projects / platform / core / test / security-tests.git / blob
? search:


e693a50d8175e0de8640b7501473899f3f5ca886
[platform/core/test/security-tests.git] / src / ckm / unprivileged / capi-testcases.cpp
1 #include <dpl/test/test_runner.h>
2
3 #include <tests_common.h>
4 #include <test-certs.h>
5 #include <ckm-common.h>
6
7 #include <ckm/ckm-manager.h>
8 #include <ckm/ckm-control.h>
9 #include <ckm/ckm-type.h>
10
11 #include <ckmc/ckmc-manager.h>
12 #include <ckmc/ckmc-control.h>
13 #include <ckmc/ckmc-type.h>
14 #include <ckmc/ckmc-error.h>
15
16 #include <ckm-common.h>
17
18 #include <string>
19 #include <fstream>
20 #include <string.h>
21 #include <stdio.h>
22 #include <stddef.h>
23 #include <stdlib.h>
24
25 namespace {
26 const int USER_APP = 5001;
27 const char* USER_PASS = "user-pass";
28 const char *const TEST_OBJECT1 = "OBJECT1";
29 } // namespace anonymous
30
31
32 RUNNER_TEST_GROUP_INIT (T301_CKMC_CONTROL_C_API);
33
34 RUNNER_TEST(T3010_Control_C_API_service_unlock_DB)
35 {
36         int temp;
37
38         RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(0)),
39                         CKMCReadableError(temp));
40         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(0)),
41                         CKMCReadableError(temp));
42         RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(0, "test-pass")),
43                         CKMCReadableError(temp));
44
45         RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_lock_user_key(4999)),
46                         CKMCReadableError(temp));
47         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(4999)),
48                         CKMCReadableError(temp));
49         RUNNER_ASSERT_MSG( CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_unlock_user_key(4999, "test-pass")),
50                         CKMCReadableError(temp));
51
52         remove_user_data(5000);
53         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(5000)),
54                         CKMCReadableError(temp));
55         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(5000)),
56                         CKMCReadableError(temp));
57         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(5000, "test-pass")),
58                         CKMCReadableError(temp));
59 }
60
61 RUNNER_TEST(T3011_Control_C_API)
62 {
63         int temp;
64
65         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
66                         CKMCReadableError(temp));
67
68         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
69                         CKMCReadableError(temp));
70 }
71
72 RUNNER_TEST(T3012_Control_C_API)
73 {
74         int temp;
75
76         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
77                         CKMCReadableError(temp));
78         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
79                         CKMCReadableError(temp));
80 }
81
82 RUNNER_TEST(T3013_Control_C_API)
83 {
84         int temp;
85
86         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
87                         CKMCReadableError(temp));
88 }
89
90 RUNNER_TEST(T3014_Control_C_API)
91 {
92         int temp;
93         const uid_t UNIQUE_USER = 6500;
94
95         // clean up environment
96         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
97                         CKMCReadableError(temp));
98         // unlock with empty password
99         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, NULL)),
100                         CKMCReadableError(temp));
101         // reset password (NULL, "simple-password")
102         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
103                         CKMCReadableError(temp));
104         // get rid of NULL DKEK
105         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(UNIQUE_USER, "simple-password")),
106                         CKMCReadableError(temp));
107         // lock db
108         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(UNIQUE_USER)),
109                         CKMCReadableError(temp));
110         // try to reset password when db locked
111         RUNNER_ASSERT_MSG( CKMC_ERROR_BAD_REQUEST == (temp = ckmc_reset_user_password(UNIQUE_USER, "simple-password")),
112                         CKMCReadableError(temp));
113         // clean up environment
114         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(UNIQUE_USER)),
115                         CKMCReadableError(temp));
116 }
117
118 RUNNER_TEST(T3015_Control_C_API)
119 {
120         int temp;
121
122         RUNNER_ASSERT_MSG(
123                         CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
124                         CKMCReadableError(temp));
125         RUNNER_ASSERT_MSG(
126                         CKMC_ERROR_NONE == (temp = ckmc_change_user_password(USER_APP, "simple-password", "new-pass")),
127                         CKMCReadableError(temp));
128         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
129                         CKMCReadableError(temp));
130         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
131                         CKMCReadableError(temp));
132 }
133
134 RUNNER_TEST(T3016_Control_C_API)
135 {
136         int temp;
137
138         RUNNER_ASSERT_MSG(
139                         CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
140                         CKMCReadableError(temp));
141         RUNNER_ASSERT_MSG(
142                         CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
143                         CKMCReadableError(temp));
144 }
145
146
147 RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
148
149 RUNNER_TEST(T30201_init_C_API)
150 {
151         int temp;
152
153         remove_user_data(USER_APP);
154         RUNNER_ASSERT_MSG(
155                         CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
156                         CKMCReadableError(temp));
157 }
158
159 RUNNER_TEST(T30202_RSA_key_C_API)
160 {
161         int temp;
162
163         ckmc_key_s test_key, *test_key2;
164         ckmc_policy_s test_policy;
165
166         char* password = NULL;
167         CKM::Alias alias = "mykey";
168
169         std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
170                 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
171                 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
172                 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
173                 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
174                 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
175                 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
176                 "zQIDAQAB\n"
177                 "-----END PUBLIC KEY-----";
178
179         char* char_keypem = new char[keyPem.length() + 1];
180
181         std::strcpy(char_keypem, keyPem.c_str());
182         test_key.raw_key =  (unsigned char *)char_keypem;
183         test_key.key_size = keyPem.length();
184         test_key.key_type = CKMC_KEY_RSA_PUBLIC;
185         test_key.password = password;
186
187         test_policy.password = password;
188         test_policy.extractable = 1;
189
190         test_key2 = &test_key;
191
192         RUNNER_ASSERT_MSG(
193                         CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), test_key, test_policy)),
194                         CKMCReadableError(temp));
195
196         RUNNER_ASSERT_MSG(
197                         CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
198                         CKMCReadableError(temp));
199 }
200
201 RUNNER_TEST(T30203_AES_key_C_API)
202 {
203         int temp;
204         CKM::Alias alias = "my_AES_key";
205         size_t key_length = 192;
206
207         ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
208         ckmc_key_s *test_key2;
209         ckmc_policy_s test_policy;
210         test_policy.password = NULL;
211         test_policy.extractable = 1;
212
213         RUNNER_ASSERT_MSG(
214                         CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
215                         CKMCReadableError(temp));
216
217         RUNNER_ASSERT_MSG(
218                         CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), NULL, &test_key2)),
219                         CKMCReadableError(temp));
220
221         compare_AES_keys(test_key, test_key2);
222         ckmc_key_free(test_key);
223         ckmc_key_free(test_key2);
224 }
225
226 RUNNER_TEST(T30204_certificate_C_API)
227 {
228         int temp;
229
230         std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
231
232         char* password = NULL;
233         ckmc_cert_s *cert2;
234         ckmc_cert_s cert;
235
236         CKM::Alias alias = "test-cert-1-RSA";
237
238         ckmc_policy_s test_policy;
239         test_policy.password = password;
240         test_policy.extractable = 1;
241
242         char* char_certPem = new char[certPem.length() + 1];
243         std::strcpy(char_certPem, certPem.c_str());
244         cert.raw_cert =  (unsigned char *)char_certPem;
245         cert.cert_size = certPem.length();
246         cert.data_format = CKMC_FORM_PEM;
247
248         RUNNER_ASSERT_MSG(
249                         CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
250                         CKMCReadableError(temp));
251
252         RUNNER_ASSERT_MSG(
253                         CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
254                         CKMCReadableError(temp));
255
256         ckmc_cert_free(cert2);
257 }
258
259 RUNNER_TEST(T30205_certificate_remove_C_API)
260 {
261         int temp;
262
263         char* password = NULL;
264         ckmc_cert_s *cert2;
265         CKM::Alias alias = "test-cert-1-RSA";
266
267         RUNNER_ASSERT_MSG(
268                         CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
269                         CKMCReadableError(temp));
270         ckmc_cert_free(cert2);
271
272         RUNNER_ASSERT_MSG(
273                         CKMC_ERROR_NONE == (temp = ckmc_remove_cert(alias.c_str())),
274                         CKMCReadableError(temp));
275
276         RUNNER_ASSERT_MSG(
277                         CKMC_ERROR_NONE != (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
278                         CKMCReadableError(temp));
279 }
280
281 RUNNER_TEST(T30206_certificate_list_C_API)
282 {
283         int temp;
284
285         std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
286
287         char* password = NULL;
288         ckmc_cert_s cert;
289
290         ckmc_policy_s test_policy;
291         test_policy.password = password;
292         test_policy.extractable = 1;
293
294         char* char_certPem = new char[certPem.length() + 1];
295         std::strcpy(char_certPem, certPem.c_str());
296         cert.raw_cert =  (unsigned char *)char_certPem;
297         cert.cert_size = certPem.length();
298         cert.data_format = CKMC_FORM_PEM;
299
300         size_t current_aliases_num = count_aliases(ALIAS_CERT);
301
302         RUNNER_ASSERT_MSG(
303                         CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test1", cert, test_policy)),
304                         CKMCReadableError(temp));
305
306         RUNNER_ASSERT_MSG(
307                         CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test2", cert, test_policy)),
308                         CKMCReadableError(temp));
309
310         RUNNER_ASSERT_MSG(
311                         CKMC_ERROR_NONE == (temp = ckmc_save_cert("cert_test3", cert, test_policy)),
312                         CKMCReadableError(temp));
313
314         size_t actual_cnt = count_aliases(ALIAS_CERT);
315         RUNNER_ASSERT_MSG(
316                         (current_aliases_num+3) == actual_cnt,
317                         "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
318 }
319
320 RUNNER_TEST(T30207_save_AES_key_passwd_C_API)
321 {
322         int temp;
323         const char* password = "x";
324         size_t key_length = 192;
325         CKM::Alias alias = "my_AES_key-2";
326
327         ckmc_key_s *test_key = generate_AES_key(key_length, password);
328         ckmc_policy_s test_policy;
329         test_policy.password = const_cast<char *>(password);
330         test_policy.extractable = 1;
331
332         RUNNER_ASSERT_MSG(
333                 CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
334                 CKMCReadableError(temp));
335         ckmc_key_free(test_key);
336 }
337
338 RUNNER_TEST(T30208_save_RSA_keys_exportable_flag)
339 {
340         int temp;
341         auto manager = CKM::Manager::create();
342
343         std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
344                 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
345                 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
346                 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
347                 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
348                 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
349                 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
350                 "zQIDAQAB\n"
351                 "-----END PUBLIC KEY-----";
352
353         ckmc_policy_s test_policy;
354         ckmc_key_s test_key, *test_key2;
355         char* char_keypem = new char[keyPem.length() + 1];
356         char* password = NULL;
357
358         std::strcpy(char_keypem, keyPem.c_str());
359         test_key.raw_key = (unsigned char *)char_keypem;
360         test_key.key_size = keyPem.length();
361         test_key.key_type = CKMC_KEY_RSA_PUBLIC;
362         test_key.password = NULL;
363
364         test_policy.password = password;
365         test_policy.extractable = 0;
366
367         RUNNER_ASSERT_MSG(
368                         CKMC_ERROR_NONE == (temp = ckmc_save_key("appkey1", test_key, test_policy)),
369                         CKMCReadableError(temp));
370
371         RUNNER_ASSERT_MSG(
372                         CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key("appkey1", password, &test_key2)),
373                         CKMCReadableError(temp));
374 }
375
376 RUNNER_TEST(T30209_save_AES_keys_exportable_flag)
377 {
378         int temp;
379         const char* password = NULL;
380         size_t key_length = 256;
381         CKM::Alias alias = "my_AES_key-3";
382
383         ckmc_key_s *test_key = generate_AES_key(key_length, password);
384         ckmc_key_s *test_key2;
385         ckmc_policy_s test_policy;
386         test_policy.password = const_cast<char *>(password);
387         test_policy.extractable = 0;
388
389         RUNNER_ASSERT_MSG(
390                         CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
391                         CKMCReadableError(temp));
392         ckmc_key_free(test_key);
393
394         RUNNER_ASSERT_MSG(
395                         CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
396                         CKMCReadableError(temp));
397 }
398
399 RUNNER_TEST(T30210_certificate_with_DSA_key_C_API)
400 {
401         int temp;
402
403         std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
404
405         char* password = NULL;
406         ckmc_cert_s *cert2 = NULL;
407         ckmc_cert_s cert;
408
409         ckmc_policy_s test_policy;
410         test_policy.password = password;
411         test_policy.extractable = 1;
412
413         char* char_certPem = new char[certPem.length() + 1];
414         std::strcpy(char_certPem, certPem.c_str());
415         cert.raw_cert =  (unsigned char *)char_certPem;
416         cert.cert_size = certPem.length();
417         cert.data_format = CKMC_FORM_PEM;
418
419         CKM::Alias alias = "test-cert-1-DSA";
420         RUNNER_ASSERT_MSG(
421                         CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
422                         CKMCReadableError(temp));
423
424         RUNNER_ASSERT_MSG(
425                         CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
426                         CKMCReadableError(temp));
427
428         ckmc_cert_free(cert2);
429 }
430
431 RUNNER_TEST(T30211_deinit_C_API)
432 {
433         int temp;
434
435         RUNNER_ASSERT_MSG(
436                         CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
437                         CKMCReadableError(temp));
438         RUNNER_ASSERT_MSG(
439                         CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
440                         CKMCReadableError(temp));
441 }
442
443
444 RUNNER_TEST_GROUP_INIT (T3030_CKMC_QUICK_GET_ALIAS_TESTS_C_API);
445
446 RUNNER_TEST(T3031_init_C_API)
447 {
448         int temp;
449
450         remove_user_data(USER_APP);
451         RUNNER_ASSERT_MSG(
452                         CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
453                         CKMCReadableError(temp));
454 }
455
456 RUNNER_TEST(T3032_save_asymmetric_keys_get_alias_C_API)
457 {
458         int temp;
459
460         char* password = NULL;
461         ckmc_policy_s test_policy1, test_policy2, test_policy3;
462         ckmc_key_s test_key;
463
464         std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
465                 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
466                 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
467                 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
468                 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
469                 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
470                 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
471                 "zQIDAQAB\n"
472                 "-----END PUBLIC KEY-----";
473
474         char* char_keypem = new char[keyPem.length() + 1];
475
476         std::strcpy(char_keypem, keyPem.c_str());
477         test_key.raw_key = (unsigned char *)char_keypem;
478         test_key.key_size = keyPem.length();
479         test_key.key_type = CKMC_KEY_RSA_PUBLIC;
480         test_key.password = password;
481
482         test_policy1.password = password;
483         test_policy1.extractable = 1;
484
485         test_policy2.password = password;
486         test_policy2.extractable = 0;
487
488         test_policy3.password = password;
489         test_policy3.extractable = 0;
490
491         size_t current_aliases_num = count_aliases(ALIAS_KEY);
492
493         RUNNER_ASSERT_MSG(
494                         CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey1", test_key, test_policy1)),
495                         CKMCReadableError(temp));
496
497         RUNNER_ASSERT_MSG(
498                         CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey2", test_key, test_policy2)),
499                         CKMCReadableError(temp));
500
501         RUNNER_ASSERT_MSG(
502                         CKMC_ERROR_NONE == (temp = ckmc_save_key("rootkey3", test_key, test_policy3)),
503                         CKMCReadableError(temp));
504
505         size_t actual_cnt = count_aliases(ALIAS_KEY);
506         RUNNER_ASSERT_MSG(
507                         (current_aliases_num+3) == actual_cnt,
508                         "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
509 }
510
511
512 RUNNER_TEST(T3033_remove_asymmetric_key_C_API)
513 {
514         int temp;
515
516         char* password = NULL;
517
518         ckmc_key_s *test_key2;
519         RUNNER_ASSERT_MSG(
520                         CKMC_ERROR_NONE == (temp = ckmc_get_key("rootkey1", password, &test_key2)),
521                         CKMCReadableError(temp));
522
523         RUNNER_ASSERT_MSG(
524                         CKMC_ERROR_NONE == (temp = ckmc_remove_key("rootkey1")),
525                         CKMCReadableError(temp));
526
527         RUNNER_ASSERT_MSG(
528                         CKMC_ERROR_NONE != (temp = ckmc_get_key("rootkey1", password, &test_key2)),
529                         CKMCReadableError(temp));
530 }
531
532 RUNNER_TEST(T3034_save_symmetric_keys_get_alias_C_API)
533 {
534         int temp;
535         size_t key_length = 128;
536         ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
537         ckmc_policy_s test_policy1, test_policy2, test_policy3;
538         test_policy1.password = NULL;
539         test_policy1.extractable = 1;
540
541         test_policy2.password = NULL;
542         test_policy2.extractable = 1;
543
544         test_policy3.password = NULL;
545         test_policy3.extractable = 1;
546
547         int current_aliases_num = count_aliases(ALIAS_KEY);
548
549         RUNNER_ASSERT_MSG(
550                         CKMC_ERROR_NONE == (temp = ckmc_save_key("AES_key1", *test_key, test_policy1)),
551                         CKMCReadableError(temp));
552
553         RUNNER_ASSERT_MSG(
554                         CKMC_ERROR_NONE == (temp = ckmc_save_key("AES_key2", *test_key, test_policy2)),
555                         CKMCReadableError(temp));
556
557         RUNNER_ASSERT_MSG(
558                         CKMC_ERROR_NONE == (temp = ckmc_save_key("AES_key3", *test_key, test_policy3)),
559                         CKMCReadableError(temp));
560
561         RUNNER_ASSERT_MSG(
562                         (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)),
563                         "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
564
565         ckmc_key_free(test_key);
566 }
567
568
569 RUNNER_TEST(T3035_remove_symmetric_key_C_API)
570 {
571         int temp;
572
573         ckmc_key_s *test_key2;
574         RUNNER_ASSERT_MSG(
575                         CKMC_ERROR_NONE == (temp = ckmc_get_key("AES_key1", NULL, &test_key2)),
576                         CKMCReadableError(temp));
577         validate_AES_key(test_key2);
578         ckmc_key_free(test_key2);
579
580         // actual test - remove middle item
581         RUNNER_ASSERT_MSG(
582                         CKMC_ERROR_NONE == (temp = ckmc_remove_key("AES_key2")),
583                         CKMCReadableError(temp));
584
585         RUNNER_ASSERT_MSG(
586                         CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key("AES_key2", NULL, &test_key2)),
587                         CKMCReadableError(temp));
588
589         RUNNER_ASSERT_MSG(
590                         CKMC_ERROR_NONE == (temp = ckmc_get_key("AES_key3", NULL, &test_key2)),
591                         CKMCReadableError(temp));
592         validate_AES_key(test_key2);
593         ckmc_key_free(test_key2);
594
595 }
596
597 RUNNER_TEST(T3036_alias_new_C_API)
598 {
599         char *full_alias = NULL;
600         std::string owner_id = "iocma412ovyc";
601         std::string alias = "fvyuweq27c";
602
603         std::string full_alias_str = owner_id + ckmc_owner_id_separator + alias;
604
605         int temp = ckmc_alias_new(owner_id.c_str(), alias.c_str(), &full_alias);
606         std::unique_ptr<char, void(*)(void *)> p(full_alias, ::free);
607         RUNNER_ASSERT_MSG(temp == CKMC_ERROR_NONE, CKMCReadableError(temp));
608         RUNNER_ASSERT_MSG(full_alias_str == full_alias,
609                         "Invalid full alias. expected(" << full_alias_str <<
610                         ") actual(" << full_alias << ")");
611 }
612
613 RUNNER_TEST(T3037_deinit_C_API)
614 {
615         int temp;
616
617         RUNNER_ASSERT_MSG(
618                         CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
619                         CKMCReadableError(temp));
620         RUNNER_ASSERT_MSG(
621                         CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
622                         CKMCReadableError(temp));
623 }
624
625 RUNNER_TEST_GROUP_INIT (T3040_CKMC_QUICK_REMOVE_BIN_DATA_TEST_C_API);
626
627 RUNNER_TEST(T3041_init_C_API)
628 {
629         reset_user_data(USER_APP, "simple-password");
630 }
631
632 RUNNER_TEST(T3042_save_get_bin_data_C_API)
633 {
634         int temp;
635
636         ckmc_raw_buffer_s testData1, testData2, testData3;
637         char* password = NULL;
638
639         std::string binData1 = "My bin data1";
640         std::string binData2 = "My bin data2";
641         std::string binData3 = "My bin data3";
642         char* char_binData1 = new char[binData1.length() + 1];
643         char* char_binData2 = new char[binData2.length() + 1];
644         char* char_binData3 = new char[binData3.length() + 1];
645         std::strcpy(char_binData1, binData1.c_str());
646         std::strcpy(char_binData2, binData2.c_str());
647         std::strcpy(char_binData3, binData3.c_str());
648         testData1.data = (unsigned char *) char_binData1;
649         testData2.data = (unsigned char *) char_binData2;
