tests/secdmockaks/mockaks.m

   1 /*
   2  * Copyright (c) 2018 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #import <libaks.h>
  25 #import <libaks_ref_key.h>
  26 #import <MobileKeyBag/MobileKeyBag.h>
  27 #import <CryptoTokenKit/CryptoTokenKit.h>
  28 #import <ctkclient.h>
  29 #import <coreauthd_spi.h>
  30 #import <ACMLib.h>
  31 #import <LocalAuthentication/LAPublicDefines.h>
  32 #import <LocalAuthentication/LAPrivateDefines.h>
  33 #import <LocalAuthentication/LACFSupport.h>
  34 #import <SecurityFoundation/SFEncryptionOperation.h>
  35 #import "mockaks.h"
  36
  37 @implementation SecMockAKS
  38
  39 + (bool)isLocked:(keyclass_t)key_class
  40 {
  41     return false;
  42 }
  43
  44 + (bool)isSEPDown
  45 {
  46     return false;
  47 }
  48
  49 + (bool)useGenerationCount
  50 {
  51     return false;
  52 }
  53
  54 @end
  55
  56 kern_return_t
  57 aks_load_bag(const void * data, int length, keybag_handle_t* handle)
  58 {
  59     *handle = 17;
  60     return 0;
  61 }
  62
  63 kern_return_t aks_unlock_bag(keybag_handle_t handle, const void * passcode, int length)
  64 {
  65     return 0;
  66 }
  67
  68 kern_return_t
  69 aks_create_bag(const void * passcode, int length, keybag_type_t type, keybag_handle_t* handle)
  70 {
  71     *handle = 17;
  72     return 0;
  73 }
  74
  75 kern_return_t
  76 aks_unload_bag(keybag_handle_t handle)
  77 {
  78     return -1;
  79 }
  80
  81 kern_return_t
  82 aks_save_bag(keybag_handle_t handle, void ** data, int * length)
  83 {
  84     return 0;
  85 }
  86
  87 kern_return_t
  88 aks_get_system(keybag_handle_t special_handle, keybag_handle_t *handle)
  89 {
  90     *handle = 17;
  91     return 0;
  92 }
  93
  94 //static uint8_t staticAKSKey[32] = "1234567890123456789012";
  95
  96 #define PADDINGSIZE 8
  97
  98 kern_return_t
  99 aks_wrap_key(const void * key, int key_size, keyclass_t key_class, keybag_handle_t handle, void * wrapped_key, int * wrapped_key_size_inout, keyclass_t * class_out)
 100 {
 101     if ([SecMockAKS isLocked:key_class]) {
 102         return kIOReturnNotPermitted;
 103     }
 104     if ([SecMockAKS isSEPDown]) {
 105         return kIOReturnBusy;
 106     }
 107
 108     *class_out = key_class;
 109     if ([SecMockAKS useGenerationCount]) {
 110         *class_out |= (key_class_last + 1);
 111     }
 112
 113     if (key_size + PADDINGSIZE > *wrapped_key_size_inout) {
 114         abort();
 115     }
 116     *wrapped_key_size_inout = key_size + PADDINGSIZE;
 117     memcpy(wrapped_key, key, key_size);
 118     memset(((uint8_t *)wrapped_key) + key_size, 0xff, PADDINGSIZE);
 119     return 0;
 120 }
 121
 122 kern_return_t
 123 aks_unwrap_key(const void * wrapped_key, int wrapped_key_size, keyclass_t key_class, keybag_handle_t handle, void * key, int * key_size_inout)
 124 {
 125     if ([SecMockAKS isLocked:key_class]) {
 126         return kIOReturnNotPermitted;
 127     }
 128     if ([SecMockAKS isSEPDown]) {
 129         return kIOReturnBusy;
 130     }
 131
 132     if (wrapped_key_size < 8) {
 133         abort();
 134     }
 135     static const char expected_padding[PADDINGSIZE] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
 136     if (memcmp(((const uint8_t *)wrapped_key) + (wrapped_key_size - PADDINGSIZE), expected_padding, PADDINGSIZE) != 0) {
 137         abort();
 138     }
 139     if (*key_size_inout < wrapped_key_size - PADDINGSIZE) {
 140         abort();
 141     }
 142     *key_size_inout = wrapped_key_size - PADDINGSIZE;
