Add test for using proper DKEK key to decrypt data.

Issue: another label is accessing data, while cached DKEK on data save
was already removed from the cache. This scenario was failing before
key-manager commit 4fe08778f9c31a698c6faace9b13fd6c5a4d9a7c.

Change-Id: I04c26c5ce5a86e83ab84ed78758984f7a0c2b5e4

diff --git a/tests/ckm/capi-access_control.cpp b/tests/ckm/capi-access_control.cpp
index b65a5d089f554442941fd3601ec132bb4531f741..baa8e5d5b172af9b4d22d33b6bf843ca47f59eed 100644 (file)
--- a/tests/ckm/capi-access_control.cpp
+++ b/tests/ckm/capi-access_control.cpp
@@ -553,6 +553,28 @@ RUNNER_TEST(T3030_manager_get_all_aliases)
     }
 }
 
+RUNNER_TEST(T3031_manager_test_decrypt_from_another_label)
+{
+    int temp;
+    CharPtr top_label = get_label();
+    ScopedSaveData ssd(TEST_ALIAS);
+
+    allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_AR_READ);
+    {
+        ScopedLabel sl(TEST_LABEL2);
+
+        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+
+        // remove the DKEK key - so that on read it must be added again
+        RUNNER_ASSERT_MSG_BT(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+                             "Error=" << temp);
+
+        // on this read, DKEK key will be added again
+        check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
+    }
+}
+
+
 /////////////////////////////////////////////////////////////////////////////
 // Control