650         testData3.data = (unsigned char *) char_binData3;
651         testData1.size = binData1.length()+1;
652         testData2.size = binData2.length()+1;
653         testData3.size = binData3.length()+1;
654
655         ckmc_policy_s test_policy1, test_policy2, test_policy3;
656
657         test_policy1.password = password;
658         test_policy1.extractable = 1;
659         test_policy2.password = password;
660         test_policy2.extractable = 1;
661         test_policy3.password = password;
662         test_policy3.extractable = 0;
663
664         size_t current_aliases_num = count_aliases(ALIAS_DATA);
665
666         RUNNER_ASSERT_MSG(
667                         CKMC_ERROR_NONE == (temp = ckmc_save_data("data1", testData1, test_policy1)), // should change it as null value
668                         CKMCReadableError(temp));
669
670         RUNNER_ASSERT_MSG(
671                         CKMC_ERROR_NONE == (temp = ckmc_save_data("data2", testData2, test_policy1)), // should change it as null value
672                         CKMCReadableError(temp));
673
674         RUNNER_ASSERT_MSG(
675                         CKMC_ERROR_NONE == (temp = ckmc_save_data("data3", testData3, test_policy2)),
676                         CKMCReadableError(temp));
677
678         RUNNER_ASSERT_MSG(
679                         CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_data("data4", testData3, test_policy3)),
680                         CKMCReadableError(temp));
681
682         size_t actual_cnt = count_aliases(ALIAS_DATA);
683         RUNNER_ASSERT_MSG(
684                         (current_aliases_num+3) == actual_cnt,
685                         "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
686
687         ckmc_raw_buffer_s *testData4;
688         RUNNER_ASSERT_MSG(
689                         CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData4)),
690                         CKMCReadableError(temp));
691
692         int compareResult;
693         compareResult = (strcmp((const char *)testData2.data, (const char *)testData4->data));
694         RUNNER_ASSERT_MSG( compareResult == 0,
695                         "Data corrupted");
696 }
697
698 RUNNER_TEST(T3043_app_user_save_bin_data_C_API)
699 {
700         int temp;
701         ckmc_raw_buffer_s testData1;
702         char* password = NULL;
703         std::string binData1 = "My bin data";
704         char* char_binData1 = new char[binData1.length() + 1];
705         std::strcpy(char_binData1, binData1.c_str());
706         testData1.data = (unsigned char *) char_binData1;
707         testData1.size = binData1.length()+1;
708
709         ckmc_policy_s test_policy1, test_policy2;
710
711         test_policy1.password = password;
712         test_policy1.extractable = 1;
713
714         test_policy2.password = password;
715         test_policy2.extractable = 1;
716
717         std::string binData = "My bin data";
718
719         size_t current_aliases_num = count_aliases(ALIAS_DATA);
720
721         RUNNER_ASSERT_MSG(
722                         CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata1", testData1, test_policy1)),
723                         CKMCReadableError(temp));
724         RUNNER_ASSERT_MSG(
725                         CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata2", testData1, test_policy1)),
726                         CKMCReadableError(temp));
727         RUNNER_ASSERT_MSG(
728                         CKMC_ERROR_NONE == (temp = ckmc_save_data("appdata3", testData1, test_policy2)),
729                         CKMCReadableError(temp));
730
731         size_t actual_cnt = count_aliases(ALIAS_DATA);
732         RUNNER_ASSERT_MSG(
733                                 (current_aliases_num+3) == actual_cnt,
734                                 "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << actual_cnt);
735 }
736
737 RUNNER_TEST(T3044_remove_bin_data_C_API)
738 {
739         int temp;
740
741         size_t current_aliases_num = count_aliases(ALIAS_DATA, 2);
742
743         RUNNER_ASSERT_MSG(
744                         CKMC_ERROR_NONE == (temp = ckmc_remove_data("data1")),
745                         CKMCReadableError(temp));
746         RUNNER_ASSERT_MSG(
747                         CKMC_ERROR_NONE == (temp = ckmc_remove_data("data3")),
748                         CKMCReadableError(temp));
749
750         size_t actual_cnt = count_aliases(ALIAS_DATA);
751         RUNNER_ASSERT_MSG(
752                                 (current_aliases_num-2) == actual_cnt,
753                                 "Error: expecting " << (current_aliases_num-2) << " aliases, while found " << actual_cnt);
754
755         char* password = NULL;
756
757         ckmc_raw_buffer_s *testData1, testData2;
758
759         std::string testStr = "My bin data2";
760         char* char_testData2 = new char[testStr.length() + 1];
761         std::strcpy(char_testData2, testStr.c_str());
762         testData2.data = (unsigned char *) char_testData2;
763         testData2.size = testStr.length()+1;
764
765         CKM::RawBuffer buffer;
766         RUNNER_ASSERT_MSG(
767                         CKMC_ERROR_NONE == (temp = ckmc_get_data("data2", password, &testData1)),
768                         CKMCReadableError(temp));
769
770         int compareResult;
771         compareResult = (strcmp((const char *)testData2.data, (const char *)testData1->data));
772         RUNNER_ASSERT_MSG( compareResult == 0,
773                         "Data corrupted");
774
775         RUNNER_ASSERT_MSG(
776                         CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_data("data3", password, &testData1)),
777                         CKMCReadableError(temp));
778 }
779
780 RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<USER_APP>)
781 {
782         const size_t BIG_SIZE = 5000000;
783
784         std::vector<char> big_data(BIG_SIZE);
785         std::ifstream is("/dev/urandom", std::ifstream::binary);
786         if(is)
787                 is.read(big_data.data(), BIG_SIZE);
788
789         RUNNER_ASSERT_MSG(is,
790                         "Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom");
791
792         save_data(TEST_OBJECT1, big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
793         auto self_label = getOwnerIdFromSelf();
794         check_read(TEST_OBJECT1, self_label.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
795 }
796
797 RUNNER_TEST(T3050_deinit_C_API)
798 {
799         int temp;
800
801         RUNNER_ASSERT_MSG(
802                         CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
803                         CKMCReadableError(temp));
804         RUNNER_ASSERT_MSG(
805                         CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
806                         CKMCReadableError(temp));
807 }
808
809 RUNNER_TEST_GROUP_INIT(T305_CKMC_QUICK_CREATE_PAIR_CAPI);
810
811 RUNNER_TEST(T3051_CAPI_init)
812 {
813         int temp;
814
815         RUNNER_ASSERT_MSG(
816                         CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
817                         CKMCReadableError(temp));
818
819         RUNNER_ASSERT_MSG(
820                         CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
821                         CKMCReadableError(temp));
822 }
823
824 RUNNER_TEST(T3052_CAPI_create_RSA_key)
825 {
826         int temp;
827         size_t size = 1024;
828         const char *private_key_alias = "RSA-test-1-priv";
829         const char *public_key_alias = "RSA-test-1-pub";
830         ckmc_policy_s policy_private_key;
831         ckmc_policy_s policy_public_key;
832
833         policy_private_key.password = NULL;
834         policy_private_key.extractable = 1;
835
836         policy_public_key.password = NULL;
837         policy_public_key.extractable = 1;
838
839
840         size_t current_aliases_num = count_aliases(ALIAS_KEY);
841
842         RUNNER_ASSERT_MSG(
843                         CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
844                         CKMCReadableError(temp));
845
846         size_t actual_cnt = count_aliases(ALIAS_KEY);
847         RUNNER_ASSERT_MSG(
848                         (current_aliases_num+2) == actual_cnt,
849                         "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
850
851         ckmc_key_s *privateKey;
852         RUNNER_ASSERT_MSG(
853                         CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
854                         CKMCReadableError(temp));
855         RUNNER_ASSERT_MSG(
856                         privateKey->key_type == CKMC_KEY_RSA_PRIVATE,
857                         "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
858         RUNNER_ASSERT_MSG(
859                         privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
860                         "Private key is broken.");
861
862         ckmc_key_s *publicKey;
863         RUNNER_ASSERT_MSG(
864                         CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &publicKey)),
865                         CKMCReadableError(temp));
866         RUNNER_ASSERT_MSG(
867                         publicKey->key_type == CKMC_KEY_RSA_PUBLIC,
868                         "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_RSA_PUBLIC) << ", actual=" << static_cast<int>(publicKey->key_type));
869         RUNNER_ASSERT_MSG(
870                         publicKey != NULL && publicKey->key_size > 0 && publicKey->raw_key != NULL,
871                         "Public key is broken.");
872
873         // on next attempt to generate keys with the same alias, expect fail (alias exists)
874         RUNNER_ASSERT_MSG(
875                         CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
876                         CKMCReadableError(temp));
877 }
878
879 RUNNER_TEST(T3053_CAPI_create_DSA_key)
880 {
881         int temp;
882         size_t size = 1024;
883         const char *private_key_alias = "DSA-test-2-priv";
884         const char *public_key_alias = "DSA-test-2-pub";
885         ckmc_policy_s policy_private_key;
886         ckmc_policy_s policy_public_key;
887
888         policy_private_key.password = NULL;
889         policy_private_key.extractable = 1;
890
891         policy_public_key.password = NULL;
892         policy_public_key.extractable = 1;
893
894         size_t current_aliases_num = count_aliases(ALIAS_KEY);
895
896         RUNNER_ASSERT_MSG(
897                         CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
898                         CKMCReadableError(temp));
899
900         size_t actual_cnt = count_aliases(ALIAS_KEY);
901         RUNNER_ASSERT_MSG(
902                         (current_aliases_num+2) == actual_cnt,
903                         "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << actual_cnt);
904
905         ckmc_key_s *privateKey = 0;
906         RUNNER_ASSERT_MSG(
907                         CKMC_ERROR_NONE == (temp = ckmc_get_key(private_key_alias, policy_private_key.password,&privateKey)),
908                         CKMCReadableError(temp));
909         RUNNER_ASSERT_MSG(
910                         privateKey != NULL && privateKey->key_size > 0 && privateKey->raw_key != NULL,
911                         "Private key is broken.");
912         RUNNER_ASSERT_MSG(
913                         privateKey->key_type == CKMC_KEY_DSA_PRIVATE,
914                         "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PRIVATE) << ", actual=" << static_cast<int>(privateKey->key_type));
915         ckmc_key_free(privateKey);
916
917         ckmc_key_s *pubKey = 0;
918         RUNNER_ASSERT_MSG(
919                         CKMC_ERROR_NONE == (temp = ckmc_get_key(public_key_alias, policy_public_key.password, &pubKey)),
920                         CKMCReadableError(temp));
921         RUNNER_ASSERT_MSG(
922                         pubKey != NULL && pubKey->key_size > 0 && pubKey->raw_key != NULL,
923                         "Public key is broken.");
924         RUNNER_ASSERT_MSG(
925                         pubKey->key_type == CKMC_KEY_DSA_PUBLIC,
926                         "Key Type Error: expected =" << static_cast<int>(CKMC_KEY_DSA_PUBLIC) << ", actual=" << static_cast<int>(pubKey->key_type));
927         ckmc_key_free(pubKey);
