2 * Copyright (c) 2000 - 2014 Samsung Electronics Co.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
16 * @file password-integration.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
21 #include <dpl/test/test_runner.h>
22 #include <dpl/test/test_runner_child.h>
23 #include <dpl/log/log.h>
25 #include <tests_common.h>
27 #include <ckm/ckm-control.h>
28 #include <ckm/ckm-manager.h>
29 #include <ckm/ckm-password.h>
30 #include <ckm/ckm-type.h>
32 #include <security-server.h>
34 #include <access_provider2.h>
35 #include <clean-env.h>
37 CKM::Alias CKM_ALIAS1 = "ALIAS1";
38 CKM::Alias CKM_ALIAS2 = "ALIAS2";
40 CKM::RawBuffer BIN_DATA1 = {'A','B','R','A','C','A','D','A','B','R','A'};
42 const char * PASSWORD1 = "LongPassword1";
43 const char * PASSWORD2 = "LongerPassword2";
45 static const int USER_APP = 5000;
47 const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
49 void dropPrivileges() {
50 static const std::string LABEL1 = "TestLabel1";
51 static const int GROUP_APP = 5000;
53 AccessProvider ap(LABEL1);
54 ap.allowAPI("key-manager::api-storage", "rw");
55 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
58 RUNNER_TEST_GROUP_INIT(T401_SECURITY_SERVER_PASSWORD_INTEGRATION);
60 RUNNER_TEST(T4010_INIT)
62 reset_security_server();
63 unsigned int attempt, max_attempt, expire_sec;
65 int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
66 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
69 RUNNER_CHILD_TEST(T4011_ADD_DATA)
73 auto mgr = CKM::Manager::create();
75 int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
76 RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
79 RUNNER_TEST(T4012_CLOSE_CKM_DB)
81 auto ctl = CKM::Control::create();
83 int ret = ctl->lockUserKey(USER_APP);
84 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
87 RUNNER_CHILD_TEST(T4013_GET_DATA)
91 auto mgr = CKM::Manager::create();
93 CKM::RawBuffer buffer;
95 // CKM will automaticly unlock with empty password
96 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
97 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
100 RUNNER_TEST(T4014_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
102 unsigned int attempt, max_attempt, expire_sec;
104 usleep(PASSWORD_RETRY_TIMEOUT_US);
106 int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
107 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
110 RUNNER_CHILD_TEST(T4015_GET_DATA)
113 auto mgr = CKM::Manager::create();
115 CKM::RawBuffer buffer;
116 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
117 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
119 RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch");
122 RUNNER_TEST_GROUP_INIT(T402_SECURITY_SERVER_PASSWORD_INTEGRATION);
124 RUNNER_TEST(T4020_INIT)
126 reset_security_server();
128 int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
129 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
132 RUNNER_CHILD_TEST(T4021_ADD_DATA)
136 auto mgr = CKM::Manager::create();
138 int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
139 RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
142 RUNNER_TEST(T4022_CLOSE_CKM_DB)
144 unsigned int attempt, max, expire;
146 auto ctl = CKM::Control::create();
148 int ret = ctl->lockUserKey(USER_APP);
149 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
151 usleep(PASSWORD_RETRY_TIMEOUT_US);
153 // login with current password to get rid of invalid "NULL" DKEK
154 ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
155 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
157 ret = ctl->lockUserKey(USER_APP);
158 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
161 RUNNER_CHILD_TEST(T4023_GET_DATA_NEGATIVE)
165 auto mgr = CKM::Manager::create();
167 CKM::RawBuffer buffer;
168 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
169 RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
172 RUNNER_TEST(T4024_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
174 unsigned int attempt, max, expire;
176 usleep(PASSWORD_RETRY_TIMEOUT_US);
177 int ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
178 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error =" << ret);
181 RUNNER_CHILD_TEST(T4025_GET_DATA)
185 auto mgr = CKM::Manager::create();
187 CKM::RawBuffer buffer;
188 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
189 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
191 RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data missmatch");
194 RUNNER_TEST_GROUP_INIT(T403_SECURITY_SERVER_PASSWORD_INTEGRATION);
196 RUNNER_TEST(T4030_INIT)
198 reset_security_server();
200 int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
201 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
204 RUNNER_CHILD_TEST(T4031_ADD_DATA)
208 auto mgr = CKM::Manager::create();
210 int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
211 RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
214 RUNNER_TEST(T4032_CLOSE_CKM_DB)
216 unsigned int attempt, max, expire;
218 auto ctl = CKM::Control::create();
220 int ret = ctl->lockUserKey(USER_APP);
221 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
223 usleep(PASSWORD_RETRY_TIMEOUT_US);
225 // login with current password to get rid of invalid "NULL" DKEK
226 ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
227 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
229 ret = ctl->lockUserKey(USER_APP);
230 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
233 RUNNER_CHILD_TEST(T4033_GET_DATA_NEGATIVE)
237 auto mgr = CKM::Manager::create();
239 CKM::RawBuffer buffer;
240 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
241 RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
244 RUNNER_TEST(T4034_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
246 usleep(PASSWORD_RETRY_TIMEOUT_US);
248 int ret = security_server_set_pwd(PASSWORD1, PASSWORD2, 10, 10);
249 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
252 RUNNER_CHILD_TEST(T4035_GET_DATA)
256 auto mgr = CKM::Manager::create();
258 CKM::RawBuffer buffer;
259 int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
260 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
262 RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch");