2 * Copyright (c) 2000 - 2015 Samsung Electronics Co.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
20 #include <dpl/test/test_runner.h>
21 #include <dpl/test/test_runner_child.h>
22 #include <tests_common.h>
23 #include <ckm-common.h>
24 #include <ckm/ckm-control.h>
25 #include <ckmc/ckmc-manager.h>
26 #include <access_provider2.h>
33 const uid_t USER_APP = 5070;
34 const uid_t GROUP_APP = 5070;
35 const char* APP_PASS = "user-pass";
36 const char* TEST_WEB_APP_1 = "web_app1";
37 const char* TEST_WEB_APP_2 = "web_app2";
39 const char *XML_1_okay = "XML_1_okay.xml";
40 std::string XML_1_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key1");
41 std::string XML_1_EXPECTED_KEY_1_PASSWD = "123";
42 std::string XML_1_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key2");
43 // uncomment when AES is supported (+ usage in the tests)
44 //const char *XML_1_EXPECTED_KEY_3_AES = "/System test-aes1";
45 std::string XML_1_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test-cert1");
46 std::string XML_1_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test-data1");
47 const char *XML_1_EXPECTED_DATA_1_DATA = "My secret data";
49 const char *XML_2_okay = "XML_2_okay.xml";
50 std::string XML_2_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key1");
51 std::string XML_2_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key2");
52 // uncomment when AES is supported
53 //const char *XML_2_EXPECTED_KEY_3_AES = "/System test2-aes1";
54 std::string XML_2_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test2-cert1");
55 std::string XML_2_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test2-data1");
56 const char *XML_2_EXPECTED_DATA_1_DATA = "My secret data";
58 const char *XML_3_wrong = "XML_3_wrong.xml";
59 std::string XML_3_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key1");
60 std::string XML_3_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key2");
61 // uncomment when AES is supported
62 //const char *XML_2_EXPECTED_KEY_3_AES = "/System test3-aes1";
63 std::string XML_3_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test3-cert1");
64 std::string XML_3_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test3-data1");
66 void feedGarbageCollector(GarbageCollector & gc)
69 gc.add(XML_1_EXPECTED_KEY_1_RSA.c_str());
70 gc.add(XML_1_EXPECTED_KEY_2_RSA.c_str());
71 //gc.add(XML_1_EXPECTED_KEY_3_AES);
72 gc.add(XML_1_EXPECTED_CERT_1.c_str());
73 gc.add(XML_1_EXPECTED_DATA_1.c_str());
74 gc.add(XML_2_EXPECTED_KEY_1_RSA.c_str());
75 gc.add(XML_2_EXPECTED_KEY_2_RSA.c_str());
76 //gc.add(XML_2_EXPECTED_KEY_3_AES);
77 gc.add(XML_2_EXPECTED_CERT_1.c_str());
78 gc.add(XML_2_EXPECTED_DATA_1.c_str());
81 std::string format_src_path(const char *file)
83 return std::string("/usr/share/ckm-test/") + std::string(file);
86 std::string format_dest_path(const char *file)
88 return std::string("/opt/data/ckm/initial_values/") + std::string(file);
91 void copy_file(const std::string &from, const std::string &to)
93 std::ifstream infile(from, std::ios_base::binary);
94 RUNNER_ASSERT_MSG(infile, "Input file " << from << " does not exist.");
95 std::ofstream outfile(to, std::ios_base::binary);
96 RUNNER_ASSERT_MSG(outfile, "Output file " << to << " does not exist. Reinstall key-manager.");
97 outfile << infile.rdbuf();
100 void restart_key_manager()
102 stop_service(MANAGER);
103 start_service(MANAGER);
106 void test_exists(const std::string& name, bool expected) {
107 bool file_exists = (access( name.c_str(), F_OK ) != -1);
108 RUNNER_ASSERT_MSG(file_exists == expected,
109 "File " << name << " status: " << file_exists <<
110 " while expected: " << expected);
116 RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
118 RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP)
122 // copy to the initial-values folder
124 // check XML file exists
125 // restart the key-manager
126 // check XML file exists - should fail
128 // check items existence as system service
130 // check items existence as web_app1
132 // check items existence as web_app2
137 feedGarbageCollector(gc);
140 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
143 test_exists(format_dest_path(XML_1_okay), true);
144 restart_key_manager();
145 test_exists(format_dest_path(XML_1_okay), false);
148 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
149 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
150 //check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
151 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
152 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
156 ScopedAccessProvider ap(TEST_WEB_APP_1);
157 ap.allowAPI("key-manager::api-storage", "rw");
158 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
159 ScopedDBUnlock unlock(USER_APP, APP_PASS);
161 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
162 check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
163 // check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
164 check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str());
165 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
170 ScopedAccessProvider ap(TEST_WEB_APP_2);
171 ap.allowAPI("key-manager::api-storage", "rw");
172 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
173 ScopedDBUnlock unlock(USER_APP, APP_PASS);
175 check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
176 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
177 // check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
178 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
179 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
183 RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP)
187 // copy two files to the initial-values folder
189 // check XML files exist
190 // restart the key-manager
191 // check XML files exist - should fail
193 // check items existence as system service
197 feedGarbageCollector(gc);
200 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
201 copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
204 test_exists(format_dest_path(XML_1_okay), true);
205 test_exists(format_dest_path(XML_1_okay), true);
206 restart_key_manager();
207 test_exists(format_dest_path(XML_2_okay), false);
208 test_exists(format_dest_path(XML_2_okay), false);
211 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
212 check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
213 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
214 check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
215 //check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
216 //check_key_allowed(XML_2_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
217 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
218 check_cert_allowed(XML_2_EXPECTED_CERT_1.c_str());
219 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
220 check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA);
223 RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP)
227 // copy failing XML file to the initial-values folder
229 // check XML files exist
230 // restart the key-manager
231 // check XML files exist - should fail
233 // check items existence as system service - nothing should be available
237 copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
240 test_exists(format_dest_path(XML_3_wrong), true);
241 restart_key_manager();
242 test_exists(format_dest_path(XML_3_wrong), false);
245 check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
246 check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
247 //check_key_not_visible(XML_3_EXPECTED_KEY_3_AES);
248 check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
249 check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
252 RUNNER_TEST(T6040_CHECK_KEYS_VALID)
256 // copy to the initial-values folder
257 // restart the key-manager
259 // check if key can create & verify signature
263 feedGarbageCollector(gc);
265 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
266 restart_key_manager();
269 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
270 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
271 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
272 ckmc_raw_buffer_s *signature = NULL;
275 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
276 XML_1_EXPECTED_KEY_2_RSA.c_str(),
282 CKMCReadableError(temp));
286 CKMC_ERROR_AUTHENTICATION_FAILED == (temp = ckmc_verify_signature(
287 XML_1_EXPECTED_KEY_1_RSA.c_str(),
293 CKMCReadableError(temp));
297 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
298 XML_1_EXPECTED_KEY_1_RSA.c_str(),
299 XML_1_EXPECTED_KEY_1_PASSWD.c_str(),
304 CKMCReadableError(temp));
306 ckmc_buffer_free(signature);
projects / platform / core / test / security-tests.git / blob