Dariusz Michaluk [Thu, 20 Jun 2024 08:40:18 +0000 (10:40 +0200)]
Fix build error on 64 bit arch
Change-Id: I7761781ce448dd91fe6fd382e05a2eaa42d69f0a
Jan Wojtkowski [Fri, 17 May 2024 09:33:29 +0000 (11:33 +0200)]
Add more tests to the concatenated wrapping API
Change-Id: I1c4166512e1fe8f7366238459161711a460e449b
Krzysztof Jackiewicz [Fri, 7 Jun 2024 09:50:03 +0000 (11:50 +0200)]
Fix systemdb tests
Add missing database cleanup to system db tests.
Fix failing T5044_SYSTEM_SVC_5000_ACCESS_DB. The expected error is
CKMC_ERROR_DB_ALIAS_UNKNOWN because user 5000 is not a system service and does
not know about the alias stored in the system db.
Change-Id: I824cd1d3c6504a67215a9094eaa510849d1330bc
Andrei Vakulich [Fri, 17 May 2024 17:55:25 +0000 (19:55 +0200)]
Improve access control tests
Change-Id: I8bcc999acc3dd83a48d90fa9e12e6766cbbc0212
Dariusz Michaluk [Thu, 9 May 2024 14:00:25 +0000 (16:00 +0200)]
Add concatenated wrapping API tests
Change-Id: I9ab387af866dae43b54ba59cd779d557d560b41d
Dariusz Michaluk [Fri, 10 May 2024 09:49:45 +0000 (11:49 +0200)]
Adjust tests to implementation changes
Allow using SHA384 & SHA512 with RSA OAEP
Change-Id: Iaf60a99d5046c94cce0c370ce4d1660886720f59
Andrei Vakulich [Tue, 14 May 2024 07:57:22 +0000 (09:57 +0200)]
Add privileged tests for REMOVE only permission
Check if ckmc_get_data_alias_info_list and
ckmc_get_data_alias_list return info for READ only
and REMOVE only permission
Change-Id: Iac50c1e0c23560c88eb3d5c74ec4c450a52d3a50
Dongsun Lee [Mon, 18 Mar 2024 06:59:08 +0000 (15:59 +0900)]
Add test-cases for RSA 3072
Change-Id: I9a42988035717b8bb128a4dc06add83c080e9cbc
Jan Wojtkowski [Thu, 18 Apr 2024 13:12:19 +0000 (15:12 +0200)]
Add vscode settings to .gitignore
Change-Id: I68f6f7941e7f9f9cbba86c5c03fc461c5cb9bb72
Filip Skrzeczkowski [Tue, 2 Apr 2024 13:54:07 +0000 (15:54 +0200)]
Temporarily disable positive ocsp tests due to firewall/dns issues
Change-Id: I85b714e1f38afaf25b111d54a0694b2e5327ed0d
Dongsun Lee [Wed, 21 Feb 2024 02:32:29 +0000 (11:32 +0900)]
Add TCs for exporting RSA public key from TZ
Change-Id: I0fe80a888581104eb38f99bf1a9780092b784953
Tomasz Swierczek [Tue, 13 Feb 2024 08:51:33 +0000 (09:51 +0100)]
Add old_tee compile-time option
This setting can be used in pair with tz_backend compile-time
flag to disable some algorithms not supported on older TEE
backends.
Currently unsupported: RSA & DSA 4096
Change-Id: I5a0e04ca604a034a07a68717f547ccacb59b17d3
Dariusz Michaluk [Mon, 4 Mar 2024 16:51:01 +0000 (17:51 +0100)]
Adjust tests to "ECDSA raw/asn1 signature conversion methods"
If the ECDSA signature is presented in asn1 format, the first byte is always asn1 metadata,
it's better to change the last byte, which will always be signature data.
Change-Id: I6ec694dc17598f5931ef12ab15701c15138755f0
Krzysztof Jackiewicz [Mon, 16 Oct 2023 07:40:09 +0000 (09:40 +0200)]
Add test for RSA OAEP wrapping with different hashes
Change-Id: I9a06501cdb67fe2ac8558b694b0e49b12c7e793f
Krzysztof Jackiewicz [Mon, 14 Aug 2023 14:31:57 +0000 (16:31 +0200)]
Apply VD test modifications
* Add EC public key export tests.
* Add EC key/cert import tests.
* Add TZ_EC_IMPORT build flag. EC import is not required by E2EE but is
implemented in VD backend. Tests importing EC keys are disabled by
default.
* Use ckmc_backend_get_max_chunk_size to obtain the maximum "big data"
size supported by the backend.
* Update and add DSA import/signature/verification tests.
* Don't use GCM IV longer than 63B as VD's backend does not support
them.
* Make keys unexportable where needed so that TZ backend is used
whenever possible.
* Compare unexportable keys by comparing encryption results.
* Limit the amount of code applicable to SW backend only.
* Don't expect CBC import (decryption) to fail always when wrong key is
used. It may indeed fail if the padding is broken but it doesn't have
to be the case.
* Add comments explaining the source of failure on tizen.org's backend
implementation.
Change-Id: Ie98915ff1010af67ba9c44e8727813fa895c1979
Krzysztof Jackiewicz [Mon, 25 Sep 2023 09:52:51 +0000 (11:52 +0200)]
Add tests for different OAEP hashes
Change-Id: If15830a880bd4ffb9f546afd55d885a78ece37c5
Krzysztof Jackiewicz [Fri, 29 Sep 2023 11:29:57 +0000 (13:29 +0200)]
Adjust tests to changes related to x9.31
X9.31 padding can not be used without a hashing function. Openssl does
not allow it. Adjust test to key-manager changes.
Change-Id: I23771afc3dedb4d05b241d17ade39eb9c13d52a1
Dongsun Lee [Wed, 20 Sep 2023 03:02:35 +0000 (12:02 +0900)]
use the same parameters as E2EE modulue in e2ee-adaptation-layer TCs
Change-Id: I7579666aadcca7197d22dd35bc567b231f3fecbf
Dongsun Lee [Mon, 18 Sep 2023 09:20:23 +0000 (18:20 +0900)]
add a TC of TKW_IMPORT_EXPORT_AES_BETWEEN_BACKENDS
Change-Id: If1dacae546b932181b79de7382455cf75623b514
Krzysztof Jackiewicz [Fri, 11 Aug 2023 15:06:49 +0000 (17:06 +0200)]
CKM: Adjust privileged tests to TZ
TZ backend does not support import of password protected keys
T7010_Encrypted_initial_values_asymmetric fails on tef-simulator at
initial-values.cpp:331 because of DSA usage.
Change-Id: Ida594496dc58f30e907a864e4b5d982451f4e014
Krzysztof Jackiewicz [Thu, 10 Aug 2023 19:10:37 +0000 (21:10 +0200)]
CKM: Adjust tests to TZ backend capabilities
No support for EC import in TZ.
No support for other hashes beside SHA1 in DS (TZ).
Adjust the tests temporarily.
Change-Id: I3604264af27cf5f5eda4758811b5d2fcf92943b3
Dongsun Lee [Fri, 11 Aug 2023 06:18:22 +0000 (15:18 +0900)]
CKM: Don't use IV less than 12 bytes for TZ Backend
Change-Id: I19b51a312e6ac29bb09f927a10db4571acca470a
Dongsun Lee [Fri, 11 Aug 2023 05:08:29 +0000 (14:08 +0900)]
CKM: Don't set password for importing asymmetric key to TZ_BACKEND
Change-Id: I05fd59f4d3171e8a1af6a0587e569903250b3591
Krzysztof Jackiewicz [Tue, 8 Aug 2023 15:12:18 +0000 (17:12 +0200)]
E2EE: Make one of the test keys exportable
This way we can compare results of ECDH+KBKDF between different
backends.
Change-Id: I8022462ea59968d04f0522ab39bfeb0533b7ade4
Krzysztof Jackiewicz [Tue, 8 Aug 2023 14:59:37 +0000 (16:59 +0200)]
E2EE: Cleanup TZ data after tests
Change-Id: I2edc6e1fdec3b6be6db1cf4cd9781568597eb985
Dongsun Lee [Thu, 3 Aug 2023 09:15:06 +0000 (18:15 +0900)]
CKM: Update ECDH TCs for TZ Backend
Change-Id: I2249411fcc60c858d9cbaacb676de93da59590da
Dongsun Lee [Thu, 3 Aug 2023 00:25:51 +0000 (09:25 +0900)]
CKM: Support ECDSA tests for TZ Backend
Change-Id: I6a9605fb81e27b77425dddfd56db0c9b261b3a60
Dongsun Lee [Mon, 31 Jul 2023 00:49:22 +0000 (09:49 +0900)]
CKM: modify Wrapping/Unwrapping TCs for Backend
Change-Id: I54609e0bd081fc277066791b13f73452fb14a5cd
Dongsun Lee [Tue, 25 Jul 2023 09:32:33 +0000 (18:32 +0900)]
CKM: modify KBKDF TCs for TZ Backend
Change-Id: I4db0db61b2da46648aba99df06579ab3de0bf590
Krzysztof Jackiewicz [Mon, 24 Jul 2023 11:29:46 +0000 (13:29 +0200)]
CKM: Expect fail when wrapping/unwrapping RSA keys
Change-Id: Id0d235961ba57ebf6ec849f209253d104edcb493
Krzysztof Jackiewicz [Mon, 24 Jul 2023 08:38:42 +0000 (10:38 +0200)]
CKM: Remove keys explicitly in derivation tests
Removing the user data is not enough in case of TZ backend. Without
explicit removal objects remain in TZ storage.
Change-Id: Id9652be186610322ea913f74ff8504f66ac8232e
Krzysztof Jackiewicz [Fri, 14 Jul 2023 07:53:16 +0000 (09:53 +0200)]
CKM: Fix policy generation and expectation
Some of the possible policy setups were skipped. Make the generate_ckm_policy()
generate all possible combinations.
Expect backend depending on the policy's extractable flag in T1024
Change-Id: I1bd0f5b1a544c8385fdd9c66d23cbd5385137cd0
Krzysztof Jackiewicz [Thu, 13 Jul 2023 09:20:56 +0000 (11:20 +0200)]
CKM: Disable remaining non-GCM tests on TZ
Change-Id: Ic92469494c666ba506229b0eb70d0cc29bfde29d
Krzysztof Jackiewicz [Wed, 12 Jul 2023 13:43:36 +0000 (15:43 +0200)]
CKM: Disable non-GCM tests in TZ cipher API
Currently TZ backend cipher API does not support other encryption modes
beside GCM.
Change-Id: I0fad8ba60b3081af0601f07ac92f724cc88f2fc0
Krzysztof Jackiewicz [Tue, 27 Jun 2023 15:38:13 +0000 (17:38 +0200)]
CKM: Use public key for key wrapping
Private key contains the public key and it (the public key) is actually
used for encryption so the testing code is ok. However, to make it
clearer, the public key will be used explicitly.
Change-Id: I8599710b3c5b03675811b1c527b59efbc5006d00
Krzysztof Jackiewicz [Tue, 27 Jun 2023 12:07:34 +0000 (14:07 +0200)]
CKM: Test for invalid wrapped key type
Change-Id: Ia6245e6943ed769c426a51d8cde4d66f781e7896
Krzysztof Jackiewicz [Wed, 7 Jun 2023 11:47:29 +0000 (13:47 +0200)]
CKM: Max chunk size test
Change-Id: If9524ee246dde5e1992005c8f8950577b907607c
Krzysztof Jackiewicz [Tue, 6 Jun 2023 19:43:38 +0000 (21:43 +0200)]
CKM: Check backend info
Change-Id: I79501b5800b54790c45dd7a1790178e5805a4d6a
Krzysztof Jackiewicz [Thu, 1 Jun 2023 13:20:43 +0000 (15:20 +0200)]
CKM: Adjust tests to AliasInfo changes
Change-Id: Id1c3b12fdc7bdba4fd73a49c9ae9ad411635fb8d
Krzysztof Jackiewicz [Wed, 24 May 2023 10:31:42 +0000 (12:31 +0200)]
CKM: Cipher API tests
Also reduce big data size to speed up the testing
Change-Id: I8ea762d4aecdfdc6c57f12f5a708185e68830858
Krzysztof Jackiewicz [Mon, 22 May 2023 20:03:49 +0000 (22:03 +0200)]
CKM: Update GCM IV tests
More lengths are now allowed.
