#include <boost/test/unit_test.hpp>
-#include <boost/test/results_reporter.hpp>
#include <unistd.h>
#include <db-crypto.h>
#include <iostream>
#include <test_common.h>
#include <DBFixture.h>
-BOOST_GLOBAL_FIXTURE(TestConfig)
-
using namespace CKM;
namespace
const unsigned int c_num_names = 500;
const unsigned int c_num_names_add_test = 5000;
const unsigned int c_names_per_label = 15;
-}
+} // namespace anonymous
BOOST_FIXTURE_TEST_SUITE(DBCRYPTO_TEST, DBFixture)
BOOST_AUTO_TEST_CASE(DBtestSimple) {
- DBRow rowPattern = create_default_row();
+ DB::Row rowPattern = create_default_row();
rowPattern.data = RawBuffer(32, 1);
rowPattern.dataSize = rowPattern.data.size();
rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
check_DB_integrity(rowPattern);
}
BOOST_AUTO_TEST_CASE(DBtestBIG) {
- DBRow rowPattern = create_default_row();
+ DB::Row rowPattern = create_default_row();
rowPattern.data = createBigBlob(4096);
rowPattern.dataSize = rowPattern.data.size();
rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
check_DB_integrity(rowPattern);
}
BOOST_AUTO_TEST_CASE(DBtestGlobal) {
- DBRow rowPattern = create_default_row();
+ DB::Row rowPattern = create_default_row();
rowPattern.data = RawBuffer(1024, 2);
rowPattern.dataSize = rowPattern.data.size();
rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
- BOOST_REQUIRE_NO_THROW(m_db.saveDBRow(rowPattern));
-
- DBRow name_duplicate = rowPattern;
- rowPattern.smackLabel = rowPattern.smackLabel + "1";
+ BOOST_REQUIRE_NO_THROW(m_db.saveRow(rowPattern));
- BOOST_REQUIRE_THROW(m_db.saveDBRow(name_duplicate),
- DBCrypto::Exception::NameExists);
+ DB::Row name_duplicate = rowPattern;
+ rowPattern.ownerLabel = rowPattern.ownerLabel + "1";
}
BOOST_AUTO_TEST_CASE(DBtestTransaction) {
- DBRow rowPattern = create_default_row();
+ DB::Row rowPattern = create_default_row();
rowPattern.data = RawBuffer(100, 20);
rowPattern.dataSize = rowPattern.data.size();
rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
- DBCrypto::Transaction transaction(&m_db);
+ DB::Crypto::Transaction transaction(&m_db);
- BOOST_REQUIRE_NO_THROW(m_db.saveDBRow(rowPattern));
+ BOOST_REQUIRE_NO_THROW(m_db.saveRow(rowPattern));
BOOST_REQUIRE_NO_THROW(transaction.rollback());
- DBCrypto::DBRowOptional row_optional;
- BOOST_REQUIRE_NO_THROW(row_optional = m_db.getDBRow(m_default_name, m_default_label,
- m_default_label, DBDataType::BINARY_DATA));
+ DB::Crypto::RowOptional row_optional;
+ BOOST_REQUIRE_NO_THROW(row_optional = m_db.getRow(m_default_name, m_default_label,
+ DataType::BINARY_DATA));
BOOST_CHECK_MESSAGE(!row_optional, "Row still present after rollback");
-
}
-BOOST_AUTO_TEST_CASE(DBaddDataCheckIfPermissionIsAdded)
-{
- Name row_A_name, row_B_name;
- Label row_A_label, row_B_label;
- generate_name(0, row_A_name); generate_label(0, row_A_label);
- generate_name(1, row_B_name); generate_label(1, row_B_label);
-
- // insert initial data set
- insert_row(row_A_name, row_A_label);
- insert_row(row_B_name, row_B_label);
- read_row_expect_success(row_A_name, row_A_label, row_A_label);
- read_row_expect_success(row_B_name, row_B_label, row_B_label);
-
- // verify that no entries present in the permission table
- // read row A from label B and vice versa
- read_row_expect_fail(row_A_name, row_A_label, row_B_label);
- read_row_expect_fail(row_B_name, row_B_label, row_A_label);
-
- // add appropriate permissions for label B
- add_permission(row_A_name, row_A_label, row_B_label);
-
- // B should have access to A, while A should not to B
- // read row A from label B and vice versa
- read_row_expect_success(row_A_name, row_A_label, row_B_label);
- read_row_expect_fail(row_B_name, row_B_label, row_A_label);
-
- // add appropriate permissions for label A
- add_permission(row_B_name, row_B_label, row_A_label);
-
