1 #include <boost/test/unit_test.hpp>
5 #include <ckm/ckm-type.h>
6 #include <ckm/ckm-error.h>
8 #include <test_common.h>
15 const int restricted_local = 1;
16 const int restricted_global = 0;
18 const unsigned int c_test_retries = 1000;
19 const unsigned int c_num_names = 500;
20 const unsigned int c_num_names_add_test = 5000;
21 const unsigned int c_names_per_label = 15;
23 } // namespace anonymous
25 BOOST_FIXTURE_TEST_SUITE(DBCRYPTO_TEST, DBFixture)
26 BOOST_AUTO_TEST_CASE(DBtestSimple) {
27 DB::Row rowPattern = create_default_row();
28 rowPattern.data = RawBuffer(32, 1);
29 rowPattern.dataSize = rowPattern.data.size();
30 rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
32 check_DB_integrity(rowPattern);
34 BOOST_AUTO_TEST_CASE(DBtestBIG) {
35 DB::Row rowPattern = create_default_row();
36 rowPattern.data = createBigBlob(4096);
37 rowPattern.dataSize = rowPattern.data.size();
38 rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
40 check_DB_integrity(rowPattern);
42 BOOST_AUTO_TEST_CASE(DBtestGlobal) {
43 DB::Row rowPattern = create_default_row();
44 rowPattern.data = RawBuffer(1024, 2);
45 rowPattern.dataSize = rowPattern.data.size();
46 rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
48 BOOST_REQUIRE_NO_THROW(m_db.saveRow(rowPattern));
50 DB::Row name_duplicate = rowPattern;
51 rowPattern.ownerLabel = rowPattern.ownerLabel + "1";
53 BOOST_AUTO_TEST_CASE(DBtestTransaction) {
54 DB::Row rowPattern = create_default_row();
55 rowPattern.data = RawBuffer(100, 20);
56 rowPattern.dataSize = rowPattern.data.size();
57 rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
58 DB::Crypto::Transaction transaction(&m_db);
60 BOOST_REQUIRE_NO_THROW(m_db.saveRow(rowPattern));
61 BOOST_REQUIRE_NO_THROW(transaction.rollback());
63 DB::Crypto::RowOptional row_optional;
64 BOOST_REQUIRE_NO_THROW(row_optional = m_db.getRow(m_default_name, m_default_label,
65 DataType::BINARY_DATA));
66 BOOST_CHECK_MESSAGE(!row_optional, "Row still present after rollback");
69 BOOST_AUTO_TEST_CASE(DBtestBackend) {
70 DB::Row rowPattern = create_default_row();
71 rowPattern.data = RawBuffer(32, 1);
72 rowPattern.dataSize = rowPattern.data.size();
73 rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
75 rowPattern.backendId = CryptoBackend::OpenSSL;
76 check_DB_integrity(rowPattern);
78 rowPattern.backendId = CryptoBackend::TrustZone;
79 check_DB_integrity(rowPattern);
81 rowPattern.backendId = CryptoBackend::None;
82 check_DB_integrity(rowPattern);
85 BOOST_AUTO_TEST_SUITE_END()
89 BOOST_FIXTURE_TEST_SUITE(DBCRYPTO_PERF_TEST, DBFixture)
91 BOOST_AUTO_TEST_CASE(DBperfAddNames)
94 performance_start("saveRow");
96 generate_perf_DB(c_num_names_add_test, c_names_per_label);
98 performance_stop(c_num_names_add_test);
101 BOOST_AUTO_TEST_CASE(DBperfLookupAliasByOwner)
104 generate_perf_DB(c_num_names, c_names_per_label);
106 unsigned int num_labels = c_num_names/c_names_per_label;
110 // actual test - successful lookup
111 performance_start("getRow");
112 for(unsigned int t=0; t<c_test_retries; t++)
114 int label_num = rand() % num_labels;
115 generate_label(label_num, label);
117 unsigned int start_name = label_num*c_names_per_label;
118 for(unsigned int name_num=start_name; name_num<(start_name+c_names_per_label); name_num++)
120 generate_name(name_num, name);
121 read_row_expect_success(name, label);
124 performance_stop(c_test_retries * c_num_names);
127 BOOST_AUTO_TEST_CASE(DBperfLookupAliasRandomOwnershipNoPermissions)
130 generate_perf_DB(c_num_names, c_names_per_label);
135 unsigned int num_labels = c_num_names / c_names_per_label;
137 // actual test - random lookup
138 performance_start("getRow");
139 for(unsigned int t=0; t<c_test_retries; t++)
141 int name_idx = rand()%c_num_names;
142 generate_name(name_idx, name);
143 generate_label(name_idx/c_names_per_label, owner_label);
144 generate_label(rand()%num_labels, smack_label);
146 // do not care of result
147 m_db.getRow(name, owner_label, DataType::BINARY_DATA);
149 performance_stop(c_test_retries * c_num_names);
152 BOOST_AUTO_TEST_CASE(DBperfAddPermissions)
155 generate_perf_DB(c_num_names, c_names_per_label);
157 // actual test - add access rights
158 performance_start("setPermission");
159 long iterations = add_full_access_rights(c_num_names, c_names_per_label);
160 performance_stop(iterations);
163 BOOST_AUTO_TEST_CASE(DBperfAliasRemoval)
166 generate_perf_DB(c_num_names, c_names_per_label);
167 add_full_access_rights(c_num_names, c_names_per_label);
169 // actual test - random lookup
170 performance_start("deleteRow");
