1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 ******************************************************************/
25 #include <oic_malloc.h>
26 #include <gtest/gtest.h>
29 #include "cert_generator.h"
30 #include "ck_manager.h"
35 #include "crl_generator.h"
36 #include "crlresource.h"
43 #define READ_WRITE_BLOCK_N 1ul
44 #define N_LENGTH_BYTES 3
46 const char *CKMI_PS_FILE_NAME = "CKMInfo.dat";
48 #define CRL_DEFAULT_CRL_ID 1
49 #define CRL_DEFAULT_THIS_UPDATE "150101000000Z"
50 #define CRL_DEFAULT_CRL_DATA "-"
52 #define NUMBER_OF_REVOKED 2
54 OCPersistentStorage ps = { NULL, NULL, NULL, NULL, NULL};
56 //#define NUM_ACE_FOR_WILDCARD_IN_CKM1_JSON (2)
58 FILE* ckm_fopen(const char * /*path*/, const char *mode)
60 return fopen(CKMI_PS_FILE_NAME, mode);
63 void SetPersistentHandler(OCPersistentStorage *ps)
75 // Length of test certificate
76 #define SIMPLE_CRT_LEN 469
78 class PKITest : public ::testing::Test
81 static void SetUpTestCase()
83 SetPersistentHandler(&ps);
84 OCStackResult res = OCRegisterPersistentStorageHandler(&ps);
85 ASSERT_TRUE(res == OC_STACK_OK);
88 static void TearDownTestCase()
92 static CertificateX509 g_certificate;
94 static const ByteArray g_caPublicKey;
96 static const ByteArray g_derCode ;
98 static ByteArray g_serNum;
101 CertificateX509 PKITest::g_certificate;
103 const ByteArray PKITest::g_derCode = {(uint8_t[])
105 0x30, 0x82, 0x01, 0xd1, 0x30, 0x82, 0x01, 0x77, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
106 0xd7, 0x56, 0x8c, 0xfc, 0x53, 0x18, 0xb0, 0xab, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
107 0x3d, 0x04, 0x03, 0x02, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
108 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f,
109 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04,
110 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
111 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31,
112 0x35, 0x30, 0x33, 0x31, 0x32, 0x31, 0x32, 0x32, 0x35, 0x31, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x37,
113 0x30, 0x33, 0x31, 0x31, 0x31, 0x32, 0x32, 0x35, 0x31, 0x31, 0x5a, 0x30, 0x45, 0x31, 0x0b, 0x30,
114 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
115 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31,
116 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e,
117 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c,
118 0x74, 0x64, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06,
119 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x8c, 0xc8, 0x92,
120 0x1d, 0xaa, 0x7f, 0xf0, 0xe4, 0xb2, 0x75, 0xd6, 0x4a, 0xf1, 0xd5, 0x14, 0x3f, 0x1a, 0x09, 0xc5,
121 0x3e, 0x52, 0xd6, 0xda, 0xa0, 0xbf, 0x90, 0x43, 0xd1, 0x6b, 0xfe, 0xd1, 0xb3, 0x75, 0x5c, 0xdd,
122 0x69, 0xac, 0x42, 0xa1, 0xcb, 0x03, 0x16, 0xee, 0xa4, 0x30, 0xa5, 0x8d, 0x36, 0x8f, 0xc5, 0x7b,
123 0xb4, 0xb5, 0x6a, 0x7d, 0x9b, 0x16, 0x04, 0x46, 0xab, 0xae, 0xbb, 0x56, 0xa1, 0xa3, 0x50, 0x30,
124 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x5c, 0x0e, 0x30, 0xa8,
125 0x8e, 0x7f, 0xc9, 0x02, 0xcd, 0xa8, 0xed, 0x0d, 0x1a, 0x1b, 0xd9, 0x7d, 0xe6, 0xce, 0x2a, 0x59,
126 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x5c, 0x0e, 0x30,
127 0xa8, 0x8e, 0x7f, 0xc9, 0x02, 0xcd, 0xa8, 0xed, 0x0d, 0x1a, 0x1b, 0xd9, 0x7d, 0xe6, 0xce, 0x2a,
128 0x59, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
129 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45,
130 0x02, 0x21, 0x00, 0xf6, 0x79, 0xed, 0x69, 0xd5, 0xe5, 0xba, 0x42, 0x14, 0xfc, 0xce, 0x47, 0xf1,
131 0x61, 0x1c, 0x51, 0x11, 0x2b, 0xba, 0x04, 0x70, 0x56, 0x78, 0xaf, 0xa9, 0xa6, 0x98, 0x8f, 0x4b,
132 0xa8, 0x11, 0x67, 0x02, 0x20, 0x3a, 0xdf, 0xf1, 0x74, 0xc9, 0x2f, 0xfb, 0x84, 0x46, 0xde, 0xbc,
133 0x2d, 0xda, 0xe3, 0x05, 0xb4, 0x81, 0x31, 0x45, 0xf7, 0x3d, 0x71, 0x46, 0x07, 0xa7, 0xd8, 0xcb,
134 0xae, 0x1e, 0x1b, 0x1c, 0x5a
138 const ByteArray PKITest::g_caPublicKey = {(uint8_t[])
140 0x8c, 0xc8, 0x92, 0x1d, 0xaa, 0x7f, 0xf0, 0xe4, 0xb2, 0x75, 0xd6, 0x4a, 0xf1, 0xd5, 0x14, 0x3f,
141 0x1a, 0x09, 0xc5, 0x3e, 0x52, 0xd6, 0xda, 0xa0, 0xbf, 0x90, 0x43, 0xd1, 0x6b, 0xfe, 0xd1, 0xb3,
142 0x75, 0x5c, 0xdd, 0x69, 0xac, 0x42, 0xa1, 0xcb, 0x03, 0x16, 0xee, 0xa4, 0x30, 0xa5, 0x8d, 0x36,
143 0x8f, 0xc5, 0x7b, 0xb4, 0xb5, 0x6a, 0x7d, 0x9b, 0x16, 0x04, 0x46, 0xab, 0xae, 0xbb, 0x56, 0xa1
144 }, PUBLIC_KEY_SIZE };
147 ByteArray PKITest::g_serNum = {(uint8_t[SERIAL_NUMBER_MAX_LEN]) {0}, SERIAL_NUMBER_MAX_LEN};
149 //registering persistent storage test
150 TEST(CKManager, RegisterPersistentStorage)
152 SetPersistentHandler(&ps);
153 ASSERT_EQ(OC_STACK_OK, OCRegisterPersistentStorageHandler(&ps));
156 //check decoding predefined certificate
157 TEST(X509Certificate, DecodeTest)
159 ByteArray code = PKITest::g_derCode;
161 ASSERT_EQ(DecodeCertificate(code, &PKITest::g_certificate), PKI_SUCCESS);
163 ASSERT_NE(DecodeCertificate(code, &PKITest::g_certificate), PKI_SUCCESS);
166 //check decoding of random symbols sequence
167 TEST(X509Certificate, RandomDecode)
169 srand((unsigned int)time(NULL));
172 INIT_BYTE_ARRAY(code);
174 for (unsigned int i = 0; i < RUNS; i++)
176 code.len = (size_t)((size_t)rand() % MAX_LEN);
177 code.data = (uint8_t *)malloc(code.len * sizeof(uint8_t));
179 EXPECT_NE(code.data, (uint8_t *)NULL);
181 for (unsigned int j = 0; j < code.len; j++)
183 code.data[j] = (uint8_t)(rand() % 128 + 1);
186 EXPECT_NE(PKI_SUCCESS, DecodeCertificate(code, &PKITest::g_certificate));
191 //testing validity check of predefined certificate
192 TEST(X509Certificate, testCheckValidity)
194 CertificateX509 tempCrt;
195 ASSERT_EQ(PKI_SUCCESS, DecodeCertificate(PKITest::g_derCode, &tempCrt));
196 ASSERT_EQ(PKI_SUCCESS, CheckValidity(tempCrt.validFrom, tempCrt.validTo));
197 ByteArray temp = tempCrt.validTo;
199 tempCrt.validTo = tempCrt.validFrom;
200 tempCrt.validFrom = temp;
201 ASSERT_EQ(PKI_CERT_DATE_INVALID, CheckValidity(tempCrt.validFrom, tempCrt.validTo));
204 //testing signature check of predefined certificate
205 TEST(X509Certificate, CheckSignature)
207 ByteArray code = PKITest::g_derCode;
209 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(code, PKITest::g_caPublicKey));
211 ASSERT_NE(PKI_SUCCESS, CheckCertificate(code, PKITest::g_caPublicKey));
214 //test saving certificate into file
215 TEST_F(PKITest, DERCertificateFile)
217 uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
218 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
219 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
221 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
222 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
223 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
224 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
226 certDer.data = derData;
227 certDer.len = ISSUER_MAX_CERT_SIZE;
229 pubKeyIss.data = caPubKey;
230 pubKeyIss.len = sizeof(caPubKey);
231 privKeyIss.data = caPrivKey;
232 privKeyIss.len = sizeof(caPrivKey);
233 rootName.data = (uint8_t *)"ROOT1";
234 rootName.len = strlen((char *)rootName.data);
235 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
237 for (int i = 1; i <= RUNS; i++)
239 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
240 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(i));
241 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
242 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate(0, 0, &certDer));
243 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
244 ASSERT_EQ(PKI_SUCCESS, GenerateDERCertificateFile (&certDer, "der_cert"));
246 ASSERT_EQ(CloseCKMInfo(), PKI_SUCCESS);
249 //test checking time validity of generated certificate
250 TEST_F(PKITest, TimeValidity)
252 uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
253 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
254 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
256 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
257 ByteArray pubKey = BYTE_ARRAY_INITIALIZER;
258 ByteArray privKey = BYTE_ARRAY_INITIALIZER;
259 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
261 privKey.data = caPrivKey;
262 privKey.len = sizeof(caPrivKey);
264 certDer.data = derData;
265 certDer.len = sizeof(derData);
267 pubKey.data = caPubKey;
268 pubKey.len = sizeof(caPubKey);
270 rootName.data = (uint8_t *)"ROOT3";
271 rootName.len = strlen((char *)rootName.data);
272 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
274 for (int i = 1; i <= RUNS; i++)
276 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKey, &pubKey));
277 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(i));
278 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
280 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate(0, 0, &certDer));
281 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKey));
283 certDer.len = sizeof(derData);
284 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate(0, (uint8_t *)"130101000000Z", &certDer));
285 ASSERT_EQ(PKI_CERT_DATE_INVALID, CheckCertificate(certDer, pubKey));
287 certDer.len = sizeof(derData);
288 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate((uint8_t *)"170101000000Z", 0, &certDer));
289 ASSERT_EQ(PKI_CERT_DATE_INVALID, CheckCertificate(certDer, pubKey));
291 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
294 //testing certificate generation by certificate signing request
295 TEST_F(PKITest, CertificateSigningRequest)
297 uint8_t certData[ISSUER_MAX_CERT_SIZE] = {0};
298 uint8_t csrData[CSR_MAX_SIZE] = {0};
299 uint8_t subjPubKey[PUBLIC_KEY_SIZE] = {0};
300 uint8_t subjPrivKey[PRIVATE_KEY_SIZE] = {0};
301 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
302 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
303 uint8_t *subjName = (uint8_t *)"Subject05";
305 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
306 ByteArray csrDer = BYTE_ARRAY_INITIALIZER;
307 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
308 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
309 ByteArray pubKeySubj = BYTE_ARRAY_INITIALIZER;
310 ByteArray privKeySubj = BYTE_ARRAY_INITIALIZER;
311 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
313 certDer.data = certData;
314 certDer.len = sizeof(certData);
315 csrDer.data = csrData;
316 csrDer.len = CSR_MAX_SIZE;
318 pubKeyIss.data = caPubKey;
319 pubKeyIss.len = sizeof(caPubKey);
320 privKeyIss.data = caPrivKey;
321 privKeyIss.len = sizeof(caPrivKey);
322 pubKeySubj.data = subjPubKey;
323 pubKeySubj.len = sizeof(subjPubKey);
324 privKeySubj.data = subjPrivKey;
325 privKeySubj.len = sizeof(subjPrivKey);
326 rootName.data = (uint8_t *)"ROOT2";
327 rootName.len = strlen((char *)rootName.data);
328 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
330 ASSERT_EQ(GenerateCAKeyPair(&privKeyIss, &pubKeyIss), PKI_SUCCESS);
331 ASSERT_EQ(SetSerialNumber(1), PKI_SUCCESS);
332 ASSERT_EQ(SetRootName(rootName), PKI_SUCCESS);
334 for (int i = 1; i <= RUNS; i++)
336 ASSERT_EQ(PKI_SUCCESS, GenerateKeyPair(&privKeySubj, &pubKeySubj));
337 ASSERT_EQ(PKI_SUCCESS, GenerateCSR(subjName, subjPubKey, subjPrivKey, &csrDer));
338 ASSERT_EQ(PKI_SUCCESS, GenerateCertificateByCSR(&csrDer, &certDer));
339 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
341 ASSERT_NE(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
343 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
345 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
348 //test public key structure parsing
349 TEST(X509Certificate, testParsePublicKey)
351 ASSERT_EQ(PKI_SUCCESS, ParsePublicKey((ByteArray*)&PKITest::g_caPublicKey));
354 uint8_t shortAr[length];
355 ByteArray shortArray = {shortAr, length};
356 ASSERT_EQ(PKI_WRONG_ARRAY_LEN, ParsePublicKey(&shortArray));
358 uint8_t uncompressed[PUBLIC_KEY_SIZE + 2];
360 uncompressed[1] = ASN1_UNCOMPRESSED_KEY;
361 memcpy(&uncompressed[2], PKITest::g_caPublicKey.data, PUBLIC_KEY_SIZE);
362 ByteArray uncomprArr = {uncompressed, PUBLIC_KEY_SIZE+2};
363 ParsePublicKey(&uncomprArr);
