#include <test_common.h>
#include <iostream>
-const CKM::Password PASSWORD = "12345TIZEN12345AAAAAAAAA";
-const CKM::Password INCORRECT_PASSWORD = "AAAAAAAAAAAAAAAAAAAAA";
-const CKM::Password NEW_PASSWORD = "NEW12345TIZEN12345NEW";
+using namespace CKM;
-const std::string USERNAME_SHORT = "AB";
-const std::string USERNAME_LONG = "SOFTWARE_CENTER_SYSTEM_SW_LAB";
-const std::string CLIENT_ID_1 = "SAMPLE_CLIENT_ID_1";
-const std::string CLIENT_ID_2 = "SAMPLE_CLIENT_ID_2";
+namespace {
+const Password PASSWORD = "12345TIZEN12345AAAAAAAAA";
+const Password INCORRECT_PASSWORD = "AAAAAAAAAAAAAAAAAAAAA";
+const Password NEW_PASSWORD = "NEW12345TIZEN12345NEW";
+
+const std::string USERNAME = "SOFTWARE_CENTER_SYSTEM_SW_LAB";
+const std::string CLIENT_ID = "SAMPLE_CLIENT_ID_1";
+
+RawBuffer makeDefaultWrappedDomainKEK()
+{
+ RawBuffer wdkek;
+ BOOST_REQUIRE_NO_THROW(wdkek = KeyProvider::generateDomainKEK(USERNAME, PASSWORD));
+ BOOST_REQUIRE(!wdkek.empty());
+ return wdkek;
+}
+
+KeyProvider makeDefaultKeyProvider()
+{
+ KeyProvider kp;
+ RawBuffer wdkek = makeDefaultWrappedDomainKEK();
+
+ BOOST_REQUIRE_NO_THROW(kp = KeyProvider(wdkek, PASSWORD));
+ BOOST_REQUIRE_MESSAGE(kp.isInitialized(), "KeyProvider created, but uninitialized");
+ return kp;
+}
+
+} // anonymous namespace
BOOST_AUTO_TEST_SUITE(KEY_PROVIDER_TEST)
-POSITIVE_TEST_CASE(KeyDomainKEK)
+
+NEGATIVE_TEST_CASE(KeyProvider_wrong_size)
+{
+ RawBuffer wdkek = makeDefaultWrappedDomainKEK();
+
+ wdkek.push_back(0);
+ BOOST_REQUIRE_THROW(KeyProvider(wdkek, PASSWORD), Exc::InternalError);
+
+ wdkek.pop_back();
+ wdkek.pop_back();
+ BOOST_REQUIRE_THROW(KeyProvider(wdkek, PASSWORD), Exc::InternalError);
+}
+
+NEGATIVE_TEST_CASE(KeyProvider_garbage)
{
- CKM::KeyProvider keyProvider;
- CKM::RawBuffer rb_test;
- BOOST_REQUIRE_NO_THROW(rb_test =
- CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
- BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD));
- BOOST_REQUIRE_MESSAGE(keyProvider.isInitialized(),
- "KeyProvider created, but uninitialized");
+ BOOST_REQUIRE_THROW(KeyProvider(RawBuffer(sizeof(WrappedKeyAndInfo)), PASSWORD),
+ Exc::AuthenticationFailed);
}
-NEGATIVE_TEST_CASE(KeyDomainKekInvalidPassword)
+NEGATIVE_TEST_CASE(KeyDomainKek_invalid_password)
{
- CKM::KeyProvider keyProvider;
- CKM::RawBuffer rb_test;
- BOOST_REQUIRE_NO_THROW(rb_test =
- CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
- BOOST_REQUIRE_THROW(keyProvider = CKM::KeyProvider(rb_test, INCORRECT_PASSWORD),
- CKM::Exc::AuthenticationFailed);
- BOOST_REQUIRE_MESSAGE(!keyProvider.isInitialized(),
- "KeyProvider not created, but initialized");
+ KeyProvider kp;
+ RawBuffer wdkek = makeDefaultWrappedDomainKEK();
+
+ BOOST_REQUIRE_THROW(kp = KeyProvider(wdkek, INCORRECT_PASSWORD), Exc::AuthenticationFailed);
