OSX/sec/securityd/Regressions/secd-35-keychain-migrate-inet.c

   1 /*
   2  * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 #include "secd_regressions.h"
  26
  27 #include <securityd/SecDbItem.h>
  28 #include <utilities/array_size.h>
  29 #include <utilities/SecCFWrappers.h>
  30 #include <utilities/SecFileLocations.h>
  31 #include <utilities/fileIo.h>
  32
  33 #include <securityd/SecItemServer.h>
  34
  35 #include <Security/SecBasePriv.h>
  36
  37 #include <TargetConditionals.h>
  38 #include <AssertMacros.h>
  39
  40 #if TARGET_OS_IPHONE && USE_KEYSTORE
  41 #include <libaks.h>
  42
  43 #include "SecdTestKeychainUtilities.h"
  44
  45 #include "ios8-inet-keychain-2.h"
  46
  47 void SecAccessGroupsSetCurrent(CFArrayRef accessGroups);
  48 CFArrayRef SecAccessGroupsGetCurrent();
  49
  50 int secd_35_keychain_migrate_inet(int argc, char *const *argv)
  51 {
  52     plan_tests(11 + kSecdTestSetupTestCount);
  53
  54     __block keybag_handle_t keybag;
  55     __block keybag_state_t state;
  56     char *passcode="password";
  57     int passcode_len=(int)strlen(passcode);
  58
  59     /* custom keychain dir */
  60     secd_test_setup_temp_keychain("secd_35_keychain_migrate_inet", ^{
  61         CFStringRef keychain_path_cf = __SecKeychainCopyPath();
  62
  63         CFStringPerformWithCString(keychain_path_cf, ^(const char *keychain_path) {
  64             writeFile(keychain_path, ios8_inet_keychain_2_db, ios8_inet_keychain_2_db_len);
  65
  66             /* custom notification */
  67             SecItemServerSetKeychainChangedNotification("com.apple.secdtests.keychainchanged");
  68
  69             /* Create and lock custom keybag */
  70             ok(kIOReturnSuccess==aks_create_bag(passcode, passcode_len, kAppleKeyStoreDeviceBag, &keybag), "create keybag");
  71             ok(kIOReturnSuccess==aks_get_lock_state(keybag, &state), "get keybag state");
  72             ok(!(state&keybag_state_locked), "keybag unlocked");
  73             SecItemServerSetKeychainKeybag(keybag);
  74
  75             /* lock */
  76             ok(kIOReturnSuccess==aks_lock_bag(keybag), "lock keybag");
  77             ok(kIOReturnSuccess==aks_get_lock_state(keybag, &state), "get keybag state");
  78             ok(state&keybag_state_locked, "keybag locked");
  79         });
  80
  81         CFReleaseSafe(keychain_path_cf);
  82     });
  83
  84     CFArrayRef old_ag = SecAccessGroupsGetCurrent();
  85     CFMutableArrayRef test_ag = CFArrayCreateMutableCopy(NULL, 0, old_ag);
  86     CFArrayAppendValue(test_ag, CFSTR("com.apple.cfnetwork"));
  87     SecAccessGroupsSetCurrent(test_ag);
  88
  89     /* querying a password */
  90     const void *keys[] = {
  91         kSecClass,
  92         kSecAttrAccessGroup,
  93         kSecAttrSynchronizable,
  94         kSecMatchLimit,
  95         kSecReturnAttributes,
  96     };
  97     const void *values[] = {
  98         kSecClassInternetPassword,
  99         CFSTR("com.apple.cfnetwork"),
 100         kSecAttrSynchronizableAny,
 101         kSecMatchLimitAll,
 102         kCFBooleanTrue,
 103     };
 104     CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values,
 105                                                array_size(keys), NULL, NULL);
 106     CFTypeRef results = NULL;
 107     is_status(SecItemCopyMatching(query, &results), errSecInteractionNotAllowed);
 108
 109     ok(kIOReturnSuccess==aks_unlock_bag(keybag, passcode, passcode_len), "lock keybag");
 110     ok(kIOReturnSuccess==aks_get_lock_state(keybag, &state), "get keybag state");
 111     ok(!(state&keybag_state_locked), "keybag unlocked");
 112
 113     // We should be able to query 2 inet items from the DB here.  But the database is encrypted
 114     // by keybag which we do not know, so no item can be actually retrieved.  The test could be
 115     // improved by crafting DB to update using keybag hardcoded in the test, that way it would be possible
 116     // to check that 2 inet items are really retrieved here.
 117     is_status(SecItemCopyMatching(query, &results), errSecItemNotFound);
 118
 119     /* Reset keybag */
 120     SecItemServerResetKeychainKeybag();
 121
 122     // Reset server accessgroups.
 123     SecAccessGroupsSetCurrent(old_ag);
 124     CFReleaseSafe(test_ag);
 125
 126     CFReleaseSafe(results);
 127     CFReleaseSafe(query);
 128     return 0;
 129 }
 130
 131 #else
 132
 133 int secd_35_keychain_migrate_inet(int argc, char *const *argv)
 134 {
 135     plan_tests(1);
 136
 137     todo("Not yet working in simulator");
 138
 139 TODO: {
 140     ok(false);
 141 }
 142     /* not implemented in simulator (no keybag) */
 143     /* Not implemented in OSX (no upgrade scenario) */
 144     return 0;
 145 }
 146 #endif