Notice: This commit is temporary quick fix for only-cap.
Test cases should be separated to normal cases and
smack label of self change needed cases for testing
unprivileged(without any of capability) client.
- Change smack label to System::Privileged
- Reduce key-manager test app lables
- Add ckm test script for running on onlycap (ckm-tests-on-onlycap.sh).
Usage is same to ordinary ckm-tests because it propagates all params
and forwards them to ckm-tests
Change-Id: I3babb11d010eff13c35042107af215b3932f4f2e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
<filesystem path="/usr/bin/libsmack-test" exec_label="_" />
<filesystem path="/usr/bin/security-manager-tests" exec_label="_" />
<filesystem path="/usr/bin/cynara-tests" exec_label="_" />
- <filesystem path="/usr/bin/ckm-tests" exec_label="User" />
- <filesystem path="/usr/bin/ckm-tests" exec_label="System" />
+ <filesystem path="/usr/bin/ckm-tests" exec_label="System::Privileged" />
</assign>
<request>
<domain name="_" />
/usr/apps/*
/usr/bin/cynara-test
/usr/bin/ckm-tests
+/usr/bin/ckm-tests-on-onlycap.sh
/usr/bin/ckm-integration-tests
%{ckm_test_dir}/*
/etc/security-tests
# Dependencies
PKG_CHECK_MODULES(CKM_DEP
+ REQUIRED
libsmack
key-manager
dbus-1
- vconf
- REQUIRED)
+ vconf)
# Targets definition
)
INCLUDE_DIRECTORIES(SYSTEM ${CKM_DEP_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/common/ )
-INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/ckm/ )
+INCLUDE_DIRECTORIES(
+ ${PROJECT_SOURCE_DIR}/src/common
+ ${PROJECT_SOURCE_DIR}/src/ckm
+)
ADD_EXECUTABLE(${TARGET_CKM_TESTS} ${CKM_SOURCES})
# Installation
INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
+INSTALL(FILES ckm-tests-on-onlycap.sh
+ DESTINATION bin
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE
+ GROUP_READ GROUP_EXECUTE
+ WORLD_READ WORLD_EXECUTE
+)
+
INSTALL(FILES
test1801.pkcs12
pkcs.p12
)
PKG_CHECK_MODULES(CKM_C_COMPILATION_DEP
- key-manager
- REQUIRED)
+ REQUIRED
+ key-manager)
ADD_EXECUTABLE(${TARGET_C_COMPILATION_TEST} ${C_COMPILATION_SOURCES})
8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
-----END PUBLIC KEY-----
</PEM>
- <Permission accessor="web_app1"/>
+ <Permission accessor="test_label"/>
</Key>
<Key name="test-key2" type="RSA_PRV" exportable="true">
<DER>
4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
Vx676FQrM4EzjSSqgA==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Key>
<Cert exportable="true" name="test-cert1">
<DER>
7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
kOg11TpPdNDkhb1J4ZCh2gupDg==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Cert>
<Data name="test-data1" exportable="true">
<ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Data>
<Key name="test-aes1" type="AES" exportable="true">
<Base64>
QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
</Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Key>
<!-- key below is encrypted using AES-CBC algorithm.
The key used is decrypted <EncryptionKey> provided above.
8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ==
-----END PUBLIC KEY-----
</PEM>
- <Permission accessor="web_app1"/>
+ <Permission accessor="test_label"/>
</Key>
<Key name="test2-key2" type="RSA_PRV" exportable="true">
<DER>
4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
Vx676FQrM4EzjSSqgA==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Key>
<Cert exportable="true" name="test2-cert1">
<DER>
7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
kOg11TpPdNDkhb1J4ZCh2gupDg==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Cert>
<Data name="test2-data1" exportable="true">
<ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Data>
<Key name="test2-aes1" type="AES" exportable="true">
<Base64>
QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
</Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Key>
</InitialValues>
<?xml version="1.0" encoding="UTF-8"?>
<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
<Key name="test3-key1" type="RSA_PUB" password="123">
- <Permission accessor="web_app1"/>
+ <Permission accessor="test_label"/>
<PEM>
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3
4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+
Vx676FQrM4EzjSSqgA==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Key>
<Cert exportable="true" name="test3-cert1">
<DER>
7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK
kOg11TpPdNDkhb1J4ZCh2gupDg==
</DER>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label_2"/>
</Cert>
<Data name="test3-data1" exportable="true">
<ASCII>My secret data</ASCII>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Data>
<Key name="test3-aes1" type="AES">
<Base64>
QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
</Base64>
- <Permission accessor="web_app1"/>
- <Permission accessor="web_app2"/>
+ <Permission accessor="test_label"/>
+ <Permission accessor="test_label_2"/>
</Key>
</InitialValues>
namespace {
-const char* TEST_LABEL = "test_label";
-const char* TEST_LABEL_2 = "test_label-2";
-
const char* TEST_DATA = "dsflsdkghkslhglrtghierhgilrehgidsafasdffsgfdgdgfdgfdgfdgfdggf";
const char* TEST_PASS = "test-pass";
const int GROUP_2 = 6200;
const char * const APP_PASS_1 = "app-pass-1";
const char * const APP_PASS_2 = "app-pass-2";
-const char* APP_LABEL_1 = "APP_LABEL_1";
-const char* APP_LABEL_2 = "APP_LABEL_2";
-const char* APP_LABEL_3 = "APP_LABEL_3";
-const char* APP_LABEL_4 = "APP_LABEL_4";
+const char* APP_LABEL_1 = TEST_LABEL;
+const char* APP_LABEL_2 = TEST_LABEL_2;
+const char* APP_LABEL_3 = TEST_LABEL_3;
+const char* APP_LABEL_4 = TEST_LABEL_4;
const char* NO_ALIAS = "definitely-non-existent-alias";
const int USER_APP = 5000;
const int GROUP_APP = 5000;
const char* USER_PASS = "user-pass";
-const char* TEST_LABEL = "test_label";
const char *const TEST_OBJECT1 = "OBJECT1";
const std::string TEST_ALIAS1 = aliasWithLabel(TEST_LABEL,TEST_OBJECT1);
const char* TEST_SYSTEM_ALIAS = "system-alias-1";
RUNNER_CHILD_TEST(T30207_user_app_save_RSA_key_C_API)
{
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T30208_user_app_save_AES_key_C_API)
{
- AccessProvider ap("mylabel");
+ AccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T30209_user_app_save_AES_key_passwd_C_API)
{
- AccessProvider ap("mylabel");
+ AccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T30210_app_user_save_RSA_keys_exportable_flag)
{
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T30211_app_user_save_AES_keys_exportable_flag)
{
- AccessProvider ap("mylabel");
+ AccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
{
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
{
int temp;
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
{
int temp;
- AccessProvider ap("mylabel");
+ AccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
//RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
-
RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS);
RUNNER_TEST(T3071_CAPI_init)
#include <unistd.h>
const std::string SMACK_USER_APP_PREFIX = "User::App::";
+const char *SYSTEM_LABEL = ckmc_owner_id_system;
+const char *TEST_LABEL = "test_label";
+const char *TEST_LABEL_2 = "test_label_2";
+const char *TEST_LABEL_3 = "test_label_3";
+const char *TEST_LABEL_4 = "test_label_4";
+const char *TEST_LABEL_5 = "test_label_5";
void generate_random(size_t random_bytes, char *output)
{
#include <sys/types.h>
extern const std::string SMACK_USER_APP_PREFIX;
+extern const char *SYSTEM_LABEL;
+extern const char *TEST_LABEL;
+extern const char *TEST_LABEL_2;
+extern const char *TEST_LABEL_3;
+extern const char *TEST_LABEL_4;
+extern const char *TEST_LABEL_5;
// support for error printing
const char * CKMCErrorToString(int error);
--- /dev/null
+#!/bin/sh
+
+# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file ckm-tests-on-onlycap.sh
+# @author Kyungwook Tak (k.tak@samsung.com)
+# @brief Run ckm-tests on onlycap environment
+#
+
+# push test app lables to onlycap label list
+echo "System::Privileged \
+ User::App::test_label \
+ User::App::test_label_2 \
+ User::App::test_label_3 \
+ User::App::test_label_4 \
+ User::App::test_label_5 \
+ System" > /sys/fs/smackfs/onlycap
+
+# set capability for changing smack label of self and add/remove smack rules
+setcap cap_mac_admin=eip /usr/bin/ckm-tests
+
+# run test
+ckm-tests "${@}" # propagate all arguments
void init(const std::string& str) {
RemoveDataEnv<UID>::init(str);
m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database
- m_sap = new ScopedAccessProvider("my-label"); // setup label
+ m_sap = new ScopedAccessProvider(TEST_LABEL); // setup label
// setup smack rules and switch user
m_sap->allowAPI("key-manager::api-storage", "rw");
const uid_t USER_APP = 5070;
const uid_t GROUP_APP = 5070;
const char* APP_PASS = "user-pass";
-const char* TEST_WEB_APP_1 = "web_app1";
-const char* TEST_WEB_APP_2 = "web_app2";
const char *XML_DEVICE_KEY = "device_key.xml";
RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
-RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP, RemoveDataEnv<0>)
+RUNNER_TEST(T6001_init)
{
// [prepare]
// remove database 0
// copy to the initial-values folder
- // [test0]
// check XML file exists
// restart the key-manager
- // check XML file exists - should fail
- // [test1]
- // check items existence as system service
- // [test2]
- // check items existence as web_app1
- // [test3]
- // check items existence as web_app2
-
+ // check XML file doesn't exist
- // [prepare]
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
+ copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
+ copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
+ copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
- // [test0]
test_exists(format_dest_path(XML_1_okay), true);
+ test_exists(format_dest_path(XML_2_okay), true);
+ test_exists(format_dest_path(XML_3_wrong), true);
+
restart_key_manager();
+
test_exists(format_dest_path(XML_1_okay), false);
+ test_exists(format_dest_path(XML_2_okay), false);
+ test_exists(format_dest_path(XML_3_wrong), false);
+}
+RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP)
+{
// [test1]
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
- check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
- check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
+ // check items existence as system service
+ // [test2]
+ // check items existence as TEST_LABEL
+ // [test3]
+ // check items existence as TEST_LABEL_2
+
+ // [test1]
+ {
+ ScopedAccessProvider ap(SYSTEM_LABEL);
+ ap.applyAndSwithToUser(0, 0);
+ check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
+ check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
+ check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
+ check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
+ check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
+ }
// [test2]
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_WEB_APP_1);
- ap.allowAPI("key-manager::api-storage", "rw");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
// [test3]
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap(TEST_WEB_APP_2);
- ap.allowAPI("key-manager::api-storage", "rw");
+ ScopedAccessProvider ap(TEST_LABEL_2);
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
}
}
-RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP, RemoveDataEnv<0>)
+RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP)
{
- // [prepare]
- // remove database 0
- // copy two files to the initial-values folder
- // [test0]
- // check XML files exist
- // restart the key-manager
- // check XML files exist - should fail
- // [test1]
+ // [test]
// check items existence as system service
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
-
- // [test0]
- test_exists(format_dest_path(XML_1_okay), true);
- test_exists(format_dest_path(XML_1_okay), true);
- restart_key_manager();
- test_exists(format_dest_path(XML_2_okay), false);
- test_exists(format_dest_path(XML_2_okay), false);
-
- // [test1]
check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA);
}
-RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP, RemoveDataEnv<0>)
+RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP)
{
- // [prepare]
- // remove database 0
- // copy failing XML file to the initial-values folder
- // [test0]
- // check XML files exist
- // restart the key-manager
- // check XML files exist - should fail
- // [test1]
+ // [test]
// check items existence as system service - nothing should be available
-
- // [prepare]
- copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
-
- // [test0]
- test_exists(format_dest_path(XML_3_wrong), true);
- restart_key_manager();
- test_exists(format_dest_path(XML_3_wrong), false);
-
- // [test1]
check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
}
-RUNNER_TEST(T6040_CHECK_KEYS_VALID, RemoveDataEnv<0>)
+RUNNER_TEST(T6040_CHECK_KEYS_VALID)
{
- // [prepare]
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
// [test]
// check if key can create & verify signature
-
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
- // [test]
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
ckmc_buffer_free(signature);
}
-RUNNER_TEST(T6050_ENCRYPTED_KEY, RemoveDataEnv<0>)
+RUNNER_TEST(T6050_ENCRYPTED_KEY)
{
// [prepare]
// to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
// to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
// [test0]
// check if encrypted private key is present
// check if public key is present
// create signature using the public key
// verify signature using the decrypted private key
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
// [test0]
check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), CKMC_KEY_RSA_PRIVATE);
check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), CKMC_KEY_RSA_PUBLIC);
ckmc_buffer_free(signature);
}
-RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA, RemoveDataEnv<0>)
+RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA)
{
// [prepare]
// to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
// to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
// [test0]
// extract data
// check if data matches the expected size and content
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
// [test0]
ckmc_raw_buffer_s *testData1;
int temp;
ckmc_buffer_free(testData1);
}
-RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA, RemoveDataEnv<0>)
+RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA)
{
// [prepare]
// to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
// to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
- // remove database 0
- // copy to the initial-values folder
- // restart the key-manager
// [test0]
// extract data
// check if data matches the expected size
- // [prepare]
- copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- restart_key_manager();
-
// [test0]
ckmc_raw_buffer_s *testData1;
int temp;
RUNNER_ASSERT_MSG(5918 /* src/ckm/keys/EIV/code.png */ == testData1->size, "invalid data size");
ckmc_buffer_free(testData1);
}
+
+RUNNER_TEST(T6999_deinit)
+{
+ remove_user_data(0);
+}
const char * const APP_PASS = "user-pass";
const int USER_TEST = 5001;
-const char* TEST_LABEL = "test_label";
const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
const CKM::AliasVector EMPTY_ALIAS_VECTOR;
RUNNER_CHILD_TEST(T1013_user_app_save_key)
{
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T1014_save_with_label)
{
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
{
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
{
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T1034_app_remove_bin_data)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- ScopedAccessProvider ap("mylabel-rsa");