364 ASSERT_EQ((size_t)PUBLIC_KEY_SIZE, uncomprArr.len);
365 ASSERT_EQ(0, memcmp(uncomprArr.data, PKITest::g_caPublicKey.data, PUBLIC_KEY_SIZE));
368 //test checking of certificate generated by OpenSSL
369 TEST(OpenSSLCompatibility, verifyOpenSslCertSign)
372 uint8_t crtData[ISSUER_MAX_CERT_SIZE] = {0};
373 uint8_t pubKeyData[PUBLIC_KEY_SIZE] = {0};
374 ByteArray crtDer = BYTE_ARRAY_INITIALIZER;
375 ByteArray pubKey = BYTE_ARRAY_INITIALIZER;
376 CertificateX509 certificate;
378 crtDer.data = crtData;
379 crtDer.len = sizeof(crtData);
380 pubKey.data = pubKeyData;
381 pubKey.len = sizeof(pubKeyData);
384 int fileCert = open("01.der", O_RDONLY);
385 ASSERT_TRUE(fileCert != -1);
387 ASSERT_TRUE(fstat(fileCert, &st) == 0);
389 int res = read(fileCert, crtDer.data, crtDer.len);
391 EXPECT_EQ(st.st_size, res);
395 int fileKey = open("capub.der", O_RDONLY);
396 ASSERT_TRUE(fileKey != -1);
398 ASSERT_TRUE(fstat(fileKey, &st) == 0);
400 if(st.st_size > PUBLIC_KEY_SIZE)
402 ASSERT_NE(-1, lseek(fileKey, (st.st_size - PUBLIC_KEY_SIZE), SEEK_SET));
406 res = read(fileKey, pubKey.data, pubKey.len);
408 EXPECT_EQ(PUBLIC_KEY_SIZE, res);
411 EXPECT_EQ(PKI_SUCCESS, DecodeCertificate(crtDer, &certificate));
412 EXPECT_EQ(PKI_SUCCESS, CheckCertificate(crtDer, pubKey));
415 //test parsing of certificate chain generated by OpenSSL
416 TEST(CertificateChain, LoadCertificateChain)
418 ByteArray crtChainDer[MAX_CHAIN_LEN] = {{0,0},};
419 CertificateX509 crtChain[MAX_CHAIN_LEN] = {{{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0}},};
420 ByteArray msg = BYTE_ARRAY_INITIALIZER;
423 FILE *file = fopen("cert_chain.dat", "rb");
425 ASSERT_TRUE(file != NULL);
429 msg.data = (uint8_t *) realloc (msg.data, msg.len + 1);
430 msg.data[msg.len] = fgetc (file);
435 INC_BYTE_ARRAY(msg, 3);
436 EXPECT_EQ(PKI_SUCCESS, LoadCertificateChain (msg, crtChainDer, &chainLength));
438 printf("chain len: %d\n", chainLength);
440 EXPECT_EQ(PKI_UNKNOWN_OID, ParseCertificateChain (crtChainDer, crtChain, chainLength));
445 //test checking CA certificate generated by OpenSSL
446 TEST(OpenSSLCompatibility, testOpenSSLCertificate)
449 ByteArray crtDer = BYTE_ARRAY_INITIALIZER;
450 uint8_t crtData[ISSUER_MAX_CERT_SIZE] = {0};
452 crtDer.data = crtData;
453 crtDer.len = sizeof(crtData);
456 int fd = open("cacert.der", O_RDONLY);
457 ASSERT_TRUE(fd != -1);
459 ASSERT_TRUE(fstat(fd, &st) == 0);
462 int res = read(fd, crtDer.data, crtDer.len);
464 ASSERT_EQ(st.st_size, res);
467 crtDer.len = st.st_size;
470 printf("Length of cert: %lu\n", crtDer.len);
472 EXPECT_EQ(PKI_SUCCESS, DecodeCertificate(crtDer, &PKITest::g_certificate));
475 //test signatures checking of certificate chain generated by OpenSSL
476 TEST(OpenSSLCompatibility, ParseAndCheckCertificateChain)
479 ByteArray crtChainDer[MAX_CHAIN_LEN] = {{0,0},};
480 CertificateX509 crtChain[MAX_CHAIN_LEN] = {{{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0}},};
481 ByteArray msg = BYTE_ARRAY_INITIALIZER;
484 const char* chainPath = {"chain.der"};
485 FILE *fileChain = fopen(chainPath, "rb");
486 ASSERT_TRUE(fileChain != NULL);
489 ASSERT_NE(-1, fseek(fileChain, 0, SEEK_END));
490 int len = ftell(fileChain);
492 msg.len = (size_t) len;
493 ASSERT_NE(-1, fseek(fileChain, 0, SEEK_SET));
495 msg.data = (uint8_t*)malloc(msg.len+1);
497 ASSERT_EQ(READ_WRITE_BLOCK_N, fread(msg.data, msg.len, READ_WRITE_BLOCK_N, fileChain));
501 INC_BYTE_ARRAY(msg, 3);
502 EXPECT_EQ(PKI_SUCCESS, LoadCertificateChain(msg, crtChainDer, &chainLength));
503 EXPECT_EQ(3, chainLength);
505 printf("Length of the chain: %d\n", chainLength);
508 EXPECT_EQ(PKI_SUCCESS, ParseCertificateChain(crtChainDer, crtChain, chainLength));
510 ByteArray caPubKey = BYTE_ARRAY_INITIALIZER;
511 uint8_t pubKeyData[PUBLIC_KEY_SIZE] = {0};
513 caPubKey.data = pubKeyData;
514 caPubKey.len = sizeof(pubKeyData);
517 int fileKey = open("capub.der", O_RDONLY);
518 ASSERT_TRUE(fileKey != -1);
520 ASSERT_TRUE(fstat(fileKey, &st) == 0);
522 if(st.st_size > PUBLIC_KEY_SIZE)
524 ASSERT_NE(-1, lseek(fileKey, (st.st_size - PUBLIC_KEY_SIZE), SEEK_SET));
528 int res = read(fileKey, caPubKey.data, caPubKey.len);
530 EXPECT_EQ(PUBLIC_KEY_SIZE, res);
533 EXPECT_EQ(PKI_SUCCESS, CheckCertificateChain(crtChain, chainLength, caPubKey));
538 //testing correctness of decoding certificate length from ASN.1 structure
539 TEST(CRL, testDecodeLength)
541 ByteArray cert = BYTE_ARRAY_INITIALIZER;
543 EXPECT_EQ(PKI_NULL_PASSED, DecodeLength(&cert, &length));
546 size_t derLength = (size_t)rand() % LEN_LONG;
547 cert.len = derLength + 2;
548 uint8_t *certData = (uint8_t*)malloc(cert.len);
549 cert.data = certData;
550 cert.data[0] = (uint8_t)0x30; //mixed types
551 cert.data[1] = (uint8_t)(derLength & 0xff);
552 EXPECT_EQ(PKI_SUCCESS, DecodeLength(&cert, &length));
553 EXPECT_EQ(derLength, length);
557 //testing serial number storage
558 TEST(CRL, StoreSerialNumber)
560 uint8_t data[10] = {0x01, 0x82, 0x01, 0xd1, 0x30, 0x82, 0x01, 0x77, 0xa0, 0x03};
561 const ByteArray sn = { data, sizeof(data) / sizeof(uint8_t)};
563 for (i = 0; i < 400; i++)
566 ASSERT_EQ(PKI_SUCCESS, StoreSerialNumber(sn));
568 ASSERT_EQ(PKI_CERT_REVOKED, CheckSerialNumber(sn));
571 ASSERT_EQ(PKI_SUCCESS, CheckSerialNumber(sn));
575 #ifdef ARDUINO_MEMORY_DEBUG
576 //testing memory allocation fault handling at Arduino
577 TEST(SNStore, MemoryOverflow)
579 uint8_t data[10] = {0x01, 0x82, 0x01, 0xd1, 0x30, 0x82, 0x01, 0x77, 0xa0, 0x03};
580 const ByteArray sn = { data, sizeof(data) / sizeof(uint8_t)};
585 res = StoreSerialNumber(sn);
587 while (res == PKI_SUCCESS);
588 ASSERT_EQ(PKI_MEMORY_ALLOC_FAILED, res);
592 #endif /* ARDUINO_MEMORY_DEBUG */
594 //testing next certificate serial number handling by "CKM info" unit
595 TEST_F(PKITest, CAInitAndSerialNum)
597 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
598 long serialNum = (long)((long)rand() % (MAX_LEN - 1) + 1);
599 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
600 //all the serials should start from
601 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(serialNum));
603 ASSERT_EQ(PKI_SUCCESS, GetNextSerialNumber(&nextSerial));
604 ASSERT_EQ(nextSerial, serialNum);
605 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
608 //testing CA name handling by "CKM info" unit
609 TEST_F(PKITest, testCAName)
611 ByteArray caName = BYTE_ARRAY_INITIALIZER;
612 caName.len = (size_t)((size_t)rand() % (ISSUER_MAX_NAME_SIZE - 1) + 1);
613 caName.data = (uint8_t*)malloc(caName.len);
615 for(i = 0; i < caName.len; i++){
616 caName.data[i] = (uint8_t)(rand() % 128);
618 EXPECT_EQ(PKI_SUCCESS, InitCKMInfo());
619 EXPECT_EQ(PKI_SUCCESS, SetRootName(caName));
620 ByteArray getName = BYTE_ARRAY_INITIALIZER;
621 uint8_t uint8CAName[ISSUER_MAX_NAME_SIZE] = {0};
622 getName.data = uint8CAName;
623 getName.len = ISSUER_MAX_NAME_SIZE;
624 EXPECT_EQ(PKI_SUCCESS, GetCAName(&getName));
625 EXPECT_EQ(0, memcmp(caName.data, getName.data, caName.len));
627 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
630 //testing key pair generation and storing by "CKM info" unit
631 TEST_F(PKITest, testKeyPair)
633 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
634 rootName.data = (uint8_t *)"ROOT";
635 rootName.len = strlen((char *)rootName.data);
636 SetRootName(rootName);
638 //first test the GenerateCAKeyPair - this writes to the CA storage
639 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
640 privKeyIss.len = PRIVATE_KEY_SIZE;
641 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
642 privKeyIss.data = caPrivKey;
644 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
645 pubKeyIss.len = PUBLIC_KEY_SIZE;
646 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
647 pubKeyIss.data = caPubKey;
649 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
650 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
652 ByteArray keyCheck = BYTE_ARRAY_INITIALIZER;
653 keyCheck.len = PUBLIC_KEY_SIZE;
654 uint8_t keyCheckData[PUBLIC_KEY_SIZE] = {0};
655 keyCheck.data = keyCheckData;
656 ASSERT_EQ(PKI_SUCCESS, GetCAPrivateKey(&keyCheck));
657 ASSERT_EQ(0, memcmp(keyCheck.data, privKeyIss.data, PRIVATE_KEY_SIZE));
659 ASSERT_EQ(PKI_SUCCESS, GetCAPublicKey(&keyCheck));
660 ASSERT_EQ(0, memcmp(keyCheck.data, pubKeyIss.data, PUBLIC_KEY_SIZE));
662 //now test the GenerateKeyPair - does not write to the CA storage
663 ASSERT_EQ(PKI_SUCCESS, GenerateKeyPair(&privKeyIss, &pubKeyIss));
665 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
666 ASSERT_EQ(PKI_SUCCESS, GetCAPrivateKey(&keyCheck));
667 ASSERT_NE(0, memcmp(keyCheck.data, privKeyIss.data, PRIVATE_KEY_SIZE));
669 ASSERT_EQ(PKI_SUCCESS, GetCAPublicKey(&keyCheck));
670 ASSERT_NE(0, memcmp(keyCheck.data, pubKeyIss.data, PUBLIC_KEY_SIZE));
671 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
674 //testing CRL encoding
675 TEST_F(PKITest, testEncodeCRL)
679 uint8_t *uint8ThisUpdateTime = (uint8_t *)"130101000000Z";
680 uint32_t numberOfRevoked = 0;
681 uint32_t revokedNumbers[2];
682 const uint8_t *revocationDates[2];
684 ByteArray code = BYTE_ARRAY_INITIALIZER;
685 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
686 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
687 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
689 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
690 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
692 pubKeyIss.data = caPubKey;
693 pubKeyIss.len = PUBLIC_KEY_SIZE;
694 privKeyIss.data = caPrivKey;
695 privKeyIss.len = PRIVATE_KEY_SIZE;
699 revokedNumbers[0] = 100; // serial number of first revoked certificate
700 revokedNumbers[1] = 200; // serial number of second revoked certificate
701 revocationDates[0] = (const uint8_t *)"130101000001Z";
702 revocationDates[1] = (const uint8_t *)"130101000002Z";
704 rootName.data = (uint8_t *)"ROOT2";
705 rootName.len = strlen((char *)rootName.data);
706 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
707 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
708 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
710 code.data = (uint8_t *)calloc(1,
711 (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)));
712 code.len = (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4));
714 EXPECT_EQ(PKI_SUCCESS,CKMIssueCRL(uint8ThisUpdateTime, numberOfRevoked, revokedNumbers,
715 revocationDates,&code));
716 EXPECT_EQ(PKI_SUCCESS, DecodeCertificateList (code, &crl, pubKeyIss));
724 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
727 //check correctness of certificate revocation by CKMIssueCRL() and CKMRevocateCertificate()
728 TEST_F(PKITest, testRevocateCertificate)
732 uint8_t *uint8ThisUpdateTime = (uint8_t *)"130101000000Z";
733 uint32_t numberOfRevoked = 0;
734 uint32_t revokedNumbers[2];
735 const uint8_t *revocationDates[2];
737 ByteArray code = BYTE_ARRAY_INITIALIZER;
738 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
739 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
740 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
742 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
743 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
745 pubKeyIss.data = caPubKey;
746 pubKeyIss.len = sizeof(caPubKey);
747 privKeyIss.data = caPrivKey;
748 privKeyIss.len = sizeof(caPrivKey);
752 revokedNumbers[0] = 100; // serial number of first revoked certificate
753 revokedNumbers[1] = 200; // serial number of second revoked certificate
754 revocationDates[0] = (const uint8_t *)"130101000001Z";
755 revocationDates[1] = (const uint8_t *)"130101000002Z";
757 rootName.data = (uint8_t *)"ROOT2";
758 rootName.len = strlen((char *)rootName.data);
759 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
760 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
761 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
763 code.len = CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4);
764 code.data = (uint8_t *)calloc(1, code.len);
766 EXPECT_EQ(PKI_SUCCESS, CKMIssueCRL (uint8ThisUpdateTime, numberOfRevoked, revokedNumbers,
767 revocationDates, &code));
768 EXPECT_EQ(PKI_SUCCESS, DecodeCertificateList (code, &crl, pubKeyIss));
771 code.len = CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4);
772 code.data = (uint8_t *)calloc(1, code.len);
773 EXPECT_EQ(PKI_SUCCESS, CKMRevocateCertificate (uint8ThisUpdateTime, 50, &code));
774 EXPECT_EQ(PKI_SUCCESS, DecodeCertificateList (code, &crl, pubKeyIss));
782 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
785 //checck correctness of saving root certificate to binary file
786 TEST_F(PKITest, StoreCKMInfo)
789 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
790 uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
791 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
792 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
793 const long serNum = 48598490;
795 uint8_t *uint8ThisUpdateTime = (uint8_t *)"130101000000Z";
796 uint32_t numberOfRevoked = 0;
797 uint32_t revokedNumbers[2];
798 const uint8_t *revocationDates[2];
800 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
801 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
802 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
803 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
804 ByteArray code = BYTE_ARRAY_INITIALIZER;
806 certDer.data = derData;
807 certDer.len = ISSUER_MAX_CERT_SIZE;
808 pubKeyIss.data = caPubKey;
809 pubKeyIss.len = PUBLIC_KEY_SIZE;
810 privKeyIss.data = caPrivKey;
811 privKeyIss.len = PRIVATE_KEY_SIZE;
812 rootName.data = (uint8_t *)"ROOT";
813 rootName.len = strlen((char *)rootName.data);
815 //generate CA Certificate
816 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
817 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(serNum));
818 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
819 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate(0, 0, &certDer));
822 numberOfRevoked = NUMBER_OF_REVOKED;
824 revokedNumbers[0] = 100; // serial number of first revoked certificate
825 revokedNumbers[1] = 200; // serial number of second revoked certificate
826 revocationDates[0] = (const uint8_t *)"130101000001Z";
827 revocationDates[1] = (const uint8_t *)"130101000002Z";
829 code.data = (uint8_t *)calloc(1,
830 (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)));
831 code.len = (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4));
833 ASSERT_EQ(PKI_SUCCESS, CKMIssueCRL (uint8ThisUpdateTime, numberOfRevoked, revokedNumbers,
834 revocationDates, &code));
836 // Check Certificate file
837 CertificateX509 certificate;
838 ByteArray crtDer = BYTE_ARRAY_INITIALIZER;
839 uint8_t crtDerData[ISSUER_MAX_CERT_SIZE] = {0};
841 crtDer.data = crtDerData;
842 crtDer.len = sizeof(crtDerData);
845 int fd = open(CA_STORAGE_CRT_FILE, O_RDONLY);
846 ASSERT_TRUE(fd != -1);
848 ASSERT_TRUE(fstat(fd, &st) == 0);
850 int res = read(fd, crtDer.data, crtDer.len);
852 EXPECT_EQ(st.st_size > ISSUER_MAX_CERT_SIZE ? ISSUER_MAX_CERT_SIZE : st.st_size, res);
856 crtCheck.data = crtDer.data + 3; //now file contains length of certificate
857 crtCheck.len = crtDer.len - 3;
858 EXPECT_EQ(PKI_SUCCESS, DecodeCertificate(crtCheck, &certificate));
860 PrintCertificate(&certificate);
864 ByteArray crlDer = BYTE_ARRAY_INITIALIZER;
865 crlDer.len = (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4));
866 crlDer.data = (uint8_t *)malloc(crlDer.len);
868 EXPECT_EQ(PKI_SUCCESS, GetCertificateRevocationList(&crlDer));
870 EXPECT_EQ(PKI_SUCCESS, DecodeCertificateList (crlDer, &crl, pubKeyIss));
874 EXPECT_EQ(PKI_SUCCESS, CloseCKMInfo());
879 //check correctness of root certificate generation
880 TEST_F(PKITest, GenerateRootCertificate)
882 uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
883 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
884 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
886 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