928
929         // on next attempt to generate keys with the same alias, expect fail (alias exists)
930         RUNNER_ASSERT_MSG(
931                         CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
932                         CKMCReadableError(temp));
933 }
934
935
936 RUNNER_TEST(T3054_CAPI_create_AES_key)
937 {
938         int temp;
939         size_t size = 128;
940         CKM::Alias key_alias = "AES-gen-test-1";
941         ckmc_policy_s policy_key;
942
943         policy_key.password = NULL;
944         policy_key.extractable = 1;
945
946         int current_aliases_num = count_aliases(ALIAS_KEY);
947
948         RUNNER_ASSERT_MSG(
949                         CKMC_ERROR_NONE == (temp = ckmc_create_key_aes(size, key_alias.c_str(), policy_key)),
950                         CKMCReadableError(temp));
951
952         RUNNER_ASSERT_MSG(
953                         (current_aliases_num+1) == (temp = count_aliases(ALIAS_KEY)),
954                         "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
955
956         ckmc_key_s *get_AES_key = 0;
957         RUNNER_ASSERT_MSG(
958                         CKMC_ERROR_NONE == (temp = ckmc_get_key(key_alias.c_str(), policy_key.password, &get_AES_key)),
959                         CKMCReadableError(temp));
960         validate_AES_key(get_AES_key);
961         ckmc_key_free(get_AES_key);
962 }
963
964
965 RUNNER_TEST(T3055_CAPI_deinit)
966 {
967         int temp;
968
969         RUNNER_ASSERT_MSG(
970                         CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
971                         CKMCReadableError(temp));
972         RUNNER_ASSERT_MSG(
973                         CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
974                         CKMCReadableError(temp));
975 }
976
977
978 RUNNER_TEST_GROUP_INIT(T306_CKMC_CAPI_CreateKeyPair);
979
980 RUNNER_TEST(T3061_CAPI_init)
981 {
982         reset_user_data(USER_APP, USER_PASS);
983 }
984
985 RUNNER_TEST(T3062_CAPI_CreateKeyPairRSA)
986 {
987         int temp;
988
989         size_t size = 1024;
990         CKM::Alias private_key_alias = "rsa-test-1";
991         CKM::Alias public_key_alias = "rsa-test-2";
992         ckmc_policy_s policy_private_key;
993         ckmc_policy_s policy_public_key;
994
995         policy_private_key.password = const_cast<char *>("privatepassword");
996         policy_private_key.extractable = 0;
997
998         policy_public_key.password = NULL;
999         policy_public_key.extractable = 1;
1000
1001         RUNNER_ASSERT_MSG(
1002                         CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
1003                         CKMCReadableError(temp));
1004
1005         // on next attempt to generate keys with the same alias, expect fail (alias exists)
1006         RUNNER_ASSERT_MSG(
1007                         CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_create_key_pair_rsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
1008                         CKMCReadableError(temp));
1009 }
1010
1011 RUNNER_TEST(T3063_CAPI_CreateKeyPairDSA)
1012 {
1013         int temp;
1014
1015         size_t size = 1024;
1016         CKM::Alias private_key_alias = "dsa-test-1";
1017         CKM::Alias public_key_alias = "dsa-test-2";
1018         ckmc_policy_s policy_private_key;
1019         ckmc_policy_s policy_public_key;
1020
1021         policy_private_key.password = const_cast<char *>("privatepassword");
1022         policy_private_key.extractable = 0;
1023
1024         policy_public_key.password = NULL;
1025         policy_public_key.extractable = 1;
1026
1027         RUNNER_ASSERT_MSG(
1028                         CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
1029                         CKMCReadableError(temp));
1030 }
1031
1032 RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA)
1033 {
1034         int temp;
1035
1036         ckmc_ec_type_e ectype = CKMC_EC_PRIME192V1;
1037         CKM::Alias private_key_alias = "ecdsa-test-1";
1038         CKM::Alias public_key_alias = "ecdsa-test-2";
1039         ckmc_policy_s policy_private_key;
1040         ckmc_policy_s policy_public_key;
1041
1042         policy_private_key.password = const_cast<char *>("privatepassword");
1043         policy_private_key.extractable = 0;
1044
1045         policy_public_key.password = NULL;
1046         policy_public_key.extractable = 1;
1047
1048         RUNNER_ASSERT_MSG(
1049                         CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_ecdsa(ectype, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
1050                         CKMCReadableError(temp));
1051 }
1052
1053 RUNNER_TEST(T3065_CAPI_deinit)
1054 {
1055         remove_user_data(USER_APP);
1056 }
1057
1058 // TODO
1059 //RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
1060
1061
1062 RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS);
1063
1064 RUNNER_TEST(T3071_CAPI_init)
1065 {
1066         remove_user_data(USER_APP);
1067 }
1068
1069 RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
1070 {
1071         std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
1072         std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
1073
1074         ckmc_cert_s c_cert;
1075         c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
1076         c_cert.cert_size = ee.size();
1077         c_cert.data_format = CKMC_FORM_PEM;
1078
1079         ckmc_cert_s c_cert1;
1080         c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
1081         c_cert1.cert_size = im.size();
1082         c_cert1.data_format = CKMC_FORM_PEM;
1083
1084         ckmc_cert_list_s untrustedcerts;
1085         untrustedcerts.cert = &c_cert1;
1086         untrustedcerts.next = NULL;
1087
1088         ckmc_cert_list_s *cert_chain_list;
1089
1090         int     tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
1091         RUNNER_ASSERT_MSG(
1092                         CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
1093
1094         RUNNER_ASSERT_MSG(cert_chain_list != NULL, "Wrong size of certificate chain.");
1095
1096         ckmc_ocsp_status_e ocsp_status;
1097         RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == (tmp = ckmc_ocsp_check(cert_chain_list, &ocsp_status)), CKMCReadableError(tmp));
1098         RUNNER_ASSERT_MSG(ocsp_status == CKMC_OCSP_STATUS_GOOD, "Wrong status: " << static_cast<int>(ocsp_status));
1099 }
1100
1101 RUNNER_TEST(T3075_CAPI_deinit)
1102 {
1103         remove_user_data(USER_APP);
1104 }
1105
1106
1107 RUNNER_TEST_GROUP_INIT(T308_CAPI_CREATE_AND_VERIFY_SIGNATURE);
1108
1109 RUNNER_TEST(T3081_CAPI__init)
1110 {
1111         int temp;
1112
1113         RUNNER_ASSERT_MSG(
1114                         CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
1115                         CKMCReadableError(temp));
1116
1117         RUNNER_ASSERT_MSG(
1118                         CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
1119                         CKMCReadableError(temp));
1120 }
1121
1122 RUNNER_TEST(T3082_CAPI__rsa_key_create_verify)
1123 {
1124         int temp;
1125
1126         std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
1127                 "Proc-Type: 4,ENCRYPTED\n"
1128                 "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
1129                 "\n"
1130                 "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
1131                 "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
1132                 "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
1133                 "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
1134                 "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
1135                 "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
1136                 "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
1137                 "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
1138                 "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
1139                 "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
1140                 "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
1141                 "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
1142                 "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
1143                 "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
1144                 "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
1145                 "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
1146                 "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
1147                 "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
1148                 "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
1149                 "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
1150                 "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
1151                 "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
1152                 "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
1153                 "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
1154                 "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
1155                 "-----END RSA PRIVATE KEY-----\n";
1156
1157         std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1158                 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1159                 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1160                 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1161                 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1162                 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1163                 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1164                 "zQIDAQAB\n"
1165                 "-----END PUBLIC KEY-----\n";
1166
1167         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1168
1169         CKM::Alias pub_alias = "pub1";
1170         CKM::Alias pri_alias = "prv1";
1171         const char *key_passwd = "1234";
1172         char *pri_passwd = NULL;
1173         char *pub_passwd = NULL;
1174         ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1175         ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1176         ckmc_raw_buffer_s *signature;
1177
1178         ckmc_key_s pubkey;
1179         pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1180         pubkey.key_size = pub.size();
1181         pubkey.key_type = CKMC_KEY_NONE;
1182         pubkey.password = NULL;
1183
1184         ckmc_policy_s pubpolicy;
1185         pubpolicy.password = pub_passwd;
1186         pubpolicy.extractable = 0;
1187
1188         ckmc_policy_s pripolicy;
1189         pripolicy.password = pri_passwd;
1190         pripolicy.extractable = 1;
1191
1192         ckmc_key_s prikey;
1193         prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1194         prikey.key_size = prv.size();
1195         prikey.key_type = CKMC_KEY_NONE;
1196         prikey.password = const_cast<char *>(key_passwd);
1197
1198
1199         RUNNER_ASSERT_MSG(
1200                         CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1201                         CKMCReadableError(temp));
1202
1203         RUNNER_ASSERT_MSG(
1204                         CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
1205                         CKMCReadableError(temp));
1206
1207         RUNNER_ASSERT_MSG(
1208                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1209                                         pri_alias.c_str(),
1210                                         pri_passwd,
1211                                         msg_buff,
1212                                         hash_algo,
1213                                         pad_algo,
1214                                         &signature)),
1215                         CKMCReadableError(temp));
1216
1217         RUNNER_ASSERT_MSG(
1218                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1219                                         pub_alias.c_str(),
1220                                         pub_passwd,
1221                                         msg_buff,
1222                                         *signature,
1223                                         hash_algo,
