Zofia Abramowska [Tue, 11 Mar 2025 10:54:30 +0000 (11:54 +0100)]
security-manager: Fix private sharing
Adapt to uid-sandboxing
Change-Id: I7f95b8f56161a1b99e7cabb8edd561580767d4b4
Zofia Abramowska [Tue, 11 Mar 2025 10:52:39 +0000 (11:52 +0100)]
security-manager: Change path handling in AppInstallHelper
* properly remove created files
* keep paths in unordered set to eliminate duplicates
* fix tests that drop privileges in the same process
as AppInstallHelper will be removing its paths
Change-Id: Ie737ef88058c63c3e1ecc868bd4f88b8eeb6797a
Filip Skrzeczkowski [Mon, 10 Mar 2025 11:44:25 +0000 (12:44 +0100)]
Add internet access control tests
Change-Id: Ic5d2132e20afa35cbb1b73775d16b1033d0f9660
Filip Skrzeczkowski [Fri, 28 Feb 2025 13:46:26 +0000 (14:46 +0100)]
Update no-smack list for set_identity
Change-Id: I808bbc65d280e4068db212797ecdbfc60d6215af
Krzysztof Jackiewicz [Fri, 14 Feb 2025 16:21:54 +0000 (17:21 +0100)]
Update path setup tests
* Add dependency to libacl.
* Modify access checks to verify ownership and ACLs in no-smack mode.
* Add AGID getter.
* Add ACL helper.
* Rename test app dir to work with AppInstallHelper.
* Make runAccessTest() prepare and cleanup the app.
* Add system_access supplementary group for tests in no-smack mode.
* Update the tests.
* Skip access checks expecting rule removal in no-smack (paths will be
removed by the installer anyway).
* Make AppInstallHelper use global user id when installing as root (the
app is installed as a global user in such case).
* Fix AppInstallHelper::createFile().
* Make AppInstallHelper::create*() methods chown files for global
installations too.
* Update no-smack tests script.
* Minor refactoring.
Change-Id: I7c6b302767ef1122439ea79b3eb2bb4785316120
Krzysztof Jackiewicz [Wed, 26 Feb 2025 10:03:25 +0000 (11:03 +0100)]
Add app owner getter test
Change-Id: Ida7103c7c48f34da5ff6d32e5cb0d1c290456a18
Krzysztof Malysa [Mon, 17 Feb 2025 13:42:38 +0000 (14:42 +0100)]
Remove DPL::Atomic
Change-Id: I9c7a3afc4cd9ff1cd314b91f5309e0faaea24357
Krzysztof Malysa [Tue, 18 Feb 2025 12:03:32 +0000 (13:03 +0100)]
Add security_manager_09g_update_many_apps_in_single_request_duplicated_ids
Change-Id: Idaf017b1e1950ada7cf81b9c9a2dc31448b02f5d
Krzysztof Malysa [Fri, 14 Feb 2025 16:37:23 +0000 (17:37 +0100)]
Fix security_manager_09b_install_many_apps_in_single_request_duplicated_ids
Change-Id: I8230c35fcd8d2093963311e9ccc4188d6c74f722
Krzysztof Malysa [Wed, 19 Feb 2025 13:13:13 +0000 (14:13 +0100)]
Add run-security-manager-no-smack-tests.sh script facilitating changes verification
Change-Id: I5e340c3ab5d8647d73fd1dae2e890af62a81ccab
Krzysztof Malysa [Wed, 19 Feb 2025 16:40:34 +0000 (17:40 +0100)]
Fix security-manager-tests sometimes hanging
Even security-manager-tests --list sometimes hung.
There were 2 problems:
1. Reading from socket was unchecked for read() returing 0 (indicating
that the socket was closed on the other end) and this resulted in an
infinite loop calling read() that always returned 0.
2. The socked was closed because it lived in the parent process that
already died. Even though the child process requests getting SIGKILL
on parent death with prctl(PR_SET_PDEATHSIG) it was possible that
parent died before prctl() succeeded causing the program to misbehave
in the ways descibed above.
