2 * Copyright (c) 2000 - 2014 Samsung Electronics Co.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
16 * @file password-integration.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
21 #include <dpl/test/test_runner.h>
22 #include <dpl/test/test_runner_child.h>
24 #include <tests_common.h>
26 #include <ckm/ckm-control.h>
27 #include <ckm/ckm-manager.h>
28 #include <ckm/ckm-password.h>
29 #include <ckm/ckm-type.h>
31 #include <security-server.h>
33 #include <access_provider2.h>
34 #include <clean-env.h>
36 CKM::Alias CKM_ALIAS1 = "ALIAS1";
37 CKM::Alias CKM_ALIAS2 = "ALIAS2";
39 CKM::RawBuffer BIN_DATA1 = {'A','B','R','A','C','A','D','A','B','R','A'};
41 const char * PASSWORD1 = "LongPassword1";
42 const char * PASSWORD2 = "LongerPassword2";
44 static const int USER_APP = 5000;
46 const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
48 void dropPrivileges() {
49 static const std::string LABEL1 = "TestLabel1";
50 static const int GROUP_APP = 5000;
52 AccessProvider ap(LABEL1);
53 ap.allowAPI("key-manager::api-storage", "rw");
54 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
57 RUNNER_TEST_GROUP_INIT(T401_SECURITY_SERVER_PASSWORD_INTEGRATION);
59 RUNNER_TEST(T4010_INIT)
61 reset_security_server();
62 unsigned int attempt, max_attempt, expire_sec;
64 int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
65 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
68 RUNNER_CHILD_TEST(T4011_ADD_DATA)
72 auto mgr = CKM::Manager::create();
74 int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
75 RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
78 RUNNER_TEST(T4012_CLOSE_CKM_DB)
80 auto ctl = CKM::Control::create();
82 int ret = ctl->lockUserKey(USER_APP);
83 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
86 RUNNER_CHILD_TEST(T4013_GET_DATA)
90 auto mgr = CKM::Manager::create();
92 CKM::RawBuffer buffer;
94 // CKM will automaticly unlock with empty password
95 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
96 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
99 RUNNER_TEST(T4014_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
101 unsigned int attempt, max_attempt, expire_sec;
103 usleep(PASSWORD_RETRY_TIMEOUT_US);
105 int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
106 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
109 RUNNER_CHILD_TEST(T4015_GET_DATA)
112 auto mgr = CKM::Manager::create();
114 CKM::RawBuffer buffer;
115 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
116 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
118 RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch");
121 RUNNER_TEST_GROUP_INIT(T402_SECURITY_SERVER_PASSWORD_INTEGRATION);
123 RUNNER_TEST(T4020_INIT)
125 reset_security_server();
127 int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
128 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
131 RUNNER_CHILD_TEST(T4021_ADD_DATA)
135 auto mgr = CKM::Manager::create();
137 int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
138 RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
141 RUNNER_TEST(T4022_CLOSE_CKM_DB)
143 unsigned int attempt, max, expire;
145 auto ctl = CKM::Control::create();
147 int ret = ctl->lockUserKey(USER_APP);
148 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
150 usleep(PASSWORD_RETRY_TIMEOUT_US);
152 // login with current password to get rid of invalid "NULL" DKEK
153 ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
154 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
156 ret = ctl->lockUserKey(USER_APP);
157 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
160 RUNNER_CHILD_TEST(T4023_GET_DATA_NEGATIVE)
164 auto mgr = CKM::Manager::create();
166 CKM::RawBuffer buffer;
167 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
168 RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
171 RUNNER_TEST(T4024_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
173 unsigned int attempt, max, expire;
175 usleep(PASSWORD_RETRY_TIMEOUT_US);
176 int ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
177 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error =" << ret);
180 RUNNER_CHILD_TEST(T4025_GET_DATA)
184 auto mgr = CKM::Manager::create();
186 CKM::RawBuffer buffer;
187 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
188 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
190 RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data missmatch");
193 RUNNER_TEST_GROUP_INIT(T403_SECURITY_SERVER_PASSWORD_INTEGRATION);
195 RUNNER_TEST(T4030_INIT)
197 reset_security_server();
199 int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
200 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
203 RUNNER_CHILD_TEST(T4031_ADD_DATA)
207 auto mgr = CKM::Manager::create();
209 int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
210 RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
213 RUNNER_TEST(T4032_CLOSE_CKM_DB)
215 unsigned int attempt, max, expire;
217 auto ctl = CKM::Control::create();
219 int ret = ctl->lockUserKey(USER_APP);
220 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
222 usleep(PASSWORD_RETRY_TIMEOUT_US);
224 // login with current password to get rid of invalid "NULL" DKEK
225 ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
226 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
228 ret = ctl->lockUserKey(USER_APP);
229 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
232 RUNNER_CHILD_TEST(T4033_GET_DATA_NEGATIVE)
236 auto mgr = CKM::Manager::create();
238 CKM::RawBuffer buffer;
239 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
240 RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
243 RUNNER_TEST(T4034_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
245 usleep(PASSWORD_RETRY_TIMEOUT_US);
247 int ret = security_server_set_pwd(PASSWORD1, PASSWORD2, 10, 10);
248 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
251 RUNNER_CHILD_TEST(T4035_GET_DATA)
255 auto mgr = CKM::Manager::create();
257 CKM::RawBuffer buffer;
258 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
259 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
261 RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch");