summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKrzysztof Jackiewicz <k.jackiewicz@samsung.com>2018-10-17 17:02:10 +0200
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>2018-10-19 14:31:50 +0200
commitfe7aaaa1c46cf37dc498827b8f355c7d04a6a65a (patch)
treecef48405e7f15f6276fc299dd610bdb3b144685e
parent3a2c08acbcafe1b957ef00ff1f49e5377b5ec005 (diff)
downloadkey-manager-fe7aaaa1c46cf37dc498827b8f355c7d04a6a65a.tar.gz
key-manager-fe7aaaa1c46cf37dc498827b8f355c7d04a6a65a.tar.bz2
key-manager-fe7aaaa1c46cf37dc498827b8f355c7d04a6a65a.zip
Fix internal scheme tests
1. Regular std::exception is not reported as error by boost test. Std::runtime_error is used because a part of the test code is also used in a tool for database generation. This commit replaces calls to boost test macros with calls to a wrapper macro which is expanded to std::runtime_error or boost test assert depending on a compilation flag. 2. Test binaries are modifying process labels which requires onlycap. This commit modifies exec label and adds onlycap fixture to disable onlycap for scheme tests. Change-Id: Ibbe44c2bca6e12b5ade360b267c281ef18294258
-rw-r--r--packaging/key-manager-tests.manifest.in4
-rw-r--r--tests/CMakeLists.txt70
-rw-r--r--tests/encryption-scheme/CMakeLists.txt88
-rw-r--r--tests/encryption-scheme/assert-wrapper.h47
-rw-r--r--tests/encryption-scheme/scheme-test.cpp206
-rw-r--r--tests/encryption-scheme/smack-access.cpp16
-rw-r--r--tests/test_encryption-scheme.cpp32
7 files changed, 231 insertions, 232 deletions
diff --git a/packaging/key-manager-tests.manifest.in b/packaging/key-manager-tests.manifest.in
index 2442a89..d302dcc 100644
--- a/packaging/key-manager-tests.manifest.in
+++ b/packaging/key-manager-tests.manifest.in
@@ -3,8 +3,8 @@
<domain name="_" />
</request>
<assign>
- <filesystem path="@BIN_DIR@/ckm-tests-internal" exec_label="@SMACK_DOMAIN_NAME@" />
+ <filesystem path="@BIN_DIR@/ckm-tests-internal" exec_label="System::Privileged" />
<filesystem path="@BIN_DIR@/ckm_db_tool" exec_label="@SMACK_DOMAIN_NAME@" />
- <filesystem path="@BIN_DIR@/ckm_generate_db" exec_label="@SMACK_DOMAIN_NAME@" />
+ <filesystem path="@BIN_DIR@/ckm_generate_db" exec_label="System::Privileged" />
</assign>
</manifest>
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 34fb165..ba5153e 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -15,7 +15,66 @@ ADD_DEFINITIONS("-DSS_TEST_DIR=\"${SS_TEST_DIR}\"")
SET(KEY_MANAGER_SRC_PATH ${PROJECT_SOURCE_DIR}/src)
SET(KEY_MANAGER_PATH ${PROJECT_SOURCE_DIR}/src/manager)
-SET(TARGET_ENCRYPTION_SCHEME_COMMON encryption-scheme-common)
+# encryption scheme tests #####################################################
+
+PKG_CHECK_MODULES(ENCRYPTION_SCHEME_DEP
+ REQUIRED
+ openssl
+ libsmack)
+
+SET(ENCRYPTION_SCHEME_SOURCES
+ ${CMAKE_CURRENT_SOURCE_DIR}/encryption-scheme/smack-access.cpp
+ ${CMAKE_CURRENT_SOURCE_DIR}/encryption-scheme/scheme-test.cpp
+
+ ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp
+ ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp
+ ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp
+ ${KEY_MANAGER_PATH}/service/db-crypto.cpp
+ ${KEY_MANAGER_PATH}/service/file-lock.cpp
+ ${KEY_MANAGER_PATH}/service/file-system.cpp
+ ${KEY_MANAGER_PATH}/service/for-each-file.cpp
+ ${KEY_MANAGER_PATH}/service/key-provider.cpp
+ ${KEY_MANAGER_PATH}/sqlcipher/sqlcipher.c
+)
+
+INCLUDE_DIRECTORIES(SYSTEM ${ENCRYPTION_SCHEME_DEP_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(