Change-Id: Ief50e9addf4ead899c29f5f28faa0dfd95ab3c84
Krzysztof Malysa [Fri, 14 Feb 2025 13:02:18 +0000 (14:02 +0100)]
Fix %postun being called on the end of package upgrade/reinstall making tests fail
Change-Id: Id3796fbfbdd43f1e5a1dd46b42ba9546f3ef68cb
Tomasz Swierczek [Fri, 14 Feb 2025 12:42:20 +0000 (13:42 +0100)]
Reduce timeout in security_manager_400_prepare_app_series_with_concurrent_install_stress
Previous value could lead to timeout in the testing framework.
Change-Id: I93ededea7574d125c064032ccea8b2fc49b2fdf0
Krzysztof Jackiewicz [Thu, 13 Feb 2025 16:01:42 +0000 (17:01 +0100)]
Use RUNNER_CHILD_TEST where necessary
Tests with fork() and child processes throwing exceptions must be added
as RUNNER_CHILD_TESTs so the exceptions are properly handled.
Change-Id: Ic9b841b38e338f47b52d5fcb036ee6a1d43e3523
Krzysztof Malysa [Thu, 13 Feb 2025 11:25:46 +0000 (12:25 +0100)]
Migrate AppInstallHelper::getPUID() to use security_manager_set_identity()
Change-Id: I50bfcd0dd1dce336e3b67e18dddd4daf1a45efba
Krzysztof Malysa [Thu, 13 Feb 2025 09:59:36 +0000 (10:59 +0100)]
Fix typo
Change-Id: I75cdbd481ae0e2241f73679c0124c580a9c63969
Krzysztof Jackiewicz [Wed, 12 Feb 2025 16:01:56 +0000 (17:01 +0100)]
Add missing app cleanup
Change-Id: I413c6998aff7aa06cd3b0752178c13ec42a1cd3b
Filip Skrzeczkowski [Mon, 10 Feb 2025 16:30:16 +0000 (17:30 +0100)]
Adapt tests for security_manager_set_identity
Change-Id: Iff96cc48675e64382c70b30a9d9324c9c7e68c3e
Tomasz Swierczek [Thu, 30 Jan 2025 09:55:57 +0000 (10:55 +0100)]
Make security_manager_26_1_security_manager_get_app_owner_uid test work in no-smack mode
Change-Id: Id80490c119b14ffb1937c07fbaa2b6b0eeb85af4
Krzysztof Malysa [Fri, 7 Feb 2025 14:41:57 +0000 (15:41 +0100)]
Fix security_manager_08_user_double_add_double_remove test removing uid 0
Change-Id: I4ed00a1a6fe95572d037182f4ebbc80d79b693d2
Krzysztof Malysa [Thu, 6 Feb 2025 16:32:20 +0000 (17:32 +0100)]
Adjust some of security-manager tests for no-smack environment
Change-Id: If031bb68e36ee8ad2df0eb00e32637fc78d11f01
Krzysztof Malysa [Thu, 6 Feb 2025 13:40:46 +0000 (14:40 +0100)]
Fix tests sometimes running multiple times due to some failing test
Change-Id: I1d03d20fd633fd0c52920de6ef20a5424dcbd203
Krzysztof Jackiewicz [Tue, 21 Jan 2025 13:59:57 +0000 (14:59 +0100)]
Remove unused functions
Change-Id: Ia92180da601a967b12c4a3fe0856e4545c844d1e
Krzysztof Jackiewicz [Tue, 21 Jan 2025 11:04:59 +0000 (12:04 +0100)]
Disable smack access checks in no-smack
Change-Id: I02505a9584a5cdd34bb2b51938dcfbb9c986e996
Krzysztof Jackiewicz [Fri, 17 Jan 2025 17:00:17 +0000 (18:00 +0100)]
Adjust app preparation tests to no-smack mode
Change-Id: I08a98000e404d2d5f8d95fe507fe53f901c235bf
Krzysztof Jackiewicz [Thu, 16 Jan 2025 10:25:37 +0000 (11:25 +0100)]
Retain CAP_SETUID in no-smack mode
Change-Id: Ie6016234421ebb1594d12d550a8d175d52d8244b
Filip Skrzeczkowski [Fri, 3 Jan 2025 16:44:40 +0000 (17:44 +0100)]
Add a sample testing app for No-Smack Tizen images
