keychain/ckks/tests/CloudKitKeychainSyncingMockXCTest.h

   1 /*
   2  * Copyright (c) 2017 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if OCTAGON
  25
  26 #import "CloudKitMockXCTest.h"
  27 #import "keychain/ckks/CKKS.h"
  28 #import "keychain/ckks/CKKSControl.h"
  29 #import "keychain/ckks/CKKSCurrentKeyPointer.h"
  30 #import "keychain/ckks/CKKSItem.h"
  31
  32 NS_ASSUME_NONNULL_BEGIN
  33
  34 @class CKKSKey;
  35 @class CKKSCurrentKeyPointer;
  36
  37 @interface ZoneKeys : CKKSCurrentKeySet
  38 @property CKKSKey* rolledTLK;
  39
  40 - (instancetype)initLoadingRecordsFromZone:(FakeCKZone*)zone;
  41 @end
  42
  43 /*
  44  * Builds on the CloudKit mock infrastructure and adds keychain helper methods.
  45  */
  46
  47 @interface CloudKitKeychainSyncingMockXCTest : CloudKitMockXCTest
  48
  49 @property CKKSControl* ckksControl;
  50
  51 @property (nullable) id mockCKKSKey;
  52
  53 @property (nullable) CKKSSOSSelfPeer* currentSelfPeer;
  54 @property (nullable) NSError* currentSelfPeerError;
  55 @property (nullable) NSMutableSet<id<CKKSPeer>>* currentPeers;
  56 @property (nullable) NSError* currentPeersError;
  57
  58 @property (nullable) NSError* keychainFetchError;
  59
  60 // A single trusted SOSPeer, but without any CKKS keys
  61 @property CKKSSOSPeer* remoteSOSOnlyPeer;
  62
  63 @property NSMutableSet<CKRecordZoneID*>* ckksZones;
  64 @property (nullable) NSMutableDictionary<CKRecordZoneID*, ZoneKeys*>* keys;
  65
  66 // Pass in an oldTLK to wrap it to the new TLK; otherwise, pass nil
  67 - (ZoneKeys*)createFakeKeyHierarchy:(CKRecordZoneID*)zoneID oldTLK:(CKKSKey* _Nullable)oldTLK;
  68 - (void)saveFakeKeyHierarchyToLocalDatabase:(CKRecordZoneID*)zoneID;
  69 - (void)putFakeKeyHierarchyInCloudKit:(CKRecordZoneID*)zoneID;
  70 - (void)saveTLKMaterialToKeychain:(CKRecordZoneID*)zoneID;
  71 - (void)deleteTLKMaterialFromKeychain:(CKRecordZoneID*)zoneID;
  72 - (void)saveTLKMaterialToKeychainSimulatingSOS:(CKRecordZoneID*)zoneID;
  73 - (void)putFakeDeviceStatusInCloudKit:(CKRecordZoneID*)zoneID;
  74 - (void)putFakeDeviceStatusInCloudKit:(CKRecordZoneID*)zoneID
  75                              zonekeys:(ZoneKeys*)zonekeys;
  76
  77 - (void)SOSPiggyBackAddToKeychain:(NSDictionary*)piggydata;
  78 - (NSMutableDictionary*)SOSPiggyBackCopyFromKeychain;
  79 - (NSMutableArray<NSData*>*)SOSPiggyICloudIdentities;
  80
  81 - (void)putTLKShareInCloudKit:(CKKSKey*)key
  82                          from:(CKKSSOSSelfPeer*)sharingPeer
  83                            to:(id<CKKSPeer>)receivingPeer
  84                        zoneID:(CKRecordZoneID*)zoneID;
  85 - (void)putTLKSharesInCloudKit:(CKKSKey*)key from:(CKKSSOSSelfPeer*)sharingPeer zoneID:(CKRecordZoneID*)zoneID;
  86 - (void)putSelfTLKSharesInCloudKit:(CKRecordZoneID*)zoneID;
  87 - (void)saveTLKSharesInLocalDatabase:(CKRecordZoneID*)zoneID;
  88
  89 - (void)saveClassKeyMaterialToKeychain:(CKRecordZoneID*)zoneID;
  90
  91 // Call this to fake out your test: all keys are created, saved in cloudkit, and saved locally (as if the key state machine had processed them)
  92 - (void)createAndSaveFakeKeyHierarchy:(CKRecordZoneID*)zoneID;
  93
  94 - (void)rollFakeKeyHierarchyInCloudKit:(CKRecordZoneID*)zoneID;
  95
  96 - (NSDictionary*)fakeRecordDictionary:(NSString* _Nullable)account zoneID:(CKRecordZoneID*)zoneID;
