From be9d7f8a8e604ee4852f1bc835628b1dcf8b5ab4 Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Tue, 14 Apr 2015 15:15:28 +0200 Subject: [PATCH] CKM: no more "empty password for lockscreen" logics. Change-Id: Ie30acad07523218f5474d531cc7fcc579584181f --- tests/ckm/async-api.cpp | 11 +++ tests/ckm/capi-access_control.cpp | 33 ++----- tests/ckm/capi-certificate-chains.cpp | 32 +++--- tests/ckm/capi-testcases.cpp | 179 +++------------------------------- tests/ckm/cc-mode.cpp | 44 +++------ tests/ckm/ckm-common.cpp | 26 +++++ tests/ckm/ckm-common.h | 4 + tests/ckm/main.cpp | 140 +------------------------- 8 files changed, 94 insertions(+), 375 deletions(-) diff --git a/tests/ckm/async-api.cpp b/tests/ckm/async-api.cpp index f7f134b..27284c4 100644 --- a/tests/ckm/async-api.cpp +++ b/tests/ckm/async-api.cpp @@ -323,6 +323,12 @@ RUNNER_TEST(TA0000_init) { int temp; ControlShPtr control = Control::create(); + + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(0, TEST_PASS)), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)), "Error=" << ErrorToString(temp)); RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->unlockUserKey(APP_UID, TEST_PASS)), @@ -1310,4 +1316,9 @@ RUNNER_TEST(TA9999_deinit) "Error=" << ErrorToString(temp)); RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(APP_UID)), "Error=" << ErrorToString(temp)); + + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->lockUserKey(0)), + "Error=" << ErrorToString(temp)); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = control->removeUserData(0)), + "Error=" << ErrorToString(temp)); } diff --git a/tests/ckm/capi-access_control.cpp b/tests/ckm/capi-access_control.cpp index 775e053..b985503 100644 --- a/tests/ckm/capi-access_control.cpp +++ b/tests/ckm/capi-access_control.cpp @@ -233,11 +233,10 @@ RUNNER_TEST_GROUP_INIT (T300_CKMC_ACCESS_CONTROL_C_API); RUNNER_TEST(T3000_init) { int temp; - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp)); RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(APP_UID)), CKMCErrorToString(temp)); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp)); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(APP_UID, APP_PASS)), CKMCErrorToString(temp)); RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_ROOT)), CKMCErrorToString(temp)); - + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_ROOT, ROOT_PASS)), CKMCErrorToString(temp)); } // invalid arguments check @@ -538,28 +537,8 @@ RUNNER_TEST(T3030_manager_get_all_aliases) } } -RUNNER_TEST(T3031_manager_test_decrypt_from_another_label) -{ - int temp; - CharPtr top_label = get_label(); - ScopedSaveData ssd(TEST_ALIAS); - - allow_access(TEST_ALIAS, TEST_LABEL2, CKMC_PERMISSION_READ); - { - ScopedLabel sl(TEST_LABEL2); - - check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); - - // remove the DKEK key - so that on read it must be added again - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), CKMCErrorToString(temp)); - - // on this read, DKEK key will be added again - check_read_allowed(aliasWithLabel(top_label.get(), TEST_ALIAS).c_str()); - } -} - // tries to access other application data with permission -RUNNER_TEST(T3032_manager_deprecated_access_allowed) +RUNNER_TEST(T3031_manager_deprecated_access_allowed) { CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); @@ -573,7 +552,7 @@ RUNNER_TEST(T3032_manager_deprecated_access_allowed) } // tries to read other application data with permission for read/remove -RUNNER_TEST(T3033_manager_deprecated_access_allowed_with_remove) +RUNNER_TEST(T3032_manager_deprecated_access_allowed_with_remove) { CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); @@ -587,7 +566,7 @@ RUNNER_TEST(T3033_manager_deprecated_access_allowed_with_remove) } // tries to remove other application data with permission for reading only -RUNNER_TEST(T3034_manager_deprecated_access_allowed_remove_denied) +RUNNER_TEST(T3033_manager_deprecated_access_allowed_remove_denied) { CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); @@ -603,7 +582,7 @@ RUNNER_TEST(T3034_manager_deprecated_access_allowed_remove_denied) } // tries to remove other application data with permission -RUNNER_TEST(T3035_manager_deprecated_remove_allowed) +RUNNER_TEST(T3034_manager_deprecated_remove_allowed) { CharPtr top_label = get_label(); ScopedSaveData ssd(TEST_ALIAS); diff --git a/tests/ckm/capi-certificate-chains.cpp b/tests/ckm/capi-certificate-chains.cpp index 2f3dca7..5050165 100644 --- a/tests/ckm/capi-certificate-chains.cpp +++ b/tests/ckm/capi-certificate-chains.cpp @@ -37,6 +37,8 @@ namespace { +const char *CHAINS_PASSWD = "chains-pass"; + typedef std::unique_ptr CertPtr; typedef std::unique_ptr CertListPtr; typedef std::unique_ptr AliasListPtr; @@ -345,20 +347,19 @@ void ChainVerifier::verifyNegative(TestData::certificateID idx, int error) RUNNER_ASSERT_MSG(chain == NULL, "Chain is not empty"); ckmc_cert_free(cert); } - } // namespace anonymous RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_CERTIFICATE_CHAINS); RUNNER_TEST(TCCH_0000_init) { - assert_positive(ckmc_unlock_user_key, 0, "test-pass"); + reset_user_data(0, CHAINS_PASSWD); } // old API RUNNER_TEST(TCCH_0010_get_chain_old_api) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ChainVerifier cv; cv.verifyNegative(TestData::GOOGLE_COM); @@ -371,7 +372,7 @@ RUNNER_TEST(TCCH_0010_get_chain_old_api) // old API RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ChainVerifier cv; cv.verifyPositive(TestData::GIAG2, 2); // including system cert @@ -380,7 +381,7 @@ RUNNER_TEST(TCCH_0020_get_chain_old_api_system_only) // check invalid arguments RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ckmc_cert_s* ca2 = create_cert(TestData::GIAG2); ckmc_cert_s* ca1 = create_cert(TestData::GEOTRUST); @@ -429,7 +430,7 @@ RUNNER_TEST(TCCH_0100_get_certificate_chain_invalid_param) // check invalid arguments RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ckmc_cert_s* ca2 = create_cert(TestData::GIAG2); ckmc_cert_list_s* chain = NULL; @@ -459,7 +460,7 @@ RUNNER_TEST(TCCH_0110_get_certificate_chain_alias_unknown) */ RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ChainVerifier<> cv; cv.enableSystem(false); @@ -475,7 +476,7 @@ RUNNER_TEST(TCCH_0120_get_certificate_chain_root_ca_negative) */ RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ChainVerifier<> cv; cv.enableSystem(false); @@ -489,7 +490,7 @@ RUNNER_TEST(TCCH_0140_get_certificate_chain_trusted_only) */ RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ChainVerifier<> cv; cv.verifyPositive(TestData::GIAG2, 2); // including system cert @@ -501,7 +502,7 @@ RUNNER_TEST(TCCH_0150_get_certificate_chain_system_only) */ RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ChainVerifier<> cv; cv.addTrusted(TestData::TEST_ROOT_CA); @@ -512,7 +513,7 @@ RUNNER_TEST(TCCH_0160_get_certificate_chain_no_untrusted) RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ChainVerifier<> cv; cv.addUntrusted(TestData::GIAG2); @@ -525,7 +526,7 @@ RUNNER_TEST(TCCH_0170_get_certificate_chain_no_trusted) */ RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ChainVerifier<> cv; cv.enableSystem(false); @@ -540,7 +541,7 @@ RUNNER_TEST(TCCH_0180_get_certificate_chain_no_system) */ RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ChainVerifier<> cv; cv.enableSystem(false); @@ -552,7 +553,7 @@ RUNNER_TEST(TCCH_0190_get_certificate_chain_im_ca_in_trusted) RUNNER_TEST(TCCH_0200_get_certificate_chain_all) { - assert_positive(ckmc_remove_user_data,0); + reset_user_data(0, CHAINS_PASSWD); ChainVerifier<> cv; cv.enableSystem(true); @@ -570,6 +571,5 @@ RUNNER_TEST(TCCH_0200_get_certificate_chain_all) RUNNER_TEST(TCCH_9999_deinit) { - assert_positive(ckmc_lock_user_key, 0); - assert_positive(ckmc_remove_user_data, 0); + remove_user_data(0); } diff --git a/tests/ckm/capi-testcases.cpp b/tests/ckm/capi-testcases.cpp index 230d232..db4c22b 100644 --- a/tests/ckm/capi-testcases.cpp +++ b/tests/ckm/capi-testcases.cpp @@ -80,7 +80,7 @@ int count_aliases(alias_type_ type, int minimum_initial_element_count = 0) // error - fail RUNNER_ASSERT_MSG( ec >= 0, - "Error: alias list failed, ec: " << ec); + "Error: alias list failed, ec: " << CKMCErrorToString(ec)); } return ec; @@ -843,6 +843,11 @@ RUNNER_CHILD_TEST(T3052_CAPI_create_rsa_key) RUNNER_CHILD_TEST(T3053_CAPI_create_dsa_key) { int temp; + + AccessProvider ap("mylabel"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + size_t size = 1024; const char *private_key_alias = "DSA-test-2-priv"; const char *public_key_alias = "DSA-test-2-pub"; @@ -2031,28 +2036,19 @@ RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12); namespace { -const char* alias_PKCS_collision = "CAPI-test-PKCS-collision"; const char* alias_PKCS_exportable = "CAPI-test-PKCS-export"; const char* alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export"; -const char* alias_PKCS_priv_key_copy = "CAPI-test-PKCS-private-key-copy"; -const char* alias_PKCS_priv_key_wrong = "CAPI-test-PKCS-private-key-wrong"; } RUNNER_TEST(T3101_CAPI_PKCS12_init) { int temp; RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), + CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), CKMCReadableError(temp)); RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")), + CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(0, "PKCS-pass")), CKMCReadableError(temp)); - - ckmc_remove_pkcs12(alias_PKCS_collision); - ckmc_remove_pkcs12(alias_PKCS_exportable); - ckmc_remove_pkcs12(alias_PKCS_not_exportable); - ckmc_remove_pkcs12(alias_PKCS_priv_key_copy); - ckmc_remove_pkcs12(alias_PKCS_priv_key_wrong); } RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password) @@ -2123,11 +2119,9 @@ RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs) ckmc_cert_free(cert_lookup); } -RUNNER_TEST(T3103_CAPI_PKCS12_get_PKCS) +RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS) { int temp; - auto manager = CKM::Manager::create(); - ckmc_pkcs12_s *pkcs = NULL; // fail - no entry @@ -2163,7 +2157,7 @@ RUNNER_TEST(T3103_CAPI_PKCS12_get_PKCS) ckmc_pkcs12_free(pkcs); } -RUNNER_TEST(T3104_CAPI_PKCS12_create_and_verify_signature) +RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature) { ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); @@ -2193,7 +2187,7 @@ RUNNER_TEST(T3104_CAPI_PKCS12_create_and_verify_signature) CKMCReadableError(temp)); } -RUNNER_TEST(T3105_CAPI_PKCS12_remove_bundle_with_chain_certs) +RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs) { int tmp; @@ -2234,157 +2228,12 @@ RUNNER_TEST(T3105_CAPI_PKCS12_remove_bundle_with_chain_certs) RUNNER_TEST(T3109_CAPI_PKCS12_deinit) { int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(0)), + CKMCReadableError(temp)); + RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)), CKMCReadableError(temp)); } -RUNNER_TEST_GROUP_INIT(T3110_CAPI_LOCKTYPE_TESTS); - -RUNNER_CHILD_TEST(T3111_CAPI_init_lock_key) -{ - int tmp; - AccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-control", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - char *null_password = NULL; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (tmp = ckmc_change_user_password(USER_APP,USER_PASS,null_password)), - CKMCReadableError(tmp)); - RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)), CKMCReadableError(tmp)); -} - -RUNNER_CHILD_TEST(T3112_CAPI_unlock_default_passwd) -{ - AccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - - ckmc_key_s test_key, *test_key2; - ckmc_policy_s test_policy; - - char* password = NULL; - char alias[20] = "mykey_defpasswd"; - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - char* char_keypem = new char[keyPem.length() + 1]; - - std::strcpy(char_keypem, keyPem.c_str()); - test_key.raw_key = (unsigned char *)char_keypem; - test_key.key_size = keyPem.length(); - test_key.key_type = CKMC_KEY_RSA_PUBLIC; - test_key.password = password; - - test_policy.password = password; - test_policy.extractable = 1; - - test_key2 = &test_key; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, password, &test_key2)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_key(alias)), - CKMCReadableError(temp)); -} - -RUNNER_CHILD_TEST(T3113_CAPI_init_change_user_password) -{ - int tmp; - AccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-control", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - char *null_password = NULL; - - // database has been automatically unlocked with NULL pw in previous test. Lock it now - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(tmp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (tmp = ckmc_change_user_password(USER_APP,null_password,USER_PASS)), - CKMCReadableError(tmp)); - // get rid of NULL DKEK - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (tmp = ckmc_unlock_user_key(USER_APP,USER_PASS)), - CKMCReadableError(tmp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (tmp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(tmp)); -} - -RUNNER_CHILD_TEST(T3114_CAPI_unlock_default_passwd_negative) -{ - AccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - - ckmc_key_s test_key, *test_key2; - ckmc_policy_s test_policy; - - char* password = NULL; - char alias[20] = "mykey_defpasswd"; - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - char* char_keypem = new char[keyPem.length() + 1]; - - std::strcpy(char_keypem, keyPem.c_str()); - test_key.raw_key = (unsigned char *)char_keypem; - test_key.key_size = keyPem.length(); - test_key.key_type = CKMC_KEY_RSA_PUBLIC; - test_key.password = password; - - test_policy.password = password; - test_policy.extractable = 1; - - test_key2 = &test_key; - - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_LOCKED == (temp = ckmc_save_key(alias, test_key, test_policy)), - CKMCReadableError(temp)); - - RUNNER_ASSERT_MSG( - CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias, password, &test_key2)), - CKMCReadableError(temp)); -} - -RUNNER_CHILD_TEST(T3119_CAPI_deinit) -{ - int temp; - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), - CKMCReadableError(temp)); - RUNNER_ASSERT_MSG( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - CKMCReadableError(temp)); -} RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE); diff --git a/tests/ckm/cc-mode.cpp b/tests/ckm/cc-mode.cpp index e164917..5ec08d0 100644 --- a/tests/ckm/cc-mode.cpp +++ b/tests/ckm/cc-mode.cpp @@ -57,6 +57,7 @@ const char* const UNSET = "Unset"; // Meaningless value for unset. const char* const USER_LABEL = "User"; const char* const CKM_LOCK = "/var/run/key-manager.pid"; +const char* const CC_PASSWD = "t200-special-password"; // Wrapper for mdpp state that restores the original value upon destruction class MdppState @@ -101,13 +102,7 @@ void MdppState::set(const char* const value) vconf_set_str(VCONFKEY_SECURITY_MDPP_STATE, UNSET); } -void remove_user_data() -{ - auto control = Control::create(); - int ret = control->removeUserData(0); - RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, - "Remove user data failed with error: " << ErrorToString(ret)); -} + Alias rsa_pri_alias("rsa-private-T2002"); Alias rsa_pub_alias("rsa-public-T2002"); @@ -174,20 +169,13 @@ void restart_ckm(const char* const mdpp_setting) mdpp.set(mdpp_setting); start_service(MANAGER); } - } // namespace anonymous