+ BOOST_REQUIRE_MESSAGE(!kp.isInitialized(), "KeyProvider not created, but initialized");
}
POSITIVE_TEST_CASE(KeygetPureDomainKEK)
{
- CKM::KeyProvider keyProvider;
- CKM::RawBuffer rb_test;
- BOOST_REQUIRE_NO_THROW(rb_test =
- CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
- BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD));
- BOOST_REQUIRE_MESSAGE(keyProvider.isInitialized(),
- "KeyProvider created, but uninitialized");
- BOOST_REQUIRE_NO_THROW(rb_test = keyProvider.getPureDomainKEK());
+ KeyProvider kp = makeDefaultKeyProvider();
+ RawBuffer dkek;
+
+ BOOST_REQUIRE_NO_THROW(dkek = kp.getPureDomainKEK());
+ BOOST_REQUIRE(dkek.size() <= MAX_KEY_SIZE);
+}
+
+NEGATIVE_TEST_CASE(KeygetPureDomainKEK_uninitialized)
+{
+ KeyProvider kp;
+
+ BOOST_REQUIRE_THROW(kp.getPureDomainKEK(), Exc::InternalError);
}
POSITIVE_TEST_CASE(KeyGetWrappedDomainKEK)
{
- CKM::KeyProvider keyProvider;
- CKM::RawBuffer rb_test;
- BOOST_REQUIRE_NO_THROW(rb_test =
- CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
- BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD));
- BOOST_REQUIRE_MESSAGE(keyProvider.isInitialized(),
- "KeyProvider created, but uninitialized");
- BOOST_REQUIRE_NO_THROW(rb_test = keyProvider.getWrappedDomainKEK(PASSWORD));
+ KeyProvider kp = makeDefaultKeyProvider();
+ RawBuffer wdkek;
+
+ BOOST_REQUIRE_NO_THROW(wdkek = kp.getWrappedDomainKEK("whatever"));
+ BOOST_REQUIRE(!wdkek.empty());
+}
+
+NEGATIVE_TEST_CASE(KeyGetWrappedDomainKEK_uninitialized)
+{
+ KeyProvider kp;
+ BOOST_REQUIRE_THROW(kp.getWrappedDomainKEK("whatever"), Exc::InternalError);
}
POSITIVE_TEST_CASE(KeyGenerateDEK)
{
- CKM::KeyProvider keyProvider;
- CKM::RawBuffer rb_test;
- CKM::RawBuffer rb_DEK1;
- BOOST_REQUIRE_NO_THROW(rb_test =
- CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
- BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD));
- BOOST_REQUIRE_MESSAGE(keyProvider.isInitialized(),
- "KeyProvider created, but uninitialized");
- BOOST_REQUIRE_NO_THROW(rb_DEK1 = keyProvider.generateDEK(CLIENT_ID_1));
+ KeyProvider kp = makeDefaultKeyProvider();
+ RawBuffer wdek;
+
+ BOOST_REQUIRE_NO_THROW(wdek = kp.generateDEK(CLIENT_ID));
+ BOOST_REQUIRE(!wdek.empty());
+}
+
+NEGATIVE_TEST_CASE(KeyGenerateDEK_uninitialized)
+{
+ KeyProvider kp;
+
+ BOOST_REQUIRE_THROW(kp.generateDEK(CLIENT_ID), Exc::InternalError);
}
POSITIVE_TEST_CASE(KeyGetPureDEK)
{
- CKM::KeyProvider keyProvider;
- CKM::RawBuffer rb_pureDEK1;
- CKM::RawBuffer rb_DEK1;
- CKM::RawBuffer rb_test;
- BOOST_REQUIRE_NO_THROW(rb_test =
- CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
- BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD));
- BOOST_REQUIRE_MESSAGE(keyProvider.isInitialized(),
- "KeyProvider created, but uninitialized");
- BOOST_REQUIRE_NO_THROW(rb_DEK1 = keyProvider.generateDEK(CLIENT_ID_1));
