Zofia Abramowska [Tue, 22 Apr 2025 12:47:46 +0000 (14:47 +0200)]
dpl: Define smartptr structure based on type name
Smartptr define creates deleter struct with name
based on delete function name. Defining name based on type
name makes it more flexible.
Change-Id: If4bcb86e42ac2b0a81507152f9697f2fcce0d939
Krzysztof Jackiewicz [Wed, 30 Apr 2025 12:29:55 +0000 (14:29 +0200)]
Skip scoped resource cleanup in child process
Change-Id: I29e9ec760d9e73d4d0ebb593705c3c62c9e54fe9
Krzysztof Jackiewicz [Wed, 30 Apr 2025 15:09:56 +0000 (17:09 +0200)]
Cleanup dependencies
Don't link with libraries already linked by common library.
Make all common include dirs PUBLIC so test binaries know where to look
for headers.
Change-Id: Iab79f69fc6627b002f191d47b4b89bb47d60ea35
Krzysztof Jackiewicz [Tue, 29 Apr 2025 19:39:59 +0000 (21:39 +0200)]
Move ScopedAppLauncher to common library
Change-Id: I604b7f85fc2f2ed8b7fcd22f711e93aaf5950fc8
Krzysztof Jackiewicz [Wed, 30 Apr 2025 08:38:15 +0000 (10:38 +0200)]
Revert "Add handling uncaught exceptions from the child process function"
This reverts commit
a8ae172c7481236669783f870698640fc9409b4d.
Without it, we won't be able to get the failed assertion info in
RUNNER_CHILD_TESTs.
Change-Id: Ib38eee248e950e30e8eae88daf03e0289152d4a4
Krzysztof Jackiewicz [Wed, 30 Apr 2025 08:00:48 +0000 (10:00 +0200)]
Merge remote-tracking branch 'origin/ckm' into tizen
Change-Id: If027158514113f53d7173485a8995de195a8a488
Krzysztof Malysa [Tue, 29 Apr 2025 14:19:11 +0000 (16:19 +0200)]
Merge remote-tracking branch 'origin/tizen' into ckm
Change-Id: Id8d064063e7c4b065cbe7e3c2801168c2d6cacd5
Krzysztof Malysa [Tue, 29 Apr 2025 14:15:29 +0000 (16:15 +0200)]
Merge remote-tracking branch 'origin/tizen' into security-manager
Change-Id: I201ee92e8af3724d2df3ff2d4290f8310b68fcee
Krzysztof Jackiewicz [Fri, 14 Mar 2025 18:12:35 +0000 (19:12 +0100)]
Catch exceptions from group init/finish
Change-Id: I1af60066ff1d7c2e0b72a6a765b88f19bd09d535
Zofia Abramowska [Tue, 8 Apr 2025 10:42:07 +0000 (12:42 +0200)]
security-manager: remove manual forks from ScopedAppLauncher
Change-Id: If6b88d39a2b6cea4aff073876f54b47bc21efa93
Krzysztof Malysa [Tue, 29 Apr 2025 12:54:22 +0000 (14:54 +0200)]
Add handling uncaught exceptions from the child process function
Change-Id: I052f3980ccd590b870226e180710edaf350b77e3
Krzysztof Malysa [Thu, 10 Apr 2025 19:39:41 +0000 (21:39 +0200)]
Fix checking mmap() return value
Change-Id: I2d3355f28caa2e2cdddcae7cecb9c077329d3e42
Zofia Abramowska [Wed, 26 Mar 2025 13:25:13 +0000 (14:25 +0100)]
security-manager: Remove manual calls of fork()
Change-Id: Id39eb0a124175c178d9ad62a362856518bcde0b0
Zofia Abramowska [Tue, 8 Apr 2025 17:02:11 +0000 (19:02 +0200)]
security-manager: Fix segfaults in PolicyRequest
Change-Id: I1273c17991d4c32d5585740b2386d5e04b4e086f
Filip Skrzeczkowski [Mon, 28 Apr 2025 10:35:07 +0000 (12:35 +0200)]
security-manager: Ensure app cleanup in ScopedAppLauncher
Make sure that cleanupApp is called in the ScopedAppLauncher
destructor even if everything else fails
Change-Id: Ife73ededce3b42e3e4a19534a169e78ce029969c
Krzysztof Jackiewicz [Wed, 19 Feb 2025 12:00:45 +0000 (13:00 +0100)]
Cleanup tests-common dependency
Change-Id: I03b0aaa1b184524dc3fc702e5391ca055bf78420
Tomasz Swierczek [Thu, 20 Mar 2025 09:15:06 +0000 (10:15 +0100)]
Add tests for security_manager_get_app_full_credentials_from_pid
Also fix security_manager_get_app_owner_uid
Change-Id: I2d55c7240fc8eeed73018a8b173df0e2ea555499
Krzysztof Jackiewicz [Mon, 17 Mar 2025 13:50:47 +0000 (14:50 +0100)]
Merge branch 'tizen' into 'ckm'
Change-Id: Ib249edc0d7789b5427b5950d9292b41fa096b70f
Krzysztof Malysa [Fri, 7 Mar 2025 18:55:23 +0000 (19:55 +0100)]
Fix gdb attaching to the wrong process
In the wild, I experienced a case where gumd process terminated with
failed assertion due to the main process exiting and spawned a child
process to exec gdb and get the backtrace. However, just after spawning
the child, the process gets killed because runner's main process exits.
