Fixes SRP authentication on iOS 14 and macOS 11

The memory layout of ccsrp_ctx changed in iOS 14/macOS 11, causing errors authenticating when using older corecrypto headers. We now dynamically cast ccsrp_ctx to the correct layout when accessing its cnn value to ensure we don’t read invalid memory.

Author: rileytestut

AltSign.podspec

@@ -16,6 +16,10 @@ Pod::Spec.new do |spec|
   spec.resources = "AltSign/Resources/apple.pem"
   spec.library = "c++"
 
+  spec.xcconfig = {
+    "OTHER_CFLAGS" => "-DCORECRYPTO_DONOT_USE_TRANSPARENT_UNION=1"
+  }
+  
   # Somewhat hacky subspec usage to ensure directory hierarchies match what header includes expect.
 
   spec.subspec 'OpenSSL' do |base|
@@ -49,8 +53,9 @@ Pod::Spec.new do |spec|
   end
 
   spec.subspec 'CoreCrypto' do |base|
-    base.source_files  = "Dependencies/corecrypto/*.h"
+    base.source_files  = "Dependencies/corecrypto/*.{h,m}"
     base.exclude_files = "Dependencies/corecrypto/ccperf.h"
+    base.private_header_files = "Dependencies/corecrypto/*.h"
     base.header_mappings_dir = "Dependencies"
   end
 

