diff options
-rw-r--r-- | packaging/key-manager-tests.manifest.in | 4 | ||||
-rw-r--r-- | tests/CMakeLists.txt | 70 | ||||
-rw-r--r-- | tests/encryption-scheme/CMakeLists.txt | 88 | ||||
-rw-r--r-- | tests/encryption-scheme/assert-wrapper.h | 47 | ||||
-rw-r--r-- | tests/encryption-scheme/scheme-test.cpp | 206 | ||||
-rw-r--r-- | tests/encryption-scheme/smack-access.cpp | 16 | ||||
-rw-r--r-- | tests/test_encryption-scheme.cpp | 32 |
7 files changed, 231 insertions, 232 deletions
diff --git a/packaging/key-manager-tests.manifest.in b/packaging/key-manager-tests.manifest.in index 2442a89f..d302dcc4 100644 --- a/packaging/key-manager-tests.manifest.in +++ b/packaging/key-manager-tests.manifest.in @@ -3,8 +3,8 @@ <domain name="_" /> </request> <assign> - <filesystem path="@BIN_DIR@/ckm-tests-internal" exec_label="@SMACK_DOMAIN_NAME@" /> + <filesystem path="@BIN_DIR@/ckm-tests-internal" exec_label="System::Privileged" /> <filesystem path="@BIN_DIR@/ckm_db_tool" exec_label="@SMACK_DOMAIN_NAME@" /> - <filesystem path="@BIN_DIR@/ckm_generate_db" exec_label="@SMACK_DOMAIN_NAME@" /> + <filesystem path="@BIN_DIR@/ckm_generate_db" exec_label="System::Privileged" /> </assign> </manifest> diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 34fb165b..ba5153ee 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -15,7 +15,66 @@ ADD_DEFINITIONS("-DSS_TEST_DIR=\"${SS_TEST_DIR}\"") SET(KEY_MANAGER_SRC_PATH ${PROJECT_SOURCE_DIR}/src) SET(KEY_MANAGER_PATH ${PROJECT_SOURCE_DIR}/src/manager) -SET(TARGET_ENCRYPTION_SCHEME_COMMON encryption-scheme-common) +# encryption scheme tests ##################################################### + +PKG_CHECK_MODULES(ENCRYPTION_SCHEME_DEP + REQUIRED + openssl + libsmack) + +SET(ENCRYPTION_SCHEME_SOURCES + ${CMAKE_CURRENT_SOURCE_DIR}/encryption-scheme/smack-access.cpp + ${CMAKE_CURRENT_SOURCE_DIR}/encryption-scheme/scheme-test.cpp + + ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp + ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp + ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp + ${KEY_MANAGER_PATH}/service/db-crypto.cpp + ${KEY_MANAGER_PATH}/service/file-lock.cpp + ${KEY_MANAGER_PATH}/service/file-system.cpp + ${KEY_MANAGER_PATH}/service/for-each-file.cpp + ${KEY_MANAGER_PATH}/service/key-provider.cpp + ${KEY_MANAGER_PATH}/sqlcipher/sqlcipher.c +) + +INCLUDE_DIRECTORIES(SYSTEM ${ENCRYPTION_SCHEME_DEP_INCLUDE_DIRS}) +INCLUDE_DIRECTORIES( + ${CMAKE_CURRENT_SOURCE_DIR} + + ${KEY_MANAGER_PATH}/common + ${KEY_MANAGER_PATH}/dpl/core/include + ${KEY_MANAGER_PATH}/dpl/log/include + ${KEY_MANAGER_PATH}/dpl/db/include + ${KEY_MANAGER_PATH}/sqlcipher + ${KEY_MANAGER_PATH}/service + ${KEY_MANAGER_PATH}/crypto +) + +LINK_DIRECTORIES(${ENCRYPTION_SCHEME_DEP_LIBRARY_DIRS}) + +# binary for filling db for testing +SET(TARGET_CKM_GENERATOR "ckm_generate_db") + +SET(GENERATOR_SOURCES + ${CMAKE_CURRENT_SOURCE_DIR}/encryption-scheme/generate-db.cpp +) + +ADD_EXECUTABLE(${TARGET_CKM_GENERATOR} ${GENERATOR_SOURCES} ${ENCRYPTION_SCHEME_SOURCES}) + +TARGET_COMPILE_DEFINITIONS(${TARGET_CKM_GENERATOR} PRIVATE NO_BOOST) + +SET(SCHEME_TEST_LIBRARIES + ${ENCRYPTION_SCHEME_DEP_LIBRARIES} + ${TARGET_KEY_MANAGER_CLIENT} + ${TARGET_KEY_MANAGER_CONTROL_CLIENT} + ${CMAKE_THREAD_LIBS_INIT} + -ldl + ) + +TARGET_LINK_LIBRARIES(${TARGET_CKM_GENERATOR} ${SCHEME_TEST_LIBRARIES} +) + +INSTALL(TARGETS ${TARGET_CKM_GENERATOR} DESTINATION bin) ################################################################################ @@ -111,7 +170,7 @@ ENDIF() LINK_DIRECTORIES(${KEY_MANAGER_DEP_LIBRARY_DIRS}) -ADD_EXECUTABLE(${TARGET_TEST_MERGED} ${TEST_MERGED_SOURCES}) +ADD_EXECUTABLE(${TARGET_TEST_MERGED} ${TEST_MERGED_SOURCES} ${ENCRYPTION_SCHEME_SOURCES}) IF(TZ_BACKEND_ENABLED) @@ -123,13 +182,10 @@ SET(TEST_LINK_EXTRA_DEPS ENDIF() TARGET_LINK_LIBRARIES(${TARGET_TEST_MERGED} - ${TARGET_KEY_MANAGER_COMMON} - ${CMAKE_THREAD_LIBS_INIT} ${KEY_MANAGER_DEP_LIBRARIES} - ${TARGET_ENCRYPTION_SCHEME_COMMON} ${TEST_LINK_EXTRA_DEPS} + ${SCHEME_TEST_LIBRARIES} boost_unit_test_framework - -ldl ) INSTALL(TARGETS ${TARGET_TEST_MERGED} DESTINATION bin) @@ -156,5 +212,3 @@ INSTALL( INSTALL(DIRECTORY resources/traverse DESTINATION ${DB_TEST_DIR}) INSTALL(DIRECTORY secure-storage-old-data/ DESTINATION ${SS_TEST_DIR}) - -ADD_SUBDIRECTORY(encryption-scheme) diff --git a/tests/encryption-scheme/CMakeLists.txt b/tests/encryption-scheme/CMakeLists.txt deleted file mode 100644 index d9f3529a..00000000 --- a/tests/encryption-scheme/CMakeLists.txt +++ /dev/null @@ -1,88 +0,0 @@ -# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) -# @brief -# - -INCLUDE(FindPkgConfig) - -# common encryption scheme library -PKG_CHECK_MODULES(ENCRYPTION_SCHEME_DEP - REQUIRED - openssl - libsmack) - -FIND_PACKAGE(Threads REQUIRED) - -SET(ENCRYPTION_SCHEME_SOURCES - ${CMAKE_CURRENT_SOURCE_DIR}/smack-access.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/scheme-test.cpp - - ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp - ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp - ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp - ${KEY_MANAGER_PATH}/service/db-crypto.cpp - ${KEY_MANAGER_PATH}/service/file-lock.cpp - ${KEY_MANAGER_PATH}/service/file-system.cpp - ${KEY_MANAGER_PATH}/service/for-each-file.cpp - ${KEY_MANAGER_PATH}/service/key-provider.cpp - ${KEY_MANAGER_PATH}/sqlcipher/sqlcipher.c -) - -INCLUDE_DIRECTORIES(SYSTEM ${ENCRYPTION_SCHEME_DEP_INCLUDE_DIRS}) -INCLUDE_DIRECTORIES( - ${CMAKE_CURRENT_SOURCE_DIR} - - ${KEY_MANAGER_PATH}/common - ${KEY_MANAGER_PATH}/dpl/core/include - ${KEY_MANAGER_PATH}/dpl/log/include - ${KEY_MANAGER_PATH}/dpl/db/include - ${KEY_MANAGER_PATH}/sqlcipher - ${KEY_MANAGER_PATH}/service - ${KEY_MANAGER_PATH}/crypto -) - -LINK_DIRECTORIES(${ENCRYPTION_SCHEME_DEP_LIBRARY_DIRS}) - -ADD_LIBRARY(${TARGET_ENCRYPTION_SCHEME_COMMON} STATIC ${ENCRYPTION_SCHEME_SOURCES}) - -TARGET_LINK_LIBRARIES(${TARGET_ENCRYPTION_SCHEME_COMMON} - ${ENCRYPTION_SCHEME_DEP_LIBRARIES} - ${TARGET_KEY_MANAGER_CLIENT} - ${TARGET_KEY_MANAGER_CONTROL_CLIENT} - ${CMAKE_THREAD_LIBS_INIT} - boost_unit_test_framework - -ldl -) - -INSTALL(TARGETS ${TARGET_ENCRYPTION_SCHEME_COMMON} DESTINATION ${LIB_INSTALL_DIR}) - - - -# binary for filling db -SET(TARGET_CKM_GENERATOR "ckm_generate_db") - -SET(GENERATOR_SOURCES - ${CMAKE_CURRENT_SOURCE_DIR}/generate-db.cpp -) - -ADD_EXECUTABLE(${TARGET_CKM_GENERATOR} ${GENERATOR_SOURCES}) - -TARGET_LINK_LIBRARIES(${TARGET_CKM_GENERATOR} - ${TARGET_ENCRYPTION_SCHEME_COMMON} -) - -INSTALL(TARGETS ${TARGET_CKM_GENERATOR} DESTINATION bin) diff --git a/tests/encryption-scheme/assert-wrapper.h b/tests/encryption-scheme/assert-wrapper.h new file mode 100644 index 00000000..7ec5b0c4 --- /dev/null +++ b/tests/encryption-scheme/assert-wrapper.