misc/encryption_scheme/test_encryption-scheme.cpp

   1 /*
   2  *  Copyright (c) 2015 -2020 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  */
  16 /*
  17  * @file       test_encryption-scheme.cpp
  18  * @author     Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
  19  * @version    1.0
  20  */
  21
  22 #include <fstream>
  23 #include <string>
  24 #include <iostream>
  25
  26 #define BOOST_TEST_MODULE KEY_MANAGER_SCHEME_TEST
  27 #include <boost_macros_wrapper.h>
  28 #include <boost/test/results_reporter.hpp>
  29 #include <boost/test/unit_test.hpp>
  30 #include <boost/test/unit_test_log.hpp>
  31
  32 #include <exception.h>
  33 #include <key-provider.h>
  34 #include <dpl/log/log.h>
  35 #include <log-setup.h>
  36
  37 #include <colour_log_formatter.h>
  38 #include "scheme-test.h"
  39
  40 using namespace CKM;
  41
  42 namespace {
  43 // this is done to limit the amount of code included in binary
  44 const int OLD_ENC_SCHEME  = 0;
  45 const int NEW_ENC_SCHEME  = 1;
  46
  47 const char* const ONLYCAP = "/sys/fs/smackfs/onlycap";
  48
  49 class OnlycapFixture {
  50 public:
  51         OnlycapFixture() {
  52                 std::fstream file(ONLYCAP);
  53                 std::string tmp;
  54                 while(file >> tmp) {
  55                         m_oldOnlycap += tmp;
  56                         m_oldOnlycap += " ";
  57                 }
  58                 file.clear();
  59                 file << " ";
  60         };
  61
  62         ~OnlycapFixture() {
  63                 try {
  64                         std::ofstream file(ONLYCAP);
  65                         file << m_oldOnlycap;
  66                 } catch(...) {}
  67         };
  68 private:
  69         std::string m_oldOnlycap;
  70 };
  71
  72 struct TestConfig {
  73         TestConfig()
  74         {
  75                 boost::unit_test::unit_test_log.set_threshold_level(
  76                         boost::unit_test::log_test_units);
  77                 boost::unit_test::results_reporter::set_level(boost::unit_test::SHORT_REPORT);
  78                 boost::unit_test::unit_test_log.set_formatter(new CKM::colour_log_formatter);
  79         }
  80         ~TestConfig()
  81         {
  82         }
  83 };
  84
  85 struct KeyProviderLib {
  86         KeyProviderLib()
  87         {
  88                 try {
  89                         KeyProvider::initializeLibrary();
  90                 } catch (const Exc::Exception &) {
  91                         std::cout << "Library initialization failed!" << std::endl;
  92                 }
  93         }
  94         ~KeyProviderLib()
  95         {
  96                 try {
  97                         KeyProvider::closeLibrary();
  98                 } catch (const Exc::Exception &) {
  99                         std::cout << "Library deinitialization failed!" << std::endl;
 100                 }
 101         }
 102 };
 103
 104 struct LogSetup {
 105         LogSetup()
 106         {
 107                 SetupClientLogSystem();
 108                 Singleton<Log::LogSystem>::Instance().SetTag("CKM_SCHEME_TESTS");
 109         }
 110         ~LogSetup() {}
 111 };
 112
 113 } // namespace anonymous
 114
 115 BOOST_GLOBAL_FIXTURE(KeyProviderLib);
 116 BOOST_GLOBAL_FIXTURE(TestConfig);
 117 BOOST_GLOBAL_FIXTURE(LogSetup);
 118 BOOST_FIXTURE_TEST_SUITE(ENCRYPTION_SCHEME_TEST, OnlycapFixture)
 119
 120 // Test database should have the old scheme
 121 POSITIVE_TEST_CASE(T010_Check_old_scheme)
 122 {
 123         SchemeTest test;
 124         test.RestoreDb();
 125
 126         ItemFilter filter;
 127         test.CheckSchemeVersion(filter, OLD_ENC_SCHEME);
 128 }
 129
 130 POSITIVE_TEST_CASE(T1111_Alias_Info_old_scheme)
 131 {
 132         SchemeTest test;
 133         test.RestoreDb();
 134
 135         ItemFilter filter;
 136         test.CheckSchemeVersion(filter, OLD_ENC_SCHEME);
 137         test.CheckAliasInfo();
