]> git.saurik.com Git - apple/security.git/blob - keychain/Trieste/OctagonTestHarnessXPCService/SecRemoteDevice.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.61.1.tar.gz
[apple/security.git] / keychain / Trieste / OctagonTestHarnessXPCService / SecRemoteDevice.m
1 /*
2 * Copyright (c) 2017 - 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #import <Foundation/Foundation.h>
26 #import <Foundation/NSXPCConnection_Private.h>
27 #import "keychain/securityd/SOSCloudCircleServer.h"
28 #import <Security/SecureObjectSync/SOSPeerInfo.h>
29 #import <Security/SecureObjectSync/SOSCloudCircleInternal.h>
30 #import <Security/SecureObjectSync/SOSViews.h>
31 #import "keychain/SecureObjectSync/SOSTypes.h"
32 #import "keychain/SecureObjectSync/SOSInternal.h"
33 #import "keychain/SecureObjectSync/SOSAuthKitHelpers.h"
34 #import "OSX/sec/Security/SecItemShim.h"
35
36 #import <stdlib.h>
37 #import <unistd.h>
38 #import <libproc.h>
39
40 #import "keychain/ckks/CKKS.h"
41 #import "keychain/ot/OTManager.h"
42 #import "keychain/ot/OT.h"
43 #import "keychain/ot/OTControl.h"
44 #import "keychain/ot/OTCuttlefishContext.h"
45 #import "keychain/categories/NSError+UsefulConstructors.h"
46 #import "keychain/SecureObjectSync/CKBridge/SOSCloudKeychainClient.h"
47 #import "keychain/SecureObjectSync/SOSControlServer.h"
48 #import "KeychainCircle/PairingChannel.h"
49
50 #import "SharedMocks/NSXPCConnectionMock.h"
51
52 #import "SecRemoteDeviceProtocol.h"
53 #import "SecRemoteDevice.h"
54
55 @interface DevicePairingSimulator : NSObject <DevicePairingProtocol>
56 @property KCPairingChannelContext *remoteVersionContext;
57 @property KCPairingChannel *channel;
58 @property SecRemoteDevice *device;
59 @property (assign) bool initiator;
60 @property (assign) bool haveHandshakeCompleted;
61
62 - (instancetype)init NS_UNAVAILABLE;
63 - (instancetype)initAsInitiator:(bool)initiator version:(KCPairingChannelContext *)peerVersionContext device:(SecRemoteDevice *)device;
64 @end
65
66 @implementation DevicePairingSimulator
67
68 - (instancetype)initAsInitiator:(bool)initiator version:(KCPairingChannelContext *)peerVersionContext device:(SecRemoteDevice *)device
69 {
70 self = [super init];
71 if (self) {
72 self.remoteVersionContext = peerVersionContext;
73 self.initiator = initiator;
74 self.device = device;
75 self.channel = [[KCPairingChannel alloc] initAsInitiator:initiator version:peerVersionContext];
76 #if SECD_SERVER
77 [self.channel setXPCConnectionObject:(NSXPCConnection *)[[NSXPCConnectionMock alloc] initWithRealObject:SOSControlServerInternalClient()]];
78 #endif
79 }
80
81 return self;
82 }
83
84 - (void)exchangePacket:(NSData *)data complete:(void (^)(bool complete, NSData *result, NSError *error))complete
85 {
86 os_log(NULL, "[%@] exchangePacket", self.device.name);
87
88 if (self.haveHandshakeCompleted || self.channel == NULL) {
89 abort();
90 }
91 [self.channel exchangePacket:data complete:^void(BOOL handshakeComplete, NSData *packet, NSError *error) {
92 self.haveHandshakeCompleted = handshakeComplete;
93 os_log(NULL, "[%@] exchangePacket:complete: %d", self.device.name, handshakeComplete);
94 complete(handshakeComplete, packet, error);
95 }];
96 }
97
98 - (void)validateStart:(void(^)(bool result, NSError *error))complete
99 {
100 if (self.channel == NULL) {
101 abort();
102 }
103 [self.channel validateStart:^(bool result, NSError *error) {
104 complete(result, error);
105 }];
106 }
107 @end
108
109
110 @implementation SecRemoteDevice
111
112
113 - (void)setUserCredentials:(NSString *)username password:(NSString *)password complete:(void (^)(bool success, NSError *error))complete
114 {
115 CFErrorRef cferror = NULL;
116 bool result = SOSCCSetUserCredentialsAndDSID((__bridge CFStringRef)username,
