]> git.saurik.com Git - apple/security.git/blob - keychain/securityd/Regressions/secd60-account-cloud-exposure.m
Security-59754.80.3.tar.gz
[apple/security.git] / keychain / securityd / Regressions / secd60-account-cloud-exposure.m
1 /*
2 * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // secd60-account-cloud-exposure.c
26 // sec
27 //
28
29
30
31 #include <Security/SecBase.h>
32 #include <Security/SecItem.h>
33
34 #include <CoreFoundation/CFDictionary.h>
35
36 #include "keychain/SecureObjectSync/SOSAccount.h"
37 #include "keychain/SecureObjectSync/SOSPeerInfoPriv.h"
38 #include <Security/SecureObjectSync/SOSCloudCircle.h>
39 #include "keychain/SecureObjectSync/SOSInternal.h"
40 #include "keychain/SecureObjectSync/SOSUserKeygen.h"
41 #include "keychain/SecureObjectSync/SOSTransport.h"
42 #include "keychain/SecureObjectSync/SOSAccountTrustClassic+Circle.h"
43 #include "keychain/SecureObjectSync/SOSAccountTrustClassic+Identity.h"
44
45 #include <stdlib.h>
46 #include <unistd.h>
47
48 #include "secd_regressions.h"
49 #include "keychain/SecureObjectSync/Regressions/SOSTestDataSource.h"
50
51 #include "SOSRegressionUtilities.h"
52 #include <utilities/SecCFWrappers.h>
53 #include <Security/SecKeyPriv.h>
54
55 #include "keychain/securityd/SOSCloudCircleServer.h"
56
57 #include "SOSAccountTesting.h"
58
59 #include "SecdTestKeychainUtilities.h"
60 #if SOS_ENABLED
61
62 static bool SOSAccountResetCircleToNastyOffering(SOSAccount* account, SecKeyRef userPriv, SOSPeerInfoRef pi, CFErrorRef *error) {
63 bool result = false;
64 SecKeyRef userPub = SecKeyCreatePublicFromPrivate(userPriv);
65 SOSAccountTrustClassic *trust = account.trust;
66 if(!SOSAccountHasCircle(account, error)){
67 CFReleaseNull(userPub);
68 return result;
69 }
70 if(![account.trust ensureFullPeerAvailable:account err:error]){
71 CFReleaseNull(userPub);
72 return result;
73 }
74 (void) [account.trust resetAllRings:account err:error];
75
76 [account.trust modifyCircle:account.circle_transport err:error action:^(SOSCircleRef circle) {
77 bool result = false;
78 CFErrorRef localError = NULL;
79 SOSFullPeerInfoRef iCloudfpi = NULL;
80
81 //sleep(10);
82 require_quiet(SOSCircleResetToEmpty(circle, error), err_out);
83 require_quiet([account.trust addiCloudIdentity:circle key:userPriv err:error], err_out);
84 require_quiet(iCloudfpi = SOSCircleCopyiCloudFullPeerInfoRef(circle, error), err_out);
85
86 /* Add the defenders peerInfo to circle */
87 require_quiet(SOSCircleRequestReadmission(circle, userPub, pi, error), err_out);
88 require_quiet(SOSCircleAcceptRequest(circle, userPriv, iCloudfpi, pi, error), err_out);
89
90 [trust setDepartureCode:kSOSNeverLeftCircle];
91 result = true;
92 SOSCircleRef copiedCircle = SOSCircleCopyCircle(kCFAllocatorDefault, circle, error); // I don't think this copy is necessary, but...
