OSX/sec/securityd/Regressions/secd60-account-cloud-exposure.m

   1 /*
   2  * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 //  secd60-account-cloud-exposure.c
  26 //  sec
  27 //
  28
  29
  30
  31 #include <Security/SecBase.h>
  32 #include <Security/SecItem.h>
  33
  34 #include <CoreFoundation/CFDictionary.h>
  35
  36 #include <Security/SecureObjectSync/SOSAccount.h>
  37 #include <Security/SecureObjectSync/SOSPeerInfoPriv.h>
  38 #include <Security/SecureObjectSync/SOSCloudCircle.h>
  39 #include <Security/SecureObjectSync/SOSInternal.h>
  40 #include <Security/SecureObjectSync/SOSUserKeygen.h>
  41 #include <Security/SecureObjectSync/SOSTransport.h>
  42 #include <Security/SecureObjectSync/SOSAccountTrustClassic+Circle.h>
  43 #include <Security/SecureObjectSync/SOSAccountTrustClassic+Identity.h>
  44
  45 #include <stdlib.h>
  46 #include <unistd.h>
  47
  48 #include "secd_regressions.h"
  49 #include "SOSTestDataSource.h"
  50
  51 #include "SOSRegressionUtilities.h"
  52 #include <utilities/SecCFWrappers.h>
  53 #include <Security/SecKeyPriv.h>
  54
  55 #include <securityd/SOSCloudCircleServer.h>
  56
  57 #include "SOSAccountTesting.h"
  58
  59 #include "SecdTestKeychainUtilities.h"
  60
  61 static int kTestTestCount = 56;
  62
  63 static bool SOSAccountResetCircleToNastyOffering(SOSAccount* account, SecKeyRef userPriv, SOSPeerInfoRef pi, CFErrorRef *error) {
  64     bool result = false;
  65     SecKeyRef userPub = SecKeyCreatePublicFromPrivate(userPriv);
  66     SOSAccountTrustClassic *trust = account.trust;
  67     if(!SOSAccountHasCircle(account, error)){
  68         return result;
  69     }
  70     if(![account.trust ensureFullPeerAvailable:(__bridge CFDictionaryRef)(account.gestalt) deviceID:(__bridge CFStringRef)(account.deviceID) backupKey:(__bridge CFDataRef)(account.backup_key) err:error]){
  71         return result;
  72     }
  73     (void) [account.trust resetAllRings:account err:error];
  74
  75     [account.trust modifyCircle:account.circle_transport err:error action:^(SOSCircleRef circle) {
  76         bool result = false;
  77         CFErrorRef localError = NULL;
  78         SOSFullPeerInfoRef iCloudfpi = NULL;
  79
  80         //sleep(10);
  81         require_quiet(SOSCircleResetToEmpty(circle, error), err_out);
  82         require_quiet([account.trust addiCloudIdentity:circle key:userPriv err:error], err_out);
  83         require_quiet(iCloudfpi = SOSCircleCopyiCloudFullPeerInfoRef(circle, error), err_out);
  84
  85         /* Add the defenders peerInfo to circle */
  86         require_quiet(SOSCircleRequestReadmission(circle, userPub, pi, error), err_out);
  87         require_quiet(SOSCircleAcceptRequest(circle, userPriv, iCloudfpi, pi, error), err_out);
  88
  89         [trust setDepartureCode:kSOSNeverLeftCircle];
  90         result = true;
  91         [trust setTrustedCircle:SOSCircleCopyCircle(kCFAllocatorDefault, circle, error)];
  92         SOSAccountPublishCloudParameters(account, NULL);
  93         trust.fullPeerInfo = nil;
  94
  95     err_out:
  96         if (result == false)
  97         secerror("error resetting circle (%@) to offering: %@", circle, localError);
  98         if (localError && error && *error == NULL) {
  99             *error = localError;
 100             localError = NULL;
 101         }
 102         CFReleaseNull(localError);
 103         return result;
 104     }];
 105
 106     result = true;
 107
 108     return result;
 109 }
 110
 111 static bool SOSAccountResetToNastyOffering(SOSAccount* account, SOSPeerInfoRef pi, CFErrorRef* error) {
 112     SecKeyRef user_key = SOSAccountGetPrivateCredential(account, error);
 113     if (!user_key)
 114         return false;
 115
 116     SOSAccountTrustClassic* trust = account.trust;
 117     trust.fullPeerInfo = nil;
 118
 119     return user_key && SOSAccountResetCircleToNastyOffering(account, user_key, pi, error);
 120 }
 121
 122 static bool performiCloudIdentityAttack(SOSAccount* attacker, SOSAccount* defender, SOSAccount* accomplice, CFMutableDictionaryRef changes) {
 123     CFErrorRef error = NULL;
 124     bool retval = false;  // false means the attack succeeds
 125     CFArrayRef applicants = NULL;
 126     SOSAccountTrustClassic* defenderTrust = defender.trust;
 127
