3 #include <dpl/test/test_runner.h>
4 #include <dpl/test/test_runner_child.h>
6 #include <tests_common.h>
7 #include <test-certs.h>
8 #include <access_provider2.h>
10 #include <ckm-common.h>
11 #include <ckm/ckm-manager.h>
12 #include <ckm/ckm-control.h>
13 #include <ckm/ckm-password.h>
14 #include <ckm/ckm-type.h>
15 #include <ckm/ckm-pkcs12.h>
19 #include <openssl/x509.h>
20 #include <openssl/x509v3.h>
23 const int USER_APP = 5000;
24 const int GROUP_APP = 5000;
26 const int USER_APP_2 = 5020;
27 const int USER_APP_3 = 5030;
29 const char * const APP_PASS = "user-pass";
30 const int USER_TEST = 5001;
31 const char* TEST_LABEL = "test_label";
33 const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
34 const CKM::AliasVector EMPTY_ALIAS_VECTOR;
35 } // namespace anonymous
38 * How to numerate tests:
40 * T - test case (always T)
41 * AB - number of test group (always two digits)
42 * C - test number in group (all tests with same TABC must be run in the same time).
46 RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT);
47 RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) {
48 stop_service(MANAGER);
49 start_service(MANAGER);
51 std::ifstream is("/usr/share/ckm-test/pkcs.p12");
52 std::istreambuf_iterator<char> begin(is), end;
53 std::vector<char> buff(begin, end);
55 CKM::RawBuffer buffer(buff.size());
56 memcpy(buffer.data(), buff.data(), buff.size());
58 auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
61 "Error in PKCS12::create()");
63 // all further tests will start with newly started service,
64 // OpenSSL on the service side will have to be properly initialized too
65 stop_service(MANAGER);
66 start_service(MANAGER);
69 RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL);
71 RUNNER_TEST(T0011_Control)
74 auto control = CKM::Control::create();
76 control->removeUserData(0);
77 control->removeUserData(USER_APP_2);
78 control->removeUserData(USER_APP);
81 CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
82 "Error=" << CKM::ErrorToString(temp));
85 RUNNER_TEST(T0012_Control)
88 auto control = CKM::Control::create();
90 CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
91 "Error=" << CKM::ErrorToString(temp));
93 CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
94 "Error=" << CKM::ErrorToString(temp));
97 RUNNER_TEST(T0013_Control)
100 auto control = CKM::Control::create();
102 CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "simple-password")),
103 "Error=" << CKM::ErrorToString(temp));
106 RUNNER_TEST(T0014_Control)
109 auto control = CKM::Control::create();
111 CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
112 "Error=" << CKM::ErrorToString(temp));
115 CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "simple-password")),
116 "Error=" << CKM::ErrorToString(temp));
119 CKM_API_SUCCESS == (temp = control->resetUserPassword(USER_APP_3, "something")),
120 "Error=" << CKM::ErrorToString(temp));
123 CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_3, "test-pass")),
124 "Error=" << CKM::ErrorToString(temp));
127 CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_3)),
128 "Error=" << CKM::ErrorToString(temp));
131 CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(USER_APP_3, "something")),
132 "Error=" << CKM::ErrorToString(temp));
135 CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_3)),
136 "Error=" << CKM::ErrorToString(temp));
139 RUNNER_TEST(T0015_Control)
142 auto control = CKM::Control::create();
144 CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
145 "Error=" << CKM::ErrorToString(temp));
147 CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
148 "Error=" << CKM::ErrorToString(temp));
150 CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
151 "Error=" << CKM::ErrorToString(temp));
153 CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
154 "Error=" << CKM::ErrorToString(temp));
157 RUNNER_TEST(T0016_Control_negative_wrong_password)
160 auto control = CKM::Control::create();
162 CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP_2, "test-pass")),
163 "Error=" << CKM::ErrorToString(temp));
165 CKM_API_SUCCESS == (temp = control->changeUserPassword(USER_APP_2, "test-pass", "new-pass")),
166 "Error=" << CKM::ErrorToString(temp));
168 CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP_2)),
169 "Error=" << CKM::ErrorToString(temp));
171 CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(USER_APP_2, "incorrect-password")),
172 "Error=" << CKM::ErrorToString(temp));
174 CKM_API_SUCCESS == (temp = control->removeUserData(USER_APP_2)),
175 "Error=" << CKM::ErrorToString(temp));
178 RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS);
180 RUNNER_TEST(T1010_init)
182 unlock_user_data(USER_APP, "user-pass");
185 RUNNER_TEST(T1011_key)
188 auto manager = CKM::Manager::create();
190 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
191 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
192 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
193 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
194 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
195 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
196 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
198 "-----END PUBLIC KEY-----";
200 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
201 auto key = CKM::Key::create(buffer, CKM::Password());
203 CKM::Alias alias = sharedDatabase("mykey");
206 CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
207 "Error=" << CKM::ErrorToString(temp));
209 CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
210 "Error=" << CKM::ErrorToString(temp));
212 key->getDER() == key2->getDER(),
213 "Key value has been changed by service");
216 RUNNER_TEST(T1012_certificate)
219 auto manager = CKM::Manager::create();
221 auto cert = TestData::getTestCertificate(TestData::GIAG2);
222 CKM::CertificateShPtr cert2;
223 CKM::Alias alias = sharedDatabase("myCert");
226 CKM_API_SUCCESS == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
227 "Error=" << CKM::ErrorToString(temp));
229 CKM_API_SUCCESS == (temp = manager->getCertificate(alias, CKM::Password(), cert2)),
230 "Error=" << CKM::ErrorToString(temp));
232 cert->getDER() == cert2->getDER(),
233 "Data has been modified in key manager");
236 RUNNER_CHILD_TEST(T1013_user_app_save_key)
238 ScopedAccessProvider ap("mylabel");
239 ap.allowAPI("key-manager::api-storage", "rw");
240 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
242 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
243 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
244 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
245 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
246 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
247 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
248 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
250 "-----END PUBLIC KEY-----";
253 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
254 auto key = CKM::Key::create(buffer, CKM::Password());
256 CKM::Alias alias = "mykey";
257 auto manager = CKM::Manager::create();
260 CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy("x"))),
261 "Error=" << CKM::ErrorToString(temp));
263 CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password("x"), key2)),
264 "Error=" << CKM::ErrorToString(temp));
266 key->getDER() == key2->getDER(), "Key value has been changed by service");
269 RUNNER_TEST(T1014_save_with_label)
271 ScopedAccessProvider ap("mylabel");
272 ap.allowAPI("key-manager::api-storage", "rw");
273 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
276 auto manager = CKM::Manager::create();
278 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
279 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
280 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
281 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
282 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
283 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
284 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
286 "-----END PUBLIC KEY-----";
288 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
289 auto key = CKM::Key::create(buffer, CKM::Password());
290 CKM::KeyShPtr key_name, key_full_addr;
291 CKM::Alias alias = "mykey-2";
292 std::string top_label = getOwnerIdFromSelf();
293 std::string full_address = aliasWithLabel(top_label.c_str(), alias.c_str());
296 CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
297 "Error=" << CKM::ErrorToString(temp));
301 CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)),
302 "Error=" << CKM::ErrorToString(temp));
304 key->getDER() == key_name->getDER(),
305 "Key value has been changed by service");
307 // lookup by full address
309 CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)),
310 "Error=" << CKM::ErrorToString(temp));
312 key->getDER() == key_full_addr->getDER(),
313 "Key value has been changed by service");
316 RUNNER_TEST(T1015_deinit)
319 remove_user_data(USER_APP);
322 RUNNER_TEST_GROUP_INIT(T102_CKM_QUICK_GET_ALIAS_TESTS);
324 RUNNER_TEST(T1020_init)
327 auto control = CKM::Control::create();
329 CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
330 "Error=" << CKM::ErrorToString(temp));
333 RUNNER_TEST(T1021_save_keys_get_alias)
336 auto manager = CKM::Manager::create();
338 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
339 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
340 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
341 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
342 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
343 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
344 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
346 "-----END PUBLIC KEY-----";
348 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
349 auto key = CKM::Key::create(buffer, CKM::Password());
350 CKM::AliasVector labelAliasVector;
352 size_t current_aliases_num = count_aliases(ALIAS_KEY);
354 CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey1").c_str(), key, CKM::Policy())),
355 "Error=" << CKM::ErrorToString(temp));
357 CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey2").c_str(), key, CKM::Policy())),
358 "Error=" << CKM::ErrorToString(temp));
360 CKM_API_SUCCESS == (temp = manager->saveKey(sharedDatabase("rootkey3").c_str(), key, CKM::Policy(CKM::Password(), false))),
361 "Error=" << CKM::ErrorToString(temp));
363 CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
364 "Error=" << CKM::ErrorToString(temp));
366 labelAliasVector.size() == (current_aliases_num+3),
367 "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
370 RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
372 ScopedAccessProvider ap("mylabel");
373 ap.allowAPI("key-manager::api-storage", "rw");
374 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
377 auto manager = CKM::Manager::create();
379 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
380 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
381 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
382 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
383 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
384 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
385 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
387 "-----END PUBLIC KEY-----";
389 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
390 auto key = CKM::Key::create(buffer, CKM::Password());
391 CKM::AliasVector labelAliasVector;
393 size_t current_aliases_num = count_aliases(ALIAS_KEY);
395 CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
396 "Error=" << CKM::ErrorToString(temp));
398 CKM_API_SUCCESS == (temp = manager->saveKey("appkey2", key, CKM::Policy())),
399 "Error=" << CKM::ErrorToString(temp));
401 CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
402 "Error=" << CKM::ErrorToString(temp));
404 CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
405 "Error=" << CKM::ErrorToString(temp));
