1 #include <dpl/test/test_runner.h>
2 #include <dpl/test/test_runner_child.h>
4 #include <tests_common.h>
5 #include <test-certs.h>
6 #include <ckm-common.h>
7 #include <access_provider2.h>
9 #include <ckm/ckm-manager.h>
10 #include <ckm/ckm-control.h>
11 #include <ckm/ckm-type.h>
13 #include <ckmc/ckmc-manager.h>
14 #include <ckmc/ckmc-control.h>
15 #include <ckmc/ckmc-type.h>
16 #include <ckmc/ckmc-error.h>
18 #include <ckm-common.h>
28 const int USER_APP = 5000;
29 const int GROUP_APP = 5000;
30 const char* USER_PASS = "user-pass";
31 const char* TEST_LABEL = "test_label";
32 const char *const TEST_OBJECT1 = "OBJECT1";
33 const std::string TEST_ALIAS1 = aliasWithLabel(TEST_LABEL,TEST_OBJECT1);
34 const char* TEST_SYSTEM_ALIAS = "system-alias-1";
35 const char* TEST_DATA = "ABCD";
36 } // namespace anonymous
39 RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
41 RUNNER_TEST(T3010_Control_C_API_service_unlock_DB)
45 RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(0)),
46 CKMCReadableError(temp));
47 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
48 CKMCReadableError(temp));
49 RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(0, "test-pass")),
50 CKMCReadableError(temp));
52 RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(4999)),
53 CKMCReadableError(temp));
54 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(4999)),
55 CKMCReadableError(temp));
56 RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(4999, "test-pass")),
57 CKMCReadableError(temp));
59 remove_user_data(5000);
60 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(5000)),
61 CKMCReadableError(temp));
62 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(5000)),
63 CKMCReadableError(temp));
64 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(5000, "test-pass")),
65 CKMCReadableError(temp));
68 RUNNER_TEST(T3011_Control_C_API)
72 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
73 CKMCReadableError(temp));
75 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
76 CKMCReadableError(temp));
79 RUNNER_TEST(T3012_Control_C_API)
83 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
84 CKMCReadableError(temp));
85 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
86 CKMCReadableError(temp));
89 RUNNER_TEST(T3013_Control_C_API)
93 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
94 CKMCReadableError(temp));
97 RUNNER_TEST(T3014_Control_C_API)
100 const uid_t UNIQUE_USER = 6500;
102 // clean up environment
103 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
104 CKMCReadableError(temp));
105 // unlock with empty password
106 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
107 CKMCReadableError(temp));
108 // reset password (NULL, "simple-password")
109 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
110 CKMCReadableError(temp));
111 // get rid of NULL DKEK
112 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, "simple-password")),
113 CKMCReadableError(temp));
115 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(UNIQUE_USER)),
116 CKMCReadableError(temp));
117 // try to reset password when db locked
118 RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
119 CKMCReadableError(temp));
120 // clean up environment
121 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
122 CKMCReadableError(temp));
125 RUNNER_TEST(T3015_Control_C_API)
130 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
131 CKMCReadableError(temp));
133 CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")),
134 CKMCReadableError(temp));
135 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
136 CKMCReadableError(temp));
137 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
138 CKMCReadableError(temp));
141 RUNNER_TEST(T3016_Control_C_API)
146 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
147 CKMCReadableError(temp));
149 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
150 CKMCReadableError(temp));
153 RUNNER_TEST(T3017_Control_C_API_remove_system_DB)
155 save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA);
157 // [test] - expect success
158 check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA);
160 // remove user data - expect to map to the system DB
163 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(1234)),
164 CKMCReadableError(temp));
166 // [test] - expect fail
167 check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
170 RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
172 RUNNER_TEST(T3021_init_C_API)
178 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
179 CKMCReadableError(temp));
182 RUNNER_TEST(T3022_key_C_API)
186 ckmc_key_s test_key, *test_key2;
187 ckmc_policy_s test_policy;
189 char* password = NULL;
190 CKM::Alias alias = sharedDatabase("mykey");
192 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
193 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
194 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
195 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
196 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
197 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
198 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
200 "-----END PUBLIC KEY-----";
202 char* char_keypem = new char[keyPem.length() + 1];
204 std::strcpy(char_keypem, keyPem.c_str());
205 test_key.raw_key = (unsigned char *)char_keypem;
206 test_key.key_size = keyPem.length();
207 test_key.key_type = CKMC_KEY_RSA_PUBLIC;
208 test_key.password = password;
210 test_policy.password = password;
211 test_policy.extractable = 1;
213 test_key2 = &test_key;
216 CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), test_key, test_policy)),
217 CKMCReadableError(temp));
220 CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
221 CKMCReadableError(temp));
224 RUNNER_TEST(T3023_certificate_C_API)
228 std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
230 char* password = NULL;
234 CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
236 ckmc_policy_s test_policy;
237 test_policy.password = password;
238 test_policy.extractable = 1;
240 char* char_certPem = new char[certPem.length() + 1];
241 std::strcpy(char_certPem, certPem.c_str());
242 cert.raw_cert = (unsigned char *)char_certPem;
243 cert.cert_size = certPem.length();
244 cert.data_format = CKMC_FORM_PEM;
247 CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
248 CKMCReadableError(temp));
251 CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
252 CKMCReadableError(temp));
254 ckmc_cert_free(cert2);
257 RUNNER_TEST(T3024_certificate_remove_C_API)
261 char* password = NULL;
263 CKM::Alias alias = sharedDatabase("test-cert-1-RSA");
266 CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
267 CKMCReadableError(temp));
268 ckmc_cert_free(cert2);
271 CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias.c_str())),
272 CKMCReadableError(temp));
275 CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
276 CKMCReadableError(temp));
279 RUNNER_TEST(T3025_certificate_list_C_API)
283 std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
285 char* password = NULL;
288 ckmc_policy_s test_policy;
289 test_policy.password = password;
290 test_policy.extractable = 1;
292 char* char_certPem = new char[certPem.length() + 1];
293 std::strcpy(char_certPem, certPem.c_str());
294 cert.raw_cert = (unsigned char *)char_certPem;
