2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
22 #include <sys/types.h>
30 #include <vconf/vconf.h>
32 #include <dpl/test/test_runner.h>
33 #include <tests_common.h>
34 #include <ckm-common.h>
35 #include <ckm/ckm-manager.h>
36 #include <ckm/ckm-control.h>
41 #ifndef VCONFKEY_SECURITY_MDPP_STATE
42 #define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
47 const useconds_t SLEEP = 100*1000;
49 const size_t MAX_RETRIES = 50;
51 const char* const ENABLED = "Enabled";
52 const char* const ENFORCING = "Enforcing";
53 const char* const DISABLED = "Disabled";
54 const char* const READY = "Ready";
55 const char* const UNSET = "Unset"; // Meaningless value for unset.
57 const char* const USER_LABEL = "User";
58 const char* const CKM_LOCK = "/var/run/key-manager.pid";
60 const char* const CC_PASSWD = "t200-special-password";
62 // Wrapper for mdpp state that restores the original value upon destruction
70 void set(const char* const value);
76 MdppState::MdppState()
78 ScopedLabel sl(USER_LABEL);
79 m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
82 MdppState::~MdppState()
84 ScopedLabel sl(USER_LABEL);
86 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
88 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
92 void MdppState::set(const char* const value)
94 ScopedLabel sl(USER_LABEL);
97 int ret = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value);
98 RUNNER_ASSERT_MSG(0 == ret,
99 "vconf_set() failed, ec: " << ret);
102 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
107 Alias rsa_pri_alias("rsa-private-T2002");
108 Alias rsa_pub_alias("rsa-public-T2002");
109 Alias ecdsa_pri_alias("ecdsa-private-T2002");
110 Alias ecdsa_pub_alias("ecdsa-public-T2002");
115 auto manager = Manager::create();
118 CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
122 Policy(Password(), true),
123 Policy(Password(), true))),
124 "Error=" << ErrorToString(temp));
127 CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
128 ElipticCurve::prime192v1,
131 Policy(Password(), true),
132 Policy(Password(), true))),
133 "Error=" << ErrorToString(temp));
136 void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
140 expected == (temp = manager->getKey(alias, Password(), key)),
141 "Expected: " << expected << "/" << ErrorToString(expected) << " got: " << temp << "/" <<
142 ErrorToString(temp));
145 void read_keys(int expected)
147 // if mdpp is disabled at compilation time we expect that read_key always succeeds
148 #ifndef DSECURITY_MDFPP_STATE_ENABLE
149 expected = CKM_API_SUCCESS;
151 auto manager = Manager::create();
153 read_key(manager, rsa_pri_alias, expected);
154 read_key(manager, ecdsa_pri_alias, expected);
157 void update_cc_mode()
159 auto control = Control::create();
161 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()),
162 "Error=" << ErrorToString(ret));
165 void restart_ckm(const char* const mdpp_setting)
167 stop_service(MANAGER);
169 mdpp.set(mdpp_setting);
170 start_service(MANAGER);
172 } // namespace anonymous
174 RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
176 RUNNER_TEST(TCC_0000_init)
178 reset_user_data(0, CC_PASSWD);
181 // updatedCCMode should succeed regardless of mdpp setting
182 RUNNER_TEST(TCC_0010_updateCCMode)
201 mdpp.set("whatever");
205 // tests without listener (ckm only)
206 RUNNER_TEST(TCC_0020_noListener)
208 stop_service(LISTENER);
211 reset_user_data(0, CC_PASSWD);
216 read_keys(CKM_API_SUCCESS);
220 // MJK, it's counter-intuitive: Disabled does not mean
