]> git.saurik.com Git - apple/security.git/blob - keychain/securityd/Regressions/secd-20-keychain_upgrade.m
Security-59754.80.3.tar.gz
[apple/security.git] / keychain / securityd / Regressions / secd-20-keychain_upgrade.m
1 /*
2 * Copyright (c) 2015 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * This is to fool os services to not provide the Keychain manager
26 * interface tht doens't work since we don't have unified headers
27 * between iOS and OS X. rdar://23405418/
28 */
29 #define __KEYCHAINCORE__ 1
30
31
32 #import <Foundation/Foundation.h>
33 #import <CoreFoundation/CoreFoundation.h>
34 #import <Security/SecBase.h>
35 #import <Security/SecItem.h>
36 #import <Security/SecItemPriv.h>
37 #import <Security/SecInternal.h>
38 #import <utilities/SecCFRelease.h>
39 #import <utilities/SecFileLocations.h>
40 #import "keychain/securityd/SecItemServer.h"
41
42 #import <stdlib.h>
43
44 #include "secd_regressions.h"
45 #include "SecdTestKeychainUtilities.h"
46 #include "server_security_helpers.h"
47
48 static int ckmirror_row_exists = 0;
49 static int ckmirror_row_callback(void* unused, int count, char **data, char **columns)
50 {
51 ckmirror_row_exists = 1;
52 for (int i = 0; i < count; i++) {
53 if(strcmp(columns[i], "ckzone") == 0) {
54 is(strcmp(data[i], "ckzone"), 0, "Data is expected 'ckzone'");
55 }
56 }
57
58 return 0;
59 }
60
61 static void
62 keychain_upgrade(bool musr, const char *dbname)
63 {
64 OSStatus res;
65
66 secd_test_setup_temp_keychain(dbname, NULL);
67
68 #if TARGET_OS_IOS
69 if (musr)
70 SecSecuritySetMusrMode(true, 502, 502);
71 #endif
72
73 #if TARGET_OS_IPHONE
74 /*
75 * Check system keychain migration
76 */
77
78 res = SecItemAdd((__bridge CFDictionaryRef)@{
79 (id)kSecClass : (id)kSecClassGenericPassword,
80 (id)kSecAttrAccount : @"system-label-me",
81 (id)kSecUseSystemKeychain : (id)kCFBooleanTrue,
82 (id)kSecValueData : [NSData dataWithBytes:"some data" length:9],
83 }, NULL);
84 is(res, 0, "SecItemAdd(system)");
85 #endif
86
87 /*
88 * Check user keychain
89 */
90
91 res = SecItemAdd((__bridge CFDictionaryRef)@{
92 (id)kSecClass : (id)kSecClassGenericPassword,
93 (id)kSecAttrAccount : @"user-label-me",
94 (id)kSecValueData : [NSData dataWithBytes:"some data" length:9],
95 }, NULL);
96 is(res, 0, "SecItemAdd(user)");
97
98 NSString *keychain_path = CFBridgingRelease(__SecKeychainCopyPath());
99
100 // Add a row to a non-item table
101 /* Create a new keychain sqlite db */
102 sqlite3 *db = NULL;
103
104 is(sqlite3_open([keychain_path UTF8String], &db), SQLITE_OK, "open db");
105 is(sqlite3_exec(db, "INSERT into ckmirror VALUES(\"ckzone\", \"importantuuid\", \"keyuuid\", 0, \"asdf\", \"qwer\", \"ckrecord\", 0, 0, NULL, NULL, NULL);", NULL, NULL, NULL), SQLITE_OK, "row added to ckmirror table");
106 is(sqlite3_close(db), SQLITE_OK, "close db");
107
108 SecKeychainDbReset(^{
109
110 /* Create a new keychain sqlite db */
111 sqlite3 *db;
112
113 is(sqlite3_open([keychain_path UTF8String], &db), SQLITE_OK, "create keychain");
114 is(sqlite3_exec(db, "UPDATE tversion SET minor = minor - 1", NULL, NULL, NULL), SQLITE_OK,
115 "\"downgrade\" keychain");
116 is(sqlite3_close(db), SQLITE_OK, "close db");
117 });
118
119 #if TARGET_OS_IPHONE
120 res = SecItemCopyMatching((__bridge CFDictionaryRef)@{
121 (id)kSecClass : (id)kSecClassGenericPassword,
122 (id)kSecAttrAccount : @"system-label-me",
123 (id)kSecUseSystemKeychain : (id)kCFBooleanTrue,
124 }, NULL);
125 is(res, 0, "SecItemCopyMatching(system)");
126 #endif
127
128 res = SecItemCopyMatching((__bridge CFDictionaryRef)@{
129 (id)kSecClass : (id)kSecClassGenericPassword,
130 (id)kSecAttrAccount : @"user-label-me",
131 }, NULL);
132 is(res, 0, "SecItemCopyMatching(user)");
133
134 char* err = NULL;
135
136 is(sqlite3_open([keychain_path UTF8String], &db), SQLITE_OK, "open db");
137 is(sqlite3_exec(db, "select * from ckmirror;", ckmirror_row_callback, NULL, &err), SQLITE_OK, "row added to ckmirror table");
138 is(sqlite3_close(db), SQLITE_OK, "close db");
139 is(ckmirror_row_exists, 1, "SQLite found a row in the ckmirror table");
140
141 #if TARGET_OS_IOS
142 if (musr)
143 SecSecuritySetMusrMode(false, 501, -1);
144 #endif
145 }
146
147 int
148 secd_20_keychain_upgrade(int argc, char *const *argv)
149 {
150 #if TARGET_OS_IPHONE
151 #define have_system_keychain_tests 2
152 #else
153 #define have_system_keychain_tests 0
154 #endif
155
156 plan_tests((kSecdTestSetupTestCount + 5 + have_system_keychain_tests + 8) * 2);
157
158 CFArrayRef currentACL = CFRetainSafe(SecAccessGroupsGetCurrent());
159
160 NSMutableArray *newACL = [NSMutableArray arrayWithArray:(__bridge NSArray *)currentACL];
161 [newACL addObjectsFromArray:@[
162 @"com.apple.private.system-keychain",
163 @"com.apple.private.syncbubble-keychain",
164 @"com.apple.private.migrate-musr-system-keychain",
165 ]];
166
167 SecAccessGroupsSetCurrent((__bridge CFArrayRef)newACL);
168
169 keychain_upgrade(false, "secd_20_keychain_upgrade");
170 keychain_upgrade(true, "secd_20_keychain_upgrade-musr");
171
172 SecAccessGroupsSetCurrent(currentACL);
173 CFReleaseNull(currentACL);
174
175 return 0;
176 }