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file assert-wrapper.h + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @version 1.0 + * @brief + */ + +#pragma once + +#ifdef NO_BOOST + #include <stdexcept> + #include <sstream> + + #define ASSERT_MSG(cond, msg) \ + do { \ + if (!(cond)) { \ + std::ostringstream oss; \ + oss << msg; \ + throw std::runtime_error(oss.str()); \ + } \ + } while (0) + + #define ASSERT_FAIL(msg) ASSERT_MSG(false, msg) + +#else + #include <boost/test/unit_test.hpp> + + #define ASSERT_MSG(cond, msg) BOOST_REQUIRE_MESSAGE(cond, msg) + + #define ASSERT_FAIL(msg) BOOST_FAIL(msg) + +#endif diff --git a/tests/encryption-scheme/scheme-test.cpp b/tests/encryption-scheme/scheme-test.cpp index 73cca051..66a9fa01 100644 --- a/tests/encryption-scheme/scheme-test.cpp +++ b/tests/encryption-scheme/scheme-test.cpp @@ -18,7 +18,6 @@ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) * @version 1.0 */ -#include <scheme-test.h> #include <sys/smack.h> #include <sys/types.h> @@ -34,10 +33,6 @@ #include <stdexcept> #include <vector> -#include <boost/test/unit_test.hpp> - -#include <smack-access.h> - #include <db-crypto.h> #include <file-system.h> #include <key-provider.h> @@ -45,6 +40,10 @@ #include <crypto-init.h> #include <dpl/errno_string.h> +#include <scheme-test.h> +#include <smack-access.h> +#include <assert-wrapper.h> + using namespace CKM; using namespace std; @@ -308,7 +307,7 @@ uid_t getUid(const char *name) std::vector<char> buf(bufsize, 0); int ret = getpwnam_r(name, &pwd, buf.data(), bufsize, &result); - BOOST_REQUIRE_MESSAGE(ret == 0 && result, "getpwnam_r failed"); + ASSERT_MSG(ret == 0 && result, "getpwnam_r failed"); return pwd.pw_uid; } @@ -327,7 +326,7 @@ gid_t getGid(const char *name) std::vector<char> buf(bufsize, 0); int ret = getgrnam_r(name, &grp, buf.data(), bufsize, &result); - BOOST_REQUIRE_MESSAGE(ret == 0 && result, "getgrnam_r failed"); + ASSERT_MSG(ret == 0 && result, "getgrnam_r failed"); return grp.gr_gid; } @@ -343,50 +342,47 @@ void restoreFile(const string &filename) int sourceFd = TEMP_FAILURE_RETRY(open(sourcePath.c_str(), O_RDONLY)); err = errno; - BOOST_REQUIRE_MESSAGE(sourceFd > 0, - "Opening " << sourcePath << " failed: " << GetErrnoString(err)); + ASSERT_MSG(sourceFd > 0, "Opening " << sourcePath << " failed: " << GetErrnoString(err)); FdPtr sourceFdPtr(&sourceFd); int targetFd = TEMP_FAILURE_RETRY(creat(targetPath.c_str(), 0644)); err = errno; - BOOST_REQUIRE_MESSAGE(targetFd > 0, - "Creating " << targetPath << " failed: " << GetErrnoString(err)); + ASSERT_MSG(targetFd > 0, "Creating " << targetPath << " failed: " << GetErrnoString(err)); ret = fchown(targetFd, CKM_UID, CKM_GID); err = errno; - BOOST_REQUIRE_MESSAGE(ret != -1, "fchown() failed: " << GetErrnoString(err)); + ASSERT_MSG(ret != -1, "fchown() failed: " << GetErrnoString(err)); FdPtr targetFdPtr(&targetFd); struct stat sourceStat; ret = fstat(sourceFd, &sourceStat); err = errno; - BOOST_REQUIRE_MESSAGE(ret != -1, "fstat() failed: " << GetErrnoString(err)); + ASSERT_MSG(ret != -1, "fstat() failed: " << GetErrnoString(err)); ret = sendfile(targetFd, sourceFd, 0, sourceStat.st_size); err = errno; - BOOST_REQUIRE_MESSAGE(ret != -1, "sendfile() failed: " << GetErrnoString(err)); + ASSERT_MSG(ret != -1, "sendfile() failed: " << GetErrnoString(err)); ret = fsync(targetFd); err = errno; - BOOST_REQUIRE_MESSAGE(ret != -1, "fsync() failed: " << GetErrnoString(err)); + ASSERT_MSG(ret != -1, "fsync() failed: " << GetErrnoString(err)); } void generateRandom(size_t random_bytes, unsigned char *output) { if (random_bytes <= 0 || !output) - throw runtime_error("Invalid param"); + ASSERT_FAIL("Invalid param"); std::ifstream is("/dev/urandom", std::ifstream::binary); - if (!is) - throw runtime_error("Failed to read /dev/urandom"); + ASSERT_MSG(is, "Failed to read /dev/urandom"); is.read(reinterpret_cast<char *>(output), random_bytes); - if (static_cast<std::streamsize>(random_bytes) != is.gcount()) - throw runtime_error("Not enough bytes read from /dev/urandom"); + ASSERT_MSG(static_cast<std::streamsize>(random_bytes) == is.gcount(), + "Not enough bytes read from /dev/urandom"); } RawBuffer createRandomBuffer(size_t random_bytes) @@ -420,11 +416,9 @@ SchemeTest::~SchemeTest() void SchemeTest::RemoveUserData() { - if (CKM_API_SUCCESS != m_control->lockUserKey(UID)) - throw runtime_error("lockUserKey failed"); + ASSERT_MSG(m_control->lockUserKey(UID) == CKM_API_SUCCESS, "lockUserKey failed"); - if (CKM_API_SUCCESS != m_control->removeUserData(UID)) - throw runtime_error("removeUserData failed"); + ASSERT_MSG(m_control->removeUserData(UID) == CKM_API_SUCCESS, "removeUserData failed"); } void SchemeTest::SwitchToUser() @@ -432,26 +426,21 @@ void SchemeTest::SwitchToUser() if (m_userChanged) return; - if (CKM_API_SUCCESS != m_control->unlockUserKey(UID, DBPASS)) - throw runtime_error("unlockUserKey failed"); + ASSERT_MSG(m_control->unlockUserKey(UID, DBPASS) == CKM_API_SUCCESS, "unlockUserKey failed"); // get calling label char *label = NULL; - if (smack_new_label_from_self(&label) <= 0) - throw runtime_error("smack_new_label_from_self failed"); + ASSERT_MSG(smack_new_label_from_self(&label) > 0, "smack_new_label_from_self failed"); m_origLabel = string(label); free(label); - if (0 > smack_set_label_for_self(LABEL)) - throw runtime_error("smack_set_label_for_self failed"); + ASSERT_MSG(smack_set_label_for_self(LABEL) == 0, "smack_set_label_for_self failed"); - if (0 > setegid(GID)) - throw runtime_error("setegid failed"); + ASSERT_MSG(setegid(GID) == 0, "setegid failed"); - if (0 > seteuid(UID)) - throw runtime_error("seteuid failed"); + ASSERT_MSG(seteuid(UID) == 0, "seteuid failed"); m_userChanged = true; } @@ -461,17 +450,14 @@ void SchemeTest::SwitchToRoot() if (!m_userChanged) return; - if (0 > seteuid(0)) - throw runtime_error("seteuid failed"); + ASSERT_MSG(seteuid(0) == 0, "seteuid failed"); - if (0 > setegid(0)) - throw runtime_error("setegid failed"); + ASSERT_MSG(setegid(0) == 0, "setegid failed"); - if (0 > smack_set_label_for_self(m_origLabel.c_str())) - throw runtime_error("smack_set_label_for_self failed"); + ASSERT_MSG(smack_set_label_for_self(m_origLabel.c_str()) == 0, + "smack_set_label_for_self failed"); - if (m_control->lockUserKey(UID) != CKM_API_SUCCESS) - throw runtime_error("lockUserKey failed"); + ASSERT_MSG(m_control->lockUserKey(UID) == CKM_API_SUCCESS, "lockUserKey failed"); } void SchemeTest::FillDb() @@ -479,15 +465,13 @@ void SchemeTest::FillDb() // pkcs ifstream is(DB_TEST_DIR "/encryption-scheme.p12"); - if (!is) - throw runtime_error("Failed to read pkcs"); + ASSERT_MSG(is, "Failed