 143     memcpy(key, wrapped_key, *key_size_inout);
 144
 145     return 0;
 146 }
 147
 148 int
 149 aks_ref_key_create(keybag_handle_t handle, keyclass_t cls, aks_key_type_t type, const uint8_t *params, size_t params_len, aks_ref_key_t *ot)
 150 {
 151     return -1;
 152 }
 153
 154 int
 155 aks_ref_key_encrypt(aks_ref_key_t handle,
 156                     const uint8_t *der_params, size_t der_params_len,
 157                     const void * data, size_t data_len,
 158                     void ** out_der, size_t * out_der_len)
 159 {
 160     return -1;
 161 }
 162
 163 int
 164 aks_ref_key_decrypt(aks_ref_key_t handle,
 165                         const uint8_t *der_params, size_t der_params_len,
 166                         const void * data, size_t data_len,
 167                         void ** out_der, size_t * out_der_len)
 168 {
 169     return -1;
 170 }
 171
 172 int
 173 aks_ref_key_delete(aks_ref_key_t handle, const uint8_t *der_params, size_t der_params_len)
 174 {
 175     return -1;
 176 }
 177
 178 int
 179 aks_operation_optional_params(const uint8_t * access_groups, size_t access_groups_len, const uint8_t * external_data, size_t external_data_len, const void * acm_handle, int acm_handle_len, void ** out_der, size_t * out_der_len)
 180 {
 181     return -1;
 182 }
 183
 184 int aks_ref_key_create_with_blob(keybag_handle_t refkey, const uint8_t *ref_key_blob, size_t ref_key_blob_len, aks_ref_key_t* handle)
 185 {
 186     *handle = NULL;
 187     return 0;
 188 }
 189
 190 const uint8_t * aks_ref_key_get_blob(aks_ref_key_t refkey, size_t *out_blob_len)
 191 {
 192     *out_blob_len = 2;
 193     return (const uint8_t *)"20";
 194 }
 195 int
 196 aks_ref_key_free(aks_ref_key_t* key)
 197 {
 198     return 0;
 199 }
 200
 201 const uint8_t *
 202 aks_ref_key_get_external_data(aks_ref_key_t refkey, size_t *out_external_data_len)
 203 {
 204     *out_external_data_len = 2;
 205     return (const uint8_t *)"21";
 206 }
 207
 208
 209 kern_return_t
 210 aks_assert_hold(keybag_handle_t handle, uint32_t type, uint64_t timeout)
 211 {
 212     return 0;
 213 }
 214
 215 kern_return_t
 216 aks_assert_drop(keybag_handle_t handle, uint32_t type)
 217 {
 218     return 0;
 219 }
 220
 221 kern_return_t
 222 aks_generation(keybag_handle_t handle,
 223                generation_option_t generation_option,
 224                uint32_t * current_generation)
 225 {
 226     *current_generation = 0;
 227     return 0;
 228 }
 229
 230 kern_return_t
 231 aks_get_bag_uuid(keybag_handle_t handle, uuid_t uuid)
 232 {
 233     memcpy(uuid, "0123456789abcdf", sizeof(uuid_t));
 234     return 0;
 235 }
 236
 237 kern_return_t
 238 aks_get_lock_state(keybag_handle_t handle, keybag_state_t *state)
 239 {
 240     *state = keybag_state_been_unlocked;
 241     return 0;
 242 }
 243
 244 static CFStringRef staticKeybagHandle = CFSTR("keybagHandle");
 245
 246 int
 247 MKBKeyBagCreateWithData(CFDataRef keybagBlob, MKBKeyBagHandleRef* newHandle)
 248 {
 249     *newHandle = (MKBKeyBagHandleRef)staticKeybagHandle;
 250     return 0;
 251 }
 252
 253 int
 254 MKBKeyBagUnlock(MKBKeyBagHandleRef keybag, CFDataRef passcode)
 255 {
 256     if (keybag == NULL || !CFEqual(keybag, staticKeybagHandle)) {
 257         abort();
 258     }
 259     return 0;
 260 }
 261
 262 int MKBKeyBagGetAKSHandle(MKBKeyBagHandleRef keybag, int32_t *handle)
 263 {
 264     if (keybag == NULL || !CFEqual(keybag, staticKeybagHandle)) {
 265         abort();
 266     }
 267     *handle = 17;
 268     return 0;
 269 }
 270
 271
 272
