pkey, NULL, NULL, 0, 0, NULL) > 0) {
803
root_key_pem.size = BIO_get_mem_data(membp, &root_key_pem.data);
805
membp = BIO_new(BIO_s_mem());
806
if (PEM_write_bio_X509(membp, host_cert) > 0) {
807
host_cert_pem.size = BIO_get_mem_data(membp, &host_cert_pem.data);
809
membp = BIO_new(BIO_s_mem());
810
if (PEM_write_bio_PrivateKey(membp, host_pkey, NULL, NULL, 0, 0, NULL) > 0) {
811
host_key_pem.size = BIO_get_mem_data(membp, &host_key_pem.data);
815
EVP_PKEY_free(root_pkey);
816
EVP_PKEY_free(host_pkey);
818
X509_free(host_cert);
819
X509_free(root_cert);
821
gnutls_x509_privkey_t root_privkey;
822
gnutls_x509_crt_t root_cert;
823
gnutls_x509_privkey_t host_privkey;
824
gnutls_x509_crt_t host_cert;
826
gnutls_global_deinit();
827
gnutls_global_init();
829
//use less secure random to speed up key generation
830
gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM);
832
gnutls_x509_privkey_init(&root_privkey);
833
gnutls_x509_privkey_init(&host_privkey);
835
gnutls_x509_crt_init(&root_cert);
836
gnutls_x509_crt_init(&host_cert);
838
/* generate root key */
839
gnutls_x509_privkey_generate(root_privkey, GNUTLS_PK_RSA, 2048, 0);
840
gnutls_x509_privkey_generate(host_privkey, GNUTLS_PK_RSA, 2048, 0);
842
/* generate certificates */
843
gnutls_x509_crt_set_key(root_cert, root_privkey);
844
gnutls_x509_crt_set_serial(root_cert, "\x00", 1);
845
gnutls_x509_crt_set_version(root_cert, 3);
846
gnutls_x509_crt_set_ca_status(root_cert, 1);
847
gnutls_x509_crt_set_activation_time(root_cert, time(NULL));
848
gnutls_x509_crt_set_expiration_time(root_cert, time(NULL) + (60 * 60 * 24 * 365 * 10));
849
gnutls_x509_crt_sign(root_cert, root_cert, root_privkey);
851
gnutls_x509_crt_set_key(host_cert, host_privkey);
852
gnutls_x509_crt_set_serial(host_cert, "\x00", 1);
853
gnutls_x509_crt_set_version(host_cert, 3);
854
gnutls_x509_crt_set_ca_status(host_cert, 0);
855
gnutls_x509_crt_set_key_usage(host_cert, GNUTLS_KEY_KEY_ENCIPHERMENT | GNUTLS_KEY_DIGITAL_SIGNATURE);
856
gnutls_x509_crt_set_activation_time(host_cert, time(NULL));
857
gnutls_x509_crt_set_expiration_time(host_cert, time(NULL) + (60 * 60 * 24 * 365 * 10));
858
gnutls_x509_crt_sign(host_cert, root_cert, root_privkey);
860
/* export to PEM format */
861
size_t root_key_export_size = 0;
862
size_t host_key_export_size = 0;
864
gnutls_x509_privkey_export(root_privkey, GNUTLS_X509_FMT_PEM, NULL, &root_key_export_size);
865
gnutls_x509_privkey_export(host_privkey, GNUTLS_X509_FMT_PEM, NULL, &host_key_export_size);
867
root_key_pem.data = gnutls_malloc(root_key_export_size);
868
host_key_pem.data = gnutls_malloc(host_key_export_size);
870
gnutls_x509_privkey_export(root_privkey, GNUTLS_X509_FMT_PEM, root_key_pem.data, &root_key_export_size);
871
root_key_pem.size = root_key_export_size;
872
gnutls_x509_privkey_export(host_privkey, GNUTLS_X509_FMT_PEM, host_key_pem.data, &host_key_export_size);
873
host_key_pem.size = host_key_export_size;
875
size_t root_cert_export_size = 0;
876
size_t host_cert_export_size = 0;
878
gnutls_x509_crt_export(root_cert, GNUTLS_X509_FMT_PEM, NULL, &root_cert_export_size);
879
gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, NULL, &host_cert_export_size);
881
root_cert_pem.data = gnutls_malloc(root_cert_export_size);
882
host_cert_pem.data = gnutls_malloc(host_cert_export_size);
884
gnutls_x509_crt_export(root_cert, GNUTLS_X509_FMT_PEM, root_cert_pem.data, &root_cert_export_size);
885
root_cert_pem.size = root_cert_export_size;
886
gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, host_cert_pem.data, &host_cert_export_size);
887
host_cert_pem.size = host_cert_export_size;
890
gnutls_global_deinit();
891
gnutls_global_init();
893
if (NULL != root_cert_pem.data && 0 != root_cert_pem.size &&
894
NULL != host_cert_pem.data && 0 != host_cert_pem.size)
895
ret = USERPREF_E_SUCCESS;
897
/* store values in config file */
898
userpref_set_keys_and_certs( &root_key_pem, &root_cert_pem, &host_key_pem, &host_cert_pem);
900
if (root_key_pem.data)
901
free(root_key_pem.data);
902
if (root_cert_pem.data)
903
free(root_cert_pem.data);
904
if (host_key_pem.data)
905
free(host_key_pem.data);
906
if (host_cert_pem.data)
907
free(host_cert_pem.data);
913
* Private function which import the given key into a gnutls structure.