- BOOST_REQUIRE_NO_THROW(rb_pureDEK1 = keyProvider.getPureDEK(rb_DEK1));
+ KeyProvider kp = makeDefaultKeyProvider();
+ RawBuffer wdek, dek;
+
+ BOOST_REQUIRE_NO_THROW(wdek = kp.generateDEK(CLIENT_ID));
+ BOOST_REQUIRE(!wdek.empty());
+
+ BOOST_REQUIRE_NO_THROW(dek = kp.getPureDEK(wdek));
+ BOOST_REQUIRE(dek.size() <= MAX_KEY_SIZE);
+}
+
+NEGATIVE_TEST_CASE(KeyGetPureDEK_uninitialized)
+{
+ KeyProvider kp;
+ RawBuffer wdek(sizeof(WrappedKeyAndInfo));
+
+ BOOST_REQUIRE_THROW(kp.getPureDEK(wdek), Exc::InternalError);
+}
+
+NEGATIVE_TEST_CASE(KeyGetPureDEK_wrong_size)
+{
+ KeyProvider kp = makeDefaultKeyProvider();
+ RawBuffer wdek;
+
+ BOOST_REQUIRE_NO_THROW(wdek = kp.generateDEK(CLIENT_ID));
+
+ wdek.push_back(0);
+ BOOST_REQUIRE_THROW(kp.getPureDEK(wdek), Exc::InternalError);
+
+ wdek.pop_back();
+ wdek.pop_back();
+ BOOST_REQUIRE_THROW(kp.getPureDEK(wdek), Exc::InternalError);
+}
+
+NEGATIVE_TEST_CASE(KeyGetPureDEK_garbage)
+{
+ KeyProvider kp = makeDefaultKeyProvider();
+ RawBuffer wdek(sizeof(WrappedKeyAndInfo));
+
+ BOOST_REQUIRE_THROW(kp.getPureDEK(wdek), Exc::InternalError);
}
POSITIVE_TEST_CASE(KeyReencrypt)
{
- CKM::RawBuffer rb_test;
- BOOST_REQUIRE_NO_THROW(rb_test =
- CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
- BOOST_REQUIRE_NO_THROW(CKM::KeyProvider::reencrypt(rb_test, PASSWORD,
- NEW_PASSWORD));
+ RawBuffer wdkek = makeDefaultWrappedDomainKEK();
+ RawBuffer wdkek2;
+
+ BOOST_REQUIRE_NO_THROW(wdkek2 = KeyProvider::reencrypt(wdkek, PASSWORD, NEW_PASSWORD));
+ BOOST_REQUIRE(!wdkek2.empty());
}
NEGATIVE_TEST_CASE(KeyReencrypt_incorrect_password)
{
- CKM::RawBuffer rb_test;
- BOOST_REQUIRE_NO_THROW(rb_test =
- CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
- BOOST_REQUIRE_THROW((rb_test = CKM::KeyProvider::reencrypt(rb_test,
- INCORRECT_PASSWORD,
- NEW_PASSWORD)), CKM::Exc::AuthenticationFailed);
+ RawBuffer wdkek = makeDefaultWrappedDomainKEK();
+ BOOST_REQUIRE_THROW(KeyProvider::reencrypt(wdkek, INCORRECT_PASSWORD, NEW_PASSWORD),
+ Exc::AuthenticationFailed);
+}
+
+NEGATIVE_TEST_CASE(KeyReencrypt_wrong_size)
+{
+ RawBuffer wdkek = makeDefaultWrappedDomainKEK();
+
+ wdkek.push_back(0);
+ BOOST_REQUIRE_THROW(KeyProvider::reencrypt(wdkek, PASSWORD, NEW_PASSWORD), Exc::InternalError);
+
+ wdkek.pop_back();
+ wdkek.pop_back();
+ BOOST_REQUIRE_THROW(KeyProvider::reencrypt(wdkek, PASSWORD, NEW_PASSWORD), Exc::InternalError);
}
POSITIVE_TEST_CASE(KeyGetPureDEK_after_reencrypt)
{
- CKM::KeyProvider keyProvider;
- CKM::RawBuffer rb_DEK1;
- CKM::RawBuffer rb_test;
- BOOST_REQUIRE_NO_THROW(rb_test =
- CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
- BOOST_REQUIRE_NO_THROW(keyProvider = CKM::KeyProvider(rb_test, PASSWORD));
- BOOST_REQUIRE_NO_THROW(rb_DEK1 = keyProvider.generateDEK(CLIENT_ID_1));
- BOOST_REQUIRE_NO_THROW(keyProvider.getPureDEK(rb_DEK1));
