/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
* @version 1.0
*/
+#include <scheme-test.h>
#include <sys/smack.h>
#include <sys/types.h>
#include <stdexcept>
#include <vector>
+#include <boost/test/unit_test.hpp>
+
+#include <smack-access.h>
+
#include <db-crypto.h>
#include <file-system.h>
#include <key-provider.h>
#include <crypto-init.h>
#include <dpl/errno_string.h>
-#include <scheme-test.h>
-#include <smack-access.h>
-#include <assert-wrapper.h>
-
using namespace CKM;
using namespace std;
const Password TEST_PASS = "custom user password";
const size_t IV_LEN = 16;
const size_t CHAIN_LEN = 3;
+const mode_t MODE_0644 = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
enum {
NO_PASS = 0,
std::vector<char> buf(bufsize, 0);
int ret = getpwnam_r(name, &pwd, buf.data(), bufsize, &result);
- ASSERT_MSG(ret == 0 && result, "getpwnam_r failed");
+ BOOST_REQUIRE_MESSAGE(ret == 0 && result, "getpwnam_r failed");
return pwd.pw_uid;
}
std::vector<char> buf(bufsize, 0);
int ret = getgrnam_r(name, &grp, buf.data(), bufsize, &result);
- ASSERT_MSG(ret == 0 && result, "getgrnam_r failed");
+ BOOST_REQUIRE_MESSAGE(ret == 0 && result, "getgrnam_r failed");
return grp.gr_gid;
}
int sourceFd = TEMP_FAILURE_RETRY(open(sourcePath.c_str(), O_RDONLY));
err = errno;
- ASSERT_MSG(sourceFd > 0, "Opening " << sourcePath << " failed: " << GetErrnoString(err));
+ BOOST_REQUIRE_MESSAGE(sourceFd > 0,
+ "Opening " << sourcePath << " failed: " << GetErrnoString(err));
FdPtr sourceFdPtr(&sourceFd);
- int targetFd = TEMP_FAILURE_RETRY(creat(targetPath.c_str(), 0644));
+ int targetFd = TEMP_FAILURE_RETRY(creat(targetPath.c_str(), MODE_0644));
err = errno;
- ASSERT_MSG(targetFd > 0, "Creating " << targetPath << " failed: " << GetErrnoString(err));
+ BOOST_REQUIRE_MESSAGE(targetFd > 0,
+ "Creating " << targetPath << " failed: " << GetErrnoString(err));
ret = fchown(targetFd, CKM_UID, CKM_GID);
err = errno;
- ASSERT_MSG(ret != -1, "fchown() failed: " << GetErrnoString(err));
+ BOOST_REQUIRE_MESSAGE(ret != -1, "fchown() failed: " << GetErrnoString(err));
FdPtr targetFdPtr(&targetFd);
struct stat sourceStat;
ret = fstat(sourceFd, &sourceStat);
err = errno;
- ASSERT_MSG(ret != -1, "fstat() failed: " << GetErrnoString(err));
+ BOOST_REQUIRE_MESSAGE(ret != -1, "fstat() failed: " << GetErrnoString(err));
ret = sendfile(targetFd, sourceFd, 0, sourceStat.st_size);
err = errno;
- ASSERT_MSG(ret != -1, "sendfile() failed: " << GetErrnoString(err));
+ BOOST_REQUIRE_MESSAGE(ret != -1, "sendfile() failed: " << GetErrnoString(err));
ret = fsync(targetFd);
err = errno;
- ASSERT_MSG(ret != -1, "fsync() failed: " << GetErrnoString(err));
+ BOOST_REQUIRE_MESSAGE(ret != -1, "fsync() failed: " << GetErrnoString(err));
}
void generateRandom(size_t random_bytes, unsigned char *output)
{
if (random_bytes <= 0 || !output)
- ASSERT_FAIL("Invalid param");
+ throw runtime_error("Invalid param");
std::ifstream is("/dev/urandom", std::ifstream::binary);
- ASSERT_MSG(is, "Failed to read /dev/urandom");
+ if (!is)
+ throw runtime_error("Failed to read /dev/urandom");
is.read(reinterpret_cast<char *>(output), random_bytes);
- ASSERT_MSG(static_cast<std::streamsize>(random_bytes) == is.gcount(),
- "Not enough bytes read from /dev/urandom");
+ if (static_cast<std::streamsize>(random_bytes) != is.gcount())
+ throw runtime_error("Not enough bytes read from /dev/urandom");
}
RawBuffer createRandomBuffer(size_t random_bytes)
void SchemeTest::RemoveUserData()
{
- ASSERT_MSG(m_control->lockUserKey(UID) == CKM_API_SUCCESS, "lockUserKey failed");
+ if (CKM_API_SUCCESS != m_control->lockUserKey(UID))
+ throw runtime_error("lockUserKey failed");