AltSign.xcodeproj/project.pbxproj

@@ -59,6 +59,8 @@
 		BF5AB3CA2286269B00DC914B /* ALTDevice.m in Sources */ = {isa = PBXBuildFile; fileRef = BF5AB3C82286269B00DC914B /* ALTDevice.m */; };
 		BF5AB3CD228645DF00DC914B /* ALTCertificate.h in Headers */ = {isa = PBXBuildFile; fileRef = BF5AB3CB228645DF00DC914B /* ALTCertificate.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		BF5AB3CE228645DF00DC914B /* ALTCertificate.m in Sources */ = {isa = PBXBuildFile; fileRef = BF5AB3CC228645DF00DC914B /* ALTCertificate.m */; };
+		BF5C690D24A5205E00C2F854 /* ccsrp.m in Sources */ = {isa = PBXBuildFile; fileRef = BF5C690C24A5205E00C2F854 /* ccsrp.m */; };
+		BF5C690E24A5205E00C2F854 /* ccsrp.m in Sources */ = {isa = PBXBuildFile; fileRef = BF5C690C24A5205E00C2F854 /* ccsrp.m */; };
 		BF5D43F6237F53BB00EC8745 /* ALTAppleAPISession.h in Headers */ = {isa = PBXBuildFile; fileRef = BF5D43F4237F53BB00EC8745 /* ALTAppleAPISession.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		BF5D43F7237F53BB00EC8745 /* ALTAppleAPISession.h in Headers */ = {isa = PBXBuildFile; fileRef = BF5D43F4237F53BB00EC8745 /* ALTAppleAPISession.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		BF5D43F8237F53BB00EC8745 /* ALTAppleAPISession.m in Sources */ = {isa = PBXBuildFile; fileRef = BF5D43F5237F53BB00EC8745 /* ALTAppleAPISession.m */; };
@@ -240,6 +242,7 @@
 		BF5AB3C82286269B00DC914B /* ALTDevice.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ALTDevice.m; sourceTree = "<group>"; };
 		BF5AB3CB228645DF00DC914B /* ALTCertificate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ALTCertificate.h; sourceTree = "<group>"; };
 		BF5AB3CC228645DF00DC914B /* ALTCertificate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ALTCertificate.m; sourceTree = "<group>"; };
+		BF5C690C24A5205E00C2F854 /* ccsrp.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = ccsrp.m; path = Dependencies/corecrypto/ccsrp.m; sourceTree = SOURCE_ROOT; };
 		BF5D43F4237F53BB00EC8745 /* ALTAppleAPISession.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ALTAppleAPISession.h; sourceTree = "<group>"; };
 		BF5D43F5237F53BB00EC8745 /* ALTAppleAPISession.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ALTAppleAPISession.m; sourceTree = "<group>"; };
 		BF9B633E229DC27C002F0A62 /* ALTModel+Internal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "ALTModel+Internal.h"; sourceTree = "<group>"; };
@@ -392,7 +395,7 @@
 		BF48CFE0229435CB0004760B /* Dependencies */ = {
 			isa = PBXGroup;
 			children = (
-				BFE20E0D237CAA2500409FF7 /* corecrypto-headers */,
+				BFE20E0D237CAA2500409FF7 /* corecrypto */,
 				BF48CFE1229435DB0004760B /* OpenSSL.xcodeproj */,
 				BF9B63D3229DD8E8002F0A62 /* minizip */,
 			);
@@ -627,7 +630,7 @@
 			name = libcnary;
 			sourceTree = "<group>";
 		};
-		BFE20E0D237CAA2500409FF7 /* corecrypto-headers */ = {
+		BFE20E0D237CAA2500409FF7 /* corecrypto */ = {
 			isa = PBXGroup;
 			children = (
 				BFE20E28237CAA3B00409FF7 /* cc_config.h */,
@@ -699,6 +702,7 @@
 				BFE20E20237CAA3B00409FF7 /* ccsha2.h */,
 				BFE20E58237CAA3E00409FF7 /* ccsrp_gp.h */,
 				BFE20E42237CAA3D00409FF7 /* ccsrp.h */,
+				BF5C690C24A5205E00C2F854 /* ccsrp.m */,
 				BFE20E29237CAA3B00409FF7 /* cctest.h */,
 				BFE20E4F237CAA3E00409FF7 /* ccwrap.h */,
 				BFE20E27237CAA3B00409FF7 /* ccz_priv.h */,
@@ -707,7 +711,7 @@
 				BFE20E57237CAA3E00409FF7 /* cczp.h */,
 				BFE20E3B237CAA3C00409FF7 /* fipspost.h */,
 			);
-			name = "corecrypto-headers";
+			name = corecrypto;
 			sourceTree = "<group>";
 		};
 /* End PBXGroup section */
@@ -933,6 +937,7 @@
 				BF9B640A229E0AA0002F0A62 /* unzip.c in Sources */,
 				BF5AB3CE228645DF00DC914B /* ALTCertificate.m in Sources */,
 				BF5AB3BA2286024D00DC914B /* ALTAccount.m in Sources */,
+				BF5C690D24A5205E00C2F854 /* ccsrp.m in Sources */,
 				BF50E7C122C163DC0070E17B /* ALTApplication.mm in Sources */,
 				BF9B6402229E0AA0002F0A62 /* ioapi.c in Sources */,
 				BF9B640C229E0AA0002F0A62 /* zip.c in Sources */,
@@ -961,6 +966,7 @@
 				BF9B640B229E0AA0002F0A62 /* unzip.c in Sources */,
 				BF9B6390229DCF3A002F0A62 /* ALTCertificate.m in Sources */,
 				BF9B6391229DCF3A002F0A62 /* ALTAccount.m in Sources */,
+				BF5C690E24A5205E00C2F854 /* ccsrp.m in Sources */,
 				BF50E7C222C163DC0070E17B /* ALTApplication.mm in Sources */,
 				BF9B6403229E0AA0002F0A62 /* ioapi.c in Sources */,
 				BF9B640D229E0AA0002F0A62 /* zip.c in Sources */,
@@ -1078,6 +1084,7 @@
 				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
 				MTL_FAST_MATH = YES;
 				ONLY_ACTIVE_ARCH = YES;
+				OTHER_CFLAGS = "-DCORECRYPTO_DONOT_USE_TRANSPARENT_UNION";
 				SDKROOT = iphoneos;
 				SUPPORTED_PLATFORMS = "iphonesimulator iphoneos";
 				VERSIONING_SYSTEM = "apple-generic";
@@ -1138,6 +1145,7 @@
 				IPHONEOS_DEPLOYMENT_TARGET = 12.0;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				MTL_FAST_MATH = YES;
+				OTHER_CFLAGS = "-DCORECRYPTO_DONOT_USE_TRANSPARENT_UNION";
 				SDKROOT = iphoneos;
 				SUPPORTED_PLATFORMS = "iphonesimulator iphoneos";
 				VALIDATE_PRODUCT = YES;