This caused the spawned child to be reparented to PID 1. Then the child
obtained the pid to debug via getppid(), which returned 1, causing
execution of gdb --pid 1.
This could be harmless, but if this was done
under strace -ff it resulted in deadlock in some GDB subprocess
effectively freezing systemd (PID 1). Consequences included indefinite
freeze in ssh clients trying to connect to the emulator - it was quite
problematic impediment in work.
Now the pid obtained using getpid() before forking. Moreover, getting
killed by SIGKILL in case the parent process died was implemented for
the GDB's main process.
Change-Id: I19251d266d6c4bbd7875b9c4ae56f97f4d94e180
Zofia Abramowska [Tue, 11 Mar 2025 10:54:30 +0000 (11:54 +0100)]
security-manager: Fix private sharing
Adapt to uid-sandboxing
Change-Id: I7f95b8f56161a1b99e7cabb8edd561580767d4b4
Zofia Abramowska [Tue, 11 Mar 2025 10:52:39 +0000 (11:52 +0100)]
security-manager: Change path handling in AppInstallHelper
* properly remove created files
* keep paths in unordered set to eliminate duplicates
* fix tests that drop privileges in the same process
as AppInstallHelper will be removing its paths
Change-Id: Ie737ef88058c63c3e1ecc868bd4f88b8eeb6797a
Filip Skrzeczkowski [Mon, 10 Mar 2025 11:44:25 +0000 (12:44 +0100)]
Add internet access control tests
Change-Id: Ic5d2132e20afa35cbb1b73775d16b1033d0f9660
Filip Skrzeczkowski [Fri, 28 Feb 2025 13:46:26 +0000 (14:46 +0100)]
Update no-smack list for set_identity
Change-Id: I808bbc65d280e4068db212797ecdbfc60d6215af
Krzysztof Jackiewicz [Fri, 14 Feb 2025 16:21:54 +0000 (17:21 +0100)]
Update path setup tests
* Add dependency to libacl.
* Modify access checks to verify ownership and ACLs in no-smack mode.
* Add AGID getter.
* Add ACL helper.
* Rename test app dir to work with AppInstallHelper.
* Make runAccessTest() prepare and cleanup the app.
* Add system_access supplementary group for tests in no-smack mode.
* Update the tests.
* Skip access checks expecting rule removal in no-smack (paths will be
removed by the installer anyway).
* Make AppInstallHelper use global user id when installing as root (the
app is installed as a global user in such case).
* Fix AppInstallHelper::createFile().
* Make AppInstallHelper::create*() methods chown files for global
installations too.
* Update no-smack tests script.
* Minor refactoring.