295 cert.cert_size = certPem.length();
296 cert.data_format = CKMC_FORM_PEM;
298 size_t current_aliases_num = count_aliases(ALIAS_CERT);
301 CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test1").c_str(), cert, test_policy)),
302 CKMCReadableError(temp));
305 CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test2").c_str(), cert, test_policy)),
306 CKMCReadableError(temp));
309 CKMC_ERROR_NONE == (temp = ckmc_save_cert(sharedDatabase("cert_test3").c_str(), cert, test_policy)),
310 CKMCReadableError(temp));
312 size_t actual_cnt = count_aliases(ALIAS_CERT);
314 (current_aliases_num+3) == actual_cnt,
315 "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
319 RUNNER_CHILD_TEST(T3026_user_app_save_key_C_API)
321 ScopedAccessProvider ap("mylabel");
322 ap.allowAPI("key-manager::api-storage", "rw");
323 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
325 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
326 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
327 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
328 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
329 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
330 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
331 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
333 "-----END PUBLIC KEY-----";
337 ckmc_key_s test_key, *test_key2;
338 ckmc_policy_s test_policy;
340 char* password = NULL;
341 const char *passwordPolicy = "x";
342 const char *alias = "mykey";
343 char* char_keypem = new char[keyPem.length() + 1];
345 std::strcpy(char_keypem, keyPem.c_str());
346 test_key.raw_key = (unsigned char *)char_keypem;
347 test_key.key_size = keyPem.length();
348 test_key.key_type = CKMC_KEY_RSA_PUBLIC;
349 test_key.password = password;
351 test_policy.password = const_cast<char *>(passwordPolicy);
352 test_policy.extractable = 1;
354 test_key2 = &test_key;
358 CKMC_ERROR_NONE == (temp = ckmc_save_key(alias, test_key, test_policy)),
359 CKMCReadableError(temp));
361 CKMC_ERROR_NONE == (temp = ckmc_get_key(alias, passwordPolicy, &test_key2)),
362 CKMCReadableError(temp));
364 // RUNNER_ASSERT_MSG(
365 // key.getDER() == key2.getDER(), "Key value has been changed by service");
368 RUNNER_CHILD_TEST(T3027_app_user_save_keys_exportable_flag)
370 ScopedAccessProvider ap("mylabel");
371 ap.allowAPI("key-manager::api-storage", "rw");
372 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
375 auto manager = CKM::Manager::create();
377 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
378 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
379 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
380 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
381 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
382 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
383 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
385 "-----END PUBLIC KEY-----";
387 ckmc_policy_s test_policy;
388 ckmc_key_s test_key, *test_key2;
389 char* char_keypem = new char[keyPem.length() + 1];
390 char* password = NULL;
392 std::strcpy(char_keypem, keyPem.c_str());
393 test_key.raw_key = (unsigned char *)char_keypem;
394 test_key.key_size = keyPem.length();
395 test_key.key_type = CKMC_KEY_RSA_PUBLIC;
396 test_key.password = password;
398 test_policy.password = password;
399 test_policy.extractable = 0;
402 CKMC_ERROR_NONE == (temp = ckmc_save_key("appkey1", test_key, test_policy)),
403 CKMCReadableError(temp));
406 CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key("appkey1", password, &test_key2)),
407 CKMCReadableError(temp));
411 RUNNER_TEST(T3028_certificate_with_DSA_key_C_API)
415 std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
417 char* password = NULL;
418 ckmc_cert_s *cert2 = NULL;
421 ckmc_policy_s test_policy;
422 test_policy.password = password;
423 test_policy.extractable = 1;
425 char* char_certPem = new char[certPem.length() + 1];
426 std::strcpy(char_certPem, certPem.c_str());
427 cert.raw_cert = (unsigned char *)char_certPem;
428 cert.cert_size = certPem.length();
429 cert.data_format = CKMC_FORM_PEM;
431 CKM::Alias alias = sharedDatabase("test-cert-1-DSA");
433 CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
434 CKMCReadableError(temp));
437 CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
438 CKMCReadableError(temp));
440 ckmc_cert_free(cert2);
443 RUNNER_TEST(T3029_deinit_C_API)
449 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
450 CKMCReadableError(temp));
452 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
453 CKMCReadableError(temp));
457 RUNNER_TEST_GROUP_INIT (T3030_CKMC_QUICK_GET_ALIAS_TESTS_C_API);
459 RUNNER_TEST(T3031_init_C_API)
465 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
466 CKMCReadableError(temp));
469 RUNNER_TEST(T3032_save_keys_get_alias_C_API)
473 char* password = NULL;
474 ckmc_policy_s test_policy1, test_policy2, test_policy3;
477 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
478 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
479 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
480 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
481 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
482 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
483 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
485 "-----END PUBLIC KEY-----";
487 char* char_keypem = new char[keyPem.length() + 1];
489 std::strcpy(char_keypem, keyPem.c_str());
490 test_key.raw_key = (unsigned char *)char_keypem;
491 test_key.key_size = keyPem.length();
492 test_key.key_type = CKMC_KEY_RSA_PUBLIC;
493 test_key.password = password;
495 test_policy1.password = password;
496 test_policy1.extractable = 1;
498 test_policy2.password = password;
499 test_policy2.extractable = 0;
501 test_policy3.password = password;
502 test_policy3.extractable = 0;
504 size_t current_aliases_num = count_aliases(ALIAS_KEY);
507 CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey1").c_str(), test_key, test_policy1)),
508 CKMCReadableError(temp));
511 CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey2").c_str(), test_key, test_policy2)),
512 CKMCReadableError(temp));
515 CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("rootkey3").c_str(), test_key, test_policy3)),
516 CKMCReadableError(temp));
518 size_t actual_cnt = count_aliases(ALIAS_KEY);
520 (current_aliases_num+3) == actual_cnt,
521 "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
525 RUNNER_TEST(T3033_remove_key_C_API)
529 char* password = NULL;
531 ckmc_key_s *test_key2;
533 CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
534 CKMCReadableError(temp));
537 CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("rootkey1").c_str())),
538 CKMCReadableError(temp));
541 CKMC_ERROR_NONE != (temp = ckmc_get_key(sharedDatabase("rootkey1").c_str(), password, &test_key2)),
542 CKMCReadableError(temp));
545 RUNNER_TEST(T3034_deinit_C_API)
551 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
552 CKMCReadableError(temp));
554 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
555 CKMCReadableError(temp));
558 RUNNER_TEST_GROUP_INIT (T3040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API);
560 RUNNER_TEST(T3041_init_C_API)
563 reset_user_data(USER_APP, "simple-password");
566 RUNNER_TEST(T3042_save_get_bin_data_C_API)
