From fe7aaaa1c46cf37dc498827b8f355c7d04a6a65a Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Wed, 17 Oct 2018 17:02:10 +0200 Subject: Fix internal scheme tests 1. Regular std::exception is not reported as error by boost test. Std::runtime_error is used because a part of the test code is also used in a tool for database generation. This commit replaces calls to boost test macros with calls to a wrapper macro which is expanded to std::runtime_error or boost test assert depending on a compilation flag. 2. Test binaries are modifying process labels which requires onlycap. This commit modifies exec label and adds onlycap fixture to disable onlycap for scheme tests. Change-Id: Ibbe44c2bca6e12b5ade360b267c281ef18294258 --- tests/encryption-scheme/scheme-test.cpp | 206 +++++++++++++------------------- 1 file changed, 84 insertions(+), 122 deletions(-) (limited to 'tests/encryption-scheme/scheme-test.cpp') diff --git a/tests/encryption-scheme/scheme-test.cpp b/tests/encryption-scheme/scheme-test.cpp index 73cca051..66a9fa01 100644 --- a/tests/encryption-scheme/scheme-test.cpp +++ b/tests/encryption-scheme/scheme-test.cpp @@ -18,7 +18,6 @@ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) * @version 1.0 */ -#include #include #include @@ -34,10 +33,6 @@ #include #include -#include - -#include - #include #include #include @@ -45,6 +40,10 @@ #include #include +#include +#include +#include + using namespace CKM; using namespace std; @@ -308,7 +307,7 @@ uid_t getUid(const char *name) std::vector buf(bufsize, 0); int ret = getpwnam_r(name, &pwd, buf.data(), bufsize, &result); - BOOST_REQUIRE_MESSAGE(ret == 0 && result, "getpwnam_r failed"); + ASSERT_MSG(ret == 0 && result, "getpwnam_r failed"); return pwd.pw_uid; } @@ -327,7 +326,7 @@ gid_t getGid(const char *name) std::vector buf(bufsize, 0); int ret = getgrnam_r(name, &grp, buf.data(), bufsize, &result); - BOOST_REQUIRE_MESSAGE(ret == 0 && result, "getgrnam_r failed"); + ASSERT_MSG(ret == 0 && result, "getgrnam_r failed"); return grp.gr_gid; } @@ -343,50 +342,47 @@ void restoreFile(const string &filename) int sourceFd = TEMP_FAILURE_RETRY(open(sourcePath.c_str(), O_RDONLY)); err = errno; - BOOST_REQUIRE_MESSAGE(sourceFd > 0, - "Opening " << sourcePath << " failed: " << GetErrnoString(err)); + ASSERT_MSG(sourceFd > 0, "Opening " << sourcePath << " failed: " << GetErrnoString(err)); FdPtr sourceFdPtr(&sourceFd); int targetFd = TEMP_FAILURE_RETRY(creat(targetPath.c_str(), 0644)); err = errno; - BOOST_REQUIRE_MESSAGE(targetFd > 0, - "Creating " << targetPath << " failed: " << GetErrnoString(err)); + ASSERT_MSG(targetFd > 0, "Creating " << targetPath << " failed: " << GetErrnoString(err)); ret = fchown(targetFd, CKM_UID, CKM_GID); err = errno; - BOOST_REQUIRE_MESSAGE(ret != -1, "fchown() failed: " << GetErrnoString(err)); + ASSERT_MSG(ret != -1, "fchown() failed: " << GetErrnoString(err)); FdPtr targetFdPtr(&targetFd); struct stat sourceStat; ret = fstat(sourceFd, &sourceStat); err = errno; - BOOST_REQUIRE_MESSAGE(ret != -1, "fstat() failed: " << GetErrnoString(err)); + ASSERT_MSG(ret != -1, "fstat() failed: " << GetErrnoString(err)); ret = sendfile(targetFd, sourceFd, 0, sourceStat.st_size); err = errno; - BOOST_REQUIRE_MESSAGE(ret != -1, "sendfile() failed: " << GetErrnoString(err)); + ASSERT_MSG(ret != -1, "sendfile() failed: " << GetErrnoString(err)); ret = fsync(targetFd); err = errno; - BOOST_REQUIRE_MESSAGE(ret != -1, "fsync() failed: " << GetErrnoString(err)); + ASSERT_MSG(ret != -1, "fsync() failed: " << GetErrnoString(err)); } void generateRandom(size_t random_bytes, unsigned char *output) { if (random_bytes <= 0 || !output) - throw runtime_error("Invalid param"); + ASSERT_FAIL("Invalid param"); std::ifstream is("/dev/urandom", std::ifstream::binary); - if (!is) - throw runtime_error("Failed to read /dev/urandom"); + ASSERT_MSG(is, "Failed to read /dev/urandom"); is.read(reinterpret_cast(output), random_bytes); - if (static_cast(random_bytes) != is.gcount()) - throw runtime_error("Not enough bytes read from /dev/urandom"); + ASSERT_MSG(static_cast(random_bytes) == is.gcount(), + "Not enough bytes read from /dev/urandom"); } RawBuffer createRandomBuffer(size_t random_bytes) @@ -420,11 +416,9 @@ SchemeTest::~SchemeTest() void SchemeTest::RemoveUserData() { - if (CKM_API_SUCCESS != m_control->lockUserKey(UID)) - throw runtime_error("lockUserKey failed"); + ASSERT_MSG(m_control->lockUserKey(UID) == CKM_API_SUCCESS, "lockUserKey failed"); - if (CKM_API_SUCCESS != m_control->removeUserData(UID)) - throw runtime_error("removeUserData failed"); + ASSERT_MSG(m_control->removeUserData(UID) == CKM_API_SUCCESS, "removeUserData failed"); } void SchemeTest::SwitchToUser() @@ -432,26 +426,21 @@ void SchemeTest::SwitchToUser() if (m_userChanged) return; - if (CKM_API_SUCCESS != m_control->unlockUserKey(UID, DBPASS)) - throw runtime_error("unlockUserKey failed"); + ASSERT_MSG(m_control->unlockUserKey(UID, DBPASS) == CKM_API_SUCCESS, "unlockUserKey failed"); // get calling label char *label = NULL; - if (smack_new_label_from_self(&label) <= 0) - throw runtime_error("smack_new_label_from_self failed"); + ASSERT_MSG(smack_new_label_from_self(&label) > 0, "smack_new_label_from_self failed"); m_origLabel = string(label); free(label); - if (0 > smack_set_label_for_self(LABEL)) - throw runtime_error("smack_set_label_for_self failed"); + ASSERT_MSG(smack_set_label_for_self(LABEL) == 0, "smack_set_label_for_self failed"); - if (0 > setegid(GID)) - throw runtime_error("setegid failed"); + ASSERT_MSG(setegid(GID) == 0, "setegid failed"); - if (0 > seteuid(UID)) - throw runtime_error("seteuid failed"); + ASSERT_MSG(seteuid(UID) == 0, "seteuid failed"); m_userChanged = true; } @@ -461,17 +450,14 @@ void SchemeTest::SwitchToRoot() if (!m_userChanged) return; - if (0 > seteuid(0)) - throw runtime_error("seteuid failed"); + ASSERT_MSG(seteuid(0) == 0, "seteuid failed"); - if (0 > setegid(0)) - throw runtime_error("setegid failed"); + ASSERT_MSG(setegid(0) == 0, "setegid failed"); - if (0 > smack_set_label_for_self(m_origLabel.c_str())) - throw runtime_error("smack_set_label_for_self failed"); + ASSERT_MSG(smack_set_label_for_self(m_origLabel.c_str()) == 0, + "smack_set_label_for_self failed"); - if (m_control->lockUserKey(UID) != CKM_API_SUCCESS) - throw runtime_error("lockUserKey failed"); + ASSERT_MSG(m_control->lockUserKey(UID) == CKM_API_SUCCESS, "lockUserKey failed"); } void SchemeTest::FillDb() @@ -479,15 +465,13 @@ void SchemeTest::FillDb() // pkcs ifstream is(DB_TEST_DIR "/encryption-scheme.p12"); - if (!is) - throw runtime_error("Failed to read pkcs"); + ASSERT_MSG(is, "Failed to read pkcs"); istreambuf_iterator begin(is), end; RawBuffer pkcsBuffer(begin, end); auto pkcs = PKCS12::create(pkcsBuffer, Password()); - if (pkcs->empty()) - throw runtime_error("Empty pkcs"); + ASSERT_MSG(!pkcs->empty(), "Empty pkcs"); SwitchToUser(); @@ -505,42 +489,40 @@ void SchemeTest::FillDb() for (const auto &g : GROUPS) { switch (g.type) { case Group::KEY_PAIR_RSA: - if (g.items.size() != 2) - throw runtime_error("Wrong number of keys"); + ASSERT_MSG(g.items.size() == 2, "Wrong number of keys"); if (g.items[0].type != DataType::KEY_RSA_PRIVATE || g.items[1].type != DataType::KEY_RSA_PUBLIC) - throw runtime_error("Invalid item type"); + ASSERT_FAIL("Invalid item type"); if (CKM_API_SUCCESS != m_mgr->createKeyPairRSA(1024, g.items[0].alias, g.items[1].alias, g.items[0].policy, g.items[1].policy)) - throw runtime_error("createKeyPair failed"); + ASSERT_FAIL("createKeyPair failed"); break; case Group::CERT_CHAIN: - if (g.items.size() != CHAIN_SIZE) - throw runtime_error("Wrong number of certificates"); + ASSERT_MSG(g.items.size() == CHAIN_SIZE, "Wrong number of certificates"); if (g.items[0].type != DataType::CERTIFICATE || g.items[1].type != DataType::CERTIFICATE || g.items[2].type != DataType::CERTIFICATE) - throw runtime_error("Invalid item type"); + ASSERT_FAIL("Invalid item type"); if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[0].alias, rootCa, g.items[0].policy)) - throw runtime_error("saveCertificate failed"); + ASSERT_FAIL("saveCertificate failed"); if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[1].alias, imCa, g.items[1].policy)) - throw runtime_error("saveCertificate failed"); + ASSERT_FAIL("saveCertificate failed"); if (CKM_API_SUCCESS != m_mgr->saveCertificate(g.items[2].alias, leaf, g.items[2].policy)) - throw runtime_error("saveCertificate failed"); + ASSERT_FAIL("saveCertificate failed"); break; @@ -549,24 +531,24 @@ void SchemeTest::FillDb() switch (i.type) { case DataType::BINARY_DATA: if (CKM_API_SUCCESS != m_mgr->saveData(i.alias, TEST_DATA, i.policy)) - throw runtime_error("saveData failed"); + ASSERT_FAIL("saveData failed"); break; case DataType::KEY_AES: if (CKM_API_SUCCESS != m_mgr->createKeyAES(256, i.alias, i.policy)) - throw runtime_error("createKeyAES failed"); + ASSERT_FAIL("createKeyAES failed"); break; case DataType::CHAIN_CERT_0: // PKCS if (CKM_API_SUCCESS != m_mgr->savePKCS12(i.alias, pkcs, i.policy, i.policy)) - throw runtime_error("savePkcs12 failed"); + ASSERT_FAIL("savePkcs12 failed"); break; default: - throw runtime_error("unsupported data type"); + ASSERT_FAIL("unsupported data type"); } } @@ -595,8 +577,8 @@ void SchemeTest::ReadAll(bool useWrongPass) case DataType::BINARY_DATA: { RawBuffer receivedData; ret = m_mgr->getData(i.alias, pass, receivedData); - BOOST_REQUIRE_MESSAGE(useWrongPass || receivedData == TEST_DATA, - "Received data is different for " << i.alias); + ASSERT_MSG(useWrongPass || receivedData == TEST_DATA, + "Received data is different for " << i.alias); break; } @@ -621,20 +603,20 @@ void SchemeTest::ReadAll(bool useWrongPass) } default: - BOOST_FAIL("Unsupported data type " << i.type); + ASSERT_FAIL("Unsupported data type " << i.type); } if (i.policy.extractable) { if (useWrongPass) - BOOST_REQUIRE_MESSAGE(ret == CKM_API_ERROR_AUTHENTICATION_FAILED, - "Reading item " << i.alias << " should fail with " << - CKM_API_ERROR_AUTHENTICATION_FAILED << " got: " << ret); + ASSERT_MSG(ret == CKM_API_ERROR_AUTHENTICATION_FAILED, + "Reading item " << i.alias << " should fail with " << + CKM_API_ERROR_AUTHENTICATION_FAILED << " got: " << ret); else - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, "Reading item " << i.alias << - " failed with " << ret); + ASSERT_MSG(ret == CKM_API_SUCCESS, + "Reading item " << i.alias << " failed with " << ret); } else { - BOOST_REQUIRE_MESSAGE(ret == CKM_API_ERROR_NOT_EXPORTABLE, "Item " << i.alias << - " should not be