+ ${CMAKE_CURRENT_SOURCE_DIR}
+
+ ${KEY_MANAGER_PATH}/common
+ ${KEY_MANAGER_PATH}/dpl/core/include
+ ${KEY_MANAGER_PATH}/dpl/log/include
+ ${KEY_MANAGER_PATH}/dpl/db/include
+ ${KEY_MANAGER_PATH}/sqlcipher
+ ${KEY_MANAGER_PATH}/service
+ ${KEY_MANAGER_PATH}/crypto
+)
+
+LINK_DIRECTORIES(${ENCRYPTION_SCHEME_DEP_LIBRARY_DIRS})
+
+# binary for filling db for testing
+SET(TARGET_CKM_GENERATOR "ckm_generate_db")
+
+SET(GENERATOR_SOURCES
+ ${CMAKE_CURRENT_SOURCE_DIR}/encryption-scheme/generate-db.cpp
+)
+
+ADD_EXECUTABLE(${TARGET_CKM_GENERATOR} ${GENERATOR_SOURCES} ${ENCRYPTION_SCHEME_SOURCES})
+
+TARGET_COMPILE_DEFINITIONS(${TARGET_CKM_GENERATOR} PRIVATE NO_BOOST)
+
+SET(SCHEME_TEST_LIBRARIES
+ ${ENCRYPTION_SCHEME_DEP_LIBRARIES}
+ ${TARGET_KEY_MANAGER_CLIENT}
+ ${TARGET_KEY_MANAGER_CONTROL_CLIENT}
+ ${CMAKE_THREAD_LIBS_INIT}
+ -ldl
+ )
+
+TARGET_LINK_LIBRARIES(${TARGET_CKM_GENERATOR} ${SCHEME_TEST_LIBRARIES}
+)
+
+INSTALL(TARGETS ${TARGET_CKM_GENERATOR} DESTINATION bin)
################################################################################
@@ -111,7 +170,7 @@ ENDIF()
LINK_DIRECTORIES(${KEY_MANAGER_DEP_LIBRARY_DIRS})
-ADD_EXECUTABLE(${TARGET_TEST_MERGED} ${TEST_MERGED_SOURCES})
+ADD_EXECUTABLE(${TARGET_TEST_MERGED} ${TEST_MERGED_SOURCES} ${ENCRYPTION_SCHEME_SOURCES})
IF(TZ_BACKEND_ENABLED)
@@ -123,13 +182,10 @@ SET(TEST_LINK_EXTRA_DEPS
ENDIF()
TARGET_LINK_LIBRARIES(${TARGET_TEST_MERGED}
- ${TARGET_KEY_MANAGER_COMMON}
- ${CMAKE_THREAD_LIBS_INIT}
${KEY_MANAGER_DEP_LIBRARIES}
- ${TARGET_ENCRYPTION_SCHEME_COMMON}
${TEST_LINK_EXTRA_DEPS}
+ ${SCHEME_TEST_LIBRARIES}
boost_unit_test_framework
- -ldl
)
INSTALL(TARGETS ${TARGET_TEST_MERGED} DESTINATION bin)
@@ -156,5 +212,3 @@ INSTALL(
INSTALL(DIRECTORY resources/traverse DESTINATION ${DB_TEST_DIR})
INSTALL(DIRECTORY secure-storage-old-data/ DESTINATION ${SS_TEST_DIR})
-
-ADD_SUBDIRECTORY(encryption-scheme)
diff --git a/tests/encryption-scheme/CMakeLists.txt b/tests/encryption-scheme/CMakeLists.txt
deleted file mode 100644
index d9f3529..0000000
--- a/tests/encryption-scheme/CMakeLists.txt
+++ /dev/null
@@ -1,88 +0,0 @@
-# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# common encryption scheme library
-PKG_CHECK_MODULES(ENCRYPTION_SCHEME_DEP
- REQUIRED
- openssl
- libsmack)
-
-FIND_PACKAGE(Threads REQUIRED)
-
-SET(ENCRYPTION_SCHEME_SOURCES
- ${CMAKE_CURRENT_SOURCE_DIR}/smack-access.cpp
- ${CMAKE_CURRENT_SOURCE_DIR}/scheme-test.cpp
-
- ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp
- ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp
- ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp
- ${KEY_MANAGER_PATH}/service/db-crypto.cpp
- ${KEY_MANAGER_PATH}/service/file-lock.cpp
- ${KEY_MANAGER_PATH}/service/file-system.cpp
- ${KEY_MANAGER_PATH}/service/for-each-file.cpp
- ${KEY_MANAGER_PATH}/service/key-provider.cpp
- ${KEY_MANAGER_PATH}/sqlcipher/sqlcipher.c
-)
-
-INCLUDE_DIRECTORIES(SYSTEM ${ENCRYPTION_SCHEME_DEP_INCLUDE_DIRS})
-INCLUDE_DIRECTORIES(
- ${CMAKE_CURRENT_SOURCE_DIR}
-
- ${KEY_MANAGER_PATH}/common
- ${KEY_MANAGER_PATH}/dpl/core/include
- ${KEY_MANAGER_PATH}/dpl/log/include
- ${KEY_MANAGER_PATH}/dpl/db/include
- ${KEY_MANAGER_PATH}/sqlcipher
- ${KEY_MANAGER_PATH}/service
- ${KEY_MANAGER_PATH}/crypto
-)
-
-LINK_DIRECTORIES(${ENCRYPTION_SCHEME_DEP_LIBRARY_DIRS})
-
-ADD_LIBRARY(${TARGET_ENCRYPTION_SCHEME_COMMON} STATIC ${ENCRYPTION_SCHEME_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_ENCRYPTION_SCHEME_COMMON}
- ${ENCRYPTION_SCHEME_DEP_LIBRARIES}