570 ckmc_raw_buffer_s testData1, testData2, testData3;
571 char* password = NULL;
573 std::string binData1 = "My bin data1";
574 std::string binData2 = "My bin data2";
575 std::string binData3 = "My bin data3";
576 char* char_binData1 = new char[binData1.length() + 1];
577 char* char_binData2 = new char[binData2.length() + 1];
578 char* char_binData3 = new char[binData3.length() + 1];
579 std::strcpy(char_binData1, binData1.c_str());
580 std::strcpy(char_binData2, binData2.c_str());
581 std::strcpy(char_binData3, binData3.c_str());
582 testData1.data = (unsigned char *) char_binData1;
583 testData2.data = (unsigned char *) char_binData2;
584 testData3.data = (unsigned char *) char_binData3;
585 testData1.size = binData1.length()+1;
586 testData2.size = binData2.length()+1;
587 testData3.size = binData3.length()+1;
589 ckmc_policy_s test_policy1, test_policy2, test_policy3;
591 test_policy1.password = password;
592 test_policy1.extractable = 1;
593 test_policy2.password = password;
594 test_policy2.extractable = 1;
595 test_policy3.password = password;
596 test_policy3.extractable = 0;
598 size_t current_aliases_num = count_aliases(ALIAS_DATA);
601 CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data1").c_str(), testData1, test_policy1)), // should change it as null value
602 CKMCReadableError(temp));
605 CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data2").c_str(), testData2, test_policy1)), // should change it as null value
606 CKMCReadableError(temp));
609 CKMC_ERROR_NONE == (temp = ckmc_save_data(sharedDatabase("data3").c_str(), testData3, test_policy2)),
610 CKMCReadableError(temp));
613 CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data(sharedDatabase("data4").c_str(), testData3, test_policy3)),
614 CKMCReadableError(temp));
616 size_t actual_cnt = count_aliases(ALIAS_DATA);
618 (current_aliases_num+3) == actual_cnt,
619 "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
621 ckmc_raw_buffer_s *testData4;
623 CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData4)),
624 CKMCReadableError(temp));
627 compareResult = (strcmp((const char *)testData2.data, (const char *)testData4->data));
628 RUNNER_ASSERT_MSG( compareResult == 0,
632 RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
634 ScopedAccessProvider ap("mylabel");
635 ap.allowAPI("key-manager::api-storage", "rw");
636 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
639 ckmc_raw_buffer_s testData1;
640 char* password = NULL;
641 std::string binData1 = "My bin data";
642 char* char_binData1 = new char[binData1.length() + 1];
643 std::strcpy(char_binData1, binData1.c_str());
644 testData1.data = (unsigned char *) char_binData1;
645 testData1.size = binData1.length()+1;
647 ckmc_policy_s test_policy1, test_policy2;
649 test_policy1.password = password;
650 test_policy1.extractable = 1;
652 test_policy2.password = password;
653 test_policy2.extractable = 1;
655 std::string binData = "My bin data";
657 size_t current_aliases_num = count_aliases(ALIAS_DATA);
660 CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
661 CKMCReadableError(temp));
663 CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata2", testData1, test_policy1)),
664 CKMCReadableError(temp));
666 CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
667 CKMCReadableError(temp));
669 size_t actual_cnt = count_aliases(ALIAS_DATA);
671 (current_aliases_num+3) == actual_cnt,
672 "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
675 RUNNER_TEST(T3044_remove_bin_data_C_API)
679 size_t current_aliases_num = count_aliases(ALIAS_DATA, 2);
682 CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data1").c_str())),
683 CKMCReadableError(temp));
685 CKMC_ERROR_NONE == (temp = ckmc_remove_data(sharedDatabase("data3").c_str())),
686 CKMCReadableError(temp));
688 size_t actual_cnt = count_aliases(ALIAS_DATA);
690 (current_aliases_num-2) == actual_cnt,
691 "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << actual_cnt);
693 char* password = NULL;
695 ckmc_raw_buffer_s *testData1, testData2;
697 std::string testStr = "My bin data2";
698 char* char_testData2 = new char[testStr.length() + 1];
699 std::strcpy(char_testData2, testStr.c_str());
700 testData2.data = (unsigned char *) char_testData2;
701 testData2.size = testStr.length()+1;
703 CKM::RawBuffer buffer;
705 CKMC_ERROR_NONE == (temp = ckmc_get_data(sharedDatabase("data2").c_str(), password, &testData1)),
706 CKMCReadableError(temp));
709 compareResult = (strcmp((const char *)testData2.data, (const char *)testData1->data));
710 RUNNER_ASSERT_MSG( compareResult == 0,
714 CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data(sharedDatabase("data3").c_str(), password, &testData1)),
715 CKMCReadableError(temp));
718 RUNNER_TEST(T3045_save_big_data_C_API)
721 const size_t BIG_SIZE = 5000000; // can't go much further because of stack size limit
722 ScopedAccessProvider ap(TEST_LABEL, USER_APP, GROUP_APP);
724 char big_data[BIG_SIZE];
725 std::ifstream is("/dev/urandom", std::ifstream::binary);
727 is.read(big_data, BIG_SIZE);
729 RUNNER_ASSERT_MSG(is,
730 "Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom");
732 gc.save(TEST_ALIAS1.c_str(), big_data, BIG_SIZE, CKMC_ERROR_NONE);
734 check_read(TEST_OBJECT1, TEST_LABEL, big_data, BIG_SIZE, CKMC_ERROR_NONE);
737 RUNNER_TEST(T3050_deinit_C_API)
743 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
744 CKMCReadableError(temp));
746 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
747 CKMCReadableError(temp));
750 RUNNER_TEST_GROUP_INIT(T305_CKMC_QUICK_CREATE_PAIR_CAPI);
752 RUNNER_TEST(T3051_CAPI_init)
757 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
758 CKMCReadableError(temp));
761 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
762 CKMCReadableError(temp));
765 RUNNER_CHILD_TEST(T3052_CAPI_create_rsa_key)
769 ScopedAccessProvider ap("mylabel");
770 ap.allowAPI("key-manager::api-storage", "rw");
771 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
774 const char *private_key_alias = "RSA-test-1-priv";
775 const char *public_key_alias = "RSA-test-1-pub";
776 ckmc_policy_s policy_private_key;
777 ckmc_policy_s policy_public_key;
779 policy_private_key.password = NULL;
780 policy_private_key.extractable = 1;
782 policy_public_key.password = NULL;
783 policy_public_key.extractable = 1;
786 size_t current_aliases_num = count_aliases(ALIAS_KEY);
789 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
790 CKMCReadableError(temp));
792 size_t actual_cnt = count_aliases(ALIAS_KEY);
794 (current_aliases_num+2) == actual_cnt,
795 "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
797 ckmc_key_s *privateKey;
799 CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
800 CKMCReadableError(temp));
802 privateKey->key_type == CKMC_KEY_RSA_PRIVATE,
803 "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
805 privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
806 "Private key is broken.");
808 ckmc_key_s *publicKey;
810 CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &publicKey)),
811 CKMCReadableError(temp));
813 publicKey->key_type == CKMC_KEY_RSA_PUBLIC,
814 "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PUBLIC) << ", actual=" << static_cast<int>(publicKey->key_type));
816 publicKey != NULL && publicKey->key_size > 0 && publicKey->raw_key != NULL,
