From a0d3e2280f70028f37b79beca8dbce3b91eea066 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 6 Jun 2023 21:43:38 +0200 Subject: [PATCH] CKM: Check backend info Change-Id: I79501b5800b54790c45dd7a1790178e5805a4d6a --- src/ckm/ckm-common.cpp | 54 +++++++++++++++++++++++++++------------- src/ckm/ckm-common.h | 21 +++++++++++----- src/ckm/privileged/system-db.cpp | 14 +++++------ src/ckm/unprivileged/main.cpp | 24 +++++++++--------- 4 files changed, 71 insertions(+), 42 deletions(-) diff --git a/src/ckm/ckm-common.cpp b/src/ckm/ckm-common.cpp index 7a584ba..2ceb95b 100644 --- a/src/ckm/ckm-common.cpp +++ b/src/ckm/ckm-common.cpp @@ -387,8 +387,8 @@ void check_alias_list(const CKM::AliasVector& expected) RUNNER_ASSERT_MSG(expected == actual, "Actual list of aliases differ from expected list."); } -void check_alias_info_list_helper(const PasswordInfoVector& expected, - const std::unordered_map& actual, +void check_alias_info_list_helper(const InfoVector& expected, + const InfoMap& actual, const std::string &userSmackLabel) { std::string errorLogMsg; @@ -396,40 +396,54 @@ void check_alias_info_list_helper(const PasswordInfoVector& expected, RUNNER_ASSERT_MSG(expected.size() == actual.size(), "Aliases item count differs, expected: " << expected.size() << " actual: " << actual.size()); - for (const auto &it : expected) + for (const auto &expectedIt : expected) { - auto aliasPwd = actual.find(userSmackLabel + it.alias); - if (aliasPwd != actual.end()) { - if (aliasPwd->second != it.passwordProtected) { - errorLogMsg += "Alias: " + it.alias + " has wrong encryption status: " - + std::to_string(it.passwordProtected) + "\n"; + auto actualIt = actual.find(userSmackLabel + expectedIt.alias); + if (actualIt != actual.end()) { + if (actualIt->second.passwordProtected != expectedIt.passwordProtected) { + errorLogMsg += "Alias: " + actualIt->second.alias + " has wrong encryption status: " + + std::to_string(actualIt->second.passwordProtected) + "\n"; + } + if (actualIt->second.backend != expectedIt.backend) { + errorLogMsg += "Alias: " + actualIt->second.alias + " belongs to wrong backend: " + + std::to_string(static_cast(actualIt->second.backend)) + "\n"; } } else { - errorLogMsg += "Expected alias: " + it.alias + " not found.\n"; + errorLogMsg += "Expected alias: " + actualIt->second.alias + " not found.\n"; } } if (!errorLogMsg.empty()) { - for (const auto& [alias, passwordProtected] : actual) + for (const auto& [alias, info] : actual) { - errorLogMsg += "Actual alias: " + alias + " status: " - + std::to_string(passwordProtected) + "\n"; + errorLogMsg += "Actual alias: " + alias + + " status: " + std::to_string(info.passwordProtected) + + " backend: " + std::to_string(static_cast(info.backend)) + "\n"; } RUNNER_FAIL_MSG("Actual list of aliases differ from expected list.\n" + errorLogMsg); } } -void check_alias_info_list(const PasswordInfoVector& expected) +CKM::BackendId backend() +{ +#ifdef TZ_BACKEND + return CKM::BackendId::TZ; +#else + return CKM::BackendId::SW; +#endif +} + +void check_alias_info_list(const InfoVector& expected) { ckmc_alias_info_list_s *aliasInfoList = NULL; int ret = ckmc_get_data_alias_info_list(&aliasInfoList); RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get the list of data aliases. " << ret << " / " << CKMCErrorToString(ret)); - std::unordered_map actual; + InfoMap actual; ckmc_alias_info_list_s *plist = aliasInfoList; - char* alias; + char* alias = nullptr; bool isPasswordProtected; unsigned int it = 0; while (plist) @@ -437,12 +451,18 @@ void check_alias_info_list(const PasswordInfoVector& expected) ret = ckmc_alias_info_get_alias(plist->info, &alias); RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get alias. " << ret << " / " << CKMCErrorToString(ret)); + RUNNER_ASSERT_MSG(alias != nullptr, "Got null alias. Iterator: " << it); + ret = ckmc_alias_info_is_password_protected(plist->info, &isPasswordProtected); RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get password protection status" << ret << " / " << CKMCErrorToString(ret)); - RUNNER_ASSERT_MSG(alias != nullptr, "Got null alias. Iterator: " << it); - actual[alias] = isPasswordProtected; + ckmc_backend_id_e backend; + ret = ckmc_alias_info_get_backend(plist->info, &backend); + RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get backend" << ret << " / " + << CKMCErrorToString(ret)); + + actual.try_emplace(alias, alias, isPasswordProtected, static_cast(backend)); plist = plist->next; it++; } diff --git a/src/ckm/ckm-common.h b/src/ckm/ckm-common.h index 115c4a4..07cf3cc 100644 --- a/src/ckm/ckm-common.h +++ b/src/ckm/ckm-common.h @@ -146,18 +146,27 @@ void reset_user_data(uid_t user_id, const char *passwd); ckmc_raw_buffer_s prepare_message_buffer(const char * input); void check_alias_list(const CKM::AliasVector& expected); -struct PasswordInfo { - PasswordInfo(const CKM::Alias &alias, bool passwordProtected) : alias(alias), passwordProtected(passwordProtected) {} +struct Info { + Info(const CKM::Alias &alias, + bool passwordProtected, + CKM::BackendId backend = CKM::BackendId::SW) : + alias(alias), + passwordProtected(passwordProtected), + backend(backend) {} CKM::Alias alias; bool passwordProtected; + CKM::BackendId backend; }; -typedef std::vector PasswordInfoVector; +typedef std::vector InfoVector; +typedef std::unordered_map InfoMap; -void check_alias_info_list_helper(const PasswordInfoVector& expected, - const std::unordered_map& actual, +CKM::BackendId backend(); + +void check_alias_info_list_helper(const InfoVector& expected, + const InfoMap& actual, const std::string &userSmackLabel = {}); -void check_alias_info_list(const PasswordInfoVector& expected); +void check_alias_info_list(const InfoVector& expected); typedef enum { ALIAS_KEY, diff --git a/src/ckm/privileged/system-db.cpp b/src/ckm/privileged/system-db.cpp index b7edf6b..944ada6 100644 --- a/src/ckm/privileged/system-db.cpp +++ b/src/ckm/privileged/system-db.cpp @@ -527,9 +527,9 @@ RUNNER_TEST(T5046_CLIENT_GET_ALIAS_STATUS_NO_PASSWORD, RemoveDataEnv<0>) save_data(TEST_SYSTEM_ALIAS_2.c_str(), TEST_DATA); // [test] - PasswordInfoVector expected; - expected.emplace_back(TEST_SYSTEM_ALIAS, false); - expected.emplace_back(TEST_SYSTEM_ALIAS_2, false); + InfoVector expected; + expected.emplace_back(TEST_SYSTEM_ALIAS, false, backend()); + expected.emplace_back(TEST_SYSTEM_ALIAS_2, false, backend()); check_alias_info_list(expected); } @@ -551,10 +551,10 @@ RUNNER_TEST(T5047_CLIENT_GET_ALIAS_STATUS_PASSWORD_PROTECTED, RemoveDataEnv<0>) save_data((TEST_SYSTEM_ALIAS_2 + "1").c_str(), TEST_DATA, strlen(TEST_DATA), TEST_PASSWORD); // [test] - PasswordInfoVector expected; - expected.emplace_back(TEST_SYSTEM_ALIAS, false); - expected.emplace_back(TEST_SYSTEM_ALIAS_2, true); - expected.emplace_back(TEST_SYSTEM_ALIAS_2 + "1", true); + InfoVector expected; + expected.emplace_back(TEST_SYSTEM_ALIAS, false, backend()); + expected.emplace_back(TEST_SYSTEM_ALIAS_2, true, backend()); + expected.emplace_back(TEST_SYSTEM_ALIAS_2 + "1", true, backend()); check_alias_info_list(expected); } diff --git a/src/ckm/unprivileged/main.cpp b/src/ckm/unprivileged/main.cpp index 9204738..f55aeb2 100644 --- a/src/ckm/unprivileged/main.cpp +++ b/src/ckm/unprivileged/main.cpp @@ -442,7 +442,7 @@ RUNNER_TEST(T1024_app_user_save_keys_get_alias_pwd) const int aliasNameCount = 10; auto manager = CKM::Manager::create(); - PasswordInfoVector expected; + InfoVector expected; CKM::RawBuffer buffer(KEY_PEM.begin(), KEY_PEM.end()); auto key = CKM::Key::create(buffer, CKM::Password()); std::string currentAlias; @@ -453,14 +453,14 @@ RUNNER_TEST(T1024_app_user_save_keys_get_alias_pwd) { CKM::Policy policy = generate_ckm_policy(it); currentAlias = "T1024_appkey" + std::to_string(it); - expected.emplace_back(currentAlias, !policy.password.empty()); + expected.emplace_back(currentAlias, !policy.password.empty(), backend()); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (exitCode = manager->saveKey(currentAlias, key, policy)), "Error=" << CKM::APICodeToString(exitCode)); } CKM::AliasInfoVector aliasInfoVector; - std::unordered_map actual; + InfoMap actual; RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (exitCode = manager->getKeyAliasInfoVector(aliasInfoVector)), @@ -475,7 +475,7 @@ RUNNER_TEST(T1024_app_user_save_keys_get_alias_pwd) exitCode = manager->getKeyEncryptionStatus(info.alias, status); RUNNER_ASSERT_MSG(CKM_API_SUCCESS == exitCode, "Error=" << CKM::APICodeToString(exitCode)); - actual[info.alias] = status; + actual.try_emplace(info.alias, info.alias, status, info.backend); } check_alias_info_list_helper(expected, actual, "/User "); @@ -491,7 +491,7 @@ RUNNER_TEST(T1025_app_user_save_certificates_get_alias_pwd) const int aliasNameCount = 10; auto manager = CKM::Manager::create(); - PasswordInfoVector expected; + InfoVector expected; auto cert = TestData::getTestCertificate(TestData::TEST_LEAF); std::string currentAlias; @@ -500,14 +500,14 @@ RUNNER_TEST(T1025_app_user_save_certificates_get_alias_pwd) { CKM::Policy policy = generate_ckm_policy(it); currentAlias = "T1025_appcert" + std::to_string(it); - expected.emplace_back(currentAlias, !policy.password.empty()); + expected.emplace_back(currentAlias, !policy.password.empty(), CKM::BackendId::SW); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (exitCode = manager->saveCertificate(currentAlias, cert, policy)), "Error=" << CKM::APICodeToString(exitCode)); } CKM::AliasInfoVector aliasInfoVector; - std::unordered_map actual; + InfoMap actual; RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (exitCode = manager->getCertificateAliasInfoVector(aliasInfoVector)), @@ -522,7 +522,7 @@ RUNNER_TEST(T1025_app_user_save_certificates_get_alias_pwd) exitCode = manager->getCertificateEncryptionStatus(info.alias, status); RUNNER_ASSERT_MSG(CKM_API_SUCCESS == exitCode, "Error=" << CKM::APICodeToString(exitCode)); - actual[info.alias] = status; + actual.try_emplace(info.alias, info.alias, status, info.backend); } check_alias_info_list_helper(expected, actual, "/User "); @@ -538,7 +538,7 @@ RUNNER_TEST(T1026_app_user_save_data_get_alias_pwd) const int aliasNameCount = 10; auto manager = CKM::Manager::create(); - PasswordInfoVector expected; + InfoVector expected; std::string binData = "My bin data"; CKM::RawBuffer buffer(binData.begin(), binData.end()); std::string currentAlias; @@ -548,14 +548,14 @@ RUNNER_TEST(T1026_app_user_save_data_get_alias_pwd) { CKM::Policy policy = generate_ckm_policy(it); currentAlias = "T1026_appdata" + std::to_string(it); - expected.emplace_back(currentAlias, !policy.password.empty()); + expected.emplace_back(currentAlias, !policy.password.empty(), backend()); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (exitCode = manager->saveData(currentAlias, buffer, policy)), "Error=" << CKM::APICodeToString(exitCode)); } CKM::AliasInfoVector aliasInfoVector; - std::unordered_map actual; + InfoMap actual; RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (exitCode = manager->getDataAliasInfoVector(aliasInfoVector)), @@ -570,7 +570,7 @@ RUNNER_TEST(T1026_app_user_save_data_get_alias_pwd) exitCode = manager->getDataEncryptionStatus(info.alias, status); RUNNER_ASSERT_MSG(CKM_API_SUCCESS == exitCode, "Error=" << CKM::APICodeToString(exitCode)); - actual[info.alias] = status; + actual.try_emplace(info.alias, info.alias, status, info.backend); } check_alias_info_list_helper(expected, actual, "/User "); -- 2.7.4