projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'tizen' into ckm
[platform/core/test/security-tests.git] / src / ckm / privileged / initial-values.cpp
1 /*
2  *  Copyright (c) 2000 - 2015 Samsung Electronics Co.
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License
15  *
16  * @file       system-db.cpp
17  * @author     Maciej Karpiuk (m.karpiuk2@samsung.com)
18  * @version    1.0
19  */
20 #include <dpl/test/test_runner.h>
21 #include <dpl/test/test_runner_child.h>
22 #include <tests_common.h>
23 #include <ckm-common.h>
24 #include <ckm-privileged-common.h>
25 #include <ckm/ckm-control.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <access_provider2.h>
28 #include <fstream>
29 #include <ios>
30 #include <unistd.h>
31
32 namespace
33 {
34 const uid_t USER_APP            = 5070;
35 const uid_t GROUP_APP           = 5070;
36 const char* APP_PASS            = "user-pass";
37
38 const char *XML_DEVICE_KEY              = "device_key.xml";
39
40 const char *XML_1_okay                  = "XML_1_okay.xml";
41 std::string XML_1_EXPECTED_KEY_1_RSA    = aliasWithLabel(ckmc_owner_id_system, "test-key1");
42 std::string XML_1_EXPECTED_KEY_1_PASSWD = "123";
43 std::string XML_1_EXPECTED_KEY_2_RSA    = aliasWithLabel(ckmc_owner_id_system, "test-key2");
44 // uncomment when AES is supported (+ usage in the tests)
45 std::string XML_1_EXPECTED_KEY_3_AES    = aliasWithLabel(ckmc_owner_id_system, "test-aes1");
46 std::string XML_1_EXPECTED_CERT_1       = aliasWithLabel(ckmc_owner_id_system, "test-cert1");
47 std::string XML_1_EXPECTED_DATA_1       = aliasWithLabel(ckmc_owner_id_system, "test-data1");
48 const char *XML_1_EXPECTED_DATA_1_DATA  = "My secret data";
49 // encrypted
50 std::string XML_1_EXPECTED_KEY_3_RSA_PRV    = aliasWithLabel(ckmc_owner_id_system, "test-encryption-prv");
51 std::string XML_1_EXPECTED_KEY_3_RSA_PUB    = aliasWithLabel(ckmc_owner_id_system, "test-encryption-pub");
52 std::string XML_1_EXPECTED_ASCII_DATA       = aliasWithLabel(ckmc_owner_id_system, "test-ascii-data-encryption");
53 std::string XML_1_EXPECTED_BIG_DATA         = aliasWithLabel(ckmc_owner_id_system, "test-binary-data-encryption");
54
55 const char *XML_2_okay                  = "XML_2_okay.xml";
56 std::string XML_2_EXPECTED_KEY_1_RSA    = aliasWithLabel(ckmc_owner_id_system, "test2-key1");
57 std::string XML_2_EXPECTED_KEY_2_RSA    = aliasWithLabel(ckmc_owner_id_system, "test2-key2");
58 // uncomment when AES is supported
59 std::string XML_2_EXPECTED_KEY_3_AES    = aliasWithLabel(ckmc_owner_id_system, "test2-aes1");
60 std::string XML_2_EXPECTED_CERT_1       = aliasWithLabel(ckmc_owner_id_system, "test2-cert1");
61 std::string XML_2_EXPECTED_DATA_1       = aliasWithLabel(ckmc_owner_id_system, "test2-data1");
62 const char *XML_2_EXPECTED_DATA_1_DATA  = "My secret data";
63
64 const char *XML_3_wrong                 = "XML_3_wrong.xml";
65 std::string XML_3_EXPECTED_KEY_1_RSA    = aliasWithLabel(ckmc_owner_id_system, "test3-key1");
66 std::string XML_3_EXPECTED_KEY_2_RSA    = aliasWithLabel(ckmc_owner_id_system, "test3-key2");
67 // uncomment when AES is supported
68 std::string XML_3_EXPECTED_CERT_1       = aliasWithLabel(ckmc_owner_id_system, "test3-cert1");
69 std::string XML_3_EXPECTED_DATA_1       = aliasWithLabel(ckmc_owner_id_system, "test3-data1");
70
71 std::string format_src_path(const char *file)
72 {
73     return std::string(CKM_TEST_DIR) + std::string(file);
74 }
75
76 std::string format_dest_key_path(const char *file)
77 {
78     return std::string(CKM_RW_DATA_DIR) + std::string(file);
79 }
80
81 std::string format_dest_path(const char *file)
82 {
83     return std::string(CKM_RW_DATA_DIR) + std::string( "/initial_values/") + std::string(file);
84 }
85
86 void copy_file(const std::string &from, const std::string &to)
87 {
88     std::ifstream infile(from, std::ios_base::binary);
89     RUNNER_ASSERT_MSG(infile, "Input file " << from << " does not exist.");
90     std::ofstream outfile(to, std::ios_base::binary);
91     RUNNER_ASSERT_MSG(outfile, "Output file " << to << " does not exist. Reinstall key-manager.");
92     outfile << infile.rdbuf();
93 }
94
95 void restart_key_manager()
96 {
97     stop_service(MANAGER);
98     start_service(MANAGER);
99 }
100
101 void test_exists(const std::string& name, bool expected) {
102     bool file_exists = (access( name.c_str(), F_OK ) != -1);
103     RUNNER_ASSERT_MSG(file_exists == expected,
104                       "File " << name << " status: " << file_exists <<
105                       " while expected: " << expected);
106 }
107
108 }
109
110
111 RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
112
