/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
* @version 1.0
*/
+
+#include <unistd.h>
+#include <sys/types.h>
+#include <cstdlib>
#include <string>
#include <fstream>
#include <sys/smack.h>
+#include <ckm/ckm-type.h>
#include <ckmc/ckmc-type.h>
#include <ckm-common.h>
#include <tests_common.h>
#include <ckmc/ckmc-manager.h>
#include <fcntl.h>
#include <unistd.h>
+#include <unordered_map>
+#include <tzplatform_config.h>
const std::string SMACK_USER_APP_PREFIX = "User::Pkg::";
const char *SYSTEM_LABEL = ckmc_owner_id_system;
default: return "Error not defined";
}
}
-
-const char * CKMErrorToString(int error) {
- switch (error) {
- ERRORDESCRIBE(CKM_API_SUCCESS);
- ERRORDESCRIBE(CKM_API_ERROR_SOCKET);
- ERRORDESCRIBE(CKM_API_ERROR_BAD_REQUEST);
- ERRORDESCRIBE(CKM_API_ERROR_BAD_RESPONSE);
- ERRORDESCRIBE(CKM_API_ERROR_SEND_FAILED);
- ERRORDESCRIBE(CKM_API_ERROR_RECV_FAILED);
- ERRORDESCRIBE(CKM_API_ERROR_AUTHENTICATION_FAILED);
- ERRORDESCRIBE(CKM_API_ERROR_INPUT_PARAM);
- ERRORDESCRIBE(CKM_API_ERROR_BUFFER_TOO_SMALL);
- ERRORDESCRIBE(CKM_API_ERROR_OUT_OF_MEMORY);
- ERRORDESCRIBE(CKM_API_ERROR_ACCESS_DENIED);
- ERRORDESCRIBE(CKM_API_ERROR_SERVER_ERROR);
- ERRORDESCRIBE(CKM_API_ERROR_DB_LOCKED);
- ERRORDESCRIBE(CKM_API_ERROR_DB_ERROR);
- ERRORDESCRIBE(CKM_API_ERROR_DB_ALIAS_EXISTS);
- ERRORDESCRIBE(CKM_API_ERROR_DB_ALIAS_UNKNOWN);
- ERRORDESCRIBE(CKM_API_ERROR_VERIFICATION_FAILED);
- ERRORDESCRIBE(CKM_API_ERROR_INVALID_FORMAT);
- ERRORDESCRIBE(CKM_API_ERROR_FILE_ACCESS_DENIED);
- ERRORDESCRIBE(CKM_API_ERROR_NOT_EXPORTABLE);
- ERRORDESCRIBE(CKM_API_ERROR_FILE_SYSTEM);
- ERRORDESCRIBE(CKM_API_ERROR_NOT_SUPPORTED);
- ERRORDESCRIBE(CKM_API_ERROR_UNKNOWN);
- default: return "Error not defined";
- }
-}
#undef ERRORDESCRIBE
std::string CKMCReadableError(int error) {
return output;
}
-void save_data(const char* alias, const char *data, int expected_err)
-{
- save_data(alias, data, strlen(data), expected_err);
-}
-
-void save_data(const char* alias, const char *data, size_t len, int expected_err = CKMC_ERROR_NONE)
+void save_data(const char* alias, const char *data, size_t len, const char* password,
+ int expected_err, bool exportable)
{
RUNNER_ASSERT(alias);
RUNNER_ASSERT(data);
buffer.data = reinterpret_cast<unsigned char*>(const_cast<char*>(data));
buffer.size = len;
ckmc_policy_s policy;
- policy.password = NULL;
- policy.extractable = true;
-
+ policy.password = const_cast<char*>(password);
+ policy.extractable = exportable;
int ret = ckmc_save_data(alias, buffer, policy);
RUNNER_ASSERT_MSG(expected_err == ret, "Saving data failed. "
- << CKMCErrorToString(ret) << " while expected: "
- << CKMCErrorToString(expected_err));
+ << CKMCErrorToString(ret) << " while expected: "
+ << CKMCErrorToString(expected_err));
+}
+
+void save_data(const char* alias, const char *data, int expected_err, bool exportable)
+{
+ save_data(alias, data, strlen(data), nullptr, expected_err, exportable);
+}
+void save_data(const char* alias, const char *data, size_t len, int expected_err, bool exportable)
+{
+ save_data(alias, data, len, nullptr, expected_err, exportable);
}
ScopedSaveData::ScopedSaveData(const char* alias, const char *data, int expected_err) : m_alias(alias)
int ret;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->unlockUserKey(user_id, passwd)),
- "Error=" << CKMErrorToString(ret));
+ "Error=" << CKM::APICodeToString(ret));
}
void remove_user_data(uid_t user_id)
RUNNER_ASSERT_MSG(expected == actual, "Actual list of aliases differ from expected list.");
}
+void check_alias_info_list_helper(const PasswordInfoVector& expected,
+ const std::unordered_map<std::string, bool>& actual,
+ const std::string &userSmackLabel)
+{
+ std::string errorLogMsg;
+
+ RUNNER_ASSERT_MSG(expected.size() == actual.size(), "Aliases item count differs, expected: " <<
+ expected.size() << " actual: " << actual.size());
+
+ for (const auto &it : expected)
+ {
+ auto aliasPwd = actual.find(userSmackLabel + it.alias);
+ if (aliasPwd != actual.end()) {
