]> git.saurik.com Git - apple/security.git/blob - OSX/sec/securityd/Regressions/secd60-account-cloud-exposure.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-58286.51.6.tar.gz
[apple/security.git] / OSX / sec / securityd / Regressions / secd60-account-cloud-exposure.m
1 /*
2 * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // secd60-account-cloud-exposure.c
26 // sec
27 //
28
29
30
31 #include <Security/SecBase.h>
32 #include <Security/SecItem.h>
33
34 #include <CoreFoundation/CFDictionary.h>
35
36 #include <Security/SecureObjectSync/SOSAccount.h>
37 #include <Security/SecureObjectSync/SOSPeerInfoPriv.h>
38 #include <Security/SecureObjectSync/SOSCloudCircle.h>
39 #include <Security/SecureObjectSync/SOSInternal.h>
40 #include <Security/SecureObjectSync/SOSUserKeygen.h>
41 #include <Security/SecureObjectSync/SOSTransport.h>
42 #include <Security/SecureObjectSync/SOSAccountTrustClassic+Circle.h>
43 #include <Security/SecureObjectSync/SOSAccountTrustClassic+Identity.h>
44
45 #include <stdlib.h>
46 #include <unistd.h>
47
48 #include "secd_regressions.h"
49 #include "SOSTestDataSource.h"
50
51 #include "SOSRegressionUtilities.h"
52 #include <utilities/SecCFWrappers.h>
53 #include <Security/SecKeyPriv.h>
54
55 #include <securityd/SOSCloudCircleServer.h>
56
57 #include "SOSAccountTesting.h"
58
59 #include "SecdTestKeychainUtilities.h"
60
61 static int kTestTestCount = 56;
62
63 static bool SOSAccountResetCircleToNastyOffering(SOSAccount* account, SecKeyRef userPriv, SOSPeerInfoRef pi, CFErrorRef *error) {
64 bool result = false;
65 SecKeyRef userPub = SecKeyCreatePublicFromPrivate(userPriv);
66 SOSAccountTrustClassic *trust = account.trust;
67 if(!SOSAccountHasCircle(account, error)){
68 CFReleaseNull(userPub);
69 return result;
70 }
71 if(![account.trust ensureFullPeerAvailable:(__bridge CFDictionaryRef)(account.gestalt) deviceID:(__bridge CFStringRef)(account.deviceID) backupKey:(__bridge CFDataRef)(account.backup_key) err:error]){
72 CFReleaseNull(userPub);
73 return result;
74 }
75 (void) [account.trust resetAllRings:account err:error];
76
77 [account.trust modifyCircle:account.circle_transport err:error action:^(SOSCircleRef circle) {
78 bool result = false;
79 CFErrorRef localError = NULL;
80 SOSFullPeerInfoRef iCloudfpi = NULL;
81
82 //sleep(10);
83 require_quiet(SOSCircleResetToEmpty(circle, error), err_out);
84 require_quiet([account.trust addiCloudIdentity:circle key:userPriv err:error], err_out);
85 require_quiet(iCloudfpi = SOSCircleCopyiCloudFullPeerInfoRef(circle, error), err_out);
86
87 /* Add the defenders peerInfo to circle */
88 require_quiet(SOSCircleRequestReadmission(circle, userPub, pi, error), err_out);
89 require_quiet(SOSCircleAcceptRequest(circle, userPriv, iCloudfpi, pi, error), err_out);
90
91 [trust setDepartureCode:kSOSNeverLeftCircle];
92 result = true;
93 SOSCircleRef copiedCircle = SOSCircleCopyCircle(kCFAllocatorDefault, circle, error); // I don't think this copy is necessary, but...
