Aktualizr
C++ SOTA Client
All Classes Namespaces Files Functions Variables Enumerations Enumerator Pages
keymanager_test.cc
1 #include <gtest/gtest.h>
2 #include <memory>
3 
4 #include "json/json.h"
5 
6 #include "config/config.h"
7 #include "crypto/keymanager.h"
8 #include "storage/sqlstorage.h"
9 #include "utilities/utils.h"
10 
11 #ifdef BUILD_P11
12 #ifndef TEST_PKCS11_MODULE_PATH
13 #define TEST_PKCS11_MODULE_PATH "/usr/local/softhsm/libsofthsm2.so"
14 #endif
15 #endif
16 
17 /* Sign TUF metadata with RSA2048. */
18 TEST(KeyManager, SignTuf) {
19  std::string private_key = Utils::readFile("tests/test_data/priv.key");
20  std::string public_key = Utils::readFile("tests/test_data/public.key");
21  Config config;
22  config.uptane.key_type = KeyType::kRSA2048;
23  TemporaryDirectory temp_dir;
24  config.storage.path = temp_dir.Path();
25  auto storage = INvStorage::newStorage(config.storage);
26  storage->storePrimaryKeys(public_key, private_key);
27  KeyManager keys(storage, config.keymanagerConfig());
28 
29  Json::Value tosign_json;
30  tosign_json["mykey"] = "value";
31  Json::Value signed_json = keys.signTuf(tosign_json);
32  EXPECT_EQ(signed_json["signed"]["mykey"].asString(), "value");
33  EXPECT_EQ(signed_json["signatures"][0]["keyid"].asString(),
34  "6a809c62b4f6c2ae11abfb260a6a9a57d205fc2887ab9c83bd6be0790293e187");
35  EXPECT_NE(signed_json["signatures"][0]["sig"].asString().size(), 0);
36 }
37 
38 /* Sign TUF metadata with ED25519. */
39 TEST(KeyManager, SignED25519Tuf) {
40  std::string private_key =
41  "BD0A7539BD0365D7A9A3050390AD7B7C2033C58E354C5E0F42B9B611273BBA38BB9FFA4DCF35A89F6F40C5FA67998DD38B64A8459598CF3D"
42  "A93853388FDAC760";
43  std::string public_key = "BB9FFA4DCF35A89F6F40C5FA67998DD38B64A8459598CF3DA93853388FDAC760";
44  Config config;
45  config.uptane.key_type = KeyType::kED25519;
46  TemporaryDirectory temp_dir;
47  config.storage.path = temp_dir.Path();
48  auto storage = INvStorage::newStorage(config.storage);
49 
50  storage->storePrimaryKeys(public_key, private_key);
51  KeyManager keys(storage, config.keymanagerConfig());
52  keys.loadKeys();
53 
54  Json::Value tosign_json;
55  tosign_json["mykey"] = "value";
56  Json::Value signed_json = keys.signTuf(tosign_json);
57  EXPECT_EQ(signed_json["signed"]["mykey"].asString(), "value");
58  EXPECT_EQ(signed_json["signatures"][0]["keyid"].asString(),
59  "a6d0f6b52ae833175dd7724899507709231723037845715c7677670e0195f850");
60  EXPECT_NE(signed_json["signatures"][0]["sig"].asString().size(), 0);
61 }
62 
63 TEST(KeyManager, InitFileEmpty) {
64  Config config;
65  TemporaryDirectory temp_dir;
66  config.storage.path = temp_dir.Path();
67  std::shared_ptr<INvStorage> storage = INvStorage::newStorage(config.storage);
68  KeyManager keys(storage, config.keymanagerConfig());
69 
70  EXPECT_TRUE(keys.getCaFile().empty());
71  EXPECT_TRUE(keys.getPkeyFile().empty());
72  EXPECT_TRUE(keys.getCertFile().empty());
73  keys.loadKeys();
74  EXPECT_TRUE(keys.getCaFile().empty());
75  EXPECT_TRUE(keys.getPkeyFile().empty());
76  EXPECT_TRUE(keys.getCertFile().empty());
77 }
78 
79 TEST(KeyManager, InitFileValid) {
80  Config config;
81  TemporaryDirectory temp_dir;
82  config.storage.path = temp_dir.Path();
83  std::shared_ptr<INvStorage> storage = INvStorage::newStorage(config.storage);
84  std::string ca = Utils::readFile("tests/test_data/prov/root.crt");
85  std::string pkey = Utils::readFile("tests/test_data/prov/pkey.pem");
86  std::string cert = Utils::readFile("tests/test_data/prov/client.pem");
87  storage->storeTlsCa(ca);
88  storage->storeTlsPkey(pkey);
89  storage->storeTlsCert(cert);
90  KeyManager keys(storage, config.keymanagerConfig());
91 
92  EXPECT_TRUE(keys.getCaFile().empty());
93  EXPECT_TRUE(keys.getPkeyFile().empty());
94  EXPECT_TRUE(keys.getCertFile().empty());
95  keys.loadKeys();
96  std::string ca_file = keys.getCaFile();
97  std::string pkey_file = keys.getPkeyFile();
98  std::string cert_file = keys.getCertFile();
99 
100  EXPECT_TRUE(boost::filesystem::exists(ca_file));
101  EXPECT_TRUE(boost::filesystem::exists(pkey_file));