to read pkcs"); istreambuf_iterator<char> begin(is), end; RawBuffer pkcsBuffer(begin, end); auto pkcs = PKCS12::create(pkcsBuffer, Password()); - if (pkcs->empty()) - throw runtime_error("Empty pkcs"); + ASSERT_MSG(!pkcs->empty(), "Empty pkcs"); SwitchToUser(); @@ -505,42 +489,40 @@ void SchemeTest::FillDb() for (const auto &g : GROUPS) { switch (g.type) { case Group::KEY_PAIR_RSA: - if (g.items.size() != 2) - throw runtime_error("Wrong number of keys"); + ASSERT_MSG(g.items.size() == 2, "Wrong number of keys"); if (g.items[0].type != DataType::KEY_RSA_PRIVATE || g.items[1].type != DataType::KEY_RSA_PUBLIC) - throw runtime_error("Invalid item type"); + ASSERT_FAIL("Invalid item type"); if (CKM_API_SUCCESS != m_mgr->createKeyPairRSA(1024, g.items[0].alias, g.items[1].alias, g.items[0].policy, g.items[1].policy)) - throw runtime_error("createKeyPair failed"); + ASSERT_FAIL("createKeyPair failed"); break; case Group::CERT_CHAIN: - if (g.items.size() != CHAIN_SIZE) - throw runtime_error("Wrong number of certificates"); + ASSERT_MSG(g.items.size() == CHAIN_SIZE, "Wrong number of certificates"); if (g.items[0].type != DataType::CERTIFICATE || g.items[1].type != DataType::CERTIFICATE || g.items[2].type != DataType::CERTIFICATE) - throw runtime_error("Invalid item type"); + ASSERT_FAIL("Invalid item type"); if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[0].alias, rootCa, g.items[0].policy)) - throw runtime_error("saveCertificate failed"); + ASSERT_FAIL("saveCertificate failed"); if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[1].alias, imCa, g.items[1].policy)) - throw runtime_error("saveCertificate failed"); + ASSERT_FAIL("saveCertificate failed"); if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[2].alias, leaf, g.items[2].policy)) - throw runtime_error("saveCertificate failed"); + ASSERT_FAIL("saveCertificate failed"); break; @@ -549,24 +531,24 @@ void SchemeTest::FillDb() switch (i.type) { case DataType::BINARY_DATA: if (CKM_API_SUCCESS != m_mgr->saveData(i.alias, TEST_DATA, i.policy)) - throw runtime_error("saveData failed"); + ASSERT_FAIL("saveData failed"); break; case DataType::KEY_AES: if (CKM_API_SUCCESS != m_mgr->createKeyAES(256, i.alias, i.policy)) - throw runtime_error("createKeyAES failed"); + ASSERT_FAIL("createKeyAES failed"); break; case DataType::CHAIN_CERT_0: // PKCS if (CKM_API_SUCCESS != m_mgr->savePKCS12(i.alias, pkcs, i.policy, i.policy)) - throw runtime_error("savePkcs12 failed"); + ASSERT_FAIL("savePkcs12 failed"); break; default: - throw runtime_error("unsupported data type"); + ASSERT_FAIL("unsupported data type"); } } @@ -595,8 +577,8 @@ void SchemeTest::ReadAll(bool useWrongPass) case DataType::BINARY_DATA: { RawBuffer receivedData; ret = m_mgr->getData(i.alias, pass, receivedData); - BOOST_REQUIRE_MESSAGE(useWrongPass || receivedData == TEST_DATA, - "Received data is different for " << i.alias); + ASSERT_MSG(useWrongPass || receivedData == TEST_DATA, + "Received data is different for " << i.alias); break; } @@ -621,20 +603,20 @@ void SchemeTest::ReadAll(bool useWrongPass) } default: - BOOST_FAIL("Unsupported data type " << i.type); + ASSERT_FAIL("Unsupported data type " << i.type); } if (i.policy.extractable) { if (useWrongPass) - BOOST_REQUIRE_MESSAGE(ret == CKM_API_ERROR_AUTHENTICATION_FAILED, - "Reading item " << i.alias << " should fail with " << - CKM_API_ERROR_AUTHENTICATION_FAILED << " got: " << ret); + ASSERT_MSG(ret == CKM_API_ERROR_AUTHENTICATION_FAILED, + "Reading item " << i.alias << " should fail with " << + CKM_API_ERROR_AUTHENTICATION_FAILED << " got: " << ret); else - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, "Reading item " << i.alias << - " failed with " << ret); + ASSERT_MSG(ret == CKM_API_SUCCESS, + "Reading item " << i.alias << " failed with " << ret); } else { - BOOST_REQUIRE_MESSAGE(ret == CKM_API_ERROR_NOT_EXPORTABLE, "Item " << i.alias << - " should not be exportable"); + ASSERT_MSG(ret == CKM_API_ERROR_NOT_EXPORTABLE, + "Item " << i.alias << " should not be exportable"); } } } @@ -646,9 +628,9 @@ void SchemeTest::SignVerify() for (const auto &g : GROUPS) { if (g.type == Group::KEY_PAIR_RSA) { - BOOST_REQUIRE_MESSAGE(g.items.size() == 2, "Wrong number of keys"); - BOOST_REQUIRE_MESSAGE(g.items[0].type == DataType::KEY_RSA_PRIVATE && - g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key"); + ASSERT_MSG(g.items.size() == 2, "Wrong number of keys"); + ASSERT_MSG(g.items[0].type == DataType::KEY_RSA_PRIVATE && + g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key"); SignVerifyItem(g.items[0], g.items[1]); } else { @@ -672,9 +654,9 @@ void SchemeTest::EncryptDecrypt() for (const auto &g : GROUPS) { if (g.type == Group::KEY_PAIR_RSA) { - BOOST_REQUIRE_MESSAGE(g.items.size() == 2, "Wrong number of keys"); - BOOST_REQUIRE_MESSAGE(g.items[0].type == DataType::KEY_RSA_PRIVATE && - g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key"); + ASSERT_MSG(g.items.size() == 2, "Wrong number of keys"); + ASSERT_MSG(g.items[0].type == DataType::KEY_RSA_PRIVATE && + g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key"); EncryptDecryptItem(g.items[0], g.items[1]); } else { @@ -702,10 +684,10 @@ void SchemeTest::CreateChain() for (const auto &g : GROUPS) { if (g.type == Group::CERT_CHAIN) { - BOOST_REQUIRE_MESSAGE(g.items.size() == CHAIN_SIZE, "Not enough certificates"); + ASSERT_MSG(g.items.size() == CHAIN_SIZE, "Not enough certificates"); for (const auto &c : g.items) - BOOST_REQUIRE_MESSAGE(c.type == DataType::CERTIFICATE, "Wrong item type"); + ASSERT_MSG(c.type == DataType::CERTIFICATE, "Wrong item type"); Items trusted(CHAIN_SIZE - 1); std::copy(g.items.begin(), g.items.begin() + CHAIN_SIZE - 1, trusted.begin()); @@ -728,8 +710,8 @@ void SchemeTest::RemoveAll() for (const auto &g : GROUPS) { for (const auto &i : g.items) { int ret = m_mgr->removeAlias(i.alias); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "removeAlias() failed with " << ret << " for " << i.alias); + ASSERT_MSG(ret == CKM_API_SUCCESS, + "removeAlias() failed with " << ret << " for " << i.alias); } } } @@ -771,13 +753,12 @@ void SchemeTest::CheckSchemeVersion(const ItemFilter &filter, int version) DB::RowVector rows; m_db->getRows(i.alias, OWNER, filter.typeFrom, filter.typeTo, rows); - BOOST_REQUIRE_MESSAGE(rows.size() > 0, "No rows found for " << i.alias); + ASSERT_MSG(rows.size() > 0, "No rows found for " << i.alias); for (const auto &r : rows) { - BOOST_REQUIRE_MESSAGE( - (r.encryptionScheme >> ENC_SCHEME_OFFSET) == version, - "Wrong encryption scheme for " << i.alias << ". Expected " << version << - " got: " << (r.encryptionScheme >> ENC_SCHEME_OFFSET)); + ASSERT_MSG((r.encryptionScheme >> ENC_SCHEME_OFFSET) == version, + "Wrong encryption scheme for " << i.alias << ". Expected " << version << + " got: " << (r.encryptionScheme >> ENC_SCHEME_OFFSET)); } } } @@ -814,18 +795,16 @@ void SchemeTest::SignVerifyItem(const Item &itemPrv, const Item &itemPub) HashAlgorithm::SHA512, RSAPaddingAlgorithm::X931, signature); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "createSignature() failed with " << ret << - " for " << itemPrv.alias); + ASSERT_MSG(ret == CKM_API_SUCCESS, + "createSignature() failed with " << ret << " for " << itemPrv.alias); ret = m_mgr->verifySignature(itemPub.alias, itemPub.policy.password, TEST_DATA, signature, HashAlgorithm::SHA512, RSAPaddingAlgorithm::X931); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "verifySignature() failed with " << ret << - " for " << itemPub.alias); + ASSERT_MSG(ret == CKM_API_SUCCESS, + "verifySignature() failed with " << ret << " for " << itemPub.alias); } void SchemeTest::EncryptDecryptItem(const Item &item) @@ -838,20 +817,13 @@ void SchemeTest::EncryptDecryptItem(const Item &item) algo.setParam(ParamName::ALGO_TYPE, AlgoType::AES_GCM); algo.setParam(ParamName::ED_IV, iv); - ret = m_mgr->encrypt(algo, item.alias, item.policy.password, TEST_DATA, - encrypted); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "encrypt() failed iwth " << ret << " for " << - item.alias); + ret = m_mgr->encrypt(algo, item.alias, item.policy.password, TEST_DATA, encrypted); + ASSERT_MSG(ret == CKM_API_SUCCESS, "encrypt() failed iwth " << ret << " for " << item.alias); - ret = m_mgr->decrypt(algo, item.alias, item.policy.password, encrypted, - decrypted); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "decrypt() failed iwth " << ret << " for " << - item.alias); + ret = m_mgr->decrypt(algo, item.alias, item.policy.password, encrypted, decrypted); + ASSERT_MSG(ret == CKM_API_SUCCESS, "decrypt() failed iwth " << ret << " for " << item.alias); - BOOST_REQUIRE_MESSAGE(decrypted == TEST_DATA, - "Decrypted data not equal to original"); + ASSERT_MSG(decrypted == TEST_DATA, "Decrypted data not equal to original"); } void SchemeTest::EncryptDecryptItem(const Item &itemPrv, const Item &itemPub) @@ -862,20 +834,13 @@ void SchemeTest::EncryptDecryptItem(const Item &itemPrv, const Item &itemPub) algo.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_OAEP); - ret = m_mgr->encrypt(algo, itemPub.alias, itemPub.policy.password, TEST_DATA, - encrypted); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "encrypt() failed iwth " << ret << " for " << - itemPub.alias); + ret = m_mgr->encrypt(algo, itemPub.alias, itemPub.policy.password, TEST_DATA, encrypted); + ASSERT_MSG(ret == CKM_API_SUCCESS, "encrypt() failed iwth " << ret << " for " << itemPub.alias); - ret = m_mgr->decrypt(algo, itemPrv.alias, itemPrv.policy.password, encrypted, - decrypted); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "decrypt() failed iwth " << ret << " for " << - itemPrv.alias); + ret = m_mgr->decrypt(algo, itemPrv.alias, itemPrv.policy.password, encrypted, decrypted); + ASSERT_MSG(ret == CKM_API_SUCCESS, "decrypt() failed iwth " << ret << " for " << itemPrv.alias); - BOOST_REQUIRE_MESSAGE(decrypted == TEST_DATA, - "Decrypted data not equal to original"); + ASSERT_MSG(decrypted == TEST_DATA, "Decrypted data not equal to original"); } void SchemeTest::CreateChainItem(const