Add unit testing of erasing all passwords (#795617)

Test that all passwords are zeroed by PasswordRAMStore::erase_all(), the same method as used in the PasswordRAMStore destructor. Bug 795617 - Implement opening and closing of LUKS mappings
2017-11-10 07:39:04 +00:00 · 2017-11-10 07:39:04 +00:00 · d2a2ebe4a1
parent e2cb8b3126
commit d2a2ebe4a1
3 changed files with 36 additions and 7 deletions
--- a/include/PasswordRAMStore.h
+++ b/include/PasswordRAMStore.h
@ -36,10 +36,16 @@ namespace GParted

 class PasswordRAMStore
 {
+friend class PasswordRAMStoreTest;  // To allow unit testing PasswordRAMStoreTest class
+                                    // access to private erase_all() method.
+
 public:
 	static bool insert( const Glib::ustring & key, const char * password );
 	static bool erase( const Glib::ustring & key );
 	static const char * lookup( const Glib::ustring & key );
+
+private:
+	static void erase_all();
 };

 } //GParted
--- a/src/PasswordRAMStore.cc
+++ b/src/PasswordRAMStore.cc
@ -44,10 +44,10 @@ public:
 	bool insert( const Glib::ustring & key, const char * password );
 	bool erase( const Glib::ustring & key );
 	const char * lookup( const Glib::ustring & key );
+	void erase_all();

 private:
 	iterator find_key( const Glib::ustring & key );
-	void erase_all();

 	std::vector<PWEntry> pw_entries;     // Linear vector of password entries
 	char *               protected_mem;  // Block of virtual memory locked into RAM
@ -212,4 +212,11 @@ const char * PasswordRAMStore::lookup( const Glib::ustring & key )
 	return single_pwstore.lookup( key );
 }

+// PasswordRAMStore private methods
+
+void PasswordRAMStore::erase_all()
+{
+	single_pwstore.erase_all();
+}
+
 } //GParted
--- a/tests/test_PasswordRAMStore.cc
+++ b/tests/test_PasswordRAMStore.cc
@ -17,12 +17,10 @@
 /* Test PasswordRAMStore
 *
 * WARNING:
- * This unit testing only calls the public API of the PasswordRAMStore so would normally
- * be black box testing, however knowledge of the implementation is used to look through
- * the API to the internals making this white box testing.  This is so that the hidden
- * behaviour of zeroing password storing memory before and after use can be tested.
- * FIXME: Can't currently test memory is zeroed when the password store is destroyed
- * because destructor zeros memory AND removes it from the process address space.
+ * This unit testing calls the public API of PasswordRAMStore and also the private member.
+ * It also uses knowledge of the implementation to look through the API to the internals
+ * making this white box testing.  This is so that the hidden behaviour of zeroing
+ * password storing memory before and after use can be tested.
 *
 * WARNING:
 * Each test fixture would normally initialise separate resources to make the tests
@ -85,6 +83,8 @@ protected:

 	static void SetUpTestCase();

+	static void erase_all()  { PasswordRAMStore::erase_all(); };
+
 	static const char *  protected_mem;

 	std::string pw;
@ -262,4 +262,20 @@ TEST_F( PasswordRAMStoreTest, TooLongPassword )
 	EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
 }

+TEST_F( PasswordRAMStoreTest, TotalErasure )
+{
+	// Test all passwords are erased (and zeroed using the same code called during
+	// password cache destruction).
+	unsigned int i;
+	for ( i = 0 ; i < 100 ; i ++ )
+	{
+		pw = gen_passwd( i );
+		EXPECT_TRUE( PasswordRAMStore::insert( gen_key(i), pw.c_str() ) );
+	}
+	EXPECT_FALSE( mem_is_zero( protected_mem, ProtectedMemSize ) );
+
+	PasswordRAMStoreTest::erase_all();
+	EXPECT_TRUE( mem_is_zero( protected_mem, ProtectedMemSize ) );
+}
+
 }  // namespace GParted