OSX/sec/securityd/Regressions/secd60-account-cloud-exposure.c

   1 /*
   2  * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 //  secd60-account-cloud-exposure.c
  26 //  sec
  27 //
  28
  29
  30
  31 #include <Security/SecBase.h>
  32 #include <Security/SecItem.h>
  33
  34 #include <CoreFoundation/CFDictionary.h>
  35
  36 #include <Security/SecureObjectSync/SOSAccount.h>
  37 #include <Security/SecureObjectSync/SOSPeerInfoPriv.h>
  38 #include <Security/SecureObjectSync/SOSCloudCircle.h>
  39 #include <Security/SecureObjectSync/SOSInternal.h>
  40 #include <Security/SecureObjectSync/SOSUserKeygen.h>
  41 #include <Security/SecureObjectSync/SOSTransport.h>
  42
  43 #include <stdlib.h>
  44 #include <unistd.h>
  45
  46 #include "secd_regressions.h"
  47 #include "SOSTestDataSource.h"
  48
  49 #include "SOSRegressionUtilities.h"
  50 #include <utilities/SecCFWrappers.h>
  51 #include <Security/SecKeyPriv.h>
  52
  53 #include <securityd/SOSCloudCircleServer.h>
  54
  55 #include "SOSAccountTesting.h"
  56
  57 #include "SecdTestKeychainUtilities.h"
  58
  59 static int kTestTestCount = 58;
  60
  61 static bool SOSAccountResetCircleToNastyOffering(SOSAccountRef account, SecKeyRef userPriv, SOSPeerInfoRef pi, CFErrorRef *error) {
  62     bool result = false;
  63     SecKeyRef userPub = SecKeyCreatePublicFromPrivate(userPriv);
  64
  65     require(SOSAccountHasCircle(account, error), fail);
  66     require(SOSAccountEnsureFullPeerAvailable(account, error), fail);
  67
  68     // Save for reclaming
  69     //mygestalt = CFDictionaryCreateCopy(kCFAllocatorDefault, SOSPeerGetGestalt(SOSFullPeerInfoGetPeerInfo(account->my_identity)));
  70
  71     (void) SOSAccountResetAllRings(account, error);
  72
  73     SOSAccountModifyCircle(account, error, ^(SOSCircleRef circle) {
  74         bool result = false;
  75         CFErrorRef localError = NULL;
  76         SOSFullPeerInfoRef iCloudfpi = NULL;
  77
  78         //sleep(10);
  79         require_quiet(SOSCircleResetToEmpty(circle, error), err_out);
  80         require_quiet(SOSAccountAddiCloudIdentity(account, circle, userPriv, error), err_out);
  81         require_quiet(iCloudfpi = SOSCircleCopyiCloudFullPeerInfoRef(circle, error), err_out);
  82
  83         /* Add the defenders peerInfo to circle */
  84         require_quiet(SOSCircleRequestReadmission(circle, userPub, pi, error), err_out);
  85         require_quiet(SOSCircleAcceptRequest(circle, userPriv, iCloudfpi, pi, error), err_out);
  86
  87         account->departure_code = kSOSNeverLeftCircle;
  88
  89         result = true;
  90         account->trusted_circle = SOSCircleCopyCircle(kCFAllocatorDefault, circle, error);
  91         SOSAccountPublishCloudParameters(account, NULL);
  92         account->my_identity = NULL;
  93
  94     err_out:
  95         if (result == false)
  96         secerror("error resetting circle (%@) to offering: %@", circle, localError);
  97         if (localError && error && *error == NULL) {
  98             *error = localError;
  99             localError = NULL;
 100         }
 101         CFReleaseNull(localError);
 102         return result;
 103     });
 104
 105     result = true;
 106
 107 fail:
 108     return result;
 109 }
 110
 111 static bool SOSAccountResetToNastyOffering(SOSAccountRef account, SOSPeerInfoRef pi, CFErrorRef* error) {
 112     SecKeyRef user_key = SOSAccountGetPrivateCredential(account, error);
 113     if (!user_key)
 114         return false;
 115
 116     CFReleaseNull(account->my_identity);
 117
 118     return user_key && SOSAccountResetCircleToNastyOffering(account, user_key, pi, error);
 119 }
 120
 121 static bool performiCloudIdentityAttack(SOSAccountRef attacker, SOSAccountRef defender, SOSAccountRef accomplice, CFMutableDictionaryRef changes) {
 122     CFErrorRef error = NULL;
 123     bool retval = false;  // false means the attack succeeds
 124     CFArrayRef applicants = NULL;
 125
 126     /*----- Carole makes bogus circle with fake iCloud identity and Alice's peerInfo but only signed with fake iCloud identity -----*/
 127
 128     require_action_quiet(SOSAccountResetToNastyOffering(attacker, SOSFullPeerInfoGetPeerInfo(defender->my_identity), &error), testDone, retval = true);
 129     CFReleaseNull(error);
 130
 131     ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
 132