1224                                         pad_algo)),
1225                         CKMCReadableError(temp));
1226 }
1227
1228 RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
1229 {
1230         int temp;
1231
1232         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message asdfaslkdfjlksadjf test");
1233         CKM::Alias pub_alias = "pub1";
1234         CKM::Alias pri_alias = "prv1";
1235         char *pri_passwd = NULL;
1236         char *pub_passwd = NULL;
1237         ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1238         ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1239         ckmc_raw_buffer_s *signature;
1240
1241         RUNNER_ASSERT_MSG(
1242                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1243                                         pri_alias.c_str(),
1244                                         pri_passwd,
1245                                         msg_buff,
1246                                         hash_algo,
1247                                         pad_algo,
1248                                         &signature)),
1249                         CKMCReadableError(temp));
1250
1251         RUNNER_ASSERT_MSG(
1252                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1253                                         pub_alias.c_str(),
1254                                         pub_passwd,
1255                                         msg_buff,
1256                                         *signature,
1257                                         hash_algo,
1258                                         pad_algo)),
1259                         CKMCReadableError(temp));
1260
1261         RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1262         memcpy((void*)signature->data, "BROKEN", 6);
1263
1264         RUNNER_ASSERT_MSG(
1265                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1266                                         pub_alias.c_str(),
1267                                         pub_passwd,
1268                                         msg_buff,
1269                                         *signature,
1270                                         hash_algo,
1271                                         pad_algo)),
1272                         CKMCReadableError(temp));
1273 }
1274
1275 RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
1276 {
1277         int temp;
1278
1279         std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
1280                 "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
1281                 "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
1282                 "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
1283                 "-----END EC PRIVATE KEY-----\n";
1284
1285         std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1286                 "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
1287                 "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
1288                 "-----END PUBLIC KEY-----\n";
1289
1290         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1291         CKM::Alias pri_alias = "ecprv2";
1292         CKM::Alias pub_alias = "ecpub2";
1293         char *key_passwd = NULL;
1294         char *pri_passwd = NULL;
1295         char *pub_passwd = NULL;
1296         ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1297         ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1298         ckmc_raw_buffer_s *signature;
1299
1300         ckmc_key_s pubkey;
1301         pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1302         pubkey.key_size = pub.size();
1303         pubkey.key_type = CKMC_KEY_NONE;
1304         pubkey.password = NULL;
1305
1306         ckmc_policy_s pubpolicy;
1307         pubpolicy.password = pub_passwd;
1308         pubpolicy.extractable = 1;
1309
1310         ckmc_key_s prikey;
1311         prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1312         prikey.key_size = prv.size();
1313         prikey.key_type = CKMC_KEY_NONE;
1314         prikey.password = key_passwd;
1315
1316         ckmc_policy_s pripolicy;
1317         pripolicy.password = pri_passwd;
1318         pripolicy.extractable = 0;
1319
1320         RUNNER_ASSERT_MSG(
1321                         CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
1322                         CKMCReadableError(temp));
1323         RUNNER_ASSERT_MSG(
1324                         CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1325                         CKMCReadableError(temp));
1326
1327         RUNNER_ASSERT_MSG(
1328                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1329                                         pri_alias.c_str(),
1330                                         pri_passwd,
1331                                         msg_buff,
1332                                         hash_algo,
1333                                         pad_algo,
1334                                         &signature)),
1335                         CKMCReadableError(temp));
1336
1337         RUNNER_ASSERT_MSG(
1338                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1339                                         pub_alias.c_str(),
1340                                         pub_passwd,
1341                                         msg_buff,
1342                                         *signature,
1343                                         hash_algo,
1344                                         pad_algo)),
1345                         CKMCReadableError(temp));
1346
1347         RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1348         memcpy((void*)signature->data, "BROKEN", 6);
1349
1350         RUNNER_ASSERT_MSG(
1351                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1352                                         pub_alias.c_str(),
1353                                         pub_passwd,
1354                                         msg_buff,
1355                                         *signature,
1356                                         hash_algo,
1357                                         pad_algo)),
1358                         CKMCReadableError(temp));
1359 }
1360
1361 RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
1362 {
1363         int temp;
1364
1365         std::string prv =
1366                 "-----BEGIN RSA PRIVATE KEY-----\n"
1367                 "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
1368                 "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
1369                 "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
1370                 "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
1371                 "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
1372                 "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
1373                 "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
1374                 "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
1375                 "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
1376                 "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
1377                 "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
1378                 "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
1379                 "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
1380                 "-----END RSA PRIVATE KEY-----\n";
1381
1382         std::string pub =
1383                 "-----BEGIN CERTIFICATE-----\n"
1384                 "MIICijCCAfOgAwIBAgIJAMvaNHQ1ozT8MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV\n"
1385                 "BAYTAlBMMQ0wCwYDVQQIDARMb2R6MQ0wCwYDVQQHDARMb2R6MRAwDgYDVQQKDAdT\n"
1386                 "YW1zdW5nMREwDwYDVQQLDAhTZWN1cml0eTEMMAoGA1UEAwwDQ0tNMB4XDTE0MDcw\n"
1387                 "MjEyNDE0N1oXDTE3MDcwMTEyNDE0N1owXjELMAkGA1UEBhMCUEwxDTALBgNVBAgM\n"
1388                 "BExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1bmcxETAPBgNVBAsM\n"
1389                 "CFNlY3VyaXR5MQwwCgYDVQQDDANDS00wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ\n"
1390                 "AoGBAMIpv0GRN06MJNco+L8fkVIa7KuDM5EG1HecJODtJGcvjvM0YSOXbCSCxj1k\n"
1391                 "7dQkebSDLkoyNZ4K5RWRIPcbjon2huDVtgmK8JAEkrF+J4DyxY602rUzx6YcYryj\n"
1392                 "eyNpGSWueCaTbFIKzm8UlWUKW7MBhSas8ObrgLf6fjJbikEJAgMBAAGjUDBOMB0G\n"
1393                 "A1UdDgQWBBQuW9DuITahZJ6saVZZI0aBlis5vzAfBgNVHSMEGDAWgBQuW9DuITah\n"
1394                 "ZJ6saVZZI0aBlis5vzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAB2X\n"
1395                 "GNtJopBJR3dCpzDONknr/c6qcsPVa3nH4c7qzy6F+4bgqa5IObnoF8zUrvD2sMAO\n"
1396                 "km3C/N+Qzt8Rb7ORM6U4tlPp1kZ5t6PKjghhNaiYwVm9A/Zm+wyAmRIkQiYDr4MX\n"
1397                 "e+bRAkPmJeEWpaav1lvvBnFzGSGJrnSSeWUegGyn\n"
1398                 "-----END CERTIFICATE-----\n";
1399
1400         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1401
1402         CKM::Alias pri_alias = "prv3";
1403         CKM::Alias pub_alias = "pub3";
1404         char *key_passwd = NULL;
1405         char *pri_passwd = NULL;
1406         char *pub_passwd = NULL;
1407         ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1408         ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1409         ckmc_raw_buffer_s *signature;
1410
1411         ckmc_cert_s cert;
1412         cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1413         cert.cert_size = pub.size();
1414         cert.data_format = CKMC_FORM_PEM;
1415
1416         ckmc_policy_s certpolicy;
1417         certpolicy.password = pub_passwd;
1418         certpolicy.extractable = 1;
1419
1420         ckmc_key_s prikey;
1421         prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1422         prikey.key_size = prv.size();
1423         prikey.key_type = CKMC_KEY_NONE;
1424         prikey.password = key_passwd;
1425
1426         ckmc_policy_s pripolicy;
1427         pripolicy.password = pri_passwd;
1428         pripolicy.extractable = 0;
1429
1430         RUNNER_ASSERT_MSG(
1431                         CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
1432                         CKMCReadableError(temp));
1433         RUNNER_ASSERT_MSG(
1434                         CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1435                         CKMCReadableError(temp));
1436
1437
1438         RUNNER_ASSERT_MSG(
1439                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1440                                         pri_alias.c_str(),
1441                                         pri_passwd,
1442                                         msg_buff,
1443                                         hash_algo,
1444                                         pad_algo,
1445                                         &signature)),
1446                         CKMCReadableError(temp));
1447
1448         RUNNER_ASSERT_MSG(
1449                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1450                                         pub_alias.c_str(),
1451                                         pub_passwd,
1452                                         msg_buff,
1453                                         *signature,
1454                                         hash_algo,
1455                                         pad_algo)),
1456                         CKMCReadableError(temp));
1457
1458         RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1459         memcpy((void*)signature->data, "BROKEN", 6);
1460
1461         RUNNER_ASSERT_MSG(
1462                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1463                                         pub_alias.c_str(),
1464                                         pub_passwd,
1465                                         msg_buff,
1466                                         *signature,
1467                                         hash_algo,
1468                                         pad_algo)),
1469                         CKMCReadableError(temp));
1470 }
1471
1472 RUNNER_TEST(T3086_CAPI__dsa_ext_key_create_verify_with_negative)
1473 {
1474         int temp;
1475
1476         const std::string pub = "-----BEGIN PUBLIC KEY-----\n"
1477                 "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