113 RUNNER_TEST(T6001_init)
114 {
115     // [prepare]
116     // remove database 0
117     // copy to the initial-values folder
118     // check XML file exists
119     // restart the key-manager
120     // check XML file doesn't exist
121
122     copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
123     copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
124     copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
125     copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
126
127     test_exists(format_dest_path(XML_1_okay), true);
128     test_exists(format_dest_path(XML_2_okay), true);
129     test_exists(format_dest_path(XML_3_wrong), true);
130
131     restart_key_manager();
132
133     test_exists(format_dest_path(XML_1_okay), false);
134     test_exists(format_dest_path(XML_2_okay), false);
135     test_exists(format_dest_path(XML_3_wrong), false);
136 }
137
138 RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP)
139 {
140     // [test1]
141     // check items existence as system service
142     // [test2]
143     // check items existence as TEST_LABEL
144     // [test3]
145     // check items existence as TEST_LABEL_2
146
147     // [test1]
148     {
149         check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
150         check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
151         check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
152         check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
153         check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
154     }
155
156     // [test2]
157     {
158         ScopedDBUnlock unlock(USER_APP, APP_PASS);
159         ScopedAccessProvider ap(TEST_LABEL);
160         ap.applyAndSwithToUser(USER_APP, GROUP_APP);
161
162         check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
163         check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
164         check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
165         check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str());
166         check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
167     }
168
169     // [test3]
170     {
171         ScopedDBUnlock unlock(USER_APP, APP_PASS);
172         ScopedAccessProvider ap(TEST_LABEL_2);
173         ap.applyAndSwithToUser(USER_APP, GROUP_APP);
174
175         check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
176         check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
177         check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
178         check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
179         check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
180     }
181 }
182
183 RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP)
184 {
185     // [test]
186     // check items existence as system service
187     check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
188     check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
189     check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
190     check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
191     check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
192     check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
193     check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
194     check_cert_allowed(XML_2_EXPECTED_CERT_1.c_str());
195     check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
196     check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA);
197 }
198
199 RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP)
200 {
201     // [test]
202     // check items existence as system service - nothing should be available
203     check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
204     check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
205     check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
206     check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
207 }
208
209 RUNNER_TEST(T6040_CHECK_KEYS_VALID)
210 {
211     // [test]
212     // check if key can create & verify signature
213     ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
214     ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
215     ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
216     ckmc_raw_buffer_s *signature = NULL;
217     int temp;
218     RUNNER_ASSERT_MSG(
219             CKMC_ERROR_NONE == (temp = ckmc_create_signature(
220                     XML_1_EXPECTED_KEY_2_RSA.c_str(),
221                     NULL,
222                     msg_buff,
223                     hash_algo,
224                     pad_algo,
225                     &signature)),
