Project

General

Profile

Bug #3338

macOS Keychain tests are executed even with --without-osx-keychain

Added by Junxiao Shi over 4 years ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
1.50 h

Description

ndn-cxx:commit:bd2cedbefd37be734f8cbd692e6c72c5d2f31122

Steps to reproduce:

  1. ./waf configure --with-tests --debug --without-pch --without-osx-keychain --enable-static --disable-shared
  2. ./waf
  3. build/unit-tests -l test_suite

Expected: no test failure

Actual: test failures in Security/Tpm/TestBackEnd, Security/V1/TestKeyChain/ConstructorEmptyConfig, Security/V1/TestSecTpmOsx/Delete, Security/V1/TestSecTpmOsx/SignVerify

#1

Updated by Junxiao Shi over 4 years ago

Root cause:

In ndn-cxx-config.hpp, NDN_CXX_HAVE_OSX_SECURITY denotes whether OSX Security Framework is available which depends on a feature detection, and NDN_CXX_WITH_OSX_KEYCHAIN denotes whether OSX Keychain is enabled which depends on --without-osx-keychain option.
The compilation of src/**/*-osx.cpp and their test suites depends on NDN_CXX_HAVE_OSX_SECURITY.

KeyChain class picks a TPM based on NDN_CXX_WITH_OSX_KEYCHAIN, but its test suite incorrectly uses NDN_CXX_HAVE_OSX_SECURITY to compute the expected value, failing SecurityKeyChain/ConstructorEmptyConfig test case.

I'm unsure what's causing failures in SecuritySecTpmOsx test suite. Failures persist even after build/bin/ndnsec unlock-tpm.

Recommended solution:

If --without-osx-keychain is specified, don't compile **/*-osx.cpp and their test suites, and have all code path depend on NDN_CXX_WITH_OSX_KEYCHAIN only.

#2

Updated by Alex Afanasyev over 4 years ago

without-osx-keychain configure flag does not disable OS KeyChain, it removes it from being a default TPM.

The failures could be because of something is wrong with PIB database (e.g., leftover from a library compiled with OSX KeyChain by default).

#3

Updated by Junxiao Shi over 4 years ago

without-osx-keychain configure flag does not disable OS KeyChain, it removes it from being a default TPM.

This is confusing. --without means "don't build" in most other projects, not "build but don't set as default".

The failures could be because of something is wrong with PIB database (e.g., leftover from a library compiled with OSX KeyChain by default).

The same machine does have an installation of ndn-cxx with OSX Keychain as default, but the ndn-cxx repository where unit tests are executed on is a fresh clone.

Shouldn't unit testing use TEST_HOME within the repository directory? It shouldn't affect anything in my regular HOME directory.

#4

Updated by Davide Pesavento over 4 years ago

Junxiao Shi wrote:

without-osx-keychain configure flag does not disable OS KeyChain, it removes it from being a default TPM.

This is confusing. --without means "don't build" in most other projects, not "build but don't set as default".

Agreed.

Shouldn't unit testing use TEST_HOME within the repository directory? It shouldn't affect anything in my regular HOME directory.

I strongly agree. Touching, or even looking at, the content of the home directory of the current user is a very bad idea. I don't know how these tests are structured, but if they're using the $HOME environment variable, we should at least tell people to override it before running the unit tests. (btw this affects Linux too)

#5

Updated by Alex Afanasyev over 4 years ago

  • Target version set to v0.5
#6

Updated by Junxiao Shi about 3 years ago

  • Description updated (diff)
  • Target version changed from v0.5 to v0.6
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/KeyManagement<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/RsaSigning<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/RsaDecryption<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/EcdsaSigning<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
../tests/unit-tests/security/tpm/back-end.t.cpp:227: fatal error: in "Security/Tpm/TestBackEnd/ImportExport<ndn__security__tpm__tests__BackEndWrapperOsx>": unexpected exception thrown by tpm.importKey(keyName, privateKeyBuffer->buf(), privateKeyBuffer->size(), password.c_str(), password.size())
../tests/unit-tests/security/v1/key-chain.t.cpp:104: error: in "Security/V1/TestKeyChain/ConstructorEmptyConfig": check keyChain.getPib().getTpmLocator() == "tpm-osxkeychain:" has failed [tpm-file: != tpm-osxkeychain:]
../tests/unit-tests/security/v1/key-chain.t.cpp:105: error: in "Security/V1/TestKeyChain/ConstructorEmptyConfig": check keyChain.getTpm().getTpmLocator() == "tpm-osxkeychain:" has failed [tpm-file: != tpm-osxkeychain:]
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:78: error: in "Security/V1/TestSecTpmOsx/Delete": unexpected exception thrown by tpm.generateKeyPairInTpm(keyName, params)
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:80: fatal error: in "Security/V1/TestSecTpmOsx/Delete": critical check tpm.doesKeyExistInTpm(keyName, KeyClass::PUBLIC) == true has failed [false != true]
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:97: error: in "Security/V1/TestSecTpmOsx/SignVerify": unexpected exception thrown by tpm.generateKeyPairInTpm(keyName, params)
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:104: error: in "Security/V1/TestSecTpmOsx/SignVerify": unexpected exception thrown by sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DigestAlgorithm::SHA256)
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:107: error: in "Security/V1/TestSecTpmOsx/SignVerify": unexpected exception thrown by publicKey = tpm.getPublicKeyFromTpm(keyName)
unknown location:0: fatal error: in "Security/V1/TestSecTpmOsx/SignVerify": memory access violation at address: 0x00000008: no mapping at fault address
#7

Updated by Davide Pesavento over 2 years ago

  • Subject changed from OSX Keychain tests are executed with --without-osx-keychain to OSX Keychain tests are executed even with --without-osx-keychain
  • Target version changed from v0.6 to v0.7
  • Start date deleted (11/13/2015)
#8

Updated by Davide Pesavento over 1 year ago

  • Tags set to UnitTests
#9

Updated by Davide Pesavento over 1 year ago

  • Subject changed from OSX Keychain tests are executed even with --without-osx-keychain to macOS Keychain tests are executed even with --without-osx-keychain
  • Target version deleted (v0.7)
#10

Updated by Davide Pesavento about 2 months ago

  • Tags changed from unit-tests to unit-tests, macOS

Also available in: Atom PDF