2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
22 #include <sys/types.h>
30 #include <vconf/vconf.h>
32 #include <dpl/test/test_runner.h>
33 #include <tests_common.h>
34 #include <ckm-common.h>
35 #include <ckm/ckm-manager.h>
36 #include <ckm/ckm-control.h>
41 #ifndef VCONFKEY_SECURITY_MDPP_STATE
42 #define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
47 const useconds_t SLEEP = 100*1000;
49 const size_t MAX_RETRIES = 50;
51 const char* const ENABLED = "Enabled";
52 const char* const ENFORCING = "Enforcing";
53 const char* const DISABLED = "Disabled";
54 const char* const READY = "Ready";
55 const char* const UNSET = "Unset"; // Meaningless value for unset.
57 const char* const USER_LABEL = "User";
58 const char* const CKM_LOCK = "/var/run/key-manager.pid";
60 // Wrapper for mdpp state that restores the original value upon destruction
68 void set(const char* const value);
74 MdppState::MdppState()
76 ScopedLabel sl(USER_LABEL);
77 m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
80 MdppState::~MdppState()
82 ScopedLabel sl(USER_LABEL);
84 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
86 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
90 void MdppState::set(const char* const value)
92 ScopedLabel sl(USER_LABEL);
95 int ret = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value);
96 RUNNER_ASSERT_MSG(0 == ret,
97 "vconf_set() failed, ec: " << ret);
100 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
105 Alias rsa_pri_alias = sharedDatabase("rsa-private-T2002");
106 Alias rsa_pub_alias = sharedDatabase("rsa-public-T2002");
107 Alias ecdsa_pri_alias = sharedDatabase("ecdsa-private-T2002");
108 Alias ecdsa_pub_alias = sharedDatabase("ecdsa-public-T2002");
109 Alias aes_alias = sharedDatabase("aes-T2002");
110 size_t aes_length = 128;
115 auto manager = Manager::create();
118 CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
122 Policy(Password(), true),
123 Policy(Password(), true))),
124 "Error=" << CKMErrorToString(temp));
127 CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
128 ElipticCurve::prime192v1,
131 Policy(Password(), true),
132 Policy(Password(), true))),
133 "Error=" << CKMErrorToString(temp));
136 CKM_API_SUCCESS == (temp = manager->createKeyAES(
139 Policy(Password(), true))),
140 "Error=" << CKMErrorToString(temp));
143 void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
147 expected == (temp = manager->getKey(alias, Password(), key)),
148 "Expected: " << expected << "/" << CKMErrorToString(expected) << " got: " << temp << "/" <<
149 CKMErrorToString(temp));
152 void read_keys(int expected)
154 // if mdpp is disabled at compilation time we expect that read_key always succeeds
155 #ifndef DSECURITY_MDFPP_STATE_ENABLE
156 expected = CKM_API_SUCCESS;
158 auto manager = Manager::create();
160 read_key(manager, rsa_pri_alias, expected);
161 read_key(manager, ecdsa_pri_alias, expected);
162 read_key(manager, aes_alias, expected);
165 void update_cc_mode()
167 auto control = Control::create();
169 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()),
170 "Error=" << CKMErrorToString(ret));
173 void restart_ckm(const char* const mdpp_setting)
175 stop_service(MANAGER);
177 mdpp.set(mdpp_setting);
178 start_service(MANAGER);
180 } // namespace anonymous
182 RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
184 RUNNER_TEST(TCC_0000_init)
189 // updatedCCMode should succeed regardless of mdpp setting
190 RUNNER_TEST(TCC_0010_updateCCMode)
