security: Consistent exception handling.
Change-Id: Ia29963e96028e591e9c4fc4a68a472f794b17e52
diff --git a/tests/security/test-sec-public-info-sqlite3.cpp b/tests/security/test-sec-public-info-sqlite3.cpp
index 4335b71..bbbe01c 100644
--- a/tests/security/test-sec-public-info-sqlite3.cpp
+++ b/tests/security/test-sec-public-info-sqlite3.cpp
@@ -22,30 +22,34 @@
{
KeyChainImpl<SecPublicInfoSqlite3, SecTpmFile> keyChain;
- Name identity(string("/TestSecPublicInfoSqlite3/Delete/") + boost::lexical_cast<string>(time::now()));
+ Name identity("/TestSecPublicInfoSqlite3/Delete/" + boost::lexical_cast<string>(time::now()));
Name certName1;
BOOST_REQUIRE_NO_THROW(certName1 = keyChain.createIdentity(identity));
Name keyName1 = IdentityCertificate::certificateNameToPublicKeyName(certName1);
Name keyName2;
- BOOST_CHECK_NO_THROW(keyName2 = keyChain.generateRSAKeyPairAsDefault(identity));
+ BOOST_REQUIRE_NO_THROW(keyName2 = keyChain.generateRSAKeyPairAsDefault(identity));
- ptr_lib::shared_ptr<IdentityCertificate> cert2 = keyChain.selfSign(keyName2);
+ shared_ptr<IdentityCertificate> cert2;
+ BOOST_REQUIRE_NO_THROW(cert2 = keyChain.selfSign(keyName2));
Name certName2 = cert2->getName();
- keyChain.addCertificateAsKeyDefault(*cert2);
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert2));
Name keyName3;
- BOOST_CHECK_NO_THROW(keyName3 = keyChain.generateRSAKeyPairAsDefault(identity));
+ BOOST_REQUIRE_NO_THROW(keyName3 = keyChain.generateRSAKeyPairAsDefault(identity));
- ptr_lib::shared_ptr<IdentityCertificate> cert3 = keyChain.selfSign(keyName3);
+ shared_ptr<IdentityCertificate> cert3;
+ BOOST_REQUIRE_NO_THROW(cert3 = keyChain.selfSign(keyName3));
Name certName3 = cert3->getName();
- keyChain.addCertificateAsKeyDefault(*cert3);
- ptr_lib::shared_ptr<IdentityCertificate> cert4 = keyChain.selfSign(keyName3);
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert3));
+ shared_ptr<IdentityCertificate> cert4;
+ BOOST_REQUIRE_NO_THROW(cert4 = keyChain.selfSign(keyName3));
Name certName4 = cert4->getName();
- keyChain.addCertificateAsKeyDefault(*cert4);
- ptr_lib::shared_ptr<IdentityCertificate> cert5 = keyChain.selfSign(keyName3);
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert4));
+ shared_ptr<IdentityCertificate> cert5;
+ BOOST_REQUIRE_NO_THROW(cert5 = keyChain.selfSign(keyName3));
Name certName5 = cert5->getName();
- keyChain.addCertificateAsKeyDefault(*cert5);
+ BOOST_REQUIRE_NO_THROW(keyChain.addCertificateAsKeyDefault(*cert5));
BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), true);
BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName1), true);
diff --git a/tests/security/test-sec-tpm-file.cpp b/tests/security/test-sec-tpm-file.cpp
index c16ed24..146a1e1 100644
--- a/tests/security/test-sec-tpm-file.cpp
+++ b/tests/security/test-sec-tpm-file.cpp
@@ -46,23 +46,30 @@
Data data("/tmp/test/1");
const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
- Block sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DIGEST_ALGORITHM_SHA256);
- ptr_lib::shared_ptr<PublicKey> pubkeyPtr = tpm.getPublicKeyFromTpm(keyName);
+ Block sigBlock;
+ BOOST_CHECK_NO_THROW(sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DIGEST_ALGORITHM_SHA256));
