Krzysztof Jackiewicz [Thu, 18 Feb 2021 09:43:19 +0000 (10:43 +0100)]
Remove unnecessary cast to double in db perf test
Change-Id: I7ef26e137010f303c378cb135404a39bf13ec181
Tomasz Swierczek [Tue, 9 Feb 2021 10:03:25 +0000 (11:03 +0100)]
Release 0.1.42
* Updated to match recent systemd changes
Change-Id: I053812d12e9ae4fce5664def0d8bf8adde9f379e
INSUN PYO [Tue, 2 Feb 2021 08:57:32 +0000 (17:57 +0900)]
Change systemd-devel package name
Change-Id: Ia1df8a4567c2f72ef1777bd70b831220fce0b0a4
Krzysztof Jackiewicz [Wed, 3 Feb 2021 13:31:31 +0000 (14:31 +0100)]
Release 0.1.41
* Remove useless socket description timeout initialization
* Check sockets received from services
* Cynara socket tests
* Make SocketDescription getters const
* Validate cynara sockets
* Refrain from retrying close(int) (per man 2 close)
* Catch exceptions before returning to cynara
* Use eventfd instead of pipes for notifications
* Add randomized socket manager stress test
* Prevent writing to a socket marked as closed
* Refactor SocketManager's timeout queue
* Add timeout queue stress test
* Add check for connection counter in the server
* Start SocketManager as not working
Change-Id: I40682e7d061bbc4e522b1193b328e81abbe6e8e9
Krzysztof Jackiewicz [Tue, 2 Feb 2021 10:09:00 +0000 (11:09 +0100)]
Remove useless socket description timeout initialization
* Socket description vector uses raw monotonic clock for timeouts.
* Not all sockets use timeouts.
* Those that use are initialized at later stage.
Change-Id: Ifd9ce8c29882fc9f8cf8752a0dbd0a72b953b8f3
Krzysztof Jackiewicz [Tue, 2 Feb 2021 10:07:42 +0000 (11:07 +0100)]
Check sockets received from services
Change-Id: Ibb4b79a9e4e1c36223409c695c58c40f695e538c
Krzysztof Jackiewicz [Mon, 25 Jan 2021 09:40:58 +0000 (10:40 +0100)]
Cynara socket tests
Change-Id: I6615bf57b4a0a8bde39c14a7f82d21b000c52286
Krzysztof Jackiewicz [Mon, 25 Jan 2021 15:01:56 +0000 (16:01 +0100)]
Make SocketDescription getters const
Change-Id: Ide41dc35598b423f8dac320b02b136b17a21c3cf
Krzysztof Jackiewicz [Mon, 25 Jan 2021 08:09:05 +0000 (09:09 +0100)]
Validate cynara sockets
Socket descriptors received from cynara are not validated which may lead
to:
- m_socketDescriptionVector buffer overflow/UB
- reuse of already opened descriptors for cynara
- growing m_socketDescriptionVector
- closure of descriptors used by other parts of code
- more than one cynara socket opened at the same time
Change-Id: I5c6cd521fbde2a461f24e175571b74885d163b50
Konrad Lipinski [Fri, 29 Jan 2021 15:58:37 +0000 (15:58 +0000)]
Merge "Catch exceptions before returning to cynara" into tizen
Konrad Lipinski [Tue, 26 Jan 2021 09:09:17 +0000 (10:09 +0100)]
Refrain from retrying close(int) (per man 2 close)
Change-Id: I3343546c8aa2590e0147b89dc3c336d5e47a2d07
Krzysztof Jackiewicz [Mon, 25 Jan 2021 08:07:44 +0000 (09:07 +0100)]
Catch exceptions before returning to cynara
Callbacks registered in cynara may throw. Let's not propagate exceptions
to cynara.
Change-Id: Idc3bec6208495d0bfdb4d41c3ea0451352c9715b
Krzysztof Jackiewicz [Thu, 21 Jan 2021 12:10:45 +0000 (13:10 +0100)]
Use eventfd instead of pipes for notifications
The kernel overhead of an eventfd file descriptor is much lower than
that of a pipe, and only one file descriptor is required.
Change-Id: Ie6d04d1ea8125190c35e1ef1655f517406eff807
Krzysztof Jackiewicz [Thu, 14 Jan 2021 20:35:46 +0000 (21:35 +0100)]
Add randomized socket manager stress test
Registers several test services in the manager.
In a loop:
* Selects a random service
* Selects a random action:
* Create a new connection
* Disconnect a random existing connection
* Send random data through a random connection
* Try to receive data from a random connection
Change-Id: Id208e3a6ffbd1db82cd3389ba72bd0ff998d7c61
Krzysztof Jackiewicz [Thu, 14 Jan 2021 12:54:15 +0000 (13:54 +0100)]
Prevent writing to a socket marked as closed
It is possible that select() marks a descriptor as ready for both read
and write operation. If, additionally, the socket becomes closed in
ReadyForRead(), the following call to ReadyForWrite() will attempt to
write to a closed socket. It is harmless, unless the closed descriptor
is already reused by another thread at the time of write().
This commit prevents it.
Change-Id: Idaa829ef74d6df9f24c263f289aeca910b679713
Krzysztof Jackiewicz [Wed, 13 Jan 2021 09:40:17 +0000 (10:40 +0100)]
Refactor SocketManager's timeout queue
SocketManager changes:
* Remove timeout queue elements on socket closure. Until now it was
possible to make the timeout queue grow because its elements were not
removed upon socket closure.
* The queue now contains only socket numbers of corresponding
m_socketDescriptionVector elements. The code responsible for timeout
updates in the queue is no longer neccessary and has been removed.
* Modify the timeout queue only if corresponding socket has a timeout
enabled.
* Remove unnecessary 'open' and 'timeout' socket flag check if a
timeout occurs. Only the main thread modifies these flags. If there's
a timeout, it must have been triggered by an opened socket with
timeout enabled.
Growing queue test changes:
* Compare timeout queue size and connection count in the SocketManager
thread.
* Assume that first AcceptEvent is triggered by the most reccent
connection attempt.
* Match client and server sockets to properly detect CloseEvents.
* Add more stress to the test with more initial connections.
* Throw std exceptions from SocketManager thread.
* Wrap SocketManager thread in an object. Check a possible exception in
the destructor.
* Get rid of unnecessary timeouts.
Change-Id: Icd63696a58c4ef6a66c2e487819423df610ca580
Krzysztof Jackiewicz [Tue, 12 Jan 2021 11:37:18 +0000 (12:37 +0100)]
Add timeout queue stress test
While one socket connection is active and its timeout not reached yet,
we can open and close many new connections, which will push items on
SocketManager::m_timeoutQueue. Because first socket has an earliest
timeout, the second connection elements won't be touched. Because
m_timeoutQueue elements are not removed on socket close, the queue will
grow. Still nothing bad should happen.
Change-Id: Ied20d2e1517ad471e465c6fa601e368469a4cc37
Krzysztof Jackiewicz [Tue, 12 Jan 2021 11:30:01 +0000 (12:30 +0100)]
Add check for connection counter in the server
This is just a precaution targeted more at stress tests rather than
regular key-manager usage.
Also remove unused ConnectionID operator.
Change-Id: I090b7bd29594d8a47cc4142a7713ccfb4c9b121e
Krzysztof Jackiewicz [Tue, 12 Jan 2021 11:33:53 +0000 (12:33 +0100)]
Start SocketManager as not working
The m_working flag should be set to true only inside MainLoop().
Change-Id: I47138d2036ff87712b4b5ac4b4df385917cd866b
Dariusz Michaluk [Fri, 8 Jan 2021 16:31:00 +0000 (17:31 +0100)]
Release 0.1.40
* packaging: rpm scriptlet cleanup, handle -p /sbin/ldconfig
* Use memcpy to avoid unaligned access
* Make IEncryptionService destructor protected
Change-Id: Id6c04467097f0a89c58403c5e824d8b2d0a35aea
Dariusz Michaluk [Fri, 8 Jan 2021 13:52:19 +0000 (14:52 +0100)]
packaging: rpm scriptlet cleanup, handle -p /sbin/ldconfig
The RPM documention indicates that during an rpm install or erase, the
script(lets): %post, %preun, and %postun (and %pre, %build, %install,
etc.) are copied to a temp file, and then the temp file is run as a
(/bin/sh or bash) script.
Unfortunately the documentation is not clear about how rpmbuild and/or
rpm determine where the end of any scriptlet is when it is copied to
the file.
Most things in the key-manager.spec work correctly as is. These are the
%preun, %post, and %postun scriptlets that are "closed" by a following
%preun, %post, and %postun, or potentially another scriptlet, e.g.
%file.
The ones that don't work correctly (only one actually) are those where
there is a comment in the spec file before it is closed by another
scriptlet. Further complicating things is that the type of scriptlet
affects what rpm does and what `rpm -qp --scripts ...` shows.
The specific one that didn't work was the
"postun -n libkey-manager-client -p /sbin/ldconfig" scriptlet.
It is followed by a comment before being "closed" by the %files section (or
scriptlet). It can be written two ways:
"%postun -n libkey-manager-client\n/sbin/ldconfig"
or "%postun -n libkey-manager-client -p /sbin/ldconfig".
Either way it's written, `rpm -qp --scripts libkey-manager-client...`
will include the comment lines between the %postun line and the following %files line.
But the way rpm executes these depends on how they're written. If
written as "%postun -n libkey-manager-client\n/sbin/ldconfig" rpm will simply run
/sbin/ldconfig with no command line options, i.e.
execve ("/sbin/ldconfig", [ "/sbin/ldconfig" ], [ ]);
But when written as "%postun -n libkey-manager-client -p /sbin/ldconfig",
it will copy the comment lines to a temp file, and pass the temp file name and "1"
as (command line) parameters, i.e.
execve ("/sbin/ldconfig", [ "/sbin/ldconfig", "/tmp/tmpXXXXXX", "1" ],
[ ]);
Which results in ldconfig exiting with an error. (Remember, both ways show
the comment in `rpm -qp --scripts ...`)
Problematic comment line was removed and whole file comments style was adjusted.
Additionally some cleanup was performed.
Change-Id: I966f0930d7a7b46b401f399aaf2e5c748edc0a1f
Krzysztof Jackiewicz [Mon, 4 Jan 2021 13:56:28 +0000 (14:56 +0100)]
Use memcpy to avoid unaligned access
Casting unsigned char* to signalfd_siginfo* may cause an unaligned
access (see -Wcast-align). Use memcpy to avoid it.