- ${TARGET_KEY_MANAGER_CLIENT}
- ${TARGET_KEY_MANAGER_CONTROL_CLIENT}
- ${CMAKE_THREAD_LIBS_INIT}
- boost_unit_test_framework
- -ldl
-)
-
-INSTALL(TARGETS ${TARGET_ENCRYPTION_SCHEME_COMMON} DESTINATION ${LIB_INSTALL_DIR})
-
-
-
-# binary for filling db
-SET(TARGET_CKM_GENERATOR "ckm_generate_db")
-
-SET(GENERATOR_SOURCES
- ${CMAKE_CURRENT_SOURCE_DIR}/generate-db.cpp
-)
-
-ADD_EXECUTABLE(${TARGET_CKM_GENERATOR} ${GENERATOR_SOURCES})
-
-TARGET_LINK_LIBRARIES(${TARGET_CKM_GENERATOR}
- ${TARGET_ENCRYPTION_SCHEME_COMMON}
-)
-
-INSTALL(TARGETS ${TARGET_CKM_GENERATOR} DESTINATION bin)
diff --git a/tests/encryption-scheme/assert-wrapper.h b/tests/encryption-scheme/assert-wrapper.h
new file mode 100644
index 0000000..7ec5b0c
--- /dev/null
+++ b/tests/encryption-scheme/assert-wrapper.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file assert-wrapper.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#pragma once
+
+#ifdef NO_BOOST
+ #include <stdexcept>
+ #include <sstream>
+
+ #define ASSERT_MSG(cond, msg) \
+ do { \
+ if (!(cond)) { \
+ std::ostringstream oss; \
+ oss << msg; \
+ throw std::runtime_error(oss.str()); \
+ } \
+ } while (0)
+
+ #define ASSERT_FAIL(msg) ASSERT_MSG(false, msg)
+
+#else
+ #include <boost/test/unit_test.hpp>
+
+ #define ASSERT_MSG(cond, msg) BOOST_REQUIRE_MESSAGE(cond, msg)
+
+ #define ASSERT_FAIL(msg) BOOST_FAIL(msg)
+
+#endif
diff --git a/tests/encryption-scheme/scheme-test.cpp b/tests/encryption-scheme/scheme-test.cpp
index 73cca05..66a9fa0 100644
--- a/tests/encryption-scheme/scheme-test.cpp
+++ b/tests/encryption-scheme/scheme-test.cpp
@@ -18,7 +18,6 @@
* @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
* @version 1.0
*/
-#include <scheme-test.h>
#include <sys/smack.h>
#include <sys/types.h>
@@ -34,10 +33,6 @@
#include <stdexcept>
#include <vector>
-#include <boost/test/unit_test.hpp>
-
-#include <smack-access.h>
-
#include <db-crypto.h>
#include <file-system.h>
#include <key-provider.h>
@@ -45,6 +40,10 @@
#include <crypto-init.h>
#include <dpl/errno_string.h>
+#include <scheme-test.h>
+#include <smack-access.h>
+#include <assert-wrapper.h>
+
using namespace CKM;
using namespace std;
@@ -308,7 +307,7 @@ uid_t getUid(const char *name)
std::vector<char> buf(bufsize, 0);
int ret = getpwnam_r(name, &pwd, buf.data(), bufsize, &result);
- BOOST_REQUIRE_MESSAGE(ret == 0 && result, "getpwnam_r failed");
+ ASSERT_MSG(ret == 0 && result, "getpwnam_r failed");
return pwd.pw_uid;
}
@@ -327,7 +326,7 @@ gid_t getGid(const char *name)
std::vector<char> buf(bufsize, 0);
int ret = getgrnam_r(name, &grp, buf.data(), bufsize, &result);
- BOOST_REQUIRE_MESSAGE(ret == 0 && result, "getgrnam_r failed");
+ ASSERT_MSG(ret == 0 && result, "getgrnam_r failed");
return grp.gr_gid;
}
@@ -343,50 +342,47 @@ void restoreFile(const string &filename)
int sourceFd = TEMP_FAILURE_RETRY(open(sourcePath.c_str(), O_RDONLY));
err = errno;
- BOOST_REQUIRE_MESSAGE(sourceFd > 0,
- "Opening " << sourcePath << " failed: " << GetErrnoString(err));
+ ASSERT_MSG(sourceFd > 0, "Opening " << sourcePath << " failed: " << GetErrnoString(err));
FdPtr sourceFdPtr(&sourceFd);
int targetFd = TEMP_FAILURE_RETRY(creat(targetPath.c_str(), 0644));
err = errno;
- BOOST_REQUIRE_MESSAGE(targetFd > 0,
- "Creating " << targetPath << " failed: " << GetErrnoString(err));
+ ASSERT_MSG(targetFd > 0, "Creating " << targetPath << " failed: " << GetErrnoString(err));
ret = fchown(targetFd, CKM_UID, CKM_GID);
err = errno;
