2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
22 #include <sys/types.h>
30 #include <vconf/vconf.h>
32 #include <dpl/test/test_runner.h>
33 #include <tests_common.h>
34 #include <ckm-common.h>
35 #include <ckm/ckm-manager.h>
36 #include <ckm/ckm-control.h>
41 #ifndef VCONFKEY_SECURITY_MDPP_STATE
42 #define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
47 const useconds_t SLEEP = 100*1000;
49 const size_t MAX_RETRIES = 50;
51 const char* const ENABLED = "Enabled";
52 const char* const ENFORCING = "Enforcing";
53 const char* const DISABLED = "Disabled";
54 const char* const READY = "Ready";
55 const char* const UNSET = "Unset"; // Meaningless value for unset.
57 const char* const CKM_LOCK = "/var/run/key-manager.pid";
62 * k.tak: To unset vconf key on runtime is deprecated by vconf key policy.
63 * To make new vconf key on runtime is deprecated by vconf key policy.
64 * vconf key should be installed in package install time.
66 int _unset_mdpp_key = vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
68 // Wrapper for mdpp state that restores the original value upon destruction
76 void set(const char* const value);
82 MdppState::MdppState()
84 m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
87 MdppState::~MdppState()
90 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
92 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
97 void MdppState::set(const char* const value)
100 RUNNER_ASSERT_MSG(0 == vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value),
101 "vconf_set() failed");
103 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
106 void remove_user_data()
108 auto control = Control::create();
109 int ret = control->removeUserData(0);
110 RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS,
111 "Remove user data failed with error: " << ErrorToString(ret));
114 Alias rsa_pri_alias("rsa-private-T2002");
115 Alias rsa_pub_alias("rsa-public-T2002");
116 Alias ecdsa_pri_alias("ecdsa-private-T2002");
117 Alias ecdsa_pub_alias("ecdsa-public-T2002");
122 auto manager = Manager::create();
125 CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
129 Policy(Password(), true),
130 Policy(Password(), true))),
131 "Error=" << ErrorToString(temp));
134 CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
135 ElipticCurve::prime192v1,
138 Policy(Password(), true),
139 Policy(Password(), true))),
140 "Error=" << ErrorToString(temp));
143 void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
147 expected == (temp = manager->getKey(alias, Password(), key)),
148 "Expected: " << expected << "/" << ErrorToString(expected) << " got: " << temp << "/" <<
149 ErrorToString(temp));
152 void read_keys(int expected)
154 // if mdpp is disabled at compilation time we expect that read_key always succeeds
155 #ifndef DSECURITY_MDFPP_STATE_ENABLE
156 expected = CKM_API_SUCCESS;
158 auto manager = Manager::create();
160 read_key(manager, rsa_pri_alias, expected);
161 read_key(manager, ecdsa_pri_alias, expected);
164 void update_cc_mode()
166 auto control = Control::create();
168 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()),
169 "Error=" << ErrorToString(ret));
172 void restart_ckm(const char* const mdpp_setting)
174 stop_service(MANAGER);
176 mdpp.set(mdpp_setting);
177 start_service(MANAGER);
180 } // namespace anonymous
182 RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
184 RUNNER_TEST(TCC_0000_init)
189 auto control = Control::create();
191 CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t200-special-password")),
192 "Error=" << ErrorToString(tmp));
195 // updatedCCMode should succeed regardless of mdpp setting