221 // that CC mode is disabled, but that device
222 // self-test failed "device DISABLED"
223 read_keys(CKM_API_ERROR_BAD_REQUEST);
225 mdpp.set("whatever");
227 read_keys(CKM_API_SUCCESS);
231 read_keys(CKM_API_ERROR_BAD_REQUEST);
235 read_keys(CKM_API_ERROR_BAD_REQUEST);
239 read_keys(CKM_API_SUCCESS);
241 mdpp.set("whatever");
243 read_keys(CKM_API_SUCCESS);
247 read_keys(CKM_API_ERROR_BAD_REQUEST);
250 // when listener is started with mdpp key unset it should not update mdpp status in ckm
251 RUNNER_TEST(TCC_0030_noCallbackRegistered)
253 // restart listener without vconf callback
254 stop_service(LISTENER);
255 reset_user_data(0, CC_PASSWD);
259 start_service(LISTENER);
263 read_keys(CKM_API_SUCCESS);
266 usleep(SLEEP); // give some time for notification to reach ckm
268 read_keys(CKM_API_SUCCESS);
271 // when listener is started with mdpp key set it should update mdpp status in ckm
272 RUNNER_TEST(TCC_0040_callbackRegistered)
274 // restart listener with vconf callback
275 stop_service(LISTENER);
279 start_service(LISTENER);
281 reset_user_data(0, CC_PASSWD);
283 read_keys(CKM_API_ERROR_BAD_REQUEST);
285 mdpp.set("whatever");
286 usleep(SLEEP); // give some time for notification to reach ckm
287 read_keys(CKM_API_SUCCESS);
290 usleep(SLEEP); // give some time for notification to reach ckm
291 read_keys(CKM_API_ERROR_BAD_REQUEST);
294 usleep(SLEEP); // give some time for notification to reach ckm
295 read_keys(CKM_API_ERROR_BAD_REQUEST);
298 usleep(SLEEP); // give some time for notification to reach ckm
299 read_keys(CKM_API_SUCCESS);
302 usleep(SLEEP); // give some time for notification to reach ckm
303 read_keys(CKM_API_ERROR_BAD_REQUEST);
306 usleep(SLEEP); // give some time for notification to reach ckm
307 read_keys(CKM_API_SUCCESS);
310 // run ckm manually and see if it properly loads mdpp setting
311 RUNNER_TEST(TCC_0050_manualCkmDisabled)
313 restart_ckm(DISABLED);
315 reset_user_data(0, CC_PASSWD);
317 read_keys(CKM_API_ERROR_BAD_REQUEST);
320 // run ckm manually and see if it properly loads mdpp setting
321 RUNNER_TEST(TCC_0060_manualCkmEnabled)
323 restart_ckm(ENABLED);
325 reset_user_data(0, CC_PASSWD);
327 read_keys(CKM_API_ERROR_BAD_REQUEST);
330 // run ckm manually and see if it properly loads mdpp setting
331 RUNNER_TEST(TCC_0070_manualCkmEnforcing)
333 restart_ckm(ENFORCING);
335 reset_user_data(0, CC_PASSWD);
337 read_keys(CKM_API_ERROR_BAD_REQUEST);
340 // run ckm manually and see if it properly loads mdpp setting
341 RUNNER_TEST(TCC_0075_manualCkmReady)
345 reset_user_data(0, CC_PASSWD);
347 read_keys(CKM_API_SUCCESS);
350 // run ckm manually and see if it properly loads mdpp setting
351 RUNNER_TEST(TCC_0080_manualCkmWhatever)
353 restart_ckm("whatever");
355 reset_user_data(0, CC_PASSWD);
357 read_keys(CKM_API_SUCCESS);
360 // run ckm manually and see if it properly loads mdpp setting
361 RUNNER_TEST(TCC_0090_manualCkmUnset)
365 reset_user_data(0, CC_PASSWD);
367 read_keys(CKM_API_SUCCESS);
370 // make sure listener won't activate ckm to update mdpp
371 RUNNER_TEST(TCC_0100_listenerDoesntStartCkm)
373 stop_service(MANAGER);
374 stop_service(LISTENER);
379 start_service(LISTENER);
381 usleep(1000*1000); // by that time ckm would be already started
383 int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
384 RUNNER_ASSERT_MSG(-1 != lock, "Error in opening lock file. Errno: " << strerror(errno));
386 int ret = lockf(lock, F_TEST, 0);
388 RUNNER_ASSERT_MSG(ret == 0, "CKM lock is occupied. CKM seems to be running.");
391 RUNNER_TEST(TCC_9999_deinit)