Add unit testing of erasing all passwords (#795617)

Test that all passwords are zeroed by PasswordRAMStore::erase_all(), the
same method as used in the PasswordRAMStore destructor.

Bug 795617 - Implement opening and closing of LUKS mappings

include/PasswordRAMStore.h

@@ -36,10 +36,16 @@ namespace GParted
 
 class PasswordRAMStore
 {
+friend class PasswordRAMStoreTest;  // To allow unit testing PasswordRAMStoreTest class
+                                    // access to private erase_all() method.
+
 public:
 	static bool insert( const Glib::ustring & key, const char * password );
 	static bool erase( const Glib::ustring & key );
 	static const char * lookup( const Glib::ustring & key );
+
+private:
+	static void erase_all();
 };
 
 } //GParted

src/PasswordRAMStore.cc

@@ -44,10 +44,10 @@ public:
 	bool insert( const Glib::ustring & key, const char * password );
 	bool erase( const Glib::ustring & key );
 	const char * lookup( const Glib::ustring & key );
+	void erase_all();
 
 private:
 	iterator find_key( const Glib::ustring & key );
-	void erase_all();
 
 	std::vector<PWEntry> pw_entries;     // Linear vector of password entries
 	char *               protected_mem;  // Block of virtual memory locked into RAM
@@ -212,4 +212,11 @@ const char * PasswordRAMStore::lookup( const Glib::ustring & key )
 	return single_pwstore.lookup( key );
 }
 
+// PasswordRAMStore private methods
+
+void PasswordRAMStore::erase_all()
+{
+	single_pwstore.erase_all();
+}
+
 } //GParted

tests/test_PasswordRAMStore.cc

@@ -17,12 +17,10 @@
 /* Test PasswordRAMStore
  *
  * WARNING:
- * This unit testing only calls the public API of the PasswordRAMStore so would normally
+ * This unit testing calls the public API of PasswordRAMStore and also the private member.
- * be black box testing, however knowledge of the implementation is used to look through
+ * It also uses knowledge of the implementation to look through the API to the internals
- * the API to the internals making this white box testing.  This is so that the hidden
+ * making this white box testing.  This is so that the hidden behaviour of zeroing
- * behaviour of zeroing password storing memory before and after use can be tested.
+ * password storing memory before and after use can be tested.
- * FIXME: Can't currently test memory is zeroed when the password store is destroyed
- * because destructor zeros memory AND removes it from the process address space.
  *
  * WARNING:
  * Each test fixture would normally initialise separate resources to make the tests
@@ -85,6 +83,8 @@ protected:
 
 	static void SetUpTestCase();
 
+	static void erase_all()  { PasswordRAMStore::erase_all(); };
+
 	static const char *  protected_mem;
 
 	std::string pw;
@@ -262,4 +262,20 @@ TEST_F( PasswordRAMStoreTest, TooLongPassword )
 	EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
 }
 
+TEST_F( PasswordRAMStoreTest, TotalErasure )
+{
+	// Test all passwords are erased (and zeroed using the same code called during
+	// password cache destruction).
+	unsigned int i;
+	for ( i = 0 ; i < 100 ; i ++ )
+	{
+		pw = gen_passwd( i );
+		EXPECT_TRUE( PasswordRAMStore::insert( gen_key(i), pw.c_str() ) );
+	}
+	EXPECT_FALSE( mem_is_zero( protected_mem, ProtectedMemSize ) );
+
+	PasswordRAMStoreTest::erase_all();
+	EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
+}
+
 }  // namespace GParted