915
* @param key_name The filename of the private key to import.
916
* @param key the gnutls key structure.
918
* @return 1 if the key was successfully imported.
921
static userpref_error_t userpref_import_key(const char* key_name, key_data_t* key)
923
static userpref_error_t userpref_import_key(const char* key_name, gnutls_x509_privkey_t key)
928
return USERPREF_E_SUCCESS;
930
userpref_error_t ret = USERPREF_E_INVALID_CONF;
931
key_data_t pem_key = { NULL, 0 };
932
if (userpref_get_file_contents(key_name, &pem_key)) {
934
key->data = (unsigned char*)malloc(pem_key.size);
935
memcpy(key->data, pem_key.data, pem_key.size);
936
key->size = pem_key.size;
937
ret = USERPREF_E_SUCCESS;
939
if (GNUTLS_E_SUCCESS == gnutls_x509_privkey_import(key, &pem_key, GNUTLS_X509_FMT_PEM))
940
ret = USERPREF_E_SUCCESS;
942
ret = USERPREF_E_SSL_ERROR;
951
* Private function which import the given certificate into a gnutls structure.
953
* @param crt_name The filename of the certificate to import.
954
* @param cert the gnutls certificate structure.
956
* @return IDEVICE_E_SUCCESS if the certificate was successfully imported.
959
static userpref_error_t userpref_import_crt(const char* crt_name, key_data_t* cert)
961
static userpref_error_t userpref_import_crt(const char* crt_name, gnutls_x509_crt_t cert)
966
return USERPREF_E_SUCCESS;
968
userpref_error_t ret = USERPREF_E_INVALID_CONF;
969
key_data_t pem_cert = { NULL, 0 };
971
if (userpref_get_file_contents(crt_name, &pem_cert)) {
973
cert->data = (unsigned char*)malloc(pem_cert.size);
974
memcpy(cert->data, pem_cert.data, pem_cert.size);
975
cert->size = pem_cert.size;
976
ret = USERPREF_E_SUCCESS;
978
if (GNUTLS_E_SUCCESS == gnutls_x509_crt_import(cert, &pem_cert, GNUTLS_X509_FMT_PEM))
979
ret = USERPREF_E_SUCCESS;
981
ret = USERPREF_E_SSL_ERROR;
990
* Function to retrieve host keys and certificates.
991
* This function trigger key generation if they do not exists yet or are invalid.
993
* @note This function can take few seconds to complete (typically 5 seconds)
995
* @param root_privkey The root private key.
996
* @param root_crt The root certificate.
997
* @param host_privkey The host private key.
998
* @param host_crt The host certificate.
1000
* @return 1 if the keys and certificates were successfully retrieved, 0 otherwise
1003
userpref_error_t userpref_get_keys_and_certs(key_data_t* root_privkey, key_data_t* root_crt, key_data_t* host_privkey, key_data_t* host_crt)
1005
userpref_error_t userpref_get_keys_and_certs(gnutls_x509_privkey_t root_privkey, gnutls_x509_crt_t root_crt, gnutls_x509_privkey_t host_privkey, gnutls_x509_crt_t host_crt)
1008
userpref_error_t ret = USERPREF_E_SUCCESS;
1010
if (ret == USERPREF_E_SUCCESS)
1011
ret = userpref_import_key(LIBIMOBILEDEVICE_ROOT_PRIVKEY, root_privkey);
1013
if (ret == USERPREF_E_SUCCESS)
1014
ret = userpref_import_key(LIBIMOBILEDEVICE_HOST_PRIVKEY, host_privkey);
1016
if (ret == USERPREF_E_SUCCESS)
1017
ret = userpref_import_crt(LIBIMOBILEDEVICE_ROOT_CERTIF, root_crt);
1019
if (ret == USERPREF_E_SUCCESS)
1020
ret = userpref_import_crt(LIBIMOBILEDEVICE_HOST_CERTIF, host_crt);
1022
if (USERPREF_E_SUCCESS != ret) {
1023
//we had problem reading or importing root cert
1024
//try with a new ones.
1025
ret = userpref_gen_keys_and_cert();
1027
if (ret == USERPREF_E_SUCCESS)
1028
ret = userpref_import_key(LIBIMOBILEDEVICE_ROOT_PRIVKEY, root_privkey);
1030
if (ret == USERPREF_E_SUCCESS)
1031
ret = userpref_import_key(LIBIMOBILEDEVICE_HOST_PRIVKEY, host_privkey);
1033
if (ret == USERPREF_E_SUCCESS)
1034
ret = userpref_import_crt(LIBIMOBILEDEVICE_ROOT_CERTIF, root_crt);
1036
if (ret == USERPREF_E_SUCCESS)
1037
ret = userpref_import_crt(LIBIMOBILEDEVICE_HOST_CERTIF, host_crt);
1044
* Function to retrieve certificates encoded in PEM format.
1046
* @param pem_root_cert The root certificate.
1047
* @param pem_host_cert The host certificate.
1049
* @return 1 if the certificates were successfully retrieved, 0 otherwise
1051
userpref_error_t userpref_get_certs_as_pem(key_data_t *pem_root_cert, key_data_t *pem_host_cert)
1053
if (!pem_root_cert || !pem_host_cert)
1054
return USERPREF_E_INVALID_ARG;
1056
if (userpref_get_file_contents(LIBIMOBILEDEVICE_ROOT_CERTIF, pem_root_cert) && userpref_get_file_contents(LIBIMOBILEDEVICE_HOST_CERTIF, pem_host_cert))
1057
return USERPREF_E_SUCCESS;
1059
if (pem_root_cert->data) {
1060
free(pem_root_cert->data);
1061
pem_root_cert->size = 0;
1063
if (pem_host_cert->data) {
1064
free(pem_host_cert->data);
1065
pem_host_cert->size = 0;
1068
debug_info("configuration invalid");
1069
return USERPREF_E_INVALID_CONF;
1073
* Create and save a configuration file containing the given data.
1075
* @note: All fields must specified and be non-null
1077
* @param root_key The root key
1078
* @param root_cert The root certificate
1079
* @param host_key The host key
1080
* @param host_cert The host certificate
1082
* @return 1 on success and 0 otherwise.
1084
userpref_error_t userpref_set_keys_and_certs(key_data_t * root_key, key_data_t * root_cert, key_data_t * host_key, key_data_t * host_cert)
1088
const char *config_path;
1089
userpref_error_t ret = USERPREF_E_SUCCESS;
1091
debug_info("saving keys and certs");
1093
if (!root_key || !host_key || !root_cert || !host_cert) {
1094
debug_info("missing key or cert (root_key=%p, host_key=%p, root=cert=%p, host_cert=%p", root_key, host_key, root_cert, host_cert);
1095
return USERPREF_E_INVALID_ARG;
1098
/* Make sure config directory exists */
1099
userpref_create_config_dir();
1101
config_path = userpref_get_config_dir();
1103
/* Now write keys and certificates to disk */
1104
pem = (char*)malloc(strlen(config_path)+1+strlen(LIBIMOBILEDEVICE_ROOT_PRIVKEY)+1);
1105
strcpy(pem, config_path);
1106
strcat(pem, DIR_SEP_S);
1107
strcat(pem, LIBIMOBILEDEVICE_ROOT_PRIVKEY);
1108
pFile = fopen(pem, "wb");
1110
fwrite(root_key->data, 1, root_key->size, pFile);
1113
debug_info("could not open '%s' for writing: %s", pem, strerror(errno));
1114
ret = USERPREF_E_WRITE_ERROR;
1118
pem = (char*)malloc(strlen(config_path)+1+strlen(LIBIMOBILEDEVICE_HOST_PRIVKEY)+1);
1119
strcpy(pem, config_path);
1120
strcat(pem, DIR_SEP_S);
1121
strcat(pem, LIBIMOBILEDEVICE_HOST_PRIVKEY);
1122
pFile = fopen(pem, "wb");
1124
fwrite(host_key->data, 1, host_key->size, pFile);
1127
debug_info("could not open '%s' for writing: %s", pem, strerror(errno));
1128
ret = USERPREF_E_WRITE_ERROR;
1132
pem = (char*)malloc(strlen(config_path)+1+strlen(LIBIMOBILEDEVICE_ROOT_CERTIF)+1);
1133
strcpy(pem, config_path);
1134
strcat(pem, DIR_SEP_S);
1135
strcat(pem, LIBIMOBILEDEVICE_ROOT_CERTIF);
1136
pFile = fopen(pem, "wb");
1138
fwrite(root_cert->data, 1, root_cert->size, pFile);
1141
debug_info("could not open '%s' for writing: %s", pem, strerror(errno));
1142
ret = USERPREF_E_WRITE_ERROR;
1146
pem = (char*)malloc(strlen(config_path)+1+strlen(LIBIMOBILEDEVICE_HOST_CERTIF)+1);
1147
strcpy(pem, config_path);
1148
strcat(pem, DIR_SEP_S);
1149
strcat(pem, LIBIMOBILEDEVICE_HOST_CERTIF);
1150
pFile = fopen(pem, "wb");
1152
fwrite(host_cert->data, 1, host_cert->size, pFile);
1155
debug_info("could not open '%s' for writing: %s", pem, strerror(errno));
1156
ret = USERPREF_E_WRITE_ERROR;
added
removed
.pc/CVE-2013-2142.patch/src/userpref.c