1478                 "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
1479                 "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
1480                 "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
1481                 "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
1482                 "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
1483                 "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
1484                 "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
1485                 "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
1486                 "YMYCBhubtrVaLmc=\n"
1487                 "-----END PUBLIC KEY-----";
1488
1489         const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
1490                 "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
1491                 "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
1492                 "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
1493                 "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
1494                 "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
1495                 "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
1496                 "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
1497                 "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
1498                 "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
1499                 "u1roOuaPY+Hl19BlTE2qdw==\n"
1500                 "-----END DSA PRIVATE KEY-----";
1501
1502         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1503
1504         CKM::Alias pub_alias = "dsa-pub1";
1505         CKM::Alias pri_alias = "dsa-prv1";
1506         char *pri_passwd = NULL;
1507         char *pub_passwd = NULL;
1508         ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1509         ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1510         ckmc_raw_buffer_s *signature = NULL;
1511
1512         ckmc_key_s pubkey;
1513         pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1514         pubkey.key_size = pub.size();
1515         pubkey.key_type = CKMC_KEY_NONE;
1516         pubkey.password = NULL;
1517
1518         ckmc_policy_s pubpolicy;
1519         pubpolicy.password = pub_passwd;
1520         pubpolicy.extractable = 0;
1521
1522         ckmc_policy_s pripolicy;
1523         pripolicy.password = pri_passwd;
1524         pripolicy.extractable = 1;
1525
1526         ckmc_key_s prikey;
1527         prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(priv.c_str()));
1528         prikey.key_size = priv.size();
1529         prikey.key_type = CKMC_KEY_NONE;
1530         prikey.password = NULL;
1531
1532
1533         RUNNER_ASSERT_MSG(
1534                         CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1535                         CKMCReadableError(temp));
1536
1537         RUNNER_ASSERT_MSG(
1538                         CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
1539                         CKMCReadableError(temp));
1540
1541         RUNNER_ASSERT_MSG(
1542                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1543                                         pri_alias.c_str(),
1544                                         pri_passwd,
1545                                         msg_buff,
1546                                         hash_algo,
1547                                         pad_algo,
1548                                         &signature)),
1549                         CKMCReadableError(temp));
1550
1551         // positive test
1552         RUNNER_ASSERT_MSG(
1553                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1554                                         pub_alias.c_str(),
1555                                         pub_passwd,
1556                                         msg_buff,
1557                                         *signature,
1558                                         hash_algo,
1559                                         pad_algo)),
1560                         CKMCReadableError(temp));
1561
1562         // negative test
1563         ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
1564         RUNNER_ASSERT_MSG(
1565                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1566                                         pub_alias.c_str(),
1567                                         pub_passwd,
1568                                         invalid_msg_buff,
1569                                         *signature,
1570                                         hash_algo,
1571                                         pad_algo)),
1572                         CKMCReadableError(temp));
1573
1574         ckmc_buffer_free(signature);
1575 }
1576
1577 RUNNER_TEST(T3087_CAPI__dsa_int_key_create_verify_with_negative)
1578 {
1579         int temp;
1580
1581         size_t size = 1024;
1582         ckmc_policy_s policy_private_key;
1583         ckmc_policy_s policy_public_key;
1584
1585         policy_private_key.password = NULL;
1586         policy_private_key.extractable = 1;
1587
1588         policy_public_key.password = NULL;
1589         policy_public_key.extractable = 1;
1590
1591         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1592
1593         CKM::Alias pub_alias = "dsa-pub2";
1594         CKM::Alias pri_alias = "dsa-prv2";
1595
1596         RUNNER_ASSERT_MSG(
1597                         CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
1598                         "Error=" << temp);
1599
1600         char *pri_passwd = NULL;
1601         char *pub_passwd = NULL;
1602         ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1603         ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1604         ckmc_raw_buffer_s *signature;
1605
1606         ckmc_key_s *pubkey = NULL;
1607         ckmc_key_s *prikey = NULL;
1608         RUNNER_ASSERT_MSG(
1609                         CKMC_ERROR_NONE == (temp = ckmc_get_key(pri_alias.c_str(), 0, &prikey)),
1610                         CKMCReadableError(temp));
1611
1612         RUNNER_ASSERT_MSG(
1613                         CKMC_ERROR_NONE == (temp = ckmc_get_key(pub_alias.c_str(), 0, &pubkey)),
1614                         CKMCReadableError(temp));
1615
1616         RUNNER_ASSERT_MSG(
1617                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1618                                         pri_alias.c_str(),
1619                                         pri_passwd,
1620                                         msg_buff,
1621                                         hash_algo,
1622                                         pad_algo,
1623                                         &signature)),
1624                         CKMCReadableError(temp));
1625
1626         // positive test
1627         RUNNER_ASSERT_MSG(
1628                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1629                                         pub_alias.c_str(),
1630                                         pub_passwd,
1631                                         msg_buff,
1632                                         *signature,
1633                                         hash_algo,
1634                                         pad_algo)),
1635                         CKMCReadableError(temp));
1636
1637         // negative test
1638         ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
1639         RUNNER_ASSERT_MSG(
1640                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1641                                         pub_alias.c_str(),
1642                                         pub_passwd,
1643                                         invalid_msg_buff,
1644                                         *signature,
1645                                         hash_algo,
1646                                         pad_algo)),
1647                         CKMCReadableError(temp));
1648
1649         ckmc_key_free(prikey);
1650         ckmc_key_free(pubkey);
1651         ckmc_buffer_free(signature);
1652 }
1653
1654 RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
1655 {
1656         int temp;
1657
1658         std::string prv =
1659                 "-----BEGIN EC PRIVATE KEY-----\n"
1660                 "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
1661                 "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
1662                 "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
1663                 "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
1664                 "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
1665                 "ELyhe7yPCAuOoLZlTLgf\n"
1666                 "-----END EC PRIVATE KEY-----\n";
1667
1668         std::string pub =
1669                 "-----BEGIN CERTIFICATE-----\n"
1670                 "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
1671                 "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
1672                 "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
1673                 "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
1674                 "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
1675                 "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
1676                 "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
1677                 "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
1678                 "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
1679                 "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
1680                 "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
1681                 "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
1682                 "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
1683                 "Q1oBry6NEc+lLFmWMDesAA==\n"
1684                 "-----END CERTIFICATE-----\n";
1685
1686         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
1687
1688         CKM::Alias pri_alias = "prv4";
1689         CKM::Alias pub_alias = "pub4";
1690         char *key_passwd = NULL;
1691         char *pri_passwd = NULL;
1692         char *pub_passwd = NULL;
1693         ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
1694         ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
1695         ckmc_raw_buffer_s *signature;
1696
1697         ckmc_cert_s cert;
1698         cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
1699         cert.cert_size = pub.size();
1700         cert.data_format = CKMC_FORM_PEM;
1701
1702         ckmc_policy_s certpolicy;
1703         certpolicy.password = pub_passwd;
1704         certpolicy.extractable = 1;
1705
1706         ckmc_key_s prikey;
1707         prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
1708         prikey.key_size = prv.size();
1709         prikey.key_type = CKMC_KEY_NONE;
1710         prikey.password = key_passwd;
1711
1712         ckmc_policy_s pripolicy;
1713         pripolicy.password = pri_passwd;
1714         pripolicy.extractable = 0;
1715
1716
1717         RUNNER_ASSERT_MSG(
1718                         CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
1719                         CKMCReadableError(temp));
1720         RUNNER_ASSERT_MSG(
1721                         CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
1722                         CKMCReadableError(temp));
1723
1724         RUNNER_ASSERT_MSG(
1725                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
1726                                         pri_alias.c_str(),
1727                                         pri_passwd,
1728                                         msg_buff,
1729                                         hash_algo,
1730                                         pad_algo,
1731                                         &signature)),
1732                         CKMCReadableError(temp));
1733
1734         RUNNER_ASSERT_MSG(
1735                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
1736                                         pub_alias.c_str(),
1737                                         pub_passwd,
1738                                         msg_buff,
1739                                         *signature,
1740                                         hash_algo,