Change-Id: I7d491816ac36cb3cb5855eba4f71c3725f30ac75
Tomasz Swierczek [Wed, 8 Jan 2025 07:26:06 +0000 (08:26 +0100)]
Add test for security_manager_is_app_from_pid()
Change-Id: I069cda129f9df3fc52a4bf123692ab1a9fe75a5c
Tomasz Swierczek [Mon, 16 Dec 2024 11:47:58 +0000 (12:47 +0100)]
Add tests for new APIs
* security_manager_get_app_owner_uid
* security_manager_self_is_app
Change-Id: I34bd9a719417cdc1b05554bbaff0886a6b9322ec
Jan Wojtkowski [Mon, 2 Dec 2024 16:02:24 +0000 (17:02 +0100)]
Add tests for security_manager_set_identity()
Change-Id: I4a125d42d5e0c9cd579472df0bba54053e5489a2
Dariusz Michaluk [Tue, 17 Dec 2024 11:14:01 +0000 (12:14 +0100)]
Merge branch 'tizen' into security-manager
Change-Id: I3a18e67ff22ffd6f9540a45debdcb4b921c8c804
Dariusz Michaluk [Tue, 17 Dec 2024 10:50:49 +0000 (11:50 +0100)]
Merge branch 'ckm' into tizen
Change-Id: Iaafaf37a699c40c8e27ebdaff27a587d96ccfa74
Jakub Wlostowski [Thu, 12 Dec 2024 11:23:54 +0000 (12:23 +0100)]
Add -Wno-alloc-size-larger-than
Change-Id: I57da775857fe21e5be2a6ce0e323859776fdf510
Krzysztof Jackiewicz [Mon, 9 Dec 2024 10:31:46 +0000 (11:31 +0100)]
Remove usleep from app preparation malloc tests
Change-Id: I44ec5aacaaad3f8b6b4eca3fc0f74997f6d66abf
Tomasz Swierczek [Mon, 9 Dec 2024 08:41:18 +0000 (09:41 +0100)]
Merge branch 'tizen' into security-manager
Change-Id: I2182b5350daefac56746a1d8ee56f9e871608c94
Tomasz Swierczek [Mon, 9 Dec 2024 08:23:18 +0000 (09:23 +0100)]
Merge branch 'ckm' into tizen
Change-Id: Icd1366f901a908c828d4185a7367ebef4c2eef75
Krzysztof Jackiewicz [Fri, 6 Dec 2024 19:38:11 +0000 (20:38 +0100)]
Add test for allocations during app preparation
Change-Id: I7540450868479a15d5be0448c8b7155b09746b7a
Jakub Wlostowski [Tue, 3 Dec 2024 13:42:25 +0000 (14:42 +0100)]
Fix x86_64 debug build issue
Change-Id: I940ce244e53935156a5bf5d745dccb2be4e0661f
Krzysztof Jackiewicz [Fri, 29 Nov 2024 09:54:46 +0000 (10:54 +0100)]
Fix 64bit build
Change-Id: I1c308248820756da20fc572f8caf653a5f4c17b9
Jan Wojtkowski [Fri, 22 Nov 2024 08:31:50 +0000 (09:31 +0100)]
Fix building error after build flags update
Change-Id: I725586654155c0c64ad2e8f0c574a270805ae955
Daniel Kita [Mon, 25 Nov 2024 14:45:35 +0000 (15:45 +0100)]
Replace expired ca.crt certificate in PKCS chain
Change-Id: I18ef509e06ea70f18a81e96290f1396f2be1b6be
Krzysztof Jackiewicz [Fri, 15 Nov 2024 10:02:58 +0000 (11:02 +0100)]
Add tests for same alias case
Change-Id: Iac7cbddcaa89e94d2784de2584ccc97ea2fb77b3
Andrei Vakulich [Thu, 18 Jul 2024 15:18:07 +0000 (17:18 +0200)]
Added tests for Update API.
Change-Id: I2948736744093c8d9d47e3af69502f6b4473d9a6
Tomasz Swierczek [Tue, 22 Oct 2024 15:30:25 +0000 (17:30 +0200)]
Add tests of concurrent prepare_app and app_install/uninstall
These tests should properly stress the two-threads implementation
of the daemon that has dedicated thread just for prepare_app call.
The test takes more time so its run as RUNNER_TEST (not CHILD test)
as CHILD tests do have a timeout in the testing framework internals.