- BOOST_REQUIRE_MESSAGE(ret != -1, "fchown() failed: " << GetErrnoString(err));
+ ASSERT_MSG(ret != -1, "fchown() failed: " << GetErrnoString(err));
FdPtr targetFdPtr(&targetFd);
struct stat sourceStat;
ret = fstat(sourceFd, &sourceStat);
err = errno;
- BOOST_REQUIRE_MESSAGE(ret != -1, "fstat() failed: " << GetErrnoString(err));
+ ASSERT_MSG(ret != -1, "fstat() failed: " << GetErrnoString(err));
ret = sendfile(targetFd, sourceFd, 0, sourceStat.st_size);
err = errno;
- BOOST_REQUIRE_MESSAGE(ret != -1, "sendfile() failed: " << GetErrnoString(err));
+ ASSERT_MSG(ret != -1, "sendfile() failed: " << GetErrnoString(err));
ret = fsync(targetFd);
err = errno;
- BOOST_REQUIRE_MESSAGE(ret != -1, "fsync() failed: " << GetErrnoString(err));
+ ASSERT_MSG(ret != -1, "fsync() failed: " << GetErrnoString(err));
}
void generateRandom(size_t random_bytes, unsigned char *output)
{
if (random_bytes <= 0 || !output)
- throw runtime_error("Invalid param");
+ ASSERT_FAIL("Invalid param");
std::ifstream is("/dev/urandom", std::ifstream::binary);
- if (!is)
- throw runtime_error("Failed to read /dev/urandom");
+ ASSERT_MSG(is, "Failed to read /dev/urandom");
is.read(reinterpret_cast<char *>(output), random_bytes);
- if (static_cast<std::streamsize>(random_bytes) != is.gcount())
- throw runtime_error("Not enough bytes read from /dev/urandom");
+ ASSERT_MSG(static_cast<std::streamsize>(random_bytes) == is.gcount(),
+ "Not enough bytes read from /dev/urandom");
}
RawBuffer createRandomBuffer(size_t random_bytes)
@@ -420,11 +416,9 @@ SchemeTest::~SchemeTest()
void SchemeTest::RemoveUserData()
{
- if (CKM_API_SUCCESS != m_control->lockUserKey(UID))
- throw runtime_error("lockUserKey failed");
+ ASSERT_MSG(m_control->lockUserKey(UID) == CKM_API_SUCCESS, "lockUserKey failed");
- if (CKM_API_SUCCESS != m_control->removeUserData(UID))
- throw runtime_error("removeUserData failed");
+ ASSERT_MSG(m_control->removeUserData(UID) == CKM_API_SUCCESS, "removeUserData failed");
}
void SchemeTest::SwitchToUser()
@@ -432,26 +426,21 @@ void SchemeTest::SwitchToUser()
if (m_userChanged)
return;
- if (CKM_API_SUCCESS != m_control->unlockUserKey(UID, DBPASS))
- throw runtime_error("unlockUserKey failed");
+ ASSERT_MSG(m_control->unlockUserKey(UID, DBPASS) == CKM_API_SUCCESS, "unlockUserKey failed");
// get calling label
char *label = NULL;
- if (smack_new_label_from_self(&label) <= 0)
- throw runtime_error("smack_new_label_from_self failed");
+ ASSERT_MSG(smack_new_label_from_self(&label) > 0, "smack_new_label_from_self failed");
m_origLabel = string(label);
free(label);
- if (0 > smack_set_label_for_self(LABEL))
- throw runtime_error("smack_set_label_for_self failed");
+ ASSERT_MSG(smack_set_label_for_self(LABEL) == 0, "smack_set_label_for_self failed");
- if (0 > setegid(GID))
- throw runtime_error("setegid failed");
+ ASSERT_MSG(setegid(GID) == 0, "setegid failed");
- if (0 > seteuid(UID))
- throw runtime_error("seteuid failed");
+ ASSERT_MSG(seteuid(UID) == 0, "seteuid failed");
m_userChanged = true;
}
@@ -461,17 +450,14 @@ void SchemeTest::SwitchToRoot()
if (!m_userChanged)
return;
- if (0 > seteuid(0))
- throw runtime_error("seteuid failed");
+ ASSERT_MSG(seteuid(0) == 0, "seteuid failed");
- if (0 > setegid(0))
- throw runtime_error("setegid failed");
+ ASSERT_MSG(setegid(0) == 0, "setegid failed");
- if (0 > smack_set_label_for_self(m_origLabel.c_str()))
- throw runtime_error("smack_set_label_for_self failed");
+ ASSERT_MSG(smack_set_label_for_self(m_origLabel.c_str()) == 0,
+ "smack_set_label_for_self failed");
- if (m_control->lockUserKey(UID) != CKM_API_SUCCESS)
- throw runtime_error("lockUserKey failed");
+ ASSERT_MSG(m_control->lockUserKey(UID) == CKM_API_SUCCESS, "lockUserKey failed");
}
void SchemeTest::FillDb()
@@ -479,15 +465,13 @@ void SchemeTest::FillDb()
// pkcs
ifstream is(DB_TEST_DIR "/encryption-scheme.p12");
- if (!is)
- throw runtime_error("Failed to read pkcs");
+ ASSERT_MSG(is, "Failed to read pkcs");
istreambuf_iterator<char> begin(is), end;
RawBuffer pkcsBuffer(begin, end);
auto pkcs = PKCS12::create(pkcsBuffer, Password());
- if (pkcs->empty())
- throw runtime_error("Empty pkcs");
+ ASSERT_MSG(!pkcs->empty(), "Empty pkcs");
SwitchToUser();
@@ -505,42 +489,40 @@ void SchemeTest::FillDb()
for (const auto &g : GROUPS) {
switch (g.type) {
case Group::KEY_PAIR_RSA:
- if (g.items.size() != 2)
- throw runtime_error("Wrong number of keys");
+ ASSERT_MSG(g.items.size() == 2, "Wrong number of keys");
if (g.items[0].type != DataType::KEY_RSA_PRIVATE ||
g.items[1].type != DataType::KEY_RSA_PUBLIC)
- throw runtime_error("Invalid item type");
+ ASSERT_FAIL("Invalid item type");
if (CKM_API_SUCCESS != m_mgr->createKeyPairRSA(1024,
g.items[0].alias,
g.items[1].alias,
g.items[0].policy,
g.items[1].policy))
- throw runtime_error("createKeyPair failed");
+ ASSERT_FAIL("createKeyPair failed");
break;
case Group::CERT_CHAIN:
- if (g.items.size() != CHAIN_SIZE)
- throw runtime_error("Wrong number of certificates");
+ ASSERT_MSG(g.items.size() == CHAIN_SIZE, "Wrong number of certificates");
if (g.items[0].type != DataType::CERTIFICATE ||
g.items[1].type != DataType::CERTIFICATE ||
g.items[2].type != DataType::CERTIFICATE)
- throw runtime_error("Invalid item type");
+ ASSERT_FAIL("Invalid item type");
if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[0].alias, rootCa,
g.items[0].policy))
- throw runtime_error("saveCertificate failed");
+ ASSERT_FAIL("saveCertificate failed");
if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[1].alias, imCa,
g.items[1].policy))
- throw runtime_error("saveCertificate failed");
+ ASSERT_FAIL("saveCertificate failed");
if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[2].alias, leaf,
g.items[2].policy))
- throw runtime_error("saveCertificate failed");
+ ASSERT_FAIL("saveCertificate failed");
break;
@@ -549,24 +531,24 @@ void SchemeTest::FillDb()
switch (i.type) {
case DataType::BINARY_DATA:
if (CKM_API_SUCCESS != m_mgr->saveData(i.alias, TEST_DATA, i.policy))
- throw runtime_error("saveData failed");
+ ASSERT_FAIL("saveData failed");
break;
case DataType::KEY_AES:
if (CKM_API_SUCCESS != m_mgr->createKeyAES(256, i.alias, i.policy))
- throw runtime_error("createKeyAES failed");
+ ASSERT_FAIL("createKeyAES failed");
break;
case DataType::CHAIN_CERT_0: // PKCS
if (CKM_API_SUCCESS != m_mgr->savePKCS12(i.alias, pkcs, i.policy, i.policy))
- throw runtime_error("savePkcs12 failed");
+ ASSERT_FAIL("savePkcs12 failed");
break;
default:
- throw runtime_error("unsupported data type");
+ ASSERT_FAIL("unsupported data type");
}
}
@@ -595,8 +577,8 @@ void SchemeTest::ReadAll(bool useWrongPass)
case DataType::BINARY_DATA: {
RawBuffer receivedData;
ret = m_mgr->getData(i.alias, pass, receivedData);
- BOOST_REQUIRE_MESSAGE(useWrongPass || receivedData == TEST_DATA,
- "Received data is different for " << i.alias);
+ ASSERT_MSG(useWrongPass || receivedData == TEST_DATA,
+ "Received data is different for " << i.alias);
break;
}