+ shared_ptr<PublicKey> pubkeyPtr;
+ BOOST_CHECK_NO_THROW(pubkeyPtr = tpm.getPublicKeyFromTpm(keyName));
- {
- using namespace CryptoPP;
-
- RSA::PublicKey publicKey;
- ByteQueue queue;
- queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
- publicKey.Load(queue);
-
- RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
- bool result = verifier.VerifyMessage(content, sizeof(content),
- sigBlock.value(), sigBlock.value_size());
-
- BOOST_REQUIRE_EQUAL(result, true);
- }
+ try
+ {
+ using namespace CryptoPP;
+
+ RSA::PublicKey publicKey;
+ ByteQueue queue;
+ queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
+ publicKey.Load(queue);
+
+ RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
+ bool result = verifier.VerifyMessage(content, sizeof(content),
+ sigBlock.value(), sigBlock.value_size());
+
+ BOOST_CHECK_EQUAL(result, true);
+ }
+ catch(CryptoPP::Exception& e)
+ {
+ BOOST_CHECK(false);
+ }
tpm.deleteKeyPairInTpm(keyName);
}
@@ -96,7 +103,7 @@
"3082050E304006092A864886F70D01050D3033301B06092A864886F70D01050C300E0408209CF0B1B4C856A802020800301406082A864886F70D0307040884B1229D80690211048204C8DA62C11E1CCFC43F318D0C03DA4B11350122B18F23645C454F41BB46C7F8EED4F95041A9130B33E989AF338951A286B55FB9A707AF1C5B2E1FAE7CD66D6D556CBFD90640BDA0D7904DD8D89CF15AB24F1A652AB76E16411B78E8A9AAEEB6EE06FA793B2B4A3EE4B9B5DFB3FC3D38076145915A11CEC8FD2EAB70F51A0DA8B88B73B4DD5BAFB933ABCD92FFBA7843083CCE6B7A6BD9A51094EFF93DC93A19B4982F5FF8696FDF07B76366B6408EC18F4EA218A4F6B5EA85A5AF3B082D0E3AE74665BDD9FC7DE87A7A54EB038AB2E9196365F8481F1CC601EB866D554B4FBCDABECD35CBE404F3CB313E9799D111AD955C42629FB1A01E6138EFF15E6DE7D2BF8754868157DAC72EE5125221D502DCF0B8E8FF5CA87B601357785E7C95CBFC369B31D747ADACFB95E614507A5622ACAA3541B4FE02AEEC2DD588D3D7860A50C78EF460C39E250851140155052F18419F37D551FC3F5224764A17A2C47F9CEDC63780E3AF48C421D682FD3A68A2E12EB28737DB0F785137FC01282D0D82220E2D147E4E2D261046D3C5842B55C1C2F6BA51727AF57C502242F397ACEC341F2C6C6E739E629A144602C9994C88B4F8B4F7150C087C143D9FEC23A686E5E46A5541A071869089BECC05B186FC3D8F95668A671D7088462D61423BAEB73B41CDA5B69E22D6EE3A64BB523B1522F2433BA8AD98A7500EB5C5859469F45C15E91AC1DA9D9473B3C2B37C38D038F99122E157166B89C1EA941A683A73C3F7C0762E79E9C1E28A306042D8683C26995F7AA1B5CC1B985BB0A9DEE6471E9BCEF977A2BE84BD90CE3025FA76B8B546725D85C37543B69604D3F0822DBA3067E9CF9BF2F0DC676E0D718C963C71DBD7A278BAF2A2FFA65BDB8E60FCDD0D0BA841E37284FB6174047D1EC974730A77A7E808C5F27BF1FF0818AD7B0596C538ECFF2068BD5EED5E90102918E2F224EBFFDB2C8366A5C819A00BF6DDF823BD861331F4BF2323ECA284B90C96AB6C7CDBB200163AEA8FD9EC18BA5ACAA8B8B4BDA532A04AD179D402F09E69F5CE0A179EBEF9A99E8B0C5BC8A9C3CA71C820508E33C79A98B9C31F856F53D1369AD7D9C668BC9160D6C7F3612842BDCDB42F5AE6860E93B2B203CAE26C93A7640640D403BC107DDA031CAD54DC63FFF73861D25DE26B9147C328B3940F2CFB44E82112DD6FA514CB8FD5DD6E6FF4D4EFF430B06AC970D8D75F5BD6A015558ED8D82C5121115DC3657BE88356348C0F8B8EADFD5506C0C046984BB1F12F3EEFD32FED4C8684ABD252BF3CA56092D4A752CF51E13755568C3BF25CFCA0F7AF9279CA593305C27645022DD2DD0F7FFCAC92EDEF04B9DCAE7FD55E2C69C76CF061F1ECD724850FCA574543954105B9A3824B849DDD75DEB57B382054AAB4A1FE467D235FB77C220730ED7D9B79A575831395AAE0C4C0B0D3E7EC17511C3DE9A86AD1C68BFF861FA0151020E43A1C6B4F4D6273D586B1D291AEF45DF454463F39BACA2FF07AA5E24A7EA850189F8C39BA8E88FEB21C1647EF910898B02492C49599111D3558F05A4CFD0FDBF33E802798FF2C437FCD65AAC1024FB29D08DCD7DB7E08279C3EB4B64E58747096641D1886145EC9E5ADDC8BBC81BE0DC77C3F3A017311050B921B5506F13AF30BA04AFAA210F0359E710C01319DE7BFF165A3615E8DDFC6E3FC167BA39B332B42E5207CA4934EABDAE2D057FA661DEB3EBC1A4AFD4F3E014918EC");
