From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Thu, 21 Mar 2019 16:23:05 +0000 (+0100)
Subject: CKM: Remove all keys after encryption group is finished
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F00%2F202000%2F3;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git

CKM: Remove all keys after encryption group is finished

Removal of user's data removes only the rich OS database leaving objects created
by TA in secure OS storage. Objects have to be removed explicitly one by one.

Change-Id: I88053b7cd3638a0a168d925a4e903343833ed0bf
---

diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp
index 0643380..e452c45 100644
--- a/src/ckm/unprivileged/encryption-decryption.cpp
+++ b/src/ckm/unprivileged/encryption-decryption.cpp
@@ -159,45 +159,6 @@ ckmc_raw_buffer_s* IV128;
 ckmc_raw_buffer_s* AAD32;
 ckmc_raw_buffer_s* AAD64;
 
-void generateSymmetricKeys(ManagerShPtr& manager, PolicyBackend backend, size_t bitLen)
-{
-    for (int i = 0; i < KEY_IDX_MAX; i++)
-    {
-        Policy p(Password(), false, backend);
-        if (i == PASSWORD_PROTECTED)
-            p.password.assign(PASSWORD);
-
-        std::string alias = std::string("skey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
-        int ret = manager->createKeyAES(bitLen, alias, p);
-        if (ret != CKM_API_SUCCESS)
-            RUNNER_ERROR_MSG("AES key creation failed");
-
-        g_symKeys[bitLen].push_back(alias);
-    }
-}
-
-void generateRsaKeys(ManagerShPtr& manager, PolicyBackend backend, size_t bitLen)
-{
-    for (int i = 0; i < KEY_IDX_MAX; i++)
-    {
-        Policy prvPolicy(Password(), false, backend);
-        Policy pubPolicy(Password(), true, backend);
-        if (i == PASSWORD_PROTECTED) {
-            prvPolicy.password.assign(PASSWORD);
-            pubPolicy.password.assign(PASSWORD);
-        }
-
-        KeyAliasPair alias;
-        alias.prv = std::string("akey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
-        alias.pub = std::string("pub") + alias.prv;
-        int ret = manager->createKeyPairRSA(bitLen, alias.prv, alias.pub, prvPolicy, pubPolicy);
-        if (ret != CKM_API_SUCCESS)
-            RUNNER_ERROR_MSG("RSA key creation failed");
-
-        g_asymKeys[bitLen].push_back(alias);
-    }
-}
-
 KeyAliasPair getKey(const Algo& algo, KeyIdx idx)
 {
     if (algo.type == CKMC_ALGO_RSA_OAEP)
@@ -221,19 +182,19 @@ public:
 
         // Policy backend to use in subsequent operations (global for each test case)
 #ifdef TZ_BACKEND
-        PolicyBackend backend = PolicyBackend::FORCE_HARDWARE;
+        m_backend = PolicyBackend::FORCE_HARDWARE;
 #else
-        PolicyBackend backend = PolicyBackend::FORCE_SOFTWARE;
+        m_backend = PolicyBackend::FORCE_SOFTWARE;
 #endif
 
         // generate keys
-        auto manager = Manager::create();
-        generateSymmetricKeys(manager, 128);
-        generateSymmetricKeys(manager, 192);
-        generateSymmetricKeys(manager, 256);
-        generateRsaKeys(manager, 1024);
-        generateRsaKeys(manager, 2048);
-        generateRsaKeys(manager, 4096);
+        m_manager = Manager::create();
+        generateSymmetricKeys(128);
+        generateSymmetricKeys(192);
+        generateSymmetricKeys(256);
+        generateRsaKeys(1024);
+        generateRsaKeys(2048);
+        generateRsaKeys(4096);
 
         PLAIN_DATA = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
 #ifdef TZ_BACKEND
@@ -251,8 +212,60 @@ public:
         AAD64 = createRandomBufferCAPI(64);
     }
 
+    void generateSymmetricKeys(size_t bitLen)
+    {
+        for (int i = 0; i < KEY_IDX_MAX; i++)
+        {
+            Policy p(Password(), false, m_backend);
+            if (i == PASSWORD_PROTECTED)
+                p.password.assign(PASSWORD);
+
+            std::string alias = std::string("skey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
+            int ret = m_manager->createKeyAES(bitLen, alias, p);
+            if (ret != CKM_API_SUCCESS)
+                RUNNER_ERROR_MSG("AES key creation failed");
+
+            g_symKeys[bitLen].push_back(alias);
+        }
+    }
+
+    void generateRsaKeys(size_t bitLen)
+    {
+        for (int i = 0; i < KEY_IDX_MAX; i++)
+        {
+            Policy prvPolicy(Password(), false, m_backend);
+            Policy pubPolicy(Password(), true, m_backend);
+            if (i == PASSWORD_PROTECTED) {
+                prvPolicy.password.assign(PASSWORD);
+                pubPolicy.password.assign(PASSWORD);
+            }
+
+            KeyAliasPair alias;
+            alias.prv = std::string("akey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
+            alias.pub = std::string("pub") + alias.prv;
+            int ret = m_manager->createKeyPairRSA(bitLen, alias.prv, alias.pub, prvPolicy, pubPolicy);
+            if (ret != CKM_API_SUCCESS)
+                RUNNER_ERROR_MSG("RSA key creation failed");
+
+            g_asymKeys[bitLen].push_back(alias);
+        }
+    }
+
     void Finish() override
     {
+        for (const auto &entry : g_asymKeys) {
+            for (const auto &keyPair : entry.second) {
+                m_manager->removeAlias(keyPair.prv);
+                m_manager->removeAlias(keyPair.pub);
+            }
+        }
+
+        for (const auto &entry : g_symKeys) {
+            for (const auto &key : entry.second) {
+                m_manager->removeAlias(key);
+            }
+        }
+
         BIG_DATA.reset();
         PLAIN_DATA.reset();
         ckmc_buffer_free(AAD64);
@@ -269,6 +282,9 @@ public:
             RUNNER_ERROR_MSG("DB lock failed: " << CKMCErrorToString(ret));
         remove_user_data(UID);
     }
+private:
+    ManagerShPtr m_manager;
+    PolicyBackend m_backend;
 };