iCloud Passwords

Author: TaeHagen

apple-private-apis

@@ -4,7 +4,7 @@ use aes::{cipher::consts::U16, Aes128};
 use cloudkit_proto::{octagon_pairing_message::{self, Step5}, CuttlefishPeer, OctagonPairingMessage, OctagonWrapper, SignedInfo};
 use deku::{DekuRead, DekuWrite};
 use hkdf::Hkdf;
-use icloud_auth::{AppleAccount, CircleSendMessage, LoginState};
+use icloud_auth::{AppleAccount, CircleSendMessage, GenerateVerificationTokenRequest, LoginState};
 use keystore::{KeystoreAccessRules, KeystoreDigest, KeystorePadding, KeystorePublicKey, KeystoreSignKey, RsaKey};
 use log::{debug, info, warn};
 use omnisette::{AnisetteClient, AnisetteProvider};
@@ -144,6 +144,10 @@ impl<T: AnisetteProvider> TokenProvider<T> {
         Ok(plist::from_bytes(&data)?)
     }
 
+    pub async fn generate_verification_token(&self, request: GenerateVerificationTokenRequest) -> Result<String, PushError> {
+        Ok(self.account.lock().await.generate_verification_token(request).await?)
+    }
+
     pub async fn get_gsa_token(&self, token: &str) -> Option<String> {
         self.account.lock().await.get_token(token).await
     }

src/auth.rs

@@ -198,4 +198,6 @@ pub enum PushError {
     CircleNotFound(String),
     #[error("Keystore error {0}!")]
     KeystoreError(#[from] KeystoreError),
+    #[error("Unknown TOTP algorithm {0}!")]
+    UnknownTotpAlgorithm(u32),
 }

src/error.rs

@@ -26,7 +26,7 @@ use aes_gcm::KeyInit;
 use aes_siv::{siv::CmacSiv, Aes256SivAead};
 
 use cloudkit_proto::CuttlefishEstablishResponse;
-use crate::{TokenProvider, cloudkit::{SaveRecordOperation, ZoneDeleteOperation, ZoneSaveOperation, record_identifier, should_reset}, keychain, pcs::PCSKey};
+use crate::{TokenProvider, cloudkit::{DeleteRecordOperation, SaveRecordOperation, ZoneDeleteOperation, ZoneSaveOperation, record_identifier, should_reset}, keychain, pcs::PCSKey, util::{ec_key_from_apple, ec_key_to_apple}};
 use aes::{cipher::{consts::{U12, U16, U32}, Unsigned}, Aes128, Aes256};
 use sha2::{digest::FixedOutputReset, Digest, Sha256, Sha384};
 use srp::{client::{SrpClient, SrpClientVerifier}, groups::G_2048, server::SrpServer};
@@ -181,7 +181,6 @@ impl CuttlefishEncItem {
         self.parentkeyref.record_identifier.as_ref().unwrap().value.as_ref().unwrap().name()
     }
 
-    // TODO not secure for raw passwords length, padding is lazy. Only cryptographic keys for now
     fn encrypt(&mut self, uuid: &str, key: &SivKey, data: Dictionary) -> Result<(), PushError> {
         let record_key: [u8; 64] = rand::random();
         self.wrappedkey = base64_encode(&key.encrypt(&record_key));
@@ -195,8 +194,15 @@ impl CuttlefishEncItem {
         headers.extend(aad.into_values());
 
         let mut data = plist_to_bin(&data)?;
-        data.push(0x80); // lazy padding
-        data.push(0x00);
+        data.push(0x80);
+
+        const BLOCK_PAD_SIZE: usize = 20;
+        let mut blocks = (data.len() + (BLOCK_PAD_SIZE - 1)) / BLOCK_PAD_SIZE;
+        if blocks == 1 {
+            blocks += 1;
+        }
+
+        data.resize(blocks * BLOCK_PAD_SIZE, 0);
 
         let data = cipher.encrypt::<&[Vec<u8>], &Vec<u8>>(&headers, &data).unwrap();
         self.data = [&iv[..], &data].concat();
@@ -425,21 +431,6 @@ fn msg_from_bin(bin: &[u8], header_len: usize, section_count: usize) -> (Vec<u8>
     (header, offsets.collect())
 }
 
