KeychainCircle/Tests/FakeSOSControl.m

   1
   2 #import "FakeSOSControl.h"
   3
   4 @implementation FakeNSXPCConnection
   5 - (instancetype) initWithControl:(id<SOSControlProtocol>)control
   6 {
   7     self = [super init];
   8     if (self) {
   9         _control = control;
  10     }
  11     return self;
  12 }
  13 - (id)remoteObjectProxyWithErrorHandler:(void(^)(NSError * _Nonnull error))failureHandler
  14 {
  15     (void)failureHandler;
  16     return _control;
  17 }
  18 @end
  19
  20 @implementation FCPairingFakeSOSControl
  21
  22 - (instancetype)initWithRandomAccountKey:(bool)randomAccountKey circle:(SOSCircleRef)circle
  23 {
  24     if ((self = [super init])) {
  25         SecKeyRef publicKey = NULL;
  26         NSDictionary* parameters = @{
  27                                      (__bridge NSString*)kSecAttrKeyType:(__bridge NSString*) kSecAttrKeyTypeEC,
  28                                      (__bridge NSString*)kSecAttrKeySizeInBits: @(256),
  29                                      (__bridge NSString*)kSecUseDataProtectionKeychain : @YES,
  30                                      (__bridge NSString*)kSecAttrAccessible : (__bridge id)kSecAttrAccessibleAfterFirstUnlock,
  31                                      (__bridge id)kSecPrivateKeyAttrs : @{
  32                                              (__bridge NSString*)kSecAttrLabel : @"delete me test case - private",
  33                                              (__bridge NSString*)kSecAttrIsPermanent : @YES,
  34                                              (__bridge NSString*)kSecAttrAccessible : (__bridge id)kSecAttrAccessibleAfterFirstUnlock,
  35                                              },
  36                                      (__bridge id)kSecPublicKeyAttrs : @{
  37                                              (__bridge NSString*)kSecAttrLabel : @"delete me test case - public",
  38                                              (__bridge NSString*)kSecAttrAccessible : (__bridge id)kSecAttrAccessibleAfterFirstUnlock,
  39                                              }
  40                                      };
  41         if(SecKeyGeneratePair((__bridge CFDictionaryRef)parameters, &publicKey, &_deviceKey) != 0) {
  42             NSLog(@"failed to create device key");
  43             return nil;
  44         }
  45         CFReleaseNull(publicKey);
  46
  47         NSMutableDictionary* octagonParameters = [parameters mutableCopy];
  48         octagonParameters[(__bridge NSString*)kSecAttrKeySizeInBits] = @(384);
  49         if(SecKeyGeneratePair((__bridge CFDictionaryRef)octagonParameters, &publicKey, &_octagonSigningKey) != 0) {
  50             NSLog(@"failed to create octagon signing key");
  51             return nil;
  52         }
  53         CFReleaseNull(publicKey);
  54
  55         if(SecKeyGeneratePair((__bridge CFDictionaryRef)octagonParameters, &publicKey, &_octagonEncryptionKey) != 0) {
  56             NSLog(@"failed to create octagon signing key");
  57             return nil;
  58         }
  59         CFReleaseNull(publicKey);
  60
  61
  62         _circle = (SOSCircleRef)CFRetain(circle);
  63
  64         CFErrorRef error = NULL;
  65
  66         CFDictionaryRef gestalt = (__bridge CFDictionaryRef)@{
  67                                                               @"ComputerName" : @"name",
  68                                                               };
  69
  70         _fullPeerInfo = SOSFullPeerInfoCreate(NULL, gestalt, NULL, _deviceKey, _octagonSigningKey, _octagonEncryptionKey, &error);
  71         CFReleaseNull(error);
  72
  73         if (randomAccountKey) {
  74
  75             NSDictionary* accountParams = @{
  76                                             (__bridge NSString*)kSecAttrKeyType:(__bridge NSString*) kSecAttrKeyTypeEC,
  77                                             (__bridge NSString*)kSecAttrKeySizeInBits: @(256),
  78                                             (__bridge NSString*)kSecUseDataProtectionKeychain : @YES,
  79                                             (__bridge NSString*)kSecAttrAccessible : (__bridge id)kSecAttrAccessibleAfterFirstUnlock,
  80                                             };
  81
  82             if(SecKeyGeneratePair((__bridge CFDictionaryRef)accountParams, &publicKey, &_accountPrivateKey) != 0) {
  83                 NSLog(@"failed to create account signing key");
  84                 return nil;
  85             }
  86             CFReleaseNull(publicKey);
