{
int temp;
ControlShPtr control = Control::create();
+
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(0, TEST_PASS)),
+ "Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
"Error=" << ErrorToString(temp));
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(APP_UID, TEST_PASS)),
"Error=" << ErrorToString(temp));
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)),
"Error=" << ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << ErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << ErrorToString(temp));
}
RUNNER_TEST(T3000_init)
{
int temp;
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp));
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp));
RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp));
-
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp));
}
// invalid arguments check
}
}
-RUNNER_TEST(T3031_manager_test_decrypt_from_another_label)
-{
- int temp;
- CharPtr top_label = get_label();
- ScopedSaveData ssd(TEST_ALIAS);
-
- allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ);
- {
- ScopedLabel sl(TEST_LABEL2);
-
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
-
- // remove the DKEK key - so that on read it must be added again
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), CKMCErrorToString(temp));
-
- // on this read, DKEK key will be added again
- check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str());
- }
-}
-
// tries to access other application data with permission
-RUNNER_TEST(T3032_manager_deprecated_access_allowed)
+RUNNER_TEST(T3031_manager_deprecated_access_allowed)
{
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
}
// tries to read other application data with permission for read/remove
-RUNNER_TEST(T3033_manager_deprecated_access_allowed_with_remove)
+RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove)
{
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
}
// tries to remove other application data with permission for reading only
-RUNNER_TEST(T3034_manager_deprecated_access_allowed_remove_denied)
+RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied)
{
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
}
// tries to remove other application data with permission
-RUNNER_TEST(T3035_manager_deprecated_remove_allowed)
+RUNNER_TEST(T3034_manager_deprecated_remove_allowed)
{
CharPtr top_label = get_label();
ScopedSaveData ssd(TEST_ALIAS);
namespace {
+const char *CHAINS_PASSWD = "chains-pass";
+
typedef std::unique_ptr<ckmc_cert_s, void (*)(ckmc_cert_s*)> CertPtr;
typedef std::unique_ptr<ckmc_cert_list_s, void (*)(ckmc_cert_list_s*)> CertListPtr;
typedef std::unique_ptr<ckmc_alias_list_s, void (*)(ckmc_alias_list_s*)> AliasListPtr;
RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty");
ckmc_cert_free(cert);
}
-
} // namespace anonymous
RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_CERTIFICATE_CHAINS);
RUNNER_TEST(TCCH_0000_init)
{
- assert_positive(ckmc_unlock_user_key, 0, "test-pass");
+ reset_user_data(0, CHAINS_PASSWD);
}
// old API
RUNNER_TEST(TCCH_0010_get_chain_old_api)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ChainVerifier<ChainApiOld> cv;
cv.verifyNegative(TestData::GOOGLE_COM);
// old API
RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ChainVerifier<ChainApiOld> cv;
cv.verifyPositive(TestData::GIAG2, 2); // including system cert
// check invalid arguments
RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST);
// check invalid arguments
RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ckmc_cert_s* ca2 = create_cert(TestData::GIAG2);
ckmc_cert_list_s* chain = NULL;
*/
RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ChainVerifier<> cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ChainVerifier<> cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ChainVerifier<> cv;
cv.verifyPositive(TestData::GIAG2, 2); // including system cert
*/
RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ChainVerifier<> cv;
cv.addTrusted(TestData::TEST_ROOT_CA);
RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ChainVerifier<> cv;
cv.addUntrusted(TestData::GIAG2);
*/
RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ChainVerifier<> cv;
cv.enableSystem(false);
*/
RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ChainVerifier<> cv;
cv.enableSystem(false);
RUNNER_TEST(TCCH_0200_get_certificate_chain_all)
{
- assert_positive(ckmc_remove_user_data,0);
+ reset_user_data(0, CHAINS_PASSWD);
ChainVerifier<> cv;
cv.enableSystem(true);
RUNNER_TEST(TCCH_9999_deinit)
{
- assert_positive(ckmc_lock_user_key, 0);
- assert_positive(ckmc_remove_user_data, 0);
+ remove_user_data(0);
}
// error - fail
RUNNER_ASSERT_MSG(
ec >= 0,
- "Error: alias list failed, ec: " << ec);
+ "Error: alias list failed, ec: " << CKMCErrorToString(ec));
}
return ec;
RUNNER_CHILD_TEST(T3053_CAPI_create_dsa_key)
{
int temp;
+
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
