2 * Copyright (c) 2000 - 2015 Samsung Electronics Co.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
20 #include <dpl/test/test_runner.h>
21 #include <dpl/test/test_runner_child.h>
22 #include <tests_common.h>
23 #include <ckm-common.h>
24 #include <ckm-privileged-common.h>
25 #include <ckm/ckm-control.h>
26 #include <ckm/ckm-manager.h>
27 #include <ckmc/ckmc-manager.h>
28 #include <access_provider2.h>
35 const uid_t USER_APP = 5070;
36 const uid_t GROUP_APP = 5070;
37 const char* APP_PASS = "user-pass";
39 const char *XML_DEVICE_KEY = "device_key.xml";
41 const char *XML_1_okay = "XML_1_okay.xml";
42 std::string XML_1_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key1");
43 std::string XML_1_EXPECTED_KEY_1_PASSWD = "123";
44 std::string XML_1_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test-key2");
45 // uncomment when AES is supported (+ usage in the tests)
46 std::string XML_1_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test-aes1");
47 std::string XML_1_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test-cert1");
48 std::string XML_1_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test-data1");
49 const char *XML_1_EXPECTED_DATA_1_DATA = "My secret data";
51 std::string XML_1_EXPECTED_KEY_3_RSA_PRV = aliasWithLabel(ckmc_owner_id_system, "test-encryption-prv");
52 std::string XML_1_EXPECTED_KEY_3_RSA_PUB = aliasWithLabel(ckmc_owner_id_system, "test-encryption-pub");
53 std::string XML_1_EXPECTED_ASCII_DATA = aliasWithLabel(ckmc_owner_id_system, "test-ascii-data-encryption");
54 std::string XML_1_EXPECTED_BIG_DATA = aliasWithLabel(ckmc_owner_id_system, "test-binary-data-encryption");
56 const char *XML_2_okay = "XML_2_okay.xml";
57 std::string XML_2_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key1");
58 std::string XML_2_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test2-key2");
59 // uncomment when AES is supported
60 std::string XML_2_EXPECTED_KEY_3_AES = aliasWithLabel(ckmc_owner_id_system, "test2-aes1");
61 std::string XML_2_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test2-cert1");
62 std::string XML_2_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test2-data1");
63 const char *XML_2_EXPECTED_DATA_1_DATA = "My secret data";
65 const char *XML_3_wrong = "XML_3_wrong.xml";
66 std::string XML_3_EXPECTED_KEY_1_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key1");
67 std::string XML_3_EXPECTED_KEY_2_RSA = aliasWithLabel(ckmc_owner_id_system, "test3-key2");
68 // uncomment when AES is supported
69 std::string XML_3_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test3-cert1");
70 std::string XML_3_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test3-data1");
72 std::string format_src_path(const char *file)
74 return std::string(CKM_TEST_DIR) + std::string(file);
77 std::string format_dest_key_path(const char *file)
79 return std::string(CKM_RW_DATA_DIR) + std::string(file);
82 std::string format_dest_path(const char *file)
84 return std::string(CKM_RW_DATA_DIR) + std::string( "/initial_values/") + std::string(file);
87 void copy_file(const std::string &from, const std::string &to)
89 std::ifstream infile(from, std::ios_base::binary);
90 RUNNER_ASSERT_MSG(infile, "Input file " << from << " does not exist.");
91 std::ofstream outfile(to, std::ios_base::binary);
92 RUNNER_ASSERT_MSG(outfile, "Output file " << to << " does not exist. Reinstall key-manager.");
93 outfile << infile.rdbuf();
96 void restart_key_manager()
98 stop_service(MANAGER);
99 start_service(MANAGER);
102 void test_exists(const std::string& name, bool expected) {
103 bool file_exists = (access( name.c_str(), F_OK ) != -1);
104 RUNNER_ASSERT_MSG(file_exists == expected,
105 "File " << name << " status: " << file_exists <<
106 " while expected: " << expected);
111 int hexToBin(char h) {
112 if (h >= '0' && h <= '9')
114 if (h >= 'a' && h <= 'f')
116 if (h >= 'A' && h <= 'F')
118 RUNNER_ASSERT_MSG(false, "Input out of scope");
121 CKM::RawBuffer hexToBin(std::string &hex) {
122 CKM::RawBuffer output;
123 output.resize(hex.size()/2);
124 for (size_t i=0; i<output.size(); ++i) {
125 output[i] = hexToBin(hex[i*2])*16 +
126 hexToBin(hex[i*2 + 1]);
131 RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
133 RUNNER_TEST(T6001_init)
137 // copy to the initial-values folder
138 // check XML file exists
139 // restart the key-manager
140 // check XML file doesn't exist
142 copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
143 copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
144 copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
145 copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
147 test_exists(format_dest_path(XML_1_okay), true);
148 test_exists(format_dest_path(XML_2_okay), true);
149 test_exists(format_dest_path(XML_3_wrong), true);
151 restart_key_manager();
153 test_exists(format_dest_path(XML_1_okay), false);
154 test_exists(format_dest_path(XML_2_okay), false);
155 test_exists(format_dest_path(XML_3_wrong), false);
158 RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP)
161 // check items existence as system service
163 // check items existence as TEST_LABEL
165 // check items existence as TEST_LABEL_2
169 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
170 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
171 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
172 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
173 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
178 ScopedDBUnlock unlock(USER_APP, APP_PASS);
179 ScopedAccessProvider ap(TEST_LABEL);
180 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
182 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
183 check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
184 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