@@ -621,20 +603,20 @@ void SchemeTest::ReadAll(bool useWrongPass)
}
default:
- BOOST_FAIL("Unsupported data type " << i.type);
+ ASSERT_FAIL("Unsupported data type " << i.type);
}
if (i.policy.extractable) {
if (useWrongPass)
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_ERROR_AUTHENTICATION_FAILED,
- "Reading item " << i.alias << " should fail with " <<
- CKM_API_ERROR_AUTHENTICATION_FAILED << " got: " << ret);
+ ASSERT_MSG(ret == CKM_API_ERROR_AUTHENTICATION_FAILED,
+ "Reading item " << i.alias << " should fail with " <<
+ CKM_API_ERROR_AUTHENTICATION_FAILED << " got: " << ret);
else
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, "Reading item " << i.alias <<
- " failed with " << ret);
+ ASSERT_MSG(ret == CKM_API_SUCCESS,
+ "Reading item " << i.alias << " failed with " << ret);
} else {
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_ERROR_NOT_EXPORTABLE, "Item " << i.alias <<
- " should not be exportable");
+ ASSERT_MSG(ret == CKM_API_ERROR_NOT_EXPORTABLE,
+ "Item " << i.alias << " should not be exportable");
}
}
}
@@ -646,9 +628,9 @@ void SchemeTest::SignVerify()
for (const auto &g : GROUPS) {
if (g.type == Group::KEY_PAIR_RSA) {
- BOOST_REQUIRE_MESSAGE(g.items.size() == 2, "Wrong number of keys");
- BOOST_REQUIRE_MESSAGE(g.items[0].type == DataType::KEY_RSA_PRIVATE &&
- g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key");
+ ASSERT_MSG(g.items.size() == 2, "Wrong number of keys");
+ ASSERT_MSG(g.items[0].type == DataType::KEY_RSA_PRIVATE &&
+ g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key");
SignVerifyItem(g.items[0], g.items[1]);
} else {
@@ -672,9 +654,9 @@ void SchemeTest::EncryptDecrypt()
for (const auto &g : GROUPS) {
if (g.type == Group::KEY_PAIR_RSA) {
- BOOST_REQUIRE_MESSAGE(g.items.size() == 2, "Wrong number of keys");
- BOOST_REQUIRE_MESSAGE(g.items[0].type == DataType::KEY_RSA_PRIVATE &&
- g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key");
+ ASSERT_MSG(g.items.size() == 2, "Wrong number of keys");
+ ASSERT_MSG(g.items[0].type == DataType::KEY_RSA_PRIVATE &&
+ g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key");
EncryptDecryptItem(g.items[0], g.items[1]);
} else {
@@ -702,10 +684,10 @@ void SchemeTest::CreateChain()
for (const auto &g : GROUPS) {
if (g.type == Group::CERT_CHAIN) {
- BOOST_REQUIRE_MESSAGE(g.items.size() == CHAIN_SIZE, "Not enough certificates");
+ ASSERT_MSG(g.items.size() == CHAIN_SIZE, "Not enough certificates");
for (const auto &c : g.items)
- BOOST_REQUIRE_MESSAGE(c.type == DataType::CERTIFICATE, "Wrong item type");
+ ASSERT_MSG(c.type == DataType::CERTIFICATE, "Wrong item type");
Items trusted(CHAIN_SIZE - 1);
std::copy(g.items.begin(), g.items.begin() + CHAIN_SIZE - 1, trusted.begin());
@@ -728,8 +710,8 @@ void SchemeTest::RemoveAll()
for (const auto &g : GROUPS) {
for (const auto &i : g.items) {
int ret = m_mgr->removeAlias(i.alias);
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
- "removeAlias() failed with " << ret << " for " << i.alias);
+ ASSERT_MSG(ret == CKM_API_SUCCESS,
+ "removeAlias() failed with " << ret << " for " << i.alias);
}
}
}
@@ -771,13 +753,12 @@ void SchemeTest::CheckSchemeVersion(const ItemFilter &filter, int version)
DB::RowVector rows;
m_db->getRows(i.alias, OWNER, filter.typeFrom, filter.typeTo, rows);
- BOOST_REQUIRE_MESSAGE(rows.size() > 0, "No rows found for " << i.alias);
+ ASSERT_MSG(rows.size() > 0, "No rows found for " << i.alias);
for (const auto &r : rows) {
- BOOST_REQUIRE_MESSAGE(