  87
  88             _accountPublicKey = SecKeyCopyPublicKey(_accountPrivateKey);
  89
  90             [self signApplicationIfNeeded];
  91         }
  92     }
  93     return self;
  94 }
  95
  96 - (void)dealloc
  97 {
  98     if (_accountPrivateKey) {
  99         SecItemDelete((__bridge CFTypeRef)@{ (__bridge id)kSecValueRef : (__bridge id)_accountPrivateKey });
 100         CFReleaseNull(_accountPrivateKey);
 101     }
 102     if (_deviceKey) {
 103         SecItemDelete((__bridge CFTypeRef)@{ (__bridge id)kSecValueRef : (__bridge id)_deviceKey });
 104         CFReleaseNull(_deviceKey);
 105     }
 106     if (_octagonSigningKey) {
 107         SecItemDelete((__bridge CFTypeRef)@{ (__bridge id)kSecValueRef : (__bridge id)_octagonSigningKey });
 108         CFReleaseNull(_octagonSigningKey);
 109     }
 110     if (_octagonEncryptionKey) {
 111         SecItemDelete((__bridge CFTypeRef)@{ (__bridge id)kSecValueRef : (__bridge id)_octagonEncryptionKey });
 112         CFReleaseNull(_octagonEncryptionKey);
 113     }
 114     CFReleaseNull(_circle);
 115     CFReleaseNull(_fullPeerInfo);
 116 }
 117
 118 - (SOSPeerInfoRef)peerInfo
 119 {
 120     return SOSFullPeerInfoGetPeerInfo(_fullPeerInfo);
 121 }
 122
 123 - (void)signApplicationIfNeeded
 124 {
 125     CFErrorRef error = NULL;
 126
 127     _application = SOSFullPeerInfoPromoteToApplication(_fullPeerInfo, _accountPrivateKey, &error);
 128     if (!_application)
 129         abort();
 130 }
 131
 132 - (void)initialSyncCredentials:(uint32_t)flags complete:(void (^)(NSArray *, NSError *))complete
 133 {
 134     complete(@[], NULL);
 135 }
 136
 137 - (void)importInitialSyncCredentials:(NSArray *)items complete:(void (^)(bool success, NSError *))complete
 138 {
 139     complete(true, NULL);
 140 }
 141
 142 - (void)triggerSync:(NSArray<NSString *> *)peers complete:(void(^)(bool success, NSError *))complete
 143 {
 144     complete(true, NULL);
 145 }
 146
 147 //MARK - FCPairingFakeSOSControl SOSControlProtocol
 148
 149 - (void)userPublicKey:(void ((^))(BOOL trusted, NSData *spki, NSError *error))complete
 150 {
 151     complete(false, NULL, NULL);
 152 }
 153
 154 - (void)performanceCounters:(void(^)(NSDictionary <NSString *, NSNumber *> *))complete
 155 {
 156     complete(@{});
 157 }
 158 - (void)kvsPerformanceCounters:(void(^)(NSDictionary <NSString *, NSNumber *> *))complete
 159 {
 160     complete(@{});
 161 }
 162
 163 - (void)rateLimitingPerformanceCounters:(void(^)(NSDictionary <NSString *, NSString *> *))complete
 164 {
 165     complete(@{});
 166 }
 167 - (void)stashedCredentialPublicKey:(void(^)(NSData *, NSError *error))complete
 168 {
 169     NSData *publicKey = NULL;
 170     NSError *error = NULL;
 171     if (self.accountPrivateKey) {
 172         publicKey = CFBridgingRelease(SecKeyCopySubjectPublicKeyInfo(self.accountPrivateKey));
 173     } else {
 174         error = [NSError errorWithDomain:@"FCPairingFakeSOSControl" code:2 userInfo:NULL];
 175     }
 176     complete(publicKey, error);
 177 }
 178
 179 - (void)assertStashedAccountCredential:(void(^)(BOOL result, NSError *error))complete
 180 {
 181     complete(self.accountPrivateKey != NULL, NULL);
 182 }
 183
 184 - (void)validatedStashedAccountCredential:(void(^)(NSData *credential, NSError *error))complete
 185 {
 186     NSData *key = NULL;
 187     CFErrorRef error = NULL;
 188     if (self.accountPrivateKey) {
 189         key = CFBridgingRelease(SecKeyCopyExternalRepresentation(self.accountPrivateKey, &error));
 190     } else {
 191         error = (CFErrorRef)CFBridgingRetain([NSError errorWithDomain:@"FCPairingFakeSOSControl" code:1 userInfo:NULL]);
 192     }
 193     complete(key, (__bridge NSError *)error);
 194     CFReleaseNull(error);
 195 }
 196
 197 - (void)stashAccountCredential:(NSData *)credential complete:(void(^)(bool success, NSError *error))complete
 198 {
 199     SecKeyRef accountPrivateKey = NULL;
 200     CFErrorRef error = NULL;
 201     NSDictionary *attributes = @{
 202                                  (__bridge id)kSecAttrKeyClass : (__bridge id)kSecAttrKeyClassPrivate,
 203                                  (__bridge id)kSecAttrKeyType : (__bridge id)kSecAttrKeyTypeEC,
 204                                  };
 205
 206     accountPrivateKey = SecKeyCreateWithData((__bridge CFDataRef)credential, (__bridge CFDictionaryRef)attributes, &error);
 207     if (accountPrivateKey == NULL) {
 208         complete(false, (__bridge NSError *)error);