 273 const CFTypeRef kAKSKeyAcl = (CFTypeRef)CFSTR("kAKSKeyAcl");
 274 const CFTypeRef kAKSKeyAclParamRequirePasscode = (CFTypeRef)CFSTR("kAKSKeyAclParamRequirePasscode");
 275
 276 const CFTypeRef kAKSKeyOpDefaultAcl = (CFTypeRef)CFSTR("kAKSKeyOpDefaultAcl");
 277 const CFTypeRef kAKSKeyOpEncrypt = (CFTypeRef)CFSTR("kAKSKeyOpEncrypt");
 278 const CFTypeRef kAKSKeyOpDecrypt = (CFTypeRef)CFSTR("kAKSKeyOpDecrypt");
 279 const CFTypeRef kAKSKeyOpSync = (CFTypeRef)CFSTR("kAKSKeyOpSync");
 280 const CFTypeRef kAKSKeyOpDelete = (CFTypeRef)CFSTR("kAKSKeyOpDelete");
 281 const CFTypeRef kAKSKeyOpCreate = (CFTypeRef)CFSTR("kAKSKeyOpCreate");
 282 const CFTypeRef kAKSKeyOpSign = (CFTypeRef)CFSTR("kAKSKeyOpSign");
 283 const CFTypeRef kAKSKeyOpSetKeyClass = (CFTypeRef)CFSTR("kAKSKeyOpSetKeyClass");
 284 const CFTypeRef kAKSKeyOpWrap = (CFTypeRef)CFSTR("kAKSKeyOpWrap");
 285 const CFTypeRef kAKSKeyOpUnwrap = (CFTypeRef)CFSTR("kAKSKeyOpUnwrap");
 286 const CFTypeRef kAKSKeyOpComputeKey = (CFTypeRef)CFSTR("kAKSKeyOpComputeKey");
 287 const CFTypeRef kAKSKeyOpAttest = (CFTypeRef)CFSTR("kAKSKeyOpAttest");
 288 const CFTypeRef kAKSKeyOpTranscrypt = (CFTypeRef)CFSTR("kAKSKeyOpTranscrypt");
 289
 290
 291 TKTokenRef TKTokenCreate(CFDictionaryRef attributes, CFErrorRef *error)
 292 {
 293     return NULL;
 294 }
 295
 296 CFTypeRef TKTokenCopyObjectData(TKTokenRef token, CFDataRef objectID, CFErrorRef *error)
 297 {
 298     return NULL;
 299 }
 300
 301 CFDataRef TKTokenCopyObjectCreationAccessControl(TKTokenRef token, CFDictionaryRef objectAttributes, CFErrorRef *error)
 302 {
 303     return NULL;
 304 }
 305
 306 CFDataRef TKTokenCreateOrUpdateObject(TKTokenRef token, CFDataRef objectID, CFMutableDictionaryRef attributes, CFErrorRef *error)
 307 {
 308     return NULL;
 309 }
 310
 311 CFDataRef TKTokenCopyObjectAccessControl(TKTokenRef token, CFDataRef objectID, CFErrorRef *error)
 312 {
 313     return NULL;
 314 }
 315 bool TKTokenDeleteObject(TKTokenRef token, CFDataRef objectID, CFErrorRef *error)
 316 {
 317     return false;
 318 }
 319
 320 CFDataRef TKTokenCopyPublicKeyData(TKTokenRef token, CFDataRef objectID, CFErrorRef *error)
 321 {
 322     return NULL;
 323 }
 324
 325 CFTypeRef TKTokenCopyOperationResult(TKTokenRef token, CFDataRef objectID, CFIndex secKeyOperationType, CFArrayRef algorithm,
 326                                      CFIndex secKeyOperationMode, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error)
 327 {
 328     return NULL;
 329 }
 330
 331 CF_RETURNS_RETAINED CFDictionaryRef TKTokenControl(TKTokenRef token, CFDictionaryRef attributes, CFErrorRef *error)
 332 {
 333     return NULL;
 334 }
 335
 336 CFTypeRef LACreateNewContextWithACMContext(CFDataRef acmContext, CFErrorRef *error)
 337 {
 338     return NULL;
 339 }
 340
 341 CFDataRef LACopyACMContext(CFTypeRef context, CFErrorRef *error)
 342 {
 343     return NULL;
 344 }
 345
 346 bool LAEvaluateAndUpdateACL(CFTypeRef context, CFDataRef acl, CFTypeRef operation, CFDictionaryRef hints, CFDataRef *updatedACL, CFErrorRef *error)
 347 {
 348     return false;
 349 }
 350
 351 ACMContextRef
 352 ACMContextCreateWithExternalForm(const void *externalForm, size_t dataLength)
 353 {
 354     return NULL;
 355 }
 356
 357 ACMStatus
 358 ACMContextDelete(ACMContextRef context, bool destroyContext)
 359 {
 360     return 0;
 361 }
 362
 363 ACMStatus
 364 ACMContextRemovePassphraseCredentialsByPurposeAndScope(const ACMContextRef context, ACMPassphrasePurpose purpose, ACMScope scope)
 365 {
 366     return 0;
 367 }
 368