817 "Public key is broken.");
819 // on next attempt to generate keys with the same alias, expect fail (alias exists)
821 CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
822 CKMCReadableError(temp));
825 RUNNER_CHILD_TEST(T3053_CAPI_create_dsa_key)
829 AccessProvider ap("mylabel");
830 ap.allowAPI("key-manager::api-storage", "rw");
831 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
834 const char *private_key_alias = "DSA-test-2-priv";
835 const char *public_key_alias = "DSA-test-2-pub";
836 ckmc_policy_s policy_private_key;
837 ckmc_policy_s policy_public_key;
839 policy_private_key.password = NULL;
840 policy_private_key.extractable = 1;
842 policy_public_key.password = NULL;
843 policy_public_key.extractable = 1;
845 size_t current_aliases_num = count_aliases(ALIAS_KEY);
848 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
849 CKMCReadableError(temp));
851 size_t actual_cnt = count_aliases(ALIAS_KEY);
853 (current_aliases_num+2) == actual_cnt,
854 "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
856 ckmc_key_s *privateKey = 0;
858 CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
859 CKMCReadableError(temp));
861 privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
862 "Private key is broken.");
864 privateKey->key_type == CKMC_KEY_DSA_PRIVATE,
865 "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
866 ckmc_key_free(privateKey);
868 ckmc_key_s *pubKey = 0;
870 CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &pubKey)),
871 CKMCReadableError(temp));
873 pubKey != NULL && pubKey->key_size > 0 && pubKey->raw_key != NULL,
874 "Public key is broken.");
876 pubKey->key_type == CKMC_KEY_DSA_PUBLIC,
877 "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PUBLIC) << ", actual=" << static_cast<int>(pubKey->key_type));
878 ckmc_key_free(pubKey);
880 // on next attempt to generate keys with the same alias, expect fail (alias exists)
882 CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
883 CKMCReadableError(temp));
887 RUNNER_TEST(T3054_CAPI_deinit)
892 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
893 CKMCReadableError(temp));
895 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
896 CKMCReadableError(temp));
900 RUNNER_TEST_GROUP_INIT(T306_CKMC_CAPI_CreateKeyPair);
902 RUNNER_TEST(T3061_CAPI_init)
905 reset_user_data(USER_APP, USER_PASS);
908 RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
913 CKM::Alias private_key_alias = sharedDatabase("rsa-test-1");
914 CKM::Alias public_key_alias = sharedDatabase("rsa-test-2");
915 ckmc_policy_s policy_private_key;
916 ckmc_policy_s policy_public_key;
918 policy_private_key.password = const_cast<char *>("privatepassword");
919 policy_private_key.extractable = 0;
921 policy_public_key.password = NULL;
922 policy_public_key.extractable = 1;
925 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
926 CKMCReadableError(temp));
928 // on next attempt to generate keys with the same alias, expect fail (alias exists)
930 CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
931 CKMCReadableError(temp));
934 RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA)
939 CKM::Alias private_key_alias = sharedDatabase("dsa-test-1");
940 CKM::Alias public_key_alias = sharedDatabase("dsa-test-2");
941 ckmc_policy_s policy_private_key;
942 ckmc_policy_s policy_public_key;
944 policy_private_key.password = const_cast<char *>("privatepassword");
945 policy_private_key.extractable = 0;
947 policy_public_key.password = NULL;
948 policy_public_key.extractable = 1;
951 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
952 CKMCReadableError(temp));
955 RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA)
959 ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
960 CKM::Alias private_key_alias = sharedDatabase("ecdsa-test-1");
961 CKM::Alias public_key_alias = sharedDatabase("ecdsa-test-2");
962 ckmc_policy_s policy_private_key;
963 ckmc_policy_s policy_public_key;
965 policy_private_key.password = const_cast<char *>("privatepassword");
966 policy_private_key.extractable = 0;
968 policy_public_key.password = NULL;
969 policy_public_key.extractable = 1;
972 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
973 CKMCReadableError(temp));
976 RUNNER_TEST(T3065_CAPI_deinit)
982 //RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
986 RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS);
988 RUNNER_TEST(T3071_CAPI_init)
993 RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
995 std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
996 std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
999 c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
1000 c_cert.cert_size = ee.size();
1001 c_cert.data_format = CKMC_FORM_PEM;
1003 ckmc_cert_s c_cert1;
1004 c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
1005 c_cert1.cert_size = im.size();
1006 c_cert1.data_format = CKMC_FORM_PEM;
1008 ckmc_cert_list_s untrustedcerts;
1009 untrustedcerts.cert = &c_cert1;
1010 untrustedcerts.next = NULL;
1012 ckmc_cert_list_s *cert_chain_list;
1014 int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
1016 CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
1018 RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain.");
1020 ckmc_ocsp_status_e ocsp_status;
1021 RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
1022 RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
1025 RUNNER_TEST(T3075_CAPI_deinit)
1027 remove_user_data(0);
1031 RUNNER_TEST_GROUP_INIT(T308_CAPI_CREATE_AND_VERIFY_SIGNATURE);
1033 RUNNER_TEST(T3081_CAPI__init)
1038 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
1039 CKMCReadableError(temp));
1042 CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
1043 CKMCReadableError(temp));
1045 remove_user_data(0);
1048 RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
1052 std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
1053 "Proc-Type: 4,ENCRYPTED\n"
1054 "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
1056 "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
1057 "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
1058 "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
1059 "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
1060 "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
1061 "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
1062 "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
1063 "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
1064 "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
1065 "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
1066 "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
1067 "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
1068 "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
1069 "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
1070 "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
1071 "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
1072 "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
1073 "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
1074 "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
1075 "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
1076 "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
1077 "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