102  EXPECT_TRUE(boost::filesystem::exists(cert_file));
103  EXPECT_FALSE(boost::filesystem::is_empty(ca_file));
104  EXPECT_FALSE(boost::filesystem::is_empty(pkey_file));
105  EXPECT_FALSE(boost::filesystem::is_empty(cert_file));
106  EXPECT_EQ(ca, Utils::readFile(ca_file));
107  EXPECT_EQ(pkey, Utils::readFile(pkey_file));
108  EXPECT_EQ(cert, Utils::readFile(cert_file));
109 }
110 
111 #ifdef BUILD_P11
112 /* Sign and verify a file with RSA via PKCS#11. */
113 TEST(KeyManager, SignTufPkcs11) {
114  Json::Value tosign_json;
115  tosign_json["mykey"] = "value";
116 
117  P11Config p11_conf;
118  p11_conf.module = TEST_PKCS11_MODULE_PATH;
119  p11_conf.pass = "1234";
120  p11_conf.uptane_key_id = "03";
121  Config config;
122  config.p11 = p11_conf;
123  config.uptane.key_source = CryptoSource::kPkcs11;
124 
125  TemporaryDirectory temp_dir;
126  config.storage.path = temp_dir.Path();
127  std::shared_ptr<INvStorage> storage = INvStorage::newStorage(config.storage);
128  KeyManager keys(storage, config.keymanagerConfig());
129 
130  EXPECT_GT(keys.UptanePublicKey().Value().size(), 0);
131  Json::Value signed_json = keys.signTuf(tosign_json);
132  EXPECT_EQ(signed_json["signed"]["mykey"].asString(), "value");
133  EXPECT_EQ(signed_json["signatures"][0]["keyid"].asString(),
134  "6a809c62b4f6c2ae11abfb260a6a9a57d205fc2887ab9c83bd6be0790293e187");
135  EXPECT_NE(signed_json["signatures"][0]["sig"].asString().size(), 0);
136 }
137 
138 /* Generate Uptane keys, use them for signing, and verify them. */
139 TEST(KeyManager, GenSignTufPkcs11) {
140  Json::Value tosign_json;
141  tosign_json["mykey"] = "value";
142 
143  P11Config p11_conf;
144  p11_conf.module = TEST_PKCS11_MODULE_PATH;
145  p11_conf.pass = "1234";
146  p11_conf.uptane_key_id = "06";
147  Config config;
148  config.p11 = p11_conf;
149  config.uptane.key_source = CryptoSource::kPkcs11;
150 
151  TemporaryDirectory temp_dir;
152  config.storage.path = temp_dir.Path();
153  std::shared_ptr<INvStorage> storage = INvStorage::newStorage(config.storage);
154  KeyManager keys(storage, config.keymanagerConfig());
155 
156  P11EngineGuard p11(config.p11);
157  EXPECT_TRUE(p11->generateUptaneKeyPair());
158 
159  EXPECT_GT(keys.UptanePublicKey().Value().size(), 0);
160  Json::Value signed_json = keys.signTuf(tosign_json);
161  EXPECT_EQ(signed_json["signed"]["mykey"].asString(), "value");
162  EXPECT_NE(signed_json["signatures"][0]["sig"].asString().size(), 0);
163 }
164 
165 /* Generate RSA keypairs via PKCS#11. */
166 TEST(KeyManager, InitPkcs11Valid) {
167  Config config;
168  P11Config p11_conf;
169  p11_conf.module = TEST_PKCS11_MODULE_PATH;
170  p11_conf.pass = "1234";
171  p11_conf.tls_pkey_id = "02";
172  p11_conf.tls_clientcert_id = "01";
173  config.p11 = p11_conf;
174  config.tls.ca_source = CryptoSource::kFile;
175  config.tls.pkey_source = CryptoSource::kPkcs11;
176  config.tls.cert_source = CryptoSource::kPkcs11;
177 
178  TemporaryDirectory temp_dir;
179  config.storage.path = temp_dir.Path();
180  std::shared_ptr<INvStorage> storage = INvStorage::newStorage(config.storage);
181  // Getting the CA from the HSM is not currently supported.
182  std::string ca = Utils::readFile("tests/test_data/prov/root.crt");
183  storage->storeTlsCa(ca);
184  KeyManager keys(storage, config.keymanagerConfig());
185  EXPECT_TRUE(keys.getCaFile().empty());
186  EXPECT_FALSE(keys.getPkeyFile().empty());
187  EXPECT_FALSE(keys.getCertFile().empty());
188  keys.loadKeys();
189  EXPECT_FALSE(keys.getCaFile().empty());
190  EXPECT_FALSE(keys.getPkeyFile().empty());
191  EXPECT_FALSE(keys.getCertFile().empty());
192 }
193 #endif
194 
195 #ifndef __NO_MAIN__
196 int main(int argc, char** argv) {
197  ::testing::InitGoogleTest(&argc, argv);
198  return RUN_ALL_TESTS();
199 }
200 #endif
KeyManager
Definition: keymanager.h:13
Config
Configuration object for an aktualizr instance running on a primary ECU.
Definition: config.h:74
P11Config
Definition: p11_config.h:15
TemporaryDirectory
Definition: utils.h:82
P11EngineGuard
Definition: p11engine.h:80
Generated by   doxygen 1.8.16