 138         test.ReadAll();
 139         test.CheckAliasInfo();
 140 }
 141
 142 // Newly written data should use the new scheme
 143 POSITIVE_TEST_CASE(T020_Check_new_scheme)
 144 {
 145         SchemeTest test;
 146         test.RemoveUserData();
 147         test.FillDb();
 148
 149         ItemFilter filter;
 150         test.CheckSchemeVersion(filter, NEW_ENC_SCHEME);
 151 }
 152
 153 POSITIVE_TEST_CASE(T030_Remove_old_scheme)
 154 {
 155         SchemeTest test;
 156         test.RestoreDb();
 157         test.RemoveAll();
 158
 159         size_t aliases = test.CountObjects();
 160         BOOST_REQUIRE_MESSAGE(aliases == 0, "All aliases should be removed");
 161 }
 162
 163 POSITIVE_TEST_CASE(T040_Remove_new_scheme)
 164 {
 165         SchemeTest test;
 166         test.RemoveUserData();
 167         test.FillDb();
 168         test.RemoveAll();
 169
 170         size_t aliases = test.CountObjects();
 171         BOOST_REQUIRE_MESSAGE(aliases == 0, "All aliases should be removed");
 172 }
 173
 174 // Reading old db should reencrypt objects with new scheme
 175 POSITIVE_TEST_CASE(T100_Read)
 176 {
 177         SchemeTest test;
 178         test.RestoreDb();
 179         test.ReadAll();
 180
 181         ItemFilter filter;
 182         filter.exportableOnly = true;
 183         test.CheckSchemeVersion(filter, NEW_ENC_SCHEME);
 184 }
 185
 186 POSITIVE_TEST_CASE(T110_Count_objects_after_read)
 187 {
 188         SchemeTest test;
 189         test.RestoreDb();
 190         size_t orig = test.CountObjects();
 191         BOOST_REQUIRE_MESSAGE(orig > 0, "No objects in db");
 192
 193         test.ReadAll();
 194
 195         size_t current = test.CountObjects();
 196         BOOST_REQUIRE_MESSAGE(current == orig,
 197                                                   "Original number of objects: " << orig << " Current: " << current);
 198 }
 199
 200 // Reading old db with incorrect passwords should leave the scheme unchanged
 201 NEGATIVE_TEST_CASE(T120_Read_wrong_pass)
 202 {
 203         SchemeTest test;
 204         test.RestoreDb();
 205         test.ReadAll(true);
 206
 207         ItemFilter filter;
 208         test.CheckSchemeVersion(filter, OLD_ENC_SCHEME);
 209 }
 210
 211 // Signing/verification should reencrypt objects with new scheme
 212 POSITIVE_TEST_CASE(T200_SignVerify)
 213 {
 214         SchemeTest test;
 215         test.RestoreDb();
 216         test.SignVerify();
 217
 218         ItemFilter filter(DataType::KEY_RSA_PUBLIC, DataType::KEY_RSA_PRIVATE);
 219         test.CheckSchemeVersion(filter, NEW_ENC_SCHEME);
 220 }
 221
 222 // Encryption/decryption should reencrypt objects with new scheme
 223 POSITIVE_TEST_CASE(T210_EncryptDecrypt)
 224 {
 225         SchemeTest test;
 226         test.RestoreDb();
 227         test.EncryptDecrypt();
 228
 229         ItemFilter filter1(DataType::KEY_RSA_PUBLIC, DataType::KEY_RSA_PRIVATE);
 230         test.CheckSchemeVersion(filter1, NEW_ENC_SCHEME);
 231
 232         ItemFilter filter2(DataType::KEY_AES);
 233         test.CheckSchemeVersion(filter2, NEW_ENC_SCHEME);
 234 }
 235
 236 // Chain creation should reencrypt objects with new scheme
 237 POSITIVE_TEST_CASE(T220_CreateChain)
 238 {
 239         SchemeTest test;
 240         test.RestoreDb();
 241         test.CreateChain();
 242
 243         // non exportable certificates and certificates protected with passwords can't be used for chain
 244         // creation
 245         ItemFilter filter1(DataType::CERTIFICATE);
 246         filter1.exportableOnly = true;
 247         filter1.noPassword = true;
 248         test.CheckSchemeVersion(filter1, NEW_ENC_SCHEME);
 249
 250         ItemFilter filter2(DataType::CHAIN_CERT_0, DataType::CHAIN_CERT_15);
 251         filter2.exportableOnly = true;
 252         filter2.noPassword = true;
 253         test.CheckSchemeVersion(filter2, NEW_ENC_SCHEME);
 254 }
 255
 256 BOOST_AUTO_TEST_SUITE_END()