Change-Id: I84a38b7469ac6d8c96c746816eb2b7df20125d3f
Krzysztof Jackiewicz [Fri, 5 May 2023 10:18:06 +0000 (12:18 +0200)]
CKM: Adjust to C++ API changes
Change-Id: I1812ee6ef9d9552dcda560df0b492171fab0799f
Dariusz Michaluk [Thu, 27 Apr 2023 13:16:56 +0000 (15:16 +0200)]
Revert DCM E2EE API tests
Change-Id: I1f9737346cccb3c0df5ed5860900c0701b18ce88
Dariusz Michaluk [Wed, 26 Apr 2023 09:34:52 +0000 (11:34 +0200)]
Add DCM_ERROR_MSG_FORMAT error enum
Change-Id: Iaff70e15facebfdfba977396640ab7d6d572a8af
Dariusz Michaluk [Mon, 17 Apr 2023 13:00:10 +0000 (15:00 +0200)]
Enable 2-element OCF certificate chain tests
Change-Id: Iaeba40710a501b5990c69d503960a201d8c4245b
Daniel Kita [Fri, 14 Apr 2023 08:47:59 +0000 (10:47 +0200)]
CKM: Add extra key-wrapping tests
Change-Id: Ibe366afd9a5f1b007e2a1e5bad9fddb4eff32397
Dariusz Michaluk [Tue, 11 Apr 2023 13:01:14 +0000 (15:01 +0200)]
Merge branch 'tizen' into ckm
Change-Id: I495f825f5d786a58289f044b9c23b78f7c7b3ab6
Dariusz Michaluk [Tue, 11 Apr 2023 12:22:38 +0000 (14:22 +0200)]
Merge branch 'ckm' into tizen
Change-Id: I568bc8337c9fca77181af04283efd7c28e1ddcdc
Dariusz Michaluk [Thu, 6 Apr 2023 13:35:18 +0000 (15:35 +0200)]
Merge branch 'security-manager' into tizen
Change-Id: Ibb0dedb8f9f31171e4339661076cb1ddf13a0c7e
Dariusz Michaluk [Thu, 6 Apr 2023 13:19:52 +0000 (15:19 +0200)]
Merge branch 'cynara' into tizen
Change-Id: Id4ecdfb9196c230400007bc6f5f88c30c97f3cf5
Dariusz Michaluk [Thu, 6 Apr 2023 09:19:48 +0000 (11:19 +0200)]
Remove perf dependency
perf is not provided on tizen.org
Change-Id: I1402c2b6a4f5f6d5cf9b180258bed49acb9b062a
Krzysztof Jackiewicz [Mon, 3 Apr 2023 09:15:58 +0000 (11:15 +0200)]
Set key-manager version requirement
E2EE is supported since 0.1.49
Change-Id: Ibaf2a2153eb3d9c4c2b020db3130b403b4ba351a
Daniel Kita [Thu, 16 Mar 2023 12:14:30 +0000 (13:14 +0100)]
CKM: Add key-wrapping tests
Change-Id: I99fce2906c245d0b8174e1b3b15f990535b39caf
Krzysztof Jackiewicz [Tue, 21 Mar 2023 16:32:43 +0000 (17:32 +0100)]
E2EE: Require e2ee-tests to be ran by default user
Change-Id: I87e1b8b68f91d4410144e4b986022da49e58fe24
Krzysztof Jackiewicz [Wed, 1 Mar 2023 09:54:50 +0000 (10:54 +0100)]
E2EE: OCF API implementation
Tests included.