185 check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str());
186 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
191 ScopedDBUnlock unlock(USER_APP, APP_PASS);
192 ScopedAccessProvider ap(TEST_LABEL_2);
193 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
195 check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
196 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
197 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
198 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
199 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
203 RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP)
206 // check items existence as system service
207 check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
208 check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
209 check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
210 check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
211 check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
212 check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
213 check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
214 check_cert_allowed(XML_2_EXPECTED_CERT_1.c_str());
215 check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
216 check_read_allowed(XML_2_EXPECTED_DATA_1.c_str(), XML_2_EXPECTED_DATA_1_DATA);
219 RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP)
222 // check items existence as system service - nothing should be available
223 check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
224 check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
225 check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
226 check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
229 RUNNER_TEST(T6040_CHECK_KEYS_VALID)
232 // check if key can create & verify signature
233 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
234 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
235 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
236 ckmc_raw_buffer_s *signature = NULL;
239 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
240 XML_1_EXPECTED_KEY_2_RSA.c_str(),
246 CKMCReadableError(temp));
250 CKMC_ERROR_AUTHENTICATION_FAILED == (temp = ckmc_verify_signature(
251 XML_1_EXPECTED_KEY_1_RSA.c_str(),
257 CKMCReadableError(temp));
261 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
262 XML_1_EXPECTED_KEY_1_RSA.c_str(),
263 XML_1_EXPECTED_KEY_1_PASSWD.c_str(),
268 CKMCReadableError(temp));
270 ckmc_buffer_free(signature);
273 RUNNER_TEST(T6050_ENCRYPTED_KEY)
276 // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
277 // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
279 // check if encrypted private key is present
280 // check if public key is present
282 // extract the private, encrypted key
283 // extract the public key
284 // create signature using the public key
285 // verify signature using the decrypted private key
288 check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), CKMC_KEY_RSA_PRIVATE);
289 check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), CKMC_KEY_RSA_PUBLIC);
292 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
293 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
294 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
295 ckmc_raw_buffer_s *signature = NULL;
298 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
299 XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(),
305 CKMCReadableError(temp));
309 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
310 XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(),
316 CKMCReadableError(temp));
318 ckmc_buffer_free(signature);
321 RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA)
324 // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
325 // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
328 // check if data matches the expected size and content
331 ckmc_raw_buffer_s *testData1;
334 CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_ASCII_DATA.c_str(), NULL, &testData1)),
335 CKMCReadableError(temp));
336 size_t expected_len = 15;
337 RUNNER_ASSERT_MSG(expected_len /* src/ckm/keys/EIV/ascii_data */ == testData1->size, "invalid data size");
338 RUNNER_ASSERT_MSG(memcmp(reinterpret_cast<char*>(testData1->data), "My secret data\n", expected_len) == 0, "invalid data contents");
339 ckmc_buffer_free(testData1);
342 RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA)
345 // to encrypt using RSA OAEP: openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
346 // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
349 // check if data matches the expected size
352 ckmc_raw_buffer_s *testData1;
355 CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_BIG_DATA.c_str(), NULL, &testData1)),
356 CKMCReadableError(temp));
357 RUNNER_ASSERT_MSG(5918 /* src/ckm/keys/EIV/code.png */ == testData1->size, "invalid data size");
358 ckmc_buffer_free(testData1);
361 RUNNER_TEST(T6999_deinit)
366 RUNNER_TEST(T7000_Encrypted_initial_values)
369 std::string message = "16c9efbc342777c0e36d59019582d59be8385bdea5497cf092f99ce5430498e9";
370 std::string iv = "6162636465666768696a6b6c6d6e6f70";
372 std::string expected = "ShortTestMessage";
374 CKM::CryptoAlgorithm algo;
375 CKM::RawBuffer messageBin = hexToBin(message);
376 CKM::RawBuffer ivBin = hexToBin(iv);
377 CKM::RawBuffer decrypted;
379 algo.setParam(CKM::ParamName::ALGO_TYPE, CKM::AlgoType::AES_CBC);
380 algo.setParam(CKM::ParamName::ED_IV, ivBin);
382 auto mgr = CKM::Manager::create();
383 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = mgr->decrypt(algo, "/System TEI_0", CKM::Password(), messageBin, decrypted)), "Failed to decrypt " << CKMErrorToString(temp));
384 RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == expected, "Data does not match");