1078 "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
1079 "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
1080 "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
1081 "-----END RSA PRIVATE KEY-----\n";
1083 std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1084 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1085 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1086 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1087 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1088 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1089 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1091 "-----END PUBLIC KEY-----\n";
1093 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1095 CKM::Alias pub_alias = sharedDatabase("pub1");
1096 CKM::Alias pri_alias = sharedDatabase("prv1");
1097 const char *key_passwd = "1234";
1098 char *pri_passwd = NULL;
1099 char *pub_passwd = NULL;
1100 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1101 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1102 ckmc_raw_buffer_s *signature;
1105 pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1106 pubkey.key_size = pub.size();
1107 pubkey.key_type = CKMC_KEY_NONE;
1108 pubkey.password = NULL;
1110 ckmc_policy_s pubpolicy;
1111 pubpolicy.password = pub_passwd;
1112 pubpolicy.extractable = 0;
1114 ckmc_policy_s pripolicy;
1115 pripolicy.password = pri_passwd;
1116 pripolicy.extractable = 1;
1119 prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1120 prikey.key_size = prv.size();
1121 prikey.key_type = CKMC_KEY_NONE;
1122 prikey.password = const_cast<char *>(key_passwd);
1126 CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1127 CKMCReadableError(temp));
1130 CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
1131 CKMCReadableError(temp));
1134 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1141 CKMCReadableError(temp));
1144 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1151 CKMCReadableError(temp));
1154 RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
1158 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
1159 CKM::Alias pub_alias = sharedDatabase("pub1");
1160 CKM::Alias pri_alias = sharedDatabase("prv1");
1161 char *pri_passwd = NULL;
1162 char *pub_passwd = NULL;
1163 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1164 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1165 ckmc_raw_buffer_s *signature;
1168 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1175 CKMCReadableError(temp));
1178 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1185 CKMCReadableError(temp));
1187 RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1188 memcpy((void*)signature->data, "BROKEN", 6);
1191 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1198 CKMCReadableError(temp));
1201 RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
1205 std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
1206 "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
1207 "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
1208 "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
1209 "-----END EC PRIVATE KEY-----\n";
1211 std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1212 "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
1213 "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
1214 "-----END PUBLIC KEY-----\n";
1216 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1217 CKM::Alias pri_alias = sharedDatabase("ecprv2");
1218 CKM::Alias pub_alias = sharedDatabase("ecpub2");
1219 char *key_passwd = NULL;
1220 char *pri_passwd = NULL;
1221 char *pub_passwd = NULL;
1222 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1223 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1224 ckmc_raw_buffer_s *signature;
1227 pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1228 pubkey.key_size = pub.size();
1229 pubkey.key_type = CKMC_KEY_NONE;
1230 pubkey.password = NULL;
1232 ckmc_policy_s pubpolicy;
1233 pubpolicy.password = pub_passwd;
1234 pubpolicy.extractable = 1;
1237 prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1238 prikey.key_size = prv.size();
1239 prikey.key_type = CKMC_KEY_NONE;
1240 prikey.password = key_passwd;
1242 ckmc_policy_s pripolicy;
1243 pripolicy.password = pri_passwd;
1244 pripolicy.extractable = 0;
1247 CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
1248 CKMCReadableError(temp));
1250 CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1251 CKMCReadableError(temp));
1254 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1261 CKMCReadableError(temp));
1264 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1271 CKMCReadableError(temp));
1273 RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1274 memcpy((void*)signature->data, "BROKEN", 6);
1277 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1284 CKMCReadableError(temp));
1287 RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
1292 "-----BEGIN RSA PRIVATE KEY-----\n"
1293 "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
1294 "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
1295 "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
1296 "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
1297 "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
1298 "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
1299 "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
1300 "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
1301 "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
1302 "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
1303 "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
1304 "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
1305 "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
1306 "-----END RSA PRIVATE KEY-----\n";
1309 "-----BEGIN CERTIFICATE-----\n"
1310 "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
1311 "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
1312 "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
1313 "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
1314 "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
1315 "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
1316 "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
1317 "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
1318 "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
1319 "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
1320 "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
1321 "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
1322 "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
1323 "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
1324 "-----END CERTIFICATE-----\n";
1326 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1328 CKM::Alias pri_alias = sharedDatabase("prv3");
1329 CKM::Alias pub_alias = sharedDatabase("pub3");
1330 char *key_passwd = NULL;
1331 char *pri_passwd = NULL;
1332 char *pub_passwd = NULL;
1333 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1334 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1335 ckmc_raw_buffer_s *signature;
1338 cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1339 cert.cert_size = pub.size();
1340 cert.data_format = CKMC_FORM_PEM;
1342 ckmc_policy_s certpolicy;
1343 certpolicy.password = pub_passwd;
1344 certpolicy.extractable = 1;
