1 #include <dpl/test/test_runner.h>
2 #include <dpl/test/test_runner_child.h>
4 #include <tests_common.h>
5 #include <test-certs.h>
6 #include <ckm-common.h>
7 #include <access_provider2.h>
9 #include <ckm/ckm-manager.h>
10 #include <ckm/ckm-control.h>
11 #include <ckm/ckm-type.h>
13 #include <ckmc/ckmc-manager.h>
14 #include <ckmc/ckmc-control.h>
15 #include <ckmc/ckmc-type.h>
16 #include <ckmc/ckmc-error.h>
18 #include <ckm-common.h>
27 const int USER_APP = 5000;
28 const int GROUP_APP = 5000;
29 const char* USER_PASS = "user-pass";
30 const char* TEST_LABEL = "test_label";
31 const char* TEST_SYSTEM_ALIAS = "system-alias-1";
32 const char* TEST_DATA = "ABCD";
33 } // namespace anonymous
36 RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
38 RUNNER_TEST(T3010_Control_C_API_service_unlock_DB)
42 RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(0)),
43 CKMCReadableError(temp));
44 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
45 CKMCReadableError(temp));
46 RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(0, "test-pass")),
47 CKMCReadableError(temp));
49 RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(4999)),
50 CKMCReadableError(temp));
51 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(4999)),
52 CKMCReadableError(temp));
53 RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(4999, "test-pass")),
54 CKMCReadableError(temp));
56 remove_user_data(5000);
57 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(5000)),
58 CKMCReadableError(temp));
59 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(5000)),
60 CKMCReadableError(temp));
61 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(5000, "test-pass")),
62 CKMCReadableError(temp));
65 RUNNER_TEST(T3011_Control_C_API)
69 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
70 CKMCReadableError(temp));
72 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
73 CKMCReadableError(temp));
76 RUNNER_TEST(T3012_Control_C_API)
80 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
81 CKMCReadableError(temp));
82 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
83 CKMCReadableError(temp));
86 RUNNER_TEST(T3013_Control_C_API)
90 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
91 CKMCReadableError(temp));
94 RUNNER_TEST(T3014_Control_C_API)
97 const uid_t UNIQUE_USER = 6500;
99 // clean up environment
100 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
101 CKMCReadableError(temp));
102 // unlock with empty password
103 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
104 CKMCReadableError(temp));
105 // reset password (NULL, "simple-password")
106 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
107 CKMCReadableError(temp));
108 // get rid of NULL DKEK
109 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, "simple-password")),
110 CKMCReadableError(temp));
112 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(UNIQUE_USER)),
113 CKMCReadableError(temp));
114 // try to reset password when db locked
115 RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
116 CKMCReadableError(temp));
117 // clean up environment
118 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
119 CKMCReadableError(temp));
122 RUNNER_TEST(T3015_Control_C_API)
127 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
128 CKMCReadableError(temp));
130 CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")),
131 CKMCReadableError(temp));
132 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
133 CKMCReadableError(temp));
134 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
135 CKMCReadableError(temp));
138 RUNNER_TEST(T3016_Control_C_API)
143 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
144 CKMCReadableError(temp));
146 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
147 CKMCReadableError(temp));
150 RUNNER_TEST(T3017_Control_C_API_remove_system_DB)
152 save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA);
154 // [test] - expect success
155 check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA);
157 // remove user data - expect to map to the system DB
160 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)),
161 CKMCReadableError(temp));
163 // [test] - expect fail
164 check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
167 RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
169 RUNNER_TEST(T3021_init_C_API)
175 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
176 CKMCReadableError(temp));
179 RUNNER_TEST(T3022_key_C_API)
183 ckmc_key_s test_key, *test_key2;
184 ckmc_policy_s test_policy;
186 char* password = NULL;
187 CKM::Alias alias = sharedDatabase("mykey");
189 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
190 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
191 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
192 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
193 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
194 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
195 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
197 "-----END PUBLIC KEY-----";
199 char* char_keypem = new char[keyPem.length() + 1];
201 std::strcpy(char_keypem, keyPem.c_str());
202 test_key.raw_key = (unsigned char *)char_keypem;
203 test_key.key_size = keyPem.length();
204 test_key.key_type = CKMC_KEY_RSA_PUBLIC;
205 test_key.password = password;
207 test_policy.password = password;
208 test_policy.extractable = 1;
210 test_key2 = &test_key;
213 CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), test_key, test_policy)),
214 CKMCReadableError(temp));
217 CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
218 CKMCReadableError(temp));
221 RUNNER_TEST(T3023_certificate_C_API)
225 std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
227 char* password = NULL;
231 CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
233 ckmc_policy_s test_policy;
234 test_policy.password = password;
235 test_policy.extractable = 1;
237 char* char_certPem = new char[certPem.length() + 1];
238 std::strcpy(char_certPem, certPem.c_str());
239 cert.raw_cert = (unsigned char *)char_certPem;
240 cert.cert_size = certPem.length();
241 cert.data_format = CKMC_FORM_PEM;
244 CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
245 CKMCReadableError(temp));
248 CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
249 CKMCReadableError(temp));
251 ckmc_cert_free(cert2);
254 RUNNER_TEST(T3024_certificate_remove_C_API)
258 char* password = NULL;
260 CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
263 CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
264 CKMCReadableError(temp));
265 ckmc_cert_free(cert2);
268 CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias.c_str())),
269 CKMCReadableError(temp));
272 CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
273 CKMCReadableError(temp));
276 RUNNER_TEST(T3025_certificate_list_C_API)
280 std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
282 char* password = NULL;
285 ckmc_policy_s test_policy;
286 test_policy.password = password;
287 test_policy.extractable = 1;
289 char* char_certPem = new char[certPem.length() + 1];