Change-Id: I04a3b56d66b51b5508e7fa4f14d923e876122f78
Krzysztof Jackiewicz [Fri, 24 Feb 2023 08:58:28 +0000 (09:58 +0100)]
E2EE: PBKDF API implementation
Tests included
Change-Id: I4cbe3363690ff116a8c26dba3e6bfca8d9e0dad5
Krzysztof Jackiewicz [Wed, 1 Mar 2023 09:54:21 +0000 (10:54 +0100)]
E2EE: Key agreement API implementation
Tests included
Change-Id: Iab51c84b848060f3392cb11de7dedd7ab2580034
Krzysztof Jackiewicz [Wed, 18 Jan 2023 07:19:30 +0000 (08:19 +0100)]
E2EE: Adaptation layer API
Change-Id: Id16918721d65af96795104c1ccea229b5aa1a65a
Krzysztof Jackiewicz [Thu, 23 Feb 2023 09:14:43 +0000 (10:14 +0100)]
CKM: Add KBKDF tests
Change-Id: I8af39566757c6f3b4e9ca82184f9f99708c3271a
Krzysztof Jackiewicz [Fri, 17 Feb 2023 10:39:10 +0000 (11:39 +0100)]
CKM: Add ECDH tests
Change-Id: I79dc55e11c9c61db1074b1e70a856999d4632d56
Krzysztof Jackiewicz [Fri, 3 Mar 2023 13:35:26 +0000 (14:35 +0100)]
CKM: Remove unused typedef
Change-Id: Id0c756f0af4dfda7a6fb9af5a7c397d2111f4862
Krzysztof Jackiewicz [Thu, 23 Feb 2023 09:07:34 +0000 (10:07 +0100)]
CKM: Saving unexportable data is now allowed
Change-Id: Idfc450ee67d26a0389c62076b8401339c6404362
Krzysztof Jackiewicz [Fri, 17 Feb 2023 17:03:28 +0000 (18:03 +0100)]
CKM: Helper functions refactored
Functions moved to ckm-common.h to be accessible by other test cases.
Use unsigned integer in param lists.
Use pointers to buffers in buffer comparison.
Change-Id: I6d094cc4fc202be2a047861548f157775fe17a60
Tomasz Swierczek [Mon, 17 Oct 2022 11:03:52 +0000 (13:03 +0200)]
Add test cases for updating an app package
security_manager_app_update() should be able
to remove apps not listed in update request
regardless of hybrid status of the package.
Change-Id: Icc25bf37969964426c356921f3ac7db661843955
Dariusz Michaluk [Mon, 9 Jan 2023 14:06:28 +0000 (15:06 +0100)]
Merge branch 'ckm' into tizen
Change-Id: Ia90081c32b85a24ebd01d8f7f2e76ebae5399d0f
Lukasz Pawelczyk [Wed, 21 Dec 2022 19:44:21 +0000 (20:44 +0100)]
[cynara] Tests for new credentials helpers API
Change-Id: I321c20f18c41840fd6f534de50d89b7acedceb9a
Krzysztof Jackiewicz [Mon, 26 Sep 2022 08:53:26 +0000 (10:53 +0200)]
CKM: Multithreaded encryption test
Change-Id: I8aa6a784e672957c717790e755b8b2de0274ba99
Krzysztof Jackiewicz [Mon, 25 Jul 2022 20:40:35 +0000 (22:40 +0200)]
CKM: Get rid of early expiring certificates
* Use OCSP chain with longer validity (Jan 28 2028)
* Use last CA certificate before root CA for OCSP tests (CA has longer
validity than EE certificate)
* Remove "third party" chain to avoid expiration issues
* Replace above chain with "OCSP" or "test" chain where possible
* Simplify or remove tests that do not make sense with current chains
Change-Id: I22eba70ae8b73607cc4c8de1f18f014104fd12ea
Dariusz Michaluk [Tue, 5 Jul 2022 11:50:22 +0000 (13:50 +0200)]
Merge branch 'ckm' into tizen
Change-Id: Id782d46989eedf10f2740a61e14da6e124def563
Lukasz Pawelczyk [Mon, 13 Jun 2022 13:19:59 +0000 (15:19 +0200)]
CKM: Replace expired certificates with new ones
- Closest expiration date is Jul 28, 2022
