]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/Regressions/secitem/si-22-sectrust-iap.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.20.22.tar.gz
[apple/security.git] / OSX / sec / Security / Regressions / secitem / si-22-sectrust-iap.c
1 /*
2 * Copyright (c) 2006-2016 Apple Inc. All Rights Reserved.
3 */
4
5 #include <CoreFoundation/CoreFoundation.h>
6 #include <Security/SecCertificate.h>
7 #include <Security/SecCertificatePriv.h>
8 #include <Security/SecPolicyPriv.h>
9 #include <Security/SecTrust.h>
10 #include <utilities/array_size.h>
11 #include <utilities/SecCFRelease.h>
12 #include <stdlib.h>
13 #include <unistd.h>
14
15 #include "shared_regressions.h"
16
17 #include "si-22-sectrust-iap.h"
18
19 static void tests(void)
20 {
21 SecTrustRef trust;
22 SecCertificateRef iAP1CA, iAP2CA, leaf0, leaf1;
23 isnt(iAP1CA = SecCertificateCreateWithBytes(NULL, _iAP1CA, sizeof(_iAP1CA)),
24 NULL, "create iAP1CA");
25 isnt(iAP2CA = SecCertificateCreateWithBytes(NULL, _iAP2CA, sizeof(_iAP2CA)),
26 NULL, "create iAP2CA");
27 isnt(leaf0 = SecCertificateCreateWithBytes(NULL, _leaf0, sizeof(_leaf0)),
28 NULL, "create leaf0");
29 isnt(leaf1 = SecCertificateCreateWithBytes(NULL, _leaf1, sizeof(_leaf1)),
30 NULL, "create leaf1");
31 {
32 // temporarily grab some stack space and fill it with 0xFF;
33 // when we exit this scope, the stack pointer should shrink but leave the memory filled.
34 // this tests for a stack overflow bug inside SecPolicyCreateiAP (rdar://16056248)
35 char buf[2048];
36 memset(buf, 0xFF, sizeof(buf));
37 }
38 SecPolicyRef policy = SecPolicyCreateiAP();
39 const void *v_anchors[] = {
40 iAP1CA,
41 iAP2CA
42 };
43 CFArrayRef anchors = CFArrayCreate(NULL, v_anchors,
44 array_size(v_anchors), NULL);
45 CFArrayRef certs0 = CFArrayCreate(NULL, (const void **)&leaf0, 1, &kCFTypeArrayCallBacks);
46 CFArrayRef certs1 = CFArrayCreate(NULL, (const void **)&leaf1, 1, &kCFTypeArrayCallBacks);
47 ok_status(SecTrustCreateWithCertificates(certs0, policy, &trust), "create trust for leaf0");
48 ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors");
49
50 /* Jan 1st 2008. */
51 CFDateRef date = CFDateCreate(NULL, 220752000.0);
52 ok_status(SecTrustSetVerifyDate(trust, date), "set date");
53
54 SecTrustResultType trustResult;
55 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
56 is_status(trustResult, kSecTrustResultUnspecified,
57 "trust is kSecTrustResultUnspecified");
58
59 is(SecTrustGetCertificateCount(trust), 2, "cert count is 2");
60
61 CFReleaseSafe(trust);
62 ok_status(SecTrustCreateWithCertificates(certs1, policy, &trust), "create trust for leaf1");
63 ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors");
64 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
65 is_status(trustResult, kSecTrustResultUnspecified, "trust is kSecTrustResultUnspecified");
66
67 CFReleaseSafe(anchors);
68 CFReleaseSafe(certs1);
69 CFReleaseSafe(certs0);
70 CFReleaseSafe(trust);
71 CFReleaseSafe(policy);
72 CFReleaseSafe(leaf0);
73 CFReleaseSafe(leaf1);
74 CFReleaseSafe(iAP1CA);
75 CFReleaseSafe(iAP2CA);
76 CFReleaseSafe(date);
77 }
78
79 static void test_v3(void) {
80 SecCertificateRef v3CA = NULL, v3leaf = NULL;
81 isnt(v3CA = SecCertificateCreateWithBytes(NULL, _v3ca, sizeof(_v3ca)),
82 NULL, "create v3leaf");
83 isnt(v3leaf = SecCertificateCreateWithBytes(NULL, _v3leaf, sizeof(_v3leaf)),
84 NULL, "create v3leaf");
