keychain/securityd/Regressions/secd-70-engine-corrupt.m

   1 /*
   2  * Copyright (c) 2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 // Test syncing between SecItemDataSource and SOSTestDataSource
  26
  27 #include "keychain/SecureObjectSync/Regressions/SOSTestDevice.h"
  28 #include "keychain/SecureObjectSync/Regressions/SOSTestDataSource.h"
  29 #include "secd_regressions.h"
  30 #include "SecdTestKeychainUtilities.h"
  31
  32 #include "keychain/SecureObjectSync/SOSDigestVector.h"
  33 #include "keychain/SecureObjectSync/SOSEngine.h"
  34 #include "keychain/SecureObjectSync/SOSPeer.h"
  35 #import "keychain/SecureObjectSync/SOSChangeTracker.h"
  36 #include <Security/SecBase64.h>
  37 #include <Security/SecItem.h>
  38 #include <Security/SecItemPriv.h>
  39 #include <corecrypto/ccsha2.h>
  40 #include "keychain/securityd/SecItemServer.h"
  41 #include "keychain/securityd/SecItemDataSource.h"
  42 #include <utilities/SecCFWrappers.h>
  43 #include <utilities/SecIOFormat.h>
  44 #include <utilities/SecFileLocations.h>
  45
  46 #include <AssertMacros.h>
  47 #include <stdint.h>
  48
  49 static int kTestTestCount = 121;
  50
  51 static void nosha1(void) {
  52     __block int iteration = 0;
  53     __block CFErrorRef error = NULL;
  54     SOSTestDeviceListTestSync("nosha1", test_directive, test_reason, 0, true, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest) {
  55         iteration++;
  56         // Add 10 items in first 10 sync messages
  57         if (iteration <= 6) {
  58             CFStringRef account = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("item%d"), iteration);
  59             SOSTestDeviceAddGenericItem(source, account, CFSTR("nosha1"));
  60             CFReleaseSafe(account);
  61             // Corrupt the 4th item added
  62             if (iteration == 4) {
  63                 ok(SecDbPerformWrite(source->db, &error, ^(SecDbConnectionRef dbconn) {
  64                     ok(SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &error, ^(bool *commit) {
  65                         ok(SecDbExec(dbconn, CFSTR("UPDATE genp SET sha1=X'0000000000000000000000000000000000000000' WHERE rowid=5;"), &error),
  66                            "Corrupting rowid 5 by zeroing sha1: %@", error);
  67                         CFReleaseNull(error);
  68                     }), "SecDbTransaction: %@", error);
  69                     CFReleaseNull(error);
  70                 }), "SecDbPerformWrite: %@", error);
  71                 CFReleaseNull(error);
  72                 return true;
  73             }
  74             return true;
  75         }
  76
  77
  78         return false;
  79     }, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest, SOSMessageRef message) {
  80         return false;
  81     }, CFSTR("Bad"), CFSTR("Good"), NULL);
  82 }
  83
  84 static void drop_item(void) {
  85     __block int iteration = 0;
  86     __block CFErrorRef error = NULL;
  87     SOSTestDeviceListTestSync("drop_item", test_directive, test_reason, 0, true, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest) {
  88         iteration++;
  89         // Add 10 items in first 10 sync messages
  90         if (iteration <= 6) {
  91             CFStringRef account = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("item%d"), iteration);
  92             SOSTestDeviceAddGenericItem(source, account, CFSTR("drop_item"));
  93             CFReleaseSafe(account);
  94             // Corrupt the 4th item added
  95             if (iteration == 4) {
  96                 ok(SecDbPerformWrite(source->db, &error, ^(SecDbConnectionRef dbconn) {
  97                     ok(SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &error, ^(bool *commit) {
  98                         ok(SecDbExec(dbconn, CFSTR("DELETE FROM genp WHERE rowid=5;"), &error),
  99                            "Corrupting rowid 5 by deleting object: %@", error);
 100                         CFReleaseNull(error);
 101                     }), "SecDbTransaction: %@", error);
 102                     CFReleaseNull(error);
 103                 }), "SecDbPerformWrite: %@", error);
 104                 CFReleaseNull(error);
 105                 return true;
 106             }
 107             return true;
 108         }
 109
 110
 111         return false;
 112     }, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest, SOSMessageRef message) {
 113         return false;
 114     }, CFSTR("Abegail"), CFSTR("Billy"), NULL);
 115 }
 116
 117 static void drop_manifest(void) {
 118     __block int iteration = 0;
 119     SOSTestDeviceListTestSync("drop_manifest", test_directive, test_reason, 0, true, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest) {
 120         iteration++;
 121         // Add 5 items on Alice and 4 on Bob in first 9 sync messages
 122         if (iteration <= 9) {
 123             CFStringRef account = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("item%d"), iteration / 2);
 124             SOSTestDeviceAddGenericItem(source, account, CFSTR("drop_manifest"));
 125             CFReleaseSafe(account);
 126             // Corrupt the manifest after 4th item added
 127             if (iteration == 4) {
 128                 SOSEngineRef engine = SOSDataSourceGetSharedEngine(source->ds, NULL);
 129                 SOSPeerRef peer = SOSEngineCopyPeerWithID(engine, SOSTestDeviceGetID(dest), NULL);
 130                 SOSManifestRef mf = SOSEngineCopyLocalPeerManifest(engine, peer, NULL);
 131                 CFReleaseNull(peer);
 132                 CFMutableArrayRef changes = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
 133                 SOSManifestForEach(mf, ^(CFDataRef e, bool *stop) {
 134                     SOSChangesAppendDelete(changes, e);
 135                 });
 136                 ok(SOSEngineUpdateChanges(engine, kSOSDataSourceSOSTransaction, changes, NULL), "droped manifest from %@", source);
 137                 CFReleaseNull(changes);
 138                 CFReleaseNull(mf);
 139                 return true;
 140             }
 141             return true;
 142         }
 143
 144         return false;
 145     }, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest, SOSMessageRef message) {
 146         return false;
 147     }, CFSTR("Ann"), CFSTR("Ben"), NULL);
 148 }
 149
 150 static void add_sha1(void) {
 151     TODO: {
 152         //todo("this never stops syncing");
 153         __block int iteration = 0;
 154         __block CFErrorRef error = NULL;
 155         SOSTestDeviceListTestSync("add_sha1", test_directive, test_reason, 0, true, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest) {
 156             iteration++;
 157             // Add 9 items in first 9 sync messages
 158             if (iteration <= 9) {
 159                 CFStringRef account = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("item%d"), iteration);
 160                 SOSTestDeviceAddGenericItem(source, account, CFSTR("add_sha1"));
 161                 CFReleaseSafe(account);
 162                 // Corrupt the manifest after 4th item added
 163                 if (iteration == 4) {
 164                     ok(SecDbPerformWrite(source->db, &error, ^(SecDbConnectionRef dbconn) {
 165                         ok(SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &error, ^(bool *commit) {
 166                             ok(SecDbExec(dbconn, CFSTR("UPDATE genp SET sha1=X'0000000000000000000000000000000000000000' WHERE rowid=5;"), &error),
 167                                "Corrupting rowid 5 by zeroing sha1: %@", error);
 168                             CFReleaseNull(error);
 169                         }), "SecDbTransaction: %@", error);
 170                         CFReleaseNull(error);
 171                     }), "SecDbPerformWrite: %@", error);
 172                     CFReleaseNull(error);
 173
 174                     SOSEngineRef engine = SOSDataSourceGetSharedEngine(source->ds, NULL);
 175                     uint8_t zeroDigest[20] = {};
 176                     CFDataRef zDigest = CFDataCreate(kCFAllocatorDefault, zeroDigest, 20);
 177                     CFMutableArrayRef changes = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
 178                     SOSChangesAppendAdd(changes, zDigest);
