#include <ckm-common.h>
#include <string>
+#include <fstream>
#include <string.h>
#include <stdio.h>
#include <stddef.h>
const int USER_APP = 5000;
const int GROUP_APP = 5000;
const char* USER_PASS = "user-pass";
-const char* TEST_LABEL = "test_label";
+const char *const TEST_OBJECT1 = "OBJECT1";
+const std::string TEST_ALIAS1 = aliasWithLabel(TEST_LABEL,TEST_OBJECT1);
const char* TEST_SYSTEM_ALIAS = "system-alias-1";
const char* TEST_DATA = "ABCD";
} // namespace anonymous
save_data(sharedDatabase(TEST_SYSTEM_ALIAS).c_str(), TEST_DATA);
// [test] - expect success
- check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA);
+ check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA);
// remove user data - expect to map to the system DB
int temp;
CKMCReadableError(temp));
// [test] - expect fail
- check_read(TEST_SYSTEM_ALIAS, ckmc_label_shared_owner, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
+ check_read(TEST_SYSTEM_ALIAS, ckmc_owner_id_system, TEST_DATA, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
-RUNNER_TEST(T3021_init_C_API)
+RUNNER_TEST(T30201_init_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3022_key_C_API)
+RUNNER_TEST(T30202_RSA_key_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3023_certificate_C_API)
+RUNNER_TEST(T30203_AES_key_C_API)
+{
+ int temp;
+ CKM::Alias alias = sharedDatabase("my_AES_key");
+ size_t key_length = 192;
+
+ ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
+ ckmc_key_s *test_key2;
+ ckmc_policy_s test_policy;
+ test_policy.password = NULL;
+ test_policy.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), NULL, &test_key2)),
+ CKMCReadableError(temp));
+
+ compare_AES_keys(test_key, test_key2);
+ ckmc_key_free(test_key);
+ ckmc_key_free(test_key2);
+}
+
+RUNNER_TEST(T30204_certificate_C_API)
{
int temp;
ckmc_cert_free(cert2);
}
-RUNNER_TEST(T3024_certificate_remove_C_API)
+RUNNER_TEST(T30205_certificate_remove_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3025_certificate_list_C_API)
+RUNNER_TEST(T30206_certificate_list_C_API)
{
int temp;
}
-RUNNER_CHILD_TEST(T3026_user_app_save_key_C_API)
+RUNNER_CHILD_TEST(T30207_user_app_save_RSA_key_C_API)
{
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
// RUNNER_ASSERT_MSG(
// key.getDER() == key2.getDER(), "Key value has been changed by service");
+
+ delete [] char_keypem;
+}
+
+RUNNER_CHILD_TEST(T30208_user_app_save_AES_key_C_API)
+{
+ AccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ const char* password = NULL;
+ size_t key_length = 192;
+ CKM::Alias alias = "my_AES_key";
+
+ ckmc_key_s *test_key = generate_AES_key(key_length, password);
+ ckmc_key_s *test_key2;
+ ckmc_policy_s test_policy;
+ test_policy.password = const_cast<char *>(password);
+ test_policy.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
+ CKMCReadableError(temp));
+
+ compare_AES_keys(test_key, test_key2);
+ ckmc_key_free(test_key);
+ ckmc_key_free(test_key2);
}
-RUNNER_CHILD_TEST(T3027_app_user_save_keys_exportable_flag)
+RUNNER_CHILD_TEST(T30209_user_app_save_AES_key_passwd_C_API)
{
- ScopedAccessProvider ap("mylabel");
+ AccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ const char* password = "x";
+ size_t key_length = 192;
+ CKM::Alias alias = "my_AES_key-2";
+
+ ckmc_key_s *test_key = generate_AES_key(key_length, password);
+ ckmc_policy_s test_policy;
+ test_policy.password = const_cast<char *>(password);
+ test_policy.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
+ CKMCReadableError(temp));
+ ckmc_key_free(test_key);
+}
+
+RUNNER_CHILD_TEST(T30210_app_user_save_RSA_keys_exportable_flag)
+{
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