85
86 /* Test v3 certs meet iAP policy */
87 SecPolicyRef policy = NULL;
88 SecTrustRef trust = NULL;
89 CFArrayRef certs = NULL, anchors = NULL;
90 CFDateRef date = NULL;
91 SecTrustResultType trustResult;
92
93 certs = CFArrayCreate(NULL, (const void **)&v3leaf, 1, &kCFTypeArrayCallBacks);
94 anchors = CFArrayCreate(NULL, (const void **)&v3CA, 1, &kCFTypeArrayCallBacks);
95 policy = SecPolicyCreateiAP();
96 ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust ref");
97 ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchor");
98 ok(date = CFDateCreate(NULL, 484000000.0), "create date"); /* 3 May 2016 */
99 if (!date) { goto trustFail; }
100 ok_status(SecTrustSetVerifyDate(trust, date), "set verify date");
101 ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate");
102 is_status(trustResult, kSecTrustResultUnspecified, "trust is kSecTrustResultUnspecified");
103
104 trustFail:
105 CFReleaseSafe(policy);
106 CFReleaseSafe(trust);
107 CFReleaseSafe(certs);
108 CFReleaseSafe(anchors);
109 CFReleaseSafe(date);
110
111 #if TARGET_OS_IPHONE
112 /* Test interface for determining iAuth version */
113 SecCertificateRef leaf0 = NULL, leaf1 = NULL;
114 isnt(leaf0 = SecCertificateCreateWithBytes(NULL, _leaf0, sizeof(_leaf0)),
115 NULL, "create leaf0");
116 isnt(leaf1 = SecCertificateCreateWithBytes(NULL, _leaf1, sizeof(_leaf1)),
117 NULL, "create leaf1");
118
119 is_status(SecCertificateGetiAuthVersion(leaf0), kSeciAuthVersion2, "v2 certificate");
120 is_status(SecCertificateGetiAuthVersion(leaf1), kSeciAuthVersion2, "v2 certificate");
121 is_status(SecCertificateGetiAuthVersion(v3leaf), kSeciAuthVersion3, "v3 certificate");
122
123 CFReleaseSafe(leaf0);
124 CFReleaseSafe(leaf1);
125
126 /* Test the extension-copying interface */
127 CFDataRef extensionData = NULL;
128 uint8_t extensionValue[32] = {
129 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
130 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x0A,
131 };
132 ok(extensionData = SecCertificateCopyiAPAuthCapabilities(v3leaf),
133 "copy iAuthv3 extension data");
134 is(CFDataGetLength(extensionData), 32, "compare expected size");
135 is(memcmp(extensionValue, CFDataGetBytePtr(extensionData), 32), 0,
136 "compare expected output");
137 CFReleaseNull(extensionData);
138
139 /* Test extension-copying interface with a malformed extension. */
140 uint8_t extensionValue2[32] = {
141 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
142 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x04,
143 };
144 SecCertificateRef malformedV3leaf = NULL;
145 isnt(malformedV3leaf = SecCertificateCreateWithBytes(NULL, _malformedV3Leaf, sizeof(_malformedV3Leaf)),
146 NULL, "create malformed v3 leaf");
147 ok(extensionData = SecCertificateCopyiAPAuthCapabilities(malformedV3leaf),
148 "copy iAuthv3 extension data for malformed leaf");
149 is(CFDataGetLength(extensionData), 32, "compare expected size");
150 is(memcmp(extensionValue2, CFDataGetBytePtr(extensionData), 32), 0,
151 "compare expected output");
152 CFReleaseNull(extensionData);
153 CFReleaseNull(malformedV3leaf);
154 #endif
155 CFReleaseSafe(v3leaf);
156 CFReleaseSafe(v3CA);
157 }
158
159 int si_22_sectrust_iap(int argc, char *const *argv)
160 {
161 #if TARGET_OS_IPHONE
162 plan_tests(14+20);
163 #else
164 plan_tests(14+8);
165 #endif
166
167 tests();
168 test_v3();
169
170 return 0;
171 }
mirror of Security