Change-Id: I7c6b302767ef1122439ea79b3eb2bb4785316120
Krzysztof Jackiewicz [Wed, 26 Feb 2025 10:03:25 +0000 (11:03 +0100)]
Add app owner getter test
Change-Id: Ida7103c7c48f34da5ff6d32e5cb0d1c290456a18
Krzysztof Malysa [Mon, 17 Feb 2025 13:42:38 +0000 (14:42 +0100)]
Remove DPL::Atomic
Change-Id: I9c7a3afc4cd9ff1cd314b91f5309e0faaea24357
Krzysztof Malysa [Tue, 18 Feb 2025 12:03:32 +0000 (13:03 +0100)]
Add security_manager_09g_update_many_apps_in_single_request_duplicated_ids
Change-Id: Idaf017b1e1950ada7cf81b9c9a2dc31448b02f5d
Krzysztof Malysa [Fri, 14 Feb 2025 16:37:23 +0000 (17:37 +0100)]
Fix security_manager_09b_install_many_apps_in_single_request_duplicated_ids
Change-Id: I8230c35fcd8d2093963311e9ccc4188d6c74f722
Krzysztof Malysa [Wed, 19 Feb 2025 13:13:13 +0000 (14:13 +0100)]
Add run-security-manager-no-smack-tests.sh script facilitating changes verification
Change-Id: I5e340c3ab5d8647d73fd1dae2e890af62a81ccab
Krzysztof Malysa [Wed, 19 Feb 2025 16:40:34 +0000 (17:40 +0100)]
Fix security-manager-tests sometimes hanging
Even security-manager-tests --list sometimes hung.
There were 2 problems:
1. Reading from socket was unchecked for read() returing 0 (indicating
that the socket was closed on the other end) and this resulted in an
infinite loop calling read() that always returned 0.
2. The socked was closed because it lived in the parent process that
already died. Even though the child process requests getting SIGKILL
on parent death with prctl(PR_SET_PDEATHSIG) it was possible that
parent died before prctl() succeeded causing the program to misbehave
in the ways descibed above.
Change-Id: Ief50e9addf4ead899c29f5f28faa0dfd95ab3c84
Krzysztof Malysa [Fri, 14 Feb 2025 13:02:18 +0000 (14:02 +0100)]
Fix %postun being called on the end of package upgrade/reinstall making tests fail
Change-Id: Id3796fbfbdd43f1e5a1dd46b42ba9546f3ef68cb
Tomasz Swierczek [Fri, 14 Feb 2025 12:42:20 +0000 (13:42 +0100)]
Reduce timeout in security_manager_400_prepare_app_series_with_concurrent_install_stress
Previous value could lead to timeout in the testing framework.
Change-Id: I93ededea7574d125c064032ccea8b2fc49b2fdf0
Krzysztof Jackiewicz [Thu, 13 Feb 2025 16:01:42 +0000 (17:01 +0100)]
Use RUNNER_CHILD_TEST where necessary
Tests with fork() and child processes throwing exceptions must be added
as RUNNER_CHILD_TESTs so the exceptions are properly handled.
Change-Id: Ic9b841b38e338f47b52d5fcb036ee6a1d43e3523
Krzysztof Malysa [Thu, 13 Feb 2025 11:25:46 +0000 (12:25 +0100)]
Migrate AppInstallHelper::getPUID() to use security_manager_set_identity()
Change-Id: I50bfcd0dd1dce336e3b67e18dddd4daf1a45efba
Krzysztof Malysa [Thu, 13 Feb 2025 09:59:36 +0000 (10:59 +0100)]
Fix typo
Change-Id: I75cdbd481ae0e2241f73679c0124c580a9c63969
Krzysztof Jackiewicz [Wed, 12 Feb 2025 16:01:56 +0000 (17:01 +0100)]
Add missing app cleanup
Change-Id: I413c6998aff7aa06cd3b0752178c13ec42a1cd3b
Filip Skrzeczkowski [Mon, 10 Feb 2025 16:30:16 +0000 (17:30 +0100)]
Adapt tests for security_manager_set_identity
Change-Id: Iff96cc48675e64382c70b30a9d9324c9c7e68c3e
Tomasz Swierczek [Thu, 30 Jan 2025 09:55:57 +0000 (10:55 +0100)]
Make security_manager_26_1_security_manager_get_app_owner_uid test work in no-smack mode
Change-Id: Id80490c119b14ffb1937c07fbaa2b6b0eeb85af4
