]> git.saurik.com Git - apple/security.git/blob - tests/secdmockaks/mockaks.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-58286.251.4.tar.gz
[apple/security.git] / tests / secdmockaks / mockaks.m
1 /*
2 * Copyright (c) 2018 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #import "SecKeybagSupport.h"
25
26 #if USE_KEYSTORE
27 #import <libaks.h>
28 #import <libaks_ref_key.h>
29 #import <MobileKeyBag/MobileKeyBag.h>
30 #endif
31
32 #import <CryptoTokenKit/CryptoTokenKit.h>
33 #import <ctkclient.h>
34 #import <coreauthd_spi.h>
35 #import <ACMLib.h>
36 #import <LocalAuthentication/LAPublicDefines.h>
37 #import <LocalAuthentication/LAPrivateDefines.h>
38 #import <LocalAuthentication/LACFSupport.h>
39 #import <SecurityFoundation/SFEncryptionOperation.h>
40 #import "mockaks.h"
41
42 #if USE_KEYSTORE
43
44 @implementation SecMockAKS
45
46 + (bool)isLocked:(keyclass_t)key_class
47 {
48 return false;
49 }
50
51 + (bool)isSEPDown
52 {
53 return false;
54 }
55
56 + (bool)useGenerationCount
57 {
58 return false;
59 }
60
61 @end
62
63 kern_return_t
64 aks_load_bag(const void * data, int length, keybag_handle_t* handle)
65 {
66 *handle = 17;
67 return 0;
68 }
69
70 kern_return_t aks_unlock_bag(keybag_handle_t handle, const void * passcode, int length)
71 {
72 return 0;
73 }
74
75 kern_return_t
76 aks_create_bag(const void * passcode, int length, keybag_type_t type, keybag_handle_t* handle)
77 {
78 *handle = 17;
79 return 0;
80 }
81
82 kern_return_t
83 aks_unload_bag(keybag_handle_t handle)
84 {
85 return -1;
86 }
87
88 kern_return_t
89 aks_save_bag(keybag_handle_t handle, void ** data, int * length)
90 {
91 return 0;
92 }
93
94 kern_return_t
95 aks_get_system(keybag_handle_t special_handle, keybag_handle_t *handle)
96 {
97 *handle = 17;
98 return 0;
99 }
100
101 //static uint8_t staticAKSKey[32] = "1234567890123456789012";
102
103 #define PADDINGSIZE 8
104
105 kern_return_t
106 aks_wrap_key(const void * key, int key_size, keyclass_t key_class, keybag_handle_t handle, void * wrapped_key, int * wrapped_key_size_inout, keyclass_t * class_out)
107 {
108 if ([SecMockAKS isLocked:key_class]) {
109 return kIOReturnNotPermitted;
110 }
111 if ([SecMockAKS isSEPDown]) {
112 return kIOReturnBusy;
113 }
114
115 *class_out = key_class;
116 if ([SecMockAKS useGenerationCount]) {
117 *class_out |= (key_class_last + 1);
118 }
119
120 if (key_size + PADDINGSIZE > *wrapped_key_size_inout) {
121 abort();
122 }
123 *wrapped_key_size_inout = key_size + PADDINGSIZE;
124 memcpy(wrapped_key, key, key_size);
125 memset(((uint8_t *)wrapped_key) + key_size, 0xff, PADDINGSIZE);
126 return 0;
127 }
128
129 kern_return_t
130 aks_unwrap_key(const void * wrapped_key, int wrapped_key_size, keyclass_t key_class, keybag_handle_t handle, void * key, int * key_size_inout)
131 {
132 if ([SecMockAKS isLocked:key_class]) {
133 return kIOReturnNotPermitted;
134 }
135 if ([SecMockAKS isSEPDown]) {
136 return kIOReturnBusy;
137 }
138
139 if (wrapped_key_size < PADDINGSIZE) {
140 abort();
141 }
142 static const char expected_padding[PADDINGSIZE] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
143 if (memcmp(((const uint8_t *)wrapped_key) + (wrapped_key_size - PADDINGSIZE), expected_padding, PADDINGSIZE) != 0) {
144 abort();
145 }
146 if (*key_size_inout < wrapped_key_size - PADDINGSIZE) {
147 abort();
148 }
149 *key_size_inout = wrapped_key_size - PADDINGSIZE;
150 memcpy(key, wrapped_key, *key_size_inout);
151
152 return 0;
153 }
154
155 int
156 aks_ref_key_create(keybag_handle_t handle, keyclass_t cls, aks_key_type_t type, const uint8_t *params, size_t params_len, aks_ref_key_t *ot)
157 {
158 SFAESKeySpecifier* keySpecifier = [[SFAESKeySpecifier alloc] initWithBitSize:SFAESKeyBitSize256];