Verify by sending SIGTERM to key-manager, observing the logs and
systemctl status. The service should stop without errors.
systemctl start central-key-manager
kill -SIGTERM `pidof key-manager`
systemctl status central-key-manager
Change-Id: I061cc2f488cba9252ed65b0d8ca22840f725a433
Krzysztof Jackiewicz [Mon, 4 Jan 2021 09:01:30 +0000 (10:01 +0100)]
Make IEncryptionService destructor protected
The implicitly-defined destructor is non-virtual and public. We don't
want the EncryptionService to be destroyed via IEncryptionService.
Change-Id: Iaf2b180cdd4f60a4f20cc1c9e1d593dcd1c1f220
Tomasz Swierczek [Wed, 16 Dec 2020 11:11:27 +0000 (12:11 +0100)]
Release 0.1.39
* Replace sqlcipher with upstream 4.4.2
* Unit tests improvements
* Small fixes
Change-Id: I94a213c7b122c0867915c38c14ebb25db1258420
Tomasz Swierczek [Fri, 11 Dec 2020 14:28:51 +0000 (15:28 +0100)]
Change DB access credentials variable name
Change-Id: I8aa5a80fc082049dda9697b3b648a53e351b1a0b
Dariusz Michaluk [Tue, 8 Dec 2020 15:24:46 +0000 (16:24 +0100)]
Upgrade to sqlcipher 4.4.2
Change-Id: I7ca21a3c9ce5618463173ed444c73d6361f405d8
Dariusz Michaluk [Tue, 8 Dec 2020 14:57:43 +0000 (15:57 +0100)]
[NOT COMPILING] Replace sqlcipher with upstream 4.4.2
Change-Id: I6afb8cb44fb932ff01d1a29877717f909e178948
Krzysztof Jackiewicz [Fri, 4 Dec 2020 15:58:12 +0000 (16:58 +0100)]
Fix UB in LogSystem
Passing NULL to std::string constructor is an undefined behavior.
Check values returned from getenv() to avoid passing NULL to
std::string constructor. Use std::string when appropriate.
Update unit tests.
Change-Id: I56dd60f432c8e6e6033e9674601ced0b6432fc28
Krzysztof Jackiewicz [Wed, 2 Dec 2020 17:07:09 +0000 (18:07 +0100)]
Fix negative CBC decryption test
There's a high chance that the padding ^ 0x1 will produce a 0x01
trailing byte which happens to be a valid padding. In such case make
sure that the length of the decrypted data is different.
Change-Id: I60b7f9e708d850c49dbddbdda64ff178d730b4f7
Dariusz Michaluk [Mon, 7 Sep 2020 16:16:17 +0000 (18:16 +0200)]
Automate code coverage measurement - adjustment
To gather unit tests coverage report:
- use COVERAGE build_type,
- instal key-manager-coverage rpm,
- run key-manager-coverage.sh script.
Change-Id: I6d2efd2bcec79a37a45ed56ca9efa148de13be4e
Mateusz Cegielka [Mon, 5 Oct 2020 15:18:13 +0000 (17:18 +0200)]
Fix misplaced parentheses in error code comparison
Some newer SVACE version I happened to run locally detected misplaced
parentheses here. Fortunately, this would only result in returning a
wrong error code and not ignoring the error.
I have fixed the mistake, also removing the use of an assignment in an
if statement because there is no reason to do so.
Change-Id: I441e882ffbd484b6a7ec47eeaf5999b5e7992cd7
Konrad Lipinski [Thu, 3 Sep 2020 17:29:58 +0000 (19:29 +0200)]
Make custom unique_ptr deleters stateless
Change-Id: Ic82b018c4c9c0ca3d3e10f1f9a0b3632aa79d670
Konrad Lipinski [Wed, 16 Sep 2020 12:42:23 +0000 (14:42 +0200)]
Constrain async tryCatch to Observer::ReceivedError
Change-Id: I360bc2a70aafa7436f4b7a7f4917c26d32a10e13
Konrad Lipinski [Thu, 3 Sep 2020 16:19:46 +0000 (18:19 +0200)]
Shrink ManagerAsync::Impl code
Change-Id: I84d18c8e965c2a430332b9a6b55d95f48ae707eb
Konrad Lipinski [Wed, 2 Sep 2020 17:55:07 +0000 (19:55 +0200)]
Deduplicate exception handling in CKMLogic a wee bit
Change-Id: I330fc80d01393a7709fb3b4c05c563de96681e66
Konrad Lipinski [Wed, 2 Sep 2020 16:18:05 +0000 (18:18 +0200)]
Turn some CKMLogic members into free functions
Change-Id: I4748050fb0476d0406c5b0ea117f0bc579522d10
Konrad Lipinski [Wed, 2 Sep 2020 15:30:02 +0000 (17:30 +0200)]
Shrink client manager impl a bit
Change-Id: I766a79b2504b0d564db4b4b3811fcd8a176001af
Konrad Lipinski [Fri, 28 Aug 2020 17:25:28 +0000 (19:25 +0200)]
Refactor ocspDoVerify a bit
Change-Id: I717cf06ff6a7cbb34b12349ee305f19d2bab0deb
Konrad Lipinski [Fri, 28 Aug 2020 11:56:08 +0000 (13:56 +0200)]
Shrink ocsp.h to a single free function
Change-Id: I36188ddfa3c0678a1a53fad6b4048cfaa6e9afdb
Konrad Lipinski [Thu, 27 Aug 2020 18:29:24 +0000 (20:29 +0200)]
Deduplicate client manager impl de/serialization
Change-Id: Iddcc5b42250584b7bed73a8ab6f64e0b61bd3520
Konrad Lipinski [Wed, 16 Sep 2020 10:56:09 +0000 (12:56 +0200)]
Forward retCode in alias vector getters
Change-Id: I16c94d941ed145fa93de359327bc6c8717578d89
Konrad Lipinski [Thu, 27 Aug 2020 15:21:41 +0000 (17:21 +0200)]
Deduplicate client manager impl deserialization
Change-Id: I9205aac1c97dd1d9a4f16caffdd24e6e7b1f2b85
Konrad Lipinski [Thu, 27 Aug 2020 14:03:41 +0000 (16:03 +0200)]
Deduplicate sw backend keyPair creation
Change-Id: Iff7d579d02e54e841140ba419aa6fffd19086dd3
Konrad Lipinski [Thu, 27 Aug 2020 13:08:47 +0000 (15:08 +0200)]
Deduplicate ckmc_get_*_alias_list
Change-Id: I0d2906da9ee277ff77787a4d5fe8945b46be4557
Konrad Lipinski [Mon, 14 Sep 2020 13:10:02 +0000 (15:10 +0200)]
Prevent some CAPI exception leakage
Change-Id: Ic9fb8985f6052479e7c9c6e24cf24607f34e3526
Mateusz Cegielka [Fri, 31 Jul 2020 11:12:52 +0000 (13:12 +0200)]
Refactor base64 implementation
This codebase contains two slightly different base64 encoding wrappers,
both using low-level OpenSSL BIO API. The wrappers provide access to a
streaming interface, despite the fact that this property is not used
anywhere. To handle errors, the wrappers sometimes use exceptions and
sometimes return codes. To implement this, a stateful class was used,
and these four facts resulted in needlessly verbose code.
