]> git.saurik.com Git - apple/security.git/blob - OSX/sec/SOSCircle/Regressions/sc-140-hsa2.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57336.1.9.tar.gz
[apple/security.git] / OSX / sec / SOSCircle / Regressions / sc-140-hsa2.c
1 /*
2 * Copyright (c) 2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #include <stdio.h>
26
27 #include "secd_regressions.h"
28
29 #include <CoreFoundation/CFData.h>
30 #include <Security/SecOTRSession.h>
31 #include <Security/SecOTRIdentityPriv.h>
32 #include <Security/SecInternal.h>
33 #include <Security/SecBasePriv.h>
34 #include <Security/SecKeyPriv.h>
35 #include <AssertMacros.h>
36
37 #include <Security/SecureObjectSync/SOSPeerInfo.h>
38 #include <Security/SecureObjectSync/SOSCircle.h>
39 #include <Security/SecureObjectSync/SOSCloudCircle.h>
40 #include <Security/SecureObjectSync/SOSInternal.h>
41 #include <Security/SecureObjectSync/SOSUserKeygen.h>
42 #include <Security/SecureObjectSync/SOSTransport.h>
43 #include <Security/SecureObjectSync/SOSForerunnerSession.h>
44
45 #include "SOSCircle_regressions.h"
46 #include "SOSRegressionUtilities.h"
47 #include "SOSTestDataSource.h"
48 #include "SecOTRRemote.h"
49 #include "SOSAccount.h"
50
51 #include "SecdTestKeychainUtilities.h"
52
53 #define FRT_USERNAME "username"
54 #define FRT_CIRCLE_SECRET "867530"
55 #define FRT_CIRCLE_WRONG_SECRET "789345"
56
57 #define FRT_DSID 4241983
58
59 static const unsigned char frt_hsa2_data[] = "1138";
60
61 enum {
62 CORRUPT_REQUEST,
63 CORRUPT_CHALLENGE,
64 CORRUPT_RESPONSE,
65 CORRUPT_HSA2,
66 WRONG_SECRET,
67 };
68
69 static const int _success_test_count = 8;
70 static const int _failure_test_count = 1;
71 static const int _failure_test_runs = 5;
72
73 static const int _test_count = _success_test_count +
74 (_failure_test_count * _failure_test_runs);
75
76 static void
77 corrupt_data(CFDataRef data, bool partial)
78 {
79 uint8_t *ptr = NULL;
80 size_t len = 0;
81 size_t i = 0;
82
83 ptr = (uint8_t *)CFDataGetBytePtr(data);
84 len = CFDataGetLength(data);
85
86 // Don't corrupt the magic number and version, so we're forced to exercise
87 // the validation logic for SRP.
88 if (partial && len >= 16) {
89 ptr += 32;
90 len -= 32;
91 }
92
93 for (i = 0; i < len; i++) {
94 ptr[i] = ~(ptr[i]);
95 }
96 }
97
98 static void
99 success_path(void)
100 {
101 CFErrorRef cferror = NULL;
102 SOSForerunnerRequestorSessionRef requestor = NULL;
103 SOSForerunnerAcceptorSessionRef acceptor = NULL;
104
105 CFDataRef request = NULL;
106 CFDataRef challenge = NULL;
107 CFDataRef response = NULL;
108 CFDataRef hsa2 = NULL;
109 CFDataRef hsa2_decrypted = NULL;
110
111 CFDataRef hsa2code = NULL;
112 CFDataRef unencrypted = NULL;
113 CFDataRef encrypted = NULL;
114 CFDataRef decrypted = NULL;
115
116 requestor = SOSForerunnerRequestorSessionCreate(NULL,
117 CFSTR(FRT_USERNAME), FRT_DSID);
118 ok(requestor, "requestor session created");
119 require(requestor, xit);
120
121 acceptor = SOSForerunnerAcceptorSessionCreate(NULL, CFSTR(FRT_USERNAME),
122 FRT_DSID, CFSTR(FRT_CIRCLE_SECRET));
123 ok(acceptor, "acceptor session created");
124 require(acceptor, xit);
125
126 request = SOSFRSCopyRequestPacket(requestor, &cferror);
127 ok(request, "request packet created, error = %@", cferror);
128 require(request, xit);
129
130 challenge = SOSFASCopyChallengePacket(acceptor, request, &cferror);
131 ok(challenge, "challenge packet created, error = %@", cferror);
132 require(challenge, xit);
133
134 response = SOSFRSCopyResponsePacket(requestor, challenge,
135 CFSTR(FRT_CIRCLE_SECRET), NULL, &cferror);
136 ok(response, "response packet created, error = %@", cferror);
137 require(response, xit);
138
139 hsa2code = CFDataCreate(NULL, frt_hsa2_data, sizeof(frt_hsa2_data) - 1);