- (r.encryptionScheme >> ENC_SCHEME_OFFSET) == version,
- "Wrong encryption scheme for " << i.alias << ". Expected " << version <<
- " got: " << (r.encryptionScheme >> ENC_SCHEME_OFFSET));
+ ASSERT_MSG((r.encryptionScheme >> ENC_SCHEME_OFFSET) == version,
+ "Wrong encryption scheme for " << i.alias << ". Expected " << version <<
+ " got: " << (r.encryptionScheme >> ENC_SCHEME_OFFSET));
}
}
}
@@ -814,18 +795,16 @@ void SchemeTest::SignVerifyItem(const Item &itemPrv, const Item &itemPub)
HashAlgorithm::SHA512,
RSAPaddingAlgorithm::X931,
signature);
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
- "createSignature() failed with " << ret <<
- " for " << itemPrv.alias);
+ ASSERT_MSG(ret == CKM_API_SUCCESS,
+ "createSignature() failed with " << ret << " for " << itemPrv.alias);
ret = m_mgr->verifySignature(itemPub.alias,
itemPub.policy.password,
TEST_DATA,
signature,
HashAlgorithm::SHA512,
RSAPaddingAlgorithm::X931);
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
- "verifySignature() failed with " << ret <<
- " for " << itemPub.alias);
+ ASSERT_MSG(ret == CKM_API_SUCCESS,
+ "verifySignature() failed with " << ret << " for " << itemPub.alias);
}
void SchemeTest::EncryptDecryptItem(const Item &item)
@@ -838,20 +817,13 @@ void SchemeTest::EncryptDecryptItem(const Item &item)
algo.setParam(ParamName::ALGO_TYPE, AlgoType::AES_GCM);
algo.setParam(ParamName::ED_IV, iv);
- ret = m_mgr->encrypt(algo, item.alias, item.policy.password, TEST_DATA,
- encrypted);
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
- "encrypt() failed iwth " << ret << " for " <<
- item.alias);
+ ret = m_mgr->encrypt(algo, item.alias, item.policy.password, TEST_DATA, encrypted);
+ ASSERT_MSG(ret == CKM_API_SUCCESS, "encrypt() failed iwth " << ret << " for " << item.alias);
- ret = m_mgr->decrypt(algo, item.alias, item.policy.password, encrypted,
- decrypted);
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
- "decrypt() failed iwth " << ret << " for " <<
- item.alias);
+ ret = m_mgr->decrypt(algo, item.alias, item.policy.password, encrypted, decrypted);
+ ASSERT_MSG(ret == CKM_API_SUCCESS, "decrypt() failed iwth " << ret << " for " << item.alias);
- BOOST_REQUIRE_MESSAGE(decrypted == TEST_DATA,
- "Decrypted data not equal to original");
+ ASSERT_MSG(decrypted == TEST_DATA, "Decrypted data not equal to original");
}
void SchemeTest::EncryptDecryptItem(const Item &itemPrv, const Item &itemPub)
@@ -862,20 +834,13 @@ void SchemeTest::EncryptDecryptItem(const Item &itemPrv, const Item &itemPub)
algo.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_OAEP);
- ret = m_mgr->encrypt(algo, itemPub.alias, itemPub.policy.password, TEST_DATA,
- encrypted);
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
- "encrypt() failed iwth " << ret << " for " <<
- itemPub.alias);
+ ret = m_mgr->encrypt(algo, itemPub.alias, itemPub.policy.password, TEST_DATA, encrypted);
+ ASSERT_MSG(ret == CKM_API_SUCCESS, "encrypt() failed iwth " << ret << " for " << itemPub.alias);
- ret = m_mgr->decrypt(algo, itemPrv.alias, itemPrv.policy.password, encrypted,
- decrypted);
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
- "decrypt() failed iwth " << ret << " for " <<
- itemPrv.alias);
+ ret = m_mgr->decrypt(algo, itemPrv.alias, itemPrv.policy.password, encrypted, decrypted);
+ ASSERT_MSG(ret == CKM_API_SUCCESS, "decrypt() failed iwth " << ret << " for " << itemPrv.alias);
- BOOST_REQUIRE_MESSAGE(decrypted == TEST_DATA,
- "Decrypted data not equal to original");