- ASSERT_MSG(m_control->removeUserData(UID) == CKM_API_SUCCESS, "removeUserData failed");
+ if (CKM_API_SUCCESS != m_control->removeUserData(UID))
+ throw runtime_error("removeUserData failed");
}
void SchemeTest::SwitchToUser()
if (m_userChanged)
return;
- ASSERT_MSG(m_control->unlockUserKey(UID, DBPASS) == CKM_API_SUCCESS, "unlockUserKey failed");
+ if (CKM_API_SUCCESS != m_control->unlockUserKey(UID, DBPASS))
+ throw runtime_error("unlockUserKey failed");
// get calling label
char *label = NULL;
- ASSERT_MSG(smack_new_label_from_self(&label) > 0, "smack_new_label_from_self failed");
+ if (smack_new_label_from_self(&label) <= 0)
+ throw runtime_error("smack_new_label_from_self failed");
m_origLabel = string(label);
free(label);
- ASSERT_MSG(smack_set_label_for_self(LABEL) == 0, "smack_set_label_for_self failed");
+ if (0 > smack_set_label_for_self(LABEL))
+ throw runtime_error("smack_set_label_for_self failed");
- ASSERT_MSG(setegid(GID) == 0, "setegid failed");
+ if (0 > setegid(GID))
+ throw runtime_error("setegid failed");
- ASSERT_MSG(seteuid(UID) == 0, "seteuid failed");
+ if (0 > seteuid(UID))
+ throw runtime_error("seteuid failed");
m_userChanged = true;
}
if (!m_userChanged)
return;
- ASSERT_MSG(seteuid(0) == 0, "seteuid failed");
+ if (0 > seteuid(0))
+ throw runtime_error("seteuid failed");
- ASSERT_MSG(setegid(0) == 0, "setegid failed");
+ if (0 > setegid(0))
+ throw runtime_error("setegid failed");
- ASSERT_MSG(smack_set_label_for_self(m_origLabel.c_str()) == 0,
- "smack_set_label_for_self failed");
+ if (0 > smack_set_label_for_self(m_origLabel.c_str()))
+ throw runtime_error("smack_set_label_for_self failed");
- ASSERT_MSG(m_control->lockUserKey(UID) == CKM_API_SUCCESS, "lockUserKey failed");
+ if (m_control->lockUserKey(UID) != CKM_API_SUCCESS)
+ throw runtime_error("lockUserKey failed");
}
void SchemeTest::FillDb()
// pkcs
ifstream is(DB_TEST_DIR "/encryption-scheme.p12");
- ASSERT_MSG(is, "Failed to read pkcs");
+ if (!is)
+ throw runtime_error("Failed to read pkcs");
istreambuf_iterator<char> begin(is), end;
RawBuffer pkcsBuffer(begin, end);
auto pkcs = PKCS12::create(pkcsBuffer, Password());
- ASSERT_MSG(!pkcs->empty(), "Empty pkcs");
+ if (pkcs->empty())
+ throw runtime_error("Empty pkcs");
SwitchToUser();
for (const auto &g : GROUPS) {
switch (g.type) {
case Group::KEY_PAIR_RSA:
- ASSERT_MSG(g.items.size() == 2, "Wrong number of keys");
+ if (g.items.size() != 2)
+ throw runtime_error("Wrong number of keys");
if (g.items[0].type != DataType::KEY_RSA_PRIVATE ||
g.items[1].type != DataType::KEY_RSA_PUBLIC)
- ASSERT_FAIL("Invalid item type");
+ throw runtime_error("Invalid item type");
if (CKM_API_SUCCESS != m_mgr->createKeyPairRSA(1024,
g.items[0].alias,
g.items[1].alias,
g.items[0].policy,
g.items[1].policy))
- ASSERT_FAIL("createKeyPair failed");
+ throw runtime_error("createKeyPair failed");
break;
case Group::CERT_CHAIN:
- ASSERT_MSG(g.items.size() == CHAIN_SIZE, "Wrong number of certificates");
+ if (g.items.size() != CHAIN_SIZE)
+ throw runtime_error("Wrong number of certificates");
if (g.items[0].type != DataType::CERTIFICATE ||
g.items[1].type != DataType::CERTIFICATE ||
g.items[2].type != DataType::CERTIFICATE)
- ASSERT_FAIL("Invalid item type");
+ throw runtime_error("Invalid item type");
if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[0].alias, rootCa,
g.items[0].policy))
- ASSERT_FAIL("saveCertificate failed");
+ throw runtime_error("saveCertificate failed");
if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[1].alias, imCa,
g.items[1].policy))
- ASSERT_FAIL("saveCertificate failed");
+ throw runtime_error("saveCertificate failed");