AltSign/Apple API/ALTAppleAPI+Authentication.m

@@ -217,11 +217,10 @@ - (void)authenticateWithAppleID:(NSString *)appleID
     ccdigest_init(di_info, di_ctx);
 
     const struct ccdigest_info *srp_di = ccsha256_di();
-    struct ccsrp_ctx_body *srp_ctx = (struct ccsrp_ctx_body *)malloc(ccsrp_sizeof_srp(di_info, gp));
+    struct ccsrp_ctx *srp_ctx = (struct ccsrp_ctx *)malloc(ccsrp_sizeof_srp(di_info, gp));
     ccsrp_ctx_init(srp_ctx, srp_di, gp);
-    
-    srp_ctx->hdr.blinding_rng = ccrng(NULL);
-    srp_ctx->hdr.flags.noUsernameInX = true;
+    ccsrp_client_set_noUsernameInX(srp_ctx, true);
+    SRP_RNG(srp_ctx) = ccrng(NULL);
 
     NSArray<NSString *> *ps = @[@"s2k", @"s2k_fo"];
     ALTDigestUpdateString(di_info, di_ctx, ps[0]);

Dependencies/corecrypto/ccsrp.h

@@ -119,6 +119,20 @@ typedef ccdh_gp_t ccsrp_gp_t;
 typedef ccdh_const_gp_t ccsrp_const_gp_t;
 
 struct ccsrp_ctx {
+    const struct ccdigest_info *di;
+    ccsrp_const_gp_t gp;
+    struct ccrng_state *blinding_rng;
+    struct {
+        unsigned int authenticated:1;
+        unsigned int noUsernameInX:1;
+        unsigned int sessionkey:1;
+        unsigned int variant:16;
+    } flags;
+    cc_unit              ccn[1];
+}  CC_ALIGNED(16);
+typedef struct ccsrp_ctx *ccsrp_ctx_t;
+
+struct ccsrp_ctx_legacy {
     const struct ccdigest_info *di;
     ccsrp_const_gp_t gp;
     struct ccrng_state *blinding_rng;
@@ -134,7 +148,9 @@ struct ccsrp_ctx {
                                            sizeof(bool))];
     cc_unit              ccn[1];
 }  CC_ALIGNED(16);
-typedef struct ccsrp_ctx *ccsrp_ctx_t;
+typedef struct ccsrp_ctx_legacy *ccsrp_ctx_t_legacy;
+
+cc_unit *srp_ccn(void *srp);
 
 #endif
 
@@ -175,7 +191,7 @@ typedef struct ccsrp_ctx *ccsrp_ctx_t;
 #define ccsrp_ctx_gp_l(KEY)   (ccdh_gp_l(ccsrp_ctx_gp(KEY)))
 #define ccsrp_ctx_n(KEY)      (ccdh_gp_n(ccsrp_ctx_gp(KEY)))
 #define ccsrp_ctx_prime(KEY)  (ccdh_gp_prime(ccsrp_ctx_gp(KEY)))
-#define ccsrp_ctx_ccn(KEY)    SRP_CCN((ccsrp_ctx_t)(KEY))
+#define ccsrp_ctx_ccn(KEY)    srp_ccn(KEY)
 #define ccsrp_ctx_pki_key(KEY,_N_) (ccsrp_ctx_ccn(KEY) + ccsrp_ctx_n(KEY) * _N_)
 #define ccsrp_ctx_public(KEY)           (ccsrp_ctx_pki_key(KEY,0))
 #define ccsrp_ctx_private(KEY)          (ccsrp_ctx_pki_key(KEY,1))

Dependencies/corecrypto/ccsrp.m

@@ -0,0 +1,30 @@
+//
+//  ccsrp.c
+//  AltSign
+//
+//  Created by Riley Testut on 6/25/20.
+//  Copyright © 2020 Riley Testut. All rights reserved.
+//
+
+#include "ccsrp.h"
+
+#import <Foundation/Foundation.h>
+
+cc_unit *srp_ccn(void *srp)
+{
+    // Memory layout of ccsrp_ctx changed between iOS 13/macOS 10.15 and iOS 14/macOS 11.
+    // Dynamically cast to correct memory layout to ensure we access valid memory.
+    
+#if TARGET_OS_IPHONE
+    if ([[NSProcessInfo processInfo] isOperatingSystemAtLeastVersion:(NSOperatingSystemVersion){ 14, 0, 0 }])
+#else
+    if ([[NSProcessInfo processInfo] isOperatingSystemAtLeastVersion:(NSOperatingSystemVersion){ 11, 0, 0 }])
+#endif
+    {
+        return SRP_CCN((ccsrp_ctx_t)(srp));
+    }
+    else
+    {
+        return SRP_CCN((ccsrp_ctx_t_legacy)(srp));
+    }
+}