117 (__bridge CFDataRef)[password dataUsingEncoding:NSUTF8StringEncoding],
118 CFSTR("1"), &cferror);
119 complete(result, (__bridge NSError *)cferror);
120 CFReleaseNull(cferror);
121 }
122
123 - (void)setupSOSCircle:(NSString *)username password:(NSString *)password complete:(void (^)(bool success, NSError *error))complete
124 {
125 CFErrorRef cferror = NULL;
126 bool result = SOSCCSetUserCredentialsAndDSID((__bridge CFStringRef)username,
127 (__bridge CFDataRef)[password dataUsingEncoding:NSUTF8StringEncoding],
128 CFSTR("1"), &cferror);
129 if (result) {
130 result = SOSCCResetToOffering(&cferror);
131 }
132 complete(result, (__bridge NSError *)cferror);
133 CFReleaseNull(cferror);
134 }
135
136 - (void)sosCircleStatus:(void(^)(SOSCCStatus status, NSError *error))complete
137 {
138 SOSCloudKeychainFlush(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(CFDictionaryRef __unused returnedValues, CFErrorRef __unused sync_error) {
139 CFErrorRef cferror = NULL;
140 SOSCCStatus status = SOSCCThisDeviceIsInCircle(&cferror);
141 complete(status, (__bridge NSError *)cferror);
142 CFReleaseNull(cferror);
143 });
144 }
145
146 - (void)sosCircleStatusNonCached:(void(^)(SOSCCStatus status, NSError *error))complete
147 {
148 SOSCloudKeychainFlush(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(CFDictionaryRef __unused returnedValues, CFErrorRef __unused sync_error) {
149 CFErrorRef cferror = NULL;
150 SOSCCStatus status = SOSCCThisDeviceIsInCircleNonCached(&cferror);
151 complete(status, (__bridge NSError *)cferror);
152 CFReleaseNull(cferror);
153 });
154 }
155
156
157 - (void)sosViewStatus:(NSString *) viewName withCompletion: (void(^)(SOSViewResultCode status, NSError *error))complete
158 {
159 CFErrorRef cferror = NULL;
160 SOSViewResultCode status = SOSCCView((__bridge CFStringRef)(viewName), kSOSCCViewQuery, &cferror);
161 complete(status, (__bridge NSError *)cferror);
162 CFReleaseNull(cferror);
163 }
164
165
166 - (void)sosICKStatus: (void(^)(bool status))complete
167 {
168 CFErrorRef cferror = NULL;
169 bool status = SOSCCIsIcloudKeychainSyncing();
170 complete(status);
171 CFReleaseNull(cferror);
172 }
173
174 - (void)sosPeerID:(void (^)(NSString *))complete
175 {
176 CFErrorRef cferror = NULL;
177 CFStringRef peerID = NULL;
178 SOSPeerInfoRef peerInfo = SOSCCCopyMyPeerInfo(&cferror);
179 if (peerInfo)
180 peerID = SOSPeerInfoGetPeerID(peerInfo);
181
182 complete((__bridge NSString *)peerID);
183 CFReleaseNull(peerInfo);
184 }
185
186 - (void)sosPeerSerial:(void(^)(NSString * _Nullable peerSerial))complete {
187 CFErrorRef cferror = NULL;
188 CFStringRef peerSerial = NULL;
189 SOSPeerInfoRef peerInfo = SOSCCCopyMyPeerInfo(&cferror);
190 if (peerInfo)
191 peerSerial = SOSPeerInfoCopySerialNumber(peerInfo);
192 complete((__bridge NSString *)peerSerial);
193 CFReleaseNull(peerSerial);
194 CFReleaseNull(peerInfo);
195 }
196
197 - (void)sosCirclePeerIDs:(void (^)(NSArray<NSString *> *))complete
198 {
199 CFErrorRef error = NULL;
200 NSArray *array = CFBridgingRelease(SOSCCCopyConcurringPeerPeerInfo(&error));
201 NSMutableArray<NSString *> *peerIDs = [NSMutableArray new];
202
203 if (array) {
204 [array enumerateObjectsUsingBlock:^(id _Nonnull obj, NSUInteger idx, BOOL * _Nonnull stop) {
205 SOSPeerInfoRef peerInfo = (__bridge SOSPeerInfoRef)obj;
206 NSString *peerID = (__bridge NSString *)SOSPeerInfoGetPeerID(peerInfo);
207 [peerIDs addObject:peerID];
208 }];
209 }
210 complete(peerIDs);
211 }
212
213 - (void)sosRequestToJoin:(void(^)(bool success, NSString *peerID, NSError *error))complete
214 {
215 CFErrorRef cferror = NULL;
216
217 os_log(NULL, "[%@] sosRequestToJoin", self.name);
218
219 SOSCCStatus status = SOSCCThisDeviceIsInCircle(&cferror);
220 if (status == kSOSCCCircleAbsent) {
