projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| e3d460c9 A |
1 | // |
| 2 | // Copyright 2015 - 2016 Apple. All rights reserved. | |
| 3 | // | |
| 4 | ||
| 5 | /* | |
| 6 | * This is to fool os services to not provide the Keychain manager | |
| 7 | * interface tht doens't work since we don't have unified headers | |
| 8 | * between iOS and OS X. rdar://23405418/ | |
| 9 | */ | |
| 10 | #define __KEYCHAINCORE__ 1 | |
| 11 | ||
| 12 | #include <Foundation/Foundation.h> | |
| 13 | #include <Security/Security.h> | |
| 14 | ||
| 15 | #include <TargetConditionals.h> | |
| 16 | ||
| 17 | #include <Security/SecItemPriv.h> | |
| 18 | #include <sys/stat.h> | |
| 19 | #include <err.h> | |
| 20 | ||
| 21 | #if TARGET_OS_SIMULATOR | |
| 22 | int | |
| 23 | main(void) | |
| 24 | { | |
| 25 | return 0; | |
| 26 | } | |
| 27 | #else | |
| 28 | ||
| 29 | #include <libaks.h> | |
| 30 | ||
| 31 | static NSData * | |
| 32 | BagMe(void) | |
| 33 | { | |
| 34 | keybag_handle_t handle; | |
| 35 | kern_return_t result; | |
| 36 | void *data = NULL; | |
| 37 | int length; | |
| 38 | ||
| 39 | result = aks_create_bag("foo", 3, kAppleKeyStoreAsymmetricBackupBag, &handle); | |
| 40 | if (result) | |
| 41 | errx(1, "aks_create_bag: %08x", result); | |
| 42 | ||
| 43 | result = aks_save_bag(handle, &data, &length); | |
| 44 | if (result) | |
| 45 | errx(1, "aks_save_bag"); | |
| 46 | ||
| 47 | return [NSData dataWithBytes:data length:length]; | |
| 48 | } | |
| 49 | ||
| 50 | int main (int argc, const char * argv[]) | |
| 51 | { | |
| 52 | @autoreleasepool { | |
| 53 | NSData *bag = NULL, *password = NULL; | |
| 54 | CFErrorRef error = NULL; | |
| 55 | ||
| 56 | bag = BagMe(); | |
| 57 | password = [NSData dataWithBytes:"foo" length:3]; | |
| 58 | ||
| 59 | NSData *backup = CFBridgingRelease(_SecKeychainCopyBackup((__bridge CFDataRef)bag, (__bridge CFDataRef)password)); | |
| 60 | if (backup == NULL) { | |
| 61 | errx(1, "backup failed"); | |
| 62 | } | |
| 63 | ||
| 64 | char path[] = "/tmp/secbackuptestXXXXXXX"; | |
| 65 | int fd = mkstemp(path); | |
| 66 | ||
| 67 | bool status = _SecKeychainWriteBackupToFileDescriptor((__bridge CFDataRef)bag, (__bridge CFDataRef)password, fd, &error); | |
| 68 | if (!status) { | |
| 69 | NSLog(@"backup failed: %@", error); | |
| 70 | errx(1, "failed backup 2"); | |
| 71 | } | |
| 72 | ||
| 73 | struct stat sb; | |
| 74 | fstat(fd, &sb); | |
| 75 | ||
| 76 | if (sb.st_size != (off_t)[backup length]) | |
| 77 | warn("backup different "); | |
| 78 | ||
| 79 | if (abs((int)(sb.st_size - (off_t)[backup length])) > 1000) | |
| 80 | errx(1, "backup different enough to fail"); | |
| 81 | ||
| 82 | ||
| 83 | status = _SecKeychainRestoreBackupFromFileDescriptor(fd, (__bridge CFDataRef)bag, (__bridge CFDataRef)password, &error); | |
| 84 | if (!status) { | |
| 85 | NSLog(@"restore failed: %@", error); | |
| 86 | errx(1, "restore failed"); | |
| 87 | } | |
| 88 | ||
| 89 | close(fd); | |
| 90 | unlink(path); | |
| 91 | ||
| 92 | NSData *backup2 = CFBridgingRelease(_SecKeychainCopyBackup((__bridge CFDataRef)bag, (__bridge CFDataRef)password)); | |
| 93 | if (backup2 == NULL) { | |
| 94 | errx(1, "backup 3 failed"); | |
| 95 | } | |
| 96 | ||
| 97 | if (abs((int)(sb.st_size - (off_t)[backup2 length])) > 1000) | |
| 98 | errx(1, "backup different enough to fail (mem vs backup2): %d vs %d", (int)sb.st_size, (int)[backup2 length]); | |
| 99 | if (abs((int)([backup length] - [backup2 length])) > 1000) | |
| 100 | errx(1, "backup different enough to fail (backup1 vs backup2: %d vs %d", (int)[backup length], (int)[backup2 length]); | |
| 101 | ||
| 102 | return 0; | |
| 103 | } | |
| 104 | } | |
| 105 | ||
| 106 | #endif /* TARGET_OS_SIMULATOR */ | |
| 107 |