1741                                         pad_algo)),
1742                         CKMCReadableError(temp));
1743
1744         RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
1745         memcpy((void*)signature->data, "BROKEN", 6);
1746
1747         RUNNER_ASSERT_MSG(
1748                         CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
1749                                         pub_alias.c_str(),
1750                                         pub_passwd,
1751                                         msg_buff,
1752                                         *signature,
1753                                         hash_algo,
1754                                         pad_algo)),
1755                         CKMCReadableError(temp));
1756 }
1757
1758 RUNNER_TEST(T3089_CAPI_deinit)
1759 {
1760         remove_user_data(USER_APP);
1761 }
1762
1763
1764 //#######################################################################################
1765
1766 void _assertKey(ckmc_key_s *key, unsigned char *raw_key, unsigned int key_size, ckmc_key_type_e key_type, char *password)
1767 {
1768         RUNNER_ASSERT_MSG(key->key_size == key_size, "Key Size Error" );
1769         RUNNER_ASSERT_MSG(key->key_type == key_type, "Key Type Error" );
1770
1771         if(key->password != NULL && password != NULL) {
1772                 RUNNER_ASSERT_MSG(strcmp(key->password, password) == 0, "Password Error" );
1773         }else if(key->password == NULL && password == NULL) {
1774                 RUNNER_ASSERT_MSG(true, "Password Error" );
1775         }else {
1776                 RUNNER_ASSERT_MSG(false, "Password Error" );
1777         }
1778
1779         if(key->raw_key != NULL && raw_key != NULL) {
1780                 for(unsigned int i=0; i<key_size; i++) {
1781                         RUNNER_ASSERT_MSG((key->raw_key)[i] == raw_key[i],  "Raw Key Error" );
1782                 }
1783         }else if(key->raw_key == NULL && raw_key == NULL) {
1784                 RUNNER_ASSERT_MSG(true,  "Raw Key Error" );
1785         }else {
1786                 RUNNER_ASSERT_MSG(false,  "Raw Key Error" );
1787         }
1788 }
1789
1790 RUNNER_TEST_GROUP_INIT(T309_CKMC_CAPI_TYPES);
1791
1792 RUNNER_TEST(T3091_CAPI_TYPE_init)
1793 {
1794         reset_user_data(USER_APP, USER_PASS);
1795 }
1796
1797 RUNNER_TEST(T3092_CAPI_TYPE_KEY)
1798 {
1799         std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
1800                 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1801                 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1802                 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1803                 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1804                 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1805                 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1806                 "zQIDAQAB\n"
1807                 "-----END PUBLIC KEY-----";
1808
1809         unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
1810         unsigned int key_size = keyPem.size();
1811         ckmc_key_type_e key_type = CKMC_KEY_NONE;
1812         char *password = const_cast< char *>("");
1813
1814         ckmc_key_s *key;
1815         ckmc_key_new(raw_key, key_size, key_type, password, &key);
1816
1817         _assertKey(key, raw_key, key_size, key_type, password);
1818         ckmc_key_free(key);
1819
1820         char *passwordNull = NULL;
1821         ckmc_key_s *key2;
1822         ckmc_key_new(raw_key, key_size, key_type, passwordNull, &key2);
1823         ckmc_key_free(key2);
1824 }
1825
1826 RUNNER_TEST(T3093_CAPI_TYPE_BUFFER)
1827 {
1828         std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
1829                 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
1830                 "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
1831                 "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
1832                 "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
1833                 "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
1834                 "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
1835                 "zQIDAQAB\n"
1836                 "-----END PUBLIC KEY-----";
1837
1838         unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
1839         unsigned int size = keyPem.size();
1840
1841         ckmc_raw_buffer_s *buff;
1842         ckmc_buffer_new(data, size, &buff);
1843
1844         RUNNER_ASSERT_MSG(buff->size == size, "Size Error" );
1845
1846         if(buff->data != NULL && data != NULL) {
1847                 for(unsigned int i=0; i<size; i++) {
1848                         RUNNER_ASSERT_MSG((buff->data)[i] == data[i],  "Raw data Error" );
1849                 }
1850         }else if(buff->data == NULL && data == NULL) {
1851                 RUNNER_ASSERT_MSG(true,  "Raw data Error" );
1852         }else {
1853                 RUNNER_ASSERT_MSG(false,  "Raw data Error" );
1854         }
1855
1856         ckmc_buffer_free(buff);
1857 }
1858
1859 RUNNER_TEST(T3094_CAPI_TYPE_CERT)
1860 {
1861         std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
1862
1863         unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
1864         unsigned int size = certPem.size();
1865         ckmc_data_format_e form = CKMC_FORM_PEM;
1866
1867         ckmc_cert_s *ckmCert;
1868         ckmc_cert_new(raw_cert, size, form, &ckmCert);
1869
1870         RUNNER_ASSERT_MSG(ckmCert->cert_size == size, "Size Error" );
1871
1872         if(ckmCert->raw_cert != NULL && raw_cert != NULL) {
1873                 for(unsigned int i=0; i<size; i++) {
1874                         RUNNER_ASSERT_MSG((ckmCert->raw_cert)[i] == raw_cert[i],  "Raw data Error" );
1875                 }
1876         }else if(ckmCert->raw_cert == NULL && raw_cert == NULL) {
1877                 RUNNER_ASSERT_MSG(true,  "raw_cert Error" );
1878         }else {
1879                 RUNNER_ASSERT_MSG(false,  "raw_cert Error" );
1880         }
1881
1882         RUNNER_ASSERT_MSG(ckmCert->data_format == form, "ckmc_cert_form Error" );
1883
1884         ckmc_cert_free(ckmCert);
1885 }
1886
1887
1888 RUNNER_TEST(T3095_CAPI_TYPE_load_cert_file)
1889 {
1890         int ret;
1891
1892         std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
1893
1894         const char *file_name = "/tmp/ckmc_test_cert.pem";
1895         remove(file_name);
1896
1897         FILE* cert_file;
1898         cert_file = fopen(file_name, "w");
1899         fprintf(cert_file, "%s",certStr.c_str());
1900         fclose(cert_file);
1901
1902         ckmc_cert_s *pcert;
1903
1904         RUNNER_ASSERT_MSG(
1905                         CKMC_ERROR_NONE == (ret = ckmc_load_cert_from_file(file_name, &pcert)),
1906                         CKMCReadableError(ret));
1907
1908         RUNNER_ASSERT_MSG(
1909                         pcert != NULL && pcert->cert_size > 0,"Fail to load cert from file.");
1910
1911         CKM::Alias lcert_alias = "lcert_alias";
1912         ckmc_policy_s policy;
1913         policy.password = NULL;
1914         policy.extractable = 1;
1915
1916         RUNNER_ASSERT_MSG(
1917                         CKMC_ERROR_NONE == (ret = ckmc_save_cert(lcert_alias.c_str(), *pcert, policy)),
1918                         CKMCReadableError(ret));
1919
1920         remove(file_name);
1921 }
1922
1923 RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) {
1924         const char *p12file = CKM_TEST_DIR "/capi-t3096.p12";
1925         const char *password = "password";
1926
1927         int temp;
1928
1929         ckmc_key_s *private_key = NULL;
1930         ckmc_cert_s *cert = NULL;
1931         ckmc_cert_list_s *ca_cert_list = NULL;
1932
1933         RUNNER_ASSERT_MSG(
1934                         CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file(p12file, password,
1935                                         &private_key, &cert, &ca_cert_list)),
1936                         "Error=" << temp);
1937         RUNNER_ASSERT_MSG(private_key != NULL, "Null private_key");
1938         RUNNER_ASSERT_MSG(cert != NULL, "Null cert");
1939         RUNNER_ASSERT_MSG(ca_cert_list != NULL, "Null ca_cert_list");
1940
1941         ckmc_policy_s policy;
1942         policy.password = NULL;
1943         policy.extractable = 1;
1944
1945
1946         CKM::Alias pkey_alias = "pkey_alias";
1947         RUNNER_ASSERT_MSG(
1948                         CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *private_key, policy)),
1949                         CKMCReadableError(temp));
1950
1951         CKM::Alias cert_alias = "cert_alias";
1952         RUNNER_ASSERT_MSG(
1953                         CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *cert, policy)),
1954                         CKMCReadableError(temp));
1955         std::string caCertAlias = "ca_cert_alias_";
1956         const char *idx = "0";
1957         int cnt = 0;
1958         ckmc_cert_list_s *tmpList = ca_cert_list;
1959         while(tmpList != NULL) {
1960                 caCertAlias.append(idx);
1961                 RUNNER_ASSERT_MSG(
1962                                 CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
1963                                 CKMCReadableError(temp));
1964                 tmpList = tmpList->next;
1965                 cnt ++;
1966         }
1967
1968         RUNNER_ASSERT_MSG(cnt ==  2, "Invalid CA Cert Count");
1969
1970         ckmc_key_free(private_key);
1971         ckmc_cert_free(cert);
1972         ckmc_cert_list_all_free(ca_cert_list);
1973 }
1974
1975 RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
1976         const char *p12file = CKM_TEST_DIR "/capi-t3096.p12";
1977         const char *password = "password";
1978
1979         int temp;
1980
1981         ckmc_pkcs12_s *ppkcs12 = NULL;
1982
1983         RUNNER_ASSERT_MSG(
1984                         CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(p12file, password, &ppkcs12)),
1985                         CKMCReadableError(temp));
1986         RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
1987         RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
1988         RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
1989
1990         ckmc_policy_s policy;
1991         policy.password = NULL;
1992         policy.extractable = 1;
1993
1994
1995         CKM::Alias pkey_alias = "pkey_alias2";
1996         RUNNER_ASSERT_MSG(
1997                         CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias.c_str(), *(ppkcs12->priv_key), policy)),
1998                         CKMCReadableError(temp));
1999
2000         CKM::Alias cert_alias = "cert_alias2";
2001         RUNNER_ASSERT_MSG(
2002                         CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias.c_str(), *(ppkcs12->cert), policy)),
2003                         CKMCReadableError(temp));
2004         std::string caCertAlias = "ca_cert_alias_2_";
2005         const char *idx = "0";
2006         int cnt = 0;
2007         ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
2008         while(tmpList != NULL) {
2009                 caCertAlias.append(idx);
2010                 RUNNER_ASSERT_MSG(
2011                                 CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
2012                                 CKMCReadableError(temp));
2013                 tmpList = tmpList->next;
2014                 cnt ++;
2015         }
2016
2017         RUNNER_ASSERT_MSG(cnt ==  2, "Invalid CA Cert Count");
2018
2019         ckmc_pkcs12_free(ppkcs12);
2020 }
2021
2022 RUNNER_TEST(T3098_CAPI_TYPE_deinit)
2023 {
2024         int temp;
2025         RUNNER_ASSERT_MSG(
2026                         CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
2027                         CKMCReadableError(temp));
2028         RUNNER_ASSERT_MSG(
2029                         CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
2030                         CKMCReadableError(temp));
2031 }
2032
2033 RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12);
2034
2035 namespace
2036 {
2037 CKM::Alias alias_PKCS_exportable = "/System CAPI-test-PKCS-export";
2038 CKM::Alias alias_PKCS_not_exportable = "/System CAPI-test-PKCS-no-export";
2039 CKM::Alias alias_PKCS_key_not_exportable = "/System CAPI-test-PKCS-no-key-export";