if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[2].alias, leaf,
g.items[2].policy))
- ASSERT_FAIL("saveCertificate failed");
+ throw runtime_error("saveCertificate failed");
break;
switch (i.type) {
case DataType::BINARY_DATA:
if (CKM_API_SUCCESS != m_mgr->saveData(i.alias, TEST_DATA, i.policy))
- ASSERT_FAIL("saveData failed");
+ throw runtime_error("saveData failed");
break;
case DataType::KEY_AES:
if (CKM_API_SUCCESS != m_mgr->createKeyAES(256, i.alias, i.policy))
- ASSERT_FAIL("createKeyAES failed");
+ throw runtime_error("createKeyAES failed");
break;
case DataType::CHAIN_CERT_0: // PKCS
if (CKM_API_SUCCESS != m_mgr->savePKCS12(i.alias, pkcs, i.policy, i.policy))
- ASSERT_FAIL("savePkcs12 failed");
+ throw runtime_error("savePkcs12 failed");
break;
default:
- ASSERT_FAIL("unsupported data type");
+ throw runtime_error("unsupported data type");
}
}
}
}
+void SchemeTest::CheckAliasInfo()
+{
+ SwitchToUser();
+ for (const auto &g : GROUPS) {
+ for (const auto &i : g.items) {
+ int ret;
+ bool encStatus = false;
+ Password pass = i.policy.password;
+
+ if (pass.empty())
+ pass = TEST_PASS;
+ else
+ pass = Password();
+
+ switch (i.type) {
+ case DataType::BINARY_DATA: {
+ ret = m_mgr->getDataEncryptionStatus(i.alias, encStatus);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "can not get data encryption status, ret: " +
+ std::to_string(ret));
+ break;
+ }
+
+ case DataType::KEY_AES:
+ case DataType::KEY_RSA_PRIVATE:
+ case DataType::KEY_RSA_PUBLIC: {
+ ret = m_mgr->getKeyEncryptionStatus(i.alias, encStatus);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "can not get key encryption status, ret: " +
+ std::to_string(ret));
+ break;
+ }
+
+ case DataType::CERTIFICATE: {
+ ret = m_mgr->getCertificateEncryptionStatus(i.alias, encStatus);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "can not get certificate encryption status, ret: " +
+ std::to_string(ret));
+ break;
+ }
+
+ case DataType::CHAIN_CERT_0: {
+ ret = m_mgr->getCertificateEncryptionStatus(i.alias, encStatus);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "can not get certificate encryption status, ret: " +
+ std::to_string(ret));
+ ret = m_mgr->getKeyEncryptionStatus(i.alias, encStatus);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "can not get key encryption status, ret: " +
+ std::to_string(ret));
+ break;
+ }
+
+ default:
+ BOOST_FAIL("Unsupported data type " << i.type);
+ }
+ BOOST_REQUIRE_MESSAGE(encStatus == !i.policy.password.empty(), "item: " <<
+ i.alias << " has wrong encryption status: " << encStatus);
+
+ }
+ }
+}
+
+
void SchemeTest::ReadAll(bool useWrongPass)
{
SwitchToUser();
case DataType::BINARY_DATA: {
RawBuffer receivedData;
ret = m_mgr->getData(i.alias, pass, receivedData);
- ASSERT_MSG(useWrongPass || receivedData == TEST_DATA,
- "Received data is different for " << i.alias);
+ BOOST_REQUIRE_MESSAGE(useWrongPass || receivedData == TEST_DATA,
+ "Received data is different for " << i.alias);
break;
}
}
default:
- ASSERT_FAIL("Unsupported data type " << i.type);
+ BOOST_FAIL("Unsupported data type " << i.type);
}
if (i.policy.extractable) {
if (useWrongPass)
- ASSERT_MSG(ret == CKM_API_ERROR_AUTHENTICATION_FAILED,
- "Reading item " << i.alias << " should fail with " <<
- CKM_API_ERROR_AUTHENTICATION_FAILED << " got: " << ret);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_ERROR_AUTHENTICATION_FAILED,
+ "Reading item " << i.alias << " should fail with " <<
+ CKM_API_ERROR_AUTHENTICATION_FAILED << " got: " << ret);
else
- ASSERT_MSG(ret == CKM_API_SUCCESS,
- "Reading item " << i.alias << " failed with " << ret);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, "Reading item " << i.alias <<