Krzysztof Malysa [Fri, 7 Feb 2025 14:41:57 +0000 (15:41 +0100)]
Fix security_manager_08_user_double_add_double_remove test removing uid 0
Change-Id: I4ed00a1a6fe95572d037182f4ebbc80d79b693d2
Krzysztof Malysa [Thu, 6 Feb 2025 16:32:20 +0000 (17:32 +0100)]
Adjust some of security-manager tests for no-smack environment
Change-Id: If031bb68e36ee8ad2df0eb00e32637fc78d11f01
Krzysztof Malysa [Thu, 6 Feb 2025 13:40:46 +0000 (14:40 +0100)]
Fix tests sometimes running multiple times due to some failing test
Change-Id: I1d03d20fd633fd0c52920de6ef20a5424dcbd203
Krzysztof Jackiewicz [Tue, 21 Jan 2025 13:59:57 +0000 (14:59 +0100)]
Remove unused functions
Change-Id: Ia92180da601a967b12c4a3fe0856e4545c844d1e
Krzysztof Jackiewicz [Tue, 21 Jan 2025 11:04:59 +0000 (12:04 +0100)]
Disable smack access checks in no-smack
Change-Id: I02505a9584a5cdd34bb2b51938dcfbb9c986e996
Krzysztof Jackiewicz [Fri, 17 Jan 2025 17:00:17 +0000 (18:00 +0100)]
Adjust app preparation tests to no-smack mode
Change-Id: I08a98000e404d2d5f8d95fe507fe53f901c235bf
Krzysztof Jackiewicz [Thu, 16 Jan 2025 10:25:37 +0000 (11:25 +0100)]
Retain CAP_SETUID in no-smack mode
Change-Id: Ie6016234421ebb1594d12d550a8d175d52d8244b
Filip Skrzeczkowski [Fri, 3 Jan 2025 16:44:40 +0000 (17:44 +0100)]
Add a sample testing app for No-Smack Tizen images
Change-Id: I7d491816ac36cb3cb5855eba4f71c3725f30ac75
Daniel Kita [Thu, 28 Nov 2024 07:59:29 +0000 (08:59 +0100)]
Enable DSA 1024 tests
Change-Id: I64bb4ac51002aa1b0286018839a8adebac0ea5dd
Tomasz Swierczek [Wed, 8 Jan 2025 07:26:06 +0000 (08:26 +0100)]
Add test for security_manager_is_app_from_pid()
Change-Id: I069cda129f9df3fc52a4bf123692ab1a9fe75a5c
Dariusz Michaluk [Thu, 2 Jan 2025 11:35:34 +0000 (12:35 +0100)]
Replace expired certificate
Change-Id: Id4618d45246af4ce9a34da280408126c0d3b7fcf
Tomasz Swierczek [Mon, 16 Dec 2024 11:47:58 +0000 (12:47 +0100)]
Add tests for new APIs
* security_manager_get_app_owner_uid
* security_manager_self_is_app
Change-Id: I34bd9a719417cdc1b05554bbaff0886a6b9322ec
Jan Wojtkowski [Mon, 2 Dec 2024 16:02:24 +0000 (17:02 +0100)]
Add tests for security_manager_set_identity()
Change-Id: I4a125d42d5e0c9cd579472df0bba54053e5489a2
Dariusz Michaluk [Tue, 17 Dec 2024 11:14:01 +0000 (12:14 +0100)]
Merge branch 'tizen' into security-manager
Change-Id: I3a18e67ff22ffd6f9540a45debdcb4b921c8c804
Dariusz Michaluk [Tue, 17 Dec 2024 10:50:49 +0000 (11:50 +0100)]
Merge branch 'ckm' into tizen
Change-Id: Iaafaf37a699c40c8e27ebdaff27a587d96ccfa74
Jakub Wlostowski [Thu, 12 Dec 2024 11:23:54 +0000 (12:23 +0100)]
Add -Wno-alloc-size-larger-than
Change-Id: I57da775857fe21e5be2a6ce0e323859776fdf510
Krzysztof Jackiewicz [Mon, 9 Dec 2024 10:31:46 +0000 (11:31 +0100)]
Remove usleep from app preparation malloc tests
Change-Id: I44ec5aacaaad3f8b6b4eca3fc0f74997f6d66abf
Tomasz Swierczek [Mon, 9 Dec 2024 08:41:18 +0000 (09:41 +0100)]
Merge branch 'tizen' into security-manager
Change-Id: I2182b5350daefac56746a1d8ee56f9e871608c94
Tomasz Swierczek [Mon, 9 Dec 2024 08:23:18 +0000 (09:23 +0100)]
Merge branch 'ckm' into tizen
Change-Id: Icd1366f901a908c828d4185a7367ebef4c2eef75
Krzysztof Jackiewicz [Fri, 6 Dec 2024 19:38:11 +0000 (20:38 +0100)]
Add test for allocations during app preparation
Change-Id: I7540450868479a15d5be0448c8b7155b09746b7a
