1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 ******************************************************************/
25 #include <oic_malloc.h>
26 #include <gtest/gtest.h>
29 #include "cert_generator.h"
30 #include "ck_manager.h"
35 #include "crl_generator.h"
36 #include "crlresource.h"
43 #define READ_WRITE_BLOCK_N 1ul
44 #define N_LENGTH_BYTES 3
46 const char *CKMI_JSON_FILE_NAME = "CKMInfo.json";
48 #define CRL_DEFAULT_CRL_ID 1
49 #define CRL_DEFAULT_THIS_UPDATE "150101000000Z"
50 #define CRL_DEFAULT_CRL_DATA "-"
52 #define NUMBER_OF_REVOKED 2
54 OCPersistentStorage ps = { NULL, NULL, NULL, NULL, NULL};
56 //#define NUM_ACE_FOR_WILDCARD_IN_CKM1_JSON (2)
58 FILE* ckm_fopen(const char * /*path*/, const char *mode)
60 return fopen(CKMI_JSON_FILE_NAME, mode);
63 void SetPersistentHandler(OCPersistentStorage *ps)
75 // Length of test certificate
76 #define SIMPLE_CRT_LEN 469
78 class PKITest : public ::testing::Test
81 static void SetUpTestCase()
83 SetPersistentHandler(&ps);
84 OCStackResult res = OCRegisterPersistentStorageHandler(&ps);
85 ASSERT_TRUE(res == OC_STACK_OK);
88 static void TearDownTestCase()
92 static CertificateX509 g_certificate;
94 static const ByteArray g_caPublicKey;
96 static const ByteArray g_derCode ;
98 static ByteArray g_serNum;
101 CertificateX509 PKITest::g_certificate;
103 const ByteArray PKITest::g_derCode = {(uint8_t[])
105 0x30, 0x82, 0x01, 0xd1, 0x30, 0x82, 0x01, 0x77, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
106 0xd7, 0x56, 0x8c, 0xfc, 0x53, 0x18, 0xb0, 0xab, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
107 0x3d, 0x04, 0x03, 0x02, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
108 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f,
109 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04,
110 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
111 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31,
112 0x35, 0x30, 0x33, 0x31, 0x32, 0x31, 0x32, 0x32, 0x35, 0x31, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x37,
113 0x30, 0x33, 0x31, 0x31, 0x31, 0x32, 0x32, 0x35, 0x31, 0x31, 0x5a, 0x30, 0x45, 0x31, 0x0b, 0x30,
114 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
115 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31,
116 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e,
117 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c,
118 0x74, 0x64, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06,
119 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x8c, 0xc8, 0x92,
120 0x1d, 0xaa, 0x7f, 0xf0, 0xe4, 0xb2, 0x75, 0xd6, 0x4a, 0xf1, 0xd5, 0x14, 0x3f, 0x1a, 0x09, 0xc5,
121 0x3e, 0x52, 0xd6, 0xda, 0xa0, 0xbf, 0x90, 0x43, 0xd1, 0x6b, 0xfe, 0xd1, 0xb3, 0x75, 0x5c, 0xdd,
122 0x69, 0xac, 0x42, 0xa1, 0xcb, 0x03, 0x16, 0xee, 0xa4, 0x30, 0xa5, 0x8d, 0x36, 0x8f, 0xc5, 0x7b,
123 0xb4, 0xb5, 0x6a, 0x7d, 0x9b, 0x16, 0x04, 0x46, 0xab, 0xae, 0xbb, 0x56, 0xa1, 0xa3, 0x50, 0x30,
124 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x5c, 0x0e, 0x30, 0xa8,
125 0x8e, 0x7f, 0xc9, 0x02, 0xcd, 0xa8, 0xed, 0x0d, 0x1a, 0x1b, 0xd9, 0x7d, 0xe6, 0xce, 0x2a, 0x59,
126 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x5c, 0x0e, 0x30,
127 0xa8, 0x8e, 0x7f, 0xc9, 0x02, 0xcd, 0xa8, 0xed, 0x0d, 0x1a, 0x1b, 0xd9, 0x7d, 0xe6, 0xce, 0x2a,
128 0x59, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
129 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45,
130 0x02, 0x21, 0x00, 0xf6, 0x79, 0xed, 0x69, 0xd5, 0xe5, 0xba, 0x42, 0x14, 0xfc, 0xce, 0x47, 0xf1,
131 0x61, 0x1c, 0x51, 0x11, 0x2b, 0xba, 0x04, 0x70, 0x56, 0x78, 0xaf, 0xa9, 0xa6, 0x98, 0x8f, 0x4b,
132 0xa8, 0x11, 0x67, 0x02, 0x20, 0x3a, 0xdf, 0xf1, 0x74, 0xc9, 0x2f, 0xfb, 0x84, 0x46, 0xde, 0xbc,
133 0x2d, 0xda, 0xe3, 0x05, 0xb4, 0x81, 0x31, 0x45, 0xf7, 0x3d, 0x71, 0x46, 0x07, 0xa7, 0xd8, 0xcb,
134 0xae, 0x1e, 0x1b, 0x1c, 0x5a
138 const ByteArray PKITest::g_caPublicKey = {(uint8_t[])
140 0x8c, 0xc8, 0x92, 0x1d, 0xaa, 0x7f, 0xf0, 0xe4, 0xb2, 0x75, 0xd6, 0x4a, 0xf1, 0xd5, 0x14, 0x3f,
141 0x1a, 0x09, 0xc5, 0x3e, 0x52, 0xd6, 0xda, 0xa0, 0xbf, 0x90, 0x43, 0xd1, 0x6b, 0xfe, 0xd1, 0xb3,
142 0x75, 0x5c, 0xdd, 0x69, 0xac, 0x42, 0xa1, 0xcb, 0x03, 0x16, 0xee, 0xa4, 0x30, 0xa5, 0x8d, 0x36,
143 0x8f, 0xc5, 0x7b, 0xb4, 0xb5, 0x6a, 0x7d, 0x9b, 0x16, 0x04, 0x46, 0xab, 0xae, 0xbb, 0x56, 0xa1
144 }, PUBLIC_KEY_SIZE };
147 ByteArray PKITest::g_serNum = {(uint8_t[SERIAL_NUMBER_MAX_LEN]) {0}, SERIAL_NUMBER_MAX_LEN};
149 //registering persistent storage test
150 TEST(CKManager, RegisterPersistentStorage)
152 SetPersistentHandler(&ps);
153 ASSERT_EQ(OC_STACK_OK, OCRegisterPersistentStorageHandler(&ps));
156 //check decoding predefined certificate
157 TEST(X509Certificate, DecodeTest)
159 ByteArray code = PKITest::g_derCode;
161 ASSERT_EQ(DecodeCertificate(code, &PKITest::g_certificate), PKI_SUCCESS);
163 ASSERT_NE(DecodeCertificate(code, &PKITest::g_certificate), PKI_SUCCESS);
166 //check decoding of random symbols sequence
167 TEST(X509Certificate, RandomDecode)
169 srand((unsigned int)time(NULL));
172 INIT_BYTE_ARRAY(code);
174 for (unsigned int i = 0; i < RUNS; i++)
176 code.len = rand() % MAX_LEN;
177 code.data = (uint8_t *)malloc(code.len * sizeof(uint8_t));
179 EXPECT_NE(code.data, (uint8_t *)NULL);
181 for (unsigned int j = 0; j < code.len; j++)
183 code.data[j] = (uint8_t)(rand() % 128 + 1);
186 EXPECT_NE(PKI_SUCCESS, DecodeCertificate(code, &PKITest::g_certificate));
191 //testing validity check of predefined certificate
192 TEST(X509Certificate, testCheckValidity)
194 CertificateX509 tempCrt;
195 ASSERT_EQ(PKI_SUCCESS, DecodeCertificate(PKITest::g_derCode, &tempCrt));
196 ASSERT_EQ(PKI_SUCCESS, CheckValidity(tempCrt.validFrom, tempCrt.validTo));
197 ByteArray temp = tempCrt.validTo;
199 tempCrt.validTo = tempCrt.validFrom;
200 tempCrt.validFrom = temp;
201 ASSERT_EQ(PKI_CERT_DATE_INVALID, CheckValidity(tempCrt.validFrom, tempCrt.validTo));
204 //testing signature check of predefined certificate
205 TEST(X509Certificate, CheckSignature)
207 ByteArray code = PKITest::g_derCode;
209 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(code, PKITest::g_caPublicKey));
211 ASSERT_NE(PKI_SUCCESS, CheckCertificate(code, PKITest::g_caPublicKey));
214 //test saving certificate into file
215 TEST_F(PKITest, DERCertificateFile)
217 uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
218 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
219 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
221 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
222 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
223 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
224 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
226 certDer.data = derData;
227 certDer.len = ISSUER_MAX_CERT_SIZE;
229 pubKeyIss.data = caPubKey;
230 pubKeyIss.len = sizeof(caPubKey);
231 privKeyIss.data = caPrivKey;
232 privKeyIss.len = sizeof(caPrivKey);
233 rootName.data = (uint8_t *)"ROOT1";
234 rootName.len = strlen((char *)rootName.data);
235 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
237 for (int i = 1; i <= RUNS; i++)
239 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
240 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(i));
241 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
242 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate(0, 0, &certDer));
243 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
244 ASSERT_EQ(PKI_SUCCESS, GenerateDERCertificateFile (&certDer, "der_cert"));
246 ASSERT_EQ(CloseCKMInfo(), PKI_SUCCESS);
249 //test checking time validity of generated certificate
250 TEST_F(PKITest, TimeValidity)
252 uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
253 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
254 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
256 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
257 ByteArray pubKey = BYTE_ARRAY_INITIALIZER;
258 ByteArray privKey = BYTE_ARRAY_INITIALIZER;
259 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
261 privKey.data = caPrivKey;
262 privKey.len = sizeof(caPrivKey);
264 certDer.data = derData;
265 certDer.len = sizeof(derData);
267 pubKey.data = caPubKey;
268 pubKey.len = sizeof(caPubKey);
270 rootName.data = (uint8_t *)"ROOT3";
271 rootName.len = strlen((char *)rootName.data);
272 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
274 for (int i = 1; i <= RUNS; i++)
276 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKey, &pubKey));
277 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(i));
278 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
280 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate(0, 0, &certDer));
281 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKey));
283 certDer.len = sizeof(derData);
284 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate(0, (uint8_t *)"130101000000Z", &certDer));
285 ASSERT_EQ(PKI_CERT_DATE_INVALID, CheckCertificate(certDer, pubKey));
287 certDer.len = sizeof(derData);
288 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate((uint8_t *)"160101000000Z", 0, &certDer));
289 ASSERT_EQ(PKI_CERT_DATE_INVALID, CheckCertificate(certDer, pubKey));
291 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
294 //testing certificate generation by certificate signing request
295 TEST_F(PKITest, CertificateSigningRequest)
297 uint8_t certData[ISSUER_MAX_CERT_SIZE] = {0};
298 uint8_t csrData[CSR_MAX_SIZE] = {0};
299 uint8_t subjPubKey[PUBLIC_KEY_SIZE] = {0};
300 uint8_t subjPrivKey[PRIVATE_KEY_SIZE] = {0};
301 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
302 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
303 uint8_t *subjName = (uint8_t *)"Subject05";
305 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
306 ByteArray csrDer = BYTE_ARRAY_INITIALIZER;
307 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
308 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
309 ByteArray pubKeySubj = BYTE_ARRAY_INITIALIZER;
310 ByteArray privKeySubj = BYTE_ARRAY_INITIALIZER;
311 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
313 certDer.data = certData;
314 certDer.len = sizeof(certData);
315 csrDer.data = csrData;
316 csrDer.len = CSR_MAX_SIZE;
318 pubKeyIss.data = caPubKey;
319 pubKeyIss.len = sizeof(caPubKey);
320 privKeyIss.data = caPrivKey;
321 privKeyIss.len = sizeof(caPrivKey);
322 pubKeySubj.data = subjPubKey;
323 pubKeySubj.len = sizeof(subjPubKey);
324 privKeySubj.data = subjPrivKey;
325 privKeySubj.len = sizeof(subjPrivKey);
326 rootName.data = (uint8_t *)"ROOT2";
327 rootName.len = strlen((char *)rootName.data);
328 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
330 ASSERT_EQ(GenerateCAKeyPair(&privKeyIss, &pubKeyIss), PKI_SUCCESS);
331 ASSERT_EQ(SetSerialNumber(1), PKI_SUCCESS);
332 ASSERT_EQ(SetRootName(rootName), PKI_SUCCESS);
334 for (int i = 1; i <= RUNS; i++)
336 ASSERT_EQ(PKI_SUCCESS, GenerateKeyPair(&privKeySubj, &pubKeySubj));
337 ASSERT_EQ(PKI_SUCCESS, GenerateCSR(subjName, subjPubKey, subjPrivKey, &csrDer));
338 ASSERT_EQ(PKI_SUCCESS, GenerateCertificateByCSR(&csrDer, &certDer));
339 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
341 ASSERT_NE(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
343 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
345 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
348 //test public key structure parsing
349 TEST(X509Certificate, testParsePublicKey)
351 ASSERT_EQ(PKI_SUCCESS, ParsePublicKey((ByteArray*)&PKITest::g_caPublicKey));
354 uint8_t shortAr[length];
355 ByteArray shortArray = {shortAr, length};
356 ASSERT_EQ(PKI_WRONG_ARRAY_LEN, ParsePublicKey(&shortArray));
358 uint8_t uncompressed[PUBLIC_KEY_SIZE + 2];
360 uncompressed[1] = ASN1_UNCOMPRESSED_KEY;
361 memcpy(&uncompressed[2], PKITest::g_caPublicKey.data, PUBLIC_KEY_SIZE);
362 ByteArray uncomprArr = {uncompressed, PUBLIC_KEY_SIZE+2};