I have merged the two implementations and simplified them to two free
functions. The encode function now uses higher-level OpenSSL EVP API,
and the decode function was refactored.
Change-Id: I5016723158321d0c1aa10810aa9067cd2249f38e
Mateusz Cegielka [Mon, 10 Aug 2020 11:24:35 +0000 (13:24 +0200)]
Optimize, fix memory zeroing and refactor BinaryQueue
BinaryQueue is a class responsible for buffering data received from
sockets before deserialization, vendored from DPL. It stores the
received data as a list of blocks, which is probably the optimal
approach given the constraints of the services framework here. However,
its implementation is a little inefficient and incorrect:
- Stores data in std::vector<unsigned char> instead of RawBuffer.
Because of that, any piece of data that passes through a socket may
live in memory much longer than it should.
- Erases elements from the front of a std::vector. This means all the
other elements need to be shifted, which could even result in
quadratic complexity given large enough socket reads and small enough
messages.
- Always copies incoming data. This means all of incoming traffic has to
be copied one more time than it needs to.
I have fixed the first issue in the obvious way. To fix the second
issue, I have added a new member that tracks how many bytes have been
read from the first bucket in the queue, which makes physically erasing
elements from the vector unnecessary. Lastly, I changed the push
signature from taking a pointer and a size to taking a RawBuffer&&,
which eliminated some copies and made the remaining ones more explicit.
Change-Id: I36932d5492815e38bf1cdab249327d26c9805ac6
Mateusz Cegielka [Mon, 10 Aug 2020 11:24:30 +0000 (13:24 +0200)]
Optimize message serialization
There is a MessageBuffer class, which stores a list of byte slices as
std::list<std::vector<unsigned char>> and can be used for serializing
structs. Every member calls a Write method, which creates a new vector
and appends it to the list. After the list is built, a vector with an
exactly right size is allocated and the data is copied. Also, the class
contains unnecessary mutable state, because the logic is shared with
streaming deserialization.
I have replaced the serialization methods with a single function, which
serializes all objects twice. The first pass ignores the data and only
computes the message size, which allows the second pass that actually
writes the data to only use a single allocation. The new interface is
also simpler and more robust.
Change-Id: I6091b71083997faf9302ad8549ade467deb23a58
Mateusz Cegielka [Fri, 17 Jul 2020 15:30:16 +0000 (17:30 +0200)]
Add automatic data decryption to ckm_db_tool
The key manager stores key data in an encrypted database. The project
also contains a ckm_db_tool CLI utility, which decrypts the database and
launches an interactive SQL shell. However, inside the decrypted
database, the data column is still encrypted with application-specific
keys. This is inconvenient during debugging, as there is no easy way to
see the data. Also, decrypting some objects' data may require
object-specific passwords.
This patch adds a --decrypt flag, which automatically decrypts contents
of any column called "data" in all SQL query results. Additionally, if
decryption of an object requires a password, it prompts the user to
enter the password and uses it to decrypt the object's data.
The implementation finds "data", "dataType" and "idx" columns in the
output, assumes they come from the "objects" table, and uses the three
values to fetch and decrypt object data with existing CKM APIs. All rows
are prefixed with a message detailing whether the decryption was
successful.
Change-Id: I01462c5d3b24a0d7a2fea92446c4e46949b1b4f4
Mateusz Cegielka [Wed, 22 Jul 2020 09:23:37 +0000 (11:23 +0200)]
Add consistent error messages to ckm_db_tool
ckm_db_tool is a set of CLI utilities for debugging key-manager. Various
displayed error messages are inconsistent, do not display all available
information, and contain minor gramatical errors. Also, new interactive
features are planned to be introduced, which will require reading and
writing more information to the terminal.
A simple helper functions has been created for displaying error, warning
and info messages. All error messages have been changed to use them,
received grammar fixes, started displaying APICodeToString result when
possible, and rewritten to follow a consistent style. Finally, warning
and askPassword functions were implemented to prepare for next patches.