159 SFAESKey* key = [[SFAESKey alloc] initRandomKeyWithSpecifier:keySpecifier error:nil];
160 *ot = (__bridge_retained aks_ref_key_t)key;
161 return kAKSReturnSuccess;
162 }
163
164 int
165 aks_ref_key_encrypt(aks_ref_key_t handle,
166 const uint8_t *der_params, size_t der_params_len,
167 const void * data, size_t data_len,
168 void ** out_der, size_t * out_der_len)
169 {
170 return -1;
171 }
172
173 int
174 aks_ref_key_decrypt(aks_ref_key_t handle,
175 const uint8_t *der_params, size_t der_params_len,
176 const void * data, size_t data_len,
177 void ** out_der, size_t * out_der_len)
178 {
179 return -1;
180 }
181
182 int
183 aks_ref_key_delete(aks_ref_key_t handle, const uint8_t *der_params, size_t der_params_len)
184 {
185 return -1;
186 }
187
188 int
189 aks_operation_optional_params(const uint8_t * access_groups, size_t access_groups_len, const uint8_t * external_data, size_t external_data_len, const void * acm_handle, int acm_handle_len, void ** out_der, size_t * out_der_len)
190 {
191 return -1;
192 }
193
194 int aks_ref_key_create_with_blob(keybag_handle_t keybag, const uint8_t *ref_key_blob, size_t ref_key_blob_len, aks_ref_key_t* handle)
195 {
196 aks_ref_key_create(keybag, 0, 0, NULL, 0, handle);
197 return 0;
198 }
199
200 const uint8_t * aks_ref_key_get_blob(aks_ref_key_t refkey, size_t *out_blob_len)
201 {
202 *out_blob_len = 2;
203 return (const uint8_t *)"20";
204 }
205 int
206 aks_ref_key_free(aks_ref_key_t* key)
207 {
208 return 0;
209 }
210
211 const uint8_t *
212 aks_ref_key_get_external_data(aks_ref_key_t refkey, size_t *out_external_data_len)
213 {
214 *out_external_data_len = 2;
215 return (const uint8_t *)"21";
216 }
217
218
219 kern_return_t
220 aks_assert_hold(keybag_handle_t handle, uint32_t type, uint64_t timeout)
221 {
222 return 0;
223 }
224
225 kern_return_t
226 aks_assert_drop(keybag_handle_t handle, uint32_t type)
227 {
228 return 0;
229 }
230
231 kern_return_t
232 aks_generation(keybag_handle_t handle,
233 generation_option_t generation_option,
234 uint32_t * current_generation)
235 {
236 *current_generation = 0;
237 return 0;
238 }
239
240 kern_return_t
241 aks_get_bag_uuid(keybag_handle_t handle, uuid_t uuid)
242 {
243 memcpy(uuid, "0123456789abcdf", sizeof(uuid_t));
244 return 0;
245 }
246
247 kern_return_t
248 aks_get_lock_state(keybag_handle_t handle, keybag_state_t *state)
249 {
250 *state = keybag_state_been_unlocked;
251 return 0;
252 }
253
254 CFStringRef kMKBDeviceModeMultiUser = CFSTR("kMKBDeviceModeMultiUser");
255 CFStringRef kMKBDeviceModeSingleUser = CFSTR("kMKBDeviceModeSingleUser");
256 CFStringRef kMKBDeviceModeKey = CFSTR("kMKBDeviceModeKey");
257
258 static CFStringRef staticKeybagHandle = CFSTR("keybagHandle");
259
260 int
261 MKBKeyBagCreateWithData(CFDataRef keybagBlob, MKBKeyBagHandleRef* newHandle)
262 {
263 *newHandle = (MKBKeyBagHandleRef)staticKeybagHandle;
264 return 0;
265 }
266
267 int
268 MKBKeyBagUnlock(MKBKeyBagHandleRef keybag, CFDataRef passcode)
269 {
270 if (keybag == NULL || !CFEqual(keybag, staticKeybagHandle)) {
271 abort();
272 }
273 return 0;
274 }
275
276 int MKBKeyBagGetAKSHandle(MKBKeyBagHandleRef keybag, int32_t *handle)
277 {
278 if (keybag == NULL || !CFEqual(keybag, staticKeybagHandle)) {
279 abort();
280 }
281 *handle = 17;
282 return 0;
283 }
284
285 int MKBGetDeviceLockState(CFDictionaryRef options)
286 {
287 if ([SecMockAKS isLocked:key_class_ak] )
288 return kMobileKeyBagDeviceIsLocked;
289 return kMobileKeyBagDeviceIsUnlocked;
290 }
291
292 CF_RETURNS_RETAINED CFDictionaryRef
293 MKBUserTypeDeviceMode(CFDictionaryRef options, CFErrorRef * error)
294 {
295 return CFBridgingRetain(@{