Change-Id: Iad094acfc3d86d9b1d15c79a6b9095b733adda93
Jakub Wlostowski [Thu, 10 Oct 2024 14:22:28 +0000 (16:22 +0200)]
Enable ECDSA import tests
Change-Id: Ic5d2c33d10198fec470b0342d4e6943f0ef2b7c5
Jakub Wlostowski [Tue, 24 Sep 2024 13:05:04 +0000 (15:05 +0200)]
Add DSA import-sign-verify test
Change-Id: Ibe05f1602bf909ff607c588d646331ddbd440de4
Jakub Wlostowski [Tue, 24 Sep 2024 10:34:51 +0000 (12:34 +0200)]
Remove outdated DSA verification comments
DSA verification was fixed in tef-simulator
so the comments are no longer true.
Change-Id: I8a1fbaea88652cb05e846183d5ac0efc74883b80
Dariusz Michaluk [Thu, 29 Aug 2024 18:01:30 +0000 (20:01 +0200)]
Test getting/saving KEM keys in TZ
Change-Id: I99f95069a78eec69451656371dd53613f5691e6e
Dariusz Michaluk [Tue, 27 Aug 2024 12:41:59 +0000 (14:41 +0200)]
Add EC & PQC hybrid derivation test
Change-Id: I6d5c13d024dedb166f9cac0eac1dfc198d550fe7
Jakub Wlostowski [Tue, 6 Aug 2024 10:15:54 +0000 (12:15 +0200)]
Add testing KEM vectors
Change-Id: I443a99dcb4cb7b4b288084db50e6b167715cd860
Jakub Wlostowski [Wed, 31 Jul 2024 14:40:48 +0000 (16:40 +0200)]
Check PQC API protection
Change-Id: Id88a64ed78395b4b02b02de350169db4b1e4f7ba
Jakub Wlostowski [Tue, 30 Jul 2024 08:19:39 +0000 (10:19 +0200)]
Add ML-KEM derive hybrid tests
Change-Id: Ic1e09cc65f9d5afad44df70e2b9119bb66ee7580
Jakub Wlostowski [Wed, 24 Jul 2024 11:59:40 +0000 (13:59 +0200)]
Add ML-KEM (en/de)capsulation tests
Change-Id: I521649fb59a464c7cf96fb08682d44ff1abde71d
Jakub Wlostowski [Fri, 12 Jul 2024 11:39:39 +0000 (13:39 +0200)]
Add ML-KEM keypair creation tests
Change-Id: Id6d174d98066e65e0371498672a57ae001ab059e
Jakub Wlostowski [Thu, 8 Aug 2024 09:19:31 +0000 (11:19 +0200)]
Fix maybe-uninitialized error
Change-Id: I32e2b68d7b7851975ccc90a162a9d1603eda884c
Dariusz Michaluk [Wed, 10 Jul 2024 08:54:05 +0000 (10:54 +0200)]
Fix wrapping tests
Wrapping function should always use public key,
unwrapping is made with private key.
Change-Id: I4628de66596d7fe155b93a461467724c6e8d708e
Andrei Vakulich [Fri, 7 Jun 2024 12:32:25 +0000 (14:32 +0200)]
Added key and data backend checks to tests
Checks were added to tests: e2ee-adaptation-layer,
key-derivation, key-wrapping, capi-testcases.
Change-Id: I4c310c0ee56dcb5d5b8557bbc02c5424efdf6b9f
Filip Skrzeczkowski [Wed, 26 Jun 2024 13:59:49 +0000 (15:59 +0200)]
Add extended privilege integration tests
Change-Id: Idf6054cefab577b99216daffa1436157484e96b8
Dariusz Michaluk [Thu, 20 Jun 2024 08:40:18 +0000 (10:40 +0200)]
Fix build error on 64 bit arch
Change-Id: I7761781ce448dd91fe6fd382e05a2eaa42d69f0a
Jan Wojtkowski [Fri, 17 May 2024 09:33:29 +0000 (11:33 +0200)]
Add more tests to the concatenated wrapping API
Change-Id: I1c4166512e1fe8f7366238459161711a460e449b
Krzysztof Jackiewicz [Fri, 7 Jun 2024 09:50:03 +0000 (11:50 +0200)]
Fix systemdb tests
Add missing database cleanup to system db tests.
Fix failing T5044_SYSTEM_SVC_5000_ACCESS_DB. The expected error is
CKMC_ERROR_DB_ALIAS_UNKNOWN because user 5000 is not a system service and does
not know about the alias stored in the system db.
Change-Id: I824cd1d3c6504a67215a9094eaa510849d1330bc
Andrei Vakulich [Fri, 17 May 2024 17:55:25 +0000 (19:55 +0200)]
Improve access control tests
Change-Id: I8bcc999acc3dd83a48d90fa9e12e6766cbbc0212
Dariusz Michaluk [Thu, 9 May 2024 14:00:25 +0000 (16:00 +0200)]
Add concatenated wrapping API tests
Change-Id: I9ab387af866dae43b54ba59cd779d557d560b41d
Dariusz Michaluk [Fri, 10 May 2024 09:49:45 +0000 (11:49 +0200)]
Adjust tests to implementation changes
Allow using SHA384 & SHA512 with RSA OAEP
Change-Id: Iaf60a99d5046c94cce0c370ce4d1660886720f59
Andrei Vakulich [Tue, 14 May 2024 07:57:22 +0000 (09:57 +0200)]
Add privileged tests for REMOVE only permission
Check if ckmc_get_data_alias_info_list and
ckmc_get_data_alias_list return info for READ only
and REMOVE only permission
Change-Id: Iac50c1e0c23560c88eb3d5c74ec4c450a52d3a50
Dongsun Lee [Mon, 18 Mar 2024 06:59:08 +0000 (15:59 +0900)]
Add test-cases for RSA 3072
Change-Id: I9a42988035717b8bb128a4dc06add83c080e9cbc
Jan Wojtkowski [Thu, 18 Apr 2024 13:12:19 +0000 (15:12 +0200)]
Add vscode settings to .gitignore
Change-Id: I68f6f7941e7f9f9cbba86c5c03fc461c5cb9bb72
Filip Skrzeczkowski [Tue, 2 Apr 2024 13:54:07 +0000 (15:54 +0200)]
Temporarily disable positive ocsp tests due to firewall/dns issues
Change-Id: I85b714e1f38afaf25b111d54a0694b2e5327ed0d
Dongsun Lee [Wed, 21 Feb 2024 02:32:29 +0000 (11:32 +0900)]
Add TCs for exporting RSA public key from TZ
Change-Id: I0fe80a888581104eb38f99bf1a9780092b784953
Tomasz Swierczek [Tue, 13 Feb 2024 08:51:33 +0000 (09:51 +0100)]
Add old_tee compile-time option
This setting can be used in pair with tz_backend compile-time
flag to disable some algorithms not supported on older TEE
backends.
Currently unsupported: RSA & DSA 4096
Change-Id: I5a0e04ca604a034a07a68717f547ccacb59b17d3
Dariusz Michaluk [Mon, 4 Mar 2024 16:51:01 +0000 (17:51 +0100)]
Adjust tests to "ECDSA raw/asn1 signature conversion methods"
If the ECDSA signature is presented in asn1 format, the first byte is always asn1 metadata,
it's better to change the last byte, which will always be signature data.
Change-Id: I6ec694dc17598f5931ef12ab15701c15138755f0
Krzysztof Jackiewicz [Mon, 16 Oct 2023 07:40:09 +0000 (09:40 +0200)]
Add test for RSA OAEP wrapping with different hashes
Change-Id: I9a06501cdb67fe2ac8558b694b0e49b12c7e793f
Krzysztof Jackiewicz [Mon, 14 Aug 2023 14:31:57 +0000 (16:31 +0200)]
Apply VD test modifications
* Add EC public key export tests.
* Add EC key/cert import tests.
* Add TZ_EC_IMPORT build flag. EC import is not required by E2EE but is
implemented in VD backend. Tests importing EC keys are disabled by
default.
* Use ckmc_backend_get_max_chunk_size to obtain the maximum "big data"
size supported by the backend.
* Update and add DSA import/signature/verification tests.
* Don't use GCM IV longer than 63B as VD's backend does not support
them.
* Make keys unexportable where needed so that TZ backend is used
whenever possible.
* Compare unexportable keys by comparing encryption results.
* Limit the amount of code applicable to SW backend only.
* Don't expect CBC import (decryption) to fail always when wrong key is
used. It may indeed fail if the padding is broken but it doesn't have
to be the case.
* Add comments explaining the source of failure on tizen.org's backend
implementation.
Change-Id: Ie98915ff1010af67ba9c44e8727813fa895c1979
Filip Skrzeczkowski [Thu, 28 Sep 2023 11:25:42 +0000 (13:25 +0200)]
Add tests for permissible file repair
The client library repair is tested via the client-label-monitor while
the service repair is tested by invoking app installs and uninstalls.
Both global and local permissible files are tested
Change-Id: Ib926f649d41e38cf7f0c34212db71a854fe156f8
Krzysztof Jackiewicz [Mon, 25 Sep 2023 09:52:51 +0000 (11:52 +0200)]
Add tests for different OAEP hashes
Change-Id: If15830a880bd4ffb9f546afd55d885a78ece37c5
Krzysztof Jackiewicz [Fri, 29 Sep 2023 11:29:57 +0000 (13:29 +0200)]
Adjust tests to changes related to x9.31
X9.31 padding can not be used without a hashing function. Openssl does
not allow it. Adjust test to key-manager changes.
Change-Id: I23771afc3dedb4d05b241d17ade39eb9c13d52a1
Dongsun Lee [Wed, 20 Sep 2023 03:02:35 +0000 (12:02 +0900)]
use the same parameters as E2EE modulue in e2ee-adaptation-layer TCs
Change-Id: I7579666aadcca7197d22dd35bc567b231f3fecbf
Dongsun Lee [Mon, 18 Sep 2023 09:20:23 +0000 (18:20 +0900)]
add a TC of TKW_IMPORT_EXPORT_AES_BETWEEN_BACKENDS
Change-Id: If1dacae546b932181b79de7382455cf75623b514
Krzysztof Jackiewicz [Fri, 11 Aug 2023 15:06:49 +0000 (17:06 +0200)]
CKM: Adjust privileged tests to TZ
TZ backend does not support import of password protected keys
T7010_Encrypted_initial_values_asymmetric fails on tef-simulator at
initial-values.cpp:331 because of DSA usage.
Change-Id: Ida594496dc58f30e907a864e4b5d982451f4e014
Krzysztof Jackiewicz [Thu, 10 Aug 2023 19:10:37 +0000 (21:10 +0200)]
CKM: Adjust tests to TZ backend capabilities
No support for EC import in TZ.
No support for other hashes beside SHA1 in DS (TZ).
Adjust the tests temporarily.
Change-Id: I3604264af27cf5f5eda4758811b5d2fcf92943b3
Dongsun Lee [Fri, 11 Aug 2023 06:18:22 +0000 (15:18 +0900)]
CKM: Don't use IV less than 12 bytes for TZ Backend
Change-Id: I19b51a312e6ac29bb09f927a10db4571acca470a
Dongsun Lee [Fri, 11 Aug 2023 05:08:29 +0000 (14:08 +0900)]
CKM: Don't set password for importing asymmetric key to TZ_BACKEND
Change-Id: I05fd59f4d3171e8a1af6a0587e569903250b3591
Krzysztof Jackiewicz [Tue, 8 Aug 2023 15:12:18 +0000 (17:12 +0200)]
E2EE: Make one of the test keys exportable
This way we can compare results of ECDH+KBKDF between different
backends.
Change-Id: I8022462ea59968d04f0522ab39bfeb0533b7ade4
Krzysztof Jackiewicz [Tue, 8 Aug 2023 14:59:37 +0000 (16:59 +0200)]
E2EE: Cleanup TZ data after tests
Change-Id: I2edc6e1fdec3b6be6db1cf4cd9781568597eb985
Dongsun Lee [Thu, 3 Aug 2023 09:15:06 +0000 (18:15 +0900)]
CKM: Update ECDH TCs for TZ Backend
Change-Id: I2249411fcc60c858d9cbaacb676de93da59590da
Dongsun Lee [Thu, 3 Aug 2023 00:25:51 +0000 (09:25 +0900)]
CKM: Support ECDSA tests for TZ Backend
Change-Id: I6a9605fb81e27b77425dddfd56db0c9b261b3a60
Dongsun Lee [Mon, 31 Jul 2023 00:49:22 +0000 (09:49 +0900)]
CKM: modify Wrapping/Unwrapping TCs for Backend
Change-Id: I54609e0bd081fc277066791b13f73452fb14a5cd
Dongsun Lee [Tue, 25 Jul 2023 09:32:33 +0000 (18:32 +0900)]
CKM: modify KBKDF TCs for TZ Backend
Change-Id: I4db0db61b2da46648aba99df06579ab3de0bf590
Krzysztof Jackiewicz [Mon, 24 Jul 2023 11:29:46 +0000 (13:29 +0200)]
CKM: Expect fail when wrapping/unwrapping RSA keys
Change-Id: Id0d235961ba57ebf6ec849f209253d104edcb493
Krzysztof Jackiewicz [Mon, 24 Jul 2023 08:38:42 +0000 (10:38 +0200)]
CKM: Remove keys explicitly in derivation tests
Removing the user data is not enough in case of TZ backend. Without
explicit removal objects remain in TZ storage.
Change-Id: Id9652be186610322ea913f74ff8504f66ac8232e
Krzysztof Jackiewicz [Wed, 19 Jul 2023 21:00:24 +0000 (23:00 +0200)]
Add recursive thread spawning stress test
The test creates a pool of threads where each one spawns another one.
During thread spawning the security_manager_prepare_app() is called
trying to sync (drop capabilties of) all the threads.
Best tested with security-manager built in debug mode.
Thread sync failure leads to abort().
Change-Id: I7ceb6f2375076a0995867efc5cc16680df9cf316
Krzysztof Jackiewicz [Fri, 14 Jul 2023 07:53:16 +0000 (09:53 +0200)]
CKM: Fix policy generation and expectation
Some of the possible policy setups were skipped. Make the generate_ckm_policy()
generate all possible combinations.
Expect backend depending on the policy's extractable flag in T1024
Change-Id: I1bd0f5b1a544c8385fdd9c66d23cbd5385137cd0
Krzysztof Jackiewicz [Thu, 13 Jul 2023 09:20:56 +0000 (11:20 +0200)]
CKM: Disable remaining non-GCM tests on TZ
Change-Id: Ic92469494c666ba506229b0eb70d0cc29bfde29d
Krzysztof Jackiewicz [Wed, 12 Jul 2023 13:43:36 +0000 (15:43 +0200)]
CKM: Disable non-GCM tests in TZ cipher API
Currently TZ backend cipher API does not support other encryption modes
beside GCM.
Change-Id: I0fad8ba60b3081af0601f07ac92f724cc88f2fc0
Tomasz Swierczek [Wed, 12 Jul 2023 06:04:04 +0000 (08:04 +0200)]
Revert "Do not block SIGRTMIN+2 for prepare app tests"
This reverts commit
685f3a3ec22cbe62ab6c626bfbcb8e63bb123f01.
Tomasz Swierczek [Fri, 7 Jul 2023 09:10:12 +0000 (11:10 +0200)]
Do not block SIGRTMIN+2 for prepare app tests
Unfortunately, for various reasons we need to ditch using SIGSETXID.
Change-Id: I60c8d1ffd6477ae9786c10b56b53643489cdcac9
Krzysztof Jackiewicz [Tue, 27 Jun 2023 15:38:13 +0000 (17:38 +0200)]
CKM: Use public key for key wrapping
Private key contains the public key and it (the public key) is actually
used for encryption so the testing code is ok. However, to make it
clearer, the public key will be used explicitly.
Change-Id: I8599710b3c5b03675811b1c527b59efbc5006d00
Krzysztof Jackiewicz [Tue, 27 Jun 2023 12:07:34 +0000 (14:07 +0200)]
CKM: Test for invalid wrapped key type
Change-Id: Ia6245e6943ed769c426a51d8cde4d66f781e7896
Dariusz Michaluk [Thu, 22 Jun 2023 07:45:40 +0000 (09:45 +0200)]
Merge branch 'tizen' into security-manager
Change-Id: Ie290e5fa829129488b74ccf440dd08ae4e6ba160
Dariusz Michaluk [Thu, 22 Jun 2023 07:28:24 +0000 (09:28 +0200)]
Merge branch 'ckm' into tizen
Change-Id: Ia4bb16867447fd4d661a8578e21a7131a2cd16ad
projects / platform / core / test / security-tests.git / log