Change-Id: Ifd0608637f3f4ef3ce31c2fe7c79074da9a93bbb
Mateusz Cegielka [Mon, 20 Jul 2020 15:59:15 +0000 (17:59 +0200)]
Remove CryptoExt class in favor of friendship
In the ckm_db_tool CLI helper project, CKMLogicExt and CryptoExt classes
are responsible for breaking encapsulation of CKMLogic and Crypto
classes. However, code used for extracting a Crypto member and casting
it to the CryptoExt type is repeated two times (soon three), and rather
dangerous.
This refactor makes CKMLogicExt a friend of the Crypto class. This makes
it possible to implement additional methods directly in CKMLogicExt
without doing dangerous slicing object casts.
Change-Id: Ice7261b76f46f9a6206f7ae1faded1f3d8e359cb
Mateusz Cegielka [Tue, 4 Aug 2020 13:29:11 +0000 (15:29 +0200)]
Change safe-buffer test structure
test_safe-buffer.cpp contains tests that ensure std::vector fails to
erase possibly confidential memory when its destructor is called, which
try to make sure the SafeBuffer testing method is valid. Since the
SafeBuffer test results may be completely wrong if these tests fail, it
would be better to merge them into one test to avoid misleading results.
I have merged the 4 tests into a single test and added some comments.
Change-Id: I9d58a7a3942a0318c0fa96047a1bdb7e708a69d4
Mateusz Cegielka [Fri, 31 Jul 2020 14:13:33 +0000 (16:13 +0200)]
Move Token and CryptoBackend to common
Both Token and CryptoBackend are small types used on the server, both in
the crypto and the service modules. They are defined in the service
module, and crypto submodules have to include these headers. Other than
that, the crypto module is not aware of the service module, and creating
an unnecessary cyclic dependency here shows up in static analysis.
Since they are minor types which don't contain any logic and are used in
different contexts in different modules, I have moved them to the
src/manager/common directory.
Change-Id: Ifd55ec97173b6e99c9c2fec154803dccfa48a1ae
Mateusz Cegielka [Tue, 4 Aug 2020 11:13:11 +0000 (13:13 +0200)]
Remove most CommunicationManager tests
CommunicationManager is a class responsible for adding std::functions to
a std::vector, and calling all of them with an argument (this takes 4
lines of actual logic). However, it has 7 redundant tests, including a
randomized stress test and some interesting helper classes.
I have reduced this number to 2 simple tests, testing basic and
exception-related behavior.
Change-Id: Ie8ce196df1f0e2a1c280c7aad4bd36c5911a6ada
Mateusz Cegielka [Tue, 4 Aug 2020 11:07:54 +0000 (13:07 +0200)]
Remove unused Stringify macro variants
Stringify is a helper macro used for formatting variadic arguments to a
string in error messages. The code also contains unused StringifyAvoid,
StringifyDebug and StringifyError macros.
I have removed the unused macros and their tests.
Change-Id: I08d00480a2e6ba73ba1a6c573c7afc4fccc36500
Krzysztof Jackiewicz [Fri, 17 Jul 2020 20:32:21 +0000 (22:32 +0200)]
Improve KeyProvider tests
More negative tests added. Existing tests refactored and fixed where necessary.
Redundant check removed from KeyProvider ctor.
Change-Id: I5210c0f4c79851543c0f9dcb532a30aa7dc8168f
Krzysztof Jackiewicz [Fri, 17 Jul 2020 14:57:46 +0000 (16:57 +0200)]
Remove KeyProvider lib initialization from tests
It's a NOOP on tizen.org.
Change-Id: I915bba5e55a6f21925c363687b1990d24bf2f2cf
Krzysztof Jackiewicz [Fri, 17 Jul 2020 12:11:56 +0000 (14:11 +0200)]
Add negative forEachFile tests
Change-Id: Ic4869009234676967e3571868ad2fa1e1d950c6a
Krzysztof Jackiewicz [Fri, 17 Jul 2020 11:52:17 +0000 (13:52 +0200)]
Exception tests refactoring
* Positive tests merged into one.
* Macros replaced with templates.
* Missing exceptions added.
Change-Id: Ia2da4262e874119a70940c1005d7c018aea9641b
Krzysztof Jackiewicz [Fri, 17 Jul 2020 10:12:29 +0000 (12:12 +0200)]
Add negative DescriptorSet tests
Change-Id: Idfb7dcd64c17aab418380a8fdb5b807a67710239
Krzysztof Jackiewicz [Wed, 15 Jul 2020 19:25:26 +0000 (21:25 +0200)]
Move db perf tests to a separate exec
Performance tests are not unit tests and do not improve code coverage. Also
they are all "positive". This commit moves them to a separate binary.
Also fixed performance calculation and few other minor issues.
Code slightly refactored.
Change-Id: Ifcf2463be28001a0e88e5127dd95ee081771382a
Krzysztof Jackiewicz [Wed, 15 Jul 2020 14:57:51 +0000 (16:57 +0200)]
Improve DB::Crypto negative test ratio
Redundant positive tests removed.
Negative constructor tests added.
Change-Id: Ic1c2d30d4121c4e901485cae63cb7a203865af7d
Krzysztof Jackiewicz [Tue, 14 Jul 2020 16:21:34 +0000 (18:21 +0200)]
Get rid of the openssl 1.0.2 specific code
Also move entropy initialization to key-manager-main.cpp where it is used.