Change-Id: I269862728bf8734c040ade881f3cef54f437d04a
Lukasz Pawelczyk [Tue, 15 Mar 2022 15:44:40 +0000 (16:44 +0100)]
CKM: Replace expired certificates with new ones
- Closest expiration date is Jun 22, 2022
Change-Id: Ie6348d62c16510bf850f04421da24aa307a3c6ce
Lukasz Pawelczyk [Tue, 5 Oct 2021 12:42:30 +0000 (14:42 +0200)]
CKM: Replace expired certificates with new ones
- Closest expiration date is Mar 30, 2022
- I've also reordered the certs so it's consistent
Change-Id: I163b8d1a52b01d2b096b7eb0f90550965d459856
Krzysztof Jackiewicz [Thu, 22 Jul 2021 15:00:48 +0000 (17:00 +0200)]
CKM: Replace expired certificates with new ones
Change-Id: I6011a1787cd71ad3b46ad5fb2fe824caa70a247f
Krzysztof Jackiewicz [Wed, 7 Apr 2021 21:04:57 +0000 (23:04 +0200)]
Adjust to openssl 1.1.1j padding changes
The SSL v2.3 padding has been modified in recent openssl 1.1.1j. PKCS1
and PKCS1 SSLv2.3 are now compatible both ways but this is not what our
test expects.
The test has been adjusted.
Change-Id: I961345ac7f1864f4b768521c7814eac5b293fbd9
Krzysztof Jackiewicz [Thu, 25 Mar 2021 13:41:06 +0000 (14:41 +0100)]
Fix T9050 accidentally valid padding issue
Usually happens at least once per 2000 runs when using public RSA
encryption with OAEP padding followed by private RSA decryption with
PKCS1 v1.5 padding. The OAEP is quite unpredictable and can produce a
valid PKCS1 v1.5 padding from time to time.
Valid PKCS1 v1.5 padded message looks as follows:
0x00 || 0x02 || PS || 0x00 || M
where M is a decrypted message and PS is 8+ non-zero octets.
Fix by checking the unpadded message length if above case occurs.
Change-Id: I9991730f5e5cc895dfbfbaf6a6c757dd15f7a313
Hint: Use only 512-bit keys to speed up testing.
Krzysztof Jackiewicz [Thu, 18 Feb 2021 10:19:23 +0000 (11:19 +0100)]
Update certificates for OCSP tests
For some reason http://ocsp.msocsp.com responds with "unauthorized(6)"
error when asked for certificate validity. The certificate is still
valid. I'm not sure what was the problem but updating the certificate
with the latest one fixed it.
Verification:
su - owner -c "ckm-tests --regexp=ocsp"
Change-Id: Idc2a7b41da3e0cf5624b1d3193a3b65f4085ad49
Krzysztof Jackiewicz [Wed, 17 Feb 2021 12:48:32 +0000 (13:48 +0100)]
Fix TA1750_ocsp_check_positive test assert message
Change-Id: Id26d29f7cec5dd1aa6b55ce8b6f19318bc3724de
Dariusz Michaluk [Mon, 21 Dec 2020 14:07:37 +0000 (15:07 +0100)]
Merge branch 'tizen' into yaca
Change-Id: Ia32fcd193587e8771dcfa06c64490bc9db7f60a5
Dariusz Michaluk [Mon, 21 Dec 2020 14:02:28 +0000 (15:02 +0100)]
Merge branch 'tizen' into security-manager
Change-Id: Ifcd188e804bca1ccead8194889014a2596d3289d
Dariusz Michaluk [Mon, 21 Dec 2020 13:41:21 +0000 (14:41 +0100)]
Merge branch 'tizen' into ckm
Change-Id: I3d06e113f7956ff5dda7fe8ddfa7579930b74637
Dariusz Michaluk [Mon, 21 Dec 2020 13:36:20 +0000 (14:36 +0100)]
Merge branch 'tizen' into cynara
Change-Id: Ib9a6b91c9c96d191973f3f91616f29f4e619e1a5
Dariusz Michaluk [Mon, 21 Dec 2020 10:08:18 +0000 (11:08 +0100)]
Cleanup attr/xattr.h usage.