 133     /*----- Now use our fake iCloud identity to get in to the circle for real -----*/
 134     require_action_quiet(SOSAccountJoinCirclesAfterRestore_wTxn(attacker, &error), testDone, retval = true);
 135     CFReleaseNull(error);
 136     require_action_quiet(countPeers(attacker) == 2, testDone, retval = true);
 137
 138     /*----- Let's see if carole can get bob into the circle and have alice believe it -----*/
 139     require_action_quiet(SOSAccountJoinCircles_wTxn(accomplice, &error), testDone, retval = true);
 140     CFReleaseNull(error);
 141
 142     ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
 143
 144     applicants = SOSAccountCopyApplicants(attacker, &error);
 145     CFReleaseNull(error);
 146
 147     if(CFArrayGetCount(applicants) > 0) {
 148         require_action_quiet(SOSAccountAcceptApplicants(attacker, applicants, &error), testDone, retval = true);
 149     }
 150
 151     ProcessChangesUntilNoChange(changes, defender, accomplice, attacker, NULL);
 152
 153     require_action_quiet(countPeers(defender) == 3, testDone, retval = true);
 154     require_action_quiet(countPeers(accomplice) == 3, testDone, retval = true);
 155     require_action_quiet(countPeers(attacker) == 3, testDone, retval = true);
 156
 157 testDone:
 158     CFReleaseNull(applicants);
 159     CFReleaseNull(error);
 160     return retval;
 161 }
 162
 163 static void tests(void)
 164 {
 165     CFErrorRef error = NULL;
 166     CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
 167     CFStringRef cfaccount = CFSTR("test@test.org");
 168
 169     CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
 170
 171     SOSAccountRef alice_account = CreateAccountForLocalChanges( CFSTR("Alice"), CFSTR("TestSource"));
 172     SOSAccountRef bob_account = CreateAccountForLocalChanges(CFSTR("Bob"), CFSTR("TestSource"));
 173     SOSAccountRef carole_account = CreateAccountForLocalChanges(CFSTR("Carole"), CFSTR("TestSource"));
 174
 175     ok(SOSAccountAssertUserCredentialsAndUpdate(bob_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
 176
 177     // Bob wins writing at this point, feed the changes back to alice.
 178     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 1, "updates");
 179
 180     ok(SOSAccountAssertUserCredentialsAndUpdate(alice_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
 181     CFReleaseNull(error);
 182
 183     ok(SOSAccountAssertUserCredentialsAndUpdate(carole_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
 184     CFReleaseNull(error);
 185     ok(SOSAccountResetToOffering_wTxn(alice_account, &error), "Reset to offering (%@)", error);
 186     CFReleaseNull(error);
 187
 188     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 2, "updates");
 189
 190     ok(SOSAccountJoinCircles_wTxn(bob_account, &error), "Bob Applies (%@)", error);
 191     CFReleaseNull(error);
 192     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 2, "updates");
 193
 194     {
 195         CFArrayRef applicants = SOSAccountCopyApplicants(alice_account, &error);
 196
 197         ok(applicants && CFArrayGetCount(applicants) == 1, "See one applicant %@ (%@)", applicants, error);
 198         ok(SOSAccountAcceptApplicants(alice_account, applicants, &error), "Alice accepts (%@)", error);
 199         CFReleaseNull(error);
 200         CFReleaseNull(applicants);
 201     }
 202
 203     is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, carole_account, NULL), 3, "updates");
 204
 205     accounts_agree("bob&alice pair", bob_account, alice_account);
 206
 207
 208     ok(performiCloudIdentityAttack(carole_account, alice_account, bob_account, changes), "Attack is defeated");
 209
 210     CFReleaseNull(bob_account);
 211     CFReleaseNull(alice_account);
 212     CFReleaseNull(carole_account);
 213     CFReleaseNull(cfpassword);
 214
 215     SOSUnregisterAllTransportMessages();
 216     SOSUnregisterAllTransportCircles();
 217     SOSUnregisterAllTransportKeyParameters();
 218     CFArrayRemoveAllValues(key_transports);
 219     CFArrayRemoveAllValues(circle_transports);
 220     CFArrayRemoveAllValues(message_transports);
 221
 222 }
 223
 224 int secd_60_account_cloud_exposure(int argc, char *const *argv)
 225 {
 226     plan_tests(kTestTestCount);
 227
 228     secd_test_setup_temp_keychain(__FUNCTION__, NULL);
 229
 230     tests();
 231
 232     return 0;
 233 }