{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
char* password = NULL;
ckmc_cert_s *cert2;
{
int temp;
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
char* password = NULL;
ckmc_cert_s cert;
CKMCReadableError(temp));
}
-RUNNER_TEST(T30210_certificate_with_DSA_key_C_API)
-{
- int temp;
-
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
-
- char* password = NULL;
- ckmc_cert_s *cert2 = NULL;
- ckmc_cert_s cert;
-
- ckmc_policy_s test_policy;
- test_policy.password = password;
- test_policy.extractable = 1;
-
- char* char_certPem = new char[certPem.length() + 1];
- std::strcpy(char_certPem, certPem.c_str());
- cert.raw_cert = (unsigned char *)char_certPem;
- cert.cert_size = certPem.length();
- cert.data_format = CKMC_FORM_PEM;
-
- CKM::Alias alias = "test-cert-1-DSA";
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_cert(alias.c_str(), cert, test_policy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias.c_str(), password, &cert2)),
- CKMCReadableError(temp));
-
- ckmc_cert_free(cert2);
-}
-
RUNNER_TEST(T30211_deinit_C_API)
{
int temp;
RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<USER_APP>)
{
- const size_t BIG_SIZE = 5000000;
+ // We don't know which backend will be used
+ const size_t BIG_SIZE = 100000;
std::vector<char> big_data(BIG_SIZE);
std::ifstream is("/dev/urandom", std::ifstream::binary);
check_read(TEST_OBJECT1, self_label.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
}
+RUNNER_TEST(T3046_save_get_password_protected_data)
+{
+ const char *alias = "T3046_data_alias";
+ const char *password = "test-password";
+ std::vector<unsigned char> data = { 0x28, 0x34, 0x5a, 0xf3 };
+
+ ckmc_raw_buffer_s raw_buffer;
+ raw_buffer.data = data.data();
+ raw_buffer.size = data.size();
+
+ ckmc_policy_s policy;
+ policy.password = const_cast<char *>(password);
+ policy.extractable = 1;
+
+ int temp;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_data(alias, raw_buffer, policy)),
+ CKMCReadableError(temp));
+
+ ckmc_raw_buffer_s *raw_buffer_stored = nullptr;
+
+ // test negative case first
+ temp = ckmc_get_data(alias, "invalid_password", &raw_buffer_stored);
+
+ // make scoped buffer for in case of success
+ std::unique_ptr<ckmc_raw_buffer_s, void(*)(ckmc_raw_buffer_s *)> scoped_buffer(
+ raw_buffer_stored, ckmc_buffer_free);
+
+ RUNNER_ASSERT_MSG(temp == CKMC_ERROR_AUTHENTICATION_FAILED,
+ "expected(" << CKMCErrorToString(CKMC_ERROR_AUTHENTICATION_FAILED)
+ << ") but ret(" << CKMCErrorToString(temp) << ")");
+
+ temp = ckmc_get_data(alias, password, &raw_buffer_stored);
+ // reset buffer with raw buffer of positive case
+ scoped_buffer.reset(raw_buffer_stored);
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE == temp, CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ raw_buffer_stored->size == raw_buffer.size,
+ "stored raw buffer size(" << raw_buffer_stored->size
+ << ") is differ to original raw buffer size(" << raw_buffer.size << ")");
+ for (size_t i = 0; i < raw_buffer_stored->size; ++i)
+ RUNNER_ASSERT_MSG(
+ raw_buffer_stored->data[i] == raw_buffer.data[i],
+ "stored raw buffer data[" << i << "](" << raw_buffer_stored->data[i]
+ << ") is differ to original raw buffer data["
+ << i << "](" << raw_buffer.data[i] << ")");
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_alias(alias)),
+ CKMCReadableError(temp));
+}
+
RUNNER_TEST(T3050_deinit_C_API)
{
int temp;
RUNNER_TEST(T3074_CAPI_ckmc_ocsp_check)
{
- std::string ee = TestData::getTestCertificateBase64(TestData::MBANK);
- std::string im = TestData::getTestCertificateBase64(TestData::SYMANTEC);
+ std::string im = TestData::getTestCertificateBase64(TestData::OCSP_AVAILABLE_IM);
ckmc_cert_s c_cert;
- c_cert.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(ee.c_str()));
- c_cert.cert_size = ee.size();
+ c_cert.raw_cert = reinterpret_cast<unsigned char *>(im.data());
+ c_cert.cert_size = im.size();
c_cert.data_format = CKMC_FORM_PEM;
- ckmc_cert_s c_cert1;
- c_cert1.raw_cert = reinterpret_cast<unsigned char *>(const_cast<char *>(im.c_str()));
- c_cert1.cert_size = im.size();
- c_cert1.data_format = CKMC_FORM_PEM;
-
- ckmc_cert_list_s untrustedcerts;
- untrustedcerts.cert = &c_cert1;
- untrustedcerts.next = NULL;
-
ckmc_cert_list_s *cert_chain_list;
- int tmp = ckmc_get_cert_chain(&c_cert, &untrustedcerts, &cert_chain_list);
+ int tmp = ckmc_get_cert_chain(&c_cert, NULL, &cert_chain_list);
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == tmp, CKMCReadableError(tmp));
ckmc_raw_buffer_s *signature;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pripolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = const_cast<char *>(key_passwd);
CKMCReadableError(temp));
}
-RUNNER_TEST(T3083_CAPI__rsa_key_create_verify_negative)
+RUNNER_TEST(T3083a_CAPI__rsa_key_create_verify_negative)
{
int temp;
CKMCReadableError(temp));
}
+RUNNER_TEST(T3083b_CAPI__rsa_key_create_verify_hash_and_padding)
+{
+ int temp;
+
+ unsigned char hashed_msg[256] = {}; // shouldn't need padding (2048-bit key)