Change-Id: I187c76565b3864b6042a31a6eb71ac5921dc1ffd
Krzysztof Jackiewicz [Tue, 14 Jul 2020 15:32:32 +0000 (17:32 +0200)]
Make BeginTransaction exclusive and use it
Change-Id: Ie37fb0a36c25079eadab374093065f1e466d22f9
Krzysztof Jackiewicz [Tue, 14 Jul 2020 15:31:44 +0000 (17:31 +0200)]
Remove unused SqlConnection::DataCommand::Reset
Change-Id: Ib4279ccd14c6066efc980ec00bd63e76b699ca6a
Krzysztof Jackiewicz [Tue, 7 Jul 2020 07:14:35 +0000 (09:14 +0200)]
Improve DB::Crypto code coverage
Change-Id: I0fcb65833641ef75ab2af3c265e15df4d45231b6
Krzysztof Jackiewicz [Tue, 14 Jul 2020 14:35:48 +0000 (16:35 +0200)]
Return if there are no rows to save
Before this change, an attempt to save an empty list of objects would populate
the NAME and PERMISSIONS table but insert no objects into the OBJECTS table.
Change-Id: I08a2b68831ed51564e43ef4a01fca28d2c789641
Krzysztof Jackiewicz [Mon, 6 Jul 2020 10:55:32 +0000 (12:55 +0200)]
Remove unused DB::Crypto methods
Change-Id: Ie9f54b02736f1eebd72a496f87e250bbdd48b7aa
Krzysztof Jackiewicz [Wed, 1 Jul 2020 20:53:14 +0000 (22:53 +0200)]
Add unit tests related to Pkcs 12
* Implement unit tests.
* Add p12 test files for different types of keys.
* Slightly refactor PKCS12Serializable API.
Change-Id: I87e4d9ee50e75aff8cc4e042bb239983a1f3c4d9
Krzysztof Jackiewicz [Tue, 9 Jun 2020 16:27:23 +0000 (18:27 +0200)]
SW backend unit tests
Also:
* Hide SW::Internals functions unused outside and add few asserts.
* Add missing openssl errors.
* Properly handle rsa encryption output.
* Properly handle missing asymmetric key.
* Old partial tests replaced.
* Minor code cleanup.
Change-Id: I1f83f6dc6bcdc99708b2f1f081b4be6fef8a4b08
Krzysztof Jackiewicz [Mon, 29 Jun 2020 16:33:32 +0000 (18:33 +0200)]
Unwrap 4 lines in SW::Internals to make them covered
Seriously.
Also remove one duplicated line exposed thanks to the lcov flaw.
Change-Id: If2c9ac01db6bbccf2e30a7d9ccecfbda9c2994ee
Krzysztof Jackiewicz [Mon, 29 Jun 2020 16:09:33 +0000 (18:09 +0200)]
Install all source files with coverage package
We only need to calculate code coverage for code in src subdirectory. However,
if unit-tests sourcess are not provided, the lcov fails to notice some of the
covered code paths in header files.
This commit installs all the sources, but removes irrelevant ones from the
report. It adds ~ +5% and +10% to line and function coverage respectively.
Change-Id: If17259ee4b8b76b8c7060c8d49ec92577d997eaf
Krzysztof Jackiewicz [Fri, 22 May 2020 14:47:26 +0000 (16:47 +0200)]
Coverage only mode
Additional "COVERAGE_ONLY" build type for skipping key-manager binaries and
RPMs. Translates to debug build with additional "coverage_only" flag.
Build key-manager with --define "build_type COVERAGE_ONLY".
Change-Id: I1e4a762b14d611ea6ad170f8b63f13af541fd8b1
Krzysztof Jackiewicz [Mon, 15 Jun 2020 15:06:26 +0000 (17:06 +0200)]
Remove key-manager requirement from unit tests
Unit tests package does not require key-manager anymore.
Change-Id: Ia9de48c188b4b9ca63cc53721c58f25ccc4ec4fc
Krzysztof Jackiewicz [Fri, 22 May 2020 14:47:26 +0000 (16:47 +0200)]
Automate code coverage measurement
* Unit-tests built and linked with coverage flags in debug mode only.
* Separate rpm for code coverage built in debug mode only, including:
** All the *.cpp and *.h files in /home/abuild/... in case lcov needs them
(missing files issue).
** All the key-manager's *.gcno files produced during compilation
(test/tools/misc files skipped).
** A helper script taking care of whole code coverage measurement, that is:
*** Removing old *.gcda files.
*** Launching internal test.
*** Gathering runtime *.gcda files.
*** Preparing a report with lcov. Fails if any error or warning is reported
(e.g. a missing file warning). Files external to the project are excluded.
*** Preparing an html report based on lcov output.
Usage:
* Build key-manager in debug mode mode.
* Install the key-manager-unit-tests and key-manager-coverage RPMs.
* Execute ckm-coverage.sh to produce lcov html report.
Change-Id: I5118b8ffba05e40d05e732c5162bd924a2f24120
Krzysztof Jackiewicz [Fri, 5 Jun 2020 19:50:34 +0000 (21:50 +0200)]
Improve KeyImpl & KeyAesImpl code coverage
Also unify key API.
KeyAesImpl() will now return an empty object instead of throwing. This will
unify the error code returned for symmetric and asymmetric keys from
ckmc_get_key(). It will also fix asynchronous C++ API. Observer will receive
an empty key instead of not being called at all.