 209         CFReleaseNull(error);
 210         return;
 211     }
 212
 213     _accountPrivateKey = accountPrivateKey;
 214     _accountPublicKey = SecKeyCopyPublicKey(_accountPrivateKey);
 215
 216     [self signApplicationIfNeeded];
 217
 218     complete(true, NULL);
 219 }
 220
 221 - (void)myPeerInfo:(void(^)(NSData *application, NSError *error))complete
 222 {
 223     CFErrorRef error = NULL;
 224
 225     [self signApplicationIfNeeded];
 226
 227     NSData *application = CFBridgingRelease(SOSPeerInfoCopyEncodedData([self peerInfo], NULL, &error));
 228     complete(application, (__bridge NSError *)error);
 229
 230     CFReleaseNull(error);
 231 }
 232
 233 - (void)circleHash:(void (^)(NSString *, NSError *))complete
 234 {
 235     NSString *data = CFBridgingRelease(SOSCircleCopyHashString(_circle));
 236     complete(data, NULL);
 237 }
 238
 239 - (void)circleJoiningBlob:(NSData *)applicantData complete:(void (^)(NSData *blob, NSError *))complete
 240 {
 241     CFErrorRef error = NULL;
 242     CFDataRef signature = NULL;
 243     SOSCircleRef prunedCircle = SOSCircleCopyCircle(NULL, _circle, &error);
 244     (void)SOSCirclePreGenerationSign(prunedCircle, _accountPublicKey, &error);
 245
 246     SOSGenCountRef gencount = SOSGenerationIncrementAndCreate(SOSCircleGetGeneration(prunedCircle));
 247     if (gencount == NULL)
 248         abort();
 249
 250
 251     SOSPeerInfoRef applicant = SOSPeerInfoCreateFromData(NULL, &error, (__bridge CFDataRef)applicantData);
 252     if (applicant == NULL)
 253         abort();
 254
 255     signature = SOSCircleCopyNextGenSignatureWithPeerAdded(prunedCircle, applicant, _deviceKey, &error);
 256     if(applicant) {
 257         CFRelease(applicant);
 258         applicant = NULL;
 259     }
 260
 261     NSData *pbblob = CFBridgingRelease(SOSPiggyBackBlobCopyEncodedData(gencount, _deviceKey, signature, &error));
 262
 263     CFReleaseNull(signature);
 264     CFReleaseNull(gencount);
 265     CFReleaseNull(prunedCircle);
 266
 267     complete(pbblob, NULL);
 268 }
 269
 270 - (void)joinCircleWithBlob:(NSData *)blob version:(PiggyBackProtocolVersion)version complete:(void (^)(bool success, NSError *))complete
 271 {
 272     SOSGenCountRef gencount = NULL;
 273     SecKeyRef pubKey = NULL;
 274     CFDataRef signature = NULL;
 275     CFErrorRef error = NULL;
 276     bool setInitialSyncTimeoutToV0 = false;
 277
 278     if (!SOSPiggyBackBlobCreateFromData(&gencount, &pubKey, &signature, (__bridge CFDataRef)blob, kPiggyV1, &setInitialSyncTimeoutToV0, &error)) {
 279         complete(true, (__bridge NSError *)error);
 280         CFReleaseNull(error);
 281         return;
 282     }
 283
 284     (void)SOSCircleAcceptPeerFromHSA2(_circle,
 285                                       _accountPrivateKey,
 286                                       gencount,
 287                                       pubKey,
 288                                       signature,
 289                                       _fullPeerInfo,
 290                                       &error);
 291
 292     CFReleaseNull(gencount);
 293     CFReleaseNull(pubKey);
 294     CFReleaseNull(signature);
 295
 296     complete(true, (__bridge NSError *)error);
 297
 298     CFReleaseNull(error);
 299
 300 }
 301
 302 - (void)getWatchdogParameters:(void (^)(NSDictionary*, NSError*))complete
 303 {
 304     // intentionally left blank
 305     // these are used by the security/2 tool and are only declared here to make the compiler happy about conforming the protocol we shoved the methods into
 306 }
 307
 308
 309 - (void)setWatchdogParmeters:(NSDictionary*)parameters complete:(void (^)(NSError*))complete
 310 {
 311     // intentionally left blank
 312     // these are used by the security/2 tool and are only declared here to make the compiler happy about conforming the protocol we shoved the methods into
 313 }
 314
 315 - (void)ghostBust:(SOSAccountGhostBustingOptions)options complete:(void (^)(bool, NSError *))complete {
 316     complete(false, nil);
 317 }
 318
 319 - (void)ghostBustPeriodic:(SOSAccountGhostBustingOptions)options complete: (void(^)(bool busted, NSError *error))complete{
 320     complete(false, nil);
 321 }
 322
 323 - (void)ghostBustTriggerTimed:(SOSAccountGhostBustingOptions)options complete: (void(^)(bool ghostBusted, NSError *error))complete {
 324     complete(false, nil);
 325 }
 326
 327 - (void) ghostBustInfo: (void(^)(NSData *json, NSError *error))complete {
 328     complete(nil, nil);
 329 }
 330
 331 @end