+ " failed with " << ret);
} else {
- ASSERT_MSG(ret == CKM_API_ERROR_NOT_EXPORTABLE,
- "Item " << i.alias << " should not be exportable");
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_ERROR_NOT_EXPORTABLE, "Item " << i.alias <<
+ " should not be exportable");
}
}
}
for (const auto &g : GROUPS) {
if (g.type == Group::KEY_PAIR_RSA) {
- ASSERT_MSG(g.items.size() == 2, "Wrong number of keys");
- ASSERT_MSG(g.items[0].type == DataType::KEY_RSA_PRIVATE &&
- g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key");
+ BOOST_REQUIRE_MESSAGE(g.items.size() == 2, "Wrong number of keys");
+ BOOST_REQUIRE_MESSAGE(g.items[0].type == DataType::KEY_RSA_PRIVATE &&
+ g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key");
SignVerifyItem(g.items[0], g.items[1]);
} else {
for (const auto &g : GROUPS) {
if (g.type == Group::KEY_PAIR_RSA) {
- ASSERT_MSG(g.items.size() == 2, "Wrong number of keys");
- ASSERT_MSG(g.items[0].type == DataType::KEY_RSA_PRIVATE &&
- g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key");
+ BOOST_REQUIRE_MESSAGE(g.items.size() == 2, "Wrong number of keys");
+ BOOST_REQUIRE_MESSAGE(g.items[0].type == DataType::KEY_RSA_PRIVATE &&
+ g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key");
EncryptDecryptItem(g.items[0], g.items[1]);
} else {
for (const auto &g : GROUPS) {
if (g.type == Group::CERT_CHAIN) {
- ASSERT_MSG(g.items.size() == CHAIN_SIZE, "Not enough certificates");
+ BOOST_REQUIRE_MESSAGE(g.items.size() == CHAIN_SIZE, "Not enough certificates");
for (const auto &c : g.items)
- ASSERT_MSG(c.type == DataType::CERTIFICATE, "Wrong item type");
+ BOOST_REQUIRE_MESSAGE(c.type == DataType::CERTIFICATE, "Wrong item type");
Items trusted(CHAIN_SIZE - 1);
std::copy(g.items.begin(), g.items.begin() + CHAIN_SIZE - 1, trusted.begin());
for (const auto &g : GROUPS) {
for (const auto &i : g.items) {
int ret = m_mgr->removeAlias(i.alias);
- ASSERT_MSG(ret == CKM_API_SUCCESS,
- "removeAlias() failed with " << ret << " for " << i.alias);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "removeAlias() failed with " << ret << " for " << i.alias);
}
}
}
void SchemeTest::RestoreDb()
{
+ m_db.reset();
restoreFile("key-7654");
restoreFile("db-key-7654");
restoreFile("db-7654");
- m_db.reset();
m_directAccessEnabled = false;
}
DB::RowVector rows;
m_db->getRows(i.alias, OWNER, filter.typeFrom, filter.typeTo, rows);
- ASSERT_MSG(rows.size() > 0, "No rows found for " << i.alias);
+ BOOST_REQUIRE_MESSAGE(rows.size() > 0, "No rows found for " << i.alias);
for (const auto &r : rows) {
- ASSERT_MSG((r.encryptionScheme >> ENC_SCHEME_OFFSET) == version,
- "Wrong encryption scheme for " << i.alias << ". Expected " << version <<
- " got: " << (r.encryptionScheme >> ENC_SCHEME_OFFSET));
+ BOOST_REQUIRE_MESSAGE(
+ (r.encryptionScheme >> ENC_SCHEME_OFFSET) == version,
+ "Wrong encryption scheme for " << i.alias << ". Expected " << version <<
+ " got: " << (r.encryptionScheme >> ENC_SCHEME_OFFSET));
}
}
}
auto wrappedDatabaseDEK = fs.getDBDEK();
RawBuffer key = keyProvider.getPureDEK(wrappedDatabaseDEK);
- m_db.reset(new DB::Crypto(fs.getDBPath(), key));
+ m_db.reset(new DB::Crypto(fs.getLegacyDBPath(), fs.getDBPath(), key));
m_directAccessEnabled = true;
+
+ // Legacy db files of the form db-$uid are incompatible with upstream sqlcipher.
+ // DB::Crypto(...) converts them to db0-$uid upstream-compatible, then deletes them.
+ // This function runs DB::Crypto(...) as root so db0-$uid are root-owned.
+ // However, database files need to be accessible to USER_NAME/GROUP_NAME (ex. ReadAll()).
+ // Thus the need to fix up ownership, much like restoreFile() does.