1347 prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1348 prikey.key_size = prv.size();
1349 prikey.key_type = CKMC_KEY_NONE;
1350 prikey.password = key_passwd;
1352 ckmc_policy_s pripolicy;
1353 pripolicy.password = pri_passwd;
1354 pripolicy.extractable = 0;
1357 CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
1358 CKMCReadableError(temp));
1360 CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1361 CKMCReadableError(temp));
1365 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1372 CKMCReadableError(temp));
1375 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1382 CKMCReadableError(temp));
1384 RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1385 memcpy((void*)signature->data, "BROKEN", 6);
1388 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1395 CKMCReadableError(temp));
1398 RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
1402 const std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1403 "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
1404 "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
1405 "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
1406 "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
1407 "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
1408 "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
1409 "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
1410 "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
1411 "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
1412 "YMYCBhubtrVaLmc=\n"
1413 "-----END PUBLIC KEY-----";
1415 const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
1416 "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
1417 "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
1418 "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
1419 "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
1420 "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
1421 "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
1422 "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
1423 "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
1424 "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
1425 "u1roOuaPY+Hl19BlTE2qdw==\n"
1426 "-----END DSA PRIVATE KEY-----";
1428 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1430 CKM::Alias pub_alias = sharedDatabase("dsa-pub1");
1431 CKM::Alias pri_alias = sharedDatabase("dsa-prv1");
1432 char *pri_passwd = NULL;
1433 char *pub_passwd = NULL;
1434 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1435 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1436 ckmc_raw_buffer_s *signature = NULL;
1439 pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1440 pubkey.key_size = pub.size();
1441 pubkey.key_type = CKMC_KEY_NONE;
1442 pubkey.password = NULL;
1444 ckmc_policy_s pubpolicy;
1445 pubpolicy.password = pub_passwd;
1446 pubpolicy.extractable = 0;
1448 ckmc_policy_s pripolicy;
1449 pripolicy.password = pri_passwd;
1450 pripolicy.extractable = 1;
1453 prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(priv.c_str()));
1454 prikey.key_size = priv.size();
1455 prikey.key_type = CKMC_KEY_NONE;
1456 prikey.password = NULL;
1460 CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1461 CKMCReadableError(temp));
1464 CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
1465 CKMCReadableError(temp));
1468 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1475 CKMCReadableError(temp));
1479 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1486 CKMCReadableError(temp));
1489 ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
1491 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1498 CKMCReadableError(temp));
1500 ckmc_buffer_free(signature);
1503 RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative)
1508 ckmc_policy_s policy_private_key;
1509 ckmc_policy_s policy_public_key;
1511 policy_private_key.password = NULL;
1512 policy_private_key.extractable = 1;
1514 policy_public_key.password = NULL;
1515 policy_public_key.extractable = 1;
1517 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1519 CKM::Alias pub_alias = sharedDatabase("dsa-pub2");
1520 CKM::Alias pri_alias = sharedDatabase("dsa-prv2");
1523 CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
1526 char *pri_passwd = NULL;
1527 char *pub_passwd = NULL;
1528 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1529 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1530 ckmc_raw_buffer_s *signature;
1532 ckmc_key_s *pubkey = NULL;
1533 ckmc_key_s *prikey = NULL;
1535 CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias.c_str(), 0, &prikey)),
1536 CKMCReadableError(temp));
1539 CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias.c_str(), 0, &pubkey)),
1540 CKMCReadableError(temp));
1543 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1550 CKMCReadableError(temp));
1554 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1561 CKMCReadableError(temp));
1564 ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
1566 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1573 CKMCReadableError(temp));
1575 ckmc_key_free(prikey);
1576 ckmc_key_free(pubkey);
1577 ckmc_buffer_free(signature);
1580 RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
1585 "-----BEGIN EC PRIVATE KEY-----\n"
1586 "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
1587 "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
1588 "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
1589 "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
1590 "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
1591 "ELyhe7yPCAuOoLZlTLgf\n"
1592 "-----END EC PRIVATE KEY-----\n";
1595 "-----BEGIN CERTIFICATE-----\n"
1596 "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
1597 "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
1598 "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
1599 "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
1600 "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
1601 "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
1602 "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
1603 "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
1604 "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
1605 "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
1606 "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
1607 "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
1608 "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
1609 "Q1oBry6NEc+lLFmWMDesAA==\n"
1610 "-----END CERTIFICATE-----\n";
1612 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1614 CKM::Alias pri_alias = sharedDatabase("prv4");
1615 CKM::Alias pub_alias = sharedDatabase("pub4");
1616 char *key_passwd = NULL;
1617 char *pri_passwd = NULL;
1618 char *pub_passwd = NULL;
1619 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1620 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1621 ckmc_raw_buffer_s *signature;
1624 cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1625 cert.cert_size = pub.size();
1626 cert.data_format = CKMC_FORM_PEM;
1628 ckmc_policy_s certpolicy;
1629 certpolicy.password = pub_passwd;
1630 certpolicy.extractable = 1;
1633 prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1634 prikey.key_size = prv.size();
1635 prikey.key_type = CKMC_KEY_NONE;