407 labelAliasVector.size() == (current_aliases_num+3),
408 "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
411 RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
413 ScopedAccessProvider ap("mylabel");
414 ap.allowAPI("key-manager::api-storage", "rw");
415 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
418 auto manager = CKM::Manager::create();
420 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
421 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
422 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
423 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
424 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
425 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
426 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
428 "-----END PUBLIC KEY-----";
430 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
431 auto key = CKM::Key::create(buffer, CKM::Password());
432 CKM::AliasVector aliasVector;
433 CKM::Policy notExportable(CKM::Password(), false);
436 CKM_API_SUCCESS == (temp = manager->saveKey("appkey4", key, notExportable)),
437 "Error=" << CKM::ErrorToString(temp));
439 CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getKey("appkey4", CKM::Password(), key)),
440 "Error=" << CKM::ErrorToString(temp));
442 CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data3", buffer, notExportable)),
443 "Error=" << CKM::ErrorToString(temp));
446 RUNNER_TEST(T1029_deinit)
449 remove_user_data(USER_APP);
452 RUNNER_TEST_GROUP_INIT(T103_CKM_QUICK_REMOVE_BIN_DATA_TEST);
453 RUNNER_TEST(T1030_init)
456 reset_user_data(USER_APP, APP_PASS);
459 RUNNER_TEST(T1031_save_get_bin_data)
462 auto manager = CKM::Manager::create();
464 std::string binData1 = "My bin data1";
465 std::string binData2 = "My bin data2";
466 std::string binData3 = "My bin data3";
468 CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
469 CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
470 CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
472 CKM::AliasVector labelAliasVector;
474 size_t current_aliases_num = count_aliases(ALIAS_DATA);
476 CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data1").c_str(), buffer1, CKM::Policy())),
477 "Error=" << CKM::ErrorToString(temp));
479 CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data2").c_str(), buffer2, CKM::Policy())),
480 "Error=" << CKM::ErrorToString(temp));
482 CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data3").c_str(), buffer3, CKM::Policy(CKM::Password(), true))),
483 "Error=" << CKM::ErrorToString(temp));
485 CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer3, CKM::Policy(CKM::Password(), false))),
486 "Error=" << CKM::ErrorToString(temp));
488 CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
489 "Error=" << CKM::ErrorToString(temp));
491 labelAliasVector.size() == (current_aliases_num+3),
492 "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
494 CKM::RawBuffer buffer;
496 CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
497 "Error=" << CKM::ErrorToString(temp));
503 CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password("Password"), buffer)),
504 "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
507 RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
509 ScopedAccessProvider ap("mylabel");
510 ap.allowAPI("key-manager::api-storage", "rw");
511 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
512 ScopedDBUnlock unlock(USER_APP, APP_PASS);
515 auto manager = CKM::Manager::create();
517 std::string binData = "My bin data";
519 CKM::RawBuffer buffer(binData.begin(), binData.end());
521 CKM::AliasVector labelAliasVector;
523 size_t current_aliases_num = count_aliases(ALIAS_DATA);
525 CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
526 "Error=" << CKM::ErrorToString(temp));
528 CKM_API_SUCCESS == (temp = manager->saveData("appdata2", buffer, CKM::Policy())),
529 "Error=" << CKM::ErrorToString(temp));
531 CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
532 "Error=" << CKM::ErrorToString(temp));
534 CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
535 "Error=" << CKM::ErrorToString(temp));
537 labelAliasVector.size() == (current_aliases_num+3),
538 "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num+3));
541 RUNNER_TEST(T1033_remove_bin_data)
544 auto manager = CKM::Manager::create();
546 std::string binData2 = "My bin data2";
547 CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
549 CKM::AliasVector labelAliasVector;
551 size_t current_aliases_num = count_aliases(ALIAS_DATA);
552 std::string invalid_address = sharedDatabase("i-do-not-exist");
554 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
555 "Error=" << CKM::ErrorToString(temp));
557 CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data1").c_str())),
558 "Error=" << CKM::ErrorToString(temp));
560 CKM_API_SUCCESS == (temp = manager->removeAlias(sharedDatabase("data3").c_str())),
561 "Error=" << CKM::ErrorToString(temp));
563 CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
564 "Error=" << CKM::ErrorToString(temp));
566 labelAliasVector.size() == (current_aliases_num-2),
567 "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
569 CKM::RawBuffer buffer;
571 CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data2").c_str(), CKM::Password(), buffer)),
572 "Error=" << CKM::ErrorToString(temp));
577 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(sharedDatabase("data3").c_str(), CKM::Password(), buffer)),
578 "Error=" << CKM::ErrorToString(temp));
581 RUNNER_TEST(T1034_app_remove_bin_data)
583 ScopedAccessProvider ap("mylabel");
584 ap.allowAPI("key-manager::api-storage", "rw");
585 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
586 ScopedDBUnlock unlock(USER_APP, APP_PASS);
589 auto manager = CKM::Manager::create();
591 std::string binData2 = "My bin data";
592 CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
594 CKM::AliasVector labelAliasVector;
596 size_t current_aliases_num = count_aliases(ALIAS_DATA);
597 std::string invalid_address = aliasWithLabel("i-do-not-exist", "appdata1");
599 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
600 "Error=" << CKM::ErrorToString(temp));
602 CKM_API_SUCCESS == (temp = manager->removeAlias("appdata1")),
603 "Error=" << CKM::ErrorToString(temp));
605 CKM_API_SUCCESS == (temp = manager->removeAlias("appdata3")),
606 "Error=" << CKM::ErrorToString(temp));
608 CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
609 "Error=" << CKM::ErrorToString(temp));
611 labelAliasVector.size() == (current_aliases_num-2),
612 "Wrong size of list: " << labelAliasVector.size() << " Expected: " << (current_aliases_num-2));
614 CKM::RawBuffer buffer;
616 CKM_API_SUCCESS == (temp = manager->getData("appdata2", CKM::Password(), buffer)),
617 "Error=" << CKM::ErrorToString(temp));
622 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData("appdata3", CKM::Password(), buffer)),
623 "Error=" << CKM::ErrorToString(temp));
626 RUNNER_TEST(T1035_getData_wrong_password)
629 auto manager = CKM::Manager::create();
631 std::string binData1 = "My bin data4";
633 CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
636 CKM_API_SUCCESS == (temp = manager->saveData(sharedDatabase("data4").c_str(), buffer1, CKM::Policy("CorrectPassword"))),
637 "Error=" << CKM::ErrorToString(temp));
639 CKM::RawBuffer buffer;
641 CKM_API_SUCCESS == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("CorrectPassword"), buffer)),
642 "Error=" << CKM::ErrorToString(temp));
648 CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData(sharedDatabase("data4").c_str(), CKM::Password("WrongPassword"), buffer)),
649 "Error=" << CKM::ErrorToString(temp));
652 RUNNER_TEST(T1036_deinit)
655 remove_user_data(USER_APP);
658 RUNNER_TEST_GROUP_INIT(T104_CKM_QUICK_CREATE_PAIR);
660 RUNNER_TEST(T1040_init)
663 auto control = CKM::Control::create();
666 CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
667 "Error=" << CKM::ErrorToString(temp));
670 RUNNER_CHILD_TEST(T1041_create_RSA_key)
673 auto manager = CKM::Manager::create();
676 ScopedAccessProvider ap("mylabel-rsa");
677 ap.allowAPI("key-manager::api-storage", "rw");
678 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
680 size_t current_aliases_num = count_aliases(ALIAS_KEY);
682 CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
683 "Error=" << CKM::ErrorToString(temp));
685 CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
686 "Error=" << CKM::ErrorToString(temp));
688 (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
689 "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
692 RUNNER_CHILD_TEST(T1042_create_RSA_key_foreign_label)
695 auto manager = CKM::Manager::create();
698 ScopedAccessProvider ap("mylabel-rsa");
699 ap.allowAPI("key-manager::api-storage", "rw");
700 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
703 CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
704 "Error=" << CKM::ErrorToString(temp));
706 CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
707 "Error=" << CKM::ErrorToString(temp));
710 RUNNER_CHILD_TEST(T1043_create_DSA_key)
713 auto manager = CKM::Manager::create();
716 ScopedAccessProvider ap("mylabel-dsa");
717 ap.allowAPI("key-manager::api-storage", "rw");
718 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
720 size_t current_aliases_num = count_aliases(ALIAS_KEY);
722 CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
723 "Error=" << CKM::ErrorToString(temp));
725 CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
726 "Error=" << CKM::ErrorToString(temp));
728 (current_aliases_num+2) == static_cast<size_t>(temp = av.size()),
729 "Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
732 RUNNER_CHILD_TEST(T1044_create_AES_key)
735 auto manager = CKM::Manager::create();
738 AccessProvider ap("mylabel-aes");
739 ap.allowAPI("key-manager::api-storage", "rw");
740 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
742 int current_aliases_num = count_aliases(ALIAS_KEY);
744 CKM_API_SUCCESS == (temp = manager->createKeyAES(128, CKM::Alias("KEY1_AES"), CKM::Policy())),
745 "Error=" << CKM::ErrorToString(temp));
747 CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
748 "Error=" << CKM::ErrorToString(temp));
750 (current_aliases_num+1) == (temp = av.size()),
751 "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
754 RUNNER_TEST(T1049_deinit)
756 remove_user_data(USER_APP);
760 RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPair);
762 RUNNER_TEST(T1110_init)
764 unlock_user_data(USER_APP, "user-pass");
767 RUNNER_TEST(T1111_CreateKeyPairRSA)
770 auto manager = CKM::Manager::create();
771 CKM::Alias a1 = sharedDatabase("rsa-test-1");
772 CKM::Alias a2 = sharedDatabase("rsa-test-2");
776 CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
777 "Error=" << CKM::ErrorToString(temp));
779 CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairRSA(1024, a1, a2, p1, p2)),
780 "Error=" << CKM::ErrorToString(temp));
783 RUNNER_TEST(T1112_CreateKeyPairDSA)
786 auto manager = CKM::Manager::create();
787 CKM::Alias a1 = sharedDatabase("dsa-test-1");
788 CKM::Alias a2 = sharedDatabase("dsa-test-2");
792 CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
793 "Error=" << CKM::ErrorToString(temp));
795 CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
796 "Error=" << CKM::ErrorToString(temp));
799 RUNNER_TEST(T1113_CreateKeyPairECDSA)
802 auto manager = CKM::Manager::create();
803 CKM::Alias a1 = sharedDatabase("ecdsa-test-1");
804 CKM::Alias a2 = sharedDatabase("ecdsa-test-2");
808 CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(CKM::ElipticCurve::prime192v1, a1, a2, p1, p2)),
809 "Error=" << CKM::ErrorToString(temp));
812 RUNNER_TEST(T1114_deinit)
817 RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
819 RUNNER_TEST(T12100_init)
821 reset_user_data(USER_APP, APP_PASS);
824 RUNNER_TEST(T12101_key_exist)
826 ScopedAccessProvider ap("mylabel");
827 ap.allowAPI("key-manager::api-storage", "rw");