Unify the type returned from empty keys. C++ API is a platform one and
getType() function is not used in tizen.org according to CodeGrok.
Change-Id: I7de8f32dfe59b1c5af441dfb9a0b8bee5c0d0bcf
Krzysztof Jackiewicz [Fri, 22 May 2020 14:47:26 +0000 (16:47 +0200)]
Reorganize project structure and RPM packages
* Internal tests package and binary renamed.
* Scheme test moved to a separate binary as they are not actual unit tests.
They use internal API, client library and need a running server. These tests
should be rewritten.
* New key-manager-misc RPM containing scheme test binary and helper tools.
* Project structure reorganized to better fit rpm packages.
* CMakeFiles.txt refactoring.
Change-Id: I4875f0a7189a960f193747591cc917fd5b9e2799
Krzysztof Jackiewicz [Thu, 7 May 2020 09:18:02 +0000 (11:18 +0200)]
Update DataType unit-tests
Change-Id: I1a15e4fa665fc8be551eea23bb997bd4aa869c82
Krzysztof Jackiewicz [Thu, 7 May 2020 08:27:08 +0000 (10:27 +0200)]
Refactor DataType related code
* Remove unnecessary DataType methods.
* Remove unnecessary Type enumeration scope.
* Make DataType serializable to avoid static casts.
* Use DataType checker methods instead of explicit DataType::Type comparison.
Change-Id: I01dc355050326ad1e40c34c869acbc07613c57db
Krzysztof Jackiewicz [Mon, 11 May 2020 18:49:53 +0000 (20:49 +0200)]
Don't return command in client-server communication
Client already has an id of the message sent to the server. There's no
point in returning the command from server and checking in on the
client's side.
* Stop returning command from server.
* Stop receiving and checking the command in the client.
* Unify naming.
Change-Id: I74bde065c5edcf414820b9c398d18e6bc0d299dd
Krzysztof Jackiewicz [Mon, 11 May 2020 09:22:05 +0000 (11:22 +0200)]
Fix async symmetric key getter
Symmetric keys were not properly returned to the caller.
Change-Id: Ibe0f6a98d57250f8d29cde8b16abce0270fb59b3
Krzysztof Jackiewicz [Thu, 9 Apr 2020 07:08:43 +0000 (09:08 +0200)]
Release 0.1.38
* Annotate fallthru switch statements
Change-Id: I03b7eb50af98adbbb51581769bf59c2ab8d3d22d
Konrad Lipinski [Tue, 7 Apr 2020 11:17:21 +0000 (13:17 +0200)]
Annotate fallthru switch statements
As of gcc 7:
* -Wimplicit-fallthrough is enabled via -Wextra
* the standard statement attribute [[fallthrough]] is supported
Change-Id: Iea6809980b5cb6c9abe28cbded74bcaa8997650d
Dariusz Michaluk [Mon, 30 Mar 2020 13:19:19 +0000 (15:19 +0200)]
Release 0.1.37
* Switch to sqlcipher library
* [NOT COMPILING] Append 4.3.0 dbdump.c to sqlcipher
* [NOT COMPILING] Replace sqlcipher with upstream 4.3.0
* Improve CryptoLogic tests code coverage
* Relax FileSystem::removeUserData and check its return value
* Properly report unaught exceptions in latest boost test
* Add negative CommunicationManager test
* Refactor BinaryQueue and tests
* Replace dpl asserts with libc ones
* Implement negative cert tests
* Categorize tests into positive and negative
Change-Id: Ic15444e23a95e1f40a78a19c51613ea05af57857
Konrad Lipinski [Thu, 21 Nov 2019 15:51:31 +0000 (16:51 +0100)]
Switch to sqlcipher library
Prior to this change, a modified sqlcipher 1.1.9 amalgamation bundled
with key-manager was being used. A push to externalize sqlcipher has
emerged as a result of wise men running SAM (a metrics tool) on the
entire key-manager repo to find that a 130k loc file scores badly.
Problem is, the bundled 1.1.9 sqlcipher had meta-tables renamed as
a result of an oversight, ex. sqlite_master was renamed to
sqlcipher_master. Result: binary incompatibility with upstream.
Running upstream sqlcipher on our legacy db files was found to corrupt
the files after running a single query.
Backward compatibility with existing db files is achieved by:
* bundling sqlcipher 4.3.0 amalgamation with key-manager
* renaming meta tables in the bundled sqlcipher so it's capable of
opening legacy db files
* adding a textual sql db dump functionality to the bundled sqlcipher,
based on an upstream extension; it would not work correctly with
1.1.9, thus the bump to upstream version 4.3.0
* correcting meta table names on the fly when dumping, for instance
printing sqlite_sequence instead of sqlcipher_sequence
* keeping legacy db filenames as db-$uid
* introducing upstream db filenames as db0-$uid
* converting legacy db files to upstream by using sql dumps of legacy
files to seed freshly created upstream files
* removing respective legacy files after successful conversion
The bundled amalgamation is factored out into a separate .so library
exporting only one function: dumpLegacyDb. The library is huge and never
needed once the initial conversion is done, thus dlopen/dlsym/dlclose
are employed to mitigate the overhead.
