/*
- * Copyright (c) 2016 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2016-2020 Samsung Electronics Co., Ltd. All rights reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <tests_common.h>
#include <test-certs.h>
+#include <ckm_helpers.h>
#include <ckm-common.h>
#include <ckm/ckm-manager.h>
int temp;
auto manager = CKM::Manager::create();
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::CertificateShPtr cert2;
CKM::Alias alias = "myCert";
"Key value has been changed by service");
}
+RUNNER_TEST(T1020_save_big_data)
+{
+#ifdef TZ_BACKEND
+ const size_t BIG_SIZE = 100000;
+ CKM::PolicyBackend backend = CKM::PolicyBackend::FORCE_HARDWARE;
+#else
+ const size_t BIG_SIZE = 5000000;
+ CKM::PolicyBackend backend = CKM::PolicyBackend::FORCE_SOFTWARE;
+#endif
+
+ int temp;
+ std::vector<char> big_data(BIG_SIZE);
+ std::ifstream is("/dev/urandom", std::ifstream::binary);
+ if(is)
+ is.read(big_data.data(), BIG_SIZE);
+
+ RUNNER_ASSERT_MSG(is,
+ "Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom");
+
+ CKM::RawBuffer buffer(big_data.begin(), big_data.end());
+ CKM::Policy policy(CKM::Password(), true, backend);
+ CKM::RawBuffer returned;
+
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("big_data", buffer, policy)),
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData("big_data", CKM::Password(), returned)),
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(buffer == returned, "Returned data doesn't match the original");
+}
+
RUNNER_TEST(T1015_deinit)
{
remove_user_data(USER_APP);
CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getKey("appkey4", CKM::Password(), key)),
"Error=" << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data3", buffer, notExportable)),
+ CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, notExportable)),
"Error=" << CKM::APICodeToString(temp));
}
auto manager = CKM::Manager::create();
CKM::AliasPwdVector expected;
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
std::string currentAlias;
size_t beforeSaveAliasCount = count_aliases(ALIAS_CERT);
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::Alias alias; //alias is not initialized
int temp;
{
ScopedDBUnlock unlock(USER_APP, APP_PASS);
- auto cert = TestData::getTestCertificate(TestData::THIRD_PARTY_LEAF);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
CKM::Alias alias = "iamsomebodyelse alias";
int temp;
RUNNER_TEST(T13129_get_chain)
{
- auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
+ auto cert1 = TestData::getTestCertificate(TestData::TEST_IM_CA);
+ auto root = TestData::getTestCertificate(TestData::TEST_ROOT_CA);
CKM::CertificateShPtrVector certVector = {cert1};
CKM::CertificateShPtrVector certChain;
+ CKM::CertificateShPtrVector trusted = {root};
int tmp;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
+ RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
tmp = manager->getCertificateChain(cert,
EMPTY_CERT_VECTOR,
- EMPTY_CERT_VECTOR,
+ trusted,
true,
certChain);
RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
0 == certChain.size(),
"Wrong size of certificate chain.");
- tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ tmp = manager->getCertificateChain(cert, certVector, trusted, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
RUNNER_TEST(T1313_get_chain_with_alias)
{
- auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+ auto cert = TestData::getTestCertificate(TestData::TEST_LEAF);
+ auto cert1 = TestData::getTestCertificate(TestData::TEST_IM_CA);
+ auto root = TestData::getTestCertificate(TestData::TEST_ROOT_CA);
CKM::CertificateShPtrVector certChain;
- CKM::AliasVector aliasVector;
- CKM::Alias alias = "imcert";