RUNNER_TEST_GROUP_INIT(CKM_CC_MODE); RUNNER_TEST(TCC_0000_init) { - remove_user_data(); - - int tmp; - auto control = Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t200-special-password")), - "Error=" << ErrorToString(tmp)); + reset_user_data(0, CC_PASSWD); } // updatedCCMode should succeed regardless of mdpp setting @@ -220,7 +208,7 @@ RUNNER_TEST(TCC_0020_noListener) stop_service(LISTENER); MdppState mdpp; - remove_user_data(); + reset_user_data(0, CC_PASSWD); save_keys(); mdpp.set(NULL); @@ -264,7 +252,7 @@ RUNNER_TEST(TCC_0030_noCallbackRegistered) { // restart listener without vconf callback stop_service(LISTENER); - remove_user_data(); + reset_user_data(0, CC_PASSWD); MdppState mdpp; mdpp.set(NULL); update_cc_mode(); @@ -290,7 +278,7 @@ RUNNER_TEST(TCC_0040_callbackRegistered) update_cc_mode(); start_service(LISTENER); - remove_user_data(); + reset_user_data(0, CC_PASSWD); save_keys(); read_keys(CKM_API_ERROR_BAD_REQUEST); @@ -324,7 +312,7 @@ RUNNER_TEST(TCC_0050_manualCkmDisabled) { restart_ckm(DISABLED); - remove_user_data(); + reset_user_data(0, CC_PASSWD); save_keys(); read_keys(CKM_API_ERROR_BAD_REQUEST); } @@ -334,7 +322,7 @@ RUNNER_TEST(TCC_0060_manualCkmEnabled) { restart_ckm(ENABLED); - remove_user_data(); + reset_user_data(0, CC_PASSWD); save_keys(); read_keys(CKM_API_ERROR_BAD_REQUEST); } @@ -344,7 +332,7 @@ RUNNER_TEST(TCC_0070_manualCkmEnforcing) { restart_ckm(ENFORCING); - remove_user_data(); + reset_user_data(0, CC_PASSWD); save_keys(); read_keys(CKM_API_ERROR_BAD_REQUEST); } @@ -354,7 +342,7 @@ RUNNER_TEST(TCC_0075_manualCkmReady) { restart_ckm(READY); - remove_user_data(); + reset_user_data(0, CC_PASSWD); save_keys(); read_keys(CKM_API_SUCCESS); } @@ -364,7 +352,7 @@ RUNNER_TEST(TCC_0080_manualCkmWhatever) { restart_ckm("whatever"); - remove_user_data(); + reset_user_data(0, CC_PASSWD); save_keys(); read_keys(CKM_API_SUCCESS); } @@ -374,7 +362,7 @@ RUNNER_TEST(TCC_0090_manualCkmUnset) { restart_ckm(NULL); - remove_user_data(); + reset_user_data(0, CC_PASSWD); save_keys(); read_keys(CKM_API_SUCCESS); } @@ -402,11 +390,5 @@ RUNNER_TEST(TCC_0100_listenerDoesntStartCkm) RUNNER_TEST(TCC_9999_deinit) { - remove_user_data(); - - int tmp; - auto control = Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(0)), - "Error=" << ErrorToString(tmp)); + remove_user_data(0); } diff --git a/tests/ckm/ckm-common.cpp b/tests/ckm/ckm-common.cpp index 91d90d0..b73bbd5 100644 --- a/tests/ckm/ckm-common.cpp +++ b/tests/ckm/ckm-common.cpp @@ -25,7 +25,10 @@ #include #include #include +#include #include +#include +#include #include const char* SERVICE[] = { @@ -150,3 +153,26 @@ std::string CKMCReadableError(int error) { return output; } +void unlock_user_data(uid_t user_id, const char *passwd) +{ + int ret; + auto control = CKM::Control::create(); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->unlockUserKey(user_id, passwd)), + "Error=" << CKM::ErrorToString(ret)); +} + +void remove_user_data(uid_t user_id) +{ + int ret; + auto control = CKM::Control::create(); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->lockUserKey(user_id)), + "Error=" << CKM::ErrorToString(ret)); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (ret = control->removeUserData(user_id)), + "Remove user data failed with error: " << CKM::ErrorToString(ret)); +} + +void reset_user_data(uid_t user_id, const char *passwd) +{ + remove_user_data(user_id); + unlock_user_data(user_id, passwd); +} diff --git a/tests/ckm/ckm-common.h b/tests/ckm/ckm-common.h index 8372653..822a064 100644 --- a/tests/ckm/ckm-common.h +++ b/tests/ckm/ckm-common.h @@ -115,3 +115,7 @@ public: private: CharPtr m_original_label; }; + +void unlock_user_data(uid_t user_id, const char *passwd); +void remove_user_data(uid_t user_id); +void reset_user_data(uid_t user_id, const char *passwd); diff --git a/tests/ckm/main.cpp