+ KeyProvider kp;
+ RawBuffer wdek, dek, wdkek2;
+ RawBuffer wdkek = makeDefaultWrappedDomainKEK();
+
+ BOOST_REQUIRE_NO_THROW(wdkek2 = KeyProvider::reencrypt(wdkek, PASSWORD, NEW_PASSWORD));
+ BOOST_REQUIRE(!wdkek2.empty());
+
+ BOOST_REQUIRE_NO_THROW(kp = KeyProvider(wdkek2, NEW_PASSWORD));
+
+ BOOST_REQUIRE_NO_THROW(wdek = kp.generateDEK(CLIENT_ID));
+ BOOST_REQUIRE(!wdek.empty());
+
+ BOOST_REQUIRE_NO_THROW(dek = kp.getPureDEK(wdek));
+ BOOST_REQUIRE(dek.size() <= MAX_KEY_SIZE);
}
POSITIVE_TEST_CASE(wrapped_container)
{
- CKM::WrappedKeyAndInfoContainer wrappedContainer;
+ WrappedKeyAndInfoContainer wkic;
auto salt = createRandom(20);
- BOOST_REQUIRE_NO_THROW(wrappedContainer.setKeyInfoSalt(salt.data(), salt.size()));
- BOOST_REQUIRE_NO_THROW(wrappedContainer.setKeyInfoClient("key_info_client"));
-
- CKM::WrappedKeyAndInfoContainer wrappedContainer2;
- BOOST_REQUIRE_NO_THROW(
- wrappedContainer2.setKeyInfo(&wrappedContainer.getWrappedKeyAndInfo().keyInfo));
-
- BOOST_REQUIRE(
- wrappedContainer.getWrappedKeyAndInfo().keyInfo.keyLength ==
- wrappedContainer2.getWrappedKeyAndInfo().keyInfo.keyLength);
- BOOST_REQUIRE(memcmp(
- wrappedContainer.getWrappedKeyAndInfo().keyInfo.salt,
- wrappedContainer2.getWrappedKeyAndInfo().keyInfo.salt,
- sizeof(wrappedContainer.getWrappedKeyAndInfo().keyInfo.salt)) == 0);
- BOOST_REQUIRE(memcmp(
- wrappedContainer.getWrappedKeyAndInfo().keyInfo.client,
- wrappedContainer2.getWrappedKeyAndInfo().keyInfo.client,
- sizeof(wrappedContainer.getWrappedKeyAndInfo().keyInfo.client)) == 0);
-
- CKM::WrappedKeyAndInfo wrapped3;
- wrapped3.keyInfo.keyLength = MAX_WRAPPED_KEY_SIZE;
- BOOST_REQUIRE_NO_THROW(CKM::WrappedKeyAndInfoContainer wrappedContainer3(
- reinterpret_cast<unsigned char*>(&wrapped3)));
+ BOOST_REQUIRE_NO_THROW(wkic.setKeyInfoSalt(salt.data(), salt.size()));
+ BOOST_REQUIRE_NO_THROW(wkic.setKeyInfoClient("key_info_client"));
+
+ WrappedKeyAndInfoContainer wkic2;
+ BOOST_REQUIRE_NO_THROW(wkic2.setKeyInfo(&wkic.getWrappedKeyAndInfo().keyInfo));
+
+ BOOST_REQUIRE(wkic.getWrappedKeyAndInfo().keyInfo.keyLength ==
+ wkic2.getWrappedKeyAndInfo().keyInfo.keyLength);
+ BOOST_REQUIRE(memcmp(wkic.getWrappedKeyAndInfo().keyInfo.salt,
+ wkic2.getWrappedKeyAndInfo().keyInfo.salt,
+ sizeof(wkic.getWrappedKeyAndInfo().keyInfo.salt)) == 0);
+ BOOST_REQUIRE(memcmp(wkic.getWrappedKeyAndInfo().keyInfo.client,
+ wkic2.getWrappedKeyAndInfo().keyInfo.client,
+ sizeof(wkic.getWrappedKeyAndInfo().keyInfo.client)) == 0);
+
+ WrappedKeyAndInfo wki;
+ wki.keyInfo.keyLength = MAX_WRAPPED_KEY_SIZE;
+ BOOST_REQUIRE_NO_THROW(WrappedKeyAndInfoContainer(reinterpret_cast<unsigned char*>(&wki)));
}
NEGATIVE_TEST_CASE(wrapped_container)
{
- CKM::WrappedKeyAndInfoContainer wrappedContainer;
+ WrappedKeyAndInfoContainer wkic;