size_t size = 1024;
const char *private_key_alias = "DSA-test-2-priv";
const char *public_key_alias = "DSA-test-2-pub";
namespace
{
-const char* alias_PKCS_collision = "CAPI-test-PKCS-collision";
const char* alias_PKCS_exportable = "CAPI-test-PKCS-export";
const char* alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export";
-const char* alias_PKCS_priv_key_copy = "CAPI-test-PKCS-private-key-copy";
-const char* alias_PKCS_priv_key_wrong = "CAPI-test-PKCS-private-key-wrong";
}
RUNNER_TEST(T3101_CAPI_PKCS12_init)
{
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "PKCS-pass")),
CKMCReadableError(temp));
-
- ckmc_remove_pkcs12(alias_PKCS_collision);
- ckmc_remove_pkcs12(alias_PKCS_exportable);
- ckmc_remove_pkcs12(alias_PKCS_not_exportable);
- ckmc_remove_pkcs12(alias_PKCS_priv_key_copy);
- ckmc_remove_pkcs12(alias_PKCS_priv_key_wrong);
}
RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
ckmc_cert_free(cert_lookup);
}
-RUNNER_TEST(T3103_CAPI_PKCS12_get_PKCS)
+RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
{
int temp;
- auto manager = CKM::Manager::create();
-
ckmc_pkcs12_s *pkcs = NULL;
// fail - no entry
ckmc_pkcs12_free(pkcs);
}
-RUNNER_TEST(T3104_CAPI_PKCS12_create_and_verify_signature)
+RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature)
{
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
CKMCReadableError(temp));
}
-RUNNER_TEST(T3105_CAPI_PKCS12_remove_bundle_with_chain_certs)
+RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
{
int tmp;
RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
{
int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
CKMCReadableError(temp));
}
-RUNNER_TEST_GROUP_INIT(T3110_CAPI_LOCKTYPE_TESTS);
-
-RUNNER_CHILD_TEST(T3111_CAPI_init_lock_key)
-{
- int tmp;
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- char *null_password = NULL;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_change_user_password(USER_APP,USER_PASS,null_password)),
- CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(tmp));
-}
-
-RUNNER_CHILD_TEST(T3112_CAPI_unlock_default_passwd)
-{
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- char alias[20] = "mykey_defpasswd";
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = password;
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_key(alias)),
- CKMCReadableError(temp));
-}
-
-RUNNER_CHILD_TEST(T3113_CAPI_init_change_user_password)
-{
- int tmp;
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- char *null_password = NULL;
-
- // database has been automatically unlocked with NULL pw in previous test. Lock it now
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_change_user_password(USER_APP,null_password,USER_PASS)),
- CKMCReadableError(tmp));
- // get rid of NULL DKEK
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_unlock_user_key(USER_APP,USER_PASS)),
- CKMCReadableError(tmp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(tmp));
-}
-
-RUNNER_CHILD_TEST(T3114_CAPI_unlock_default_passwd_negative)
-{
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
-
- ckmc_key_s test_key, *test_key2;
- ckmc_policy_s test_policy;
-
- char* password = NULL;
- char alias[20] = "mykey_defpasswd";
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- char* char_keypem = new char[keyPem.length() + 1];
-
- std::strcpy(char_keypem, keyPem.c_str());
- test_key.raw_key = (unsigned char *)char_keypem;
- test_key.key_size = keyPem.length();
- test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
-
- test_policy.password = password;
- test_policy.extractable = 1;
-
- test_key2 = &test_key;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_save_key(alias, test_key, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key2)),
- CKMCReadableError(temp));
-}
-
-RUNNER_CHILD_TEST(T3119_CAPI_deinit)
-{
- int temp;
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- CKMCReadableError(temp));
-}
RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE);
const char* const USER_LABEL = "User";
const char* const CKM_LOCK = "/var/run/key-manager.pid";
+const char* const CC_PASSWD = "t200-special-password";
// Wrapper for mdpp state that restores the original value upon destruction
class MdppState
vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET);
}
-void remove_user_data()
-{
- auto control = Control::create();
- int ret = control->removeUserData(0);
- RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS,
- "Remove user data failed with error: " << ErrorToString(ret));
-}
+
Alias rsa_pri_alias("rsa-private-T2002");
Alias rsa_pub_alias("rsa-public-T2002");
mdpp.set(mdpp_setting);
start_service(MANAGER);
}
-
} // namespace anonymous
RUNNER_TEST_GROUP_INIT(CKM_CC_MODE);
RUNNER_TEST(TCC_0000_init)
{
- remove_user_data();
-
- int tmp;
- auto control = Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t200-special-password")),
- "Error=" << ErrorToString(tmp));