173 for(unsigned int t=0; t<c_num_names; t++)
175 generate_name(t, name);
176 generate_label(t/c_names_per_label, label);
178 BOOST_REQUIRE_NO_THROW(m_db.deleteRow(name, label));
180 performance_stop(c_num_names);
182 // verify everything has been removed
183 unsigned int num_labels = c_num_names / c_names_per_label;
184 for(unsigned int l=0; l<num_labels; l++)
186 generate_label(l, label);
187 LabelNameVector expect_no_data;
188 BOOST_REQUIRE_NO_THROW(m_db.listNames(label, expect_no_data, DataType::BINARY_DATA));
189 BOOST_REQUIRE(0 == expect_no_data.size());
193 BOOST_AUTO_TEST_CASE(DBperfGetAliasList)
196 generate_perf_DB(c_num_names, c_names_per_label);
197 add_full_access_rights(c_num_names, c_names_per_label);
199 unsigned int num_labels = c_num_names / c_names_per_label;
202 // actual test - random lookup
203 performance_start("listNames");
204 for(unsigned int t=0; t<(c_test_retries/num_labels); t++)
206 LabelNameVector ret_list;
207 generate_label(rand()%num_labels, label);
209 BOOST_REQUIRE_NO_THROW(m_db.listNames(label, ret_list, DataType::BINARY_DATA));
210 BOOST_REQUIRE(c_num_names == ret_list.size());
213 performance_stop(c_test_retries/num_labels);
215 BOOST_AUTO_TEST_SUITE_END()
218 BOOST_AUTO_TEST_SUITE(DBCRYPTO_MIGRATION_TEST)
221 const unsigned migration_names = 16107;
222 const unsigned migration_labels = 273;
223 const unsigned migration_reference_label_idx = 0;
224 const unsigned migration_accessed_element_idx = 7;
226 void verifyDBisValid(DBFixture & fixture)
229 * there are (migration_labels), each having (migration_names)/(migration_labels) entries.
230 * reference label (migration_reference_label_idx) exists such that it has access to
231 * all others' label element with index (migration_accessed_element_idx).
234 * - migration_label_63 has access to all items owned by migration_label_63,
235 * which gives (migration_names)/(migration_labels) entries.
237 * - migration_label_0 (0 is the reference label) has access to all items
238 * owned by migration_label_0 and all others' label element index 7,
239 * which gives (migration_names)/(migration_labels) + (migration_labels-1) entries.
242 Label reference_label;
243 fixture.generate_label(migration_reference_label_idx, reference_label);
245 // check number of elements accessible to the reference label
246 LabelNameVector ret_list;
247 BOOST_REQUIRE_NO_THROW(fixture.m_db.listNames(reference_label, ret_list, DataType::BINARY_DATA));
248 BOOST_REQUIRE((migration_names/migration_labels)/*own items*/ + (migration_labels-1)/*other labels'*/ == ret_list.size());
251 // check number of elements accessible to the other labels
252 for(unsigned int l=0; l<migration_labels; l++)
254 // bypass the reference owner label
255 if(l == migration_reference_label_idx)
259 fixture.generate_label(l, current_label);
260 BOOST_REQUIRE_NO_THROW(fixture.m_db.listNames(current_label, ret_list, DataType::BINARY_DATA));
261 BOOST_REQUIRE((migration_names/migration_labels) == ret_list.size());
262 for(auto it: ret_list)
263 BOOST_REQUIRE(it.first == current_label);
268 struct DBVer1Migration : public DBFixture
270 DBVer1Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver1.db")
274 struct DBVer2Migration : public DBFixture
276 DBVer2Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver2.db")
280 struct DBVer3Migration : public DBFixture
282 DBVer3Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver3.db")
287 BOOST_AUTO_TEST_CASE(DBMigrationDBVer1)
289 DBVer1Migration DBver1;
290 verifyDBisValid(DBver1);
293 BOOST_AUTO_TEST_CASE(DBMigrationDBVer2)
295 DBVer2Migration DBver2;
296 verifyDBisValid(DBver2);
299 BOOST_AUTO_TEST_CASE(DBMigrationDBVer3)
301 DBVer3Migration DBver3;
302 verifyDBisValid(DBver3);
305 BOOST_AUTO_TEST_CASE(DBMigrationDBCurrent)
309 // prepare data using current DB mechanism
310 Label reference_label;
311 currentDB.generate_label(migration_reference_label_idx, reference_label);
313 currentDB.generate_perf_DB(migration_names, migration_names/migration_labels);
315 // only the reference label has access to the other labels element <migration_accessed_element_idx>
316 for(unsigned int l=0; l<migration_labels; l++)
318 // bypass the reference owner label
319 if(l == migration_reference_label_idx)
322 unsigned element_index = migration_accessed_element_idx + l*migration_names/migration_labels;
326 currentDB.generate_name(element_index, accessed_name);
328 currentDB.generate_label(l, current_label);
329 currentDB.add_permission(accessed_name, current_label, reference_label);
333 verifyDBisValid(currentDB);
336 BOOST_AUTO_TEST_SUITE_END()