2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
22 #include <sys/types.h>
30 #include <vconf/vconf.h>
32 #include <dpl/test/test_runner.h>
33 #include <tests_common.h>
34 #include <ckm-common.h>
35 #include <ckm/ckm-manager.h>
36 #include <ckm/ckm-control.h>
41 #ifndef VCONFKEY_SECURITY_MDPP_STATE
42 #define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
47 const useconds_t SLEEP = 100*1000;
49 const size_t MAX_RETRIES = 50;
51 const char* const ENABLED = "Enabled";
52 const char* const ENFORCING = "Enforcing";
53 const char* const DISABLED = "Disabled";
55 const char* const CKM_LOCK = "/var/run/key-manager.pid";
59 int _unset_mdpp_key = vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
61 // Wrapper for mdpp state that restores the original value upon destruction
69 void set(const char* const value);
75 MdppState::MdppState()
77 m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
80 MdppState::~MdppState()
83 vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
85 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
90 void MdppState::set(const char* const value)
93 RUNNER_ASSERT_MSG(0 == vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value),
94 "vconf_set() failed");
96 vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
99 void remove_user_data()
101 auto control = Control::create();
102 int ret = control->removeUserData(0);
103 RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS,
104 "Remove user data failed with error: " << ErrorToString(ret));
107 Alias rsa_pri_alias("rsa-private-T2002");
108 Alias rsa_pub_alias("rsa-public-T2002");
109 Alias ecdsa_pri_alias("ecdsa-private-T2002");
110 Alias ecdsa_pub_alias("ecdsa-public-T2002");
115 auto manager = Manager::create();
118 CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
122 Policy(Password(), true),
123 Policy(Password(), true))),
124 "Error=" << ErrorToString(temp));
127 CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
128 ElipticCurve::prime192v1,
131 Policy(Password(), true),
132 Policy(Password(), true))),
133 "Error=" << ErrorToString(temp));
136 void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
140 expected == (temp = manager->getKey(alias, Password(), key)),
141 "Expected: " << expected << "/" << ErrorToString(expected) << " got: " << temp << "/" <<
142 ErrorToString(temp));
145 void read_keys(int expected)
147 auto manager = Manager::create();
149 read_key(manager, rsa_pri_alias, expected);
150 read_key(manager, ecdsa_pri_alias, expected);
153 void update_cc_mode()
155 auto control = Control::create();
157 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()),
158 "Error=" << ErrorToString(ret));
161 void restart_ckm(const char* const mdpp_setting)
163 stop_service(MANAGER);
165 mdpp.set(mdpp_setting);
166 start_service(MANAGER);
169 } // namespace anonymous
171 RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
173 RUNNER_TEST(TCC_0000_init)
178 auto control = Control::create();
180 CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t200-special-password")),
181 "Error=" << ErrorToString(tmp));
184 // updatedCCMode should succeed regardless of mdpp setting
185 RUNNER_TEST(TCC_0010_updateCCMode)
201 mdpp.set("whatever");
205 // tests without listener (ckm only)
206 RUNNER_TEST(TCC_0020_noListener)
208 stop_service(LISTENER);
216 read_keys(CKM_API_SUCCESS);
220 // MJK, it's counter-intuitive: Disabled does not mean
221 // that CC mode is disabled, but that device
222 // self-test failed "device DISABLED"
223 read_keys(CKM_API_ERROR_BAD_REQUEST);
225 mdpp.set("whatever");
227 read_keys(CKM_API_SUCCESS);
231 read_keys(CKM_API_ERROR_BAD_REQUEST);
235 read_keys(CKM_API_ERROR_BAD_REQUEST);
237 mdpp.set("whatever");
239 read_keys(CKM_API_SUCCESS);
243 read_keys(CKM_API_ERROR_BAD_REQUEST);
246 // when listener is started with mdpp key unset it should not update mdpp status in ckm
247 RUNNER_TEST(TCC_0030_noCallbackRegistered)
249 // restart listener without vconf callback
250 stop_service(LISTENER);
255 start_service(LISTENER);
259 read_keys(CKM_API_SUCCESS);
262 usleep(SLEEP); // give some time for notification to reach ckm
264 read_keys(CKM_API_SUCCESS);
267 // when listener is started with mdpp key set it should update mdpp status in ckm
268 RUNNER_TEST(TCC_0040_callbackRegistered)
270 // restart listener with vconf callback
271 stop_service(LISTENER);
275 start_service(LISTENER);
279 read_keys(CKM_API_ERROR_BAD_REQUEST);
281 mdpp.set("whatever");
282 usleep(SLEEP); // give some time for notification to reach ckm
283 read_keys(CKM_API_SUCCESS);
286 usleep(SLEEP); // give some time for notification to reach ckm
287 read_keys(CKM_API_ERROR_BAD_REQUEST);
290 usleep(SLEEP); // give some time for notification to reach ckm
291 read_keys(CKM_API_ERROR_BAD_REQUEST);
294 usleep(SLEEP); // give some time for notification to reach ckm
295 read_keys(CKM_API_ERROR_BAD_REQUEST);
298 usleep(SLEEP); // give some time for notification to reach ckm
299 read_keys(CKM_API_SUCCESS);
302 // run ckm manually and see if it properly loads mdpp setting
303 RUNNER_TEST(TCC_0050_manualCkmDisabled)
305 restart_ckm(DISABLED);
309 read_keys(CKM_API_ERROR_BAD_REQUEST);
312 // run ckm manually and see if it properly loads mdpp setting
313 RUNNER_TEST(TCC_0060_manualCkmEnabled)
315 restart_ckm(ENABLED);
319 read_keys(CKM_API_ERROR_BAD_REQUEST);
322 // run ckm manually and see if it properly loads mdpp setting
323 RUNNER_TEST(TCC_0070_manualCkmEnforcing)
325 restart_ckm(ENFORCING);
329 read_keys(CKM_API_ERROR_BAD_REQUEST);
332 // run ckm manually and see if it properly loads mdpp setting
333 RUNNER_TEST(TCC_0080_manualCkmWhatever)
335 restart_ckm("whatever");
339 read_keys(CKM_API_SUCCESS);
342 // run ckm manually and see if it properly loads mdpp setting
343 RUNNER_TEST(TCC_0090_manualCkmUnset)
349 read_keys(CKM_API_SUCCESS);
352 // make sure listener won't activate ckm to update mdpp
353 RUNNER_TEST(TCC_0100_listenerDoesntStartCkm)
355 stop_service(MANAGER);
356 stop_service(LISTENER);
361 start_service(LISTENER);
363 usleep(1000*1000); // by that time ckm would be already started
365 int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
366 RUNNER_ASSERT_MSG(-1 != lock, "Error in opening lock file. Errno: " << strerror(errno));
368 int ret = lockf(lock, F_TEST, 0);
370 RUNNER_ASSERT_MSG(ret == 0, "CKM lock is occupied. CKM seems to be running.");
373 RUNNER_TEST(TCC_9999_deinit)
378 auto control = Control::create();
380 CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
381 "Error=" << ErrorToString(tmp));