209 mdpp.set("whatever");
213 // tests without listener (ckm only)
214 RUNNER_TEST(TCC_0020_noListener)
216 stop_service(LISTENER);
224 read_keys(CKM_API_SUCCESS);
228 // MJK, it's counter-intuitive: Disabled does not mean
229 // that CC mode is disabled, but that device
230 // self-test failed "device DISABLED"
231 read_keys(CKM_API_ERROR_BAD_REQUEST);
233 mdpp.set("whatever");
235 read_keys(CKM_API_SUCCESS);
239 read_keys(CKM_API_ERROR_BAD_REQUEST);
243 read_keys(CKM_API_ERROR_BAD_REQUEST);
247 read_keys(CKM_API_SUCCESS);
249 mdpp.set("whatever");
251 read_keys(CKM_API_SUCCESS);
255 read_keys(CKM_API_ERROR_BAD_REQUEST);
258 // when listener is started with mdpp key unset it should not update mdpp status in ckm
259 RUNNER_TEST(TCC_0030_noCallbackRegistered)
261 // restart listener without vconf callback
262 stop_service(LISTENER);
267 start_service(LISTENER);
271 read_keys(CKM_API_SUCCESS);
274 usleep(SLEEP); // give some time for notification to reach ckm
276 read_keys(CKM_API_SUCCESS);
279 // when listener is started with mdpp key set it should update mdpp status in ckm
280 RUNNER_TEST(TCC_0040_callbackRegistered)
282 // restart listener with vconf callback
283 stop_service(LISTENER);
287 start_service(LISTENER);
291 read_keys(CKM_API_ERROR_BAD_REQUEST);
293 mdpp.set("whatever");
294 usleep(SLEEP); // give some time for notification to reach ckm
295 read_keys(CKM_API_SUCCESS);
298 usleep(SLEEP); // give some time for notification to reach ckm
299 read_keys(CKM_API_ERROR_BAD_REQUEST);
302 usleep(SLEEP); // give some time for notification to reach ckm
303 read_keys(CKM_API_ERROR_BAD_REQUEST);
306 usleep(SLEEP); // give some time for notification to reach ckm
307 read_keys(CKM_API_SUCCESS);
310 usleep(SLEEP); // give some time for notification to reach ckm
311 read_keys(CKM_API_ERROR_BAD_REQUEST);
314 usleep(SLEEP); // give some time for notification to reach ckm
315 read_keys(CKM_API_SUCCESS);
318 // run ckm manually and see if it properly loads mdpp setting
319 RUNNER_TEST(TCC_0050_manualCkmDisabled)
321 restart_ckm(DISABLED);
325 read_keys(CKM_API_ERROR_BAD_REQUEST);
328 // run ckm manually and see if it properly loads mdpp setting
329 RUNNER_TEST(TCC_0060_manualCkmEnabled)
331 restart_ckm(ENABLED);
335 read_keys(CKM_API_ERROR_BAD_REQUEST);
338 // run ckm manually and see if it properly loads mdpp setting
339 RUNNER_TEST(TCC_0070_manualCkmEnforcing)
341 restart_ckm(ENFORCING);
345 read_keys(CKM_API_ERROR_BAD_REQUEST);
348 // run ckm manually and see if it properly loads mdpp setting
349 RUNNER_TEST(TCC_0075_manualCkmReady)
355 read_keys(CKM_API_SUCCESS);
358 // run ckm manually and see if it properly loads mdpp setting
359 RUNNER_TEST(TCC_0080_manualCkmWhatever)
361 restart_ckm("whatever");
365 read_keys(CKM_API_SUCCESS);
368 // run ckm manually and see if it properly loads mdpp setting
369 RUNNER_TEST(TCC_0090_manualCkmUnset)
375 read_keys(CKM_API_SUCCESS);
378 // make sure listener won't activate ckm to update mdpp
379 RUNNER_TEST(TCC_0100_listenerDoesntStartCkm)
381 stop_service(MANAGER);
382 stop_service(LISTENER);
387 start_service(LISTENER);
389 usleep(1000*1000); // by that time ckm would be already started
391 int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
392 RUNNER_ASSERT_MSG(-1 != lock, "Error in opening lock file. Errno: " << strerror(errno));
394 int ret = lockf(lock, F_TEST, 0);
396 RUNNER_ASSERT_MSG(ret == 0, "CKM lock is occupied. CKM seems to be running.");
399 RUNNER_TEST(TCC_9999_deinit)