From f893e8a9e2cc197522f838b3f2bbec8862953c2f Mon Sep 17 00:00:00 2001 From: Jonathan Beck Date: Sun, 12 Apr 2009 16:08:06 +0200 Subject: Use less secure random number generation so we can generate private keys on the fly. Drop libiphone-initconf. --- src/lockdown.c | 160 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 85 insertions(+), 75 deletions(-) (limited to 'src/lockdown.c') diff --git a/src/lockdown.c b/src/lockdown.c index 63f9090..e720b29 100644 --- a/src/lockdown.c +++ b/src/lockdown.c @@ -1,22 +1,22 @@ /* * lockdown.c * libiphone built-in lockdownd client - * + * * Copyright (c) 2008 Zach C. All Rights Reserved. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. - * + * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. - * + * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #include "usbmux.h" @@ -67,7 +67,7 @@ iphone_lckd_client_t new_lockdownd_client(iphone_device_t phone) /** * Closes the lockdownd communication session, by sending - * the StopSession Request to the device. + * the StopSession Request to the device. * * @param control The lockdown client */ @@ -128,7 +128,7 @@ static void iphone_lckd_stop_session(iphone_lckd_client_t control) /** * Shuts down the SSL session by first calling iphone_lckd_stop_session - * to cleanly close the lockdownd communication session, and then + * to cleanly close the lockdownd communication session, and then * performing a close notify, which is done by "gnutls_bye". * * @param client The lockdown client @@ -219,6 +219,7 @@ iphone_error_t iphone_lckd_recv(iphone_lckd_client_t client, plist_t * plist) return IPHONE_E_NOT_ENOUGH_DATA; } + log_dbg_msg(DBGMASK_LOCKDOWND, "Recv msg :\nsize : %i\nbuffer :\n%s\n", bytes, receive); plist_from_xml(receive, bytes, plist); free(receive); @@ -229,7 +230,7 @@ iphone_error_t iphone_lckd_recv(iphone_lckd_client_t client, plist_t * plist) } /** Sends lockdownd data to the iPhone - * + * * @note This function is low-level and should only be used if you need to send * a new type of message. * @@ -272,7 +273,7 @@ iphone_error_t iphone_lckd_send(iphone_lckd_client_t client, plist_t plist) } /** Initiates the handshake for the lockdown session. Part of the lockdownd handshake. - * + * * @note You most likely want lockdownd_init unless you are doing something special. * * @param control The lockdownd client @@ -338,7 +339,7 @@ iphone_error_t lockdownd_hello(iphone_lckd_client_t control) * * @return IPHONE_E_SUCCESS on success. */ -iphone_error_t lockdownd_generic_get_value(iphone_lckd_client_t control, const char *req_key, char *req_string, +iphone_error_t lockdownd_generic_get_value(iphone_lckd_client_t control, const char *req_key, const char *req_string, gnutls_datum_t * value) { if (!control || !req_key || !value || value->data) @@ -396,7 +397,7 @@ iphone_error_t lockdownd_generic_get_value(iphone_lckd_client_t control, const c return ret; } - plist_t value_key_node = plist_get_next_sibling(result_key_node); + plist_t value_key_node = plist_find_node_by_key(dict, "Value");//plist_get_next_sibling(result_value_node); plist_t value_value_node = plist_get_next_sibling(value_key_node); plist_type value_key_type = plist_get_node_type(value_key_node); @@ -418,6 +419,16 @@ iphone_error_t lockdownd_generic_get_value(iphone_lckd_client_t control, const c value->size = strlen(value_value); ret = IPHONE_E_SUCCESS; } + + if (PLIST_DATA == value_value_type) { + char *value_value = NULL; + uint64_t size = 0; + plist_get_data_val(value_value_node, &value_value, &size); + + value->data = value_value; + value->size = size; + ret = IPHONE_E_SUCCESS; + } } free(result_key); } @@ -435,8 +446,9 @@ iphone_error_t lockdownd_generic_get_value(iphone_lckd_client_t control, const c iphone_error_t lockdownd_get_device_uid(iphone_lckd_client_t control, char **uid) { gnutls_datum_t temp = { NULL, 0 }; - return lockdownd_generic_get_value(control, "Key", "UniqueDeviceID", &temp); + iphone_error_t ret = lockdownd_generic_get_value(control, "Key", "UniqueDeviceID", &temp); *uid = temp.data; + return ret; } /** Askes for the device's public key. Part of the lockdownd handshake. @@ -480,6 +492,7 @@ iphone_error_t iphone_lckd_new_client(iphone_device_t device, iphone_lckd_client if (IPHONE_E_SUCCESS != ret) { log_debug_msg("Device refused to send uid.\n"); } + log_debug_msg("Device uid: %s\n", uid); host_id = get_host_id(); if (IPHONE_E_SUCCESS == ret && !host_id) { @@ -495,19 +508,22 @@ iphone_error_t iphone_lckd_new_client(iphone_device_t device, iphone_lckd_client uid = NULL; } - ret = lockdownd_start_SSL_session(client_loc, host_id); - if (IPHONE_E_SUCCESS != ret) { - ret = IPHONE_E_SSL_ERROR; - log_debug_msg("SSL Session opening failed.\n"); - } + if (IPHONE_E_SUCCESS == ret) { + ret = lockdownd_start_SSL_session(client_loc, host_id); + if (IPHONE_E_SUCCESS != ret) { + ret = IPHONE_E_SSL_ERROR; + log_debug_msg("SSL Session opening failed.\n"); + } - if (host_id) { - free(host_id); - host_id = NULL; + if (host_id) { + free(host_id); + host_id = NULL; + } + + if (IPHONE_E_SUCCESS == ret) + *client = client_loc; } - if (IPHONE_E_SUCCESS == ret) - *client = client_loc; return ret; } @@ -534,6 +550,7 @@ iphone_error_t lockdownd_pair_device(iphone_lckd_client_t control, char *uid, ch log_debug_msg("Device refused to send public key.\n"); return ret; } + log_debug_msg("device public key :\n %s.\n", public_key.data); ret = lockdownd_gen_pair_cert(public_key, &device_cert, &host_cert, &root_cert); if (ret != IPHONE_E_SUCCESS) { @@ -547,15 +564,15 @@ iphone_error_t lockdownd_pair_device(iphone_lckd_client_t control, char *uid, ch dict_record = plist_new_dict(); plist_add_sub_node(dict, dict_record); plist_add_sub_key_el(dict_record, "DeviceCertificate"); - plist_add_sub_data_el(dict_record, device_cert.data, device_cert.size); + plist_add_sub_data_el(dict_record, (const char*)device_cert.data, device_cert.size); plist_add_sub_key_el(dict_record, "HostCertificate"); - plist_add_sub_data_el(dict_record, host_cert.data, host_cert.size); + plist_add_sub_data_el(dict_record, (const char*)host_cert.data, host_cert.size); plist_add_sub_key_el(dict_record, "HostID"); plist_add_sub_string_el(dict_record, host_id); plist_add_sub_key_el(dict_record, "RootCertificate"); - plist_add_sub_data_el(dict_record, root_cert.data, root_cert.size); - plist_add_sub_key_el(dict_record, "Request"); - plist_add_sub_string_el(dict_record, "Pair"); + plist_add_sub_data_el(dict_record, (const char*)root_cert.data, root_cert.size); + plist_add_sub_key_el(dict, "Request"); + plist_add_sub_string_el(dict, "Pair"); /* send to iPhone */ ret = iphone_lckd_send(control, dict); @@ -667,7 +684,7 @@ void lockdownd_close(iphone_lckd_client_t control) /** Generates the device certificate from the public key as well as the host * and root certificates. - * + * * @return IPHONE_E_SUCCESS on success. */ iphone_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datum_t * odevice_cert, @@ -718,7 +735,7 @@ iphone_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datum_t gnutls_global_init(); gnutls_datum_t essentially_null = { strdup("abababababababab"), strlen("abababababababab") }; - gnutls_x509_privkey_t fake_privkey, root_privkey; + gnutls_x509_privkey_t fake_privkey, root_privkey, host_privkey; gnutls_x509_crt_t dev_cert, root_cert, host_cert; gnutls_x509_privkey_init(&fake_privkey); @@ -731,57 +748,50 @@ iphone_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datum_t &essentially_null, &essentially_null)) { gnutls_x509_privkey_init(&root_privkey); + gnutls_x509_privkey_init(&host_privkey); - /* get