-fn ec_key_from_apple(apple: &[u8]) -> EcKey<Private> {
-    let curve = EcGroup::from_curve_name(Nid::SECP384R1).unwrap();
-    let mut num_context_ref = BigNumContext::new().unwrap();
-    let main_point = EcPoint::from_bytes(&curve, &apple[..97], &mut num_context_ref).unwrap();
-    EcKey::from_private_components(&curve, &BigNum::from_slice(&apple[97..]).unwrap(), &main_point).unwrap()
-}
-
-fn ec_key_to_apple(key: &EcKey<Private>) -> Vec<u8> {
-    let mut num_context_ref = BigNumContext::new().unwrap();
-    let mut point = key.public_key().to_bytes(&key.group(), PointConversionForm::UNCOMPRESSED, &mut num_context_ref).unwrap();
-    assert_eq!(point.len(), 97);
-    point.extend(key.private_key().to_vec());
-    point
-}
-
 struct KeyVaultMessage {
     header: Vec<u8>,
     sections: Vec<Vec<u8>>,
@@ -1256,6 +1247,21 @@ impl<P: AnisetteProvider> KeychainClient<P> {
 
         Ok(())
     }
+
+    pub async fn delete_keychain(&self, uuid: &str, zone: &str) -> Result<(), PushError> {
+        let security_container = self.get_security_container().await?;
+        let record_zone = security_container.private_zone(zone.to_string());
+
+        security_container.perform(&CloudKitSession::new(), DeleteRecordOperation::new(record_identifier(record_zone, uuid))).await?;
+
+        let mut state = self.state.write().await;
+        let zone = state.items.entry(zone.to_string()).or_default();
+        zone.keys.remove(uuid);
+
+        (self.update_state)(&state);
+
+        Ok(())
+    }
 
     pub async fn insert_keychain(&self, uuid: &str, zone: &str, class: &str, mut dict: Dictionary, pcs: Option<&PCSMeta>, associated_tag: Option<&str>) -> Result<(), PushError> {
         let security_container = self.get_security_container().await?;
@@ -1287,7 +1293,7 @@ impl<P: AnisetteProvider> KeychainClient<P> {
         item.encrypt(&uuid, &key.decode(&state.get_cloudkey_access_key()?), dict.clone())?;
 
         let mut ops = vec![SaveRecordOperation::new(
-                record_identifier(record_zone.clone(), &uuid), item, None, false)];
+                record_identifier(record_zone.clone(), &uuid), item, None, true)];
 
         if let Some(tag) = associated_tag {
             ops.push(SaveRecordOperation::new(record_identifier(record_zone.clone(), tag), CuttlefishCurrentItem {
@@ -1684,13 +1690,15 @@ impl<P: AnisetteProvider> KeychainClient<P> {
             &*[&cipertext.ciphertext()[..], &cipertext.authentication_code()[..]].concat()).map_err(|_| PushError::AESGCMError)?;
 
         let decoded = OtInternalBottle::decode(Cursor::new(&result))?;
+
+        let key_group = EcGroup::from_curve_name(Nid::SECP384R1).unwrap();
 
         // reconstruct a keychain identity for our other peer
         Ok(KeychainUserIdentity {
             identifier: outer_bottle.peer_id().to_string(),
             info: peer.0.permanent_info.clone().unwrap(),
-            signing_key: SoftEcKey(ec_key_from_apple(decoded.signing_key.as_ref().unwrap().key_data.as_ref().unwrap())),
-            encryption_key: SoftEcKey(ec_key_from_apple(decoded.encryption_key.as_ref().unwrap().key_data.as_ref().unwrap())),
+            signing_key: SoftEcKey(ec_key_from_apple(decoded.signing_key.as_ref().unwrap().key_data.as_ref().unwrap(), &key_group)),
+            encryption_key: SoftEcKey(ec_key_from_apple(decoded.encryption_key.as_ref().unwrap().key_data.as_ref().unwrap(), &key_group)),
             current_state: peer.get_dynamic_info()?,
         })
     }

src/icloud/keychain.rs

@@ -11,6 +11,7 @@ pub mod findmy;
 pub mod facetime;
 pub mod icloud;
 pub mod statuskit;
+pub mod passwords;
 pub use imessage::cloud_messages;
 pub use imessage::posterkit;
 pub use util::KeyedArchive;
@@ -34,7 +35,7 @@ pub mod mmcsp {
 use std::collections::HashMap;
 use std::fmt::Debug;
 
-pub use icloud_auth::{DefaultAnisetteProvider, default_provider, ArcAnisetteClient, LoginClientInfo, LoginState, AppleAccount, VerifyBody, TrustedPhoneNumber};
+pub use icloud_auth::{DefaultAnisetteProvider, GenerateVerificationTokenRequest, default_provider, ArcAnisetteClient, LoginClientInfo, LoginState, AppleAccount, VerifyBody, TrustedPhoneNumber};
 
 use activation::ActivationInfo;
 pub use aps::{APSConnectionResource, APSConnection, APSMessage, APSState};