1636 prikey.password = key_passwd;
1638 ckmc_policy_s pripolicy;
1639 pripolicy.password = pri_passwd;
1640 pripolicy.extractable = 0;
1644 CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
1645 CKMCReadableError(temp));
1647 CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1648 CKMCReadableError(temp));
1651 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1658 CKMCReadableError(temp));
1661 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1668 CKMCReadableError(temp));
1670 RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1671 memcpy((void*)signature->data, "BROKEN", 6);
1674 CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1681 CKMCReadableError(temp));
1684 RUNNER_TEST(T3089_CAPI__deinit)
1686 remove_user_data(0);
1690 //#######################################################################################
1692 void _assertKey(ckmc_key_s *key, unsigned char *raw_key, unsigned int key_size, ckmc_key_type_e key_type, char *password)
1694 RUNNER_ASSERT_MSG(key->key_size == key_size, "Key Size Error" );
1695 RUNNER_ASSERT_MSG(key->key_type == key_type, "Key Type Error" );
1697 if(key->password != NULL && password != NULL) {
1698 RUNNER_ASSERT_MSG(strcmp(key->password, password) == 0, "Password Error" );
1699 }else if(key->password == NULL && password == NULL) {
1700 RUNNER_ASSERT_MSG(true, "Password Error" );
1702 RUNNER_ASSERT_MSG(false, "Password Error" );
1705 if(key->raw_key != NULL && raw_key != NULL) {
1706 for(unsigned int i=0; i<key_size; i++) {
1707 RUNNER_ASSERT_MSG((key->raw_key)[i] == raw_key[i], "Raw Key Error" );
1709 }else if(key->raw_key == NULL && raw_key == NULL) {
1710 RUNNER_ASSERT_MSG(true, "Raw Key Error" );
1712 RUNNER_ASSERT_MSG(false, "Raw Key Error" );
1716 RUNNER_TEST_GROUP_INIT(T309_CKMC_CAPI_TYPES);
1718 RUNNER_TEST(T3091_CAPI_TYPE_init)
1720 remove_user_data(0);
1721 reset_user_data(USER_APP, USER_PASS);
1724 RUNNER_TEST(T3092_CAPI_TYPE_KEY)
1726 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
1727 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1728 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1729 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1730 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1731 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1732 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1734 "-----END PUBLIC KEY-----";
1736 unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
1737 unsigned int key_size = keyPem.size();
1738 ckmc_key_type_e key_type = CKMC_KEY_NONE;
1739 char *password = const_cast< char *>("");
1742 ckmc_key_new(raw_key, key_size, key_type, password, &key);
1744 _assertKey(key, raw_key, key_size, key_type, password);
1747 char *passwordNull = NULL;
1749 ckmc_key_new(raw_key, key_size, key_type, passwordNull, &key2);
1750 ckmc_key_free(key2);
1753 RUNNER_TEST(T3093_CAPI_TYPE_BUFFER)
1755 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
1756 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1757 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1758 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1759 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1760 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1761 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1763 "-----END PUBLIC KEY-----";
1765 unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
1766 unsigned int size = keyPem.size();
1768 ckmc_raw_buffer_s *buff;
1769 ckmc_buffer_new(data, size, &buff);
1771 RUNNER_ASSERT_MSG(buff->size == size, "Size Error" );
1773 if(buff->data != NULL && data != NULL) {
1774 for(unsigned int i=0; i<size; i++) {
1775 RUNNER_ASSERT_MSG((buff->data)[i] == data[i], "Raw data Error" );
1777 }else if(buff->data == NULL && data == NULL) {
1778 RUNNER_ASSERT_MSG(true, "Raw data Error" );
1780 RUNNER_ASSERT_MSG(false, "Raw data Error" );
1783 ckmc_buffer_free(buff);
1786 RUNNER_TEST(T3094_CAPI_TYPE_CERT)
1788 std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
1790 unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
1791 unsigned int size = certPem.size();
1792 ckmc_data_format_e form = CKMC_FORM_PEM;
1794 ckmc_cert_s *ckmCert;
1795 ckmc_cert_new(raw_cert, size, form, &ckmCert);
1797 RUNNER_ASSERT_MSG(ckmCert->cert_size == size, "Size Error" );
1799 if(ckmCert->raw_cert != NULL && raw_cert != NULL) {
1800 for(unsigned int i=0; i<size; i++) {
1801 RUNNER_ASSERT_MSG((ckmCert->raw_cert)[i] == raw_cert[i], "Raw data Error" );
1803 }else if(ckmCert->raw_cert == NULL && raw_cert == NULL) {
1804 RUNNER_ASSERT_MSG(true, "raw_cert Error" );
1806 RUNNER_ASSERT_MSG(false, "raw_cert Error" );
1809 RUNNER_ASSERT_MSG(ckmCert->data_format == form, "ckmc_cert_form Error" );
1811 ckmc_cert_free(ckmCert);
1815 RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file)
1819 std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
1821 const char *file_name = "/tmp/ckmc_test_cert.pem";
1825 cert_file = fopen(file_name, "w");
1826 fprintf(cert_file, "%s",certStr.c_str());
1832 CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
1833 CKMCReadableError(ret));
1836 pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
1838 CKM::Alias lcert_alias = sharedDatabase("lcert_alias");
1839 ckmc_policy_s policy;
1840 policy.password = NULL;
1841 policy.extractable = 1;
1844 CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias.c_str(), *pcert, policy)),
1845 CKMCReadableError(ret));
1850 RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) {
1851 const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
1852 const char *password = "password";
1856 ckmc_key_s *private_key = NULL;
1857 ckmc_cert_s *cert = NULL;
1858 ckmc_cert_list_s *ca_cert_list = NULL;
1861 CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file(p12file, password,
1862 &private_key, &cert, &ca_cert_list)),
1864 RUNNER_ASSERT_MSG(private_key != NULL, "Null private_key");
1865 RUNNER_ASSERT_MSG(cert != NULL, "Null cert");
1866 RUNNER_ASSERT_MSG(ca_cert_list != NULL, "Null ca_cert_list");
1868 ckmc_policy_s policy;
1869 policy.password = NULL;
1870 policy.extractable = 1;
1873 CKM::Alias pkey_alias = sharedDatabase("pkey_alias");
1875 CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)),
1876 CKMCReadableError(temp));
1878 CKM::Alias cert_alias = sharedDatabase("cert_alias");
1880 CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)),
1881 CKMCReadableError(temp));
1882 std::string caCertAlias = sharedDatabase("ca_cert_alias_");
1883 const char *idx = "0";
1885 ckmc_cert_list_s *tmpList = ca_cert_list;
1886 while(tmpList != NULL) {
1887 caCertAlias.append(idx);
1889 CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
1890 CKMCReadableError(temp));
1891 tmpList = tmpList->next;
1895 RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
1897 ckmc_key_free(private_key);
1898 ckmc_cert_free(cert);
1899 ckmc_cert_list_all_free(ca_cert_list);
1902 RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
1903 const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
1904 const char *password = "password";
1908 ckmc_pkcs12_s *ppkcs12 = NULL;
1911 CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
1912 CKMCReadableError(temp));
1913 RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
1914 RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
