keychain/securityd/Regressions/secd60-account-cloud-exposure.m

   1 /*
   2  * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 //  secd60-account-cloud-exposure.c
  26 //  sec
  27 //
  28
  29
  30
  31 #include <Security/SecBase.h>
  32 #include <Security/SecItem.h>
  33
  34 #include <CoreFoundation/CFDictionary.h>
  35
  36 #include "keychain/SecureObjectSync/SOSAccount.h"
  37 #include "keychain/SecureObjectSync/SOSPeerInfoPriv.h"
  38 #include <Security/SecureObjectSync/SOSCloudCircle.h>
  39 #include "keychain/SecureObjectSync/SOSInternal.h"
  40 #include "keychain/SecureObjectSync/SOSUserKeygen.h"
  41 #include "keychain/SecureObjectSync/SOSTransport.h"
  42 #include "keychain/SecureObjectSync/SOSAccountTrustClassic+Circle.h"
  43 #include "keychain/SecureObjectSync/SOSAccountTrustClassic+Identity.h"
  44
  45 #include <stdlib.h>
  46 #include <unistd.h>
  47
  48 #include "secd_regressions.h"
  49 #include "SOSTestDataSource.h"
  50
  51 #include "SOSRegressionUtilities.h"
  52 #include <utilities/SecCFWrappers.h>
  53 #include <Security/SecKeyPriv.h>
  54
  55 #include "keychain/securityd/SOSCloudCircleServer.h"
  56
  57 #include "SOSAccountTesting.h"
  58
  59 #include "SecdTestKeychainUtilities.h"
  60
  61 static bool SOSAccountResetCircleToNastyOffering(SOSAccount* account, SecKeyRef userPriv, SOSPeerInfoRef pi, CFErrorRef *error) {
  62     bool result = false;
  63     SecKeyRef userPub = SecKeyCreatePublicFromPrivate(userPriv);
  64     SOSAccountTrustClassic *trust = account.trust;
  65     if(!SOSAccountHasCircle(account, error)){
  66         CFReleaseNull(userPub);
  67         return result;
  68     }
  69     if(![account.trust ensureFullPeerAvailable:(__bridge CFDictionaryRef)(account.gestalt) deviceID:(__bridge CFStringRef)(account.deviceID) backupKey:(__bridge CFDataRef)(account.backup_key) err:error]){
  70         CFReleaseNull(userPub);
  71         return result;
  72     }
  73     (void) [account.trust resetAllRings:account err:error];
  74
  75     [account.trust modifyCircle:account.circle_transport err:error action:^(SOSCircleRef circle) {
  76         bool result = false;
  77         CFErrorRef localError = NULL;
  78         SOSFullPeerInfoRef iCloudfpi = NULL;
  79
  80         //sleep(10);
  81         require_quiet(SOSCircleResetToEmpty(circle, error), err_out);
  82         require_quiet([account.trust addiCloudIdentity:circle key:userPriv err:error], err_out);
  83         require_quiet(iCloudfpi = SOSCircleCopyiCloudFullPeerInfoRef(circle, error), err_out);
  84
  85         /* Add the defenders peerInfo to circle */
  86         require_quiet(SOSCircleRequestReadmission(circle, userPub, pi, error), err_out);
  87         require_quiet(SOSCircleAcceptRequest(circle, userPriv, iCloudfpi, pi, error), err_out);
  88
  89         [trust setDepartureCode:kSOSNeverLeftCircle];
  90         result = true;
  91         SOSCircleRef copiedCircle = SOSCircleCopyCircle(kCFAllocatorDefault, circle, error); // I don't think this copy is necessary, but...