string decoded;
- StringSource source(imported, true, new HexDecoder(new StringSink(decoded))); // StringSource
+ BOOST_CHECK_NO_THROW(StringSource source(imported, true, new HexDecoder(new StringSink(decoded)))); // StringSource
SecTpmFile tpm;
@@ -110,27 +117,35 @@
BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == true);
BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == true);
- shared_ptr<PublicKey> pubkeyPtr = tpm.getPublicKeyFromTpm(keyName);
+ shared_ptr<PublicKey> pubkeyPtr;
+ BOOST_CHECK_NO_THROW(pubkeyPtr = tpm.getPublicKeyFromTpm(keyName));
const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
- Block sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DIGEST_ALGORITHM_SHA256);
+ Block sigBlock;
+ BOOST_CHECK_NO_THROW(sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DIGEST_ALGORITHM_SHA256));
- {
- using namespace CryptoPP;
-
- RSA::PublicKey publicKey;
- ByteQueue queue;
- queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
- publicKey.Load(queue);
+ try
+ {
+ using namespace CryptoPP;
+
+ RSA::PublicKey publicKey;
+ ByteQueue queue;
+ queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
+ publicKey.Load(queue);
+
+ RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
+ bool result = verifier.VerifyMessage(content, sizeof(content),
+ sigBlock.value(), sigBlock.value_size());
+
+ BOOST_CHECK_EQUAL(result, true);
+ }
+ catch(CryptoPP::Exception& e)
+ {
+ BOOST_CHECK(false);
+ }
- RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
- bool result = verifier.VerifyMessage(content, sizeof(content),
- sigBlock.value(), sigBlock.value_size());
-
- BOOST_REQUIRE_EQUAL(result, true);
- }
-
- ConstBufferPtr exported = tpm.exportPrivateKeyPkcs8FromTpm(keyName, "5678");
+ ConstBufferPtr exported;
+ BOOST_CHECK_NO_THROW(exported = tpm.exportPrivateKeyPkcs8FromTpm(keyName, "5678"));
tpm.deleteKeyPairInTpm(keyName);
@@ -143,22 +158,28 @@
BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == true);
const uint8_t content2[] = {0x05, 0x06, 0x07, 0x08};
- Block sigBlock2 = tpm.signInTpm(content2, sizeof(content2), keyName, DIGEST_ALGORITHM_SHA256);
+ Block sigBlock2;
+ BOOST_CHECK_NO_THROW(sigBlock2 = tpm.signInTpm(content2, sizeof(content2), keyName, DIGEST_ALGORITHM_SHA256));
- {
- using namespace CryptoPP;
-
- RSA::PublicKey publicKey;
- ByteQueue queue;
- queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
- publicKey.Load(queue);
+ try
+ {
+ using namespace CryptoPP;
+
+ RSA::PublicKey publicKey;
+ ByteQueue queue;
+ queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
+ publicKey.Load(queue);
- RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
- bool result = verifier.VerifyMessage(content2, sizeof(content2),
- sigBlock2.value(), sigBlock2.value_size());
+ RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
+ bool result = verifier.VerifyMessage(content2, sizeof(content2),
