2 * Copyright (c) 2015 - 2019 Samsung Electronics Co.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
21 #include <dpl/test/test_runner.h>
22 #include <dpl/test/test_runner_child.h>
23 #include <tests_common.h>
24 #include <ckm-common.h>
25 #include <ckm-privileged-common.h>
26 #include <ckm/ckm-control.h>
27 #include <ckm/ckm-manager.h>
28 #include <ckmc/ckmc-manager.h>
29 #include <access_provider2.h>
36 const uid_t USER_APP = 5070;
37 const uid_t GROUP_APP = 5070;
38 const char* APP_PASS = "user-pass";
40 const char *XML_1_okay = "XML_1_okay.xml";
41 std::string XML_1_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key1");
42 std::string XML_1_EXPECTED_KEY_1_PASSWD = "123";
43 std::string XML_1_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key2");
44 // uncomment when AES is supported (+ usage in the tests)
45 std::string XML_1_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test-aes1");
46 std::string XML_1_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test-cert1");
47 std::string XML_1_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test-data1");
48 const char *XML_1_EXPECTED_DATA_1_DATA = "My secret data";
50 const char *XML_2_okay = "XML_2_okay.xml";
51 std::string XML_2_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key1");
52 std::string XML_2_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key2");
53 // uncomment when AES is supported
54 std::string XML_2_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test2-aes1");
55 std::string XML_2_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test2-cert1");
56 std::string XML_2_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test2-data1");
57 const char *XML_2_EXPECTED_DATA_1_DATA = "My secret data";
59 const char *XML_3_wrong = "XML_3_wrong.xml";
60 std::string XML_3_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key1");
61 std::string XML_3_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key2");
62 // uncomment when AES is supported
63 std::string XML_3_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test3-cert1");
64 std::string XML_3_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test3-data1");
66 std::string format_src_path(const char *file)
68 return std::string(CKM_TEST_DIR) + std::string(file);
71 std::string format_dest_path(const char *file)
73 return std::string(CKM_RW_DATA_DIR) + std::string( "/initial_values/") + std::string(file);
76 void copy_file(const std::string &from, const std::string &to)
78 std::ifstream infile(from, std::ios_base::binary);
79 RUNNER_ASSERT_MSG(infile, "Input file " << from << " does not exist.");
80 std::ofstream outfile(to, std::ios_base::binary);
81 RUNNER_ASSERT_MSG(outfile, "Output file " << to << " does not exist. Reinstall key-manager.");
82 outfile << infile.rdbuf();
85 void restart_key_manager()
87 stop_service(MANAGER);
88 start_service(MANAGER);
91 void test_exists(const std::string& name, bool expected) {
92 bool file_exists = (access( name.c_str(), F_OK ) != -1);
93 RUNNER_ASSERT_MSG(file_exists == expected,
94 "File " << name << " status: " << file_exists <<
95 " while expected: " << expected);
100 int hexToBin(char h) {
101 if (h >= '0' && h <= '9')
103 if (h >= 'a' && h <= 'f')
105 if (h >= 'A' && h <= 'F')
107 RUNNER_ASSERT_MSG(false, "Input out of scope");
110 CKM::RawBuffer hexToBin(std::string &hex) {
111 CKM::RawBuffer output;
112 output.resize(hex.size()/2);
113 for (size_t i=0; i<output.size(); ++i) {
114 output[i] = hexToBin(hex[i*2])*16 +
115 hexToBin(hex[i*2 + 1]);
120 RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
122 RUNNER_TEST(T6001_init)
126 // copy to the initial-values folder
127 // check XML file exists
128 // restart the key-manager
129 // check XML file doesn't exist
131 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
132 copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
133 copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
135 test_exists(format_dest_path(XML_1_okay), true);
136 test_exists(format_dest_path(XML_2_okay), true);
137 test_exists(format_dest_path(XML_3_wrong), true);
139 restart_key_manager();
141 test_exists(format_dest_path(XML_1_okay), false);
142 test_exists(format_dest_path(XML_2_okay), false);
143 test_exists(format_dest_path(XML_3_wrong), false);
146 RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP)
149 // check items existence as system service
151 // check items existence as TEST_LABEL
153 // check items existence as TEST_LABEL_2
157 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
158 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
159 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
160 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
161 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
166 ScopedDBUnlock unlock(USER_APP, APP_PASS);
167 ScopedAccessProvider ap(TEST_LABEL);
168 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
170 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
171 check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
172 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
173 check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str());
174 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
179 ScopedDBUnlock unlock(USER_APP, APP_PASS);
180 ScopedAccessProvider ap(TEST_LABEL_2);
181 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
183 check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
184 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
185 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
186 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
187 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
191 RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP)
194 // check items existence as system service
195 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
196 check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
197 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
198 check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
199 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
200 check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
201 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
202 check_cert_allowed(XML_2_EXPECTED_CERT_1.c_str());
203 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
204 check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA);
207 RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP)
210 // check items existence as system service - nothing should be available
211 check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
212 check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
213 check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
214 check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
217 RUNNER_TEST(T6040_CHECK_KEYS_VALID)
220 // check if key can create & verify signature
221 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
222 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
223 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
224 ckmc_raw_buffer_s *signature = NULL;
227 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
228 XML_1_EXPECTED_KEY_2_RSA.c_str(),
234 CKMCReadableError(temp));
238 CKMC_ERROR_AUTHENTICATION_FAILED == (temp = ckmc_verify_signature(
239 XML_1_EXPECTED_KEY_1_RSA.c_str(),
245 CKMCReadableError(temp));
249 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
250 XML_1_EXPECTED_KEY_1_RSA.c_str(),
251 XML_1_EXPECTED_KEY_1_PASSWD.c_str(),
256 CKMCReadableError(temp));
258 ckmc_buffer_free(signature);
261 RUNNER_TEST(T6999_deinit)
266 RUNNER_TEST_TZ_BACKEND(T7000_Encrypted_initial_values, RemoveDataEnv<0>)
269 std::string messageHex = EIV_ENCRYPTED_MESSAGE_HEX;
270 std::string iv = EIV_MESSAGE_ENCRYPTION_IV;
272 copy_file(format_src_path(EIV_TEST_XML_FILENAME), format_dest_path(EIV_TEST_XML_FILENAME));
273 restart_key_manager();
275 CKM::CryptoAlgorithm algo;
276 CKM::RawBuffer messageBin = hexToBin(messageHex);
277 CKM::RawBuffer ivBin(iv.begin(), iv.end());
278 CKM::RawBuffer decrypted;
280 algo.setParam(CKM::ParamName::ALGO_TYPE, CKM::AlgoType::AES_CBC);
281 algo.setParam(CKM::ParamName::ED_IV, ivBin);
283 auto mgr = CKM::Manager::create();
284 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = mgr->decrypt(algo, "/System TEI_0", CKM::Password(), messageBin, decrypted)), "Failed to decrypt " << CKM::APICodeToString(temp));
285 RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == EIV_PLAIN_MESSAGE, "Data does not match");
289 * - RW/RO location support (files removal, flag handling)
291 * - backend attribute support
292 * - independent tests
293 * - different formats (also encrypted)
294 * - complex tests using ckm-initial-values tool