2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
22 #include <sys/types.h>
30 #include <vconf/vconf.h>
32 #include <dpl/test/test_runner.h>
33 #include <tests_common.h>
34 #include <dbus_access.h>
36 #include <ckm/ckm-manager.h>
37 #include <ckm/ckm-control.h>
42 #ifndef VCONFKEY_SECURITY_MDPP_STATE
43 #define VCONFKEY_SECURITY_MDPP_STATE "file/security_mdpp/security_mdpp_state"
48 const useconds_t SLEEP = 100*1000;
50 const size_t MAX_RETRIES = 50;
52 const char* const ENABLED = "Enabled";
53 const char* const ENFORCING = "Enforcing";
54 const char* const DISABLED = "Disabled";
56 const char* const CKM_LOCK = "/var/run/key-manager.pid";
57 const char* SERVICE[] = {
58 "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2dlistener_2eservice",
59 "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2eservice" };
67 int _unset_mdpp_key = vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
69 // Wrapper for mdpp state that restores the original value upon destruction
77 void set(const char* const value);
83 MdppState::MdppState()
85 m_original = vconf_get_str(VCONFKEY_SECURITY_MDPP_STATE);
88 MdppState::~MdppState()
91 vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
93 vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, m_original);
98 void MdppState::set(const char* const value)
101 RUNNER_ASSERT_MSG(0 == vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, value),
102 "vconf_set() failed");
104 vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
107 void start_service(ServiceIdx idx)
109 DBusAccess dbus(SERVICE[idx]);
113 void stop_service(ServiceIdx idx)
115 DBusAccess dbus(SERVICE[idx]);
119 void remove_user_data()
121 auto control = Control::create();
122 int ret = control->removeUserData(0);
123 RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS,
124 "Remove user data failed with error: " << ErrorToString(ret));
127 Alias rsa_pri_alias("rsa-private-T2002");
128 Alias rsa_pub_alias("rsa-public-T2002");
129 Alias ecdsa_pri_alias("ecdsa-private-T2002");
130 Alias ecdsa_pub_alias("ecdsa-public-T2002");
135 auto manager = Manager::create();
138 CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
142 Policy(Password(), true),
143 Policy(Password(), true))),
144 "Error=" << ErrorToString(temp));
147 CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
148 ElipticCurve::prime192v1,
151 Policy(Password(), true),
152 Policy(Password(), true))),
153 "Error=" << ErrorToString(temp));
156 void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
160 expected == (temp = manager->getKey(alias, Password(), key)),
161 "Expected: " << expected << "/" << ErrorToString(expected) << " got: " << temp << "/" <<
162 ErrorToString(temp));
165 void read_keys(int expected)
167 auto manager = Manager::create();
169 read_key(manager, rsa_pri_alias, expected);
170 read_key(manager, ecdsa_pri_alias, expected);
173 void update_cc_mode()
175 auto control = Control::create();
177 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->updateCCMode()),
178 "Error=" << ErrorToString(ret));
181 void restart_ckm(const char* const mdpp_setting)
183 stop_service(MANAGER);
185 mdpp.set(mdpp_setting);
186 start_service(MANAGER);
189 } // namespace anonymous
191 RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
193 RUNNER_TEST(TCC_0000_init)
198 auto control = Control::create();
200 CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t200-special-password")),
201 "Error=" << ErrorToString(tmp));
204 // updatedCCMode should succeed regardless of mdpp setting
205 RUNNER_TEST(TCC_0010_updateCCMode)
221 mdpp.set("whatever");
225 // tests without listener (ckm only)
226 RUNNER_TEST(TCC_0020_noListener)
228 stop_service(LISTENER);
236 read_keys(CKM_API_SUCCESS);
240 read_keys(CKM_API_SUCCESS);
242 mdpp.set("whatever");
244 read_keys(CKM_API_SUCCESS);
248 read_keys(CKM_API_ERROR_BAD_REQUEST);
252 read_keys(CKM_API_ERROR_BAD_REQUEST);
256 read_keys(CKM_API_SUCCESS);
259 // when listener is started with mdpp key unset it should not update mdpp status in ckm
260 RUNNER_TEST(TCC_0030_noCallbackRegistered)
262 // restart listener without vconf callback
263 stop_service(LISTENER);
268 start_service(LISTENER);
272 read_keys(CKM_API_SUCCESS);
275 usleep(SLEEP); // give some time for notification to reach ckm
277 read_keys(CKM_API_SUCCESS);
280 // when listener is started with mdpp key set it should update mdpp status in ckm
281 RUNNER_TEST(TCC_0040_callbackRegistered)
283 // restart listener with vconf callback
284 stop_service(LISTENER);
288 start_service(LISTENER);
292 read_keys(CKM_API_SUCCESS);
294 mdpp.set("whatever");
295 usleep(SLEEP); // give some time for notification to reach ckm
296 read_keys(CKM_API_SUCCESS);
299 usleep(SLEEP); // give some time for notification to reach ckm
300 read_keys(CKM_API_ERROR_BAD_REQUEST);
303 usleep(SLEEP); // give some time for notification to reach ckm
304 read_keys(CKM_API_SUCCESS);
307 usleep(SLEEP); // give some time for notification to reach ckm
308 read_keys(CKM_API_ERROR_BAD_REQUEST);
311 usleep(SLEEP); // give some time for notification to reach ckm
312 read_keys(CKM_API_SUCCESS);
315 // run ckm manually and see if it properly loads mdpp setting
316 RUNNER_TEST(TCC_0050_manualCkmDisabled)
318 restart_ckm(DISABLED);
322 read_keys(CKM_API_SUCCESS);
325 // run ckm manually and see if it properly loads mdpp setting
326 RUNNER_TEST(TCC_0060_manualCkmEnabled)
328 restart_ckm(ENABLED);
332 read_keys(CKM_API_ERROR_BAD_REQUEST);
335 // run ckm manually and see if it properly loads mdpp setting
336 RUNNER_TEST(TCC_0070_manualCkmEnforcing)
338 restart_ckm(ENFORCING);
342 read_keys(CKM_API_ERROR_BAD_REQUEST);
345 // run ckm manually and see if it properly loads mdpp setting
346 RUNNER_TEST(TCC_0080_manualCkmWhatever)
348 restart_ckm("whatever");
352 read_keys(CKM_API_SUCCESS);
355 // run ckm manually and see if it properly loads mdpp setting
356 RUNNER_TEST(TCC_0090_manualCkmUnset)
362 read_keys(CKM_API_SUCCESS);
365 // make sure listener won't activate ckm to update mdpp
366 RUNNER_TEST(TCC_0100_listenerDoesntStartCkm)
368 stop_service(MANAGER);
369 stop_service(LISTENER);
374 start_service(LISTENER);
376 usleep(1000*1000); // by that time ckm would be already started
378 int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
379 RUNNER_ASSERT_MSG(-1 != lock, "Error in opening lock file. Errno: " << strerror(errno));
381 int ret = lockf(lock, F_TEST, 0);
383 RUNNER_ASSERT_MSG(ret == 0, "CKM lock is occupied. CKM seems to be running.");
386 RUNNER_TEST(TCC_9999_deinit)
391 auto control = Control::create();
393 CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
394 "Error=" << ErrorToString(tmp));