  97 - (CKRecord*)createFakeRecord:(CKRecordZoneID*)zoneID recordName:(NSString*)recordName;
  98 - (CKRecord*)createFakeRecord:(CKRecordZoneID*)zoneID recordName:(NSString*)recordName withAccount:(NSString* _Nullable)account;
  99 - (CKRecord*)createFakeRecord:(CKRecordZoneID*)zoneID
 100                    recordName:(NSString*)recordName
 101                   withAccount:(NSString* _Nullable)account
 102                           key:(CKKSKey* _Nullable)key;
 103
 104 - (CKKSItem*)newItem:(CKRecordID*)recordID withNewItemData:(NSDictionary*) dictionary key:(CKKSKey*)key;
 105 - (CKRecord*)newRecord:(CKRecordID*)recordID withNewItemData:(NSDictionary*)dictionary;
 106 - (CKRecord*)newRecord:(CKRecordID*)recordID withNewItemData:(NSDictionary*)dictionary key:(CKKSKey*)key;
 107 - (NSDictionary*)decryptRecord:(CKRecord*)record;
 108
 109 // Do keychain things:
 110 - (void)addGenericPassword:(NSString*)password account:(NSString*)account;
 111 - (void)addGenericPassword:(NSString*)password account:(NSString*)account viewHint:(NSString* _Nullable)viewHint;
 112 - (void)addGenericPassword:(NSString*)password
 113                    account:(NSString*)account
 114                   viewHint:(NSString* _Nullable)viewHint
 115                     access:(NSString*)access
 116                  expecting:(OSStatus)status
 117                    message:(NSString*)message;
 118 - (void)addGenericPassword:(NSString*)password account:(NSString*)account expecting:(OSStatus)status message:(NSString*)message;
 119
 120 - (void)updateGenericPassword:(NSString*)newPassword account:(NSString*)account;
 121 - (void)updateAccountOfGenericPassword:(NSString*)newAccount account:(NSString*)account;
 122
 123 - (void)checkNoCKKSData:(CKKSKeychainView*)view;
 124
 125 - (void)deleteGenericPassword:(NSString*)account;
 126
 127 - (void)findGenericPassword:(NSString*)account expecting:(OSStatus)status;
 128 - (void)checkGenericPassword:(NSString*)password account:(NSString*)account;
 129
 130 - (void)createClassCItemAndWaitForUpload:(CKRecordZoneID*)zoneID account:(NSString*)account;
 131 - (void)createClassAItemAndWaitForUpload:(CKRecordZoneID*)zoneID account:(NSString*)account;
 132
 133 // Pass the blocks created with these to expectCKModifyItemRecords to check if all items were encrypted with a particular class key
 134 - (BOOL (^)(CKRecord*))checkClassABlock:(CKRecordZoneID*)zoneID message:(NSString*)message;
 135 - (BOOL (^)(CKRecord*))checkClassCBlock:(CKRecordZoneID*)zoneID message:(NSString*)message;
 136
 137 - (BOOL (^)(CKRecord*))checkPasswordBlock:(CKRecordZoneID*)zoneID account:(NSString*)account password:(NSString*)password;
 138
 139 - (void)checkNSyncableTLKsInKeychain:(size_t)n;
 140
 141 // Returns an expectation that someone will send an NSNotification that this view changed
 142 - (XCTestExpectation*)expectChangeForView:(NSString*)view;
 143
 144 // Establish an assertion that CKKS will cause a server extension error soon.
 145 - (void)expectCKReceiveSyncKeyHierarchyError:(CKRecordZoneID*)zoneID;
 146
 147 // Add expectations that CKKS will upload a single TLK share
 148 - (void)expectCKKSTLKSelfShareUpload:(CKRecordZoneID*)zoneID;
 149 @end
 150
 151 NS_ASSUME_NONNULL_END
 152
 153 #endif /* OCTAGON */