Jakub Wlostowski [Tue, 3 Dec 2024 13:42:25 +0000 (14:42 +0100)]
Fix x86_64 debug build issue
Change-Id: I940ce244e53935156a5bf5d745dccb2be4e0661f
Krzysztof Jackiewicz [Fri, 29 Nov 2024 09:54:46 +0000 (10:54 +0100)]
Fix 64bit build
Change-Id: I1c308248820756da20fc572f8caf653a5f4c17b9
Jan Wojtkowski [Fri, 22 Nov 2024 08:31:50 +0000 (09:31 +0100)]
Fix building error after build flags update
Change-Id: I725586654155c0c64ad2e8f0c574a270805ae955
Daniel Kita [Mon, 25 Nov 2024 14:45:35 +0000 (15:45 +0100)]
Replace expired ca.crt certificate in PKCS chain
Change-Id: I18ef509e06ea70f18a81e96290f1396f2be1b6be
Krzysztof Jackiewicz [Fri, 15 Nov 2024 10:02:58 +0000 (11:02 +0100)]
Add tests for same alias case
Change-Id: Iac7cbddcaa89e94d2784de2584ccc97ea2fb77b3
Andrei Vakulich [Thu, 18 Jul 2024 15:18:07 +0000 (17:18 +0200)]
Added tests for Update API.
Change-Id: I2948736744093c8d9d47e3af69502f6b4473d9a6
Tomasz Swierczek [Tue, 22 Oct 2024 15:30:25 +0000 (17:30 +0200)]
Add tests of concurrent prepare_app and app_install/uninstall
These tests should properly stress the two-threads implementation
of the daemon that has dedicated thread just for prepare_app call.
The test takes more time so its run as RUNNER_TEST (not CHILD test)
as CHILD tests do have a timeout in the testing framework internals.
Change-Id: Iad094acfc3d86d9b1d15c79a6b9095b733adda93
Jakub Wlostowski [Thu, 10 Oct 2024 14:22:28 +0000 (16:22 +0200)]
Enable ECDSA import tests
Change-Id: Ic5d2c33d10198fec470b0342d4e6943f0ef2b7c5
Jakub Wlostowski [Tue, 24 Sep 2024 13:05:04 +0000 (15:05 +0200)]
Add DSA import-sign-verify test
Change-Id: Ibe05f1602bf909ff607c588d646331ddbd440de4
Jakub Wlostowski [Tue, 24 Sep 2024 10:34:51 +0000 (12:34 +0200)]
Remove outdated DSA verification comments
DSA verification was fixed in tef-simulator
so the comments are no longer true.
Change-Id: I8a1fbaea88652cb05e846183d5ac0efc74883b80
Dariusz Michaluk [Thu, 29 Aug 2024 18:01:30 +0000 (20:01 +0200)]
Test getting/saving KEM keys in TZ
Change-Id: I99f95069a78eec69451656371dd53613f5691e6e
Dariusz Michaluk [Tue, 27 Aug 2024 12:41:59 +0000 (14:41 +0200)]
Add EC & PQC hybrid derivation test
Change-Id: I6d5c13d024dedb166f9cac0eac1dfc198d550fe7
Jakub Wlostowski [Tue, 6 Aug 2024 10:15:54 +0000 (12:15 +0200)]
Add testing KEM vectors
Change-Id: I443a99dcb4cb7b4b288084db50e6b167715cd860
Jakub Wlostowski [Wed, 31 Jul 2024 14:40:48 +0000 (16:40 +0200)]
Check PQC API protection
Change-Id: Id88a64ed78395b4b02b02de350169db4b1e4f7ba
Jakub Wlostowski [Tue, 30 Jul 2024 08:19:39 +0000 (10:19 +0200)]
Add ML-KEM derive hybrid tests
Change-Id: Ic1e09cc65f9d5afad44df70e2b9119bb66ee7580
Jakub Wlostowski [Wed, 24 Jul 2024 11:59:40 +0000 (13:59 +0200)]
Add ML-KEM (en/de)capsulation tests
Change-Id: I521649fb59a464c7cf96fb08682d44ff1abde71d
Jakub Wlostowski [Fri, 12 Jul 2024 11:39:39 +0000 (13:39 +0200)]
Add ML-KEM keypair creation tests
Change-Id: Id6d174d98066e65e0371498672a57ae001ab059e
Jakub Wlostowski [Thu, 8 Aug 2024 09:19:31 +0000 (11:19 +0200)]
Fix maybe-uninitialized error
Change-Id: I32e2b68d7b7851975ccc90a162a9d1603eda884c
Dariusz Michaluk [Wed, 10 Jul 2024 08:54:05 +0000 (10:54 +0200)]
Fix wrapping tests
Wrapping function should always use public key,
unwrapping is made with private key.