Item &leaf, const Items &certs) @@ -895,13 +860,10 @@ void SchemeTest::CreateChainItem(const Item &leaf, const Items &certs) CertificateShPtr leafCrt; int ret = m_mgr->getCertificate(leaf.alias, leaf.policy.password, leafCrt); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "getCertificate failed with " << ret << " for " << - leaf.alias); + ASSERT_MSG(ret == CKM_API_SUCCESS, + "getCertificate failed with " << ret << " for " << leaf.alias); ret = m_mgr->getCertificateChain(leafCrt, AliasVector(), trusted, false, chain); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "getCertificateChain() failed with " << ret); - BOOST_REQUIRE_MESSAGE(chain.size() == CHAIN_LEN, - "Wrong chain length: " << chain.size()); + ASSERT_MSG(ret == CKM_API_SUCCESS, "getCertificateChain() failed with " << ret); + ASSERT_MSG(chain.size() == CHAIN_LEN, "Wrong chain length: " << chain.size()); } diff --git a/tests/encryption-scheme/smack-access.cpp b/tests/encryption-scheme/smack-access.cpp index 8115e641..960ea129 100644 --- a/tests/encryption-scheme/smack-access.cpp +++ b/tests/encryption-scheme/smack-access.cpp @@ -20,16 +20,14 @@ * @version 1.0 */ -#include <stdexcept> +#include <sys/smack.h> +#include <assert-wrapper.h> #include <smack-access.h> -#include <sys/smack.h> - SmackAccess::SmackAccess() : m_handle(nullptr) { - if (0 != smack_accesses_new(&m_handle)) - throw std::runtime_error("smack_accesses_new failed"); + ASSERT_MSG(smack_accesses_new(&m_handle) == 0, "smack_accesses_new failed"); } void SmackAccess::add( @@ -37,15 +35,13 @@ void SmackAccess::add( const std::string &object, const std::string &rights) { - if (0 != smack_accesses_add(m_handle, subject.c_str(), object.c_str(), - rights.c_str())) - throw std::runtime_error("smack_accesses_add failed"); + ASSERT_MSG(smack_accesses_add(m_handle, subject.c_str(), object.c_str(), rights.c_str()) == 0, + "smack_accesses_add failed"); } void SmackAccess::apply() { - if (0 != smack_accesses_apply(m_handle)) - throw std::runtime_error("smack_accesses_apply failed"); + ASSERT_MSG(smack_accesses_apply(m_handle) == 0, "smack_accesses_apply failed"); } SmackAccess::~SmackAccess() diff --git a/tests/test_encryption-scheme.cpp b/tests/test_encryption-scheme.cpp index dc2e3bd0..ac552f55 100644 --- a/tests/test_encryption-scheme.cpp +++ b/tests/test_encryption-scheme.cpp @@ -19,6 +19,9 @@ * @version 1.0 */ +#include <fstream> +#include <string> + #include <boost/test/unit_test.hpp> #include <boost/test/results_reporter.hpp> @@ -30,10 +33,35 @@ namespace { // this is done to limit the amount of code included in binary const int OLD_ENC_SCHEME = 0; const int NEW_ENC_SCHEME = 1; -} // namespace anonymous +const char* const ONLYCAP = "/sys/fs/smackfs/onlycap"; + +class OnlycapFixture { +public: + OnlycapFixture() { + std::fstream file(ONLYCAP); + std::string tmp; + while(file >> tmp) { + m_oldOnlycap += tmp; + m_oldOnlycap += " "; + } + file.clear(); + file << " "; + }; + + ~OnlycapFixture() { + try { + std::ofstream file(ONLYCAP); + file << m_oldOnlycap; + } catch(...) {} + }; +private: + std::string m_oldOnlycap; +}; + +} // namespace anonymous -BOOST_AUTO_TEST_SUITE(ENCRYPTION_SCHEME_TEST) +BOOST_FIXTURE_TEST_SUITE(ENCRYPTION_SCHEME_TEST, OnlycapFixture) // Test database should have the old scheme BOOST_AUTO_TEST_CASE(T010_Check_old_scheme) |