Add PASSWORD_PROTECTION_DISABLE feature

Change-Id: I29215c373931c552c14cfa73ac1a8514a8bd1e62
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>

diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec
index 0fadcd4..bb5d572 100644 (file)
--- a/packaging/security-tests.spec
+++ b/packaging/security-tests.spec
@@ -42,6 +42,9 @@ cp %{SOURCE1} .
 %build
 export LDFLAGS+="-Wl,--rpath=%{_prefix}/lib"
 
+# password protection enabled
+%define ckm_password_protection_disable 1
+
 cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \
         -DDPL_LOG="ON"                    \
         -DVERSION=%{version}              \
@@ -49,6 +52,9 @@ cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \
 %if "%{sec_product_feature_security_mdfpp_enable}" == "1"
         -DSECURITY_MDFPP_STATE_ENABLE=1 \
 %endif
+%if 0%{?ckm_password_protection_disable}
+        -DPASSWORD_PROTECTION_DISABLE=1 \
+%endif
         -DCMAKE_VERBOSE_MAKEFILE=ON       \
         -DCYNARA_DB_DIR=%{_localstatedir}/cynara/db \
         -DAPP_USER="security_test_user"

diff --git a/src/ckm/CMakeLists.txt b/src/ckm/CMakeLists.txt
index 40891fa..b4f23b0 100644 (file)
--- a/src/ckm/CMakeLists.txt
+++ b/src/ckm/CMakeLists.txt
@@ -27,6 +27,12 @@ ELSE (DEFINED SECURITY_MDFPP_STATE_ENABLED)
     MESSAGE("SECURITY_MDFPP_STATE_ENABLE DISABLED !")
 ENDIF (DEFINED SECURITY_MDFPP_STATE_ENABLED)
 
+# password protection flag
+IF (DEFINED PASSWORD_PROTECTION_DISABLE)
+    MESSAGE("PASSWORD_PROTECTION_DISABLE ENABLED !")
+    ADD_DEFINITIONS("-DPASSWORD_PROTECTION_DISABLE")
+ENDIF (DEFINED PASSWORD_PROTECTION_DISABLE)
+
 # Dependencies
 PKG_CHECK_MODULES(CKM_DEP
     libsmack

diff --git a/src/ckm/capi-testcases.cpp b/src/ckm/capi-testcases.cpp
index cdd929f..628f90b 100644 (file)
--- a/src/ckm/capi-testcases.cpp
+++ b/src/ckm/capi-testcases.cpp
@@ -2398,11 +2398,17 @@ RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
        char *password = NULL;
        ckmc_key_s *test_key = NULL;
 
+#ifndef PASSWORD_PROTECTION_DISABLE
        RUNNER_ASSERT_MSG(
                CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
                CKMCReadableError(temp));
 
        RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
+#else
+       RUNNER_ASSERT_MSG(
+               CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
+               CKMCReadableError(temp));
+#endif
 }
 
 RUNNER_TEST(T3204_deinit)

diff --git a/src/ckm/main.cpp b/src/ckm/main.cpp
index 5549a93..240f95a 100644 (file)
--- a/src/ckm/main.cpp
+++ b/src/ckm/main.cpp
@@ -167,9 +167,11 @@ RUNNER_TEST(T0016_Control_negative_wrong_password)
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
         "Error=" << CKM::ErrorToString(temp));
+#ifndef PASSWORD_PROTECTION_DISABLE
     RUNNER_ASSERT_MSG(
         CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")),
         "Error=" << CKM::ErrorToString(temp));
+#endif
     RUNNER_ASSERT_MSG(
         CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
         "Error=" << CKM::ErrorToString(temp));
@@ -3366,9 +3368,15 @@ RUNNER_TEST(T1904_get_data_from_locked_database)
 
     int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
 
+#ifndef PASSWORD_PROTECTION_DISABLE
     RUNNER_ASSERT_MSG(
         CKM_API_ERROR_DB_LOCKED == status1,
         "Could not get key from locked database. Error=" << CKM::ErrorToString(status1));
+#else
+    RUNNER_ASSERT_MSG(
+        CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1,
+        "Could not get key with a wrong alias. Error=" << CKM::ErrorToString(status1));
+#endif
 }
 
 RUNNER_TEST(T1905_deinit)