290 std::strcpy(char_certPem, certPem.c_str());
291 cert.raw_cert = (unsigned char *)char_certPem;
292 cert.cert_size = certPem.length();
293 cert.data_format = CKMC_FORM_PEM;
295 size_t current_aliases_num = count_aliases(ALIAS_CERT);
298 CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)),
299 CKMCReadableError(temp));
302 CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)),
303 CKMCReadableError(temp));
306 CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)),
307 CKMCReadableError(temp));
309 size_t actual_cnt = count_aliases(ALIAS_CERT);
311 (current_aliases_num+3) == actual_cnt,
312 "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
316 RUNNER_CHILD_TEST(T3026_user_app_save_key_C_API)
318 ScopedAccessProvider ap("mylabel");
319 ap.allowAPI("key-manager::api-storage", "rw");
320 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
322 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
323 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
324 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
325 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
326 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
327 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
328 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
330 "-----END PUBLIC KEY-----";
334 ckmc_key_s test_key, *test_key2;
335 ckmc_policy_s test_policy;
337 char* password = NULL;
338 const char *passwordPolicy = "x";
339 const char *alias = "mykey";
340 char* char_keypem = new char[keyPem.length() + 1];
342 std::strcpy(char_keypem, keyPem.c_str());
343 test_key.raw_key = (unsigned char *)char_keypem;
344 test_key.key_size = keyPem.length();
345 test_key.key_type = CKMC_KEY_RSA_PUBLIC;
346 test_key.password = password;
348 test_policy.password = const_cast<char *>(passwordPolicy);
349 test_policy.extractable = 1;
351 test_key2 = &test_key;
355 CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
356 CKMCReadableError(temp));
358 CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)),
359 CKMCReadableError(temp));
361 // RUNNER_ASSERT_MSG(
362 // key.getDER() == key2.getDER(), "Key value has been changed by service");
365 RUNNER_CHILD_TEST(T3027_app_user_save_keys_exportable_flag)
367 ScopedAccessProvider ap("mylabel");
368 ap.allowAPI("key-manager::api-storage", "rw");
369 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
372 auto manager = CKM::Manager::create();
374 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
375 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
376 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
377 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
378 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
379 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
380 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
382 "-----END PUBLIC KEY-----";
384 ckmc_policy_s test_policy;
385 ckmc_key_s test_key, *test_key2;
386 char* char_keypem = new char[keyPem.length() + 1];
387 char* password = NULL;
389 std::strcpy(char_keypem, keyPem.c_str());
390 test_key.raw_key = (unsigned char *)char_keypem;
391 test_key.key_size = keyPem.length();
392 test_key.key_type = CKMC_KEY_RSA_PUBLIC;
393 test_key.password = password;
395 test_policy.password = password;
396 test_policy.extractable = 0;
399 CKMC_ERROR_NONE == (temp = ckmc_save_key("appkey1", test_key, test_policy)),
400 CKMCReadableError(temp));
403 CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key("appkey1", password, &test_key2)),
404 CKMCReadableError(temp));
408 RUNNER_TEST(T3028_certificate_with_DSA_key_C_API)
412 std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
414 char* password = NULL;
415 ckmc_cert_s *cert2 = NULL;
418 ckmc_policy_s test_policy;
419 test_policy.password = password;
420 test_policy.extractable = 1;
422 char* char_certPem = new char[certPem.length() + 1];
423 std::strcpy(char_certPem, certPem.c_str());
424 cert.raw_cert = (unsigned char *)char_certPem;
425 cert.cert_size = certPem.length();
426 cert.data_format = CKMC_FORM_PEM;
428 CKM::Alias alias = sharedDatabase("test-cert-1-DSA");
430 CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
431 CKMCReadableError(temp));
434 CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
435 CKMCReadableError(temp));
437 ckmc_cert_free(cert2);
440 RUNNER_TEST(T3029_deinit_C_API)
446 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
447 CKMCReadableError(temp));
449 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
450 CKMCReadableError(temp));
454 RUNNER_TEST_GROUP_INIT (T3030_CKMC_QUICK_GET_ALIAS_TESTS_C_API);
456 RUNNER_TEST(T3031_init_C_API)
462 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
463 CKMCReadableError(temp));
466 RUNNER_TEST(T3032_save_keys_get_alias_C_API)
470 char* password = NULL;
471 ckmc_policy_s test_policy1, test_policy2, test_policy3;
474 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
475 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
476 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
477 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
478 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
479 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
480 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
482 "-----END PUBLIC KEY-----";
484 char* char_keypem = new char[keyPem.length() + 1];
486 std::strcpy(char_keypem, keyPem.c_str());
487 test_key.raw_key = (unsigned char *)char_keypem;
488 test_key.key_size = keyPem.length();
489 test_key.key_type = CKMC_KEY_RSA_PUBLIC;
490 test_key.password = password;
492 test_policy1.password = password;
493 test_policy1.extractable = 1;
495 test_policy2.password = password;
496 test_policy2.extractable = 0;
498 test_policy3.password = password;
499 test_policy3.extractable = 0;
501 size_t current_aliases_num = count_aliases(ALIAS_KEY);
504 CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)),
505 CKMCReadableError(temp));
508 CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)),
509 CKMCReadableError(temp));
512 CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)),
513 CKMCReadableError(temp));
515 size_t actual_cnt = count_aliases(ALIAS_KEY);
517 (current_aliases_num+3) == actual_cnt,
518 "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
522 RUNNER_TEST(T3033_remove_key_C_API)
526 char* password = NULL;
528 ckmc_key_s *test_key2;
530 CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
531 CKMCReadableError(temp));
534 CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())),
535 CKMCReadableError(temp));
538 CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
539 CKMCReadableError(temp));
542 RUNNER_TEST(T3034_deinit_C_API)
548 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
549 CKMCReadableError(temp));
551 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
552 CKMCReadableError(temp));
555 RUNNER_TEST_GROUP_INIT (T3040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API);
557 RUNNER_TEST(T3041_init_C_API)
562 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
563 CKMCReadableError(temp));
566 RUNNER_TEST(T3042_save_get_bin_data_C_API)
570 ckmc_raw_buffer_s testData1, testData2, testData3;
571 char* password = NULL;
573 std::string binData1 = "My bin data1";
574 std::string binData2 = "My bin data2";
575 std::string binData3 = "My bin data3";
576 char* char_binData1 = new char[binData1.length() + 1];
577 char* char_binData2 = new char[binData2.length() + 1];
578 char* char_binData3 = new char[binData3.length() + 1];
579 std::strcpy(char_binData1, binData1.c_str());
580 std::strcpy(char_binData2, binData2.c_str());
581 std::strcpy(char_binData3, binData3.c_str());
582 testData1.data = (unsigned char *) char_binData1;
583 testData2.data = (unsigned char *) char_binData2;
584 testData3.data = (unsigned char *) char_binData3;
585 testData1.size = binData1.length()+1;
586 testData2.size = binData2.length()+1;
587 testData3.size = binData3.length()+1;
589 ckmc_policy_s test_policy1, test_policy2, test_policy3;
591 test_policy1.password = password;
592 test_policy1.extractable = 1;
593 test_policy2.password = password;
594 test_policy2.extractable = 1;
595 test_policy3.password = password;
596 test_policy3.extractable = 0;
598 size_t current_aliases_num = count_aliases(ALIAS_DATA);
601 CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value
602 CKMCReadableError(temp));
605 CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value
606 CKMCReadableError(temp));
609 CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)),
610 CKMCReadableError(temp));
613 CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)),
614 CKMCReadableError(temp));
616 size_t actual_cnt = count_aliases(ALIAS_DATA);
618 (current_aliases_num+3) == actual_cnt,
619 "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
621 ckmc_raw_buffer_s *testData4;
623 CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)),
624 CKMCReadableError(temp));
627 compareResult = (strcmp((const char *)testData2.data, (const char *)testData4->data));
628 RUNNER_ASSERT_MSG( compareResult == 0,
632 RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
634 ScopedAccessProvider ap("mylabel");
635 ap.allowAPI("key-manager::api-storage", "rw");
636 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
639 ckmc_raw_buffer_s testData1;
640 char* password = NULL;
641 std::string binData1 = "My bin data";
642 char* char_binData1 = new char[binData1.length() + 1];
643 std::strcpy(char_binData1, binData1.c_str());
644 testData1.data = (unsigned char *) char_binData1;
645 testData1.size = binData1.length()+1;
647 ckmc_policy_s test_policy1, test_policy2;
649 test_policy1.password = password;
650 test_policy1.extractable = 1;
652 test_policy2.password = password;
653 test_policy2.extractable = 1;
655 std::string binData = "My bin data";
657 size_t current_aliases_num = count_aliases(ALIAS_DATA);
660 CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
661 CKMCReadableError(temp));
663 CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata2", testData1, test_policy1)),
664 CKMCReadableError(temp));
666 CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
667 CKMCReadableError(temp));
669 size_t actual_cnt = count_aliases(ALIAS_DATA);
671 (current_aliases_num+3) == actual_cnt,
672 "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
675 RUNNER_TEST(T3044_remove_bin_data_C_API)
679 size_t current_aliases_num = count_aliases(ALIAS_DATA, 2);
682 CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())),
683 CKMCReadableError(temp));
685 CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())),
686 CKMCReadableError(temp));
688 size_t actual_cnt = count_aliases(ALIAS_DATA);
690 (current_aliases_num-2) == actual_cnt,
691 "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << actual_cnt);
693 char* password = NULL;
695 ckmc_raw_buffer_s *testData1, testData2;
697 std::string testStr = "My bin data2";
698 char* char_testData2 = new char[testStr.length() + 1];
699 std::strcpy(char_testData2, testStr.c_str());
700 testData2.data = (unsigned char *) char_testData2;
701 testData2.size = testStr.length()+1;
703 CKM::RawBuffer buffer;
705 CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)),
706 CKMCReadableError(temp));
709 compareResult = (strcmp((const char *)testData2.data, (const char *)testData1->data));
710 RUNNER_ASSERT_MSG( compareResult == 0,
714 CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)),
715 CKMCReadableError(temp));
718 RUNNER_TEST(T3045_deinit_C_API)
724 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
725 CKMCReadableError(temp));
727 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
728 CKMCReadableError(temp));
731 RUNNER_TEST_GROUP_INIT(T305_CKMC_QUICK_CREATE_PAIR_CAPI);
733 RUNNER_TEST(T3051_CAPI_init)
738 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
739 CKMCReadableError(temp));
742 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
743 CKMCReadableError(temp));
746 RUNNER_CHILD_TEST(T3052_CAPI_create_rsa_key)
750 ScopedAccessProvider ap("mylabel");
751 ap.allowAPI("key-manager::api-storage", "rw");
752 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
755 const char *private_key_alias = "RSA-test-1-priv";
756 const char *public_key_alias = "RSA-test-1-pub";
757 ckmc_policy_s policy_private_key;
758 ckmc_policy_s policy_public_key;
760 policy_private_key.password = NULL;
761 policy_private_key.extractable = 1;
763 policy_public_key.password = NULL;
764 policy_public_key.extractable = 1;
767 size_t current_aliases_num = count_aliases(ALIAS_KEY);
770 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
771 CKMCReadableError(temp));
773 size_t actual_cnt = count_aliases(ALIAS_KEY);
775 (current_aliases_num+2) == actual_cnt,
776 "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
778 ckmc_key_s *privateKey;
780 CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
781 CKMCReadableError(temp));
783 privateKey->key_type == CKMC_KEY_RSA_PRIVATE,
784 "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
786 privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
787 "Private key is broken.");
789 ckmc_key_s *publicKey;
791 CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &publicKey)),
792 CKMCReadableError(temp));
794 publicKey->key_type == CKMC_KEY_RSA_PUBLIC,
795 "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PUBLIC) << ", actual=" << static_cast<int>(publicKey->key_type));
797 publicKey != NULL && publicKey->key_size > 0 && publicKey->raw_key != NULL,
798 "Public key is broken.");
800 // on next attempt to generate keys with the same alias, expect fail (alias exists)
802 CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
803 CKMCReadableError(temp));
806 RUNNER_CHILD_TEST(T3053_CAPI_create_dsa_key)
810 AccessProvider ap("mylabel");
811 ap.allowAPI("key-manager::api-storage", "rw");
812 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
815 const char *private_key_alias = "DSA-test-2-priv";
816 const char *public_key_alias = "DSA-test-2-pub";
817 ckmc_policy_s policy_private_key;
818 ckmc_policy_s policy_public_key;
820 policy_private_key.password = NULL;
821 policy_private_key.extractable = 1;
823 policy_public_key.password = NULL;
824 policy_public_key.extractable = 1;
826 size_t current_aliases_num = count_aliases(ALIAS_KEY);
829 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
830 CKMCReadableError(temp));
832 size_t actual_cnt = count_aliases(ALIAS_KEY);
834 (current_aliases_num+2) == actual_cnt,
835 "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
837 ckmc_key_s *privateKey = 0;
839 CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
840 CKMCReadableError(temp));
842 privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
843 "Private key is broken.");
845 privateKey->key_type == CKMC_KEY_DSA_PRIVATE,
846 "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
847 ckmc_key_free(privateKey);
849 ckmc_key_s *pubKey = 0;
851 CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &pubKey)),
852 CKMCReadableError(temp));
854 pubKey != NULL && pubKey->key_size > 0 && pubKey->raw_key != NULL,
855 "Public key is broken.");
857 pubKey->key_type == CKMC_KEY_DSA_PUBLIC,
858 "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PUBLIC) << ", actual=" << static_cast<int>(pubKey->key_type));
859 ckmc_key_free(pubKey);
861 // on next attempt to generate keys with the same alias, expect fail (alias exists)
863 CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
864 CKMCReadableError(temp));
868 RUNNER_TEST(T3054_CAPI_deinit)
873 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
874 CKMCReadableError(temp));
876 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
877 CKMCReadableError(temp));
881 RUNNER_TEST_GROUP_INIT(T306_CKMC_CAPI_CreateKeyPair);
883 RUNNER_TEST(T3061_CAPI_init)
886 reset_user_data(USER_APP, USER_PASS);
889 RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
894 CKM::Alias private_key_alias = sharedDatabase("rsa-test-1");
895 CKM::Alias public_key_alias = sharedDatabase("rsa-test-2");
896 ckmc_policy_s policy_private_key;
897 ckmc_policy_s policy_public_key;
899 policy_private_key.password = const_cast<char *>("privatepassword");
900 policy_private_key.extractable = 0;
902 policy_public_key.password = NULL;
903 policy_public_key.extractable = 1;
906 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
907 CKMCReadableError(temp));
909 // on next attempt to generate keys with the same alias, expect fail (alias exists)
911 CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
912 CKMCReadableError(temp));
915 RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA)
920 CKM::Alias private_key_alias = sharedDatabase("dsa-test-1");
921 CKM::Alias public_key_alias = sharedDatabase("dsa-test-2");
922 ckmc_policy_s policy_private_key;
923 ckmc_policy_s policy_public_key;
925 policy_private_key.password = const_cast<char *>("privatepassword");
926 policy_private_key.extractable = 0;
928 policy_public_key.password = NULL;
929 policy_public_key.extractable = 1;
932 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
933 CKMCReadableError(temp));
936 RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA)
940 ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
941 CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1");
942 CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2");
943 ckmc_policy_s policy_private_key;
944 ckmc_policy_s policy_public_key;
946 policy_private_key.password = const_cast<char *>("privatepassword");
947 policy_private_key.extractable = 0;
949 policy_public_key.password = NULL;
950 policy_public_key.extractable = 1;
953 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
954 CKMCReadableError(temp));
957 RUNNER_TEST(T3065_CAPI_deinit)
963 //RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
967 RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS);
969 RUNNER_TEST(T3071_CAPI_init)
974 RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
976 std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
977 std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
980 c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
981 c_cert.cert_size = ee.size();
982 c_cert.data_format = CKMC_FORM_PEM;
985 c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
986 c_cert1.cert_size = im.size();
987 c_cert1.data_format = CKMC_FORM_PEM;
989 ckmc_cert_list_s untrustedcerts;
990 untrustedcerts.cert = &c_cert1;
991 untrustedcerts.next = NULL;
993 ckmc_cert_list_s *cert_chain_list;
995 int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
997 CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
999 RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain.");
1001 ckmc_ocsp_status_e ocsp_status;
1002 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
1003 RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
1006 RUNNER_TEST(T3075_CAPI_deinit)
1008 remove_user_data(0);
1012 RUNNER_TEST_GROUP_INIT(T308_CAPI_CREATE_AND_VERIFY_SIGNATURE);
1014 RUNNER_TEST(T3081_CAPI__init)
1019 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
1020 CKMCReadableError(temp));
1023 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
1024 CKMCReadableError(temp));
1026 remove_user_data(0);
1029 RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
1033 std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
1034 "Proc-Type: 4,ENCRYPTED\n"
1035 "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
1037 "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
1038 "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
1039 "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
1040 "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
1041 "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
1042 "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
1043 "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
1044 "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
1045 "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
1046 "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
1047 "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
1048 "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
1049 "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
1050 "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
1051 "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
1052 "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
1053 "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
1054 "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
1055 "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
1056 "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
1057 "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
1058 "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
1059 "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
1060 "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
1061 "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
1062 "-----END RSA PRIVATE KEY-----\n";
1064 std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1065 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1066 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1067 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1068 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1069 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1070 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1072 "-----END PUBLIC KEY-----\n";
1074 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1076 CKM::Alias pub_alias = sharedDatabase("pub1");
1077 CKM::Alias pri_alias = sharedDatabase("prv1");
1078 const char *key_passwd = "1234";
1079 char *pri_passwd = NULL;
1080 char *pub_passwd = NULL;
1081 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1082 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1083 ckmc_raw_buffer_s *signature;
1086 pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1087 pubkey.key_size = pub.size();
1088 pubkey.key_type = CKMC_KEY_NONE;
1089 pubkey.password = NULL;
1091 ckmc_policy_s pubpolicy;
1092 pubpolicy.password = pub_passwd;
1093 pubpolicy.extractable = 0;
1095 ckmc_policy_s pripolicy;
1096 pripolicy.password = pri_passwd;
1097 pripolicy.extractable = 1;
1100 prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1101 prikey.key_size = prv.size();
1102 prikey.key_type = CKMC_KEY_NONE;
1103 prikey.password = const_cast<char *>(key_passwd);
1107 CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1108 CKMCReadableError(temp));
1111 CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
1112 CKMCReadableError(temp));
1115 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1122 CKMCReadableError(temp));
1125 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1132 CKMCReadableError(temp));
1135 RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
1139 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
1140 CKM::Alias pub_alias = sharedDatabase("pub1");
1141 CKM::Alias pri_alias = sharedDatabase("prv1");
1142 char *pri_passwd = NULL;
1143 char *pub_passwd = NULL;
1144 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1145 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1146 ckmc_raw_buffer_s *signature;
1149 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1156 CKMCReadableError(temp));
1159 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1166 CKMCReadableError(temp));
1168 RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1169 memcpy((void*)signature->data, "BROKEN", 6);
1172 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1179 CKMCReadableError(temp));
1182 RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
1186 std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
1187 "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
1188 "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
1189 "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
1190 "-----END EC PRIVATE KEY-----\n";
1192 std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1193 "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
1194 "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
1195 "-----END PUBLIC KEY-----\n";
1197 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1198 CKM::Alias pri_alias = sharedDatabase("ecprv2");
1199 CKM::Alias pub_alias = sharedDatabase("ecpub2");
1200 char *key_passwd = NULL;
1201 char *pri_passwd = NULL;
1202 char *pub_passwd = NULL;
1203 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1204 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1205 ckmc_raw_buffer_s *signature;
1208 pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1209 pubkey.key_size = pub.size();
1210 pubkey.key_type = CKMC_KEY_NONE;
1211 pubkey.password = NULL;
1213 ckmc_policy_s pubpolicy;
1214 pubpolicy.password = pub_passwd;
1215 pubpolicy.extractable = 1;
1218 prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1219 prikey.key_size = prv.size();
1220 prikey.key_type = CKMC_KEY_NONE;
1221 prikey.password = key_passwd;
1223 ckmc_policy_s pripolicy;
1224 pripolicy.password = pri_passwd;
1225 pripolicy.extractable = 0;
1228 CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
1229 CKMCReadableError(temp));
1231 CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1232 CKMCReadableError(temp));
1235 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1242 CKMCReadableError(temp));
1245 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1252 CKMCReadableError(temp));
1254 RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1255 memcpy((void*)signature->data, "BROKEN", 6);
1258 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1265 CKMCReadableError(temp));
1268 RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
1273 "-----BEGIN RSA PRIVATE KEY-----\n"
1274 "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
1275 "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
1276 "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
1277 "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
1278 "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
1279 "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
1280 "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
1281 "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
1282 "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
1283 "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
1284 "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
1285 "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
1286 "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
1287 "-----END RSA PRIVATE KEY-----\n";
1290 "-----BEGIN CERTIFICATE-----\n"
1291 "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
1292 "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
1293 "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
1294 "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
1295 "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
1296 "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
1297 "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
1298 "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
1299 "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
1300 "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
1301 "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
1302 "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
1303 "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
1304 "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
1305 "-----END CERTIFICATE-----\n";
1307 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1309 CKM::Alias pri_alias = sharedDatabase("prv3");
1310 CKM::Alias pub_alias = sharedDatabase("pub3");
1311 char *key_passwd = NULL;
1312 char *pri_passwd = NULL;
1313 char *pub_passwd = NULL;
1314 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1315 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1316 ckmc_raw_buffer_s *signature;
1319 cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1320 cert.cert_size = pub.size();
1321 cert.data_format = CKMC_FORM_PEM;
1323 ckmc_policy_s certpolicy;
1324 certpolicy.password = pub_passwd;
1325 certpolicy.extractable = 1;
1328 prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1329 prikey.key_size = prv.size();
1330 prikey.key_type = CKMC_KEY_NONE;
1331 prikey.password = key_passwd;
1333 ckmc_policy_s pripolicy;
1334 pripolicy.password = pri_passwd;
1335 pripolicy.extractable = 0;
1338 CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
1339 CKMCReadableError(temp));
1341 CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1342 CKMCReadableError(temp));