363 ParsePublicKey(&uncomprArr);
364 ASSERT_EQ((size_t)PUBLIC_KEY_SIZE, uncomprArr.len);
365 ASSERT_EQ(0, memcmp(uncomprArr.data, PKITest::g_caPublicKey.data, PUBLIC_KEY_SIZE));
368 //test checking of certificate generated by OpenSSL
369 TEST(OpenSSLCompatibility, verifyOpenSslCertSign)
371 ByteArray crtDer = BYTE_ARRAY_INITIALIZER;
372 CertificateX509 certificate;
374 FILE *fileCert = fopen("01.der", "rb");
375 ASSERT_TRUE(fileCert != NULL);
378 fseek(fileCert, 0, SEEK_END);
379 crtDer.len = ftell(fileCert);
380 fseek(fileCert, 0, SEEK_SET);
382 crtDer.data = (uint8_t*)malloc(crtDer.len+1);
384 EXPECT_EQ(READ_WRITE_BLOCK_N, fread(crtDer.data, crtDer.len, READ_WRITE_BLOCK_N, fileCert));
387 ByteArray pubKey = BYTE_ARRAY_INITIALIZER;
388 FILE * fileKey = fopen("capub.der", "rb");
389 ASSERT_TRUE(fileKey != NULL);
390 fseek(fileKey, 0, SEEK_END);
391 pubKey.len = ftell(fileKey);
392 fseek(fileKey, 0, SEEK_SET);
393 //openssl generates a public key that is longer than 64 bytes
394 //with additional 27 bytes prepending the actual key
395 if(pubKey.len > PUBLIC_KEY_SIZE){
396 fseek(fileKey, (pubKey.len - PUBLIC_KEY_SIZE), SEEK_SET);
397 pubKey.len = PUBLIC_KEY_SIZE;
399 pubKey.data = (uint8_t*)malloc(pubKey.len+1);
401 EXPECT_EQ(READ_WRITE_BLOCK_N, fread(pubKey.data, pubKey.len, READ_WRITE_BLOCK_N, fileKey));
404 EXPECT_EQ(PKI_SUCCESS, DecodeCertificate(crtDer, &certificate));
405 EXPECT_EQ(PKI_SUCCESS, CheckCertificate(crtDer, pubKey));
411 //test parsing of certificate chain generated by OpenSSL
412 TEST(CertificateChain, LoadCertificateChain)
414 ByteArray crtChainDer[MAX_CHAIN_LEN] = {{0,0},};
415 CertificateX509 crtChain[MAX_CHAIN_LEN] = {{{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0}},};
416 ByteArray msg = BYTE_ARRAY_INITIALIZER;
419 FILE *file = fopen("cert_chain.dat", "rb");
421 ASSERT_TRUE(file != NULL);
425 msg.data = (uint8_t *) realloc (msg.data, msg.len + 1);
426 msg.data[msg.len] = fgetc (file);
431 INC_BYTE_ARRAY(msg, 3);
432 EXPECT_EQ(PKI_SUCCESS, LoadCertificateChain (msg, crtChainDer, &chainLength));
434 printf("chain len: %d\n", chainLength);
436 EXPECT_EQ(PKI_UNKNOWN_OID, ParseCertificateChain (crtChainDer, crtChain, chainLength));
441 //test checking CA certificate generated by OpenSSL
442 TEST(OpenSSLCompatibility, testOpenSSLCertificate)
444 ByteArray crtDer = BYTE_ARRAY_INITIALIZER;
445 FILE *fileCert = fopen("cacert.der", "rb");
446 ASSERT_TRUE(fileCert != NULL);
449 fseek(fileCert, 0, SEEK_END);
450 crtDer.len = ftell(fileCert);
451 fseek(fileCert, 0, SEEK_SET);
453 crtDer.data = (uint8_t*)malloc(crtDer.len+1);
455 EXPECT_EQ(READ_WRITE_BLOCK_N, fread(crtDer.data, crtDer.len, READ_WRITE_BLOCK_N, fileCert));
459 printf("Length of cert: %lu\n", crtDer.len);
461 EXPECT_EQ(PKI_SUCCESS, DecodeCertificate(crtDer, &PKITest::g_certificate));
465 //test signatures checking of certificate chain generated by OpenSSL
466 TEST(OpenSSLCompatibility, ParseAndCheckCertificateChain)
468 ByteArray crtChainDer[MAX_CHAIN_LEN] = {{0,0},};
469 CertificateX509 crtChain[MAX_CHAIN_LEN] = {{{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0}},};
470 ByteArray msg = BYTE_ARRAY_INITIALIZER;
473 const char* chainPath = {"chain.der"};
474 FILE *fileChain = fopen(chainPath, "rb");
475 ASSERT_TRUE(fileChain != NULL);
478 fseek(fileChain, 0, SEEK_END);
479 msg.len = ftell(fileChain);
480 fseek(fileChain, 0, SEEK_SET);
482 msg.data = (uint8_t*)malloc(msg.len+1);
484 EXPECT_EQ(READ_WRITE_BLOCK_N, fread(msg.data, msg.len, READ_WRITE_BLOCK_N, fileChain));
488 INC_BYTE_ARRAY(msg, 3);
489 EXPECT_EQ(PKI_SUCCESS, LoadCertificateChain(msg, crtChainDer, &chainLength));
490 EXPECT_EQ(3, chainLength);
492 printf("Length of the chain: %d\n", chainLength);
495 EXPECT_EQ(PKI_SUCCESS, ParseCertificateChain(crtChainDer, crtChain, chainLength));
497 ByteArray caPubKey = BYTE_ARRAY_INITIALIZER;
499 const char* caPubKeyPath = {"capub.der"};
500 FILE *fileCaPubKey = fopen(caPubKeyPath, "rb");
501 ASSERT_TRUE(fileCaPubKey != NULL);
503 fseek(fileCaPubKey, 0, SEEK_END);
504 caPubKey.len = ftell(fileCaPubKey);
505 fseek(fileCaPubKey, 0, SEEK_SET);
506 if(caPubKey.len > PUBLIC_KEY_SIZE){
507 fseek(fileCaPubKey, (caPubKey.len - PUBLIC_KEY_SIZE), SEEK_SET);
508 caPubKey.len = PUBLIC_KEY_SIZE;
510 caPubKey.data = (uint8_t*)malloc(caPubKey.len+1);
512 EXPECT_EQ(READ_WRITE_BLOCK_N, fread(caPubKey.data, caPubKey.len, READ_WRITE_BLOCK_N, fileCaPubKey));
513 fclose(fileCaPubKey);
515 EXPECT_EQ(PKI_SUCCESS, CheckCertificateChain(crtChain, chainLength, caPubKey));
521 //testing correctness of decoding certificate length from ASN.1 structure
522 TEST(CRL, testDecodeLength)
524 ByteArray cert = BYTE_ARRAY_INITIALIZER;
526 EXPECT_EQ(PKI_NULL_PASSED, DecodeLength(&cert, &length));
529 size_t derLength = (size_t)rand() % LEN_LONG;
530 cert.len = derLength + 2;
531 uint8_t *certData = (uint8_t*)malloc(cert.len);
532 cert.data = certData;
533 cert.data[0] = (uint8_t)0x30; //mixed types
534 cert.data[1] = (uint8_t)(derLength & 0xff);
535 EXPECT_EQ(PKI_SUCCESS, DecodeLength(&cert, &length));
536 EXPECT_EQ(derLength, length);
540 //testing serial number storage
541 TEST(CRL, StoreSerialNumber)
543 uint8_t data[10] = {0x01, 0x82, 0x01, 0xd1, 0x30, 0x82, 0x01, 0x77, 0xa0, 0x03};
544 const ByteArray sn = { data, sizeof(data) / sizeof(uint8_t)};
546 for (i = 0; i < 400; i++)
549 ASSERT_EQ(PKI_SUCCESS, StoreSerialNumber(sn));
551 ASSERT_EQ(PKI_CERT_REVOKED, CheckSerialNumber(sn));
554 ASSERT_EQ(PKI_SUCCESS, CheckSerialNumber(sn));
558 #ifdef ARDUINO_MEMORY_DEBUG
559 //testing memory allocation fault handling at Arduino
560 TEST(SNStore, MemoryOverflow)
562 uint8_t data[10] = {0x01, 0x82, 0x01, 0xd1, 0x30, 0x82, 0x01, 0x77, 0xa0, 0x03};
563 const ByteArray sn = { data, sizeof(data) / sizeof(uint8_t)};
568 res = StoreSerialNumber(sn);
570 while (res == PKI_SUCCESS);
571 ASSERT_EQ(PKI_MEMORY_ALLOC_FAILED, res);
575 #endif /* ARDUINO_MEMORY_DEBUG */
577 //testing next certificate serial number handling by "CKM info" unit
578 TEST_F(PKITest, CAInitAndSerialNum)
580 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
581 long serialNum = rand() % (MAX_LEN - 1) + 1;
582 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
583 //all the serials should start from
584 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(serialNum));
586 ASSERT_EQ(PKI_SUCCESS, GetNextSerialNumber(&nextSerial));
587 ASSERT_EQ(nextSerial, serialNum);
588 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
591 //testing CA name handling by "CKM info" unit
592 TEST_F(PKITest, testCAName)
594 ByteArray caName = BYTE_ARRAY_INITIALIZER;
595 caName.len = ((size_t)rand() % (ISSUER_MAX_NAME_SIZE - 1) + 1);
596 caName.data = (uint8_t*)malloc(caName.len);
598 for(i = 0; i < caName.len; i++){
599 caName.data[i] = (uint8_t)(rand() % 128);
601 EXPECT_EQ(PKI_SUCCESS, InitCKMInfo());
602 EXPECT_EQ(PKI_SUCCESS, SetRootName(caName));
603 ByteArray getName = BYTE_ARRAY_INITIALIZER;
604 uint8_t uint8CAName[ISSUER_MAX_NAME_SIZE] = {0};
605 getName.data = uint8CAName;
606 getName.len = ISSUER_MAX_NAME_SIZE;
607 EXPECT_EQ(PKI_SUCCESS, GetCAName(&getName));
608 EXPECT_EQ(0, memcmp(caName.data, getName.data, caName.len));
610 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
613 //testing key pair generation and storing by "CKM info" unit
614 TEST_F(PKITest, testKeyPair)
616 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
617 rootName.data = (uint8_t *)"ROOT";
618 rootName.len = strlen((char *)rootName.data);
619 SetRootName(rootName);
621 //first test the GenerateCAKeyPair - this writes to the CA storage
622 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
623 privKeyIss.len = PRIVATE_KEY_SIZE;
624 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
625 privKeyIss.data = caPrivKey;
627 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
628 pubKeyIss.len = PUBLIC_KEY_SIZE;
629 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
630 pubKeyIss.data = caPubKey;
632 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
633 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
635 ByteArray keyCheck = BYTE_ARRAY_INITIALIZER;
636 keyCheck.len = PUBLIC_KEY_SIZE;
637 uint8_t keyCheckData[PUBLIC_KEY_SIZE] = {0};
638 keyCheck.data = keyCheckData;
639 ASSERT_EQ(PKI_SUCCESS, GetCAPrivateKey(&keyCheck));
640 ASSERT_EQ(0, memcmp(keyCheck.data, privKeyIss.data, PRIVATE_KEY_SIZE));
642 ASSERT_EQ(PKI_SUCCESS, GetCAPublicKey(&keyCheck));
643 ASSERT_EQ(0, memcmp(keyCheck.data, pubKeyIss.data, PUBLIC_KEY_SIZE));
645 //now test the GenerateKeyPair - does not write to the CA storage
646 ASSERT_EQ(PKI_SUCCESS, GenerateKeyPair(&privKeyIss, &pubKeyIss));
648 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
649 ASSERT_EQ(PKI_SUCCESS, GetCAPrivateKey(&keyCheck));
650 ASSERT_NE(0, memcmp(keyCheck.data, privKeyIss.data, PRIVATE_KEY_SIZE));
652 ASSERT_EQ(PKI_SUCCESS, GetCAPublicKey(&keyCheck));
653 ASSERT_NE(0, memcmp(keyCheck.data, pubKeyIss.data, PUBLIC_KEY_SIZE));
654 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
657 //testing CRL encoding
658 TEST_F(PKITest, testEncodeCRL)
662 uint8_t *uint8ThisUpdateTime = (uint8_t *)"130101000000Z";
663 uint32_t numberOfRevoked = 0;
664 uint32_t revokedNumbers[2];
665 const uint8_t *revocationDates[2];
667 ByteArray code = BYTE_ARRAY_INITIALIZER;
668 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
669 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
670 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
672 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
673 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
675 pubKeyIss.data = caPubKey;
676 pubKeyIss.len = PUBLIC_KEY_SIZE;
677 privKeyIss.data = caPrivKey;
678 privKeyIss.len = PRIVATE_KEY_SIZE;
682 revokedNumbers[0] = 100; // serial number of first revoked certificate
683 revokedNumbers[1] = 200; // serial number of second revoked certificate
684 revocationDates[0] = (const uint8_t *)"130101000001Z";
685 revocationDates[1] = (const uint8_t *)"130101000002Z";
687 rootName.data = (uint8_t *)"ROOT2";
688 rootName.len = strlen((char *)rootName.data);
689 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
690 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
691 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
693 code.data = (uint8_t *)calloc(1,
694 (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)));
695 code.len = (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4));
697 EXPECT_EQ(PKI_SUCCESS,CKMIssueCRL(uint8ThisUpdateTime, numberOfRevoked, revokedNumbers,
698 revocationDates,&code));
699 EXPECT_EQ(PKI_SUCCESS, DecodeCertificateList (code, &crl, pubKeyIss));
707 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
710 //check correctness of certificate revocation by CKMIssueCRL() and CKMRevocateCertificate()
711 TEST_F(PKITest, testRevocateCertificate)
715 uint8_t *uint8ThisUpdateTime = (uint8_t *)"130101000000Z";
716 uint32_t numberOfRevoked = 0;
717 uint32_t revokedNumbers[2];
718 const uint8_t *revocationDates[2];
720 ByteArray code = BYTE_ARRAY_INITIALIZER;
721 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
722 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
723 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
725 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
726 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
728 pubKeyIss.data = caPubKey;
729 pubKeyIss.len = sizeof(caPubKey);
730 privKeyIss.data = caPrivKey;
731 privKeyIss.len = sizeof(caPrivKey);
735 revokedNumbers[0] = 100; // serial number of first revoked certificate
736 revokedNumbers[1] = 200; // serial number of second revoked certificate
737 revocationDates[0] = (const uint8_t *)"130101000001Z";
738 revocationDates[1] = (const uint8_t *)"130101000002Z";
740 rootName.data = (uint8_t *)"ROOT2";
741 rootName.len = strlen((char *)rootName.data);
742 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
743 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
744 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
746 code.len = CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4);
747 code.data = (uint8_t *)calloc(1, code.len);
749 EXPECT_EQ(PKI_SUCCESS, CKMIssueCRL (uint8ThisUpdateTime, numberOfRevoked, revokedNumbers,
750 revocationDates, &code));
751 EXPECT_EQ(PKI_SUCCESS, DecodeCertificateList (code, &crl, pubKeyIss));
754 code.len = CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4);
755 code.data = (uint8_t *)calloc(1, code.len);
756 EXPECT_EQ(PKI_SUCCESS, CKMRevocateCertificate (uint8ThisUpdateTime, 50, &code));
757 EXPECT_EQ(PKI_SUCCESS, DecodeCertificateList (code, &crl, pubKeyIss));
765 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
768 //checck correctness of saving root certificate to binary file
769 TEST_F(PKITest, StoreCKMInfo)
771 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
772 uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
773 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
774 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
775 const long serNum = 48598490;
777 uint8_t *uint8ThisUpdateTime = (uint8_t *)"130101000000Z";
778 uint32_t numberOfRevoked = 0;
779 uint32_t revokedNumbers[2];
780 const uint8_t *revocationDates[2];
782 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
783 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
784 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
785 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
786 ByteArray code = BYTE_ARRAY_INITIALIZER;
788 certDer.data = derData;
789 certDer.len = ISSUER_MAX_CERT_SIZE;
790 pubKeyIss.data = caPubKey;
791 pubKeyIss.len = PUBLIC_KEY_SIZE;
792 privKeyIss.data = caPrivKey;
793 privKeyIss.len = PRIVATE_KEY_SIZE;
794 rootName.data = (uint8_t *)"ROOT";
795 rootName.len = strlen((char *)rootName.data);
797 //generate CA Certificate
798 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
799 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(serNum));
800 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
801 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate(0, 0, &certDer));
804 numberOfRevoked = NUMBER_OF_REVOKED;
806 revokedNumbers[0] = 100; // serial number of first revoked certificate
807 revokedNumbers[1] = 200; // serial number of second revoked certificate
808 revocationDates[0] = (const uint8_t *)"130101000001Z";
809 revocationDates[1] = (const uint8_t *)"130101000002Z";
811 code.data = (uint8_t *)calloc(1,
812 (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)));
813 code.len = (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4));
815 ASSERT_EQ(PKI_SUCCESS, CKMIssueCRL (uint8ThisUpdateTime, numberOfRevoked, revokedNumbers,
816 revocationDates, &code));
818 // Check Certificate file
819 CertificateX509 certificate;
820 ByteArray crtDer = BYTE_ARRAY_INITIALIZER;
821 FILE *filePtr = fopen(CA_STORAGE_CRT_FILE , "rb");
822 ASSERT_TRUE(filePtr != NULL);
825 fseek(filePtr, 0, SEEK_END);
826 crtDer.len = ftell(filePtr);
827 fseek(filePtr, 0, SEEK_SET);
829 crtDer.data = (uint8_t*)malloc(crtDer.len+1);
831 EXPECT_EQ(READ_WRITE_BLOCK_N, fread(crtDer.data, crtDer.len, READ_WRITE_BLOCK_N, filePtr));
834 crtCheck.data = crtDer.data + 3; //now file contains length of certificate
835 crtCheck.len = crtDer.len - 3;
836 EXPECT_EQ(PKI_SUCCESS, DecodeCertificate(crtCheck, &certificate));
838 PrintCertificate(&certificate);
842 ByteArray crlDer = BYTE_ARRAY_INITIALIZER;
843 crlDer.len = (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4));
844 crlDer.data = (uint8_t *)malloc(crlDer.len);
846 EXPECT_EQ(PKI_SUCCESS, GetCertificateRevocationList(&crlDer));
848 EXPECT_EQ(PKI_SUCCESS, DecodeCertificateList (crlDer, &crl, pubKeyIss));
852 EXPECT_EQ(PKI_SUCCESS, CloseCKMInfo());
858 //check correctness of root certificate generation
859 TEST_F(PKITest, GenerateRootCertificate)
861 uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
862 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
863 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
865 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
866 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
867 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
868 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
870 certDer.data = derData;
871 certDer.len = sizeof(derData);
873 pubKeyIss.data = caPubKey;
874 pubKeyIss.len = sizeof(caPubKey);
875 privKeyIss.data = caPrivKey;
876 privKeyIss.len = sizeof(caPrivKey);
877 rootName.data = (uint8_t *)"ROOT";
878 rootName.len = strlen((char *)rootName.data);
879 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
881 for (int i = 1; i <= RUNS; i++)
883 ASSERT_EQ(PKI_SUCCESS, GenerateCAKeyPair(&privKeyIss, &pubKeyIss));
884 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(i));
885 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
886 ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate(0, 0, &certDer));
888 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
890 ASSERT_NE(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
892 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
894 ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
897 //check correctness of ordinal device certificate generation
898 TEST_F(PKITest, GenerateDeviceCertificate)
900 uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
901 uint8_t subjPubKey[PUBLIC_KEY_SIZE] = {0};
902 uint8_t subjPrivKey[PRIVATE_KEY_SIZE] = {0};
903 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
904 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
905 uint8_t *subjName = (uint8_t *)"Subject Name";
907 ByteArray certDer = BYTE_ARRAY_INITIALIZER;
908 ByteArray pubKeyIss = BYTE_ARRAY_INITIALIZER;
909 ByteArray privKeyIss = BYTE_ARRAY_INITIALIZER;
910 ByteArray pubKeySubj = BYTE_ARRAY_INITIALIZER;
911 ByteArray privKeySubj = BYTE_ARRAY_INITIALIZER;
912 ByteArray rootName = BYTE_ARRAY_INITIALIZER;
914 certDer.data = derData;
915 certDer.len = ISSUER_MAX_CERT_SIZE;
917 pubKeyIss.data = caPubKey;
918 pubKeyIss.len = sizeof(caPubKey);
919 privKeyIss.data = caPrivKey;
920 privKeyIss.len = sizeof(caPrivKey);
921 pubKeySubj.data = subjPubKey;
922 pubKeySubj.len = sizeof(subjPubKey);
923 privKeySubj.data = subjPrivKey;
924 privKeySubj.len = sizeof(subjPrivKey);
925 rootName.data = (uint8_t *)"ROOT2";
926 rootName.len = strlen((char *)rootName.data);
927 ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
929 ASSERT_EQ(GenerateCAKeyPair(&privKeyIss, &pubKeyIss), PKI_SUCCESS);
930 for (int i = 1; i <= RUNS; i++)
932 ASSERT_EQ(PKI_SUCCESS, GenerateKeyPair(&privKeySubj, &pubKeySubj));
933 ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(i));
934 ASSERT_EQ(PKI_SUCCESS, SetRootName(rootName));
935 ASSERT_EQ(PKI_SUCCESS, CKMIssueDeviceCertificate(subjName, 0, 0, subjPubKey, &certDer));
937 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
939 ASSERT_NE(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
941 ASSERT_EQ(PKI_SUCCESS, CheckCertificate(certDer, pubKeyIss));
943 ASSERT_EQ(CloseCKMInfo(), PKI_SUCCESS);
946 //check correctness of saving CRL to storage and loading CRL from storage
947 TEST_F(PKITest, CRLSetGet)
949 OicSecCrl_t *defaultCrl = NULL;
950 defaultCrl = (OicSecCrl_t *)OICCalloc(1, sizeof(OicSecCrl_t));
951 defaultCrl->CrlId = CRL_DEFAULT_CRL_ID;
952 defaultCrl->CrlData.data = (uint8_t *)CRL_DEFAULT_CRL_DATA;
953 defaultCrl->CrlData.len = strlen(CRL_DEFAULT_CRL_DATA);
954 defaultCrl->ThisUpdate.data = (uint8_t *)CRL_DEFAULT_THIS_UPDATE;
955 defaultCrl->ThisUpdate.len = strlen(CRL_DEFAULT_THIS_UPDATE);
956 EXPECT_EQ(OC_STACK_OK, UpdateCRLResource(defaultCrl));
958 EXPECT_NE((void *)NULL, GetBase64CRL());
964 int main(int argc, char **argv)
966 ::testing::InitGoogleTest(&argc, argv);
967 return RUN_ALL_TESTS();