94 [trust setTrustedCircle:copiedCircle];
95 CFReleaseNull(copiedCircle);
96 SOSAccountPublishCloudParameters(account, NULL);
97 trust.fullPeerInfo = nil;
98
99 err_out:
100 if (result == false) {
101 secerror("error resetting circle (%@) to offering: %@", circle, localError);
102 }
103 if (localError && error && *error == NULL) {
104 *error = localError;
105 localError = NULL;
106 }
107
108 CFReleaseNull(iCloudfpi);
109 CFReleaseNull(localError);
110 return result;
111 }];
112
113 result = true;
114
115 return result;
116 }
117
118 static bool SOSAccountResetToNastyOffering(SOSAccount* account, SOSPeerInfoRef pi, CFErrorRef* error) {
119 SecKeyRef user_key = SOSAccountGetPrivateCredential(account, error);
120 if (!user_key)
121 return false;
122
123 SOSAccountTrustClassic* trust = account.trust;
124 trust.fullPeerInfo = nil;
125
126 return user_key && SOSAccountResetCircleToNastyOffering(account, user_key, pi, error);
127 }
128
129 static bool performiCloudIdentityAttack(SOSAccount* attacker, SOSAccount* defender, SOSAccount* accomplice, CFMutableDictionaryRef changes) {
130 CFErrorRef error = NULL;
131 bool retval = false; // false means the attack succeeds
132 CFArrayRef applicants = NULL;
133 SOSAccountTrustClassic* defenderTrust = defender.trust;
134
135 /*----- Carole makes bogus circle with fake iCloud identity and Alice's peerInfo but only signed with fake iCloud identity -----*/
136
137 require_action_quiet(SOSAccountResetToNastyOffering(attacker, defenderTrust.peerInfo, &error), testDone, retval = true);
138 CFReleaseNull(error);
139
140 ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
141
142 /*----- Now use our fake iCloud identity to get in to the circle for real -----*/
143 require_action_quiet(SOSAccountJoinCirclesAfterRestore_wTxn(attacker, &error), testDone, retval = true);
144 CFReleaseNull(error);
145 require_action_quiet(countPeers(attacker) == 2, testDone, retval = true);
146
147 /*----- Let's see if carole can get bob into the circle and have alice believe it -----*/
148 require_action_quiet(SOSAccountJoinCircles_wTxn(accomplice, &error), testDone, retval = true);
149 CFReleaseNull(error);
150
151 ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
152
153 applicants = SOSAccountCopyApplicants(attacker, &error);
154 CFReleaseNull(error);
155
156 if(CFArrayGetCount(applicants) > 0) {
157 require_action_quiet(SOSAccountAcceptApplicants(attacker, applicants, &error), testDone, retval = true);
158 }
159
160 ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
161
162 require_action_quiet(countPeers(defender) == 3, testDone, retval = true);
163 require_action_quiet(countPeers(accomplice) == 3, testDone, retval = true);
164 require_action_quiet(countPeers(attacker) == 3, testDone, retval = true);
165
166 testDone:
167 CFReleaseNull(applicants);
168 CFReleaseNull(error);
169 return retval;
170 }
171
172 static void tests(void)
173 {
174 CFErrorRef error = NULL;
175 CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
176 CFStringRef cfaccount = CFSTR("test@test.org");
177
178 CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
179
180 SOSAccount* alice_account = CreateAccountForLocalChanges( CFSTR("Alice"), CFSTR("TestSource"));
181 SOSAccount* bob_account = CreateAccountForLocalChanges(CFSTR("Bob"), CFSTR("TestSource"));
182 SOSAccount* carole_account = CreateAccountForLocalChanges(CFSTR("Carole"), CFSTR("TestSource"));
183
184 ok(SOSAccountAssertUserCredentialsAndUpdate(bob_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
185
186 // Bob wins writing at this point, feed the changes back to alice.
187 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 1, "updates");
188
189 ok(SOSAccountAssertUserCredentialsAndUpdate(alice_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
190 CFReleaseNull(error);
191
192 ok(SOSAccountAssertUserCredentialsAndUpdate(carole_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
193 CFReleaseNull(error);
194 ok(SOSAccountResetToOffering_wTxn(alice_account, &error), "Reset to offering (%@)", error);
195 CFReleaseNull(error);
196
197 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 2, "updates");
198
199 ok(SOSAccountJoinCircles_wTxn(bob_account, &error), "Bob Applies (%@)", error);
200 CFReleaseNull(error);
201 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 2, "updates");
202
203 {
204 CFArrayRef applicants = SOSAccountCopyApplicants(alice_account, &error);
205
206 ok(applicants && CFArrayGetCount(applicants) == 1, "See one applicant %@ (%@)", applicants, error);
207 ok(SOSAccountAcceptApplicants(alice_account, applicants, &error), "Alice accepts (%@)", error);
208 CFReleaseNull(error);
209 CFReleaseNull(applicants);
210 }
211
212 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 3, "updates");
213
214 accounts_agree("bob&alice pair", bob_account, alice_account);
215
216
217 ok(performiCloudIdentityAttack(carole_account, alice_account, bob_account, changes), "Attack is defeated");
218
219 CFReleaseNull(cfpassword);
220 alice_account = nil;
221 bob_account = nil;
222 SOSTestCleanup();
223 }
224
225 int secd_60_account_cloud_exposure(int argc, char *const *argv)
226 {
227 plan_tests(kTestTestCount);
228
229 secd_test_setup_temp_keychain(__FUNCTION__, NULL);
230
231 tests();
232
233 return 0;
234 }
mirror of Security