196 RUNNER_TEST(TCC_0010_updateCCMode)
215 mdpp.set("whatever");
219 // tests without listener (ckm only)
220 RUNNER_TEST(TCC_0020_noListener)
222 stop_service(LISTENER);
230 read_keys(CKM_API_SUCCESS);
234 // MJK, it's counter-intuitive: Disabled does not mean
235 // that CC mode is disabled, but that device
236 // self-test failed "device DISABLED"
237 read_keys(CKM_API_ERROR_BAD_REQUEST);
239 mdpp.set("whatever");
241 read_keys(CKM_API_SUCCESS);
245 read_keys(CKM_API_ERROR_BAD_REQUEST);
249 read_keys(CKM_API_ERROR_BAD_REQUEST);
253 read_keys(CKM_API_SUCCESS);
255 mdpp.set("whatever");
257 read_keys(CKM_API_SUCCESS);
261 read_keys(CKM_API_ERROR_BAD_REQUEST);
264 // when listener is started with mdpp key unset it should not update mdpp status in ckm
265 RUNNER_TEST(TCC_0030_noCallbackRegistered)
267 // restart listener without vconf callback
268 stop_service(LISTENER);
273 start_service(LISTENER);
277 read_keys(CKM_API_SUCCESS);
280 usleep(SLEEP); // give some time for notification to reach ckm
282 read_keys(CKM_API_SUCCESS);
285 // when listener is started with mdpp key set it should update mdpp status in ckm
286 RUNNER_TEST(TCC_0040_callbackRegistered)
288 // restart listener with vconf callback
289 stop_service(LISTENER);
293 start_service(LISTENER);
297 read_keys(CKM_API_ERROR_BAD_REQUEST);
299 mdpp.set("whatever");
300 usleep(SLEEP); // give some time for notification to reach ckm
301 read_keys(CKM_API_SUCCESS);
304 usleep(SLEEP); // give some time for notification to reach ckm
305 read_keys(CKM_API_ERROR_BAD_REQUEST);
308 usleep(SLEEP); // give some time for notification to reach ckm
309 read_keys(CKM_API_ERROR_BAD_REQUEST);
312 usleep(SLEEP); // give some time for notification to reach ckm
313 read_keys(CKM_API_SUCCESS);
316 usleep(SLEEP); // give some time for notification to reach ckm
317 read_keys(CKM_API_ERROR_BAD_REQUEST);
320 usleep(SLEEP); // give some time for notification to reach ckm
321 read_keys(CKM_API_SUCCESS);
324 // run ckm manually and see if it properly loads mdpp setting
325 RUNNER_TEST(TCC_0050_manualCkmDisabled)
327 restart_ckm(DISABLED);
331 read_keys(CKM_API_ERROR_BAD_REQUEST);
334 // run ckm manually and see if it properly loads mdpp setting
335 RUNNER_TEST(TCC_0060_manualCkmEnabled)
337 restart_ckm(ENABLED);
341 read_keys(CKM_API_ERROR_BAD_REQUEST);
344 // run ckm manually and see if it properly loads mdpp setting
345 RUNNER_TEST(TCC_0070_manualCkmEnforcing)
347 restart_ckm(ENFORCING);
351 read_keys(CKM_API_ERROR_BAD_REQUEST);
354 // run ckm manually and see if it properly loads mdpp setting
355 RUNNER_TEST(TCC_0075_manualCkmReady)
361 read_keys(CKM_API_SUCCESS);
364 // run ckm manually and see if it properly loads mdpp setting
365 RUNNER_TEST(TCC_0080_manualCkmWhatever)
367 restart_ckm("whatever");
371 read_keys(CKM_API_SUCCESS);
374 // run ckm manually and see if it properly loads mdpp setting
375 RUNNER_TEST(TCC_0090_manualCkmUnset)
381 read_keys(CKM_API_SUCCESS);
384 // make sure listener won't activate ckm to update mdpp
385 RUNNER_TEST(TCC_0100_listenerDoesntStartCkm)
387 stop_service(MANAGER);
388 stop_service(LISTENER);
393 start_service(LISTENER);
395 usleep(1000*1000); // by that time ckm would be already started
397 int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
398 RUNNER_ASSERT_MSG(-1 != lock, "Error in opening lock file. Errno: " << strerror(errno));
400 int ret = lockf(lock, F_TEST, 0);
402 RUNNER_ASSERT_MSG(ret == 0, "CKM lock is occupied. CKM seems to be running.");
405 RUNNER_TEST(TCC_9999_deinit)
410 auto control = Control::create();
412 CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
413 "Error=" << ErrorToString(tmp));