  92         [trust setTrustedCircle:copiedCircle];
  93         CFReleaseNull(copiedCircle);
  94         SOSAccountPublishCloudParameters(account, NULL);
  95         trust.fullPeerInfo = nil;
  96
  97     err_out:
  98         if (result == false) {
  99             secerror("error resetting circle (%@) to offering: %@", circle, localError);
 100         }
 101         if (localError && error && *error == NULL) {
 102             *error = localError;
 103             localError = NULL;
 104         }
 105
 106         CFReleaseNull(iCloudfpi);
 107         CFReleaseNull(localError);
 108         return result;
 109     }];
 110
 111     result = true;
 112
 113     return result;
 114 }
 115
 116 static bool SOSAccountResetToNastyOffering(SOSAccount* account, SOSPeerInfoRef pi, CFErrorRef* error) {
 117     SecKeyRef user_key = SOSAccountGetPrivateCredential(account, error);
 118     if (!user_key)
 119         return false;
 120
 121     SOSAccountTrustClassic* trust = account.trust;
 122     trust.fullPeerInfo = nil;
 123
 124     return user_key && SOSAccountResetCircleToNastyOffering(account, user_key, pi, error);
 125 }
 126
 127 static bool performiCloudIdentityAttack(SOSAccount* attacker, SOSAccount* defender, SOSAccount* accomplice, CFMutableDictionaryRef changes) {
 128     CFErrorRef error = NULL;
 129     bool retval = false;  // false means the attack succeeds
 130     CFArrayRef applicants = NULL;
 131     SOSAccountTrustClassic* defenderTrust = defender.trust;
 132
 133     /*----- Carole makes bogus circle with fake iCloud identity and Alice's peerInfo but only signed with fake iCloud identity -----*/
 134
 135     require_action_quiet(SOSAccountResetToNastyOffering(attacker, defenderTrust.peerInfo, &error), testDone, retval = true);
 136     CFReleaseNull(error);
 137
 138     ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
 139
 140     /*----- Now use our fake iCloud identity to get in to the circle for real -----*/
 141     require_action_quiet(SOSAccountJoinCirclesAfterRestore_wTxn(attacker, &error), testDone, retval = true);
 142     CFReleaseNull(error);
 143     require_action_quiet(countPeers(attacker) == 2, testDone, retval = true);
 144
 145     /*----- Let's see if carole can get bob into the circle and have alice believe it -----*/
 146     require_action_quiet(SOSAccountJoinCircles_wTxn(accomplice, &error), testDone, retval = true);
 147     CFReleaseNull(error);
 148
 149     ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
 150
 151     applicants = SOSAccountCopyApplicants(attacker, &error);
 152     CFReleaseNull(error);
 153
 154     if(CFArrayGetCount(applicants) > 0) {
 155         require_action_quiet(SOSAccountAcceptApplicants(attacker, applicants, &error), testDone, retval = true);
 156     }
 157
 158     ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
 159
 160     require_action_quiet(countPeers(defender) == 3, testDone, retval = true);
 161     require_action_quiet(countPeers(accomplice) == 3, testDone, retval = true);
 162     require_action_quiet(countPeers(attacker) == 3, testDone, retval = true);
 163
 164 testDone:
 165     CFReleaseNull(applicants);
 166     CFReleaseNull(error);
 167     return retval;
 168 }
 169
 170 static void tests(void)
 171 {
 172     CFErrorRef error = NULL;
 173     CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
 174     CFStringRef cfaccount = CFSTR("test@test.org");
 175
 176     CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
 177
 178     SOSAccount* alice_account = CreateAccountForLocalChanges( CFSTR("Alice"), CFSTR("TestSource"));
 179     SOSAccount* bob_account = CreateAccountForLocalChanges(CFSTR("Bob"), CFSTR("TestSource"));
 180     SOSAccount* carole_account = CreateAccountForLocalChanges(CFSTR("Carole"), CFSTR("TestSource"));
 181
 182     ok(SOSAccountAssertUserCredentialsAndUpdate(bob_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
 183
 184     // Bob wins writing at this point, feed the changes back to alice.
 185     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 1, "updates");
 186
 187     ok(SOSAccountAssertUserCredentialsAndUpdate(alice_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
 188     CFReleaseNull(error);
 189
 190     ok(SOSAccountAssertUserCredentialsAndUpdate(carole_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
 191     CFReleaseNull(error);
 192     ok(SOSAccountResetToOffering_wTxn(alice_account, &error), "Reset to offering (%@)", error);
 193     CFReleaseNull(error);
 194
 195     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 2, "updates");
 196
 197     ok(SOSAccountJoinCircles_wTxn(bob_account, &error), "Bob Applies (%@)", error);
 198     CFReleaseNull(error);
 199     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 2, "updates");
 200
 201     {
 202         CFArrayRef applicants = SOSAccountCopyApplicants(alice_account, &error);
 203
 204         ok(applicants && CFArrayGetCount(applicants) == 1, "See one applicant %@ (%@)", applicants, error);
 205         ok(SOSAccountAcceptApplicants(alice_account, applicants, &error), "Alice accepts (%@)", error);
 206         CFReleaseNull(error);
 207         CFReleaseNull(applicants);
 208     }
 209
 210     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 3, "updates");
 211
 212     accounts_agree("bob&alice pair", bob_account, alice_account);
 213
 214
 215     ok(performiCloudIdentityAttack(carole_account, alice_account, bob_account, changes), "Attack is defeated");
 216
 217     CFReleaseNull(cfpassword);
 218     alice_account = nil;
 219     bob_account = nil;
 220     SOSTestCleanup();
 221 }
 222
 223 int secd_60_account_cloud_exposure(int argc, char *const *argv)
 224 {
 225     plan_tests(41);
 226
 227     secd_test_setup_temp_keychain(__FUNCTION__, NULL);
 228
 229     tests();
 230
 231     return 0;
 232 }