1915 RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
1917 ckmc_policy_s policy;
1918 policy.password = NULL;
1919 policy.extractable = 1;
1922 CKM::Alias pkey_alias = sharedDatabase("pkey_alias2");
1924 CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)),
1925 CKMCReadableError(temp));
1927 CKM::Alias cert_alias = sharedDatabase("cert_alias2");
1929 CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)),
1930 CKMCReadableError(temp));
1931 std::string caCertAlias = sharedDatabase("ca_cert_alias_2_");
1932 const char *idx = "0";
1934 ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
1935 while(tmpList != NULL) {
1936 caCertAlias.append(idx);
1938 CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
1939 CKMCReadableError(temp));
1940 tmpList = tmpList->next;
1944 RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
1946 ckmc_pkcs12_free(ppkcs12);
1949 RUNNER_TEST(T3098_CAPI_TYPE_deinit)
1952 remove_user_data(0);
1954 CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
1955 CKMCReadableError(temp));
1957 CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
1958 CKMCReadableError(temp));
1961 RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12);
1965 CKM::Alias alias_PKCS_exportable = sharedDatabase("CAPI-test-PKCS-export");
1966 CKM::Alias alias_PKCS_not_exportable = sharedDatabase("CAPI-test-PKCS-no-export");
1969 RUNNER_TEST(T3101_CAPI_PKCS12_init)
1971 remove_user_data(0);
1974 RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
1976 const char *wrong_passwd = "wrong";
1977 ckmc_pkcs12_s *ppkcs12 = NULL;
1980 CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
1981 CKMCReadableError(temp));
1984 RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
1986 ckmc_pkcs12_s *ppkcs12 = NULL;
1989 CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
1990 CKMCReadableError(temp));
1992 RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
1993 RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
1994 RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
1997 ckmc_policy_s exportable;
1998 exportable.password = NULL;
1999 exportable.extractable = 1;
2000 ckmc_policy_s notExportable;
2001 notExportable.password = NULL;
2002 notExportable.extractable = 0;
2005 CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
2006 CKMCReadableError(temp));
2008 CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
2009 CKMCReadableError(temp));
2011 CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
2012 CKMCReadableError(temp));
2014 CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
2015 CKMCReadableError(temp));
2017 // try to lookup key
2018 ckmc_key_s *key_lookup = NULL;
2020 CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
2021 CKMCReadableError(temp));
2022 ckmc_key_free(key_lookup);
2025 CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
2026 CKMCReadableError(temp));
2027 ckmc_key_free(key_lookup);
2029 // try to lookup certificate
2030 ckmc_cert_s *cert_lookup = NULL;
2032 CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
2033 CKMCReadableError(temp));
2034 ckmc_cert_free(cert_lookup);
2037 CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
2038 CKMCReadableError(temp));
2039 ckmc_cert_free(cert_lookup);
2042 RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
2045 ckmc_pkcs12_s *pkcs = NULL;
2049 CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12(sharedDatabase("i-do-not-exist").c_str(), NULL, NULL, &pkcs)),
2050 CKMCReadableError(temp));
2051 ckmc_pkcs12_free(pkcs);
2054 // fail - not exportable
2056 CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable.c_str(), NULL, NULL, &pkcs)),
2057 CKMCReadableError(temp));
2058 ckmc_pkcs12_free(pkcs);
2061 // success - exportable
2063 CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
2064 CKMCReadableError(temp));
2066 RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
2067 RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
2068 RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
2070 ckmc_cert_list_s *iter = pkcs->ca_chain;
2075 RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
2077 ckmc_pkcs12_free(pkcs);
2080 RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature)
2082 ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
2085 ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
2086 ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
2087 ckmc_raw_buffer_s *signature = NULL;
2090 CKMC_ERROR_NONE == (temp = ckmc_create_signature(
2091 alias_PKCS_exportable.c_str(),
2097 CKMCReadableError(temp));
2100 CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
2101 alias_PKCS_exportable.c_str(),
2107 CKMCReadableError(temp));
2110 RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
2114 // remove the whole PKCS12 bundles
2116 CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable.c_str())),
2117 CKMCReadableError(tmp));
2119 CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable.c_str())),
2120 CKMCReadableError(tmp));
2122 // expect lookup fails due to unknown alias
2123 // try to lookup key
2124 ckmc_key_s *key_lookup = NULL;
2126 CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
2127 CKMCReadableError(tmp));
2128 ckmc_key_free(key_lookup);
2131 CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
2132 CKMCReadableError(tmp));
2133 ckmc_key_free(key_lookup);
2135 // try to lookup certificate
2136 ckmc_cert_s *cert_lookup = NULL;
2138 CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
2139 CKMCReadableError(tmp));
2140 ckmc_cert_free(cert_lookup);
2143 CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
2144 CKMCReadableError(tmp));
2145 ckmc_cert_free(cert_lookup);
2148 RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
2150 remove_user_data(0);
2154 RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE);
2156 RUNNER_TEST(T3201_CAPI_unlock_database)
2158 reset_user_data(USER_APP, USER_PASS);
2161 RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
2163 ScopedAccessProvider ap(TEST_LABEL);
2164 ap.allowAPI("key-manager::api-storage", "rw");
2165 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
2166 ScopedDBUnlock unlock(USER_APP, USER_PASS);
2169 CKM::Alias alias = "mykey";
2170 char *password = NULL;
2171 ckmc_key_s *test_key = NULL;
2174 CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
2177 RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
2180 RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
2182 ScopedAccessProvider ap(TEST_LABEL);
2183 ap.allowAPI("key-manager::api-storage", "rw");
2184 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
2185 ScopedDBUnlock unlock(USER_APP, USER_PASS);
2188 RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
2189 CKMCReadableError(temp));
2192 RUNNER_CHILD_TEST(T3204_CAPI_get_data_from_locked_database)
2194 ScopedAccessProvider ap(TEST_LABEL);
2195 ap.allowAPI("key-manager::api-storage", "rw");
2196 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
2199 CKM::Alias alias = "mykey";
2200 char *password = NULL;
2201 ckmc_key_s *test_key = NULL;
2204 CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
2205 CKMCReadableError(temp));
2207 RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
2210 RUNNER_TEST(T3204_deinit)
2212 remove_user_data(USER_APP);
projects / platform / core / test / security-tests.git / blob