test_key.raw_key = (unsigned char *)char_keypem;
test_key.key_size = keyPem.length();
test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
+ test_key.password = NULL;
test_policy.password = password;
test_policy.extractable = 0;
CKMCReadableError(temp));
}
+RUNNER_CHILD_TEST(T30211_app_user_save_AES_keys_exportable_flag)
+{
+ AccessProvider ap(TEST_LABEL);
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-RUNNER_TEST(T3028_certificate_with_DSA_key_C_API)
+ int temp;
+ const char* password = NULL;
+ size_t key_length = 256;
+ CKM::Alias alias = "my_AES_key-3";
+
+ ckmc_key_s *test_key = generate_AES_key(key_length, password);
+ ckmc_key_s *test_key2;
+ ckmc_policy_s test_policy;
+ test_policy.password = const_cast<char *>(password);
+ test_policy.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
+ CKMCReadableError(temp));
+ ckmc_key_free(test_key);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
+ CKMCReadableError(temp));
+}
+
+RUNNER_TEST(T30212_certificate_with_DSA_key_C_API)
{
int temp;
ckmc_cert_free(cert2);
}
-RUNNER_TEST(T3029_deinit_C_API)
+RUNNER_TEST(T30213_deinit_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3032_save_keys_get_alias_C_API)
+RUNNER_TEST(T3032_save_asymmetric_keys_get_alias_C_API)
{
int temp;
}
-RUNNER_TEST(T3033_remove_key_C_API)
+RUNNER_TEST(T3033_remove_asymmetric_key_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3034_deinit_C_API)
+RUNNER_TEST(T3034_save_symmetric_keys_get_alias_C_API)
+{
+ int temp;
+ size_t key_length = 128;
+ ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
+ ckmc_policy_s test_policy1, test_policy2, test_policy3;
+ test_policy1.password = NULL;
+ test_policy1.extractable = 1;
+
+ test_policy2.password = NULL;
+ test_policy2.extractable = 1;
+
+ test_policy3.password = NULL;
+ test_policy3.extractable = 1;
+
+ int current_aliases_num = count_aliases(ALIAS_KEY);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key1").c_str(), *test_key, test_policy1)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key2").c_str(), *test_key, test_policy2)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key3").c_str(), *test_key, test_policy3)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)),
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+
+ ckmc_key_free(test_key);
+}
+
+
+RUNNER_TEST(T3035_remove_symmetric_key_C_API)
+{
+ int temp;
+
+ ckmc_key_s *test_key2;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key1").c_str(), NULL, &test_key2)),
+ CKMCReadableError(temp));
+ validate_AES_key(test_key2);
+ ckmc_key_free(test_key2);
+
+ // actual test - remove middle item
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("AES_key2").c_str())),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(sharedDatabase("AES_key2").c_str(), NULL, &test_key2)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key3").c_str(), NULL, &test_key2)),
+ CKMCReadableError(temp));
+ validate_AES_key(test_key2);
+ ckmc_key_free(test_key2);
+
+}
+
+RUNNER_TEST(T3036_deinit_C_API)
{
int temp;
RUNNER_TEST(T3041_init_C_API)
{
- int temp;
remove_user_data(0);
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "simple-password")),
- CKMCReadableError(temp));
+ reset_user_data(USER_APP, "simple-password");
}
RUNNER_TEST(T3042_save_get_bin_data_C_API)
RUNNER_CHILD_TEST(T3043_app_user_save_bin_data_C_API)
{
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKMCReadableError(temp));
}
-RUNNER_TEST(T3045_deinit_C_API)
+RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<USER_APP>)
+{
+ const size_t BIG_SIZE = 5000000;
+ ScopedAccessProvider ap(TEST_LABEL, USER_APP, GROUP_APP);
+
+ std::vector<char> big_data(BIG_SIZE);
+ std::ifstream is("/dev/urandom", std::ifstream::binary);