exportable"); + ASSERT_MSG(ret == CKM_API_ERROR_NOT_EXPORTABLE, + "Item " << i.alias << " should not be exportable"); } } } @@ -646,9 +628,9 @@ void SchemeTest::SignVerify() for (const auto &g : GROUPS) { if (g.type == Group::KEY_PAIR_RSA) { - BOOST_REQUIRE_MESSAGE(g.items.size() == 2, "Wrong number of keys"); - BOOST_REQUIRE_MESSAGE(g.items[0].type == DataType::KEY_RSA_PRIVATE && - g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key"); + ASSERT_MSG(g.items.size() == 2, "Wrong number of keys"); + ASSERT_MSG(g.items[0].type == DataType::KEY_RSA_PRIVATE && + g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key"); SignVerifyItem(g.items[0], g.items[1]); } else { @@ -672,9 +654,9 @@ void SchemeTest::EncryptDecrypt() for (const auto &g : GROUPS) { if (g.type == Group::KEY_PAIR_RSA) { - BOOST_REQUIRE_MESSAGE(g.items.size() == 2, "Wrong number of keys"); - BOOST_REQUIRE_MESSAGE(g.items[0].type == DataType::KEY_RSA_PRIVATE && - g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key"); + ASSERT_MSG(g.items.size() == 2, "Wrong number of keys"); + ASSERT_MSG(g.items[0].type == DataType::KEY_RSA_PRIVATE && + g.items[1].type == DataType::KEY_RSA_PUBLIC, "Wrong key"); EncryptDecryptItem(g.items[0], g.items[1]); } else { @@ -702,10 +684,10 @@ void SchemeTest::CreateChain() for (const auto &g : GROUPS) { if (g.type == Group::CERT_CHAIN) { - BOOST_REQUIRE_MESSAGE(g.items.size() == CHAIN_SIZE, "Not enough certificates"); + ASSERT_MSG(g.items.size() == CHAIN_SIZE, "Not enough certificates"); for (const auto &c : g.items) - BOOST_REQUIRE_MESSAGE(c.type == DataType::CERTIFICATE, "Wrong item type"); + ASSERT_MSG(c.type == DataType::CERTIFICATE, "Wrong item type"); Items trusted(CHAIN_SIZE - 1); std::copy(g.items.begin(), g.items.begin() + CHAIN_SIZE - 1, trusted.begin()); @@ -728,8 +710,8 @@ void SchemeTest::RemoveAll() for (const auto &g : GROUPS) { for (const auto &i : g.items) { int ret = m_mgr->removeAlias(i.alias); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "removeAlias() failed with " << ret << " for " << i.alias); + ASSERT_MSG(ret == CKM_API_SUCCESS, + "removeAlias() failed with " << ret << " for " << i.alias); } } } @@ -771,13 +753,12 @@ void SchemeTest::CheckSchemeVersion(const ItemFilter &filter, int version) DB::RowVector rows; m_db->getRows(i.alias, OWNER, filter.typeFrom, filter.typeTo, rows); - BOOST_REQUIRE_MESSAGE(rows.size() > 0, "No rows found for " << i.alias); + ASSERT_MSG(rows.size() > 0, "No rows found for " << i.alias); for (const auto &r : rows) { - BOOST_REQUIRE_MESSAGE( - (r.encryptionScheme >> ENC_SCHEME_OFFSET) == version, - "Wrong encryption scheme for " << i.alias << ". Expected " << version << - " got: " << (r.encryptionScheme >> ENC_SCHEME_OFFSET)); + ASSERT_MSG((r.encryptionScheme >> ENC_SCHEME_OFFSET) == version, + "Wrong encryption scheme for " << i.alias << ". Expected " << version << + " got: " << (r.encryptionScheme >> ENC_SCHEME_OFFSET)); } } } @@ -814,18 +795,16 @@ void SchemeTest::SignVerifyItem(const Item &itemPrv, const Item &itemPub) HashAlgorithm::SHA512, RSAPaddingAlgorithm::X931, signature); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "createSignature() failed with " << ret << - " for " << itemPrv.alias); + ASSERT_MSG(ret == CKM_API_SUCCESS, + "createSignature() failed with " << ret << " for " << itemPrv.alias); ret = m_mgr->verifySignature(itemPub.alias, itemPub.policy.password, TEST_DATA, signature, HashAlgorithm::SHA512, RSAPaddingAlgorithm::X931); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "verifySignature() failed