int tmp;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, EMPTY_ALIAS_VECTOR, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
"Error=" << CKM::APICodeToString(tmp));
0 == certChain.size(),
"Wrong size of certificate chain.");
+ CKM::AliasVector aliasVector = { "imcert" };
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
+ CKM_API_SUCCESS == (tmp = manager->saveCertificate(aliasVector[0], cert1, CKM::Policy())),
"Error=" << CKM::APICodeToString(tmp));
- aliasVector.push_back(alias);
+ CKM::AliasVector trustedAliasVector = { "rootcert" };
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->saveCertificate(trustedAliasVector[0], root, CKM::Policy())),
+ "Error=" << CKM::APICodeToString(tmp));
- tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ tmp = manager->getCertificateChain(cert, aliasVector, trustedAliasVector, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
RUNNER_TEST(T13141_ocsp_check_valid_chain)
{
- auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_LEAF);
- auto cert1 = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
- CKM::CertificateShPtrVector certVector = {cert1};
+ auto cert = TestData::getTestCertificate(TestData::OCSP_AVAILABLE_IM);
+
CKM::CertificateShPtrVector certChain;
int tmp;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
- "Error=" << CKM::APICodeToString(tmp));
-
- RUNNER_ASSERT_MSG(
- 0 == certChain.size(),
- "Wrong size of certificate chain.");
-
- tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::APICodeToString(tmp));
RUNNER_ASSERT_MSG(
- 3 == certChain.size(),
+ 2 == certChain.size(),
"Wrong size of certificate chain.");
int status;
RUNNER_TEST(T13144_ocsp_check_root)
{
- auto root = TestData::getTestCertificate(TestData::THIRD_PARTY_ROOT_CA);
+ auto root = TestData::getTestCertificate(TestData::OCSP_ROOT_CA);
CKM::CertificateShPtrVector certVector = {root};
auto manager = CKM::Manager::create();
std::string message = "message test";
- CKM::Alias aliasPub = "ecpub_nohash1";
CKM::Alias aliasPrv = "ecprv_nohash1";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
- aliasPrv,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- hash,
- padd,
- signature)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::APICodeToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
-
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::APICodeToString(temp));
-}
-
-RUNNER_TEST(T14185_ECDSA_create_signatue_nohash_bigmsg)
-{
- int temp;
- auto manager = CKM::Manager::create();
-
- int msgSize = 1024*1024;
- char big_msg[msgSize];
- for(int i =0; i<msgSize-1; i++) {
- big_msg[i] = 'a';
- }
- big_msg[msgSize-1]=0x00;
- std::string message(big_msg);
-
- CKM::Alias aliasPub = "ecpub_nohash1";
- CKM::Alias aliasPrv = "ecprv_nohash1";
- CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
- CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
- CKM::RawBuffer signature;
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createSignature(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
aliasPrv,
CKM::Password(),
CKM::RawBuffer(message.begin(), message.end()),
"Error=" << CKM::APICodeToString(temp));
}
-
RUNNER_TEST(T14189_deinit)
{
remove_user_data(USER_APP);
int temp;
auto manager = CKM::Manager::create();
- std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
- "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n"
- "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n"
- "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n"
- "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n"
- "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n"
- "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n"
- "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n"