- // B should have access to A, same as A have access to B
- // read row A from label B and vice versa
- read_row_expect_success(row_A_name, row_A_label, row_B_label);
- read_row_expect_success(row_B_name, row_B_label, row_A_label);
-}
+BOOST_AUTO_TEST_CASE(DBtestBackend) {
+ DB::Row rowPattern = create_default_row();
+ rowPattern.data = RawBuffer(32, 1);
+ rowPattern.dataSize = rowPattern.data.size();
+ rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1);
+ rowPattern.backendId = CryptoBackend::OpenSSL;
+ check_DB_integrity(rowPattern);
-BOOST_AUTO_TEST_CASE(DBremoveDataCheckIfPermissionIsRemoved)
-{
- Name row_A_name, row_B_name, row_C_name;
- Label row_A_label, row_B_label, row_C_label;
- generate_name(0, row_A_name); generate_label(0, row_A_label);
- generate_name(1, row_B_name); generate_label(1, row_B_label);
- generate_name(2, row_C_name); generate_label(2, row_C_label);
-
- // insert initial data set
- insert_row(row_A_name, row_A_label);
- insert_row(row_B_name, row_B_label);
- insert_row(row_C_name, row_C_label);
- add_permission(row_A_name, row_A_label, row_B_label);
- add_permission(row_B_name, row_B_label, row_A_label);
- // to test multiple permissions removal
- // put intentionally after row_B_name permission entry
- add_permission(row_A_name, row_A_label, row_C_label);
-
- // B should have access to A, same as A have access to B
- // read row A from label B and vice versa
- read_row_expect_success(row_A_name, row_A_label, row_B_label);
- read_row_expect_success(row_A_name, row_A_label, row_C_label);
- read_row_expect_success(row_B_name, row_B_label, row_A_label);
- read_row_expect_fail(row_B_name, row_B_label, row_C_label);
-
- // remove data A - expect permissions for B and C to be removed as well
- delete_row(row_A_name, row_A_label, row_A_label);
- // insert it again - expect permissions for label B and C not to be there anymore
- insert_row(row_A_name, row_A_label);
-
- // read row A from label B and vice versa
- read_row_expect_fail(row_A_name, row_A_label, row_B_label);
- read_row_expect_fail(row_A_name, row_A_label, row_C_label);
- read_row_expect_success(row_B_name, row_B_label, row_A_label);
-
- // remove data B - expect permission to be removed as well
- delete_row(row_B_name, row_B_label, row_B_label);
- // insert it again - expect permissions for label A not to be there anymore
- insert_row(row_B_name, row_B_label);
-
- // read row A from label B and vice versa
- read_row_expect_fail(row_A_name, row_A_label, row_B_label);
- read_row_expect_fail(row_A_name, row_A_label, row_C_label);
- read_row_expect_fail(row_B_name, row_B_label, row_A_label);
-
- // sanity check: data exists
- read_row_expect_success(row_A_name, row_A_label, row_A_label);
- read_row_expect_success(row_B_name, row_B_label, row_B_label);
+ rowPattern.backendId = CryptoBackend::TrustZone;
+ check_DB_integrity(rowPattern);
+
+ rowPattern.backendId = CryptoBackend::None;
+ check_DB_integrity(rowPattern);
}
+
BOOST_AUTO_TEST_SUITE_END()
BOOST_AUTO_TEST_CASE(DBperfAddNames)
{
// actual test
- performance_start("saveDBRow");
+ performance_start("saveRow");
{
generate_perf_DB(c_num_names_add_test, c_names_per_label);
}
Label label;
// actual test - successful lookup
- performance_start("getDBRow");
+ performance_start("getRow");
for(unsigned int t=0; t<c_test_retries; t++)
{
int label_num = rand() % num_labels;
for(unsigned int name_num=start_name; name_num<(start_name+c_names_per_label); name_num++)
{
generate_name(name_num, name);
- read_row_expect_success(name, label, label);
+ read_row_expect_success(name, label);
}
}
performance_stop(c_test_retries * c_num_names);
}
-BOOST_AUTO_TEST_CASE(DBperfLookupAliasByNotAllowed)
-{
- // prepare data
- generate_perf_DB(c_num_names, c_names_per_label);
-
- Name name;
- Label owner_label;
- Label smack_label;