828 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
829 ScopedDBUnlock unlock(USER_APP, APP_PASS);
832 auto manager = CKM::Manager::create();
834 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
835 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
836 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
837 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
838 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
839 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
840 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
842 "-----END PUBLIC KEY-----";
844 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
845 auto key = CKM::Key::create(buffer);
846 CKM::Alias alias = "rsa-alias-duplication";
849 CKM_API_SUCCESS == (ret = manager->saveKey(alias, key, CKM::Policy())),
850 "Error=" << CKM::ErrorToString(ret));
852 CKM_API_ERROR_DB_ALIAS_EXISTS == (ret = manager->saveKey(alias, key, CKM::Policy())),
853 "Error=" << CKM::ErrorToString(ret));
857 * These test cases tests API when empty parameters are passed to functions
860 RUNNER_TEST(T12102_saveKey_empty_alias)
862 ScopedAccessProvider ap("mylabel");
863 ap.allowAPI("key-manager::api-storage", "rw");
864 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
865 ScopedDBUnlock unlock(USER_APP, APP_PASS);
867 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
868 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
869 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
870 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLc\n"
871 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
872 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
873 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
874 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
876 "-----END PUBLIC KEY-----";
878 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
879 auto key = CKM::Key::create(buffer);
880 CKM::Alias alias; //alias is not initialized
883 auto manager = CKM::Manager::create();
885 CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
886 "Error=" << CKM::ErrorToString(ret));
889 RUNNER_TEST(T12103_saveKey_foreign_label)
891 ScopedAccessProvider ap("mylabel");
892 ap.allowAPI("key-manager::api-storage", "rw");
893 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
894 ScopedDBUnlock unlock(USER_APP, APP_PASS);
896 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
897 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
898 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
899 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
900 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
901 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
902 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
904 "-----END PUBLIC KEY-----";
906 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
907 auto key = CKM::Key::create(buffer);
908 CKM::Alias alias = "iamsomebodyelse alias";
911 auto manager = CKM::Manager::create();
913 CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())),
914 "Error=" << CKM::ErrorToString(ret));
917 RUNNER_TEST(T12104_saveKey_empty_key)
919 ScopedAccessProvider ap("mylabel");
920 ap.allowAPI("key-manager::api-storage", "rw");
921 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
922 ScopedDBUnlock unlock(USER_APP, APP_PASS);
924 CKM::KeyShPtr key; //key is not initialized
925 CKM::Alias alias = "empty-key";
928 auto manager = CKM::Manager::create();
930 CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
931 "Error=" << CKM::ErrorToString(ret));
934 RUNNER_TEST(T12105_saveCertificate_empty_alias)
936 ScopedAccessProvider ap("mylabel");
937 ap.allowAPI("key-manager::api-storage", "rw");
938 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
939 ScopedDBUnlock unlock(USER_APP, APP_PASS);
941 auto cert = TestData::getTestCertificate(TestData::GIAG2);
942 CKM::Alias alias; //alias is not initialized
945 auto manager = CKM::Manager::create();
947 CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
948 "Error=" << CKM::ErrorToString(temp));
951 RUNNER_TEST(T12106_saveCertificate_foreign_label)
953 ScopedAccessProvider ap("mylabel");
954 ap.allowAPI("key-manager::api-storage", "rw");
955 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
956 ScopedDBUnlock unlock(USER_APP, APP_PASS);
958 auto cert = TestData::getTestCertificate(TestData::GIAG2);
959 CKM::Alias alias = "iamsomebodyelse alias";
962 auto manager = CKM::Manager::create();
964 CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
965 "Error=" << CKM::ErrorToString(temp));
968 RUNNER_TEST(T12107_saveCertificate_empty_cert)
970 ScopedAccessProvider ap("mylabel");
971 ap.allowAPI("key-manager::api-storage", "rw");
972 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
973 ScopedDBUnlock unlock(USER_APP, APP_PASS);
975 CKM::CertificateShPtr cert; //cert is not initialized
976 CKM::Alias alias = "empty-cert";
979 auto manager = CKM::Manager::create();
981 CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
982 "Error=" << CKM::ErrorToString(temp));
985 RUNNER_TEST(T12108_saveData_empty_alias)
987 ScopedAccessProvider ap("mylabel");
988 ap.allowAPI("key-manager::api-storage", "rw");
989 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
990 ScopedDBUnlock unlock(USER_APP, APP_PASS);
992 std::string testData = "test data test data test data";
993 CKM::RawBuffer buffer(testData.begin(), testData.end());
997 auto manager = CKM::Manager::create();
999 CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
1000 "Error=" << CKM::ErrorToString(temp));
1003 RUNNER_TEST(T12109_saveData_foreign_label)
1005 ScopedAccessProvider ap("mylabel");
1006 ap.allowAPI("key-manager::api-storage", "rw");
1007 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
1008 ScopedDBUnlock unlock(USER_APP, APP_PASS);
1010 std::string testData = "test data test data test data";
1011 CKM::RawBuffer buffer(testData.begin(), testData.end());
1012 CKM::Alias alias = "iamsomebodyelse alias";
1015 auto manager = CKM::Manager::create();
1017 CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())),
1018 "Error=" << CKM::ErrorToString(temp));
1021 RUNNER_TEST(T12110_saveData_empty_data)
1023 ScopedAccessProvider ap("mylabel");
1024 ap.allowAPI("key-manager::api-storage", "rw");
1025 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
1026 ScopedDBUnlock unlock(USER_APP, APP_PASS);
1028 CKM::RawBuffer buffer;
1029 CKM::Alias alias = "empty-data";
1032 auto manager = CKM::Manager::create();
1034 CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData(alias, buffer, CKM::Policy())),
1035 "Error=" << CKM::ErrorToString(temp));
1039 * These test cases tests API when trying to get data from not existing alias
1042 RUNNER_TEST(T12111_getKey_alias_not_exist)
1044 ScopedAccessProvider ap("mylabel");
1045 ap.allowAPI("key-manager::api-storage", "rw");
1046 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
1047 ScopedDBUnlock unlock(USER_APP, APP_PASS);
1050 CKM::Alias alias = "this-alias-not-exist";
1053 auto manager = CKM::Manager::create();
1055 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getKey(alias, "", key)),
1056 "Error=" << CKM::ErrorToString(temp));
1059 RUNNER_TEST(T12112_getCertificate_alias_not_exist)
1061 ScopedAccessProvider ap("mylabel");
1062 ap.allowAPI("key-manager::api-storage", "rw");
1063 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
1064 ScopedDBUnlock unlock(USER_APP, APP_PASS);
1066 CKM::CertificateShPtr certificate;
1067 CKM::Alias alias = "this-alias-not-exist";
1070 auto manager = CKM::Manager::create();
1072 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getCertificate(alias, CKM::Password(), certificate)),
1073 "Error=" << CKM::ErrorToString(temp));
1076 RUNNER_TEST(T12113_getData_alias_not_exist)
1078 ScopedAccessProvider ap("mylabel");
1079 ap.allowAPI("key-manager::api-storage", "rw");
1080 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
1081 ScopedDBUnlock unlock(USER_APP, APP_PASS);
1084 auto manager = CKM::Manager::create();
1085 CKM::RawBuffer buffer;
1086 CKM::Alias alias("some alias");
1088 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getData(alias, "", buffer)),
1089 "Error=" << CKM::ErrorToString(temp));
1093 * These test cases tests API when damaged keys are used
1095 RUNNER_TEST(T12114_RSA_key_damaged)
1097 ScopedAccessProvider ap("mylabel");
1098 ap.allowAPI("key-manager::api-storage", "rw");
1099 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
1100 ScopedDBUnlock unlock(USER_APP, APP_PASS);
1103 auto manager = CKM::Manager::create();
1105 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
1106 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1107 // "BROKENBROKENBROKENBROKENBROKENTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT\n"
1108 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1109 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1110 // "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1111 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1113 "-----END PUBLIC KEY-----";
1115 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
1116 auto key = CKM::Key::create(buffer);
1117 CKM::Alias alias = "damaged-rsa";
1120 NULL == key.get(), "Key is broken. It should be empty");
1123 CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
1124 "Error=" << CKM::ErrorToString(ret));
1127 RUNNER_TEST(T12115_RSA_key_too_short)
1129 ScopedAccessProvider ap("mylabel");
1130 ap.allowAPI("key-manager::api-storage", "rw");
1131 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
1132 ScopedDBUnlock unlock(USER_APP, APP_PASS);
1135 auto manager = CKM::Manager::create();
1137 std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
1138 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1139 //"T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1140 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1141 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1142 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1143 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1145 "-----END PUBLIC KEY-----";
1147 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
1148 auto key = CKM::Key::create(buffer);
1149 CKM::Alias alias = "short-rsa";
1152 CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
1153 "Error=" << CKM::ErrorToString(ret));
1156 RUNNER_TEST(T12116_DSA_key_too_short)
1158 ScopedAccessProvider ap("mylabel");
1159 ap.allowAPI("key-manager::api-storage", "rw");
1160 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
1161 ScopedDBUnlock unlock(USER_APP, APP_PASS);
1164 auto manager = CKM::Manager::create();
1166 const std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
1167 "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
1168 "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
1169 //"A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
1170 "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
1171 //"AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
1172 "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
1173 "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
1174 "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
1175 "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
1176 "YMYCBhubtrVaLmc=\n"
1177 "-----END PUBLIC KEY-----";
1179 CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
1180 auto key = CKM::Key::create(buffer);
1181 CKM::Alias alias = "short-dsa";
1184 CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
1185 "Error=" << CKM::ErrorToString(ret));
1188 RUNNER_TEST(T12117_AES_key_too_short)
1191 auto manager = CKM::Manager::create();
1193 size_t key_size = (128-1);
1194 CKM::RawBuffer key_AES = createRandomBuffer(key_size/8);
1196 auto key = CKM::Key::create(key_AES);
1197 CKM::Alias alias = "short-AES";
1200 CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
1201 "Error=" << CKM::ErrorToString(ret));
1205 * These test cases tests CKM service if malicious data is provided over the socket.