After attr package upgrade, attr/xattr.h has ben removed,
sys/xattr.h should be used instead.
To fix build break, unnecessary attr/xattr.h usage has ben removed
or changed to proper one.
Change-Id: I5a5acfd9f65e60975a1c28d0231d1bc035e99044
Dariusz Michaluk [Wed, 16 Dec 2020 12:21:46 +0000 (13:21 +0100)]
Merge branch 'tizen' into cynara
Change-Id: I68acfc36d1c5f30a1b6df4c8e421acda1f932a3d
Dariusz Michaluk [Wed, 16 Dec 2020 12:15:14 +0000 (13:15 +0100)]
Merge branch 'tizen' into security-manager
Change-Id: I7c7d3eaa8cddb40592f4258f7eb7f5488629fea4
Dariusz Michaluk [Wed, 16 Dec 2020 12:07:27 +0000 (13:07 +0100)]
Merge branch 'tizen' into yaca
Change-Id: I9854e1e1e8d29d204041ccd831b032b87ec5173c
Mateusz Cegielka [Thu, 30 Jul 2020 12:01:32 +0000 (14:01 +0200)]
Add warning on CKM TrustZone space leak
Current implementation of ckmc_remove_user_data is not able to remove
individual objects from TrustZone, because their names are stored in a
possibly encrypted database. This rarely happens in actual code, but
tests extensively use this function to clean up objects they create.
Because of this, running CKM tests multiple times with TrustZone enabled
may exceed TrustZone limits.
Fixing the behaviour is a larger task, and making all tests clean up
individual objects is too verbose, complex and error-prone for a bug
workaround that only affects developers (this approach has already been
tried once, and it was removed years ago).
I have added a heuristic check that tries to create a single-byte data
object in TrustZone. If that fails, it displays a warning message
explaining the problem and suggesting to reset TrustZone and key-manager
state, as well as instructions on how to do use using Tizen emulator and
tef-simulator.
Change-Id: Id99c22c33f3e5adfbeff5c7b1b58d2d995ed4cca
Dariusz Michaluk [Tue, 29 Sep 2020 10:50:35 +0000 (10:50 +0000)]
Merge "Merge branch 'tizen' into 'ckm'" into ckm
Krzysztof Jackiewicz [Mon, 28 Sep 2020 12:36:33 +0000 (14:36 +0200)]
Merge branch 'tizen' into 'ckm'
Change-Id: I225457a8788e581233979590e7e11f1887fda88b
Mateusz Cegielka [Wed, 5 Aug 2020 11:07:53 +0000 (13:07 +0200)]
Refactor AccessProvider and ScopedAccessProvider
AccessProvider is a helper class for setting up Smack rules, user id,
group id and process labels before or during a test. CKM tests also
contain different AccessProvider and ScopedAccessProvider classes, but
only use a single constructor of the latter to pretend to be an app.
These classes contain some duplicated code. Also, after the removal of
libsmack-tests, the responsibilities of these classes have shrunk to
pretending to be an app and nothing else.
I have cleaned up src/common/ AccessProvider, renamed it to AppContext
and made it flexible enough so that ScopedAccessProvider can be
implemented in terms of it and src/ckm/ AccessProvider can be removed. I
have then cleaned up ScopedAccessProvider and renamed it to
ScopedAppContext.