221 cferror = CFErrorCreate(NULL, CFSTR("MDCircleAbsent"), 1, NULL);
222 complete(false, NULL, (__bridge NSError *)cferror);
223 CFReleaseNull(cferror);
224 } else if (status == kSOSCCNotInCircle) {
225 CFReleaseNull(cferror);
226 NSString *peerID = NULL;
227 bool result = SOSCCRequestToJoinCircle(&cferror);
228 if (result) {
229 SOSPeerInfoRef peerInfo = SOSCCCopyMyPeerInfo(&cferror);
230 if (peerInfo) {
231 peerID = (__bridge NSString *)SOSPeerInfoGetPeerID(peerInfo);
232 }
233 CFReleaseNull(peerInfo);
234 CFReleaseNull(cferror);
235 }
236 complete(result, peerID, (__bridge NSError *)cferror);
237 CFReleaseNull(cferror);
238 } else {
239 if(!cferror) {
240 cferror = CFErrorCreate(NULL, CFSTR("MDGeneralJoinError"), 1, NULL);
241 }
242 complete(false, NULL, (__bridge NSError *)cferror);
243 CFReleaseNull(cferror);
244 }
245 }
246
247 - (void)sosLeaveCircle: (void(^)(bool success, NSError *error))complete {
248 CFErrorRef cferror = NULL;
249 bool retval = false;
250
251 os_log(NULL, "[%@] sosLeaveCircle", self.name);
252
253 SOSCCStatus status = SOSCCThisDeviceIsInCircle(&cferror);
254 if(status == kSOSCCInCircle || status == kSOSCCRequestPending) {
255 retval = SOSCCRemoveThisDeviceFromCircle(&cferror);
256 }
257 complete(retval, (__bridge NSError *) cferror);
258 CFReleaseNull(cferror);
259 }
260
261
262 - (void)sosApprovePeer:(NSString *)peerID complete:(void(^)(BOOL success, NSError *error))complete
263 {
264 CFErrorRef cferror = NULL;
265 os_log(NULL, "[%@] sosApprovePeer: %@", self.name, peerID);
266 NSArray *applicants = CFBridgingRelease(SOSCCCopyApplicantPeerInfo(&cferror));
267 if ([applicants count] == 0) {
268 CFReleaseNull(cferror);
269 cferror = CFErrorCreate(NULL, CFSTR("MDNoApplicant"), 1, NULL);
270 complete(false, (__bridge NSError *)cferror);
271 CFReleaseNull(cferror);
272 return;
273 }
274 NSMutableArray *approvedApplicants = [NSMutableArray array];
275 for (id peer in applicants) {
276 SOSPeerInfoRef peerInfo = (__bridge SOSPeerInfoRef)peer;
277 NSString *applicantPeerID = (__bridge NSString *)SOSPeerInfoGetPeerID(peerInfo);
278 if (peerID == NULL || [peerID isEqualToString:applicantPeerID]){
279 [approvedApplicants addObject:(__bridge id)peerInfo];
280 }
281 }
282 bool result = false;
283 if ([approvedApplicants count]) {
284 result = SOSCCAcceptApplicants((__bridge CFArrayRef)approvedApplicants, &cferror);
285 } else {
286 cferror = CFErrorCreate(NULL, CFSTR("MDNoApplicant"), 1, NULL);
287 }
288 complete(result, (__bridge NSError *)cferror);
289 CFReleaseNull(cferror);
290 }
291
292 - (void)sosGhostBust:(SOSAccountGhostBustingOptions)options complete:(void(^)(bool busted, NSError *error))complete {
293 os_log(NULL, "[%@] sosGhostBust", self.name);
294 SOSCCGhostBust(options, ^(bool busted, NSError *error) {
295 os_log(NULL, "[%@] sosGhostBust: %sbusted error: %@", self.name, busted ? "" : "no ", error);
296 complete(busted, error);
297 });
298 }
299
300 - (void)sosCircleHash: (void(^)(NSString *data, NSError * _Nullable error))complete
301 {
302 NSError *error = NULL;
303 NSString *hash = SOSCCCircleHash(&error);
304 complete(hash, error);
305 }
306
307
308 - (void)sosWaitForInitialSync:(void(^)(bool success, NSError *error))complete
309 {
310 CFErrorRef cferror = NULL;
311 bool success = SOSCCWaitForInitialSync(&cferror);
312 complete(success, (__bridge NSError *)cferror);
313 CFReleaseNull(cferror);
314 }
315
316 - (void)sosEnableAllViews:(void(^)(BOOL success, NSError *error))complete
317 {
318 CFMutableSetRef viewsToEnable = SOSViewCopyViewSet(kViewSetAll);
319 CFMutableSetRef viewsToDisable = CFSetCreateMutable(NULL, 0, NULL);
320
321 bool success = SOSCCViewSet(viewsToEnable, viewsToDisable);
322 CFRelease(viewsToEnable);
323 CFRelease(viewsToDisable);
324 complete(success, NULL);
325