296 (__bridge NSString *)kMKBDeviceModeKey : (__bridge NSString *)kMKBDeviceModeSingleUser,
297 });
298 }
299
300 int MKBForegroundUserSessionID( CFErrorRef * error)
301 {
302 return 0;
303 }
304
305 #endif /* USE_KEYSTORE */
306
307 const CFTypeRef kAKSKeyAcl = (CFTypeRef)CFSTR("kAKSKeyAcl");
308 const CFTypeRef kAKSKeyAclParamRequirePasscode = (CFTypeRef)CFSTR("kAKSKeyAclParamRequirePasscode");
309
310 const CFTypeRef kAKSKeyOpDefaultAcl = (CFTypeRef)CFSTR("kAKSKeyOpDefaultAcl");
311 const CFTypeRef kAKSKeyOpEncrypt = (CFTypeRef)CFSTR("kAKSKeyOpEncrypt");
312 const CFTypeRef kAKSKeyOpDecrypt = (CFTypeRef)CFSTR("kAKSKeyOpDecrypt");
313 const CFTypeRef kAKSKeyOpSync = (CFTypeRef)CFSTR("kAKSKeyOpSync");
314 const CFTypeRef kAKSKeyOpDelete = (CFTypeRef)CFSTR("kAKSKeyOpDelete");
315 const CFTypeRef kAKSKeyOpCreate = (CFTypeRef)CFSTR("kAKSKeyOpCreate");
316 const CFTypeRef kAKSKeyOpSign = (CFTypeRef)CFSTR("kAKSKeyOpSign");
317 const CFTypeRef kAKSKeyOpSetKeyClass = (CFTypeRef)CFSTR("kAKSKeyOpSetKeyClass");
318 const CFTypeRef kAKSKeyOpWrap = (CFTypeRef)CFSTR("kAKSKeyOpWrap");
319 const CFTypeRef kAKSKeyOpUnwrap = (CFTypeRef)CFSTR("kAKSKeyOpUnwrap");
320 const CFTypeRef kAKSKeyOpComputeKey = (CFTypeRef)CFSTR("kAKSKeyOpComputeKey");
321 const CFTypeRef kAKSKeyOpAttest = (CFTypeRef)CFSTR("kAKSKeyOpAttest");
322 const CFTypeRef kAKSKeyOpTranscrypt = (CFTypeRef)CFSTR("kAKSKeyOpTranscrypt");
323 const CFTypeRef kAKSKeyOpECIESEncrypt = (CFTypeRef)CFSTR("kAKSKeyOpECIESEncrypt");
324 const CFTypeRef kAKSKeyOpECIESDecrypt = (CFTypeRef)CFSTR("kAKSKeyOpECIESDecrypt");
325 const CFTypeRef kAKSKeyOpECIESTranscode = (CFTypeRef)CFSTR("kAKSKeyOpECIESTranscode");
326
327
328 TKTokenRef TKTokenCreate(CFDictionaryRef attributes, CFErrorRef *error)
329 {
330 return NULL;
331 }
332
333 CFTypeRef TKTokenCopyObjectData(TKTokenRef token, CFDataRef objectID, CFErrorRef *error)
334 {
335 return NULL;
336 }
337
338 CFDataRef TKTokenCreateOrUpdateObject(TKTokenRef token, CFDataRef objectID, CFMutableDictionaryRef attributes, CFErrorRef *error)
339 {
340 return NULL;
341 }
342
343 CFDataRef TKTokenCopyObjectAccessControl(TKTokenRef token, CFDataRef objectID, CFErrorRef *error)
344 {
345 return NULL;
346 }
347 bool TKTokenDeleteObject(TKTokenRef token, CFDataRef objectID, CFErrorRef *error)
348 {
349 return false;
350 }
351
352 CFDataRef TKTokenCopyPublicKeyData(TKTokenRef token, CFDataRef objectID, CFErrorRef *error)
353 {
354 return NULL;
355 }
356
357 CFTypeRef TKTokenCopyOperationResult(TKTokenRef token, CFDataRef objectID, CFIndex secKeyOperationType, CFArrayRef algorithm,
358 CFIndex secKeyOperationMode, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error)
359 {
360 return NULL;
361 }
362
363 CF_RETURNS_RETAINED CFDictionaryRef TKTokenControl(TKTokenRef token, CFDictionaryRef attributes, CFErrorRef *error)
364 {
365 return NULL;
366 }
367
368 CFTypeRef LACreateNewContextWithACMContext(CFDataRef acmContext, CFErrorRef *error)
369 {
370 return NULL;
371 }
372
373 CFDataRef LACopyACMContext(CFTypeRef context, CFErrorRef *error)
374 {
375 return NULL;
376 }
377
378 bool LAEvaluateAndUpdateACL(CFTypeRef context, CFDataRef acl, CFTypeRef operation, CFDictionaryRef hints, CFDataRef *updatedACL, CFErrorRef *error)
379 {
380 return false;
381 }
382
383 ACMContextRef
384 ACMContextCreateWithExternalForm(const void *externalForm, size_t dataLength)
385 {
386 return NULL;
387 }
388
389 ACMStatus
390 ACMContextDelete(ACMContextRef context, bool destroyContext)
391 {
392 return 0;
393 }
394
395 ACMStatus
396 ACMContextRemovePassphraseCredentialsByPurposeAndScope(const ACMContextRef context, ACMPassphrasePurpose purpose, ACMScope scope)
397 {
398 return 0;
399 }
400
mirror of Security