- const unsigned int unavailable_label_idx = (c_num_names/c_names_per_label) + 1;
- generate_label(unavailable_label_idx, smack_label);
-
- // actual test - failure lookup
- performance_start("getDBRow");
- for(unsigned int t=0; t<c_test_retries; t++)
- {
- int name_idx = rand()%c_num_names;
- generate_name(name_idx, name);
- generate_label(name_idx/c_names_per_label, owner_label);
-
- read_row_expect_fail(name, owner_label, smack_label);
- }
- performance_stop(c_test_retries * c_num_names);
-}
-
BOOST_AUTO_TEST_CASE(DBperfLookupAliasRandomOwnershipNoPermissions)
{
// prepare data
unsigned int num_labels = c_num_names / c_names_per_label;
// actual test - random lookup
- performance_start("getDBRow");
+ performance_start("getRow");
for(unsigned int t=0; t<c_test_retries; t++)
{
int name_idx = rand()%c_num_names;
generate_label(rand()%num_labels, smack_label);
// do not care of result
- m_db.getDBRow(name, owner_label, smack_label, DBDataType::BINARY_DATA);
+ m_db.getRow(name, owner_label, DataType::BINARY_DATA);
}
performance_stop(c_test_retries * c_num_names);
}
generate_perf_DB(c_num_names, c_names_per_label);
// actual test - add access rights
- performance_start("setAccessRights");
+ performance_start("setPermission");
long iterations = add_full_access_rights(c_num_names, c_names_per_label);
performance_stop(iterations);
}
-BOOST_AUTO_TEST_CASE(DBperfLookupAliasRandomOwnershipWithPermissions)
-{
- // prepare data
- generate_perf_DB(c_num_names, c_names_per_label);
- add_full_access_rights(c_num_names, c_names_per_label);
-
- Name name;
- Label owner_label;
- Label smack_label;
- unsigned int num_labels = c_num_names / c_names_per_label;
-
- // actual test - random lookup
- performance_start("getDBRow/perm");
- for(unsigned int t=0; t<c_test_retries; t++)
- {
- int name_idx = rand()%c_num_names;
- generate_name(name_idx, name);
- generate_label(name_idx/c_names_per_label, owner_label);
- generate_label(rand()%num_labels, smack_label);
-
- read_row_expect_success(name, owner_label, smack_label);
- }
- performance_stop(c_test_retries * c_num_names);
-}
-
BOOST_AUTO_TEST_CASE(DBperfAliasRemoval)
{
// prepare data
add_full_access_rights(c_num_names, c_names_per_label);
// actual test - random lookup
- performance_start("deleteDBRow");
+ performance_start("deleteRow");
Name name;
Label label;
for(unsigned int t=0; t<c_num_names; t++)
generate_name(t, name);
generate_label(t/c_names_per_label, label);
- BOOST_REQUIRE_NO_THROW(m_db.deleteDBRow(name, label, label));
+ BOOST_REQUIRE_NO_THROW(m_db.deleteRow(name, label));
}
performance_stop(c_num_names);
{
generate_label(l, label);
LabelNameVector expect_no_data;
- BOOST_REQUIRE_NO_THROW(m_db.getNames(label, DBDataType::BINARY_DATA, expect_no_data));
+ BOOST_REQUIRE_NO_THROW(m_db.listNames(label, expect_no_data, DataType::BINARY_DATA));
BOOST_REQUIRE(0 == expect_no_data.size());
}
}
Label label;
// actual test - random lookup
- performance_start("getNames");
+ performance_start("listNames");
for(unsigned int t=0; t<(c_test_retries/num_labels); t++)
{
LabelNameVector ret_list;
generate_label(rand()%num_labels, label);
- BOOST_REQUIRE_NO_THROW(m_db.getNames(label, DBDataType::BINARY_DATA, ret_list));
+ BOOST_REQUIRE_NO_THROW(m_db.listNames(label, ret_list, DataType::BINARY_DATA));
BOOST_REQUIRE(c_num_names == ret_list.size());
ret_list.clear();
}
performance_stop(c_test_retries/num_labels);
}
+BOOST_AUTO_TEST_SUITE_END()
+
+
+BOOST_AUTO_TEST_SUITE(DBCRYPTO_MIGRATION_TEST)
+namespace
+{
+const unsigned migration_names = 16107;
+const unsigned migration_labels = 273;
+const unsigned migration_reference_label_idx = 0;
+const unsigned migration_accessed_element_idx = 7;
+
+void verifyDBisValid(DBFixture & fixture)
+{
+ /**
+ * there are (migration_labels), each having (migration_names)/(migration_labels) entries.