Change-Id: I4628de66596d7fe155b93a461467724c6e8d708e
Andrei Vakulich [Fri, 7 Jun 2024 12:32:25 +0000 (14:32 +0200)]
Added key and data backend checks to tests
Checks were added to tests: e2ee-adaptation-layer,
key-derivation, key-wrapping, capi-testcases.
Change-Id: I4c310c0ee56dcb5d5b8557bbc02c5424efdf6b9f
Filip Skrzeczkowski [Wed, 26 Jun 2024 13:59:49 +0000 (15:59 +0200)]
Add extended privilege integration tests
Change-Id: Idf6054cefab577b99216daffa1436157484e96b8
Dariusz Michaluk [Thu, 20 Jun 2024 08:40:18 +0000 (10:40 +0200)]
Fix build error on 64 bit arch
Change-Id: I7761781ce448dd91fe6fd382e05a2eaa42d69f0a
Jan Wojtkowski [Fri, 17 May 2024 09:33:29 +0000 (11:33 +0200)]
Add more tests to the concatenated wrapping API
Change-Id: I1c4166512e1fe8f7366238459161711a460e449b
Krzysztof Jackiewicz [Fri, 7 Jun 2024 09:50:03 +0000 (11:50 +0200)]
Fix systemdb tests
Add missing database cleanup to system db tests.
Fix failing T5044_SYSTEM_SVC_5000_ACCESS_DB. The expected error is
CKMC_ERROR_DB_ALIAS_UNKNOWN because user 5000 is not a system service and does
not know about the alias stored in the system db.
Change-Id: I824cd1d3c6504a67215a9094eaa510849d1330bc
Andrei Vakulich [Fri, 17 May 2024 17:55:25 +0000 (19:55 +0200)]
Improve access control tests
Change-Id: I8bcc999acc3dd83a48d90fa9e12e6766cbbc0212
Dariusz Michaluk [Thu, 9 May 2024 14:00:25 +0000 (16:00 +0200)]
Add concatenated wrapping API tests
Change-Id: I9ab387af866dae43b54ba59cd779d557d560b41d
Dariusz Michaluk [Fri, 10 May 2024 09:49:45 +0000 (11:49 +0200)]
Adjust tests to implementation changes
Allow using SHA384 & SHA512 with RSA OAEP
Change-Id: Iaf60a99d5046c94cce0c370ce4d1660886720f59
Andrei Vakulich [Tue, 14 May 2024 07:57:22 +0000 (09:57 +0200)]
Add privileged tests for REMOVE only permission
Check if ckmc_get_data_alias_info_list and
ckmc_get_data_alias_list return info for READ only
and REMOVE only permission
Change-Id: Iac50c1e0c23560c88eb3d5c74ec4c450a52d3a50
Dongsun Lee [Mon, 18 Mar 2024 06:59:08 +0000 (15:59 +0900)]
Add test-cases for RSA 3072
Change-Id: I9a42988035717b8bb128a4dc06add83c080e9cbc
Jan Wojtkowski [Thu, 18 Apr 2024 13:12:19 +0000 (15:12 +0200)]
Add vscode settings to .gitignore
Change-Id: I68f6f7941e7f9f9cbba86c5c03fc461c5cb9bb72
Filip Skrzeczkowski [Tue, 2 Apr 2024 13:54:07 +0000 (15:54 +0200)]
Temporarily disable positive ocsp tests due to firewall/dns issues
Change-Id: I85b714e1f38afaf25b111d54a0694b2e5327ed0d
Dongsun Lee [Wed, 21 Feb 2024 02:32:29 +0000 (11:32 +0900)]
Add TCs for exporting RSA public key from TZ
Change-Id: I0fe80a888581104eb38f99bf1a9780092b784953
Tomasz Swierczek [Tue, 13 Feb 2024 08:51:33 +0000 (09:51 +0100)]
Add old_tee compile-time option
This setting can be used in pair with tz_backend compile-time
flag to disable some algorithms not supported on older TEE
backends.