+ reset_user_data(0, CC_PASSWD);
}
// updatedCCMode should succeed regardless of mdpp setting
stop_service(LISTENER);
MdppState mdpp;
- remove_user_data();
+ reset_user_data(0, CC_PASSWD);
save_keys();
mdpp.set(NULL);
{
// restart listener without vconf callback
stop_service(LISTENER);
- remove_user_data();
+ reset_user_data(0, CC_PASSWD);
MdppState mdpp;
mdpp.set(NULL);
update_cc_mode();
update_cc_mode();
start_service(LISTENER);
- remove_user_data();
+ reset_user_data(0, CC_PASSWD);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
{
restart_ckm(DISABLED);
- remove_user_data();
+ reset_user_data(0, CC_PASSWD);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
}
{
restart_ckm(ENABLED);
- remove_user_data();
+ reset_user_data(0, CC_PASSWD);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
}
{
restart_ckm(ENFORCING);
- remove_user_data();
+ reset_user_data(0, CC_PASSWD);
save_keys();
read_keys(CKM_API_ERROR_BAD_REQUEST);
}
{
restart_ckm(READY);
- remove_user_data();
+ reset_user_data(0, CC_PASSWD);
save_keys();
read_keys(CKM_API_SUCCESS);
}
{
restart_ckm("whatever");
- remove_user_data();
+ reset_user_data(0, CC_PASSWD);
save_keys();
read_keys(CKM_API_SUCCESS);
}
{
restart_ckm(NULL);
- remove_user_data();
+ reset_user_data(0, CC_PASSWD);
save_keys();
read_keys(CKM_API_SUCCESS);
}
RUNNER_TEST(TCC_9999_deinit)
{
- remove_user_data();
-
- int tmp;
- auto control = Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
- "Error=" << ErrorToString(tmp));
+ remove_user_data(0);
}
#include <ckm-common.h>
#include <tests_common.h>
#include <access_provider2.h>
+#include <ckm/ckm-control.h>
#include <ckm/ckm-manager.h>
+#include <ckmc/ckmc-control.h>
+#include <ckmc/ckmc-manager.h>
#include <dbus_access.h>
const char* SERVICE[] = {
return output;
}
+void unlock_user_data(uid_t user_id, const char *passwd)
+{
+ int ret;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->unlockUserKey(user_id, passwd)),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+void remove_user_data(uid_t user_id)
+{
+ int ret;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->lockUserKey(user_id)),
+ "Error=" << CKM::ErrorToString(ret));
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->removeUserData(user_id)),
+ "Remove user data failed with error: " << CKM::ErrorToString(ret));
+}
+
+void reset_user_data(uid_t user_id, const char *passwd)
+{
+ remove_user_data(user_id);
+ unlock_user_data(user_id, passwd);
+}
private:
CharPtr m_original_label;
};
+
+void unlock_user_data(uid_t user_id, const char *passwd);
+void remove_user_data(uid_t user_id);
+void reset_user_data(uid_t user_id, const char *passwd);
}
-RUNNER_TEST_GROUP_INIT(T161_CKM_LOCKTYPE_TESTS);
-
-RUNNER_CHILD_TEST(T1610_init_lock_key)
-{
- int tmp;
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"user-pass","")),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1611_unlock_default_passwd)
-{
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey_defpasswd";
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(),
- "Key value has been changed by service");
-
- std::string invalid_address = aliasWithLabel("i-do-not-exist", alias.c_str());
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeAlias(alias)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1612_init_change_user_password)
-{
- int tmp;
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"","user-pass")),
- "Error=" << CKM::ErrorToString(tmp));
- // confirm changed password
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_APP,"user-pass")),
- CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative)
-{
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
- int temp;
- auto manager = CKM::Manager::create();
-
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
-
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey_defpasswd";
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->getKey(alias, CKM::Password(), key2)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->removeAlias(alias)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_CHILD_TEST(T1619_deinit)
-{
- AccessProvider ap("my-label");
- ap.allowAPI("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-}
-
RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
RUNNER_TEST(T1701_init_unlock_key)
CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
+const char *PKCS_PASSWD = "PKCS-pass";
}
-RUNNER_TEST(T1800_init) {
- int temp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
- "Error=" << CKM::ErrorToString(temp));
-
- auto manager = CKM::Manager::create();
- manager->removeAlias(alias_PKCS_collision);
- manager->removeAlias(alias_PKCS_exportable);
- manager->removeAlias(alias_PKCS_not_exportable);
- manager->removeAlias(alias_PKCS_priv_key_copy);
- manager->removeAlias(alias_PKCS_priv_key_wrong);
+RUNNER_TEST(T1800_init)
+{
+ reset_user_data(0, PKCS_PASSWD);
}
RUNNER_TEST(T1801_parse_PKCS12) {