+ BOOST_REQUIRE(!chown(RW_DATA_DIR "/db0-7654", getUid(USER_NAME), getGid(GROUP_NAME)));
}
void SchemeTest::SignVerifyItem(const Item &itemPrv, const Item &itemPub)
HashAlgorithm::SHA512,
RSAPaddingAlgorithm::X931,
signature);
- ASSERT_MSG(ret == CKM_API_SUCCESS,
- "createSignature() failed with " << ret << " for " << itemPrv.alias);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "createSignature() failed with " << ret <<
+ " for " << itemPrv.alias);
ret = m_mgr->verifySignature(itemPub.alias,
itemPub.policy.password,
TEST_DATA,
signature,
HashAlgorithm::SHA512,
RSAPaddingAlgorithm::X931);
- ASSERT_MSG(ret == CKM_API_SUCCESS,
- "verifySignature() failed with " << ret << " for " << itemPub.alias);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "verifySignature() failed with " << ret <<
+ " for " << itemPub.alias);
}
void SchemeTest::EncryptDecryptItem(const Item &item)
algo.setParam(ParamName::ALGO_TYPE, AlgoType::AES_GCM);
algo.setParam(ParamName::ED_IV, iv);
- ret = m_mgr->encrypt(algo, item.alias, item.policy.password, TEST_DATA, encrypted);
- ASSERT_MSG(ret == CKM_API_SUCCESS, "encrypt() failed iwth " << ret << " for " << item.alias);
+ ret = m_mgr->encrypt(algo, item.alias, item.policy.password, TEST_DATA,
+ encrypted);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "encrypt() failed iwth " << ret << " for " <<
+ item.alias);
- ret = m_mgr->decrypt(algo, item.alias, item.policy.password, encrypted, decrypted);
- ASSERT_MSG(ret == CKM_API_SUCCESS, "decrypt() failed iwth " << ret << " for " << item.alias);
+ ret = m_mgr->decrypt(algo, item.alias, item.policy.password, encrypted,
+ decrypted);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "decrypt() failed iwth " << ret << " for " <<
+ item.alias);
- ASSERT_MSG(decrypted == TEST_DATA, "Decrypted data not equal to original");
+ BOOST_REQUIRE_MESSAGE(decrypted == TEST_DATA,
+ "Decrypted data not equal to original");
}
void SchemeTest::EncryptDecryptItem(const Item &itemPrv, const Item &itemPub)
algo.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_OAEP);
- ret = m_mgr->encrypt(algo, itemPub.alias, itemPub.policy.password, TEST_DATA, encrypted);
- ASSERT_MSG(ret == CKM_API_SUCCESS, "encrypt() failed iwth " << ret << " for " << itemPub.alias);
+ ret = m_mgr->encrypt(algo, itemPub.alias, itemPub.policy.password, TEST_DATA,
+ encrypted);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "encrypt() failed iwth " << ret << " for " <<
+ itemPub.alias);
- ret = m_mgr->decrypt(algo, itemPrv.alias, itemPrv.policy.password, encrypted, decrypted);
- ASSERT_MSG(ret == CKM_API_SUCCESS, "decrypt() failed iwth " << ret << " for " << itemPrv.alias);
+ ret = m_mgr->decrypt(algo, itemPrv.alias, itemPrv.policy.password, encrypted,
+ decrypted);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "decrypt() failed iwth " << ret << " for " <<
+ itemPrv.alias);
- ASSERT_MSG(decrypted == TEST_DATA, "Decrypted data not equal to original");
+ BOOST_REQUIRE_MESSAGE(decrypted == TEST_DATA,
+ "Decrypted data not equal to original");
}
void SchemeTest::CreateChainItem(const Item &leaf, const Items &certs)
CertificateShPtr leafCrt;
int ret = m_mgr->getCertificate(leaf.alias, leaf.policy.password, leafCrt);
- ASSERT_MSG(ret == CKM_API_SUCCESS,
- "getCertificate failed with " << ret << " for " << leaf.alias);
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "getCertificate failed with " << ret << " for " <<
+ leaf.alias);
ret = m_mgr->getCertificateChain(leafCrt, AliasVector(), trusted, false, chain);
- ASSERT_MSG(ret == CKM_API_SUCCESS, "getCertificateChain() failed with " << ret);
- ASSERT_MSG(chain.size() == CHAIN_LEN, "Wrong chain length: " << chain.size());
+ BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
+ "getCertificateChain() failed with " << ret);
+ BOOST_REQUIRE_MESSAGE(chain.size() == CHAIN_LEN,
+ "Wrong chain length: " << chain.size());
}
projects / platform / core / security / key-manager.git / blobdiff