- Make it independent from other tests by adding initial values xml preparation,
key-manager restart and db cleanup.
- Generate initial values at build time using ckm_initial_values tool.
- Install the tested xml file in test directory and copy it to initial values
dir during the test instead of installing it there directly.
- Encrypt the test data using openssl and the same key that is passed as initial
value during compilation instead of hardcoding the encryption results.
- Add build time dependency to util-linux to be able to use hexdump.
- Add build time dependency to key-manager-initial-values to be able to run the
tool.
Change-Id: I7fe4be6a3493860244ac1cc1c0bb0dace5109a04
BuildRequires: pkgconfig(libsmack)
BuildRequires: pkgconfig(security-manager)
BuildRequires: pkgconfig(key-manager)
+BuildRequires: key-manager-initial-values
+BuildRequires: util-linux
BuildRequires: pkgconfig(yaca)
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(glib-2.0)
%{_prefix}/share/yaca-test
%dir %{_prefix}/share/security-tests-cleanup-test
%{_prefix}/share/security-tests-cleanup-test/*
-/opt/data/ckm/initial_values/test.xml
%postun
id -u security_test_user 1>/dev/null 2>&1 && gum-utils -o -d --uid=`id -u security_test_user`
TARGET_LINK_LIBRARIES(${TARGET_C_COMPILATION_TEST} ${CKM_C_COMPILATION_DEP_LIBRARIES})
INSTALL(DIRECTORY resource/ DESTINATION ${CKM_TEST_DIR})
-INSTALL(FILES resource/test.xml DESTINATION /opt/data/ckm/initial_values)
ADD_SUBDIRECTORY(privileged)
ADD_SUBDIRECTORY(unprivileged)
-# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2013-2018 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#
# @file CMakeLists.txt
# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
# @brief
#
+
+INCLUDE(GNUInstallDirs)
+
+SET(EIV_TEST_XML_FILENAME "encrypted_initial_values.xml")
+SET(EIV_TEST_XML ${CMAKE_CURRENT_SOURCE_DIR}/${EIV_TEST_XML_FILENAME})
+SET(EIV_KEY_TO_BE_IMPORTED "KeyOne16BytesLen")
+SET(EIV_PLAIN_MESSAGE "ShortTestMessage")
+SET(EIV_MESSAGE_ENCRYPTION_IV "abcdefghijklmnop")
+
+# encrypt ShortTestMessage using the imported key and 'abcdefghijklmnop' IV
+EXECUTE_PROCESS(
+ COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/aes_128_cbc_encrypt.sh ${EIV_KEY_TO_BE_IMPORTED} ${EIV_MESSAGE_ENCRYPTION_IV}
+ OUTPUT_VARIABLE EIV_ENCRYPTED_MESSAGE_HEX
+ ERROR_VARIABLE EIV_ENCRYPTION_STDERR
+ RESULT_VARIABLE EIV_ENCRYPTION_RESULT
+)
+
+IF(NOT ${EIV_ENCRYPTION_RESULT} STREQUAL "0")
+ MESSAGE(FATAL_ERROR "Encryption failed: ${EIV_ENCRYPTION_STDERR}")
+ENDIF(NOT ${EIV_ENCRYPTION_RESULT} STREQUAL "0")
+
+# prepare initial values xml target
+ADD_CUSTOM_COMMAND(OUTPUT ${EIV_TEST_XML}
+ COMMAND echo -n ${EIV_KEY_TO_BE_IMPORTED} > /tmp/key
+ COMMAND echo -n THIS/STRING/MUST/BE/REPLACED/IN/REAL/DEVICE= | base64 --decode > /tmp/encryption_key
+ COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/key -k /tmp/encryption_key -n TEI_0 -t Key -s AES -b hardware -x ${EIV_TEST_XML}
+ COMMENT "Generating encrypted initial values test xml"
+ VERBATIM
+)
+
+ADD_CUSTOM_TARGET(TARGET_EIV_TEST_XML DEPENDS ${EIV_TEST_XML})
+
+INSTALL(FILES ${EIV_TEST_XML} DESTINATION ${CKM_TEST_DIR})