+ if (aliasPwd->second != it.passwordProtected) {
+ errorLogMsg += "Alias: " + it.alias + " has wrong encryption status: "
+ + std::to_string(it.passwordProtected) + "\n";
+ }
+ }
+ else {
+ errorLogMsg += "Expected alias: " + it.alias + " not found.\n";
+ }
+ }
+
+ if (!errorLogMsg.empty()) {
+ for (const auto& [alias, passwordProtected] : actual)
+ {
+ errorLogMsg += "Actual alias: " + alias + " status: "
+ + std::to_string(passwordProtected) + "\n";
+ }
+ RUNNER_FAIL_MSG("Actual list of aliases differ from expected list.\n" + errorLogMsg);
+ }
+}
+
+void check_alias_info_list(const PasswordInfoVector& expected)
+{
+ ckmc_alias_info_list_s *aliasInfoList = NULL;
+ int ret = ckmc_get_data_alias_info_list(&aliasInfoList);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get the list of data aliases. " << ret << " / "
+ << CKMCErrorToString(ret));
+
+ std::unordered_map<std::string, bool> actual;
+ ckmc_alias_info_list_s *plist = aliasInfoList;
+ char* alias;
+ bool isPasswordProtected;
+ unsigned int it = 0;
+ while (plist)
+ {
+ ret = ckmc_alias_info_get_alias(plist->info, &alias);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get alias. " << ret << " / "
+ << CKMCErrorToString(ret));
+ ret = ckmc_alias_info_is_password_protected(plist->info, &isPasswordProtected);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get password protection status" << ret << " / "
+ << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(alias != nullptr, "Got null alias. Iterator: " << it);
+
+ actual[alias] = isPasswordProtected;
+ plist = plist->next;
+ it++;
+ }
+ ckmc_alias_info_list_all_free(aliasInfoList);
+ check_alias_info_list_helper(expected, actual);
+}
+
size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count)
{
ckmc_alias_list_s *aliasList = NULL;
return ParamListPtr(list, ckmc_param_list_free);
}
-void assert_buffers_equal(const ckmc_raw_buffer_s b1, const ckmc_raw_buffer_s b2, bool equal)
+void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer)
+{
+ int ret = ckmc_param_list_set_buffer(params.get(), name, buffer);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
+ "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
+}
+
+void setParam(ParamListPtr& params, ckmc_param_name_e name, uint64_t integer)
+{
+ int ret = ckmc_param_list_set_integer(params.get(), name, integer);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
+ "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
+}
+
+void assert_buffers_equal(const ckmc_raw_buffer_s* b1, const ckmc_raw_buffer_s* b2, bool equal)
{
if(equal) {
- RUNNER_ASSERT_MSG(b1.size == b2.size, "Buffer size differs: " << b1.size << "!=" << b2.size);
- RUNNER_ASSERT_MSG(0 == memcmp(b1.data, b2.data, b1.size), "Buffer contents differ");
+ RUNNER_ASSERT_MSG(b1->size == b2->size,
+ "Buffer size differs: " << b1->size << "!=" << b2->size);
+ RUNNER_ASSERT_MSG(0 == memcmp(b1->data, b2->data, b1->size), "Buffer contents differ");
} else {
- RUNNER_ASSERT_MSG(b1.size != b2.size || 0 != memcmp(b1.data, b2.data, b1.size),
+ RUNNER_ASSERT_MSG(b1->size != b2->size || 0 != memcmp(b1->data, b2->data, b1->size),
"Buffers should be different");
}
}
{
return RawBufferPtr(buffer, ckmc_buffer_free);
}
+
+CipherCtxPtr create_cipher_ctx(ckmc_cipher_ctx_h ctx)
+{
+ return CipherCtxPtr(ctx, ckmc_cipher_free);
+}
+
+CKM::Policy generate_ckm_policy(int iterator_nr) {
+ if (iterator_nr % 2) { // policy with password and with / without extractable flag
+ return CKM::Policy(CKM::Password("test_pwd"), iterator_nr % 4);
+ }
+ return CKM::Policy();
+}
+
+void require_default_user(char *argv[])
+{
+ uid_t expected_uid = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+ if (expected_uid != geteuid()) {
+ std::string userStr("owner");
+ const char* user = tzplatform_getenv(TZ_SYS_DEFAULT_USER);
+ if (user)
+ userStr = user;
+
+ std::cerr << argv[0] << " should be executed as " << userStr << ". Aborting" << std::endl;
+ exit(-1);
+ }
+}
projects / platform / core / test / security-tests.git / blobdiff