From 03a59ff38e96fb3bb5dde2f15fe42198d1dfb995 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 23 Sep 2021 06:00:14 +0200 Subject: [PATCH] Model: migrate iOS 14 keychain references to iOS 15 format Keychain references used to be bijective, but with the change in format, Apple tried to be too clever, and references are no longer bijective. This lead to us deleting keychain entries, which in turn emptied out people's configs upon upgrading to iOS 15. Disaster! Fix this by detecting the change in format and saving the new password reference. We still rely on this being bijective moving forward; hopefully this bug won't repeat itself. It would be nice to not rely on that property, but doing so without grinding startup to a halt isn't obviously done, given how slow the keychain accesses are and how limited the API is. Reported-by: Eddie Reported-by: Anatoli Reported-by: Alan Graham Reported-by: Jacob Wilder Reported-by: Miguel Arroz Reported-by: Reid Rankin Reported-by: Fabien Signed-off-by: Jason A. Donenfeld --- .../NETunnelProviderProtocol+Extension.swift | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/Sources/Shared/Model/NETunnelProviderProtocol+Extension.swift b/Sources/Shared/Model/NETunnelProviderProtocol+Extension.swift index 12b9d6b..ecb6e1f 100644 --- a/Sources/Shared/Model/NETunnelProviderProtocol+Extension.swift +++ b/Sources/Shared/Model/NETunnelProviderProtocol+Extension.swift @@ -72,7 +72,7 @@ extension NETunnelProviderProtocol { #error("Unimplemented") #endif guard passwordReference == nil else { return true } - wg_log(.debug, message: "Migrating tunnel configuration '\(name)'") + wg_log(.info, message: "Migrating tunnel configuration '\(name)'") passwordReference = Keychain.makeReference(containing: oldConfig, called: name) return true } @@ -81,6 +81,27 @@ extension NETunnelProviderProtocol { providerConfiguration = ["UID": getuid()] return true } + #elseif os(iOS) + if #available(iOS 15, *) { + /* Update the stored reference from the old iOS 14 one to the canonical iOS 15 one. + * The iOS 14 ones are 96 bits, while the iOS 15 ones are 160 bits. We do this so + * that we can have fast set exclusion in deleteReferences safely. */ + if passwordReference != nil && passwordReference!.count == 12 { + var result: CFTypeRef? + let ret = SecItemCopyMatching([kSecValuePersistentRef: passwordReference!, + kSecReturnPersistentRef: true] as CFDictionary, + &result) + if ret != errSecSuccess || result == nil { + return false + } + guard let newReference = result as? Data else { return false } + if !newReference.elementsEqual(passwordReference!) { + wg_log(.info, message: "Migrating iOS 14-style keychain reference to iOS 15-style keychain reference for '\(name)'") + passwordReference = newReference + return true + } + } + } #endif return false }