1208 RUNNER_TEST(T12118_RSA_key_damaged_serviceTest)
1210 ScopedAccessProvider ap("mylabel");
1211 ap.allowAPI("key-manager::api-storage", "rw");
1212 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
1213 ScopedDBUnlock unlock(USER_APP, APP_PASS);
1216 auto manager = CKM::Manager::create();
1218 // fake the client - let the service detect the problem
1219 class WrongKeyImpl : public CKM::Key
1222 WrongKeyImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
1225 virtual bool empty() const {
1229 virtual CKM::KeyType getType() const {
1230 return CKM::KeyType::KEY_RSA_PUBLIC;
1232 virtual int getSize() const {
1235 virtual CKM::ElipticCurve getCurve() const {
1236 return CKM::ElipticCurve::prime192v1;
1238 virtual CKM::RawBuffer getDER() const {
1241 virtual ~WrongKeyImpl() {}
1243 CKM::RawBuffer & m_dummy;
1245 std::string dummyData = "my_cat_Berta\n";
1246 CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
1247 auto key = std::make_shared<WrongKeyImpl>(buffer);
1248 CKM::Alias alias = "damaged-rsa";
1251 CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
1252 "Error=" << CKM::ErrorToString(ret));
1255 RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
1257 ScopedAccessProvider ap("mylabel");
1258 ap.allowAPI("key-manager::api-storage", "rw");
1259 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
1260 ScopedDBUnlock unlock(USER_APP, APP_PASS);
1262 // fake the client - let the service detect the problem
1263 class WrongCertImpl : public CKM::Certificate
1266 WrongCertImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
1267 m_x509 = X509_new();
1270 bool empty() const {
1274 virtual X509 *getX509() const {
1278 virtual CKM::RawBuffer getDER() const {
1282 virtual ~WrongCertImpl() {
1287 CKM::RawBuffer & m_dummy;
1289 std::string dummyData = "my_cat_Stefan\n";
1290 CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
1291 auto cert = std::make_shared<WrongCertImpl>(buffer);
1292 CKM::Alias alias = "damaged-cert";
1295 auto manager = CKM::Manager::create();
1297 CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
1298 "Error=" << CKM::ErrorToString(temp));
1301 RUNNER_TEST(T12120_deinit)
1303 remove_user_data(USER_APP);
1306 RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
1308 RUNNER_TEST(T1311_init)
1310 remove_user_data(0);
1311 RUNNER_ASSERT_MSG(time(0) > 1405343457,
1312 "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
1314 ScopedLabel sl("System");
1315 struct hostent* he = gethostbyname("google.com");
1317 RUNNER_ASSERT_MSG(he != NULL, "There is problem with translate domain google.com into ip address. Probably network "
1318 "is not woking on the device. OCSP tests requires network access!");
1321 RUNNER_TEST(T13121_get_chain_no_cert)
1323 CKM::CertificateShPtrVector certChain;
1324 CKM::CertificateShPtr cert;
1326 auto manager = CKM::Manager::create();
1328 int ret = manager->getCertificateChain(cert,
1333 RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret,
1334 "Function should fail for empty certificate");
1337 RUNNER_TEST(T13122_get_chain_empty_cert)
1339 CKM::CertificateShPtrVector certChain;
1340 CKM::CertificateShPtr cert = CKM::Certificate::create(CKM::RawBuffer(),
1341 CKM::DataFormat::FORM_PEM);
1343 auto manager = CKM::Manager::create();
1345 int ret = manager->getCertificateChain(cert,
1350 RUNNER_ASSERT_MSG(CKM_API_ERROR_INPUT_PARAM == ret,
1351 "Function should fail for empty certificate");
1354 RUNNER_TEST(T13129_get_chain)
1356 auto cert = TestData::getTestCertificate(TestData::MBANK);
1357 auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
1359 CKM::CertificateShPtrVector certVector = {cert1};
1360 CKM::CertificateShPtrVector certChain;
1363 auto manager = CKM::Manager::create();
1365 RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
1366 RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
1368 tmp = manager->getCertificateChain(cert,
1373 RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
1374 "Error=" << CKM::ErrorToString(tmp));
1377 0 == certChain.size(),
1378 "Wrong size of certificate chain.");
1380 tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
1381 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
1384 3 == certChain.size(),
1385 "Wrong size of certificate chain.");
1388 RUNNER_TEST(T1313_get_chain_with_alias)
1390 auto cert = TestData::getTestCertificate(TestData::MBANK);
1391 auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
1393 CKM::CertificateShPtrVector certChain;
1394 CKM::AliasVector aliasVector;
1395 CKM::Alias alias = sharedDatabase("imcert");
1398 auto manager = CKM::Manager::create();
1400 RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
1401 RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
1403 tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
1404 RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
1405 "Error=" << CKM::ErrorToString(tmp));
1408 0 == certChain.size(),
1409 "Wrong size of certificate chain.");
1412 CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
1413 "Error=" << CKM::ErrorToString(tmp));
1415 aliasVector.push_back(alias);
1417 tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
1418 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
1421 3 == certChain.size(),
1422 "Wrong size of certificate chain.");
1425 RUNNER_TEST(T13141_ocsp_check_valid_chain)
1427 RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
1429 auto cert = TestData::getTestCertificate(TestData::MBANK);
1430 auto cert1 = TestData::getTestCertificate(TestData::SYMANTEC);
1431 CKM::CertificateShPtrVector certVector = {cert1};
1432 CKM::CertificateShPtrVector certChain;
1435 auto manager = CKM::Manager::create();
1437 RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
1438 RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
1440 tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
1441 RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
1442 "Error=" << CKM::ErrorToString(tmp));
1445 0 == certChain.size(),
1446 "Wrong size of certificate chain.");
1448 tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
1449 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
1452 3 == certChain.size(),
1453 "Wrong size of certificate chain.");
1457 CKM_API_SUCCESS == (tmp = manager->ocspCheck(certChain, status)),
1458 "Error=" << CKM::ErrorToString(tmp));
1460 RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_GOOD == status, "Verfication failed");
1463 RUNNER_TEST(T13142_ocsp_check_empty)
1465 CKM::CertificateShPtrVector certVector;
1467 auto manager = CKM::Manager::create();
1472 CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
1473 "ocspCheck should fail for empty certificate vector");
1476 RUNNER_TEST(T13143_ocsp_check_empty_ptrs)
1478 CKM::CertificateShPtrVector certVector = {
1479 CKM::CertificateShPtr(),
1480 CKM::CertificateShPtr(),
1481 CKM::CertificateShPtr()};
1483 auto manager = CKM::Manager::create();
1488 CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
1489 "ocspCheck should fail for empty certificate vector");
1492 RUNNER_TEST(T13144_ocsp_check_root)
1494 auto root = TestData::getTestCertificate(TestData::EQUIFAX);
1495 CKM::CertificateShPtrVector certVector = {root};
1497 auto manager = CKM::Manager::create();
1499 RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
1504 CKM_API_ERROR_INPUT_PARAM == (tmp = manager->ocspCheck(certVector, status)),
1505 "Ocsp should fail for single certificate");
1508 RUNNER_TEST(T13145_ocsp_check_no_ocsp)
1510 auto root = TestData::getTestCertificate(TestData::EQUIFAX);
1511 auto ca2 = TestData::getTestCertificate(TestData::GEOTRUST);
1512 auto ca1 = TestData::getTestCertificate(TestData::GIAG2);
1514 CKM::CertificateShPtrVector certVector = {ca1, ca2, root};
1516 auto manager = CKM::Manager::create();
1518 RUNNER_ASSERT_MSG(NULL != root.get(), "Certificate should not be empty");
1519 RUNNER_ASSERT_MSG(NULL != ca2.get(), "Certificate should not be empty");
1520 RUNNER_ASSERT_MSG(NULL != ca1.get(), "Certificate should not be empty");
1525 CKM_API_SUCCESS == (tmp = manager->ocspCheck(certVector, status)),
1526 "Error=" << CKM::ErrorToString(tmp));
1528 RUNNER_ASSERT_MSG(CKM_API_OCSP_STATUS_UNSUPPORTED == status, "Verfication failed");
1531 RUNNER_TEST(T1315_deinit)
1533 remove_user_data(0);
1536 RUNNER_TEST_GROUP_INIT(T141_CREATE_AND_VERIFY_SIGNATURE);
1538 RUNNER_TEST(T1411_init)
1540 remove_user_data(0);
1543 RUNNER_TEST(T1412_RSA_key_create_verify)
1546 auto manager = CKM::Manager::create();
1548 std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
1549 "Proc-Type: 4,ENCRYPTED\n"
1550 "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
1552 "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
1553 "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
1554 "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
1555 "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
1556 "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
1557 "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
1558 "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
1559 "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
1560 "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
1561 "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
1562 "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
1563 "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
1564 "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
1565 "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
1566 "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
1567 "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
1568 "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
1569 "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
1570 "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
1571 "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
1572 "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
1573 "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
1574 "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
1575 "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
1576 "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
1577 "-----END RSA PRIVATE KEY-----\n";
1579 std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1580 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1581 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1582 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1583 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1584 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1585 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1587 "-----END PUBLIC KEY-----\n";
1589 std::string message = "message test";
1591 CKM::Alias aliasPub = sharedDatabase("pub1");
1592 CKM::Alias aliasPrv = sharedDatabase("prv1");
1593 CKM::Password password = "1234";
1594 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
1595 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
1596 CKM::RawBuffer signature;
1598 auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
1599 auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
1601 RUNNER_ASSERT_MSG(NULL != keyPub.get(),
1602 "Key is empty. Failed to import public key.");
1603 RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
1604 "Key is empty. Failed to import private key.");
1607 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
1608 "Error=" << CKM::ErrorToString(temp));
1610 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
1611 "Error=" << CKM::ErrorToString(temp));
1614 CKM_API_SUCCESS == (temp = manager->createSignature(
1617 CKM::RawBuffer(message.begin(), message.end()),
1621 "Error=" << CKM::ErrorToString(temp));
1624 CKM_API_SUCCESS == (temp = manager->verifySignature(
1627 CKM::RawBuffer(message.begin(), message.end()),
1631 "Error=" << CKM::ErrorToString(temp));
1634 RUNNER_TEST(T1413_DSA_key_create_verify)
1637 auto manager = CKM::Manager::create();
1639 std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n"
1640 "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
1641 "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
1642 "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
1643 "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
1644 "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
1645 "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
1646 "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
1647 "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
1648 "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
1649 "u1roOuaPY+Hl19BlTE2qdw==\n"
1650 "-----END DSA PRIVATE KEY-----";