326 }
327
328 - (void) sosCachedViewBitmask: (void(^)(uint64_t bitmask))complete {
329 uint64_t result = SOSCachedViewBitmask();
330 complete(result);
331 }
332
333 - (void) deviceInfo:(nonnull void (^)(NSString * _Nullable, NSString * _Nullable, NSError * _Nullable))complete {
334 complete(@"", @"", NULL);
335 }
336
337
338 // MARK: - Pairing
339
340 - (void)pairingChannelSetup:(bool)initiator pairingContext:(KCPairingChannelContext *)context complete:(void (^)(id<DevicePairingProtocol>, NSError *))complete {
341
342 DevicePairingSimulator *pairingSim = [[DevicePairingSimulator alloc] initAsInitiator:initiator version:context device:self];
343 complete(pairingSim, nil);
344 }
345
346 // MARK: - Diagnostics
347
348 - (void)diagnosticsLeaks:(void(^)(bool success, NSString *outout, NSError *error))complete
349 {
350 complete(true, NULL, NULL);
351 }
352
353 - (void)diagnosticsCPUUsage:(void(^)(bool success, uint64_t user_usec, uint64_t sys_usec, NSError *error))complete
354 {
355 struct rusage usage;
356 getrusage(RUSAGE_SELF, &usage);
357 uint64_t user_usec = usage.ru_utime.tv_sec * USEC_PER_SEC + usage.ru_utime.tv_usec;
358 uint64_t sys_usec = usage.ru_stime.tv_sec * USEC_PER_SEC + usage.ru_stime.tv_usec;
359
360 complete(true, user_usec, sys_usec, NULL);
361 }
362
363 - (void)diagnosticsDiskUsage:(void(^)(bool success, uint64_t usage, NSError *error))complete
364 {
365 rusage_info_current rusage;
366
367 if (proc_pid_rusage(getpid(), RUSAGE_INFO_CURRENT, (rusage_info_t *)&rusage) == 0) {
368 complete(true, rusage.ri_logical_writes, NULL);
369 } else {
370 complete(false, 0, NULL);
371 }
372 }
373
374 // MARK: - Octagon
375 - (void)otReset:(NSString *)altDSID complete:(void (^)(bool success, NSError *_Nullable error))complete
376 {
377 #if OCTAGON
378 OTControl *ot = [self OTControl];
379
380 [ot resetAndEstablish:nil context:OTDefaultContext altDSID:altDSID resetReason:CuttlefishResetReasonTestGenerated reply:^(NSError * _Nullable error) {
381 complete(error == NULL, error);
382 }];
383 #else
384 complete(false, [self octagonNotAvailableError]);
385 #endif
386 }
387
388 - (void)otPeerID:(NSString *)altDSID complete:(void (^)(NSString *peerID, NSError *_Nullable error))complete
389 {
390 #if OCTAGON
391 OTControl *ot = [self OTControl];
392 [ot fetchEgoPeerID:nil context:OTDefaultContext reply:^(NSString * _Nullable peerID, NSError * _Nullable error) {
393 complete(peerID, error);
394 }];
395 #else
396 complete(false, [self octagonNotAvailableError]);
397 #endif
398
399 }
400
401 - (void)otInCircle:(NSString *)altDSID complete:(void (^)(bool inCircle, NSError *_Nullable error))complete
402 {
403 #if OCTAGON
404 OTControl *ot = [self OTControl];
405 OTOperationConfiguration *configuration = [[OTOperationConfiguration alloc] init];
406 [ot fetchCliqueStatus:nil context:OTDefaultContext configuration:configuration reply:^(CliqueStatus cliqueStatus, NSError * _Nullable error) {
407 os_log(NULL, "[%@] otInCircle: clique: %d error: %@", self.name, (int)cliqueStatus, error);
408 complete(cliqueStatus == CliqueStatusIn, error);
409 }];
410 #else
411 complete(false, [self octagonNotAvailableError]);
412 #endif
413 }
414
415
416 //MARK: - Misc helpers
417
418 #if OCTAGON
419
420 - (OTControl *)OTControl
421 {
422 #if SECD_SERVER
423 return [[OTControl alloc] initWithConnection:(NSXPCConnection *)[[NSXPCConnectionMock alloc] initWithRealObject:[OTManager manager]] sync:true];
424 #else
425 NSError *error = NULL;
426 return [OTControl controlObject:true error:&error];
427 #endif
428 }
429
430 #else /* !OCTAGON */
431
432 - (NSError *)octagonNotAvailableError
433 {
434 return [NSError errorWithDomain:@"DeviceSimulator" code:1 description:@"no octagon available"];
435 }
436 #endif
437
438 @end
mirror of Security