 179                     ok(SOSEngineUpdateChanges(engine, kSOSDataSourceSOSTransaction, changes, NULL), "corrupting manifest");
 180                     CFReleaseSafe(zDigest);
 181                     CFReleaseNull(changes);
 182                     return true;
 183                 }
 184                 return true;
 185             }
 186
 187             return false;
 188         }, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest, SOSMessageRef message) {
 189             return false;
 190         }, CFSTR("Andy"), CFSTR("Bill"), NULL);
 191     }
 192 }
 193
 194 static void change_sha1(void) {
 195 TODO: {
 196     //todo("this never stops syncing");
 197     __block int iteration = 0;
 198     __block CFErrorRef error = NULL;
 199     SOSTestDeviceListTestSync("change_sha1", test_directive, test_reason, 0, true, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest) {
 200         iteration++;
 201         // Add 9 items in first 9 sync messages
 202         if (iteration <= 9) {
 203             CFStringRef account = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("item%d"), iteration);
 204             CFStringRef server = CFSTR("change_sha1");
 205             // Corrupt the manifest after 4th item added
 206             if (!SOSDataSourceWithAPI(source->ds, true, &error, ^(SOSTransactionRef txn, bool *commit) {
 207                 SOSObjectRef object = SOSDataSourceCreateGenericItem(source->ds, account, server);
 208                 ok(SOSDataSourceMergeObject(source->ds, txn, object, NULL, &error), "%@ added API object %@", SOSTestDeviceGetID(source), error ? (CFTypeRef)error : (CFTypeRef)CFSTR("ok"));
 209                 if (iteration == 3) {
 210                     sqlite_int64 rowid = SecDbItemGetRowId((SecDbItemRef)object, NULL);
 211                     CFStringRef sql = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("UPDATE genp SET sha1=X'0000000000000000000000000000000000000000' WHERE rowid=%lld;"), rowid);
 212                     ok(SecDbExec((SecDbConnectionRef)txn, sql, &error),
 213                        "Corrupting rowid %lld by zeroing sha1: %@", rowid, error);
 214                     CFReleaseNull(sql);
 215                     SOSEngineRef engine = SOSDataSourceGetSharedEngine(source->ds, NULL);
 216                     CFMutableArrayRef changes = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
 217                     uint8_t zeroDigest[20] = {};
 218                     CFDataRef zDigest = CFDataCreate(kCFAllocatorDefault, zeroDigest, 20);
 219                     SOSChangesAppendAdd(changes, zDigest);
 220                     CFDataRef digest = SOSObjectCopyDigest(source->ds, object, NULL);
 221                     SOSChangesAppendDelete(changes, digest);
 222                     const uint8_t *d = CFDataGetBytePtr(digest);
 223                     ok(SOSEngineUpdateChanges(engine, kSOSDataSourceSOSTransaction, changes, NULL), "corrupting manifest %lld %02X%02x%02x%02x",
 224                        rowid, d[0], d[1], d[2], d[3]);
 225                     CFReleaseSafe(zDigest);
 226                     CFReleaseSafe(digest);
 227                     CFReleaseNull(changes);
 228                 }
 229                 CFReleaseSafe(object);
 230                 CFReleaseNull(error);
 231             }))
 232                 fail("ds transaction %@", error);
 233             CFReleaseNull(error);
 234             CFReleaseNull(account);
 235             return true;
 236         }
 237         return false;
 238     }, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest, SOSMessageRef message) {
 239         if (iteration >= 3)
 240             pass("%@", source);
 241         return false;
 242     }, CFSTR("Alice"), CFSTR("Bob"), NULL);
 243 }
 244 }
 245
 246 int secd_70_engine_corrupt(int argc, char *const *argv)
 247 {
 248     plan_tests(kTestTestCount);
 249
 250     __security_simulatecrash_enable(false);
 251
 252     /* custom keychain dir */
 253     secd_test_setup_temp_keychain(__FUNCTION__, NULL);
 254
 255     nosha1();
 256     drop_item();
 257     drop_manifest();
 258     add_sha1();
 259     change_sha1();
 260
 261     __security_simulatecrash_enable(true);
 262
 263     return 0;
 264 }