 128     /*----- Carole makes bogus circle with fake iCloud identity and Alice's peerInfo but only signed with fake iCloud identity -----*/
 129
 130     require_action_quiet(SOSAccountResetToNastyOffering(attacker, defenderTrust.peerInfo, &error), testDone, retval = true);
 131     CFReleaseNull(error);
 132
 133     ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
 134
 135     /*----- Now use our fake iCloud identity to get in to the circle for real -----*/
 136     require_action_quiet(SOSAccountJoinCirclesAfterRestore_wTxn(attacker, &error), testDone, retval = true);
 137     CFReleaseNull(error);
 138     require_action_quiet(countPeers(attacker) == 2, testDone, retval = true);
 139
 140     /*----- Let's see if carole can get bob into the circle and have alice believe it -----*/
 141     require_action_quiet(SOSAccountJoinCircles_wTxn(accomplice, &error), testDone, retval = true);
 142     CFReleaseNull(error);
 143
 144     ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
 145
 146     applicants = SOSAccountCopyApplicants(attacker, &error);
 147     CFReleaseNull(error);
 148
 149     if(CFArrayGetCount(applicants) > 0) {
 150         require_action_quiet(SOSAccountAcceptApplicants(attacker, applicants, &error), testDone, retval = true);
 151     }
 152
 153     ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
 154
 155     require_action_quiet(countPeers(defender) == 3, testDone, retval = true);
 156     require_action_quiet(countPeers(accomplice) == 3, testDone, retval = true);
 157     require_action_quiet(countPeers(attacker) == 3, testDone, retval = true);
 158
 159 testDone:
 160     CFReleaseNull(applicants);
 161     CFReleaseNull(error);
 162     return retval;
 163 }
 164
 165 static void tests(void)
 166 {
 167     CFErrorRef error = NULL;
 168     CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
 169     CFStringRef cfaccount = CFSTR("test@test.org");
 170
 171     CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
 172
 173     SOSAccount* alice_account = CreateAccountForLocalChanges( CFSTR("Alice"), CFSTR("TestSource"));
 174     SOSAccount* bob_account = CreateAccountForLocalChanges(CFSTR("Bob"), CFSTR("TestSource"));
 175     SOSAccount* carole_account = CreateAccountForLocalChanges(CFSTR("Carole"), CFSTR("TestSource"));
 176
 177     ok(SOSAccountAssertUserCredentialsAndUpdate(bob_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
 178
 179     // Bob wins writing at this point, feed the changes back to alice.
 180     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 1, "updates");
 181
 182     ok(SOSAccountAssertUserCredentialsAndUpdate(alice_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
 183     CFReleaseNull(error);
 184
 185     ok(SOSAccountAssertUserCredentialsAndUpdate(carole_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
 186     CFReleaseNull(error);
 187     ok(SOSAccountResetToOffering_wTxn(alice_account, &error), "Reset to offering (%@)", error);
 188     CFReleaseNull(error);
 189
 190     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 2, "updates");
 191
 192     ok(SOSAccountJoinCircles_wTxn(bob_account, &error), "Bob Applies (%@)", error);
 193     CFReleaseNull(error);
 194     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 2, "updates");
 195
 196     {
 197         CFArrayRef applicants = SOSAccountCopyApplicants(alice_account, &error);
 198
 199         ok(applicants && CFArrayGetCount(applicants) == 1, "See one applicant %@ (%@)", applicants, error);
 200         ok(SOSAccountAcceptApplicants(alice_account, applicants, &error), "Alice accepts (%@)", error);
 201         CFReleaseNull(error);
 202         CFReleaseNull(applicants);
 203     }
 204
 205     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 3, "updates");
 206
 207     accounts_agree("bob&alice pair", bob_account, alice_account);
 208
 209
 210     ok(performiCloudIdentityAttack(carole_account, alice_account, bob_account, changes), "Attack is defeated");
 211
 212     CFReleaseNull(cfpassword);
 213     alice_account = nil;
 214     bob_account = nil;
 215     SOSTestCleanup();
 216 }
 217
 218 int secd_60_account_cloud_exposure(int argc, char *const *argv)
 219 {
 220     plan_tests(kTestTestCount);
 221
 222     secd_test_setup_temp_keychain(__FUNCTION__, NULL);
 223
 224     tests();
 225
 226     return 0;
 227 }