+ ScopedAccessProvider ap(TEST_LABEL_2);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- ScopedAccessProvider ap("mylabel-rsa");
+ ScopedAccessProvider ap(TEST_LABEL_2);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- ScopedAccessProvider ap("mylabel-dsa");
+ ScopedAccessProvider ap(TEST_LABEL_3);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- AccessProvider ap("mylabel-aes");
+ AccessProvider ap(TEST_LABEL_4);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12101_key_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12102_saveKey_empty_alias)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12103_saveKey_foreign_label)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12104_saveKey_empty_key)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12105_saveCertificate_empty_alias)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12106_saveCertificate_foreign_label)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12108_saveData_empty_alias)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12109_saveData_foreign_label)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12110_saveData_empty_data)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12111_getKey_alias_not_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12113_getData_alias_not_exist)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12114_RSA_key_damaged)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12115_RSA_key_too_short)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12116_DSA_key_too_short)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12118_RSA_key_damaged_serviceTest)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_ASSERT_MSG(time(0) > 1405343457,
"Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
- ScopedLabel sl("System");
struct hostent* he = gethostbyname("google.com");
RUNNER_ASSERT_MSG(he != NULL, "There is problem with translate domain google.com into ip address. Probably network "
CKM::Alias certimAlias("CertIM");
{
ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAccessProvider ap("my-label");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
// actual test
{
ScopedDBUnlock unlock(USER_TEST, APP_PASS);
- ScopedAccessProvider ap("my-label");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
{
unlock_user_data(USER_TEST+1, "t170-special-password");
- ScopedAccessProvider ap("t170-special-label");
+ ScopedAccessProvider ap(TEST_LABEL_5);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
}
RUNNER_CHILD_TEST(T1702_insert_data)
{
int temp;
- ScopedAccessProvider ap("t170-special-label");
+ ScopedAccessProvider ap(TEST_LABEL_5);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
int tmp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL_5)),
"Error=" << CKMErrorToString(tmp));
}
RUNNER_CHILD_TEST(T1704_data_test)
{
int temp;
- ScopedAccessProvider ap("t170-special-label");
+ ScopedAccessProvider ap(TEST_LABEL_5);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
RUNNER_CHILD_TEST(T17102_prep_data_01)
{
int temp;
- ScopedAccessProvider ap("t1706-special-label");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17103_prep_data_02)
{
int temp;
- ScopedAccessProvider ap("t1706-special-label2");
+ ScopedAccessProvider ap(TEST_LABEL_2);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17104_prep_data_03)
{
int temp;
- ScopedAccessProvider ap("t1706-special-label");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
RUNNER_CHILD_TEST(T17105_prep_data_04)
{
int temp;
- ScopedAccessProvider ap("t1706-special-label2");
+ ScopedAccessProvider ap(TEST_LABEL_2);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
"Error=" << CKMErrorToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t1706-special-label")),
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData(TEST_LABEL)),
"Error=" << CKMErrorToString(tmp));
}
RUNNER_CHILD_TEST(T17107_check_data_01)
{
int temp;
- ScopedAccessProvider ap("t1706-special-label");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17108_check_data_02)
{
int temp;
- ScopedAccessProvider ap("t1706-special-label2");
+ ScopedAccessProvider ap(TEST_LABEL_2);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
RUNNER_CHILD_TEST(T17110_check_data_03)
{
int temp;
- ScopedAccessProvider ap("t1706-special-label");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
RUNNER_CHILD_TEST(T17111_check_data_04)
{
int temp;
- ScopedAccessProvider ap("t1706-special-label2");
+ ScopedAccessProvider ap(TEST_LABEL_2);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
const char* APP_PASS = "user-pass";
const char* TEST_ALIAS = "test-alias";
-const char* SYSTEM_LABEL = ckmc_owner_id_system;
const char* INVALID_LABEL = "coco-jumbo";
std::string TEST_SYSTEM_ALIAS = aliasWithLabel(SYSTEM_LABEL, TEST_ALIAS);
std::string TEST_SYSTEM_ALIAS_2 = aliasWithLabel(SYSTEM_LABEL, "test-alias-2");
-const char* TEST_LABEL = "test-label";
-const char* TEST_LABEL_2 = "test-label-2";
const char* TEST_DATA =
"Lorem Ipsum. At vero eos et accusamus et iusto odio dignissimos ducimus "
projects / platform / core / test / security-tests.git / commitdiff