+ ASSERT_MSG(decrypted == TEST_DATA, "Decrypted data not equal to original");
}
void SchemeTest::CreateChainItem(const Item &leaf, const Items &certs)
@@ -895,13 +860,10 @@ void SchemeTest::CreateChainItem(const Item &leaf, const Items &certs)
CertificateShPtr leafCrt;
int ret = m_mgr->getCertificate(leaf.alias, leaf.policy.password, leafCrt);
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
- "getCertificate failed with " << ret << " for " <<
- leaf.alias);
+ ASSERT_MSG(ret == CKM_API_SUCCESS,
+ "getCertificate failed with " << ret << " for " << leaf.alias);
ret = m_mgr->getCertificateChain(leafCrt, AliasVector(), trusted, false, chain);
- BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS,
- "getCertificateChain() failed with " << ret);
- BOOST_REQUIRE_MESSAGE(chain.size() == CHAIN_LEN,
- "Wrong chain length: " << chain.size());
+ ASSERT_MSG(ret == CKM_API_SUCCESS, "getCertificateChain() failed with " << ret);
+ ASSERT_MSG(chain.size() == CHAIN_LEN, "Wrong chain length: " << chain.size());
}
diff --git a/tests/encryption-scheme/smack-access.cpp b/tests/encryption-scheme/smack-access.cpp
index 8115e64..960ea12 100644
--- a/tests/encryption-scheme/smack-access.cpp
+++ b/tests/encryption-scheme/smack-access.cpp
@@ -20,16 +20,14 @@
* @version 1.0
*/
-#include <stdexcept>
+#include <sys/smack.h>
+#include <assert-wrapper.h>
#include <smack-access.h>
-#include <sys/smack.h>
-
SmackAccess::SmackAccess() : m_handle(nullptr)
{
- if (0 != smack_accesses_new(&m_handle))
- throw std::runtime_error("smack_accesses_new failed");
+ ASSERT_MSG(smack_accesses_new(&m_handle) == 0, "smack_accesses_new failed");
}
void SmackAccess::add(
@@ -37,15 +35,13 @@ void SmackAccess::add(
const std::string &object,
const std::string &rights)
{
- if (0 != smack_accesses_add(m_handle, subject.c_str(), object.c_str(),
- rights.c_str()))
- throw std::runtime_error("smack_accesses_add failed");
+ ASSERT_MSG(smack_accesses_add(m_handle, subject.c_str(), object.c_str(), rights.c_str()) == 0,
+ "smack_accesses_add failed");
}
void SmackAccess::apply()
{
- if (0 != smack_accesses_apply(m_handle))
- throw std::runtime_error("smack_accesses_apply failed");
+ ASSERT_MSG(smack_accesses_apply(m_handle) == 0, "smack_accesses_apply failed");
}
SmackAccess::~SmackAccess()
diff --git a/tests/test_encryption-scheme.cpp b/tests/test_encryption-scheme.cpp
index dc2e3bd..ac552f5 100644
--- a/tests/test_encryption-scheme.cpp
+++ b/tests/test_encryption-scheme.cpp
@@ -19,6 +19,9 @@
* @version 1.0
*/
+#include <fstream>
+#include <string>
+
#include <boost/test/unit_test.hpp>
#include <boost/test/results_reporter.hpp>
@@ -30,10 +33,35 @@ namespace {
// this is done to limit the amount of code included in binary
const int OLD_ENC_SCHEME = 0;
const int NEW_ENC_SCHEME = 1;
-} // namespace anonymous
+const char* const ONLYCAP = "/sys/fs/smackfs/onlycap";
+
+class OnlycapFixture {
+public:
+ OnlycapFixture() {
+ std::fstream file(ONLYCAP);
+ std::string tmp;
+ while(file >> tmp) {
+ m_oldOnlycap += tmp;
+ m_oldOnlycap += " ";
+ }
+ file.clear();
+ file << " ";
+ };
+
+ ~OnlycapFixture() {
+ try {
+ std::ofstream file(ONLYCAP);
+ file << m_oldOnlycap;
+ } catch(...) {}
+ };
+private:
+ std::string m_oldOnlycap;
+};
+
+} // namespace anonymous
-BOOST_AUTO_TEST_SUITE(ENCRYPTION_SCHEME_TEST)
+BOOST_FIXTURE_TEST_SUITE(ENCRYPTION_SCHEME_TEST, OnlycapFixture)
// Test database should have the old scheme
BOOST_AUTO_TEST_CASE(T010_Check_old_scheme)