b/tests/ckm/main.cpp index 2b791cd..2668247 100644 --- a/tests/ckm/main.cpp +++ b/tests/ckm/main.cpp @@ -2360,129 +2360,6 @@ RUNNER_CHILD_TEST(T1519_deinit) } -RUNNER_TEST_GROUP_INIT(T161_CKM_LOCKTYPE_TESTS); - -RUNNER_CHILD_TEST(T1610_init_lock_key) -{ - int tmp; - AccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-control", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"user-pass","")), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)), - "Error=" << CKM::ErrorToString(tmp)); -} - -RUNNER_CHILD_TEST(T1611_unlock_default_passwd) -{ - AccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer, CKM::Password()); - CKM::KeyShPtr key2; - CKM::Alias alias = "mykey_defpasswd"; - - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - key->getDER() == key2->getDER(), - "Key value has been changed by service"); - - std::string invalid_address = aliasWithLabel("i-do-not-exist", alias.c_str()); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->removeAlias(alias)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(T1612_init_change_user_password) -{ - int tmp; - AccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-control", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"","user-pass")), - "Error=" << CKM::ErrorToString(tmp)); - // confirm changed password - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_APP,"user-pass")), - CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)), - CKM::ErrorToString(tmp)); -} - -RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative) -{ - AccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-storage", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); - - int temp; - auto manager = CKM::Manager::create(); - - std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" - "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" - "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" - "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" - "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" - "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" - "zQIDAQAB\n" - "-----END PUBLIC KEY-----"; - - CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); - auto key = CKM::Key::create(buffer, CKM::Password()); - CKM::KeyShPtr key2; - CKM::Alias alias = "mykey_defpasswd"; - - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_LOCKED == (temp = manager->saveKey(alias, key, CKM::Policy())), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_LOCKED == (temp = manager->getKey(alias, CKM::Password(), key2)), - "Error=" << CKM::ErrorToString(temp)); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_LOCKED == (temp = manager->removeAlias(alias)), - "Error=" << CKM::ErrorToString(temp)); -} - -RUNNER_CHILD_TEST(T1619_deinit) -{ - AccessProvider ap("my-label"); - ap.allowAPI("key-manager::api-control", "rw"); - ap.applyAndSwithToUser(USER_APP, GROUP_APP); -} - RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS); RUNNER_TEST(T1701_init_unlock_key) @@ -2789,21 +2666,12 @@ CKM::Alias alias_PKCS_exportable = "test-PKCS-export"; CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export"; CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy"; CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong"; +const char *PKCS_PASSWD = "PKCS-pass"; } -RUNNER_TEST(T1800_init) { - int temp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), - "Error=" << CKM::ErrorToString(temp)); - - auto manager = CKM::Manager::create(); - manager->removeAlias(alias_PKCS_collision); - manager->removeAlias(alias_PKCS_exportable); - manager->removeAlias(alias_PKCS_not_exportable); - manager->removeAlias(alias_PKCS_priv_key_copy); - manager->removeAlias(alias_PKCS_priv_key_wrong); +RUNNER_TEST(T1800_init) +{ + reset_user_data(0, PKCS_PASSWD); } RUNNER_TEST(T1801_parse_PKCS12) { -- 2.7.4