- "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n"
- "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n"
- "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n"
- "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n"
- "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n"
- "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n"
- "-----END RSA PRIVATE KEY-----";
+ std::string prv =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICWwIBAAKBgQDDgmPurTQa3wbnlM+9nCEQvhDviYRvSC9TL5lAMBCmBSl93v0U\n"
+ "BXWsqO+fmAINm5QJa89hF5N7Q4xtvfSJUPIeyzowTOEGM4U3FnJtlsNQsoNbFlNy\n"
+ "QLoZZmmY4ljG6/YqX+JGBgS9/J8uvaDWkvs+ktkORygfNz4Gi5DERT7eeQIDAQAB\n"
+ "AoGAARIqx/js6yTDnesjxC8hwzy3TQic0Bs+Hx+IoGBjBvXKR2U8T6rD/UEjpuUn\n"
+ "RbnPcsnDZg3CAg/ZqhQ7TbFC0kPo+S6+wKsZGDWUUvnpMkdcZUqXel8GFhdnmeIh\n"
+ "22vYthP4TCbolxwXlwvuhu0PLZWhRO/Z+g37T3QENexqGv0CQQDmqJ9PDoUj5eUR\n"
+ "wWEqEPraoU6ARBUUX5EhmTT9g9/BXnhwumIOksDHcBqNUwNOlKCUlWfBOelO93Ys\n"
+ "PRW3QyejAkEA2P0tW/8iU4j+0a6DV+TUYFDTjD29y8KPw0Aj59591xD5eIPK3IgU\n"
+ "91vnmtvU/QR26PnMOx4OAPk9a7BtN62zMwJAIFV0950edtjMUr/cAgydTbadDYf9\n"
+ "uHxpGN+kOQGahT3b/llyU36o/YwufK8tYH+fPxTulXyrwwEXlL3/ZFBKpwJAeLGS\n"
+ "Wlp2WGqZ+j2MdwYkDxLGKHprKHwnBN6XWjCKZGbfrGX6H2Jd7xyinaNrO/UQwxO2\n"
+ "wqc7+NSpkk3G4jJuuwJAODYlk2Q+djE4jkjDc4xiqsQGBQlI2dlgzjRjIF4HWiLx\n"
+ "bIrI0uCCbGItx++hlvmDx7G8anBmIFfBWIaKdX0aWw==\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
std::string message = "message test";
auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
// this certificate has been signed using PKCS chain
std::string im =
"-----BEGIN CERTIFICATE-----\n"
- "MIIBozCCAQwCAQEwDQYJKoZIhvcNAQEFBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
- "c3RtZS5jb20wHhcNMTUxMjA5MTA0NjU0WhcNMjUxMjA2MTA0NjU0WjAYMRYwFAYD\n"
- "VQQDDA1lZUB0ZXN0bWUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP\n"
- "+fNsZB1Vlmhnk0IwYDs7Pw9E38KQfTt/egqqRFN6IvIt0CCDBXqnPTujuvlO2OyL\n"
- "XVuALnIBmTDm5Oz+oz+qiY6/XrVS/CoACNZyMo6ihG9OeocvDbU3jXEaPGL6ib/x\n"
- "jlms0aA9d5L9TO2lEzEP7bFKgHCB8FWINcxSP5zl1QIDAQABMA0GCSqGSIb3DQEB\n"
- "BQUAA4GBAKBpVJMkdK6/qnAz7d7Bul/BhhSLEYbNPdxRiUj3U2dt0GJgswMu2SNT\n"
- "/3NXB8V8mnnXR6cWn5bmjyA7ZpQEKAatS/KEQ9wfLXyCgYDRebX71mVKAI3XcyxB\n"
- "p2qsOWWaJhuHmC1GVjx3foL+RDrmRo6BiucNHMIuvrd1W36eKdhj\n"
+ "MIICxDCCAi0CFGHuCEUksqn0Rr3SXdhn+TlnL804MA0GCSqGSIb3DQEBCwUAMGEx\n"
+ "CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl\n"
+ "cm5ldCBXaWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMMEXNlcnZlckB0ZXN0bWUuY29t\n"
+ "MB4XDTE5MDYxMzEyMTkyNloXDTI5MDYxMDEyMTkyNlowXTELMAkGA1UEBhMCQVUx\n"
+ "EzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMg\n"
+ "UHR5IEx0ZDEWMBQGA1UEAwwNZWVAdGVzdG1lLmNvbTCCASIwDQYJKoZIhvcNAQEB\n"
+ "BQADggEPADCCAQoCggEBAK3/XvE3uc2EhzwmsAfq6KEw52J8kCAB9Rma/qjkw6ZT\n"
+ "yUYmSQvmcK8wSDt015Y/ekYLereCeWNLNkFlQeZC7LHT6T1mGnxNIgL3oUS2c+15\n"
+ "FEYX9QJIN/CoJYQ/tmiQPa1OJz4prUFwqAzM1kRtHGfcAGmQHfgu77P3ljAJzfsW\n"
+ "2beVHM+MTNSybkGHql28Z93bp382k5FQXegkxbozsKBMk37QjKiqes29J/ET0Huy\n"
+ "yzOkf+XvbizIPRvMt/2guw9sgRb7YrM2M+igmHIHxfzxuqzpPr+bmcqQdyFdVkAK\n"
+ "Qcx930HbfjHJ5k5vcovPLQ3LvSnYVCTe7aCAAmMzKXsCAwEAATANBgkqhkiG9w0B\n"
+ "AQsFAAOBgQBfFMim/9zLd+EeZyeYA0vy3C9YuNJI+KsZlKAfrFDQNeIT/qg/GQM4\n"
+ "o7I3TIHQ62tdEx6nBJs0DKSAmhRh4yc+P1KHMzIQIgSjftqS3Z+AKbJn6vOpWNTq\n"
+ "cexnpexaNn69dbqJZsjr0fHsGAkh5n96icAB4VZyFncEknZKbTdd0g==\n"
"-----END CERTIFICATE-----\n";
auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
return -1;
}
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ int exitCode = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+
+ detectCkmBugTrustzoneLeak();
+
+ return exitCode;
}
projects / platform / core / test / security-tests.git / blobdiff