1346 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1353 CKMCReadableError(temp));
1356 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1363 CKMCReadableError(temp));
1365 RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1366 memcpy((void*)signature->data, "BROKEN", 6);
1369 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1376 CKMCReadableError(temp));
1379 RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
1383 const std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1384 "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
1385 "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
1386 "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
1387 "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
1388 "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
1389 "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
1390 "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
1391 "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
1392 "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
1393 "YMYCBhubtrVaLmc=\n"
1394 "-----END PUBLIC KEY-----";
1396 const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
1397 "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
1398 "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
1399 "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
1400 "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
1401 "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
1402 "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
1403 "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
1404 "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
1405 "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
1406 "u1roOuaPY+Hl19BlTE2qdw==\n"
1407 "-----END DSA PRIVATE KEY-----";
1409 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1411 CKM::Alias pub_alias = sharedDatabase("dsa-pub1");
1412 CKM::Alias pri_alias = sharedDatabase("dsa-prv1");
1413 char *pri_passwd = NULL;
1414 char *pub_passwd = NULL;
1415 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1416 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1417 ckmc_raw_buffer_s *signature = NULL;
1420 pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1421 pubkey.key_size = pub.size();
1422 pubkey.key_type = CKMC_KEY_NONE;
1423 pubkey.password = NULL;
1425 ckmc_policy_s pubpolicy;
1426 pubpolicy.password = pub_passwd;
1427 pubpolicy.extractable = 0;
1429 ckmc_policy_s pripolicy;
1430 pripolicy.password = pri_passwd;
1431 pripolicy.extractable = 1;
1434 prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(priv.c_str()));
1435 prikey.key_size = priv.size();
1436 prikey.key_type = CKMC_KEY_NONE;
1437 prikey.password = NULL;
1441 CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1442 CKMCReadableError(temp));
1445 CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
1446 CKMCReadableError(temp));
1449 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1456 CKMCReadableError(temp));
1460 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1467 CKMCReadableError(temp));
1470 ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
1472 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1479 CKMCReadableError(temp));
1481 ckmc_buffer_free(signature);
1484 RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative)
1489 ckmc_policy_s policy_private_key;
1490 ckmc_policy_s policy_public_key;
1492 policy_private_key.password = NULL;
1493 policy_private_key.extractable = 1;
1495 policy_public_key.password = NULL;
1496 policy_public_key.extractable = 1;
1498 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1500 CKM::Alias pub_alias = sharedDatabase("dsa-pub2");
1501 CKM::Alias pri_alias = sharedDatabase("dsa-prv2");
1504 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
1507 char *pri_passwd = NULL;
1508 char *pub_passwd = NULL;
1509 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1510 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1511 ckmc_raw_buffer_s *signature;
1513 ckmc_key_s *pubkey = NULL;
1514 ckmc_key_s *prikey = NULL;
1516 CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias.c_str(), 0, &prikey)),
1517 CKMCReadableError(temp));
1520 CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias.c_str(), 0, &pubkey)),
1521 CKMCReadableError(temp));
1524 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1531 CKMCReadableError(temp));
1535 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1542 CKMCReadableError(temp));
1545 ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
1547 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1554 CKMCReadableError(temp));
1556 ckmc_key_free(prikey);
1557 ckmc_key_free(pubkey);
1558 ckmc_buffer_free(signature);
1561 RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
1566 "-----BEGIN EC PRIVATE KEY-----\n"
1567 "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
1568 "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
1569 "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
1570 "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
1571 "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
1572 "ELyhe7yPCAuOoLZlTLgf\n"
1573 "-----END EC PRIVATE KEY-----\n";
1576 "-----BEGIN CERTIFICATE-----\n"
1577 "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
1578 "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
1579 "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
1580 "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
1581 "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
1582 "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
1583 "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
1584 "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
1585 "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
1586 "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
1587 "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
1588 "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
1589 "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
1590 "Q1oBry6NEc+lLFmWMDesAA==\n"
1591 "-----END CERTIFICATE-----\n";
1593 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1595 CKM::Alias pri_alias = sharedDatabase("prv4");
1596 CKM::Alias pub_alias = sharedDatabase("pub4");
1597 char *key_passwd = NULL;
1598 char *pri_passwd = NULL;
1599 char *pub_passwd = NULL;
1600 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1601 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1602 ckmc_raw_buffer_s *signature;
1605 cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1606 cert.cert_size = pub.size();
1607 cert.data_format = CKMC_FORM_PEM;
1609 ckmc_policy_s certpolicy;
1610 certpolicy.password = pub_passwd;
1611 certpolicy.extractable = 1;
1614 prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1615 prikey.key_size = prv.size();
1616 prikey.key_type = CKMC_KEY_NONE;
1617 prikey.password = key_passwd;
1619 ckmc_policy_s pripolicy;
1620 pripolicy.password = pri_passwd;
1621 pripolicy.extractable = 0;
1625 CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
1626 CKMCReadableError(temp));
1628 CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1629 CKMCReadableError(temp));
1632 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1639 CKMCReadableError(temp));
1642 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1649 CKMCReadableError(temp));
1651 RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1652 memcpy((void*)signature->data, "BROKEN", 6);
1655 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1662 CKMCReadableError(temp));
1665 RUNNER_TEST(T3089_CAPI__deinit)
1667 remove_user_data(0);
1671 //#######################################################################################
1673 void _assertKey(ckmc_key_s *key, unsigned char *raw_key, unsigned int key_size, ckmc_key_type_e key_type, char *password)
1675 RUNNER_ASSERT_MSG(key->key_size == key_size, "Key Size Error" );
1676 RUNNER_ASSERT_MSG(key->key_type == key_type, "Key Type Error" );
1678 if(key->password != NULL && password != NULL) {
1679 RUNNER_ASSERT_MSG(strcmp(key->password, password) == 0, "Password Error" );
1680 }else if(key->password == NULL && password == NULL) {
1681 RUNNER_ASSERT_MSG(true, "Password Error" );
1683 RUNNER_ASSERT_MSG(false, "Password Error" );
1686 if(key->raw_key != NULL && raw_key != NULL) {
1687 for(unsigned int i=0; i<key_size; i++) {
1688 RUNNER_ASSERT_MSG((key->raw_key)[i] == raw_key[i], "Raw Key Error" );
1690 }else if(key->raw_key == NULL && raw_key == NULL) {
1691 RUNNER_ASSERT_MSG(true, "Raw Key Error" );
1693 RUNNER_ASSERT_MSG(false, "Raw Key Error" );
1697 RUNNER_TEST_GROUP_INIT(T309_CKMC_CAPI_TYPES);
1699 RUNNER_TEST(T3091_CAPI_TYPE_init)
1701 remove_user_data(0);
1702 reset_user_data(USER_APP, USER_PASS);
1705 RUNNER_TEST(T3092_CAPI_TYPE_KEY)
1707 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
1708 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1709 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1710 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1711 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1712 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1713 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1715 "-----END PUBLIC KEY-----";
1717 unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
1718 unsigned int key_size = keyPem.size();
1719 ckmc_key_type_e key_type = CKMC_KEY_NONE;
1720 char *password = const_cast< char *>("");
1723 ckmc_key_new(raw_key, key_size, key_type, password, &key);
1725 _assertKey(key, raw_key, key_size, key_type, password);
1728 char *passwordNull = NULL;
1730 ckmc_key_new(raw_key, key_size, key_type, passwordNull, &key2);
1731 ckmc_key_free(key2);
1734 RUNNER_TEST(T3093_CAPI_TYPE_BUFFER)
1736 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
1737 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1738 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1739 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1740 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1741 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1742 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1744 "-----END PUBLIC KEY-----";
1746 unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
1747 unsigned int size = keyPem.size();
1749 ckmc_raw_buffer_s *buff;
1750 ckmc_buffer_new(data, size, &buff);
1752 RUNNER_ASSERT_MSG(buff->size == size, "Size Error" );
1754 if(buff->data != NULL && data != NULL) {
1755 for(unsigned int i=0; i<size; i++) {
1756 RUNNER_ASSERT_MSG((buff->data)[i] == data[i], "Raw data Error" );
1758 }else if(buff->data == NULL && data == NULL) {
1759 RUNNER_ASSERT_MSG(true, "Raw data Error" );
1761 RUNNER_ASSERT_MSG(false, "Raw data Error" );
1764 ckmc_buffer_free(buff);
1767 RUNNER_TEST(T3094_CAPI_TYPE_CERT)
1769 std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
1771 unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
1772 unsigned int size = certPem.size();
1773 ckmc_data_format_e form = CKMC_FORM_PEM;
1775 ckmc_cert_s *ckmCert;
1776 ckmc_cert_new(raw_cert, size, form, &ckmCert);
1778 RUNNER_ASSERT_MSG(ckmCert->cert_size == size, "Size Error" );
1780 if(ckmCert->raw_cert != NULL && raw_cert != NULL) {
1781 for(unsigned int i=0; i<size; i++) {
1782 RUNNER_ASSERT_MSG((ckmCert->raw_cert)[i] == raw_cert[i], "Raw data Error" );
1784 }else if(ckmCert->raw_cert == NULL && raw_cert == NULL) {
1785 RUNNER_ASSERT_MSG(true, "raw_cert Error" );
1787 RUNNER_ASSERT_MSG(false, "raw_cert Error" );
1790 RUNNER_ASSERT_MSG(ckmCert->data_format == form, "ckmc_cert_form Error" );
1792 ckmc_cert_free(ckmCert);
1796 RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file)
1800 std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
1802 const char *file_name = "/tmp/ckmc_test_cert.pem";
1806 cert_file = fopen(file_name, "w");
1807 fprintf(cert_file, "%s",certStr.c_str());
1813 CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
1814 CKMCReadableError(ret));
1817 pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
1819 CKM::Alias lcert_alias = sharedDatabase("lcert_alias");
1820 ckmc_policy_s policy;
1821 policy.password = NULL;
1822 policy.extractable = 1;
1825 CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias.c_str(), *pcert, policy)),
1826 CKMCReadableError(ret));
1831 RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) {
1832 const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
1833 const char *password = "password";
1837 ckmc_key_s *private_key = NULL;
1838 ckmc_cert_s *cert = NULL;
1839 ckmc_cert_list_s *ca_cert_list = NULL;
1842 CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file(p12file, password,
1843 &private_key, &cert, &ca_cert_list)),
1845 RUNNER_ASSERT_MSG(private_key != NULL, "Null private_key");
1846 RUNNER_ASSERT_MSG(cert != NULL, "Null cert");
1847 RUNNER_ASSERT_MSG(ca_cert_list != NULL, "Null ca_cert_list");
1849 ckmc_policy_s policy;
1850 policy.password = NULL;
1851 policy.extractable = 1;
1854 CKM::Alias pkey_alias = sharedDatabase("pkey_alias");
1856 CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)),
1857 CKMCReadableError(temp));
1859 CKM::Alias cert_alias = sharedDatabase("cert_alias");
1861 CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)),
1862 CKMCReadableError(temp));
1863 std::string caCertAlias = sharedDatabase("ca_cert_alias_");
1864 const char *idx = "0";
1866 ckmc_cert_list_s *tmpList = ca_cert_list;
1867 while(tmpList != NULL) {
1868 caCertAlias.append(idx);
1870 CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
1871 CKMCReadableError(temp));
1872 tmpList = tmpList->next;
1876 RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
1878 ckmc_key_free(private_key);
1879 ckmc_cert_free(cert);
1880 ckmc_cert_list_all_free(ca_cert_list);
1883 RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
1884 const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
1885 const char *password = "password";
1889 ckmc_pkcs12_s *ppkcs12 = NULL;
1892 CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
1893 CKMCReadableError(temp));
1894 RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
1895 RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
1896 RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
1898 ckmc_policy_s policy;
1899 policy.password = NULL;
1900 policy.extractable = 1;
1903 CKM::Alias pkey_alias = sharedDatabase("pkey_alias2");
1905 CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)),
1906 CKMCReadableError(temp));
1908 CKM::Alias cert_alias = sharedDatabase("cert_alias2");
1910 CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)),
1911 CKMCReadableError(temp));
1912 std::string caCertAlias = sharedDatabase("ca_cert_alias_2_");
1913 const char *idx = "0";
1915 ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
1916 while(tmpList != NULL) {
1917 caCertAlias.append(idx);
1919 CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
1920 CKMCReadableError(temp));
1921 tmpList = tmpList->next;
1925 RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
1927 ckmc_pkcs12_free(ppkcs12);
1930 RUNNER_TEST(T3098_CAPI_TYPE_deinit)
1933 remove_user_data(0);
1935 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
1936 CKMCReadableError(temp));
1938 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
1939 CKMCReadableError(temp));
1942 RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12);
1946 CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export");
1947 CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export");
1950 RUNNER_TEST(T3101_CAPI_PKCS12_init)
1952 remove_user_data(0);
1955 RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
1957 const char *wrong_passwd = "wrong";
1958 ckmc_pkcs12_s *ppkcs12 = NULL;
1961 CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
1962 CKMCReadableError(temp));
1965 RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
1967 ckmc_pkcs12_s *ppkcs12 = NULL;
1970 CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
1971 CKMCReadableError(temp));
1973 RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
1974 RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
1975 RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
1978 ckmc_policy_s exportable;
1979 exportable.password = NULL;
1980 exportable.extractable = 1;
1981 ckmc_policy_s notExportable;
1982 notExportable.password = NULL;
1983 notExportable.extractable = 0;
1986 CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
1987 CKMCReadableError(temp));
1989 CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
1990 CKMCReadableError(temp));
1992 CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
1993 CKMCReadableError(temp));
1995 CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
1996 CKMCReadableError(temp));
1998 // try to lookup key
1999 ckmc_key_s *key_lookup = NULL;
2001 CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
2002 CKMCReadableError(temp));
2003 ckmc_key_free(key_lookup);
2006 CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
2007 CKMCReadableError(temp));
2008 ckmc_key_free(key_lookup);
2010 // try to lookup certificate
2011 ckmc_cert_s *cert_lookup = NULL;
2013 CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
2014 CKMCReadableError(temp));
2015 ckmc_cert_free(cert_lookup);
2018 CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
2019 CKMCReadableError(temp));
2020 ckmc_cert_free(cert_lookup);
2023 RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
2026 ckmc_pkcs12_s *pkcs = NULL;
2030 CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)),
2031 CKMCReadableError(temp));
2032 ckmc_pkcs12_free(pkcs);
2035 // fail - not exportable
2037 CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable.c_str(), NULL, NULL, &pkcs)),
2038 CKMCReadableError(temp));
2039 ckmc_pkcs12_free(pkcs);
2042 // success - exportable
2044 CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
2045 CKMCReadableError(temp));
2047 RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
2048 RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
2049 RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
2051 ckmc_cert_list_s *iter = pkcs->ca_chain;
2056 RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
2058 ckmc_pkcs12_free(pkcs);
2061 RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature)
2063 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
2066 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
2067 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
2068 ckmc_raw_buffer_s *signature = NULL;
2071 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
2072 alias_PKCS_exportable.c_str(),
2078 CKMCReadableError(temp));
2081 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
2082 alias_PKCS_exportable.c_str(),
2088 CKMCReadableError(temp));
2091 RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
2095 // remove the whole PKCS12 bundles
2097 CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable.c_str())),
2098 CKMCReadableError(tmp));
2100 CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable.c_str())),
2101 CKMCReadableError(tmp));
2103 // expect lookup fails due to unknown alias
2104 // try to lookup key
2105 ckmc_key_s *key_lookup = NULL;
2107 CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
2108 CKMCReadableError(tmp));
2109 ckmc_key_free(key_lookup);
2112 CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
2113 CKMCReadableError(tmp));
2114 ckmc_key_free(key_lookup);
2116 // try to lookup certificate
2117 ckmc_cert_s *cert_lookup = NULL;
2119 CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
2120 CKMCReadableError(tmp));
2121 ckmc_cert_free(cert_lookup);
2124 CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
2125 CKMCReadableError(tmp));
2126 ckmc_cert_free(cert_lookup);
2129 RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
2131 remove_user_data(0);
2135 RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE);
2137 RUNNER_TEST(T3201_CAPI_unlock_database)
2139 reset_user_data(USER_APP, USER_PASS);
2142 RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
2144 ScopedAccessProvider ap(TEST_LABEL);
2145 ap.allowAPI("key-manager::api-storage", "rw");
2146 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
2147 ScopedDBUnlock unlock(USER_APP, USER_PASS);
2150 CKM::Alias alias = "mykey";
2151 char *password = NULL;
2152 ckmc_key_s *test_key = NULL;
2155 CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
2158 RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
2161 RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
2163 ScopedAccessProvider ap(TEST_LABEL);
2164 ap.allowAPI("key-manager::api-storage", "rw");
2165 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
2166 ScopedDBUnlock unlock(USER_APP, USER_PASS);
2169 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
2170 CKMCReadableError(temp));
2173 RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
2175 ScopedAccessProvider ap(TEST_LABEL);
2176 ap.allowAPI("key-manager::api-storage", "rw");
2177 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
2180 CKM::Alias alias = "mykey";
2181 char *password = NULL;
2182 ckmc_key_s *test_key = NULL;
2185 CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
2186 CKMCReadableError(temp));
2188 RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
2191 RUNNER_TEST(T3204_deinit)
2193 remove_user_data(USER_APP);