Project

General

Profile

Actions

Bug #3338

closed

macOS Keychain tests are executed even with --without-osx-keychain

Added by Junxiao Shi about 9 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
1.50 h

Description

ndn-cxx:commit:bd2cedbefd37be734f8cbd692e6c72c5d2f31122

Steps to reproduce:

  1. ./waf configure --with-tests --debug --without-pch --without-osx-keychain --enable-static --disable-shared
  2. ./waf
  3. build/unit-tests -l test_suite

Expected: no test failure

Actual: test failures in Security/Tpm/TestBackEnd, Security/V1/TestKeyChain/ConstructorEmptyConfig, Security/V1/TestSecTpmOsx/Delete, Security/V1/TestSecTpmOsx/SignVerify

Actions #1

Updated by Junxiao Shi about 9 years ago

Root cause:

In ndn-cxx-config.hpp, NDN_CXX_HAVE_OSX_SECURITY denotes whether OSX Security Framework is available which depends on a feature detection, and NDN_CXX_WITH_OSX_KEYCHAIN denotes whether OSX Keychain is enabled which depends on --without-osx-keychain option.
The compilation of src/**/*-osx.cpp and their test suites depends on NDN_CXX_HAVE_OSX_SECURITY.

KeyChain class picks a TPM based on NDN_CXX_WITH_OSX_KEYCHAIN, but its test suite incorrectly uses NDN_CXX_HAVE_OSX_SECURITY to compute the expected value, failing SecurityKeyChain/ConstructorEmptyConfig test case.

I'm unsure what's causing failures in SecuritySecTpmOsx test suite. Failures persist even after build/bin/ndnsec unlock-tpm.

Recommended solution:

If --without-osx-keychain is specified, don't compile **/*-osx.cpp and their test suites, and have all code path depend on NDN_CXX_WITH_OSX_KEYCHAIN only.

Actions #2

Updated by Alex Afanasyev about 9 years ago

without-osx-keychain configure flag does not disable OS KeyChain, it removes it from being a default TPM.

The failures could be because of something is wrong with PIB database (e.g., leftover from a library compiled with OSX KeyChain by default).

Actions #3

Updated by Junxiao Shi about 9 years ago

without-osx-keychain configure flag does not disable OS KeyChain, it removes it from being a default TPM.

This is confusing. --without means "don't build" in most other projects, not "build but don't set as default".

The failures could be because of something is wrong with PIB database (e.g., leftover from a library compiled with OSX KeyChain by default).

The same machine does have an installation of ndn-cxx with OSX Keychain as default, but the ndn-cxx repository where unit tests are executed on is a fresh clone.

Shouldn't unit testing use TEST_HOME within the repository directory? It shouldn't affect anything in my regular HOME directory.

Actions #4

Updated by Davide Pesavento about 9 years ago

Junxiao Shi wrote:

without-osx-keychain configure flag does not disable OS KeyChain, it removes it from being a default TPM.

This is confusing. --without means "don't build" in most other projects, not "build but don't set as default".

Agreed.

Shouldn't unit testing use TEST_HOME within the repository directory? It shouldn't affect anything in my regular HOME directory.

I strongly agree. Touching, or even looking at, the content of the home directory of the current user is a very bad idea. I don't know how these tests are structured, but if they're using the $HOME environment variable, we should at least tell people to override it before running the unit tests. (btw this affects Linux too)

Actions #5

Updated by Alex Afanasyev about 9 years ago

  • Target version set to v0.5
Actions #6

Updated by Junxiao Shi over 7 years ago

  • Description updated (diff)
  • Target version changed from v0.5 to v0.6
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/KeyManagement<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/RsaSigning<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/RsaDecryption<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/EcdsaSigning<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
../tests/unit-tests/security/tpm/back-end.t.cpp:227: fatal error: in "Security/Tpm/TestBackEnd/ImportExport<ndn__security__tpm__tests__BackEndWrapperOsx>": unexpected exception thrown by tpm.importKey(keyName, privateKeyBuffer->buf(), privateKeyBuffer->size(), password.c_str(), password.size())
../tests/unit-tests/security/v1/key-chain.t.cpp:104: error: in "Security/V1/TestKeyChain/ConstructorEmptyConfig": check keyChain.getPib().getTpmLocator() == "tpm-osxkeychain:" has failed [tpm-file: != tpm-osxkeychain:]
../tests/unit-tests/security/v1/key-chain.t.cpp:105: error: in "Security/V1/TestKeyChain/ConstructorEmptyConfig": check keyChain.getTpm().getTpmLocator() == "tpm-osxkeychain:" has failed [tpm-file: != tpm-osxkeychain:]
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:78: error: in "Security/V1/TestSecTpmOsx/Delete": unexpected exception thrown by tpm.generateKeyPairInTpm(keyName, params)
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:80: fatal error: in "Security/V1/TestSecTpmOsx/Delete": critical check tpm.doesKeyExistInTpm(keyName, KeyClass::PUBLIC) == true has failed [false != true]
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:97: error: in "Security/V1/TestSecTpmOsx/SignVerify": unexpected exception thrown by tpm.generateKeyPairInTpm(keyName, params)
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:104: error: in "Security/V1/TestSecTpmOsx/SignVerify": unexpected exception thrown by sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DigestAlgorithm::SHA256)
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:107: error: in "Security/V1/TestSecTpmOsx/SignVerify": unexpected exception thrown by publicKey = tpm.getPublicKeyFromTpm(keyName)
unknown location:0: fatal error: in "Security/V1/TestSecTpmOsx/SignVerify": memory access violation at address: 0x00000008: no mapping at fault address
Actions #7

Updated by Davide Pesavento almost 7 years ago

  • Subject changed from OSX Keychain tests are executed with --without-osx-keychain to OSX Keychain tests are executed even with --without-osx-keychain
  • Target version changed from v0.6 to v0.7
  • Start date deleted (11/13/2015)
Actions #8

Updated by Davide Pesavento about 6 years ago

  • Tags set to UnitTests
Actions #9

Updated by Davide Pesavento almost 6 years ago

  • Subject changed from OSX Keychain tests are executed even with --without-osx-keychain to macOS Keychain tests are executed even with --without-osx-keychain
  • Target version deleted (v0.7)
Actions #10

Updated by Davide Pesavento over 4 years ago

  • Tags changed from unit-tests to unit-tests, macOS
Actions #11

Updated by Davide Pesavento over 2 years ago

  • Status changed from New to In Progress
  • Assignee set to Davide Pesavento
  • Target version set to 0.8.1
Actions #12

Updated by Davide Pesavento over 2 years ago

  • Status changed from In Progress to Code review
  • % Done changed from 0 to 100
Actions #13

Updated by Davide Pesavento over 2 years ago

  • Status changed from Code review to Closed

https://gerrit.named-data.net/c/ndn-cxx/+/6775

This fixes the immediate issue of the test failures when configured with --without-osx-keychain. Renaming the option and/or adding a separate option to disable compilation of the OSX backend altogether can be considered a separate issue (personally I'm not sure if there's much value, but I'm not opposed to the idea).

Actions

Also available in: Atom PDF