+ ckmc_raw_buffer_s msg_buff;
+ msg_buff.data = hashed_msg;
+ msg_buff.size = sizeof(hashed_msg);
+ ckmc_raw_buffer_s short_data = prepare_message_buffer("length not equal to key size");
+ CKM::Alias pub_alias = "pub1";
+ CKM::Alias pri_alias = "prv1";
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_raw_buffer_s *signature;
+
+ // sign: no padding + hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ msg_buff,
+ CKMC_HASH_SHA256,
+ CKMC_NONE_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // sign: no padding + no hash + short data
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ short_data,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // sign: no padding + no hash + correct length
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ msg_buff,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_PKCS1_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ CKMC_HASH_SHA256,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+
+ // sign: padding + no hash + short data
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ short_data,
+ CKMC_HASH_NONE,
+ CKMC_PKCS1_PADDING,
+ &signature)),
+ CKMCReadableError(temp));
+
+ // verify: padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ short_data,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_PKCS1_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + no hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ short_data,
+ *signature,
+ CKMC_HASH_NONE,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ // verify: no padding + hash
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ short_data,
+ *signature,
+ CKMC_HASH_SHA256,
+ CKMC_NONE_PADDING)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+}
+
+
RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
{
int temp;
ckmc_raw_buffer_s *signature;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pubpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
ckmc_raw_buffer_s *signature;
ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.raw_cert = reinterpret_cast<unsigned char *>(pub.data());
cert.cert_size = pub.size();
cert.data_format = CKMC_FORM_PEM;
certpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
{
int temp;
- const std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
"MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
"BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
"A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
"YMYCBhubtrVaLmc=\n"
"-----END PUBLIC KEY-----";
- const std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
+ std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
"MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
"NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
"ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
ckmc_raw_buffer_s *signature = NULL;
ckmc_key_s pubkey;
- pubkey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
pubkey.key_size = pub.size();
pubkey.key_type = CKMC_KEY_NONE;
pubkey.password = NULL;
pripolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(priv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(priv.data());
prikey.key_size = priv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = NULL;
ckmc_raw_buffer_s *signature;
ckmc_cert_s cert;
- cert.raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(pub.c_str()));
+ cert.raw_cert = reinterpret_cast<unsigned char *>(pub.data());
cert.cert_size = pub.size();
cert.data_format = CKMC_FORM_PEM;
certpolicy.extractable = 1;
ckmc_key_s prikey;
- prikey.raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(prv.c_str()));
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
prikey.key_size = prv.size();
prikey.key_type = CKMC_KEY_NONE;
prikey.password = key_passwd;
"zQIDAQAB\n"
"-----END PUBLIC KEY-----";
- unsigned char *raw_key = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned char *raw_key = reinterpret_cast<unsigned char *>(keyPem.data());
unsigned int key_size = keyPem.size();
ckmc_key_type_e key_type = CKMC_KEY_NONE;
char *password = const_cast< char *>("");
"zQIDAQAB\n"
"-----END PUBLIC KEY-----";
- unsigned char *data = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(keyPem.c_str()));
+ unsigned char *data = reinterpret_cast<unsigned char *>(keyPem.data());
unsigned int size = keyPem.size();
ckmc_raw_buffer_s *buff;
RUNNER_TEST(T3094_CAPI_TYPE_CERT)
{
- std::string certPem = TestData::getTestCertificateBase64(TestData::GIAG2);
+ std::string certPem = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
- unsigned char *raw_cert = const_cast<unsigned char *>(reinterpret_cast<const unsigned char *>(certPem.c_str()));
+ unsigned char *raw_cert = reinterpret_cast<unsigned char *>(certPem.data());
unsigned int size = certPem.size();
ckmc_data_format_e form = CKMC_FORM_PEM;
{
int ret;
- std::string certStr = TestData::getTestCertificateBase64(TestData::MBANK);
+ std::string certStr = TestData::getTestCertificateBase64(TestData::TEST_LEAF);
const char *file_name = "/tmp/ckmc_test_cert.pem";
remove(file_name);