OSX/sec/securityd/Regressions/secd-37-pairing-initial-sync.m

   1 /*
   2  * Copyright (c) 2017 Apple Inc. All rights reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 #include <Foundation/Foundation.h>
  26 #include <Security/SecBase.h>
  27 #include <Security/SecItem.h>
  28 #include <Security/SecItemPriv.h>
  29 #include <Security/SecInternal.h>
  30 #include <utilities/SecFileLocations.h>
  31 #include <utilities/SecCFWrappers.h>
  32 #include <Security/SecItemBackup.h>
  33
  34 #include <stdlib.h>
  35 #include <fcntl.h>
  36 #include <unistd.h>
  37 #include <sys/stat.h>
  38
  39 #include "secd_regressions.h"
  40
  41 #include <securityd/SecItemServer.h>
  42
  43 #include "SecdTestKeychainUtilities.h"
  44
  45 void SecAccessGroupsSetCurrent(CFArrayRef accessGroups);
  46 CFArrayRef SecAccessGroupsGetCurrent(void);
  47
  48
  49 static void AddItem(NSDictionary *attr)
  50 {
  51     NSMutableDictionary *mattr = [attr mutableCopy];
  52     mattr[(__bridge id)kSecValueData] = [NSData dataWithBytes:"foo" length:3];
  53     mattr[(__bridge id)kSecAttrAccessible] = (__bridge id)kSecAttrAccessibleAfterFirstUnlock;
  54     ok_status(SecItemAdd((__bridge CFDictionaryRef)mattr, NULL));
  55 }
  56
  57 int secd_37_pairing_initial_sync(int argc, char *const *argv)
  58 {
  59     CFErrorRef error = NULL;
  60     CFTypeRef stuff = NULL;
  61     OSStatus res = 0;
  62
  63     plan_tests(16);
  64
  65     /* custom keychain dir */
  66     secd_test_setup_temp_keychain("secd_37_pairing_initial_sync", NULL);
  67
  68     CFArrayRef currentACL = CFRetainSafe(SecAccessGroupsGetCurrent());
  69
  70     NSMutableArray *newACL = [NSMutableArray arrayWithArray:(__bridge NSArray *)currentACL];
  71     [newACL addObjectsFromArray:@[
  72         @"com.apple.ProtectedCloudStorage",
  73     ]];
  74
  75     SecAccessGroupsSetCurrent((__bridge CFArrayRef)newACL);
  76
  77
  78     NSDictionary *pcsinetattrs = @{
  79         (__bridge id)kSecClass : (__bridge id)kSecClassInternetPassword,
  80         (__bridge id)kSecAttrAccessGroup : @"com.apple.ProtectedCloudStorage",
  81         (__bridge id)kSecAttrAccount : @"1",
  82         (__bridge id)kSecAttrServer : @"current",
  83         (__bridge id)kSecAttrType : @(0x10001),
  84         (__bridge id)kSecAttrSynchronizable : @YES,
  85         (__bridge id)kSecAttrSyncViewHint :  (__bridge id)kSecAttrViewHintPCSMasterKey,
  86     };
  87     NSDictionary *pcsinetattrsNotCurrent = @{
  88         (__bridge id)kSecClass : (__bridge id)kSecClassInternetPassword,
  89         (__bridge id)kSecAttrAccessGroup : @"com.apple.ProtectedCloudStorage",
  90         (__bridge id)kSecAttrAccount : @"1",
  91         (__bridge id)kSecAttrServer : @"noncurrent",
  92         (__bridge id)kSecAttrType : @(0x00001),
  93         (__bridge id)kSecAttrSynchronizable : @YES,
  94         (__bridge id)kSecAttrSyncViewHint :  (__bridge id)kSecAttrViewHintPCSMasterKey,
  95     };
  96     NSDictionary *pcsgenpattrs = @{
  97        (__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword,
  98        (__bridge id)kSecAttrAccessGroup : @"com.apple.ProtectedCloudStorage",
  99        (__bridge id)kSecAttrAccount : @"2",
 100        (__bridge id)kSecAttrSynchronizable : @YES,
 101        (__bridge id)kSecAttrSyncViewHint :  (__bridge id)kSecAttrViewHintPCSMasterKey,
 102     };
 103     NSDictionary *ckksattrs = @{
 104         (__bridge id)kSecClass : (__bridge id)kSecClassInternetPassword,
 105         (__bridge id)kSecAttrAccessGroup : @"com.apple.security.ckks",
 106         (__bridge id)kSecAttrAccount : @"2",
 107         (__bridge id)kSecAttrSynchronizable : @YES,
 108         (__bridge id)kSecAttrSyncViewHint :  (__bridge id)kSecAttrViewHintPCSMasterKey,
 109     };
 110     AddItem(pcsinetattrs);
 111     AddItem(pcsinetattrsNotCurrent);
 112     AddItem(pcsgenpattrs);
 113     AddItem(ckksattrs);
 114
 115     CFArrayRef items = _SecServerCopyInitialSyncCredentials(SecServerInitialSyncCredentialFlagTLK | SecServerInitialSyncCredentialFlagPCS, &error);
 116     ok(items, "_SecServerCopyInitialSyncCredentials: %@", error);
 117     CFReleaseNull(error);
 118
 119     ok_status((res = SecItemCopyMatching((__bridge CFDictionaryRef)pcsinetattrs, &stuff)),
 120               "SecItemCopyMatching: %d", (int)res);
 121     CFReleaseNull(stuff);
 122     ok_status((res = SecItemCopyMatching((__bridge CFDictionaryRef)pcsinetattrsNotCurrent, &stuff)),
 123               "SecItemCopyMatching: %d", (int)res);
 124     CFReleaseNull(stuff);
 125     ok_status((res = SecItemCopyMatching((__bridge CFDictionaryRef)pcsgenpattrs, &stuff)),
 126               "SecItemCopyMatching: %d", (int)res);
 127     CFReleaseNull(stuff);
 128     ok_status((res = SecItemCopyMatching((__bridge CFDictionaryRef)ckksattrs, &stuff)),
 129               "SecItemCopyMatching: %d", (int)res);
 130     CFReleaseNull(stuff);
 131
 132
 133     ok(_SecItemDeleteAll(&error), "SecItemServerDeleteAll: %@", error);
 134     CFReleaseNull(error);
 135
 136     ok(_SecServerImportInitialSyncCredentials(items, &error), "_SecServerImportInitialSyncCredentials: %@", error);
 137     CFReleaseNull(error);
 138     CFReleaseNull(items);
 139
 140     ok_status((res = SecItemCopyMatching((__bridge CFDictionaryRef)pcsinetattrs, &stuff)),
 141               "SecItemCopyMatching: %d", (int)res);
 142     CFReleaseNull(stuff);
 143     is_status((res = SecItemCopyMatching((__bridge CFDictionaryRef)pcsinetattrsNotCurrent, &stuff)), errSecItemNotFound,
 144               "SecItemCopyMatching: %d", (int)res);
 145     CFReleaseNull(stuff);
 146     ok_status((res = SecItemCopyMatching((__bridge CFDictionaryRef)pcsgenpattrs, &stuff)),
 147               "SecItemCopyMatching: %d", (int)res);
 148     CFReleaseNull(stuff);
 149     ok_status((res = SecItemCopyMatching((__bridge CFDictionaryRef)ckksattrs, &stuff)),
 150               "SecItemCopyMatching: %d", (int)res);
 151     CFReleaseNull(stuff);
 152
 153     SecAccessGroupsSetCurrent(currentACL);
 154     CFReleaseNull(currentACL);
 155
 156
 157     return 0;
 158 }