Currently unsupported: RSA & DSA 4096
Change-Id: I5a0e04ca604a034a07a68717f547ccacb59b17d3
Dariusz Michaluk [Mon, 4 Mar 2024 16:51:01 +0000 (17:51 +0100)]
Adjust tests to "ECDSA raw/asn1 signature conversion methods"
If the ECDSA signature is presented in asn1 format, the first byte is always asn1 metadata,
it's better to change the last byte, which will always be signature data.
Change-Id: I6ec694dc17598f5931ef12ab15701c15138755f0
Krzysztof Jackiewicz [Mon, 16 Oct 2023 07:40:09 +0000 (09:40 +0200)]
Add test for RSA OAEP wrapping with different hashes
Change-Id: I9a06501cdb67fe2ac8558b694b0e49b12c7e793f
Krzysztof Jackiewicz [Mon, 14 Aug 2023 14:31:57 +0000 (16:31 +0200)]
Apply VD test modifications
* Add EC public key export tests.
* Add EC key/cert import tests.
* Add TZ_EC_IMPORT build flag. EC import is not required by E2EE but is
implemented in VD backend. Tests importing EC keys are disabled by
default.
* Use ckmc_backend_get_max_chunk_size to obtain the maximum "big data"
size supported by the backend.
* Update and add DSA import/signature/verification tests.
* Don't use GCM IV longer than 63B as VD's backend does not support
them.
* Make keys unexportable where needed so that TZ backend is used
whenever possible.
* Compare unexportable keys by comparing encryption results.
* Limit the amount of code applicable to SW backend only.
* Don't expect CBC import (decryption) to fail always when wrong key is
used. It may indeed fail if the padding is broken but it doesn't have
to be the case.
* Add comments explaining the source of failure on tizen.org's backend
implementation.
Change-Id: Ie98915ff1010af67ba9c44e8727813fa895c1979
Filip Skrzeczkowski [Thu, 28 Sep 2023 11:25:42 +0000 (13:25 +0200)]
Add tests for permissible file repair
The client library repair is tested via the client-label-monitor while
the service repair is tested by invoking app installs and uninstalls.
Both global and local permissible files are tested
Change-Id: Ib926f649d41e38cf7f0c34212db71a854fe156f8
Krzysztof Jackiewicz [Mon, 25 Sep 2023 09:52:51 +0000 (11:52 +0200)]
Add tests for different OAEP hashes
Change-Id: If15830a880bd4ffb9f546afd55d885a78ece37c5
Krzysztof Jackiewicz [Fri, 29 Sep 2023 11:29:57 +0000 (13:29 +0200)]
Adjust tests to changes related to x9.31
X9.31 padding can not be used without a hashing function. Openssl does
not allow it. Adjust test to key-manager changes.
Change-Id: I23771afc3dedb4d05b241d17ade39eb9c13d52a1
Dongsun Lee [Wed, 20 Sep 2023 03:02:35 +0000 (12:02 +0900)]
use the same parameters as E2EE modulue in e2ee-adaptation-layer TCs
Change-Id: I7579666aadcca7197d22dd35bc567b231f3fecbf
Dongsun Lee [Mon, 18 Sep 2023 09:20:23 +0000 (18:20 +0900)]
add a TC of TKW_IMPORT_EXPORT_AES_BETWEEN_BACKENDS
Change-Id: If1dacae546b932181b79de7382455cf75623b514
Krzysztof Jackiewicz [Fri, 11 Aug 2023 15:06:49 +0000 (17:06 +0200)]
CKM: Adjust privileged tests to TZ
TZ backend does not support import of password protected keys
T7010_Encrypted_initial_values_asymmetric fails on tef-simulator at
initial-values.cpp:331 because of DSA usage.
Change-Id: Ida594496dc58f30e907a864e4b5d982451f4e014
projects / platform / core / test / security-tests.git / log