+
+# ckm-tests
PKG_CHECK_MODULES(CKM_DEP
REQUIRED
libsmack
ADD_EXECUTABLE(${TARGET_CKM_PRIVILEGED_TESTS} ${CKM_SOURCES})
+ADD_DEPENDENCIES(${TARGET_CKM_PRIVILEGED_TESTS} TARGET_EIV_TEST_XML)
+
TARGET_LINK_LIBRARIES(${TARGET_CKM_PRIVILEGED_TESTS}
${TARGET_CKM_TEST_COMMON}
${CKM_DEP_LIBRARIES}
${COMMON_TARGET_TEST}
)
+TARGET_COMPILE_DEFINITIONS(${TARGET_CKM_PRIVILEGED_TESTS}
+ PRIVATE EIV_PLAIN_MESSAGE="${EIV_PLAIN_MESSAGE}"
+ PRIVATE EIV_ENCRYPTED_MESSAGE_HEX="${EIV_ENCRYPTED_MESSAGE_HEX}"
+ PRIVATE EIV_MESSAGE_ENCRYPTION_IV="${EIV_MESSAGE_ENCRYPTION_IV}"
+ PRIVATE EIV_TEST_XML_FILENAME="${EIV_TEST_XML_FILENAME}"
+)
+
INSTALL(TARGETS ${TARGET_CKM_PRIVILEGED_TESTS} DESTINATION bin)
INSTALL(FILES ckm-tests-on-onlycap.sh
DESTINATION bin
--- /dev/null
+#!/bin/bash -e
+
+if [ "$#" -ne 2 ]
+then
+ echo "$0 requires 2 arguments: key and IV"
+ exit 1
+fi
+
+KEY_HEX=`echo -n $1 | hexdump -e '/1 "%02x"'`
+IV_HEX=`echo -n $2 | hexdump -e '/1 "%02x"'`
+
+# encrypt | convert to hex
+echo -n 'ShortTestMessage' | openssl enc -aes-128-cbc -K $KEY_HEX -iv $IV_HEX | hexdump -e '/1 "%02x"'
\ No newline at end of file
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co.
+ * Copyright (c) 2015 - 2018 Samsung Electronics Co.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* @file system-db.cpp
* @author Maciej Karpiuk (m.karpiuk2@samsung.com)
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
* @version 1.0
*/
#include <dpl/test/test_runner.h>
remove_user_data(0);
}
-RUNNER_TEST_TZ_BACKEND(T7000_Encrypted_initial_values)
+RUNNER_TEST_TZ_BACKEND(T7000_Encrypted_initial_values, RemoveDataEnv<0>)
{
int temp;
- std::string message = "16c9efbc342777c0e36d59019582d59be8385bdea5497cf092f99ce5430498e9";
- std::string iv = "6162636465666768696a6b6c6d6e6f70";
+ std::string messageHex = EIV_ENCRYPTED_MESSAGE_HEX;
+ std::string iv = EIV_MESSAGE_ENCRYPTION_IV;
- std::string expected = "ShortTestMessage";
+ copy_file(format_src_path(EIV_TEST_XML_FILENAME), format_dest_path(EIV_TEST_XML_FILENAME));
+ restart_key_manager();
CKM::CryptoAlgorithm algo;
- CKM::RawBuffer messageBin = hexToBin(message);
- CKM::RawBuffer ivBin = hexToBin(iv);
+ CKM::RawBuffer messageBin = hexToBin(messageHex);
+ CKM::RawBuffer ivBin(iv.begin(), iv.end());
CKM::RawBuffer decrypted;
algo.setParam(CKM::ParamName::ALGO_TYPE, CKM::AlgoType::AES_CBC);
auto mgr = CKM::Manager::create();
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = mgr->decrypt(algo, "/System TEI_0", CKM::Password(), messageBin, decrypted)), "Failed to decrypt " << CKMErrorToString(temp));
- RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == expected, "Data does not match");
+ RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == EIV_PLAIN_MESSAGE, "Data does not match");
}
+++ /dev/null
-<?xml version="1.0"?>
-<InitialValues version="2">
- <Key name="TEI_0" type="AES" backend="hardware">
- <EncryptedDER IV="lkg/sHBpeffisZYTPl5lSw==" tag="MhNOhfE5bkJgMd6HHINkDg==">gxBVNTTk1tGUgnqw9PKO/w==</EncryptedDER>
- </Key>
-</InitialValues>
projects / platform / core / test / security-tests.git / commitdiff