+ sigBlock2.value(), sigBlock2.value_size());
- BOOST_REQUIRE_EQUAL(result, true);
- }
+ BOOST_CHECK_EQUAL(result, true);
+ }
+ catch(CryptoPP::Exception& e)
+ {
+ BOOST_CHECK(false);
+ }
tpm.deleteKeyPairInTpm(keyName);
diff --git a/tests/security/test-sec-tpm-osx.cpp b/tests/security/test-sec-tpm-osx.cpp
index 7a94f33..d75eec1 100644
--- a/tests/security/test-sec-tpm-osx.cpp
+++ b/tests/security/test-sec-tpm-osx.cpp
@@ -25,7 +25,7 @@
{
SecTpmOsx tpm;
- Name keyName("/TestSecTpmOsx/Delete/ksk-123456");
+ Name keyName("/TestSecTpmOsx/Delete/ksk-" + boost::lexical_cast<string>(time::now()));
BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, KEY_TYPE_RSA, 2048));
BOOST_REQUIRE_EQUAL(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), true);
@@ -41,29 +41,36 @@
{
SecTpmOsx tpm;
- Name keyName("/TestSecTpmOsx/SignVerify/ksk-123456");
+ Name keyName("/TestSecTpmOsx/SignVerify/ksk-" + boost::lexical_cast<string>(time::now()));
BOOST_CHECK_NO_THROW(tpm.generateKeyPairInTpm(keyName, KEY_TYPE_RSA, 2048));
Data data("/TestSecTpmOsx/SignVaerify/Data/1");
const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
- Block sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DIGEST_ALGORITHM_SHA256);
- shared_ptr<PublicKey> pubkeyPtr = tpm.getPublicKeyFromTpm(keyName);
+ Block sigBlock;
+ BOOST_CHECK_NO_THROW(sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DIGEST_ALGORITHM_SHA256));
- {
- using namespace CryptoPP;
-
- RSA::PublicKey publicKey;
- ByteQueue queue;
- queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
- publicKey.Load(queue);
+ shared_ptr<PublicKey> pubkeyPtr;
+ BOOST_CHECK_NO_THROW(pubkeyPtr = tpm.getPublicKeyFromTpm(keyName));
+ try
+ {
+ using namespace CryptoPP;
- RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
- bool result = verifier.VerifyMessage(content, sizeof(content),
- sigBlock.value(), sigBlock.value_size());
+ RSA::PublicKey publicKey;
+ ByteQueue queue;
+ queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
+ publicKey.Load(queue);
+
+ RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
+ bool result = verifier.VerifyMessage(content, sizeof(content),
+ sigBlock.value(), sigBlock.value_size());
- BOOST_REQUIRE_EQUAL(result, true);
- }
+ BOOST_CHECK_EQUAL(result, true);
+ }
+ catch(CryptoPP::Exception& e)
+ {
+ BOOST_CHECK(false);
+ }
tpm.deleteKeyPairInTpm(keyName);
}
@@ -102,8 +109,10 @@
BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == true);
BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == true);
- ConstBufferPtr exported = tpm.exportPrivateKeyPkcs8FromTpm(keyName, "1234");
- shared_ptr<PublicKey> pubkeyPtr = tpm.getPublicKeyFromTpm(keyName);
+ ConstBufferPtr exported;
+ BOOST_CHECK_NO_THROW(exported = tpm.exportPrivateKeyPkcs8FromTpm(keyName, "1234"));
+ shared_ptr<PublicKey> pubkeyPtr;
+ BOOST_REQUIRE_NO_THROW(pubkeyPtr = tpm.getPublicKeyFromTpm(keyName));
tpm.deleteKeyPairInTpm(keyName);
@@ -116,22 +125,28 @@
BOOST_REQUIRE(tpm.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == true);
const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
- Block sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DIGEST_ALGORITHM_SHA256);
+ Block sigBlock;
+ BOOST_CHECK_NO_THROW(sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DIGEST_ALGORITHM_SHA256));
- {
- using namespace CryptoPP;
-
- RSA::PublicKey publicKey;
- ByteQueue queue;
- queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
- publicKey.Load(queue);
+ try
+ {
+ using namespace CryptoPP;
- RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
- bool result = verifier.VerifyMessage(content, sizeof(content),
- sigBlock.value(), sigBlock.value_size());
-
- BOOST_REQUIRE_EQUAL(result, true);
- }
+ RSA::PublicKey publicKey;
+ ByteQueue queue;
+ queue.Put(reinterpret_cast<const byte*>(pubkeyPtr->get().buf()), pubkeyPtr->get().size());
+ publicKey.Load(queue);
+
+ RSASS<PKCS1v15, SHA256>::Verifier verifier (publicKey);
+ bool result = verifier.VerifyMessage(content, sizeof(content),
+ sigBlock.value(), sigBlock.value_size());
+
+ BOOST_CHECK_EQUAL(result, true);
+ }
+ catch(CryptoPP::Exception& e)
+ {
+ BOOST_CHECK(false);
+ }
tpm.deleteKeyPairInTpm(keyName);
// This is some problem related to Mac OS Key chain, and we will fix it later.
diff --git a/tests/security/test-signed-interest.cpp b/tests/security/test-signed-interest.cpp
index 80f55a4..3adb0a4 100644
--- a/tests/security/test-signed-interest.cpp
+++ b/tests/security/test-signed-interest.cpp
@@ -21,24 +21,25 @@
{
KeyChainImpl<SecPublicInfoSqlite3, SecTpmFile> keyChain;
- Name identityName("/TestSignedInterest/SignVerify");
+ Name identityName("/TestSignedInterest/SignVerify/" + boost::lexical_cast<string>(time::now()));
Name certificateName;
BOOST_REQUIRE_NO_THROW(certificateName = keyChain.createIdentity(identityName));
Interest interest("/TestSignedInterest/SignVerify/Interest1");
- keyChain.signByIdentity(interest, identityName);
+ BOOST_CHECK_NO_THROW(keyChain.signByIdentity(interest, identityName));
Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
Interest interest2;
interest2.wireDecode(interestBlock);
- shared_ptr<PublicKey> publicKey = keyChain.getPublicKeyFromTpm(keyChain.getDefaultKeyNameForIdentity(identityName));
+ shared_ptr<PublicKey> publicKey;
+ BOOST_REQUIRE_NO_THROW(publicKey = keyChain.getPublicKeyFromTpm(keyChain.getDefaultKeyNameForIdentity(identityName)));
bool result = Validator::verifySignature(interest2, *publicKey);
BOOST_CHECK_EQUAL(result, true);
- BOOST_CHECK_NO_THROW(keyChain.deleteIdentity(identityName));
+ keyChain.deleteIdentity(identityName);
}
class CommandInterestFixture
diff --git a/tests/security/test-validator.cpp b/tests/security/test-validator.cpp
index 48e1eec..5c4fba0 100644
--- a/tests/security/test-validator.cpp
+++ b/tests/security/test-validator.cpp
@@ -29,14 +29,14 @@
{
KeyChainImpl<SecPublicInfoSqlite3, SecTpmFile> keyChain;
- Name identity(string("/TestValidator/Null/") + boost::lexical_cast<std::string>(time::now()));
- keyChain.createIdentity(identity);
+ Name identity("/TestValidator/Null/" + boost::lexical_cast<std::string>(time::now()));
+ BOOST_REQUIRE_NO_THROW(keyChain.createIdentity(identity));
Name dataName = identity;
dataName.append("1");
shared_ptr<Data> data = make_shared<Data>(dataName);
- keyChain.signByIdentity(*data, identity);
+ BOOST_CHECK_NO_THROW(keyChain.signByIdentity(*data, identity));
ValidatorNull validator;