+ if(is)
+ is.read(big_data.data(), BIG_SIZE);
+
+ RUNNER_ASSERT_MSG(is,
+ "Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom");
+
+ save_data(TEST_ALIAS1.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
+ check_read(TEST_OBJECT1, TEST_LABEL, big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
+}
+
+RUNNER_TEST(T3050_deinit_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T3052_CAPI_create_rsa_key)
+RUNNER_CHILD_TEST(T3052_CAPI_create_RSA_key)
{
int temp;
- ScopedAccessProvider ap("mylabel");
+ ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T3053_CAPI_create_dsa_key)
+RUNNER_CHILD_TEST(T3053_CAPI_create_DSA_key)
{
int temp;
- AccessProvider ap("mylabel");
+ AccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
}
-RUNNER_TEST(T3054_CAPI_deinit)
+RUNNER_CHILD_TEST(T3054_CAPI_create_AES_key)
+{
+ int temp;
+ size_t size = 128;
+ CKM::Alias key_alias = sharedDatabase("AES-gen-test-1");
+ ckmc_policy_s policy_key;
+
+ policy_key.password = NULL;
+ policy_key.extractable = 1;
+
+ int current_aliases_num = count_aliases(ALIAS_KEY);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_aes(size, key_alias.c_str(), policy_key)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+1) == (temp = count_aliases(ALIAS_KEY)),
+ "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
+
+ ckmc_key_s *get_AES_key = 0;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(key_alias.c_str(), policy_key.password, &get_AES_key)),
+ CKMCReadableError(temp));
+ validate_AES_key(get_AES_key);
+ ckmc_key_free(get_AES_key);
+}
+
+
+RUNNER_TEST(T3055_CAPI_deinit)
{
int temp;
//RUNNER_TEST_GROUP_INIT(T120_NEGATIVE_TESTS);
-
RUNNER_TEST_GROUP_INIT(T307_CKMC_CAPI_OCSP_TESTS);
RUNNER_TEST(T3071_CAPI_init)
}
RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) {
- const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
+ const char *p12file = CKM_TEST_DIR "/capi-t3096.p12";
const char *password = "password";
int temp;
}
RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
- const char *p12file = "/usr/share/ckm-test/capi-t3096.p12";
+ const char *p12file = CKM_TEST_DIR "/capi-t3096.p12";
const char *password = "password";
int temp;
ckmc_pkcs12_s *ppkcs12 = NULL;
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
+ CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_pkcs12_load(CKM_TEST_DIR "/test1801.pkcs12", wrong_passwd, &ppkcs12)),
CKMCReadableError(temp));
}
ckmc_pkcs12_s *ppkcs12 = NULL;
int temp;
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
+ CKMC_ERROR_NONE == (temp = ckmc_pkcs12_load(CKM_TEST_DIR "/pkcs.p12", NULL, &ppkcs12)),
CKMCReadableError(temp));
RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
// remove the whole PKCS12 bundles
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable.c_str())),
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_exportable.c_str())),
CKMCReadableError(tmp));
RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable.c_str())),
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_alias(alias_PKCS_not_exportable.c_str())),
CKMCReadableError(tmp));
// expect lookup fails due to unknown alias
RUNNER_CHILD_TEST(T3202_CAPI_get_data_from_empty_database)
{
+ ScopedDBUnlock unlock(USER_APP, USER_PASS);
ScopedAccessProvider ap(TEST_LABEL);
ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
- ScopedDBUnlock unlock(USER_APP, USER_PASS);
int temp;
CKM::Alias alias = "mykey";
RUNNER_CHILD_TEST(T3203_CAPI_lock_database)
{
- ScopedAccessProvider ap(TEST_LABEL);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
ScopedDBUnlock unlock(USER_APP, USER_PASS);
int temp;
projects / platform / core / test / security-tests.git / blobdiff