140 hsa2 = SOSFASCopyHSA2Packet(acceptor, response, hsa2code, &cferror);
141 ok(hsa2, "hsa2 packet created, error = %@", cferror);
142 require(hsa2, xit);
143
144 hsa2_decrypted = SOSFRSCopyHSA2CodeFromPacket(requestor, hsa2, &cferror);
145 ok(hsa2_decrypted);
146 require(hsa2_decrypted, xit);
147
148 ok(CFEqual(hsa2_decrypted, hsa2code));
149
150 xit:
151 CFReleaseNull(requestor);
152 CFReleaseNull(acceptor);
153
154 CFReleaseNull(hsa2code);
155 CFReleaseNull(hsa2_decrypted);
156 CFReleaseNull(hsa2);
157 CFReleaseNull(request);
158 CFReleaseNull(challenge);
159 CFReleaseNull(response);
160
161 CFReleaseNull(unencrypted);
162 CFReleaseNull(encrypted);
163 CFReleaseNull(decrypted);
164 }
165
166 static void
167 failure_path(int which)
168 {
169 CFErrorRef cferror = NULL;
170 SOSForerunnerRequestorSessionRef requestor = NULL;
171 SOSForerunnerAcceptorSessionRef acceptor = NULL;
172
173 CFDataRef hsa2code = NULL;
174 CFDataRef request = NULL;
175 CFDataRef challenge = NULL;
176 CFDataRef response = NULL;
177 CFDataRef hsa2packet = NULL;
178 CFDataRef hsa2_decrypted = NULL;
179 CFStringRef secret = CFSTR(FRT_CIRCLE_SECRET);
180
181 requestor = SOSForerunnerRequestorSessionCreate(NULL, CFSTR(FRT_USERNAME),
182 FRT_DSID);
183 require(requestor, xit);
184
185 acceptor = SOSForerunnerAcceptorSessionCreate(NULL, CFSTR(FRT_USERNAME),
186 FRT_DSID, CFSTR(FRT_CIRCLE_SECRET));
187 require(acceptor, xit);
188
189 request = SOSFRSCopyRequestPacket(requestor, &cferror);
190 require(request, xit);
191
192 if (which == CORRUPT_REQUEST) {
193 corrupt_data(request, false);
194 }
195
196 challenge = SOSFASCopyChallengePacket(acceptor, request, &cferror);
197 if (which == CORRUPT_REQUEST) {
198 ok(challenge == NULL, "did not create challenge packet");
199 goto xit;
200 } else {
201 require(challenge, xit);
202 }
203
204 if (which == CORRUPT_CHALLENGE) {
205 corrupt_data(challenge, true);
206 } else if (which == WRONG_SECRET) {
207 secret = CFSTR(FRT_CIRCLE_WRONG_SECRET);
208 }
209
210 response = SOSFRSCopyResponsePacket(requestor, challenge, secret, NULL,
211 &cferror);
212 if (which == CORRUPT_CHALLENGE) {
213 ok(response == NULL, "did not create response packet");
214 goto xit;
215 } else {
216 require(response, xit);
217 }
218
219 if (which == CORRUPT_RESPONSE) {
220 corrupt_data(response, true);
221 }
222
223 hsa2code = CFDataCreate(NULL, frt_hsa2_data, sizeof(frt_hsa2_data) - 1);
224 hsa2packet = SOSFASCopyHSA2Packet(acceptor, response, hsa2code, &cferror);
225 if (which == CORRUPT_RESPONSE) {
226 ok(hsa2packet == NULL, "did not create hsa2 packet");
227 goto xit;
228 } else if (which == WRONG_SECRET) {
229 ok(hsa2packet == NULL, "did not create hsa2 packet from bad secret");
230 goto xit;
231 } else {
232 require(hsa2packet, xit);
233 }
234
235 if (which == CORRUPT_HSA2) {
236 corrupt_data(hsa2packet, true);
237 }
238
239 hsa2_decrypted = SOSFRSCopyHSA2CodeFromPacket(requestor, hsa2packet,
240 &cferror);
241 if (which == CORRUPT_HSA2) {
242 ok(hsa2_decrypted == NULL, "did not decrypt hsa2 code, error = %@",
243 cferror);
244 goto xit;
245 } else {
246 require(hsa2packet, xit);
247 }
248
249 xit:
250 CFReleaseNull(requestor);
251 CFReleaseNull(acceptor);
252
253 CFReleaseNull(hsa2code);
254 CFReleaseNull(hsa2packet);
255 CFReleaseNull(hsa2_decrypted);
256 CFReleaseNull(request);
257 CFReleaseNull(challenge);
258 CFReleaseNull(response);
259 }
260
261 static void
262 tests(void)
263 {
264 success_path();
265 failure_path(CORRUPT_REQUEST);
266 failure_path(CORRUPT_CHALLENGE);
267 failure_path(CORRUPT_RESPONSE);
268 failure_path(CORRUPT_HSA2);
269 failure_path(WRONG_SECRET);
270 }
271
272 int
273 sc_140_hsa2(int argc, char *const *argv)
274 {
275 plan_tests(_test_count);
276
277 tests();
278
279 return 0;
280 }
mirror of Security