Change-Id: I325f7bd1d9c2ac276960530384682227cefec7da
Krzysztof Jackiewicz [Fri, 18 Sep 2020 07:53:41 +0000 (09:53 +0200)]
Switch to c++17
Latest key-manager changes require c++17.
Change-Id: Ifadce309c2fa195fe4d2a432770803308f1e29d1
Mateusz Cegielka [Tue, 15 Sep 2020 08:44:53 +0000 (10:44 +0200)]
Remove libsmack tests
These tests are not executed on Jenkins, and currently are also broken.
More importantly, libsmack is an open-source library not specific to
Tizen, so there's not actually a lot of benefit in testing it.
I have removed libsmack-tests directory, as well as all related build
commands.
Change-Id: Ib5c78f2425d4a43567e50a41b90e25eab1597ae3
Mateusz Cegielka [Mon, 27 Jul 2020 09:29:24 +0000 (11:29 +0200)]
Remove key-manager::api-storage privilege use in CKM tests
Some CKM tests request the key-manager::api-storage privilege when
switching context to the user. However. this privilege was removed five
years ago (see commits
06d3064 and
d5e32f8 in key-manager) and is no
longer required to use key-manager.
I have removed all calls responsible for requesting this privilege. This
also made it possible to only use the simplest ScopedAccessRequest
constructor and remove all other constructors.
Change-Id: I788e44f8e59575f80c8999b6b64eaefcc905fb75
Mateusz Cegielka [Fri, 24 Jul 2020 15:13:25 +0000 (17:13 +0200)]
Fix only partial rollback of Smack rules
Some tests temporarily add new Smack rules in order to test unprivileged
access to system services. After the test, they are cleared with
smack_revoke_subject. However, this only removes rules where the test
application is the subject.
I have replaced calls where this is an issue with a smack_accesses_clear
call, which removes all rules loaded with a given handle. Since affected
tests do not modify Smack rules in any other way and only use test
labels for fake apps, no rules removed by the old call and not by the
new call can exist.
Change-Id: I841d6b7ad05549d8837645e3d9176f4db7029908
Dariusz Michaluk [Mon, 15 Jun 2020 15:05:29 +0000 (17:05 +0200)]
Merge branch 'tizen' into ckm
Change-Id: Iecead619e756e6986f6677f88fdf6e596d6e40ef
Dariusz Michaluk [Mon, 15 Jun 2020 15:00:51 +0000 (17:00 +0200)]
Merge branch 'tizen' into security-manager
Change-Id: I973bc6f714c4987e7d53d23e3efcaa2cf8768c4f
Dariusz Michaluk [Mon, 15 Jun 2020 14:38:28 +0000 (16:38 +0200)]
Merge branch 'tizen' into cynara
Change-Id: Ia28913a29eedc7ae49b066bb4a3be89f31e29f96
Dariusz Michaluk [Mon, 15 Jun 2020 14:23:22 +0000 (16:23 +0200)]
Merge branch 'tizen' into yaca
Change-Id: I7269ea66733779c44fa3437f5d7623a973b86471
Konrad Lipinski [Wed, 29 Apr 2020 07:12:07 +0000 (09:12 +0200)]
Spring cleaning
* drop some unused code
* shrink interfaces a tiny bit
* obviate construction of a few intermediate objects
Change-Id: I66cbbfdab5270bc64fbb2e51b3de027f96ec86a9
Dariusz Michaluk [Mon, 15 Jun 2020 11:41:41 +0000 (13:41 +0200)]
Merge branch 'ckm' into tizen
Change-Id: I8e7dbe5e42290ebc991669d6e8405ff65eeb9972
Dariusz Michaluk [Mon, 15 Jun 2020 11:25:16 +0000 (13:25 +0200)]
Merge branch 'security-manager' into tizen
Change-Id: I80391846ba53b683da6e46eb6e82b00739996c25
projects / platform / core / test / security-tests.git / log