root cert */ - gnutls_datum_t pem_root_cert = { NULL, 0 }; - get_root_certificate(&pem_root_cert); - if (GNUTLS_E_SUCCESS != gnutls_x509_crt_import(root_cert, &pem_root_cert, GNUTLS_X509_FMT_PEM)) - ret = IPHONE_E_SSL_ERROR; - - /* get host cert */ - gnutls_datum_t pem_host_cert = { NULL, 0 }; - get_host_certificate(&pem_host_cert); - if (GNUTLS_E_SUCCESS != gnutls_x509_crt_import(host_cert, &pem_host_cert, GNUTLS_X509_FMT_PEM)) - ret = IPHONE_E_SSL_ERROR; - - /* get root private key */ - gnutls_datum_t pem_root_priv = { NULL, 0 }; - get_root_private_key(&pem_root_priv); - if (GNUTLS_E_SUCCESS != gnutls_x509_privkey_import(root_privkey, &pem_root_priv, GNUTLS_X509_FMT_PEM)) - ret = IPHONE_E_SSL_ERROR; - - /* generate device certificate */ - gnutls_x509_crt_set_key(dev_cert, fake_privkey); - gnutls_x509_crt_set_serial(dev_cert, "\x00", 1); - gnutls_x509_crt_set_version(dev_cert, 3); - gnutls_x509_crt_set_ca_status(dev_cert, 0); - gnutls_x509_crt_set_activation_time(dev_cert, time(NULL)); - gnutls_x509_crt_set_expiration_time(dev_cert, time(NULL) + (60 * 60 * 24 * 365 * 10)); - gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey); + ret = get_keys_and_certs( root_privkey, root_cert, host_privkey, host_cert); if (IPHONE_E_SUCCESS == ret) { - /* if everything went well, export in PEM format */ - gnutls_datum_t dev_pem = { NULL, 0 }; - gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &dev_pem.size); - dev_pem.data = gnutls_malloc(dev_pem.size); - gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, dev_pem.data, &dev_pem.size); - - /* copy buffer for output */ - odevice_cert->data = malloc(dev_pem.size); - memcpy(odevice_cert->data, dev_pem.data, dev_pem.size); - odevice_cert->size = dev_pem.size; - - ohost_cert->data = malloc(pem_host_cert.size); - memcpy(ohost_cert->data, pem_host_cert.data, pem_host_cert.size); - ohost_cert->size = pem_host_cert.size; - - oroot_cert->data = malloc(pem_root_cert.size); - memcpy(oroot_cert->data, pem_root_cert.data, pem_root_cert.size); - oroot_cert->size = pem_root_cert.size; + + /* generate device certificate */ + gnutls_x509_crt_set_key(dev_cert, fake_privkey); + gnutls_x509_crt_set_serial(dev_cert, "\x00", 1); + gnutls_x509_crt_set_version(dev_cert, 3); + gnutls_x509_crt_set_ca_status(dev_cert, 0); + gnutls_x509_crt_set_activation_time(dev_cert, time(NULL)); + gnutls_x509_crt_set_expiration_time(dev_cert, time(NULL) + (60 * 60 * 24 * 365 * 10)); + gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey); + + if (IPHONE_E_SUCCESS == ret) { + /* if everything went well, export in PEM format */ + gnutls_datum_t dev_pem = { NULL, 0 }; + gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &dev_pem.size); + dev_pem.data = gnutls_malloc(dev_pem.size); + gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, dev_pem.data, &dev_pem.size); + + gnutls_datum_t pem_root_cert = { NULL, 0 }; + gnutls_datum_t pem_host_cert = { NULL, 0 }; + + if ( IPHONE_E_SUCCESS == get_certs_as_pem(&pem_root_cert, &pem_host_cert) ) { + /* copy buffer for output */ + odevice_cert->data = malloc(dev_pem.size); + memcpy(odevice_cert->data, dev_pem.data, dev_pem.size); + odevice_cert->size = dev_pem.size; + + ohost_cert->data = malloc(pem_host_cert.size); + memcpy(ohost_cert->data, pem_host_cert.data, pem_host_cert.size); + ohost_cert->size = pem_host_cert.size; + + oroot_cert->data = malloc(pem_root_cert.size); + memcpy(oroot_cert->data, pem_root_cert.data, pem_root_cert.size); + oroot_cert->size = pem_root_cert.size; + + g_free(pem_root_cert.data); + g_free(pem_host_cert.data); + } + } } - gnutls_free(pem_root_priv.data); - gnutls_free(pem_root_cert.data); - gnutls_free(pem_host_cert.data); } } -- cgit v1.1-32-gdbae