93 [trust setTrustedCircle:copiedCircle];
94 CFReleaseNull(copiedCircle);
95 SOSAccountPublishCloudParameters(account, NULL);
96 trust.fullPeerInfo = nil;
97
98 err_out:
99 if (result == false) {
100 secerror("error resetting circle (%@) to offering: %@", circle, localError);
101 }
102 if (localError && error && *error == NULL) {
103 *error = localError;
104 localError = NULL;
105 }
106
107 CFReleaseNull(iCloudfpi);
108 CFReleaseNull(localError);
109 return result;
110 }];
111
112 result = true;
113
114 return result;
115 }
116
117 static bool SOSAccountResetToNastyOffering(SOSAccount* account, SOSPeerInfoRef pi, CFErrorRef* error) {
118 SecKeyRef user_key = SOSAccountGetPrivateCredential(account, error);
119 if (!user_key)
120 return false;
121
122 SOSAccountTrustClassic* trust = account.trust;
123 trust.fullPeerInfo = nil;
124
125 return user_key && SOSAccountResetCircleToNastyOffering(account, user_key, pi, error);
126 }
127
128 static bool performiCloudIdentityAttack(SOSAccount* attacker, SOSAccount* defender, SOSAccount* accomplice, CFMutableDictionaryRef changes) {
129 CFErrorRef error = NULL;
130 bool retval = false; // false means the attack succeeds
131 CFArrayRef applicants = NULL;
132 SOSAccountTrustClassic* defenderTrust = defender.trust;
133
134 /*----- Carole makes bogus circle with fake iCloud identity and Alice's peerInfo but only signed with fake iCloud identity -----*/
135
136 require_action_quiet(SOSAccountResetToNastyOffering(attacker, defenderTrust.peerInfo, &error), testDone, retval = true);
137 CFReleaseNull(error);
138
139 ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
140
141 /*----- Now use our fake iCloud identity to get in to the circle for real -----*/
142 require_action_quiet(SOSAccountJoinCirclesAfterRestore_wTxn(attacker, &error), testDone, retval = true);
143 CFReleaseNull(error);
144 require_action_quiet(countPeers(attacker) == 2, testDone, retval = true);
145
146 /*----- Let's see if carole can get bob into the circle and have alice believe it -----*/
147 require_action_quiet(SOSAccountJoinCircles_wTxn(accomplice, &error), testDone, retval = true);
148 CFReleaseNull(error);
149
150 ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
151
152 applicants = SOSAccountCopyApplicants(attacker, &error);
153 CFReleaseNull(error);
154
155 if(CFArrayGetCount(applicants) > 0) {
156 require_action_quiet(SOSAccountAcceptApplicants(attacker, applicants, &error), testDone, retval = true);
157 }
158
159 ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
160
161 require_action_quiet(countPeers(defender) == 3, testDone, retval = true);
162 require_action_quiet(countPeers(accomplice) == 3, testDone, retval = true);
163 require_action_quiet(countPeers(attacker) == 3, testDone, retval = true);
164
165 testDone:
166 CFReleaseNull(applicants);
167 CFReleaseNull(error);
168 return retval;
169 }
170
171 static void tests(void)
172 {
173 CFErrorRef error = NULL;
174 CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
175 CFStringRef cfaccount = CFSTR("test@test.org");
176
177 CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
178
179 SOSAccount* alice_account = CreateAccountForLocalChanges( CFSTR("Alice"), CFSTR("TestSource"));
180 SOSAccount* bob_account = CreateAccountForLocalChanges(CFSTR("Bob"), CFSTR("TestSource"));
181 SOSAccount* carole_account = CreateAccountForLocalChanges(CFSTR("Carole"), CFSTR("TestSource"));
182
183 ok(SOSAccountAssertUserCredentialsAndUpdate(bob_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
184
185 // Bob wins writing at this point, feed the changes back to alice.
186 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 1, "updates");
187
188 ok(SOSAccountAssertUserCredentialsAndUpdate(alice_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
189 CFReleaseNull(error);
190
191 ok(SOSAccountAssertUserCredentialsAndUpdate(carole_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
192 CFReleaseNull(error);
193 ok(SOSAccountResetToOffering_wTxn(alice_account, &error), "Reset to offering (%@)", error);
194 CFReleaseNull(error);
195
196 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 2, "updates");
197
198 ok(SOSAccountJoinCircles_wTxn(bob_account, &error), "Bob Applies (%@)", error);
199 CFReleaseNull(error);
200 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 2, "updates");
201
202 {
203 CFArrayRef applicants = SOSAccountCopyApplicants(alice_account, &error);
204
205 ok(applicants && CFArrayGetCount(applicants) == 1, "See one applicant %@ (%@)", applicants, error);
206 ok(SOSAccountAcceptApplicants(alice_account, applicants, &error), "Alice accepts (%@)", error);
207 CFReleaseNull(error);
208 CFReleaseNull(applicants);
209 }
210
211 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 3, "updates");
212
213 accounts_agree("bob&alice pair", bob_account, alice_account);
214
215
216 ok(performiCloudIdentityAttack(carole_account, alice_account, bob_account, changes), "Attack is defeated");
217
218 CFReleaseNull(cfpassword);
219 alice_account = nil;
220 bob_account = nil;
221 SOSTestCleanup();
222 }
223 #endif
224
225 int secd_60_account_cloud_exposure(int argc, char *const *argv)
226 {
227 #if SOS_ENABLED
228 plan_tests(41);
229 secd_test_setup_temp_keychain(__FUNCTION__, NULL);
230 tests();
231 #else
232 plan_tests(0);
233 #endif
234 return 0;
235 }