Room for improvement:
* sqlcipher_master meta table contains arbitrary sql that is output
verbatim when dumping; I have not been able able to prove that those
statements are free of misnamed meta table references; key-manager
database dumps appear to be clean
* the entire thing seems fragile; author of the upstream sql dump code
very nearly disclaims responsibility for its correctness so I believe
I should too; no sqlcipher tests were imported, just the amalgamation;
however, a few migration tests were added to ckm-tests-internal
* as before, no additional preprocessor definitions were specified when
compiling bundled amalgamation; it may be possible to make the
resulting binary leaner by judicious use of optimization options;
regardless, that falls out of scope of this change, i.e. doing the
bare minimum to make things work
* the current solution is unlikely to satisfy the SAM crowd - the
amalgamation is still here and it's grown to 230k loc
Change-Id: Ia6b25e29151f7957598b68657d083c064cc44ac9
Konrad Lipinski [Tue, 17 Mar 2020 11:17:47 +0000 (12:17 +0100)]
[NOT COMPILING] Append 4.3.0 dbdump.c to sqlcipher
Change-Id: Ic397ecd980e61dd03c12eb8ca68063ebdd4c9272
Konrad Lipinski [Tue, 17 Mar 2020 11:10:54 +0000 (12:10 +0100)]
[NOT COMPILING] Replace sqlcipher with upstream 4.3.0
Change-Id: I4340f95a11afdcd06263c7eb73a5530c4210171f
Krzysztof Jackiewicz [Thu, 26 Mar 2020 20:10:05 +0000 (21:10 +0100)]
Improve CryptoLogic tests code coverage
Change-Id: I14d50f0269166931e7d4b9a7591c8186eff7d16a
Konrad Lipinski [Fri, 27 Mar 2020 10:47:39 +0000 (11:47 +0100)]
Relax FileSystem::removeUserData and check its return value
Said function no longer returns errors on ENOENT.
Change-Id: I10051ab71028d02b5c6708e20f1f91b45ff67457
Krzysztof Jackiewicz [Fri, 27 Mar 2020 10:51:53 +0000 (11:51 +0100)]
Properly report unaught exceptions in latest boost test
Change-Id: Ib9a517bf88f56aa7fddb3d0260282d62f0af7888
Krzysztof Jackiewicz [Wed, 25 Mar 2020 15:31:51 +0000 (16:31 +0100)]
Add negative CommunicationManager test
Invalid usage simply won't compile. Not much that can be done to reach the 50%
ratio except for merging all positive tests into one.
Change-Id: I99b8b97397a7d4ccdf762fc96dbf7d8648ad9a17
Krzysztof Jackiewicz [Tue, 17 Mar 2020 12:56:58 +0000 (13:56 +0100)]
Refactor BinaryQueue and tests
- Increase code coverage by removing code
- Check NULL/0 argument values
- Simplify buckets
- Adjust tests
- 50% negative tests
Change-Id: I39bc58b0809798313a26cf13a35668028bbf3be4
Krzysztof Jackiewicz [Tue, 24 Mar 2020 16:32:26 +0000 (17:32 +0100)]
Replace dpl asserts with libc ones
- Libc asserts were already used in few places. Now it's unified.
- Libc asserts are disabled in release builds unlike dpl ones.
- Code coverage is improved.
Change-Id: Ie241b997433b2286d1b6c3f5e24571af5bf5809f
Krzysztof Jackiewicz [Mon, 23 Mar 2020 19:44:41 +0000 (20:44 +0100)]
Implement negative cert tests
- 50% negative tests for CertificateImpl
- Positive OCSP test updated
- Minor changes in CertificateImpl
Change-Id: I6bdb9e6140694357cba93b8efe26f622744ce927
Krzysztof Jackiewicz [Mon, 16 Mar 2020 14:54:45 +0000 (15:54 +0100)]
Categorize tests into positive and negative
Wise men said:
"Thou shalt not covet positive tests more than the negative ones"
To easily distinguish between positive and negative tests their names will be
prefixed with "POSITIVE_" and "NEGATIVE_" string respectively.
Boost test macros wrappers included.
Existing tests have been categorized.
Change-Id: Ifb21077437ebf82d2a2f4b4c70c53ab61b320c49
Tomasz Swierczek [Wed, 18 Mar 2020 07:03:36 +0000 (08:03 +0100)]
Release 0.1.36
* Fixed build break in some environments
* Store DB::Crypto::m_connection as unique_ptr
* Move to -std=c++14
Change-Id: I8a1982b8f4f22f22ce5a460f4a85f2e7197a3637
Tomasz Swierczek [Wed, 18 Mar 2020 06:52:14 +0000 (07:52 +0100)]
Fix build break
Previously, log_build_info was not having additional bool parameter.
When new parameter was added, new function was added that overridden
previous one but had no chance of being properly used (ambiguity
introduced). This failed at compile time in some envs, depending on
options used.
Change-Id: Icb8ffeae5c0c51bca2e9a6f2a0956fc6fe1590ec
Konrad Lipinski [Tue, 17 Mar 2020 16:31:45 +0000 (17:31 +0100)]
Store DB::Crypto::m_connection as unique_ptr
Change-Id: I289c8c7c62af72ae34ac1692f89af1d2bfd813f6
Konrad Lipinski [Tue, 17 Mar 2020 11:09:20 +0000 (12:09 +0100)]
Move to -std=c++14
Change-Id: Id2f9eaa0ab2237aa8a8da379949cd239ec69d565
Tomasz Swierczek [Thu, 30 Jan 2020 11:31:20 +0000 (12:31 +0100)]
Release 0.1.35
* Fix build break with boost 1.71.0
Change-Id: Ib4ea4024a5751d78bed1effd6c52753a333cd985