Add additional checks to HAL security-certs tests

author Jakub Wlostowski <j.wlostowski@samsung.com>

Fri, 16 May 2025 13:09:53 +0000 (15:09 +0200)

committer Jakub Wlostowski <j.wlostowski@samsung.com>

Tue, 3 Jun 2025 13:17:56 +0000 (13:17 +0000)
author Jakub Wlostowski <j.wlostowski@samsung.com>
Fri, 16 May 2025 13:09:53 +0000 (15:09 +0200)
committer Jakub Wlostowski <j.wlostowski@samsung.com>
Tue, 3 Jun 2025 13:17:56 +0000 (13:17 +0000)
diff --git a/haltest/security-certs.cpp b/haltest/security-certs.cpp

index a56f9a7f16b8d1995c04c102d63d4afd941d9010..da3eefbd90fa985d4a18f92e0a65a046310bbdaf 100644 (file)
--- a/haltest/security-certs.cpp
+++ b/haltest/security-certs.cpp
@@ -16,6 +16,7 @@
  
  #include <system_info.h>
  #include <gtest/gtest.h>
+#include <gtest/internal/gtest-port.h>
  #include <string.h>
  
  #include "hal-security-certs.h"
@@ -67,18 +68,23 @@ TEST_F(SECURITY_CERTS, CreateAndFreeKeyContextPositive)
      int ret;
  
      hal_security_certs_context_s context;
-    std::string correct_key_type = "RSA";
-    hal_security_certs_data_s correct_key_type_data_s =
-    {
-        const_cast<char*>(correct_key_type.c_str()),
-        correct_key_type.size()
-    };
+    for (const std::string key_type : {"RSA", "ECDSA"}) {
+        hal_security_certs_data_s correct_key_type_data_s =
+        {
+            const_cast<char*>(key_type.c_str()),
+            key_type.size()
+        };
  
-    ret = hal_security_certs_create_key_context(&context, correct_key_type_data_s);
-    EXPECT_EQ(ret, 0) << "Failed to create key context (" << ret << ")";
+        ret = hal_security_certs_create_key_context(&context, correct_key_type_data_s);
+        if (ret == -ENODATA) {
+            GTEST_LOG_(WARNING) << "Key type not supported by backend: " << key_type <<". Skipping.";
+            continue;
+        }
+        EXPECT_EQ(ret, 0) << "Failed to create key context (" << ret << ")";
  
-    ret = hal_security_certs_free_key_context(&context);
-    EXPECT_EQ(ret, 0) << "Failed to free key context (" << ret << ")";
+        ret = hal_security_certs_free_key_context(&context);
+        EXPECT_EQ(ret, 0) << "Failed to free key context (" << ret << ")";
+    }
  }
  
  TEST_F(SECURITY_CERTS, CreateKeyContextNegative)
@@ -112,6 +118,10 @@ TEST_F(SECURITY_CERTS, RequestCertificateChainContextPositive)
          };
  
          ret = hal_security_certs_create_key_context(&context, key_type_data_s);
+        if (ret == -ENODATA) {
+            GTEST_LOG_(WARNING) << "Key type not supported by backend: " << key_type <<". Skipping.";
+            continue;
+        }
          EXPECT_EQ(ret, 0) << "Failed to create key context (" << ret << ")";
  
          hal_security_certs_data_s chain;
@@ -153,6 +163,10 @@ TEST_F(SECURITY_CERTS, SignCryptoDataPositive)
          };
  
          ret = hal_security_certs_create_key_context(&context, key_type_data_s);
+        if (ret == -ENODATA) {
+            GTEST_LOG_(WARNING) << "Key type not supported by backend: " << key_type <<". Skipping.";
+            continue;
+        }
          EXPECT_EQ(ret, 0) << "Failed to create key context (" << ret << ")";
  
          for (auto &digest : digest_length_map) {
@@ -166,6 +180,10 @@ TEST_F(SECURITY_CERTS, SignCryptoDataPositive)
              hal_security_certs_data_s signature;
              hal_security_certs_digest_type_e digest_type = static_cast<hal_security_certs_digest_type_e>(digest.first);
              ret = hal_security_certs_sign_crypto_data(&context, digest_type, message_data_s, &signature);
+            if (ret == -ENODATA) {
+                GTEST_LOG_(WARNING) << "Digest type not supported by backend: " << digest.first <<". Skipping.";
+                continue;
+            }
              EXPECT_EQ(ret, 0) << "Failed to sign crypto data (" << ret << ")";
              EXPECT_TRUE(signature.length > 0) << "Signature length is zero";
              free(signature.buffer);
@@ -181,34 +199,39 @@ TEST_F(SECURITY_CERTS, SignCryptoDataNegative)
      int ret;
  
      hal_security_certs_context_s context;
-    std::string key_type = "RSA";
-    hal_security_certs_data_s key_type_data_s =
-    {
-        const_cast<char*>(key_type.c_str()),
-        key_type.size()
-    };
+    for (const std::string key_type : {"RSA", "ECDSA"}) {
+        hal_security_certs_data_s key_type_data_s =
+        {
+            const_cast<char*>(key_type.c_str()),
+            key_type.size()
+        };
  
-    ret = hal_security_certs_create_key_context(&context, key_type_data_s);
-    EXPECT_EQ(ret, 0) << "Failed to create key context (" << ret << ")";
+        ret = hal_security_certs_create_key_context(&context, key_type_data_s);
+        if (ret == -ENODATA) {
+            GTEST_LOG_(WARNING) << "Key type not supported by backend: " << key_type <<". Skipping.";
+            continue;
+        }
+        EXPECT_EQ(ret, 0) << "Failed to create key context (" << ret << ")";
  
-    char data[20] = {0,};
-    hal_security_certs_data_s message_data_s =
-    {
-        data,
-        sizeof(data)
-    };
+        char data[20] = {0,};
+        hal_security_certs_data_s message_data_s =
+        {
+            data,
+            sizeof(data)
+        };
  
-    hal_security_certs_data_s signature;
-    ret = hal_security_certs_sign_crypto_data(
-        &context, HAL_SECURITY_CERTS_DIGEST_TYPE_SHA256, message_data_s, &signature);
-    EXPECT_EQ(ret, -EINVAL) << "Succeded with wrong size of crypto data to sign (" << ret << ")";
+        hal_security_certs_data_s signature;
+        ret = hal_security_certs_sign_crypto_data(
+            &context, HAL_SECURITY_CERTS_DIGEST_TYPE_SHA256, message_data_s, &signature);
+        EXPECT_EQ(ret, -EINVAL) << "Succeded with wrong size of crypto data to sign (" << ret << ")";
  
-    hal_security_certs_digest_type_e wrong_digest_type = static_cast<hal_security_certs_digest_type_e>(-1);
-    ret = hal_security_certs_sign_crypto_data(&context, wrong_digest_type, message_data_s, &signature);
-    EXPECT_EQ(ret, -EINVAL) << "Succeded with wrong digest type to sign crypto data (" << ret << ")";
+        hal_security_certs_digest_type_e wrong_digest_type = static_cast<hal_security_certs_digest_type_e>(-1);
+        ret = hal_security_certs_sign_crypto_data(&context, wrong_digest_type, message_data_s, &signature);
+        EXPECT_EQ(ret, -ENODATA) << "Succeded with wrong digest type to sign crypto data (" << ret << ")";
  
-    ret = hal_security_certs_free_key_context(&context);
-    EXPECT_EQ(ret, 0) << "Failed to free key context (" << ret << ")";
+        ret = hal_security_certs_free_key_context(&context);
+        EXPECT_EQ(ret, 0) << "Failed to free key context (" << ret << ")";
+    }
  }
  
  TEST_F(SECURITY_CERTS, GetKeyTypeAndLengthPositive)
@@ -236,6 +259,10 @@ TEST_F(SECURITY_CERTS, GetKeyTypeAndLengthPositive)
  
          hal_security_certs_context_s context;
          ret = hal_security_certs_create_key_context(&context, key_type_data_s);
+        if (ret == -ENODATA) {
+            GTEST_LOG_(WARNING) << "Key type not supported by backend: " << key_type <<". Skipping.";
+            continue;
+        }
          EXPECT_EQ(ret, 0) << "Failed to create key context (" << ret << ")";
  
          ret = hal_security_certs_get_key_type(&context, &ret_key_type_enum);
@@ -256,7 +283,7 @@ TEST_F(SECURITY_CERTS, ExtCallApiNegative)
  {
      int ret;
  
-    std::string method_name = "test-method-name";
+    std::string method_name = "method-with-a-privilege-not-granted";
      hal_security_certs_data_s method_name_data_s =
      {
          const_cast<char*>(method_name.c_str()),
@@ -267,14 +294,17 @@ TEST_F(SECURITY_CERTS, ExtCallApiNegative)
      hal_security_certs_data_s output_data_s;
  
      ret = hal_security_certs_ext_call_api(method_name_data_s, input_data_s, &output_data_s);
-    EXPECT_EQ(ret, -EINVAL) << "Executesd not exisitng external call api method (" << ret << ")";
+    if (ret == -EINVAL)
+        GTEST_LOG_(WARNING) << "Method not supported by backend: \"" << method_name <<"\". Skipping.";
+    else
+        EXPECT_EQ(ret, 0) << "Failed to call external api method (" << ret << ")";
  }
  
  TEST_F(SECURITY_CERTS, ExtGetApiPrivilegeNegative)
  {
      int ret;
  
-    std::string method_name = "test-method-name";
+    std::string method_name = "method-with-a-privilege-not-granted";
      hal_security_certs_data_s method_name_data_s =
      {
          const_cast<char*>(method_name.c_str()),
@@ -284,5 +314,8 @@ TEST_F(SECURITY_CERTS, ExtGetApiPrivilegeNegative)
      hal_security_certs_data_s privilege;
  
      ret = hal_security_certs_ext_get_api_privilege(method_name_data_s, &privilege);
-    EXPECT_EQ(ret, -EINVAL) << "Executesd not exisitng external call api method (" << ret << ")";
+    if (ret == -EINVAL)
+        GTEST_LOG_(WARNING) << "Method not supported by backend: \"" << method_name <<"\". Skipping.";
+    else
+        EXPECT_EQ(ret, 0) << "Failed to call external api method (" << ret << ")";
  }
author	Jakub Wlostowski <j.wlostowski@samsung.com>
	Fri, 16 May 2025 13:09:53 +0000 (15:09 +0200)
committer	Jakub Wlostowski <j.wlostowski@samsung.com>
	Tue, 3 Jun 2025 13:17:56 +0000 (13:17 +0000)