2040 }
2041
2042 RUNNER_TEST(T3101_CAPI_PKCS12_init)
2043 {
2044         remove_user_data(0);
2045 }
2046
2047 RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
2048 {
2049         const char *wrong_passwd = "wrong";
2050         ckmc_pkcs12_s *ppkcs12 = NULL;
2051         int temp;
2052         RUNNER_ASSERT_MSG(
2053                         CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load(CKM_TEST_DIR "/test1801.pkcs12", wrong_passwd, &ppkcs12)),
2054                         CKMCReadableError(temp));
2055 }
2056
2057 RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
2058 {
2059         ckmc_pkcs12_s *ppkcs12 = NULL;
2060         int temp;
2061         RUNNER_ASSERT_MSG(
2062                         CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(CKM_TEST_DIR "/pkcs.p12", NULL, &ppkcs12)),
2063                         CKMCReadableError(temp));
2064
2065         RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
2066         RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
2067         RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
2068
2069         // save to the CKM
2070         ckmc_policy_s exportable;
2071         exportable.password = NULL;
2072         exportable.extractable = 1;
2073         ckmc_policy_s notExportable;
2074         notExportable.password = NULL;
2075         notExportable.extractable = 0;
2076
2077         RUNNER_ASSERT_MSG(
2078                         CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
2079                         CKMCReadableError(temp));
2080         RUNNER_ASSERT_MSG(
2081                         CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable.c_str(), ppkcs12, exportable, exportable)),
2082                         CKMCReadableError(temp));
2083         RUNNER_ASSERT_MSG(
2084                         CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
2085                         CKMCReadableError(temp));
2086         RUNNER_ASSERT_MSG(
2087                         CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable.c_str(), ppkcs12, notExportable, notExportable)),
2088                         CKMCReadableError(temp));
2089         RUNNER_ASSERT_MSG(
2090                         CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_key_not_exportable.c_str(), ppkcs12, notExportable, exportable)),
2091                         CKMCReadableError(temp));
2092         RUNNER_ASSERT_MSG(CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_key_not_exportable.c_str(), ppkcs12, notExportable, exportable)),
2093                         CKMCReadableError(temp));
2094
2095         // try to lookup key
2096         ckmc_key_s *key_lookup = NULL;
2097         RUNNER_ASSERT_MSG(
2098                         CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
2099                         CKMCReadableError(temp));
2100         ckmc_key_free(key_lookup);
2101         key_lookup = NULL;
2102         RUNNER_ASSERT_MSG(
2103                         CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), "", &key_lookup)),
2104                         CKMCReadableError(temp));
2105         ckmc_key_free(key_lookup);
2106         key_lookup = NULL;
2107         RUNNER_ASSERT_MSG(CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_key_not_exportable.c_str(), "", &key_lookup)),
2108                         CKMCReadableError(temp));
2109         ckmc_key_free(key_lookup);
2110
2111         // try to lookup certificate
2112         ckmc_cert_s *cert_lookup = NULL;
2113         RUNNER_ASSERT_MSG(
2114                         CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
2115                         CKMCReadableError(temp));
2116         ckmc_cert_free(cert_lookup);
2117         cert_lookup = NULL;
2118         RUNNER_ASSERT_MSG(
2119                         CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
2120                         CKMCReadableError(temp));
2121         ckmc_cert_free(cert_lookup);
2122         cert_lookup = NULL;
2123         RUNNER_ASSERT_MSG(
2124                         CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_key_not_exportable.c_str(), NULL, &cert_lookup)),
2125                         CKMCReadableError(temp));
2126         ckmc_cert_free(cert_lookup);
2127 }
2128
2129 RUNNER_TEST(T3104_CAPI_PKCS12_get_PKCS)
2130 {
2131         int temp;
2132         ckmc_pkcs12_s *pkcs = NULL;
2133
2134         // fail - no entry
2135         RUNNER_ASSERT_MSG(
2136                         CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12("i-do-not-exist", NULL, NULL, &pkcs)),
2137                         CKMCReadableError(temp));
2138         ckmc_pkcs12_free(pkcs);
2139         pkcs = NULL;
2140
2141         // fail - not exportable
2142         RUNNER_ASSERT_MSG(
2143                         CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable.c_str(), NULL, NULL, &pkcs)),
2144                         CKMCReadableError(temp));
2145         ckmc_pkcs12_free(pkcs);
2146         pkcs = NULL;
2147
2148         // success - partially exportable
2149         RUNNER_ASSERT_MSG(
2150                         CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_key_not_exportable.c_str(), NULL, NULL, &pkcs)),
2151                         CKMCReadableError(temp));
2152
2153         RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
2154         RUNNER_ASSERT_MSG(NULL == pkcs->priv_key, "there should be no private key in PKCS12");
2155         RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
2156         size_t cntr = 0;
2157         ckmc_cert_list_s *iter = pkcs->ca_chain;
2158         do {
2159                 cntr++;
2160                 iter = iter->next;
2161         } while (iter);
2162         RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
2163
2164         ckmc_pkcs12_free(pkcs);
2165
2166
2167         // success - exportable
2168         RUNNER_ASSERT_MSG(
2169                         CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable.c_str(), NULL, NULL, &pkcs)),
2170                         CKMCReadableError(temp));
2171
2172         RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
2173         RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
2174         RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
2175         cntr = 0;
2176         iter = pkcs->ca_chain;
2177         do {
2178                 cntr ++;
2179                 iter = iter->next;
2180         } while(iter);
2181         RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
2182
2183         ckmc_pkcs12_free(pkcs);
2184 }
2185
2186 RUNNER_TEST(T3105_CAPI_PKCS12_create_and_verify_signature)
2187 {
2188         ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
2189
2190         int temp;
2191         ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
2192         ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
2193         ckmc_raw_buffer_s *signature = NULL;
2194
2195         RUNNER_ASSERT_MSG(
2196                         CKMC_ERROR_NONE == (temp = ckmc_create_signature(
2197                                         alias_PKCS_exportable.c_str(),
2198                                         NULL,
2199                                         msg_buff,
2200                                         hash_algo,
2201                                         pad_algo,
2202                                         &signature)),
2203                         CKMCReadableError(temp));
2204
2205         RUNNER_ASSERT_MSG(
2206                         CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
2207                                         alias_PKCS_exportable.c_str(),
2208                                         NULL,
2209                                         msg_buff,
2210                                         *signature,
2211                                         hash_algo,
2212                                         pad_algo)),
2213                         CKMCReadableError(temp));
2214 }
2215
2216 RUNNER_TEST(T3106_CAPI_PKCS12_remove_bundle_with_chain_certs)
2217 {
2218         int tmp;
2219
2220         // remove the whole PKCS12 bundles
2221         RUNNER_ASSERT_MSG(
2222                         CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_exportable.c_str())),
2223                         CKMCReadableError(tmp));
2224         RUNNER_ASSERT_MSG(
2225                         CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_not_exportable.c_str())),
2226                         CKMCReadableError(tmp));
2227         RUNNER_ASSERT_MSG(
2228                         CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_key_not_exportable.c_str())),
2229                         CKMCReadableError(tmp));
2230
2231         // expect lookup fails due to unknown alias
2232         // try to lookup key
2233         ckmc_key_s *key_lookup = NULL;
2234         RUNNER_ASSERT_MSG(
2235                         CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable.c_str(), NULL, &key_lookup)),
2236                         CKMCReadableError(tmp));
2237         ckmc_key_free(key_lookup);
2238         key_lookup = NULL;
2239         RUNNER_ASSERT_MSG(
2240                         CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable.c_str(), NULL, &key_lookup)),
2241                         CKMCReadableError(tmp));
2242         ckmc_key_free(key_lookup);
2243         key_lookup = NULL;
2244         RUNNER_ASSERT_MSG(
2245                         CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_key_not_exportable.c_str(), NULL, &key_lookup)),
2246                         CKMCReadableError(tmp));
2247         ckmc_key_free(key_lookup);
2248
2249         // try to lookup certificate
2250         ckmc_cert_s *cert_lookup = NULL;
2251         RUNNER_ASSERT_MSG(
2252                         CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable.c_str(), NULL, &cert_lookup)),
2253                         CKMCReadableError(tmp));
2254         ckmc_cert_free(cert_lookup);
2255         cert_lookup = NULL;
2256         RUNNER_ASSERT_MSG(
2257                         CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable.c_str(), NULL, &cert_lookup)),
2258                         CKMCReadableError(tmp));
2259         ckmc_cert_free(cert_lookup);
2260         cert_lookup = NULL;
2261         RUNNER_ASSERT_MSG(
2262                         CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_key_not_exportable.c_str(), NULL, &cert_lookup)),
2263                         CKMCReadableError(tmp));
2264         ckmc_cert_free(cert_lookup);
2265 }
2266
2267 RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
2268 {
2269         remove_user_data(0);
2270 }
2271
2272
2273 RUNNER_TEST_GROUP_INIT(T320_CAPI_EMPTY_DATABASE);
2274
2275 RUNNER_TEST(T3201_CAPI_unlock_database)
2276 {
2277         reset_user_data(USER_APP, USER_PASS);
2278 }
2279
2280 RUNNER_TEST(T3202_CAPI_get_data_from_empty_database)
2281 {
2282         ScopedDBUnlock unlock(USER_APP, USER_PASS);
2283
2284         int temp;
2285         CKM::Alias alias = "mykey";
2286         char *password = NULL;
2287         ckmc_key_s *test_key = NULL;
2288
2289         RUNNER_ASSERT_MSG(
2290                 CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
2291                 "Error=" << temp);
2292
2293         RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
2294 }
2295
2296 RUNNER_TEST(T3203_CAPI_lock_database)
2297 {
2298         ScopedDBUnlock unlock(USER_APP, USER_PASS);
2299
2300         int temp;
2301         RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
2302                 CKMCReadableError(temp));
2303 }
2304
2305 RUNNER_TEST(T3204_CAPI_get_data_from_locked_database)
2306 {
2307         int temp;
2308         CKM::Alias alias = "mykey";
2309         char *password = NULL;
2310         ckmc_key_s *test_key = NULL;
2311
2312         RUNNER_ASSERT_MSG(
2313                 CKMC_ERROR_DB_LOCKED == (temp = ckmc_get_key(alias.c_str(), password, &test_key)),
2314                 CKMCReadableError(temp));
2315
2316         RUNNER_ASSERT_MSG(NULL == test_key, "Key value should not be changed");
2317 }
2318
2319 RUNNER_TEST(T3204_deinit)
2320 {
2321         remove_user_data(USER_APP);
2322 }
2323
Domain: Security / Uncategorized;