2 * Copyright (c) 2000 - 2015 Samsung Electronics Co.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
20 #include <dpl/test/test_runner.h>
21 #include <dpl/test/test_runner_child.h>
22 #include <tests_common.h>
23 #include <ckm-common.h>
24 #include <ckm/ckm-control.h>
25 #include <ckmc/ckmc-manager.h>
26 #include <access_provider2.h>
33 const uid_t USER_APP = 5070;
34 const uid_t GROUP_APP = 5070;
35 const char* APP_PASS = "user-pass";
36 const char* TEST_WEB_APP_1 = "web_app1";
37 const char* TEST_WEB_APP_2 = "web_app2";
39 const char *XML_DEVICE_KEY = "device_key.xml";
41 const char *XML_1_okay = "XML_1_okay.xml";
42 std::string XML_1_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key1");
43 std::string XML_1_EXPECTED_KEY_1_PASSWD = "123";
44 std::string XML_1_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key2");
45 // uncomment when AES is supported (+ usage in the tests)
46 std::string XML_1_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test-aes1");
47 std::string XML_1_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test-cert1");
48 std::string XML_1_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test-data1");
49 const char *XML_1_EXPECTED_DATA_1_DATA = "My secret data";
51 std::string XML_1_EXPECTED_KEY_3_RSA_PRV = aliasWithLabel(ckmc_owner_id_system, "test-encryption-prv");
52 std::string XML_1_EXPECTED_KEY_3_RSA_PUB = aliasWithLabel(ckmc_owner_id_system, "test-encryption-pub");
53 std::string XML_1_EXPECTED_ASCII_DATA = aliasWithLabel(ckmc_owner_id_system, "test-ascii-data-encryption");
54 std::string XML_1_EXPECTED_BIG_DATA = aliasWithLabel(ckmc_owner_id_system, "test-binary-data-encryption");
56 const char *XML_2_okay = "XML_2_okay.xml";
57 std::string XML_2_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key1");
58 std::string XML_2_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key2");
59 // uncomment when AES is supported
60 std::string XML_2_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test2-aes1");
61 std::string XML_2_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test2-cert1");
62 std::string XML_2_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test2-data1");
63 const char *XML_2_EXPECTED_DATA_1_DATA = "My secret data";
65 const char *XML_3_wrong = "XML_3_wrong.xml";
66 std::string XML_3_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key1");
67 std::string XML_3_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key2");
68 // uncomment when AES is supported
69 std::string XML_3_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test3-cert1");
70 std::string XML_3_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test3-data1");
72 std::string format_src_path(const char *file)
74 return std::string(CKM_TEST_DIR) + std::string(file);
77 std::string format_dest_key_path(const char *file)
79 return std::string(CKM_RW_DATA_DIR) + std::string(file);
82 std::string format_dest_path(const char *file)
84 return std::string(CKM_RW_DATA_DIR) + std::string( "/initial_values/") + std::string(file);
87 void copy_file(const std::string &from, const std::string &to)
89 std::ifstream infile(from, std::ios_base::binary);
90 RUNNER_ASSERT_MSG(infile, "Input file " << from << " does not exist.");
91 std::ofstream outfile(to, std::ios_base::binary);
92 RUNNER_ASSERT_MSG(outfile, "Output file " << to << " does not exist. Reinstall key-manager.");
93 outfile << infile.rdbuf();
96 void restart_key_manager()
98 stop_service(MANAGER);
99 start_service(MANAGER);
102 void test_exists(const std::string& name, bool expected) {
103 bool file_exists = (access( name.c_str(), F_OK ) != -1);
104 RUNNER_ASSERT_MSG(file_exists == expected,
105 "File " << name << " status: " << file_exists <<
106 " while expected: " << expected);
112 RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
114 RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP, RemoveDataEnv<0>)
118 // copy to the initial-values folder
120 // check XML file exists
121 // restart the key-manager
122 // check XML file exists - should fail
124 // check items existence as system service
126 // check items existence as web_app1
128 // check items existence as web_app2
132 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
133 copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
136 test_exists(format_dest_path(XML_1_okay), true);
137 restart_key_manager();
138 test_exists(format_dest_path(XML_1_okay), false);
141 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
142 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
143 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
144 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
145 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
149 ScopedDBUnlock unlock(USER_APP, APP_PASS);
150 ScopedAccessProvider ap(TEST_WEB_APP_1);
151 ap.allowAPI("key-manager::api-storage", "rw");
152 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
154 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
155 check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
156 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
157 check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str());
158 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
163 ScopedDBUnlock unlock(USER_APP, APP_PASS);
164 ScopedAccessProvider ap(TEST_WEB_APP_2);
165 ap.allowAPI("key-manager::api-storage", "rw");
166 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
168 check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
169 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
170 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
171 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
172 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
176 RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP, RemoveDataEnv<0>)
180 // copy two files to the initial-values folder
182 // check XML files exist
183 // restart the key-manager
184 // check XML files exist - should fail
186 // check items existence as system service
189 copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
190 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
191 copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
194 test_exists(format_dest_path(XML_1_okay), true);
195 test_exists(format_dest_path(XML_1_okay), true);
196 restart_key_manager();
197 test_exists(format_dest_path(XML_2_okay), false);
198 test_exists(format_dest_path(XML_2_okay), false);
201 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
202 check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
203 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
204 check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
205 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
206 check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
207 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
208 check_cert_allowed(XML_2_EXPECTED_CERT_1.c_str());
209 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
210 check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA);
213 RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP, RemoveDataEnv<0>)
217 // copy failing XML file to the initial-values folder
219 // check XML files exist
220 // restart the key-manager
221 // check XML files exist - should fail
223 // check items existence as system service - nothing should be available
226 copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
229 test_exists(format_dest_path(XML_3_wrong), true);
230 restart_key_manager();
231 test_exists(format_dest_path(XML_3_wrong), false);
234 check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
235 check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
236 check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
237 check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
240 RUNNER_TEST(T6040_CHECK_KEYS_VALID, RemoveDataEnv<0>)
244 // copy to the initial-values folder
245 // restart the key-manager
247 // check if key can create & verify signature
250 copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
251 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
252 restart_key_manager();
255 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
256 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
257 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
258 ckmc_raw_buffer_s *signature = NULL;
261 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
262 XML_1_EXPECTED_KEY_2_RSA.c_str(),
268 CKMCReadableError(temp));
272 CKMC_ERROR_AUTHENTICATION_FAILED == (temp = ckmc_verify_signature(
273 XML_1_EXPECTED_KEY_1_RSA.c_str(),
279 CKMCReadableError(temp));
283 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
284 XML_1_EXPECTED_KEY_1_RSA.c_str(),
285 XML_1_EXPECTED_KEY_1_PASSWD.c_str(),
290 CKMCReadableError(temp));
292 ckmc_buffer_free(signature);
295 RUNNER_TEST(T6050_ENCRYPTED_KEY, RemoveDataEnv<0>)
298 // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
299 // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
301 // copy to the initial-values folder
302 // restart the key-manager
304 // check if encrypted private key is present
305 // check if public key is present
307 // extract the private, encrypted key
308 // extract the public key
309 // create signature using the public key
310 // verify signature using the decrypted private key
313 copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
314 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
315 restart_key_manager();
318 check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), CKMC_KEY_RSA_PRIVATE);
319 check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), CKMC_KEY_RSA_PUBLIC);
322 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
323 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
324 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
325 ckmc_raw_buffer_s *signature = NULL;
328 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
329 XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(),
335 CKMCReadableError(temp));
339 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
340 XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(),
346 CKMCReadableError(temp));
348 ckmc_buffer_free(signature);
351 RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA, RemoveDataEnv<0>)
354 // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
355 // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
357 // copy to the initial-values folder
358 // restart the key-manager
361 // check if data matches the expected size and content
364 copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
365 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
366 restart_key_manager();
369 ckmc_raw_buffer_s *testData1;
372 CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_ASCII_DATA.c_str(), NULL, &testData1)),
373 CKMCReadableError(temp));
374 size_t expected_len = 15;
375 RUNNER_ASSERT_MSG(expected_len /* src/ckm/keys/EIV/ascii_data */ == testData1->size, "invalid data size");
376 RUNNER_ASSERT_MSG(memcmp(reinterpret_cast<char*>(testData1->data), "My secret data\n", expected_len) == 0, "invalid data contents");
377 ckmc_buffer_free(testData1);
380 RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA, RemoveDataEnv<0>)
383 // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
384 // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
386 // copy to the initial-values folder
387 // restart the key-manager
390 // check if data matches the expected size
393 copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
394 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
395 restart_key_manager();
398 ckmc_raw_buffer_s *testData1;
401 CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_BIG_DATA.c_str(), NULL, &testData1)),
402 CKMCReadableError(temp));
403 RUNNER_ASSERT_MSG(5918 /* src/ckm/keys/EIV/code.png */ == testData1->size, "invalid data size");
404 ckmc_buffer_free(testData1);