- BOOST_REQUIRE_THROW(wrappedContainer.setKeyInfoClient("key_info_client_waaaaay_too_long"),
- CKM::Exc::InternalError);
+ BOOST_REQUIRE_THROW(wkic.setKeyInfoClient("key_info_client_waaaaay_too_long"),
+ Exc::InternalError);
- CKM::WrappedKeyAndInfo wrapped3;
+ WrappedKeyAndInfo wki;
+ wki.keyInfo.keyLength = MAX_WRAPPED_KEY_SIZE + 1;
+ BOOST_REQUIRE_THROW(WrappedKeyAndInfoContainer(reinterpret_cast<unsigned char*>(&wki)),
+ Exc::InternalError);
- wrapped3.keyInfo.keyLength = MAX_WRAPPED_KEY_SIZE + 1;
- BOOST_REQUIRE_THROW(CKM::WrappedKeyAndInfoContainer wrappedContainer3(
- reinterpret_cast<unsigned char*>(&wrapped3)),
- CKM::Exc::InternalError);
-
- // missing NULL termination in wrapped4.keyInfo.client
- CKM::WrappedKeyAndInfo wrapped4;
- memset(&wrapped4, 0x01, sizeof(CKM::WrappedKeyAndInfo));
- BOOST_REQUIRE_THROW(CKM::WrappedKeyAndInfoContainer wrappedContainer3(
- reinterpret_cast<unsigned char*>(&wrapped4)),
- CKM::Exc::InternalError);
+ // missing NULL termination in wki2.keyInfo.client
+ WrappedKeyAndInfo wki2;
+ memset(&wki2, 0x01, sizeof(WrappedKeyAndInfo));
+ BOOST_REQUIRE_THROW(WrappedKeyAndInfoContainer(reinterpret_cast<unsigned char*>(&wki2)),
+ Exc::InternalError);
}
POSITIVE_TEST_CASE(container)
{
- CKM::KeyAndInfoContainer container;
- BOOST_REQUIRE_NO_THROW(container.setKeyInfoKeyLength(10));
+ KeyAndInfoContainer kic;
+ BOOST_REQUIRE_NO_THROW(kic.setKeyInfoKeyLength(10));
- CKM::KeyAndInfoContainer container2;
- BOOST_REQUIRE_NO_THROW(container2.setKeyInfo(&container.getKeyAndInfo().keyInfo));
+ KeyAndInfoContainer kic2;
+ BOOST_REQUIRE_NO_THROW(kic2.setKeyInfo(&kic.getKeyAndInfo().keyInfo));
- BOOST_REQUIRE(
- container.getKeyAndInfo().keyInfo.keyLength ==
- container2.getKeyAndInfo().keyInfo.keyLength);
+ BOOST_REQUIRE(kic.getKeyAndInfo().keyInfo.keyLength == kic2.getKeyAndInfo().keyInfo.keyLength);
}
POSITIVE_TEST_CASE(moves)
{
- CKM::KeyProvider provider;
+ KeyProvider kp = makeDefaultKeyProvider();
+ RawBuffer dkek;
+
+ BOOST_REQUIRE_NO_THROW(dkek = kp.getPureDomainKEK());
+ BOOST_REQUIRE(dkek.size() <= MAX_KEY_SIZE);
try {
- CKM::KeyProvider provider2(std::move(provider));
- CKM::KeyProvider provider3 = std::move(provider2);
+ KeyProvider kp2(std::move(kp));
+ KeyProvider kp3 = std::move(kp2);
+
+ BOOST_REQUIRE(!kp.isInitialized());
+ BOOST_REQUIRE(!kp2.isInitialized());
+ BOOST_REQUIRE(kp3.isInitialized());
+
+ RawBuffer dkek3;
+ BOOST_REQUIRE_NO_THROW(dkek3 = kp3.getPureDomainKEK());
+ BOOST_REQUIRE(dkek == dkek3);
} catch (...) {
BOOST_REQUIRE_MESSAGE(false, "Unknown exception on moving KeyProvider");
}
}
+NEGATIVE_TEST_CASE(moves)
+{
+ KeyProvider kp = makeDefaultKeyProvider();
+ KeyProvider kp2(std::move(kp));
+
+ BOOST_REQUIRE_THROW(kp.getPureDomainKEK(), Exc::InternalError);
+}
+
BOOST_AUTO_TEST_SUITE_END()
projects / platform / core / security / key-manager.git / commitdiff