887 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
888 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
889 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
891 certDer.data = derData;
892 certDer.len = sizeof(derData);
894 pubKeyIss.data = caPubKey;
895 pubKeyIss.len = sizeof(caPubKey);
896 privKeyIss.data = caPrivKey;
897 privKeyIss.len = sizeof(caPrivKey);
898 rootName.data = (uint8_t *)"ROOT";
899 rootName.len = strlen((char *)rootName.data);
900 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
902 for (int i = 1; i <= RUNS; i++)
904 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
905 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(i));
906 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
907 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate(0, 0, &certDer));
909 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
911 ASSERT_NE(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
913 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
915 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
918 //check correctness of ordinal device certificate generation
919 TEST_F(PKITest, GenerateDeviceCertificate)
921 uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
922 uint8_t subjPubKey[PUBLIC_KEY_SIZE] = {0};
923 uint8_t subjPrivKey[PRIVATE_KEY_SIZE] = {0};
924 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
925 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
926 uint8_t *subjName = (uint8_t *)"Subject Name";
928 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
929 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
930 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
931 ByteArray pubKeySubj = BYTE_ARRAY_INITIALIZER;
932 ByteArray privKeySubj = BYTE_ARRAY_INITIALIZER;
933 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
935 certDer.data = derData;
936 certDer.len = ISSUER_MAX_CERT_SIZE;
938 pubKeyIss.data = caPubKey;
939 pubKeyIss.len = sizeof(caPubKey);
940 privKeyIss.data = caPrivKey;
941 privKeyIss.len = sizeof(caPrivKey);
942 pubKeySubj.data = subjPubKey;
943 pubKeySubj.len = sizeof(subjPubKey);
944 privKeySubj.data = subjPrivKey;
945 privKeySubj.len = sizeof(subjPrivKey);
946 rootName.data = (uint8_t *)"ROOT2";
947 rootName.len = strlen((char *)rootName.data);
948 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
950 ASSERT_EQ(GenerateCAKeyPair(&privKeyIss, &pubKeyIss), PKI_SUCCESS);
951 for (int i = 1; i <= RUNS; i++)
953 ASSERT_EQ(PKI_SUCCESS, GenerateKeyPair(&privKeySubj, &pubKeySubj));
954 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(i));
955 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
956 ASSERT_EQ(PKI_SUCCESS, CKMIssueDeviceCertificate(subjName, 0, 0, subjPubKey, &certDer));
958 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
960 ASSERT_NE(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
962 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
964 ASSERT_EQ(CloseCKMInfo(), PKI_SUCCESS);
967 //check correctness of saving CRL to storage and loading CRL from storage
968 TEST_F(PKITest, CRLSetGet)
970 OicSecCrl_t *defaultCrl = NULL;
971 defaultCrl = (OicSecCrl_t *)OICCalloc(1, sizeof(OicSecCrl_t));
972 ASSERT_NE(defaultCrl, (OicSecCrl_t *) NULL);
973 defaultCrl->CrlId = CRL_DEFAULT_CRL_ID;
974 defaultCrl->CrlData.data = (uint8_t *)CRL_DEFAULT_CRL_DATA;
975 defaultCrl->CrlData.len = strlen(CRL_DEFAULT_CRL_DATA);
976 defaultCrl->ThisUpdate.data = (uint8_t *)CRL_DEFAULT_THIS_UPDATE;
977 defaultCrl->ThisUpdate.len = strlen(CRL_DEFAULT_THIS_UPDATE);
978 EXPECT_EQ(OC_STACK_OK, UpdateCRLResource(defaultCrl));
980 EXPECT_NE((void *)NULL, GetCrl());
986 int main(int argc, char **argv)
989 unsigned int seed = 0;
991 urandom = open ("/dev/urandom", O_RDONLY);
994 fprintf(stderr, "Cannot open /dev/urandom\n");
998 if(read(urandom, &seed, sizeof(seed)) != sizeof(seed))
1000 fprintf(stderr, "Error read from /dev/urandom\n");
1007 ::testing::InitGoogleTest(&argc, argv);
1008 return RUN_ALL_TESTS();