1652 std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1653 "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
1654 "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
1655 "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
1656 "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
1657 "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
1658 "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
1659 "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
1660 "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
1661 "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
1662 "YMYCBhubtrVaLmc=\n"
1663 "-----END PUBLIC KEY-----";
1665 std::string message = "message test";
1667 CKM::Alias aliasPub = sharedDatabase("pub2");
1668 CKM::Alias aliasPrv = sharedDatabase("prv2");
1669 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
1670 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
1671 CKM::RawBuffer signature;
1673 auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
1674 auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
1676 RUNNER_ASSERT_MSG(NULL != keyPub.get(),
1677 "Key is empty. Failed to import public key.");
1678 RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
1679 "Key is empty. Failed to import private key.");
1682 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
1683 "Error=" << CKM::ErrorToString(temp));
1685 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
1686 "Error=" << CKM::ErrorToString(temp));
1689 CKM_API_SUCCESS == (temp = manager->createSignature(
1692 CKM::RawBuffer(message.begin(), message.end()),
1696 "Error=" << CKM::ErrorToString(temp));
1699 CKM_API_SUCCESS == (temp = manager->verifySignature(
1702 CKM::RawBuffer(message.begin(), message.end()),
1706 "Error=" << CKM::ErrorToString(temp));
1710 RUNNER_TEST(T1414_ECDSA_key_create_verify)
1713 auto manager = CKM::Manager::create();
1715 std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
1716 "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
1717 "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
1718 "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
1719 "-----END EC PRIVATE KEY-----\n";
1721 std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1722 "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
1723 "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
1724 "-----END PUBLIC KEY-----\n";
1726 std::string message = "message test";
1728 CKM::Alias aliasPub = sharedDatabase("ecpub2");
1729 CKM::Alias aliasPrv = sharedDatabase("ecprv2");
1730 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
1731 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
1732 CKM::RawBuffer signature;
1734 auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
1735 auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
1737 RUNNER_ASSERT_MSG(NULL != keyPub.get(),
1738 "Key is empty. Failed to import public key.");
1739 RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
1740 "Key is empty. Failed to import private key.");
1743 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
1744 "Error=" << CKM::ErrorToString(temp));
1746 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
1747 "Error=" << CKM::ErrorToString(temp));
1750 CKM_API_SUCCESS == (temp = manager->createSignature(
1753 CKM::RawBuffer(message.begin(), message.end()),
1757 "Error=" << CKM::ErrorToString(temp));
1760 CKM_API_SUCCESS == (temp = manager->verifySignature(
1763 CKM::RawBuffer(message.begin(), message.end()),
1767 "Error=" << CKM::ErrorToString(temp));
1769 RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
1771 memcpy((void*)signature.data(), "BROKEN", 6);
1774 CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
1777 CKM::RawBuffer(message.begin(), message.end()),
1781 "Error=" << CKM::ErrorToString(temp));
1784 RUNNER_TEST(T1415_RSA_key_create_verify_negative)
1787 auto manager = CKM::Manager::create();
1788 std::string message = "message asdfaslkdfjlksadjf test";
1790 CKM::Alias aliasPub = sharedDatabase("pub1");
1791 CKM::Alias aliasPrv = sharedDatabase("prv1");
1793 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
1794 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
1795 CKM::RawBuffer signature;
1798 CKM_API_SUCCESS == (temp = manager->createSignature(
1801 CKM::RawBuffer(message.begin(), message.end()),
1805 "Error=" << CKM::ErrorToString(temp));
1808 CKM_API_SUCCESS == (temp = manager->verifySignature(
1811 CKM::RawBuffer(message.begin(), message.end()),
1815 "Error=" << CKM::ErrorToString(temp));
1817 RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
1818 memcpy((void*)signature.data(), "BROKEN", 6);
1821 CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
1824 CKM::RawBuffer(message.begin(), message.end()),
1828 "Error=" << CKM::ErrorToString(temp));
1831 RUNNER_TEST(T1416_DSA_key_create_verify_negative)
1834 auto manager = CKM::Manager::create();
1835 std::string message = "message asdfaslkdfjlksadjf test";
1837 CKM::Alias aliasPub = sharedDatabase("pub2");
1838 CKM::Alias aliasPrv = sharedDatabase("prv2");
1840 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
1841 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
1842 CKM::RawBuffer signature;
1845 CKM_API_SUCCESS == (temp = manager->createSignature(
1848 CKM::RawBuffer(message.begin(), message.end()),
1852 "Error=" << CKM::ErrorToString(temp));
1855 CKM_API_SUCCESS == (temp = manager->verifySignature(
1858 CKM::RawBuffer(message.begin(), message.end()),
1862 "Error=" << CKM::ErrorToString(temp));
1864 RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
1865 memcpy((void*)signature.data(), "BROKEN", 6);
1868 CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
1871 CKM::RawBuffer(message.begin(), message.end()),
1875 "Error=" << CKM::ErrorToString(temp));
1878 RUNNER_TEST(T1417_RSA_cert_create_verify_signature)
1881 auto manager = CKM::Manager::create();
1884 "-----BEGIN RSA PRIVATE KEY-----\n"
1885 "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
1886 "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
1887 "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
1888 "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
1889 "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
1890 "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
1891 "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
1892 "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
1893 "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
1894 "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
1895 "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
1896 "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
1897 "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
1898 "-----END RSA PRIVATE KEY-----\n";
1901 "-----BEGIN CERTIFICATE-----\n"
1902 "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
1903 "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
1904 "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
1905 "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
1906 "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
1907 "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
1908 "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
1909 "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
1910 "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
1911 "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
1912 "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
1913 "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
1914 "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
1915 "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
1916 "-----END CERTIFICATE-----\n";
1918 std::string message = "message test";
1920 CKM::Alias aliasPub = sharedDatabase("pub1-cert");
1921 CKM::Alias aliasPrv = sharedDatabase("prv1-cert");
1922 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
1923 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
1924 CKM::RawBuffer signature;
1926 auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
1927 auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
1929 RUNNER_ASSERT_MSG(NULL != cert.get(),
1930 "Key is empty. Failed to import public key.");
1931 RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
1932 "Key is empty. Failed to import private key.");
1935 CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
1936 "Error=" << CKM::ErrorToString(temp));
1938 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
1939 "Error=" << CKM::ErrorToString(temp));
1942 CKM_API_SUCCESS == (temp = manager->createSignature(
1945 CKM::RawBuffer(message.begin(), message.end()),
1949 "Error=" << CKM::ErrorToString(temp));
1952 CKM_API_SUCCESS == (temp = manager->verifySignature(
1955 CKM::RawBuffer(message.begin(), message.end()),
1959 "Error=" << CKM::ErrorToString(temp));
1961 RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
1963 memcpy((void*)signature.data(), "BROKEN", 6);
1966 CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
1969 CKM::RawBuffer(message.begin(), message.end()),
1973 "Error=" << CKM::ErrorToString(temp));
1976 RUNNER_TEST(T1418_DSA_cert_create_verify_signature)
1979 auto manager = CKM::Manager::create();
1981 const std::string pub = "-----BEGIN CERTIFICATE-----\n"
1982 "MIIDUzCCAxECCQCer/fKcXtJgTALBglghkgBZQMEAwIwgYsxCzAJBgNVBAYTAlBM\n"
1983 "MQ8wDQYDVQQIDAZQb2xhbmQxDzANBgNVBAcMBldhcnNhdzEQMA4GA1UECgwHU2Ft\n"
1984 "c3VuZzEMMAoGA1UECwwDS1NGMRMwEQYDVQQDDAptLmthcnBpdWsyMSUwIwYJKoZI\n"
1985 "hvcNAQkBFhZtLmthcnBpdWsyQHNhbXN1bmcuY29tMCAXDTE0MDkyNjEzNTQwN1oY\n"
1986 "DzIxNDAwOTA1MTM1NDA3WjCBizELMAkGA1UEBhMCUEwxDzANBgNVBAgMBlBvbGFu\n"
1987 "ZDEPMA0GA1UEBwwGV2Fyc2F3MRAwDgYDVQQKDAdTYW1zdW5nMQwwCgYDVQQLDANL\n"
1988 "U0YxEzARBgNVBAMMCm0ua2FycGl1azIxJTAjBgkqhkiG9w0BCQEWFm0ua2FycGl1\n"
1989 "azJAc2Ftc3VuZy5jb20wggG3MIIBKwYHKoZIzjgEATCCAR4CgYEA9Bhh7ZA4onkY\n"
1990 "uDNQbYR4EwkJ6RpD505hB0GF6yppUNp2LanvNcQXcyXY88MB6OdP7Rikbu1H2zP4\n"
1991 "gONCtdxKW58Za7h9bFzYjxcObZsS52F9DP7sv3C4sX4xNWApfhUgbfzKaRCJOkOs\n"
1992 "06tV7teu3G/v26PdI8dlykIuQXQZmH8CFQCHsIV0njb2yC3ggfKz+exH+g5jAQKB\n"
1993 "gBVLYfVCMjUz5XJH+xYU3A8W8rpSLqZKIK2d9mbXqhpz8QK1bvNQUlSRZo+o1ZYV\n"
1994 "mJn3Mx2YuiifHZNKdBNweCqe5a+HV2RSl1Yv/TV9famZKlogGslsmPHUOJMlSIdh\n"
1995 "MfMwVny4/rNtjEtEFE1WnaTr1W6MKH1EBbizVo8fmWFrA4GFAAKBgQCaPjrlkAyX\n"
1996 "kBitWo+w0xZN4OSk13SsCzZ/PG+5zOgMRaFm2XbiC04YsGCi4NFOd9kaiP7w1CsP\n"
1997 "iqG6Vwv0T/VcoxBl/hp6jEqTDSrM6z0ungjDO9wGOdI+jZS0UjVahgC4ZLDHhrOa\n"
1998 "CjfxcHruO3e416b/Rm2CjhOzjKdoSFUWVzALBglghkgBZQMEAwIDLwAwLAIUHa+A\n"
1999 "5xo8O/tPuH9gXkr1mee6kRYCFGNycJ1xkc3nIJaEQOtGfDe7S71A\n"
2000 "-----END CERTIFICATE-----\n";
2002 const std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n"
2003 "MIIBuwIBAAKBgQD0GGHtkDiieRi4M1BthHgTCQnpGkPnTmEHQYXrKmlQ2nYtqe81\n"
2004 "xBdzJdjzwwHo50/tGKRu7UfbM/iA40K13EpbnxlruH1sXNiPFw5tmxLnYX0M/uy/\n"
2005 "cLixfjE1YCl+FSBt/MppEIk6Q6zTq1Xu167cb+/bo90jx2XKQi5BdBmYfwIVAIew\n"
2006 "hXSeNvbILeCB8rP57Ef6DmMBAoGAFUth9UIyNTPlckf7FhTcDxbyulIupkogrZ32\n"
2007 "ZteqGnPxArVu81BSVJFmj6jVlhWYmfczHZi6KJ8dk0p0E3B4Kp7lr4dXZFKXVi/9\n"
2008 "NX19qZkqWiAayWyY8dQ4kyVIh2Ex8zBWfLj+s22MS0QUTVadpOvVbowofUQFuLNW\n"
2009 "jx+ZYWsCgYEAmj465ZAMl5AYrVqPsNMWTeDkpNd0rAs2fzxvuczoDEWhZtl24gtO\n"
2010 "GLBgouDRTnfZGoj+8NQrD4qhulcL9E/1XKMQZf4aeoxKkw0qzOs9Lp4IwzvcBjnS\n"
2011 "Po2UtFI1WoYAuGSwx4azmgo38XB67jt3uNem/0Ztgo4Ts4ynaEhVFlcCFGMH+Z9l\n"
2012 "vonbjii3BYe4AIdkzOvp\n"
2013 "-----END DSA PRIVATE KEY-----\n";
2015 std::string message = "message test";
2017 CKM::Alias aliasPub = sharedDatabase("pub2-cert");
2018 CKM::Alias aliasPrv = sharedDatabase("prv2-cert");
2019 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
2020 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
2021 CKM::RawBuffer signature;
2023 auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
2024 auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
2026 RUNNER_ASSERT_MSG(NULL != cert.get(),
2027 "Key is empty. Failed to import public key.");
2028 RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
2029 "Key is empty. Failed to import private key.");
2032 CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
2033 "Error=" << CKM::ErrorToString(temp));
2035 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
2036 "Error=" << CKM::ErrorToString(temp));
2039 CKM_API_SUCCESS == (temp = manager->createSignature(
2042 CKM::RawBuffer(message.begin(), message.end()),
2046 "Error=" << CKM::ErrorToString(temp));
2049 CKM_API_SUCCESS == (temp = manager->verifySignature(
2052 CKM::RawBuffer(message.begin(), message.end()),
2056 "Error=" << CKM::ErrorToString(temp));
2058 RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
2060 memcpy((void*)signature.data(), "BROKEN", 6);
