2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
22 #include <sys/types.h>
30 #include <vconf/vconf.h>
32 #include <dpl/test/test_runner.h>
33 #include <tests_common.h>
34 #include <dbus_access.h>
36 #include <ckm/ckm-manager.h>
37 #include <ckm/ckm-control.h>
42 #ifndef VCONFKEY_SECURITY_MDPP_STATE
43 #define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
48 const useconds_t SLEEP = 100*1000;
50 const size_t MAX_RETRIES = 50;
52 const char* const ENABLED = "Enabled";
53 const char* const ENFORCING = "Enforcing";
54 const char* const DISABLED = "Disabled";
56 const char* const CKM_LOCK = "/var/run/key-manager.pid";
57 const char* SERVICE[] = {
58 "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2dlistener_2eservice",
59 "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2eservice" };
67 int _unset_mdpp_key = vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
69 // Wrapper for mdpp state that restores the original value upon destruction
77 void set(const char* const value);
83 MdppState::MdppState()
85 m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
88 MdppState::~MdppState()
91 vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
93 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
98 void MdppState::set(const char* const value)
101 RUNNER_ASSERT_MSG(0 == vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value),
102 "vconf_set() failed");
104 vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
107 void start_service(ServiceIdx idx)
109 DBusAccess dbus(SERVICE[idx]);
113 void stop_service(ServiceIdx idx)
115 DBusAccess dbus(SERVICE[idx]);
119 void remove_user_data()
121 auto control = Control::create();
122 int ret = control->removeUserData(0);
123 RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS,
124 "Remove user data failed with error: " << ErrorToString(ret));
127 Alias rsa_pri_alias("rsa-private-T2002");
128 Alias rsa_pub_alias("rsa-public-T2002");
129 Alias ecdsa_pri_alias("ecdsa-private-T2002");
130 Alias ecdsa_pub_alias("ecdsa-public-T2002");
135 auto manager = Manager::create();
138 CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
142 Policy(Password(), true),
143 Policy(Password(), true))),
144 "Error=" << ErrorToString(temp));
147 CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
148 ElipticCurve::prime192v1,
151 Policy(Password(), true),
152 Policy(Password(), true))),
153 "Error=" << ErrorToString(temp));
156 void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
160 expected == (temp = manager->getKey(alias, Password(), key)),
161 "Expected: " << expected << "/" << ErrorToString(expected) << " got: " << temp << "/" <<
162 ErrorToString(temp));
165 void read_keys(int expected)
167 auto manager = Manager::create();
169 read_key(manager, rsa_pri_alias, expected);
170 read_key(manager, ecdsa_pri_alias, expected);
173 void update_cc_mode()
175 auto control = Control::create();
177 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()),
178 "Error=" << ErrorToString(ret));
181 void restart_ckm(const char* const mdpp_setting)
183 stop_service(MANAGER);
185 mdpp.set(mdpp_setting);
186 start_service(MANAGER);
189 } // namespace anonymous
191 RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
193 RUNNER_TEST(TCC_0000_init)
198 auto control = Control::create();
200 CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t200-special-password")),
201 "Error=" << ErrorToString(tmp));
204 // updatedCCMode should succeed regardless of mdpp setting
205 RUNNER_TEST(TCC_0010_updateCCMode)
221 mdpp.set("whatever");
225 // tests without listener (ckm only)
226 RUNNER_TEST(TCC_0020_noListener)
228 stop_service(LISTENER);
236 read_keys(CKM_API_SUCCESS);
240 // MJK, it's counter-intuitive: Disabled does not mean
241 // that CC mode is disabled, but that device
242 // self-test failed "device DISABLED"
243 read_keys(CKM_API_ERROR_BAD_REQUEST);
245 mdpp.set("whatever");
247 read_keys(CKM_API_SUCCESS);
251 read_keys(CKM_API_ERROR_BAD_REQUEST);
255 read_keys(CKM_API_ERROR_BAD_REQUEST);
257 mdpp.set("whatever");
259 read_keys(CKM_API_SUCCESS);
263 read_keys(CKM_API_ERROR_BAD_REQUEST);
266 // when listener is started with mdpp key unset it should not update mdpp status in ckm
267 RUNNER_TEST(TCC_0030_noCallbackRegistered)
269 // restart listener without vconf callback
270 stop_service(LISTENER);
275 start_service(LISTENER);
279 read_keys(CKM_API_SUCCESS);
282 usleep(SLEEP); // give some time for notification to reach ckm
284 read_keys(CKM_API_SUCCESS);
287 // when listener is started with mdpp key set it should update mdpp status in ckm
288 RUNNER_TEST(TCC_0040_callbackRegistered)
290 // restart listener with vconf callback
291 stop_service(LISTENER);
295 start_service(LISTENER);
299 read_keys(CKM_API_ERROR_BAD_REQUEST);
301 mdpp.set("whatever");
302 usleep(SLEEP); // give some time for notification to reach ckm
303 read_keys(CKM_API_SUCCESS);
306 usleep(SLEEP); // give some time for notification to reach ckm
307 read_keys(CKM_API_ERROR_BAD_REQUEST);
310 usleep(SLEEP); // give some time for notification to reach ckm
311 read_keys(CKM_API_ERROR_BAD_REQUEST);
314 usleep(SLEEP); // give some time for notification to reach ckm
315 read_keys(CKM_API_ERROR_BAD_REQUEST);
318 usleep(SLEEP); // give some time for notification to reach ckm
319 read_keys(CKM_API_SUCCESS);
322 // run ckm manually and see if it properly loads mdpp setting
323 RUNNER_TEST(TCC_0050_manualCkmDisabled)
325 restart_ckm(DISABLED);
329 read_keys(CKM_API_ERROR_BAD_REQUEST);
332 // run ckm manually and see if it properly loads mdpp setting
333 RUNNER_TEST(TCC_0060_manualCkmEnabled)
335 restart_ckm(ENABLED);
339 read_keys(CKM_API_ERROR_BAD_REQUEST);
342 // run ckm manually and see if it properly loads mdpp setting
343 RUNNER_TEST(TCC_0070_manualCkmEnforcing)
345 restart_ckm(ENFORCING);
349 read_keys(CKM_API_ERROR_BAD_REQUEST);
352 // run ckm manually and see if it properly loads mdpp setting
353 RUNNER_TEST(TCC_0080_manualCkmWhatever)
355 restart_ckm("whatever");
359 read_keys(CKM_API_SUCCESS);
362 // run ckm manually and see if it properly loads mdpp setting
363 RUNNER_TEST(TCC_0090_manualCkmUnset)
369 read_keys(CKM_API_SUCCESS);
372 // make sure listener won't activate ckm to update mdpp
373 RUNNER_TEST(TCC_0100_listenerDoesntStartCkm)
375 stop_service(MANAGER);
376 stop_service(LISTENER);
381 start_service(LISTENER);
383 usleep(1000*1000); // by that time ckm would be already started
385 int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
386 RUNNER_ASSERT_MSG(-1 != lock, "Error in opening lock file. Errno: " << strerror(errno));
388 int ret = lockf(lock, F_TEST, 0);
390 RUNNER_ASSERT_MSG(ret == 0, "CKM lock is occupied. CKM seems to be running.");
393 RUNNER_TEST(TCC_9999_deinit)
398 auto control = Control::create();
400 CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
401 "Error=" << ErrorToString(tmp));