+ * reference label (migration_reference_label_idx) exists such that it has access to
+ * all others' label element with index (migration_accessed_element_idx).
+ *
+ * Example:
+ * - migration_label_63 has access to all items owned by migration_label_63,
+ * which gives (migration_names)/(migration_labels) entries.
+ *
+ * - migration_label_0 (0 is the reference label) has access to all items
+ * owned by migration_label_0 and all others' label element index 7,
+ * which gives (migration_names)/(migration_labels) + (migration_labels-1) entries.
+ *
+ */
+ Label reference_label;
+ fixture.generate_label(migration_reference_label_idx, reference_label);
+
+ // check number of elements accessible to the reference label
+ LabelNameVector ret_list;
+ BOOST_REQUIRE_NO_THROW(fixture.m_db.listNames(reference_label, ret_list, DataType::BINARY_DATA));
+ BOOST_REQUIRE((migration_names/migration_labels)/*own items*/ + (migration_labels-1)/*other labels'*/ == ret_list.size());
+ ret_list.clear();
+
+ // check number of elements accessible to the other labels
+ for(unsigned int l=0; l<migration_labels; l++)
+ {
+ // bypass the reference owner label
+ if(l == migration_reference_label_idx)
+ continue;
+
+ Label current_label;
+ fixture.generate_label(l, current_label);
+ BOOST_REQUIRE_NO_THROW(fixture.m_db.listNames(current_label, ret_list, DataType::BINARY_DATA));
+ BOOST_REQUIRE((migration_names/migration_labels) == ret_list.size());
+ for(auto it: ret_list)
+ BOOST_REQUIRE(it.first == current_label);
+ ret_list.clear();
+ }
+}
+
+struct DBVer1Migration : public DBFixture
+{
+ DBVer1Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver1.db")
+ {}
+};
+
+struct DBVer2Migration : public DBFixture
+{
+ DBVer2Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver2.db")
+ {}
+};
+
+struct DBVer3Migration : public DBFixture
+{
+ DBVer3Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver3.db")
+ {}
+};
+}
+
+BOOST_AUTO_TEST_CASE(DBMigrationDBVer1)
+{
+ DBVer1Migration DBver1;
+ verifyDBisValid(DBver1);
+}
+
+BOOST_AUTO_TEST_CASE(DBMigrationDBVer2)
+{
+ DBVer2Migration DBver2;
+ verifyDBisValid(DBver2);
+}
+
+BOOST_AUTO_TEST_CASE(DBMigrationDBVer3)
+{
+ DBVer3Migration DBver3;
+ verifyDBisValid(DBver3);
+}
+
+BOOST_AUTO_TEST_CASE(DBMigrationDBCurrent)
+{
+ DBFixture currentDB;
+
+ // prepare data using current DB mechanism
+ Label reference_label;
+ currentDB.generate_label(migration_reference_label_idx, reference_label);
+ {
+ currentDB.generate_perf_DB(migration_names, migration_names/migration_labels);
+
+ // only the reference label has access to the other labels element <migration_accessed_element_idx>
+ for(unsigned int l=0; l<migration_labels; l++)
+ {
+ // bypass the reference owner label
+ if(l == migration_reference_label_idx)
+ continue;
+
+ unsigned element_index = migration_accessed_element_idx + l*migration_names/migration_labels;
+
+ // add permission
+ Name accessed_name;
+ currentDB.generate_name(element_index, accessed_name);
+ Label current_label;
+ currentDB.generate_label(l, current_label);
+ currentDB.add_permission(accessed_name, current_label, reference_label);
+ }
+ }
+
+ verifyDBisValid(currentDB);
+}
BOOST_AUTO_TEST_SUITE_END()
projects / platform / core / security / key-manager.git / blobdiff