with " << ret << - " for " << itemPub.alias); + ASSERT_MSG(ret == CKM_API_SUCCESS, + "verifySignature() failed with " << ret << " for " << itemPub.alias); } void SchemeTest::EncryptDecryptItem(const Item &item) @@ -838,20 +817,13 @@ void SchemeTest::EncryptDecryptItem(const Item &item) algo.setParam(ParamName::ALGO_TYPE, AlgoType::AES_GCM); algo.setParam(ParamName::ED_IV, iv); - ret = m_mgr->encrypt(algo, item.alias, item.policy.password, TEST_DATA, - encrypted); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "encrypt() failed iwth " << ret << " for " << - item.alias); + ret = m_mgr->encrypt(algo, item.alias, item.policy.password, TEST_DATA, encrypted); + ASSERT_MSG(ret == CKM_API_SUCCESS, "encrypt() failed iwth " << ret << " for " << item.alias); - ret = m_mgr->decrypt(algo, item.alias, item.policy.password, encrypted, - decrypted); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "decrypt() failed iwth " << ret << " for " << - item.alias); + ret = m_mgr->decrypt(algo, item.alias, item.policy.password, encrypted, decrypted); + ASSERT_MSG(ret == CKM_API_SUCCESS, "decrypt() failed iwth " << ret << " for " << item.alias); - BOOST_REQUIRE_MESSAGE(decrypted == TEST_DATA, - "Decrypted data not equal to original"); + ASSERT_MSG(decrypted == TEST_DATA, "Decrypted data not equal to original"); } void SchemeTest::EncryptDecryptItem(const Item &itemPrv, const Item &itemPub) @@ -862,20 +834,13 @@ void SchemeTest::EncryptDecryptItem(const Item &itemPrv, const Item &itemPub) algo.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_OAEP); - ret = m_mgr->encrypt(algo, itemPub.alias, itemPub.policy.password, TEST_DATA, - encrypted); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "encrypt() failed iwth " << ret << " for " << - itemPub.alias); + ret = m_mgr->encrypt(algo, itemPub.alias, itemPub.policy.password, TEST_DATA, encrypted); + ASSERT_MSG(ret == CKM_API_SUCCESS, "encrypt() failed iwth " << ret << " for " << itemPub.alias); - ret = m_mgr->decrypt(algo, itemPrv.alias, itemPrv.policy.password, encrypted, - decrypted); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "decrypt() failed iwth " << ret << " for " << - itemPrv.alias); + ret = m_mgr->decrypt(algo, itemPrv.alias, itemPrv.policy.password, encrypted, decrypted); + ASSERT_MSG(ret == CKM_API_SUCCESS, "decrypt() failed iwth " << ret << " for " << itemPrv.alias); - BOOST_REQUIRE_MESSAGE(decrypted == TEST_DATA, - "Decrypted data not equal to original"); + ASSERT_MSG(decrypted == TEST_DATA, "Decrypted data not equal to original"); } void SchemeTest::CreateChainItem(const Item &leaf, const Items &certs) @@ -895,13 +860,10 @@ void SchemeTest::CreateChainItem(const Item &leaf, const Items &certs) CertificateShPtr leafCrt; int ret = m_mgr->getCertificate(leaf.alias, leaf.policy.password, leafCrt); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "getCertificate failed with " << ret << " for " << - leaf.alias); + ASSERT_MSG(ret == CKM_API_SUCCESS, + "getCertificate failed with " << ret << " for " << leaf.alias); ret = m_mgr->getCertificateChain(leafCrt, AliasVector(), trusted, false, chain); - BOOST_REQUIRE_MESSAGE(ret == CKM_API_SUCCESS, - "getCertificateChain() failed with " << ret); - BOOST_REQUIRE_MESSAGE(chain.size() == CHAIN_LEN, - "Wrong chain length: " << chain.size()); + ASSERT_MSG(ret == CKM_API_SUCCESS, "getCertificateChain() failed with " << ret); + ASSERT_MSG(chain.size() == CHAIN_LEN, "Wrong chain length: " << chain.size()); } -- cgit v1.2.3