226             CKMCReadableError(temp));
227
228     // invalid password
229     RUNNER_ASSERT_MSG(
230             CKMC_ERROR_AUTHENTICATION_FAILED == (temp = ckmc_verify_signature(
231                         XML_1_EXPECTED_KEY_1_RSA.c_str(),
232                         NULL,
233                         msg_buff,
234                         *signature,
235                         hash_algo,
236                         pad_algo)),
237                 CKMCReadableError(temp));
238
239     // correct password
240     RUNNER_ASSERT_MSG(
241             CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
242                     XML_1_EXPECTED_KEY_1_RSA.c_str(),
243                     XML_1_EXPECTED_KEY_1_PASSWD.c_str(),
244                     msg_buff,
245                     *signature,
246                     hash_algo,
247                     pad_algo)),
248             CKMCReadableError(temp));
249
250     ckmc_buffer_free(signature);
251 }
252
253 RUNNER_TEST(T6050_ENCRYPTED_KEY)
254 {
255     // [prepare]
256     // to encrypt using RSA OAEP:  openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
257     // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
258     // [test0]
259     // check if encrypted private key is present
260     // check if public key is present
261     // [test1]
262     // extract the private, encrypted key
263     // extract the public key
264     // create signature using the public key
265     // verify signature using the decrypted private key
266
267     // [test0]
268     check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), CKMC_KEY_RSA_PRIVATE);
269     check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), CKMC_KEY_RSA_PUBLIC);
270
271
272     ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
273     ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
274     ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
275     ckmc_raw_buffer_s *signature = NULL;
276     int temp;
277     RUNNER_ASSERT_MSG(
278             CKMC_ERROR_NONE == (temp = ckmc_create_signature(
279                     XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(),
280                     NULL,
281                     msg_buff,
282                     hash_algo,
283                     pad_algo,
284                     &signature)),
285             CKMCReadableError(temp));
286
287     // invalid password
288     RUNNER_ASSERT_MSG(
289             CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
290                         XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(),
291                         NULL,
292                         msg_buff,
293                         *signature,
294                         hash_algo,
295                         pad_algo)),
296                 CKMCReadableError(temp));
297
298     ckmc_buffer_free(signature);
299 }
300
301 RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA)
302 {
303     // [prepare]
304     // to encrypt using RSA OAEP:  openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
305     // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
306     // [test0]
307     // extract data
308     // check if data matches the expected size and content
309
310     // [test0]
311     ckmc_raw_buffer_s *testData1;
312     int temp;
313     RUNNER_ASSERT_MSG(
314             CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_ASCII_DATA.c_str(), NULL, &testData1)),
315             CKMCReadableError(temp));
316     size_t expected_len = 15;
317     RUNNER_ASSERT_MSG(expected_len /* src/ckm/keys/EIV/ascii_data */ == testData1->size, "invalid data size");
318     RUNNER_ASSERT_MSG(memcmp(reinterpret_cast<char*>(testData1->data), "My secret data\n", expected_len) == 0, "invalid data contents");
319     ckmc_buffer_free(testData1);
320 }
321
322 RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA)
323 {
324     // [prepare]
325     // to encrypt using RSA OAEP:  openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
326     // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
327     // [test0]
328     // extract data
329     // check if data matches the expected size
330
331     // [test0]
332     ckmc_raw_buffer_s *testData1;
333     int temp;
334     RUNNER_ASSERT_MSG(
335             CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_BIG_DATA.c_str(), NULL, &testData1)),
336             CKMCReadableError(temp));
337     RUNNER_ASSERT_MSG(5918 /* src/ckm/keys/EIV/code.png */ == testData1->size, "invalid data size");
338     ckmc_buffer_free(testData1);
339 }
340
341 RUNNER_TEST(T6999_deinit)
342 {
343     remove_user_data(0);
344 }
Domain: Security / Uncategorized;