2063 CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
2066 CKM::RawBuffer(message.begin(), message.end()),
2070 "Error=" << CKM::ErrorToString(temp));
2073 RUNNER_TEST(T1419_ECDSA_cert_create_verify_signature)
2076 auto manager = CKM::Manager::create();
2079 "-----BEGIN EC PRIVATE KEY-----\n"
2080 "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
2081 "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
2082 "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
2083 "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
2084 "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
2085 "ELyhe7yPCAuOoLZlTLgf\n"
2086 "-----END EC PRIVATE KEY-----\n";
2089 "-----BEGIN CERTIFICATE-----\n"
2090 "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
2091 "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
2092 "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
2093 "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
2094 "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
2095 "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
2096 "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
2097 "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
2098 "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
2099 "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
2100 "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
2101 "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
2102 "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
2103 "Q1oBry6NEc+lLFmWMDesAA==\n"
2104 "-----END CERTIFICATE-----\n";
2106 std::string message = "message test";
2108 CKM::Alias aliasPub = sharedDatabase("pub3");
2109 CKM::Alias aliasPrv = sharedDatabase("prv3");
2110 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
2111 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
2112 CKM::RawBuffer signature;
2114 auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
2115 auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
2117 RUNNER_ASSERT_MSG(NULL != cert.get(),
2118 "Key is empty. Failed to import public key.");
2119 RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
2120 "Key is empty. Failed to import private key.");
2123 CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
2124 "Error=" << CKM::ErrorToString(temp));
2126 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
2127 "Error=" << CKM::ErrorToString(temp));
2130 CKM_API_SUCCESS == (temp = manager->createSignature(
2133 CKM::RawBuffer(message.begin(), message.end()),
2137 "Error=" << CKM::ErrorToString(temp));
2140 CKM_API_SUCCESS == (temp = manager->verifySignature(
2143 CKM::RawBuffer(message.begin(), message.end()),
2147 "Error=" << CKM::ErrorToString(temp));
2149 RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
2151 memcpy((void*)signature.data(), "BROKEN", 6);
2154 CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
2157 CKM::RawBuffer(message.begin(), message.end()),
2161 "Error=" << CKM::ErrorToString(temp));
2164 RUNNER_TEST(T1420_deinit)
2166 remove_user_data(0);
2169 RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
2171 RUNNER_TEST(T14180_init)
2174 remove_user_data(0);
2176 auto manager = CKM::Manager::create();
2178 // Prepare RSA Key Pair
2179 std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
2180 "Proc-Type: 4,ENCRYPTED\n"
2181 "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
2183 "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
2184 "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
2185 "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
2186 "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
2187 "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
2188 "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
2189 "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
2190 "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
2191 "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
2192 "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
2193 "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
2194 "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
2195 "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
2196 "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
2197 "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
2198 "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
2199 "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
2200 "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
2201 "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
2202 "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
2203 "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
2204 "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
2205 "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
2206 "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
2207 "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
2208 "-----END RSA PRIVATE KEY-----\n";
2210 std::string pub = "-----BEGIN PUBLIC KEY-----\n"
2211 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
2212 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
2213 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
2214 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
2215 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
2216 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
2218 "-----END PUBLIC KEY-----\n";
2220 CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
2221 CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
2222 CKM::Password password = "1234";
2224 auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
2225 auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
2227 RUNNER_ASSERT_MSG(NULL != keyPub.get(),
2228 "Key is empty. Failed to import public key.");
2229 RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
2230 "Key is empty. Failed to import private key.");
2233 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
2234 "Error=" << CKM::ErrorToString(temp));
2236 CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
2237 "Error=" << CKM::ErrorToString(temp));
2239 // Prepare ECDSA Key Pair
2240 std::string ecprv = "-----BEGIN EC PRIVATE KEY-----\n"
2241 "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
2242 "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
2243 "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
2244 "-----END EC PRIVATE KEY-----\n";
2246 std::string ecpub = "-----BEGIN PUBLIC KEY-----\n"
2247 "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
2248 "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
2249 "-----END PUBLIC KEY-----\n";
2251 CKM::Alias aliasEcPub = sharedDatabase("ecpub_nohash1");
2252 CKM::Alias aliasEcPrv = sharedDatabase("ecprv_nohash1");
2254 auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
2255 auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
2257 RUNNER_ASSERT_MSG(NULL != ecKeyPub.get(),
2258 "Key is empty. Failed to import public key.");
2259 RUNNER_ASSERT_MSG(NULL != ecKeyPrv.get(),
2260 "Key is empty. Failed to import private key.");
2263 CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPub, ecKeyPub, CKM::Policy())),
2264 "Error=" << CKM::ErrorToString(temp));
2266 CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPrv, ecKeyPrv, CKM::Policy())),
2267 "Error=" << CKM::ErrorToString(temp));
2271 RUNNER_TEST(T14181_RSA_create_signatue_nohash)
2274 auto manager = CKM::Manager::create();
2275 std::string message = "message asdfaslkdfjlksadjf test";
2277 CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
2278 CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
2280 CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
2281 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
2282 CKM::RawBuffer signature;
2285 CKM_API_SUCCESS == (temp = manager->createSignature(
2288 CKM::RawBuffer(message.begin(), message.end()),
2292 "Error=" << CKM::ErrorToString(temp));
2295 CKM_API_SUCCESS == (temp = manager->verifySignature(
2298 CKM::RawBuffer(message.begin(), message.end()),
2302 "Error=" << CKM::ErrorToString(temp));
2304 RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
2305 memcpy((void*)signature.data(), "BROKEN", 6);
2308 CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
2311 CKM::RawBuffer(message.begin(), message.end()),
2315 "Error=" << CKM::ErrorToString(temp));
2318 RUNNER_TEST(T14182_RSA_create_signatue_nohash_nopad)
2321 auto manager = CKM::Manager::create();
2322 std::string message = "message asdfaslkdfjlksadjf test";
2324 CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
2325 CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
2327 CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
2328 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
2329 CKM::RawBuffer signature;
2332 CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
2335 CKM::RawBuffer(message.begin(), message.end()),
2339 "Error=" << CKM::ErrorToString(temp));
2342 RUNNER_TEST(T14183_RSA_create_signatue_nohash_bigmsg)
2345 auto manager = CKM::Manager::create();
2346 std::string message = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2347 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2348 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2349 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2350 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2351 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2352 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2353 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2354 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2355 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2356 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2357 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2358 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2359 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2360 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2361 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2362 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2363 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2364 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
2365 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
2367 CKM::Alias aliasPub = sharedDatabase("pub_nohash1");
2368 CKM::Alias aliasPrv = sharedDatabase("prv_nohash1");
2370 CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
2371 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
2372 CKM::RawBuffer signature;
2375 CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
2378 CKM::RawBuffer(message.begin(), message.end()),
2382 "Error=" << CKM::ErrorToString(temp));
2386 RUNNER_TEST(T14184_ECDSA_create_signatue_nohash)
2389 auto manager = CKM::Manager::create();
2391 std::string message = "message test";
2393 CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
2394 CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
2395 CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
2396 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
2397 CKM::RawBuffer signature;
2400 CKM_API_SUCCESS == (temp = manager->createSignature(
2403 CKM::RawBuffer(message.begin(), message.end()),
2407 "Error=" << CKM::ErrorToString(temp));
2410 CKM_API_SUCCESS == (temp = manager->verifySignature(
2413 CKM::RawBuffer(message.begin(), message.end()),
2417 "Error=" << CKM::ErrorToString(temp));
2419 RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
2421 memcpy((void*)signature.data(), "BROKEN", 6);
2424 CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
2427 CKM::RawBuffer(message.begin(), message.end()),
2431 "Error=" << CKM::ErrorToString(temp));
2434 RUNNER_TEST(T14185_ECDSA_create_signatue_nohash_bigmsg)
2437 auto manager = CKM::Manager::create();
2439 int msgSize = 1024*1024;
2440 char big_msg[msgSize];
2441 for(int i =0; i<msgSize-1; i++) {
2444 big_msg[msgSize-1]=0x00;
2445 std::string message(big_msg);
2447 CKM::Alias aliasPub = sharedDatabase("ecpub_nohash1");
2448 CKM::Alias aliasPrv = sharedDatabase("ecprv_nohash1");
2449 CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
2450 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
2451 CKM::RawBuffer signature;
2454 CKM_API_SUCCESS == (temp = manager->createSignature(
2457 CKM::RawBuffer(message.begin(), message.end()),
2461 "Error=" << CKM::ErrorToString(temp));
2465 RUNNER_TEST(T14189_deinit)
2467 remove_user_data(0);
2471 RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
2473 RUNNER_TEST(T1510_init_unlock_key)
2475 reset_user_data(USER_TEST, APP_PASS);
2478 RUNNER_TEST(T1511_insert_data)
2480 auto certee = TestData::getTestCertificate(TestData::MBANK);
2481 auto certim = TestData::getTestCertificate(TestData::SYMANTEC);
2482 CKM::Alias certeeAlias("CertEE");
2483 CKM::Alias certimAlias("CertIM");
2485 ScopedAccessProvider ap("my-label");
2486 ap.allowAPI("key-manager::api-storage", "rw");
2487 ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
2488 ScopedDBUnlock unlock(USER_TEST, APP_PASS);
2490 auto manager = CKM::Manager::create();
2491 RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certeeAlias, certee, CKM::Policy()));
2492 RUNNER_ASSERT(CKM_API_SUCCESS == manager->saveCertificate(certimAlias, certim, CKM::Policy()));
2496 stop_service(MANAGER);
2497 start_service(MANAGER);
2501 ScopedAccessProvider ap("my-label");
2502 ap.allowAPI("key-manager::api-storage", "rw");
2503 ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
2504 ScopedDBUnlock unlock(USER_TEST, APP_PASS);
2506 auto manager = CKM::Manager::create();
2507 int status1 = manager->saveCertificate(certeeAlias, certee, CKM::Policy());
2508 int status2 = manager->saveCertificate(certimAlias, certim, CKM::Policy());
2510 CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
2511 "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
2513 CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
2514 "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
2518 RUNNER_TEST(T1519_deinit)
2520 remove_user_data(USER_TEST);
2523 RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
2525 RUNNER_TEST(T1701_init_unlock_key)
2527 ScopedAccessProvider ap("t170-special-label");
2528 ap.allowAPI("key-manager::api-storage", "rw");
2529 ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
2531 unlock_user_data(USER_TEST+1, "t170-special-password");
2534 RUNNER_CHILD_TEST(T1702_insert_data)
2537 ScopedAccessProvider ap("t170-special-label");
2538 ap.allowAPI("key-manager::api-storage", "rw");
2539 ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
2541 auto certee = TestData::getTestCertificate(TestData::MBANK);
2543 auto manager = CKM::Manager::create();
2544 size_t current_aliases_num = count_aliases(ALIAS_CERT);
2545 int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
2548 CKM_API_SUCCESS == status1,
2549 "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
2551 CKM::AliasVector av;
2553 CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
2554 "Error=" << CKM::ErrorToString(temp));
2556 (current_aliases_num+1) == static_cast<size_t>(temp = av.size()),
2557 "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
2560 RUNNER_TEST(T1703_removeApplicationData)
2563 auto control = CKM::Control::create();
2565 CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
2566 "Error=" << CKM::ErrorToString(tmp));
2569 RUNNER_CHILD_TEST(T1704_data_test)
2572 ScopedAccessProvider ap("t170-special-label");
2573 ap.allowAPI("key-manager::api-storage", "rw");
2574 ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
2576 CKM::AliasVector av;
2577 auto manager = CKM::Manager::create();
2580 CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
2581 "Error=" << CKM::ErrorToString(temp));
2583 0 == (temp = av.size()),
2584 "Vector size: " << temp << ". Expected: 0");
2587 RUNNER_TEST(T1705_deinit)
2589 remove_user_data(USER_TEST+1);
2592 RUNNER_TEST(T17101_init)
2596 auto control = CKM::Control::create();
2598 CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
2599 "Error=" << CKM::ErrorToString(tmp));
2601 CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
2602 "Error=" << CKM::ErrorToString(tmp));
2604 CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
2605 "Error=" << CKM::ErrorToString(tmp));
2608 CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
2609 "Error=" << CKM::ErrorToString(tmp));
2611 CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
2612 "Error=" << CKM::ErrorToString(tmp));
2614 CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
2615 "Error=" << CKM::ErrorToString(tmp));
2618 RUNNER_CHILD_TEST(T17102_prep_data_01)
2621 ScopedAccessProvider ap("t1706-special-label");
2622 ap.allowAPI("key-manager::api-storage", "rw");
2623 ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
2625 CKM::AliasVector av;
2626 auto manager = CKM::Manager::create();
2628 std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
2630 CKM::RawBuffer buffer(data.begin(), data.end());
2631 CKM::Policy exportable(CKM::Password(), true);
2634 CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
2635 "Error=" << CKM::ErrorToString(temp));
2638 RUNNER_CHILD_TEST(T17103_prep_data_02)
2641 ScopedAccessProvider ap("t1706-special-label2");
2642 ap.allowAPI("key-manager::api-storage", "rw");
2643 ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
2645 CKM::AliasVector av;
2646 auto manager = CKM::Manager::create();
2648 std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
2650 CKM::RawBuffer buffer(data.begin(), data.end());
2651 CKM::Policy exportable(CKM::Password(), true);
2654 CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
2655 "Error=" << CKM::ErrorToString(temp));
2658 RUNNER_CHILD_TEST(T17104_prep_data_03)
2661 ScopedAccessProvider ap("t1706-special-label");
2662 ap.allowAPI("key-manager::api-storage", "rw");
2663 ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
2665 CKM::AliasVector av;
2666 auto manager = CKM::Manager::create();
2668 std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
2670 CKM::RawBuffer buffer(data.begin(), data.end());
2671 CKM::Policy exportable(CKM::Password(), true);
2674 CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
2675 "Error=" << CKM::ErrorToString(temp));
2678 RUNNER_CHILD_TEST(T17105_prep_data_04)
2681 ScopedAccessProvider ap("t1706-special-label2");
2682 ap.allowAPI("key-manager::api-storage", "rw");
2683 ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
2685 CKM::AliasVector av;
2686 auto manager = CKM::Manager::create();
2688 std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
2690 CKM::RawBuffer buffer(data.begin(), data.end());
2691 CKM::Policy exportable(CKM::Password(), true);
2694 CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
2695 "Error=" << CKM::ErrorToString(temp));
2698 RUNNER_TEST(T17106_remove_application)
2702 auto control = CKM::Control::create();
2704 CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
2705 "Error=" << CKM::ErrorToString(tmp));
2707 CKM_API_SUCCESS == (tmp = control->removeApplicationData("t1706-special-label")),
2708 "Error=" << CKM::ErrorToString(tmp));
2711 RUNNER_CHILD_TEST(T17107_check_data_01)
2714 ScopedAccessProvider ap("t1706-special-label");
2715 ap.allowAPI("key-manager::api-storage", "rw");
2716 ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
2718 CKM::AliasVector av;
2719 auto manager = CKM::Manager::create();
2722 CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
2723 "Error=" << CKM::ErrorToString(temp));
2725 0 == (temp = av.size()),
2726 "Vector size: " << temp << ". Expected: 0");
2729 RUNNER_CHILD_TEST(T17108_check_data_02)
2732 ScopedAccessProvider ap("t1706-special-label2");
2733 ap.allowAPI("key-manager::api-storage", "rw");
2734 ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
2736 CKM::AliasVector av;
2737 auto manager = CKM::Manager::create();
2740 CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
2741 "Error=" << CKM::ErrorToString(temp));
2743 1 == (temp = av.size()),
2744 "Vector size: " << temp << ". Expected: 1");
2747 RUNNER_TEST(T17109_unlock_user2)
2751 auto control = CKM::Control::create();
2753 CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
2754 "Error=" << CKM::ErrorToString(tmp));
2757 RUNNER_CHILD_TEST(T17110_check_data_03)
2760 ScopedAccessProvider ap("t1706-special-label");
2761 ap.allowAPI("key-manager::api-storage", "rw");
2762 ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
2764 CKM::AliasVector av;
2765 auto manager = CKM::Manager::create();
2768 CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
2769 "Error=" << CKM::ErrorToString(temp));
2771 0 == (temp = av.size()),
2772 "Vector size: " << temp << ". Expected: 0");
2775 RUNNER_CHILD_TEST(T17111_check_data_04)
2778 ScopedAccessProvider ap("t1706-special-label2");
2779 ap.allowAPI("key-manager::api-storage", "rw");
2780 ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
2782 CKM::AliasVector av;
2783 auto manager = CKM::Manager::create();
2786 CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
2787 "Error=" << CKM::ErrorToString(temp));
2789 1 == (temp = av.size()),
2790 "Vector size: " << temp << ". Expected: 1");
2793 RUNNER_TEST(T17112_deinit)
2795 remove_user_data(USER_TEST+2);
2796 remove_user_data(USER_TEST+3);
2799 RUNNER_TEST_GROUP_INIT(T180_PKCS12);
2803 CKM::Alias alias_PKCS_collision = sharedDatabase("test-PKCS-collision");
2804 CKM::Alias alias_PKCS_exportable = sharedDatabase("test-PKCS-export");
2805 CKM::Alias alias_PKCS_not_exportable = sharedDatabase("test-PKCS-no-export");
2806 CKM::Alias alias_PKCS_priv_key_copy = sharedDatabase("test-PKCS-private-key-copy");
2807 CKM::Alias alias_PKCS_priv_key_wrong = sharedDatabase("test-PKCS-private-key-wrong");
2810 RUNNER_TEST(T1800_init)
2812 remove_user_data(0);
2815 RUNNER_TEST(T1801_parse_PKCS12) {
2816 std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
2817 std::istreambuf_iterator<char> begin(is), end;
2818 std::vector<char> buff(begin, end);
2820 CKM::RawBuffer buffer(buff.size());
2821 memcpy(buffer.data(), buff.data(), buff.size());
2823 auto pkcs = CKM::PKCS12::create(buffer, "secret");
2826 "Error in PKCS12::create()");
2828 auto cert = pkcs->getCertificate();
2831 "Error in PKCS12::getCertificate()");
2833 auto key = pkcs->getKey();
2836 "Error in PKCS12::getKey()");
2838 auto caVector = pkcs->getCaCertificateShPtrVector();
2840 0 == caVector.size(),
2841 "Wrong size of vector");
2844 RUNNER_TEST(T1802_negative_wrong_password) {
2845 std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
2846 std::istreambuf_iterator<char> begin(is), end;
2847 std::vector<char> buff(begin, end);
2849 CKM::RawBuffer buffer(buff.size());
2850 memcpy(buffer.data(), buff.data(), buff.size());
2852 auto pkcs = CKM::PKCS12::create(buffer, "error");
2855 "Expected error in PKCS12::create()");
2858 RUNNER_TEST(T1803_negative_broken_buffer) {
2859 std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
2860 std::istreambuf_iterator<char> begin(is), end;
2861 std::vector<char> buff(begin, end);
2863 CKM::RawBuffer buffer(buff.size());
2864 memcpy(buffer.data(), buff.data(), buff.size());
2866 RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
2869 auto pkcs = CKM::PKCS12::create(buffer, "secret");
2872 "Expected error in PKCS12::create()");
2875 RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias)
2877 auto manager = CKM::Manager::create();
2878 std::ifstream is("/usr/share/ckm-test/pkcs.p12");
2879 std::istreambuf_iterator<char> begin(is), end;
2880 std::vector<char> buff(begin, end);
2882 CKM::RawBuffer buffer(buff.size());
2883 memcpy(buffer.data(), buff.data(), buff.size());
2885 auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
2888 "Error in PKCS12::create()");
2891 std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
2892 "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
2893 "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
2894 "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
2895 "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
2896 "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
2897 "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
2898 "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
2899 "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
2900 "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
2901 "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
2902 "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
2903 "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
2904 "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
2905 "-----END RSA PRIVATE KEY-----\n";
2907 std::string message = "message test";
2909 auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
2910 RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
2911 "Key is empty. Failed to import private key.");
2915 CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())),
2916 "Error=" << CKM::ErrorToString(temp));
2919 CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())),
2920 "Error=" << CKM::ErrorToString(temp));
2923 RUNNER_TEST(T1805_add_bundle_with_chain_certificates)
2925 auto manager = CKM::Manager::create();
2926 std::ifstream is("/usr/share/ckm-test/pkcs.p12");
2927 std::istreambuf_iterator<char> begin(is), end;
2928 std::vector<char> buff(begin, end);
