From: Krzysztof Jackiewicz Date: Mon, 29 Oct 2018 15:54:27 +0000 (+0100) Subject: CKM: Extend encrypted initial values test X-Git-Tag: security-manager_5.5_testing~7^2~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cbea41b8e2a2b8cd421ce43c3189b5d2fa281dfd;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git CKM: Extend encrypted initial values test - Make it independent from other tests by adding initial values xml preparation, key-manager restart and db cleanup. - Generate initial values at build time using ckm_initial_values tool. - Install the tested xml file in test directory and copy it to initial values dir during the test instead of installing it there directly. - Encrypt the test data using openssl and the same key that is passed as initial value during compilation instead of hardcoding the encryption results. - Add build time dependency to util-linux to be able to use hexdump. - Add build time dependency to key-manager-initial-values to be able to run the tool. Change-Id: I7fe4be6a3493860244ac1cc1c0bb0dace5109a04 --- diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec index 6b4955e9..47f0c7a3 100644 --- a/packaging/security-tests.spec +++ b/packaging/security-tests.spec @@ -13,6 +13,8 @@ BuildRequires: pkgconfig(libcap) BuildRequires: pkgconfig(libsmack) BuildRequires: pkgconfig(security-manager) BuildRequires: pkgconfig(key-manager) +BuildRequires: key-manager-initial-values +BuildRequires: util-linux BuildRequires: pkgconfig(yaca) BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(glib-2.0) @@ -118,7 +120,6 @@ echo "security-tests postinst done ..." %{_prefix}/share/yaca-test %dir %{_prefix}/share/security-tests-cleanup-test %{_prefix}/share/security-tests-cleanup-test/* -/opt/data/ckm/initial_values/test.xml %postun id -u security_test_user 1>/dev/null 2>&1 && gum-utils -o -d --uid=`id -u security_test_user` diff --git a/src/ckm/CMakeLists.txt b/src/ckm/CMakeLists.txt index 024e0e5a..fea09d3b 100644 --- a/src/ckm/CMakeLists.txt +++ b/src/ckm/CMakeLists.txt @@ -63,7 +63,6 @@ ADD_EXECUTABLE(${TARGET_C_COMPILATION_TEST} ${C_COMPILATION_SOURCES}) TARGET_LINK_LIBRARIES(${TARGET_C_COMPILATION_TEST} ${CKM_C_COMPILATION_DEP_LIBRARIES}) INSTALL(DIRECTORY resource/ DESTINATION ${CKM_TEST_DIR}) -INSTALL(FILES resource/test.xml DESTINATION /opt/data/ckm/initial_values) ADD_SUBDIRECTORY(privileged) ADD_SUBDIRECTORY(unprivileged) diff --git a/src/ckm/privileged/CMakeLists.txt b/src/ckm/privileged/CMakeLists.txt index e212862f..12590d0b 100644 --- a/src/ckm/privileged/CMakeLists.txt +++ b/src/ckm/privileged/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved +# Copyright (c) 2013-2018 Samsung Electronics Co., Ltd All Rights Reserved # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,8 +14,44 @@ # # @file CMakeLists.txt # @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) +# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) # @brief # + +INCLUDE(GNUInstallDirs) + +SET(EIV_TEST_XML_FILENAME "encrypted_initial_values.xml") +SET(EIV_TEST_XML ${CMAKE_CURRENT_SOURCE_DIR}/${EIV_TEST_XML_FILENAME}) +SET(EIV_KEY_TO_BE_IMPORTED "KeyOne16BytesLen") +SET(EIV_PLAIN_MESSAGE "ShortTestMessage") +SET(EIV_MESSAGE_ENCRYPTION_IV "abcdefghijklmnop") + +# encrypt ShortTestMessage using the imported key and 'abcdefghijklmnop' IV +EXECUTE_PROCESS( + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/aes_128_cbc_encrypt.sh ${EIV_KEY_TO_BE_IMPORTED} ${EIV_MESSAGE_ENCRYPTION_IV} + OUTPUT_VARIABLE EIV_ENCRYPTED_MESSAGE_HEX + ERROR_VARIABLE EIV_ENCRYPTION_STDERR + RESULT_VARIABLE EIV_ENCRYPTION_RESULT +) + +IF(NOT ${EIV_ENCRYPTION_RESULT} STREQUAL "0") + MESSAGE(FATAL_ERROR "Encryption failed: ${EIV_ENCRYPTION_STDERR}") +ENDIF(NOT ${EIV_ENCRYPTION_RESULT} STREQUAL "0") + +# prepare initial values xml target +ADD_CUSTOM_COMMAND(OUTPUT ${EIV_TEST_XML} + COMMAND echo -n ${EIV_KEY_TO_BE_IMPORTED} > /tmp/key + COMMAND echo -n THIS/STRING/MUST/BE/REPLACED/IN/REAL/DEVICE= | base64 --decode > /tmp/encryption_key + COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/key -k /tmp/encryption_key -n TEI_0 -t Key -s AES -b hardware -x ${EIV_TEST_XML} + COMMENT "Generating encrypted initial values test xml" + VERBATIM +) + +ADD_CUSTOM_TARGET(TARGET_EIV_TEST_XML DEPENDS ${EIV_TEST_XML}) + +INSTALL(FILES ${EIV_TEST_XML} DESTINATION ${CKM_TEST_DIR}) + +# ckm-tests PKG_CHECK_MODULES(CKM_DEP REQUIRED libsmack @@ -46,12 +82,21 @@ INCLUDE_DIRECTORIES( ADD_EXECUTABLE(${TARGET_CKM_PRIVILEGED_TESTS} ${CKM_SOURCES}) +ADD_DEPENDENCIES(${TARGET_CKM_PRIVILEGED_TESTS} TARGET_EIV_TEST_XML) + TARGET_LINK_LIBRARIES(${TARGET_CKM_PRIVILEGED_TESTS} ${TARGET_CKM_TEST_COMMON} ${CKM_DEP_LIBRARIES} ${COMMON_TARGET_TEST} ) +TARGET_COMPILE_DEFINITIONS(${TARGET_CKM_PRIVILEGED_TESTS} + PRIVATE EIV_PLAIN_MESSAGE="${EIV_PLAIN_MESSAGE}" + PRIVATE EIV_ENCRYPTED_MESSAGE_HEX="${EIV_ENCRYPTED_MESSAGE_HEX}" + PRIVATE EIV_MESSAGE_ENCRYPTION_IV="${EIV_MESSAGE_ENCRYPTION_IV}" + PRIVATE EIV_TEST_XML_FILENAME="${EIV_TEST_XML_FILENAME}" +) + INSTALL(TARGETS ${TARGET_CKM_PRIVILEGED_TESTS} DESTINATION bin) INSTALL(FILES ckm-tests-on-onlycap.sh DESTINATION bin diff --git a/src/ckm/privileged/aes_128_cbc_encrypt.sh b/src/ckm/privileged/aes_128_cbc_encrypt.sh new file mode 100755 index 00000000..69a74eec --- /dev/null +++ b/src/ckm/privileged/aes_128_cbc_encrypt.sh @@ -0,0 +1,13 @@ +#!/bin/bash -e + +if [ "$#" -ne 2 ] +then + echo "$0 requires 2 arguments: key and IV" + exit 1 +fi + +KEY_HEX=`echo -n $1 | hexdump -e '/1 "%02x"'` +IV_HEX=`echo -n $2 | hexdump -e '/1 "%02x"'` + +# encrypt | convert to hex +echo -n 'ShortTestMessage' | openssl enc -aes-128-cbc -K $KEY_HEX -iv $IV_HEX | hexdump -e '/1 "%02x"' \ No newline at end of file diff --git a/src/ckm/privileged/initial-values.cpp b/src/ckm/privileged/initial-values.cpp index ce2a76df..f8d26e09 100644 --- a/src/ckm/privileged/initial-values.cpp +++ b/src/ckm/privileged/initial-values.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co. + * Copyright (c) 2015 - 2018 Samsung Electronics Co. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,6 +15,7 @@ * * @file system-db.cpp * @author Maciej Karpiuk (m.karpiuk2@samsung.com) + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) * @version 1.0 */ #include @@ -363,17 +364,18 @@ RUNNER_TEST_TZ_BACKEND(T6999_deinit) remove_user_data(0); } -RUNNER_TEST_TZ_BACKEND(T7000_Encrypted_initial_values) +RUNNER_TEST_TZ_BACKEND(T7000_Encrypted_initial_values, RemoveDataEnv<0>) { int temp; - std::string message = "16c9efbc342777c0e36d59019582d59be8385bdea5497cf092f99ce5430498e9"; - std::string iv = "6162636465666768696a6b6c6d6e6f70"; + std::string messageHex = EIV_ENCRYPTED_MESSAGE_HEX; + std::string iv = EIV_MESSAGE_ENCRYPTION_IV; - std::string expected = "ShortTestMessage"; + copy_file(format_src_path(EIV_TEST_XML_FILENAME), format_dest_path(EIV_TEST_XML_FILENAME)); + restart_key_manager(); CKM::CryptoAlgorithm algo; - CKM::RawBuffer messageBin = hexToBin(message); - CKM::RawBuffer ivBin = hexToBin(iv); + CKM::RawBuffer messageBin = hexToBin(messageHex); + CKM::RawBuffer ivBin(iv.begin(), iv.end()); CKM::RawBuffer decrypted; algo.setParam(CKM::ParamName::ALGO_TYPE, CKM::AlgoType::AES_CBC); @@ -381,6 +383,6 @@ RUNNER_TEST_TZ_BACKEND(T7000_Encrypted_initial_values) auto mgr = CKM::Manager::create(); RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = mgr->decrypt(algo, "/System TEI_0", CKM::Password(), messageBin, decrypted)), "Failed to decrypt " << CKMErrorToString(temp)); - RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == expected, "Data does not match"); + RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == EIV_PLAIN_MESSAGE, "Data does not match"); } diff --git a/src/ckm/resource/test.xml b/src/ckm/resource/test.xml deleted file mode 100644 index 9e3f372d..00000000 --- a/src/ckm/resource/test.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - gxBVNTTk1tGUgnqw9PKO/w== - -