From: Krzysztof Jackiewicz Date: Fri, 11 Aug 2023 15:06:49 +0000 (+0200) Subject: CKM: Adjust privileged tests to TZ X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4aaba3a6eeb604927f635966741945a19e03e805;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git CKM: Adjust privileged tests to TZ TZ backend does not support import of password protected keys T7010_Encrypted_initial_values_asymmetric fails on tef-simulator at initial-values.cpp:331 because of DSA usage. Change-Id: Ida594496dc58f30e907a864e4b5d982451f4e014 --- diff --git a/src/ckm/ckm-common.cpp b/src/ckm/ckm-common.cpp index a9f68fd8..213ea286 100644 --- a/src/ckm/ckm-common.cpp +++ b/src/ckm/ckm-common.cpp @@ -268,10 +268,10 @@ void check_read_not_visible(const char* alias) } } -void check_key(const char *alias, int expected_error, ckmc_key_type_e expected_type) +void check_key(const char *alias, const char* pw, int expected_error, ckmc_key_type_e expected_type) { ckmc_key_s *test_key = NULL; - int temp = ckmc_get_key(alias, 0, &test_key); + int temp = ckmc_get_key(alias, pw, &test_key); RUNNER_ASSERT_MSG( expected_error == temp, "received: " << CKMCReadableError(temp) << " while expected: " << CKMCReadableError(expected_error)); @@ -283,13 +283,23 @@ void check_key(const char *alias, int expected_error, ckmc_key_type_e expected_t } ckmc_key_free(test_key); } +void check_key(const char *alias, int expected_error, ckmc_key_type_e expected_type) +{ + check_key(alias, nullptr, expected_error, expected_type); +} +void check_key_allowed(const char *alias, + const char *password, + ckmc_key_type_e expected_type) +{ + check_key(alias, password, CKMC_ERROR_NONE, expected_type); +} void check_key_allowed(const char *alias, ckmc_key_type_e expected_type) { - check_key(alias, CKMC_ERROR_NONE, expected_type); + check_key_allowed(alias, nullptr, expected_type); } -void check_key_not_visible(const char *alias) +void check_key_not_visible(const char *alias, const char *password) { - check_key(alias, CKMC_ERROR_DB_ALIAS_UNKNOWN); + check_key(alias, password, CKMC_ERROR_DB_ALIAS_UNKNOWN); } void check_cert_allowed(const char *alias) { diff --git a/src/ckm/ckm-common.h b/src/ckm/ckm-common.h index ab686228..7b7743fb 100644 --- a/src/ckm/ckm-common.h +++ b/src/ckm/ckm-common.h @@ -130,8 +130,15 @@ void check_read_not_visible(const char* alias); void check_key(const char *alias, int expected_error = CKMC_ERROR_NONE, ckmc_key_type_e expected_type = CKMC_KEY_NONE); +void check_key(const char *alias, + const char* pw, + int expected_error = CKMC_ERROR_NONE, + ckmc_key_type_e expected_type = CKMC_KEY_NONE); +void check_key_allowed(const char *alias, + const char *password, + ckmc_key_type_e expected_type = CKMC_KEY_NONE); void check_key_allowed(const char *alias, ckmc_key_type_e expected_type = CKMC_KEY_NONE); -void check_key_not_visible(const char *alias); +void check_key_not_visible(const char *alias, const char *password = nullptr); void check_cert_allowed(const char *alias); void check_cert_not_visible(const char *alias); void allow_access(const char* alias, const char* accessor, int permissionMask); diff --git a/src/ckm/privileged/initial-values.cpp b/src/ckm/privileged/initial-values.cpp index f3de2bb9..1e367d58 100644 --- a/src/ckm/privileged/initial-values.cpp +++ b/src/ckm/privileged/initial-values.cpp @@ -143,8 +143,10 @@ RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP) // [test1] { - check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); - check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE); + check_key_allowed(XML_1_EXPECTED_KEY_1_RSA.c_str(), + XML_1_EXPECTED_KEY_1_PASSWD.c_str(), + CKMC_KEY_RSA_PUBLIC); + check_key(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES); check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str()); check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA); @@ -155,7 +157,7 @@ RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP) ScopedDBUnlock unlock(USER_APP, APP_PASS); ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP); - check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); + check_key_allowed(XML_1_EXPECTED_KEY_1_RSA.c_str(), XML_1_EXPECTED_KEY_1_PASSWD.c_str()); check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str()); check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES); check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str()); @@ -167,8 +169,9 @@ RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP) ScopedDBUnlock unlock(USER_APP, APP_PASS); ScopedAppContext ctx(TEST_LABEL_2, USER_APP, GROUP_APP); - check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str()); - check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE); + check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str(), + XML_1_EXPECTED_KEY_1_PASSWD.c_str()); + check_key(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES); check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str()); check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA); @@ -179,10 +182,14 @@ RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP) { // [test] // check items existence as system service - check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); - check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); - check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE); - check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE); + check_key_allowed(XML_1_EXPECTED_KEY_1_RSA.c_str(), + XML_1_EXPECTED_KEY_1_PASSWD.c_str(), + CKMC_KEY_RSA_PUBLIC); + check_key_allowed(XML_2_EXPECTED_KEY_1_RSA.c_str(), + XML_1_EXPECTED_KEY_1_PASSWD.c_str(), + CKMC_KEY_RSA_PUBLIC); + check_key(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); + check_key(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE); check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES); check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES); check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str()); @@ -247,6 +254,21 @@ RUNNER_TEST(T6040_CHECK_KEYS_VALID) RUNNER_TEST(T6999_deinit) { + ckmc_remove_alias(XML_1_EXPECTED_KEY_1_RSA.c_str()); + ckmc_remove_alias(XML_1_EXPECTED_KEY_2_RSA.c_str()); + ckmc_remove_alias(XML_1_EXPECTED_KEY_3_AES.c_str()); + ckmc_remove_alias(XML_1_EXPECTED_CERT_1.c_str()); + ckmc_remove_alias(XML_1_EXPECTED_DATA_1.c_str()); + ckmc_remove_alias(XML_2_EXPECTED_KEY_1_RSA.c_str()); + ckmc_remove_alias(XML_2_EXPECTED_KEY_2_RSA.c_str()); + ckmc_remove_alias(XML_2_EXPECTED_KEY_3_AES.c_str()); + ckmc_remove_alias(XML_2_EXPECTED_CERT_1.c_str()); + ckmc_remove_alias(XML_2_EXPECTED_DATA_1.c_str()); + ckmc_remove_alias(XML_3_EXPECTED_KEY_1_RSA.c_str()); + ckmc_remove_alias(XML_3_EXPECTED_KEY_2_RSA.c_str()); + ckmc_remove_alias(XML_3_EXPECTED_CERT_1.c_str()); + ckmc_remove_alias(XML_3_EXPECTED_DATA_1.c_str()); + remove_user_data(0); } @@ -269,6 +291,8 @@ RUNNER_TEST_TZ_BACKEND(T7000_Encrypted_initial_values, RemoveDataEnv<0>) auto mgr = CKM::Manager::create(); RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = mgr->decrypt(algo, "/System TEI_0", CKM::Password(), messageBin, decrypted)), "Failed to decrypt " << CKM::APICodeToString(temp)); RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == EIV_PLAIN_MESSAGE, "Data does not match"); + + ckmc_remove_alias("/System TEI_0"); } RUNNER_TEST_TZ_BACKEND(T7010_Encrypted_initial_values_asymmetric, RemoveDataEnv<0>) @@ -301,12 +325,19 @@ RUNNER_TEST_TZ_BACKEND(T7010_Encrypted_initial_values_asymmetric, RemoveDataEnv< }; constexpr auto rsaHashAlgo = CKM::HashAlgorithm::SHA512; - constexpr auto rsaPaddingAlgo = CKM::RSAPaddingAlgorithm::X931; + constexpr auto rsaPaddingAlgo = CKM::RSAPaddingAlgorithm::PKCS1; sign("/System TEI_RSA_PRV", "/System TEI_RSA_PUB", rsaHashAlgo, rsaPaddingAlgo); sign("/System TEI_RSA_PKCS8_PRV", "/System TEI_RSA_PKCS8_PUB", rsaHashAlgo, rsaPaddingAlgo); sign("/System TEI_DSA_PRV", "/System TEI_DSA_PUB", CKM::HashAlgorithm::SHA1, CKM::RSAPaddingAlgorithm::NONE); #undef MGR + + ckmc_remove_alias("/System TEI_RSA_PRV"); + ckmc_remove_alias("/System TEI_RSA_PUB"); + ckmc_remove_alias("/System TEI_RSA_PKCS8_PRV"); + ckmc_remove_alias("/System TEI_RSA_PKCS8_PUB"); + ckmc_remove_alias("/System TEI_DSA_PRV"); + ckmc_remove_alias("/System TEI_DSA_PUB"); } /* TODO diff --git a/src/ckm/resource/XML_1_okay.xml b/src/ckm/resource/XML_1_okay.xml index e40a026d..27523f8f 100644 --- a/src/ckm/resource/XML_1_okay.xml +++ b/src/ckm/resource/XML_1_okay.xml @@ -1,6 +1,6 @@ - + -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3 @@ -19,7 +19,7 @@ - + MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17 jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA diff --git a/src/ckm/resource/XML_2_okay.xml b/src/ckm/resource/XML_2_okay.xml index ff84dbc2..2479beb1 100644 --- a/src/ckm/resource/XML_2_okay.xml +++ b/src/ckm/resource/XML_2_okay.xml @@ -1,6 +1,6 @@ - + -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3 @@ -19,7 +19,7 @@ - + MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17 jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA diff --git a/src/ckm/resource/XML_3_wrong.xml b/src/ckm/resource/XML_3_wrong.xml index c37883a0..9b1a950e 100644 --- a/src/ckm/resource/XML_3_wrong.xml +++ b/src/ckm/resource/XML_3_wrong.xml @@ -1,6 +1,6 @@ - + -----BEGIN PUBLIC KEY----- @@ -19,7 +19,7 @@ -----END PUBLIC KEY----- - + MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17 jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA