From: Krzysztof Jackiewicz Date: Fri, 15 May 2015 09:59:27 +0000 (+0200) Subject: Add backend id to database scheme X-Git-Tag: accepted/tizen/mobile/20150629.000431~21 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fsecurity%2Fkey-manager.git;a=commitdiff_plain;h=94cd4b238acc09261439071cf5e7a9be114eee93 Add backend id to database scheme [Issue#] N/A [Feature/Bug] N/A [Problem] N/A [Cause] We have to keep backend id in database. [Solution] Schema updated [Verification] Run migration tests: ckm-tests-internal --run_test=DBCRYPTO_MIGRATION_TEST ckm-tests-internal --run_test=DBCRYPTO_TEST/DBtestBackend Change-Id: Ib33d6c360d655f7c7a01164385e284ec8f759837 --- diff --git a/data/scripts/create_schema.sql b/data/scripts/create_schema.sql index 2628d38..dac4bc0 100644 --- a/data/scripts/create_schema.sql +++ b/data/scripts/create_schema.sql @@ -39,6 +39,7 @@ CREATE TABLE IF NOT EXISTS OBJECTS(exportable INTEGER NOT NULL, data BLOB NOT NULL, tag BLOB NOT NULL, idx INTEGER NOT NULL, + backendId INTEGER NOT NULL DEFAULT 1, FOREIGN KEY(idx) REFERENCES NAMES(idx) ON DELETE CASCADE, PRIMARY KEY(idx, dataType)); diff --git a/data/scripts/migrate_3.sql b/data/scripts/migrate_3.sql new file mode 100644 index 0000000..14a63c3 --- /dev/null +++ b/data/scripts/migrate_3.sql @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file migrate_3.sql + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @version 1.0 + * @brief DB migration script from schema version 3 to schema version 4. + */ + + +-- update schema +ALTER TABLE NAMES ADD COLUMN backendId INTEGER NOT NULL DEFAULT 1; diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 7a98e74..3916e13 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -132,6 +132,7 @@ cp data/scripts/*.sql %{buildroot}/usr/share/ckm/scripts mkdir -p %{buildroot}/usr/share/ckm-db-test cp tests/testme_ver1.db %{buildroot}/usr/share/ckm-db-test/ cp tests/testme_ver2.db %{buildroot}/usr/share/ckm-db-test/ +cp tests/testme_ver3.db %{buildroot}/usr/share/ckm-db-test/ mkdir -p %{buildroot}/etc/gumd/userdel.d/ cp data/gumd/10_key-manager.post %{buildroot}/etc/gumd/userdel.d/ @@ -263,6 +264,7 @@ fi %{_bindir}/ckm-tests-internal %{_datadir}/ckm-db-test/testme_ver1.db %{_datadir}/ckm-db-test/testme_ver2.db +%{_datadir}/ckm-db-test/testme_ver3.db %{_bindir}/ckm_so_loader %files -n key-manager-pam-plugin diff --git a/src/manager/service/db-crypto.cpp b/src/manager/service/db-crypto.cpp index 04f4022..8a5b57b 100644 --- a/src/manager/service/db-crypto.cpp +++ b/src/manager/service/db-crypto.cpp @@ -44,7 +44,7 @@ namespace { * increment and update DB_VERSION_CURRENT, * then provide migration mechanism! */ - DB_VERSION_CURRENT = 3 + DB_VERSION_CURRENT = 4 }; const char *SCRIPT_CREATE_SCHEMA = "create_schema"; @@ -87,10 +87,11 @@ namespace { "INSERT INTO OBJECTS(" " exportable, dataType," " algorithmType, encryptionScheme," - " iv, dataSize, data, tag, idx) " + " iv, dataSize, data, tag, idx, backendId) " " VALUES(?001, ?002, ?003, ?004, ?005, " " ?006, ?007, ?008," - " (SELECT idx FROM NAMES WHERE name=?101 and label=?102)" + " (SELECT idx FROM NAMES WHERE name=?101 and label=?102)," + " ?009" " );"; const char *DB_CMD_OBJECT_SELECT_BY_NAME_AND_LABEL = @@ -422,6 +423,7 @@ namespace DB { row.dataSize = selectCommand->GetColumnInteger(7); row.data = selectCommand->GetColumnBlob(8); row.tag = selectCommand->GetColumnBlob(9); + row.backendId = static_cast(selectCommand->GetColumnInteger(11)); return row; } @@ -816,6 +818,7 @@ namespace DB { insertObjectCommand->BindInteger(6, row.dataSize); insertObjectCommand->BindBlob (7, row.data); insertObjectCommand->BindBlob (8, row.tag); + insertObjectCommand->BindInteger(9, static_cast(row.backendId)); // name table reference insertObjectCommand->BindString (101, row.name.c_str()); diff --git a/tests/DBFixture.cpp b/tests/DBFixture.cpp index 74c5146..2a7238a 100644 --- a/tests/DBFixture.cpp +++ b/tests/DBFixture.cpp @@ -131,6 +131,7 @@ DB::Row DBFixture::create_default_row(const Name &name, row.iv = createDefaultPass(); row.encryptionScheme = 0; row.dataSize = 0; + row.backendId = CryptoBackend::OpenSSL; return row; } @@ -156,6 +157,10 @@ void DBFixture::compare_row(const DB::Row &lhs, const DB::Row &rhs) BOOST_CHECK_MESSAGE(lhs.data == rhs.data, "data didn't match! Got: " << rhs.data.size() << " , expected : " << lhs.data.size()); + + BOOST_CHECK_MESSAGE(lhs.backendId == rhs.backendId, + "backendId didn't match! Got: " << static_cast(rhs.backendId) + << " , expected : " << static_cast(lhs.backendId)); } void DBFixture::check_DB_integrity(const DB::Row &rowPattern) diff --git a/tests/main.cpp b/tests/main.cpp index 94f51a8..0a47fd8 100644 --- a/tests/main.cpp +++ b/tests/main.cpp @@ -26,6 +26,7 @@ #include #include #include +#include struct TestConfig { TestConfig() { @@ -59,6 +60,7 @@ struct KeyProviderLib { struct LogSetup { LogSetup() { + CKM::SetupClientLogSystem(); CKM::Singleton::Instance().SetTag("CKM_INTERNAL_TESTS"); } ~LogSetup() {} diff --git a/tests/test_db_crypto.cpp b/tests/test_db_crypto.cpp index 9946a34..a493448 100644 --- a/tests/test_db_crypto.cpp +++ b/tests/test_db_crypto.cpp @@ -19,6 +19,7 @@ const unsigned int c_test_retries = 1000; const unsigned int c_num_names = 500; const unsigned int c_num_names_add_test = 5000; const unsigned int c_names_per_label = 15; + } // namespace anonymous BOOST_FIXTURE_TEST_SUITE(DBCRYPTO_TEST, DBFixture) @@ -65,6 +66,22 @@ BOOST_AUTO_TEST_CASE(DBtestTransaction) { BOOST_CHECK_MESSAGE(!row_optional, "Row still present after rollback"); } +BOOST_AUTO_TEST_CASE(DBtestBackend) { + DB::Row rowPattern = create_default_row(); + rowPattern.data = RawBuffer(32, 1); + rowPattern.dataSize = rowPattern.data.size(); + rowPattern.tag = RawBuffer(AES_GCM_TAG_SIZE, 1); + + rowPattern.backendId = CryptoBackend::OpenSSL; + check_DB_integrity(rowPattern); + + rowPattern.backendId = CryptoBackend::TrustZone; + check_DB_integrity(rowPattern); + + rowPattern.backendId = CryptoBackend::None; + check_DB_integrity(rowPattern); +} + BOOST_AUTO_TEST_SUITE_END() @@ -247,6 +264,7 @@ void verifyDBisValid(DBFixture & fixture) ret_list.clear(); } } + struct DBVer1Migration : public DBFixture { DBVer1Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver1.db") @@ -258,6 +276,12 @@ struct DBVer2Migration : public DBFixture DBVer2Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver2.db") {} }; + +struct DBVer3Migration : public DBFixture +{ + DBVer3Migration() : DBFixture("/usr/share/ckm-db-test/testme_ver3.db") + {} +}; } BOOST_AUTO_TEST_CASE(DBMigrationDBVer1) @@ -272,6 +296,12 @@ BOOST_AUTO_TEST_CASE(DBMigrationDBVer2) verifyDBisValid(DBver2); } +BOOST_AUTO_TEST_CASE(DBMigrationDBVer3) +{ + DBVer3Migration DBver3; + verifyDBisValid(DBver3); +} + BOOST_AUTO_TEST_CASE(DBMigrationDBCurrent) { DBFixture currentDB; diff --git a/tests/testme_ver3.db b/tests/testme_ver3.db new file mode 100644 index 0000000..171777a Binary files /dev/null and b/tests/testme_ver3.db differ