2930 CKM::RawBuffer buffer(buff.size());
2931 memcpy(buffer.data(), buff.data(), buff.size());
2933 auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
2936 "Error in PKCS12::create()");
2938 auto cert = pkcs->getCertificate();
2941 "Error in PKCS12::getCertificate()");
2943 auto key = pkcs->getKey();
2946 "Error in PKCS12::getKey()");
2948 auto caVector = pkcs->getCaCertificateShPtrVector();
2950 2 == caVector.size(),
2951 "Wrong size of vector");
2955 CKM::Policy exportable;
2956 CKM::Policy notExportable(CKM::Password(), false);
2959 CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
2960 "Error=" << CKM::ErrorToString(tmp));
2962 CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
2963 "Error=" << CKM::ErrorToString(tmp));
2965 CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
2966 "Error=" << CKM::ErrorToString(tmp));
2968 CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
2969 "Error=" << CKM::ErrorToString(tmp));
2971 // try to lookup key
2972 CKM::KeyShPtr key_lookup;
2974 CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
2975 "Error=" << CKM::ErrorToString(tmp));
2977 CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
2978 "Error=" << CKM::ErrorToString(tmp));
2980 // try to lookup certificate
2981 CKM::CertificateShPtr cert_lookup;
2983 CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
2984 "Error=" << CKM::ErrorToString(tmp));
2986 CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
2987 "Error=" << CKM::ErrorToString(tmp));
2990 RUNNER_TEST(T1806_get_PKCS)
2993 auto manager = CKM::Manager::create();
2995 CKM::PKCS12ShPtr pkcs;
2999 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12(sharedDatabase("i-do-not-exist").c_str(), pkcs)),
3000 "Error=" << CKM::ErrorToString(temp));
3002 // fail - not exportable
3004 CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)),
3005 "Error=" << CKM::ErrorToString(temp));
3007 // success - exportable
3009 CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)),
3010 "Error=" << CKM::ErrorToString(temp));
3012 auto cert = pkcs->getCertificate();
3015 "Error in PKCS12::getCertificate()");
3017 auto key = pkcs->getKey();
3020 "Error in PKCS12::getKey()");
3022 auto caVector = pkcs->getCaCertificateShPtrVector();
3024 2 == caVector.size(),
3025 "Wrong size of vector");
3028 RUNNER_TEST(T1807_create_and_verify_signature)
3031 auto manager = CKM::Manager::create();
3033 std::string message = "message test";
3035 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
3036 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
3037 CKM::RawBuffer signature;
3040 CKM_API_SUCCESS == (temp = manager->createSignature(
3041 alias_PKCS_exportable,
3043 CKM::RawBuffer(message.begin(), message.end()),
3047 "Error=" << CKM::ErrorToString(temp));
3050 CKM_API_SUCCESS == (temp = manager->verifySignature(
3051 alias_PKCS_exportable,
3053 CKM::RawBuffer(message.begin(), message.end()),
3057 "Error=" << CKM::ErrorToString(temp));
3060 RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS)
3063 auto manager = CKM::Manager::create();
3065 std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
3066 "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n"
3067 "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n"
3068 "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n"
3069 "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n"
3070 "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n"
3071 "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n"
3072 "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n"
3073 "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n"
3074 "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n"
3075 "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n"
3076 "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n"
3077 "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n"
3078 "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n"
3079 "-----END RSA PRIVATE KEY-----";
3080 std::string message = "message test";
3082 auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
3083 RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
3084 "Key is empty. Failed to import private key.");
3087 CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())),
3088 "Error=" << CKM::ErrorToString(temp));
3090 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
3091 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
3092 CKM::RawBuffer signature;
3095 CKM_API_SUCCESS == (temp = manager->createSignature(
3096 alias_PKCS_priv_key_copy,
3098 CKM::RawBuffer(message.begin(), message.end()),
3102 "Error=" << CKM::ErrorToString(temp));
3105 CKM_API_SUCCESS == (temp = manager->verifySignature(
3106 alias_PKCS_exportable,
3108 CKM::RawBuffer(message.begin(), message.end()),
3112 "Error=" << CKM::ErrorToString(temp));
3115 RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
3118 auto manager = CKM::Manager::create();
3120 std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
3121 "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
3122 "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
3123 "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
3124 "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
3125 "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
3126 "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
3127 "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
3128 "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
3129 "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
3130 "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
3131 "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
3132 "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
3133 "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
3134 "-----END RSA PRIVATE KEY-----\n";
3136 std::string message = "message test";
3138 auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
3139 RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
3140 "Key is empty. Failed to import private key.");
3143 CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())),
3144 "Error=" << CKM::ErrorToString(temp));
3146 CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
3147 CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
3148 CKM::RawBuffer signature;
3151 CKM_API_SUCCESS == (temp = manager->createSignature(
3152 alias_PKCS_priv_key_wrong,
3154 CKM::RawBuffer(message.begin(), message.end()),
3158 "Error=" << CKM::ErrorToString(temp));
3161 CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
3162 alias_PKCS_exportable,
3164 CKM::RawBuffer(message.begin(), message.end()),
3168 "Error=" << CKM::ErrorToString(temp));
3171 RUNNER_TEST(T1810_verify_get_certificate_chain)
3173 // this certificate has been signed using PKCS chain
3174 std::string im = "-----BEGIN CERTIFICATE-----\n"
3175 "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
3176 "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n"
3177 "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n"
3178 "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n"
3179 "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n"
3180 "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n"
3181 "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n"
3182 "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n"
3183 "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n"
3185 "-----END CERTIFICATE-----\n";
3187 auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
3188 CKM::CertificateShPtrVector certChain;
3189 CKM::AliasVector aliasVector;
3192 auto manager = CKM::Manager::create();
3194 RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
3196 tmp = manager->getCertificateChain(cert,
3201 RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
3202 "Error=" << CKM::ErrorToString(tmp));
3205 0 == certChain.size(),
3206 "Wrong size of certificate chain.");
3208 aliasVector.push_back(alias_PKCS_exportable);
3210 tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain);
3211 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
3213 // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4
3215 4 == certChain.size(),
3216 "Wrong size of certificate chain: " << certChain.size());
3219 RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
3221 auto manager = CKM::Manager::create();
3225 // remove the whole PKCS12 bundles
3227 CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)),
3228 "Error=" << CKM::ErrorToString(tmp));
3230 CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)),
3231 "Error=" << CKM::ErrorToString(tmp));
3233 // expect lookup fails due to unknown alias
3234 // try to lookup key
3235 CKM::KeyShPtr key_lookup;
3237 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
3238 "Error=" << CKM::ErrorToString(tmp));
3240 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
3241 "Error=" << CKM::ErrorToString(tmp));
3243 // try to lookup certificate
3244 CKM::CertificateShPtr cert_lookup;
3246 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
3247 "Error=" << CKM::ErrorToString(tmp));
3249 CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
3250 "Error=" << CKM::ErrorToString(tmp));
3253 RUNNER_TEST(T1812_get_pkcs12_password_tests)
3255 CKM::Alias alias = sharedDatabase("t1812alias1");
3257 auto manager = CKM::Manager::create();
3258 std::ifstream is("/usr/share/ckm-test/pkcs.p12");
3259 std::istreambuf_iterator<char> begin(is), end;
3260 std::vector<char> buff(begin, end);
3262 CKM::PKCS12ShPtr pkcs12;
3263 CKM::Password pass1 = "easypass1";
3264 CKM::Password pass2 = "easypass2";
3266 CKM::RawBuffer buffer(buff.size());
3267 memcpy(buffer.data(), buff.data(), buff.size());
3269 auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
3272 "Error in PKCS12::create()");
3276 CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy(pass1), CKM::Policy(pass2))),
3277 "Error=" << CKM::ErrorToString(temp));
3280 CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)),
3281 "Error=" << CKM::ErrorToString(temp));
3284 CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), CKM::Password(), pkcs)),
3285 "Error=" << CKM::ErrorToString(temp));
3288 CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pass1, CKM::Password(), pkcs)),
3289 "Error=" << CKM::ErrorToString(temp));
3292 CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), pass2, pkcs)),
3293 "Error=" << CKM::ErrorToString(temp));
3296 CKM_API_SUCCESS == (temp = manager->getPKCS12(alias, pass1, pass2, pkcs)),
3297 "Error=" << CKM::ErrorToString(temp));
3299 CKM::CertificateShPtr cert;
3301 CKM_API_SUCCESS == (temp = manager->getCertificate(alias, pass2, cert)),
3302 "Error=" << CKM::ErrorToString(temp));
3304 CKM::CertificateShPtrVector certChain;
3305 CKM::AliasVector certVect;
3306 certVect.push_back(alias);
3309 CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getCertificateChain(cert, certVect, certVect, true, certChain)),
3310 "Error=" << CKM::ErrorToString(temp));
3313 RUNNER_TEST(T1813_deinit)
3316 auto control = CKM::Control::create();
3319 CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
3320 "Error=" << CKM::ErrorToString(temp));
3323 RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
3325 const char * const T190_PASSWD = "t190-special-password";
3327 RUNNER_TEST(T1901_init_unlock_key)
3329 reset_user_data(USER_APP, T190_PASSWD);
3332 RUNNER_TEST(T1902_get_data)
3334 ScopedAccessProvider ap(TEST_LABEL);
3335 ap.allowAPI("key-manager::api-storage", "rw");
3336 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
3337 ScopedDBUnlock unlock(USER_APP, T190_PASSWD);
3339 auto manager = CKM::Manager::create();
3342 int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
3345 CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1,
3346 "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
3349 RUNNER_TEST(T1903_lock_database)
3352 auto control = CKM::Control::create();
3354 CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
3355 "Error=" << CKM::ErrorToString(tmp));
3358 RUNNER_TEST(T1904_get_data_from_locked_database)
3360 ScopedAccessProvider ap(TEST_LABEL);
3361 ap.allowAPI("key-manager::api-storage", "rw");
3362 ap.applyAndSwithToUser(USER_APP, GROUP_APP);
3364 auto manager = CKM::Manager::create();
3367 int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
3370 CKM_API_ERROR_DB_LOCKED == status1,
3371 "Could not get key from locked database. Error=" << CKM::ErrorToString(status1));
3374 RUNNER_TEST(T1905_deinit)
3376 remove_user_data(USER_APP);
3379 int main(int argc, char *argv[])
3381 return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
projects / platform / core / test / security-tests.git / blob