#include <dpl/log/log.h>
-static const int USER_APP = 5000;
-static const int GROUP_APP = 5000;
-static const int USER_TEST = 5001;
+namespace {
+const int USER_APP = 5000;
+const int GROUP_APP = 5000;
+const int USER_TEST = 5001;
+
+const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CKM::AliasVector EMPTY_ALIAS_VECTOR;
+} // namespace anonymous
/*
* How to numerate tests:
* D - subtest.
*/
+RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT);
+RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) {
+ stop_service(MANAGER);
+ start_service(MANAGER);
+
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ // all further tests will start with newly started service,
+ // OpenSSL on the service side will have to be properly initialized too
+ stop_service(MANAGER);
+ start_service(MANAGER);
+}
-RUNNER_TEST_GROUP_INIT(T0000_CKM_CONTROL);
+RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL);
-RUNNER_TEST(T0010_Control)
+RUNNER_TEST(T0011_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0020_Control)
+RUNNER_TEST(T0012_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0030_Control)
+RUNNER_TEST(T0013_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0040_Control)
+RUNNER_TEST(T0014_Control)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(14)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T0015_Control)
{
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(20)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0050_Control)
+RUNNER_TEST(T0016_Control_negative_wrong_password)
{
int temp;
auto control = CKM::Control::create();
CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->removeUserData(20)),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
key->getDER() == key2->getDER(), "Key value has been changed by service");
}
+RUNNER_TEST(T1014_save_with_label)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::KeyShPtr key_name, key_full_addr;
+ CKM::Alias alias = "mykey-2";
+ CharPtr top_label = get_label();
+ std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // lookup by name
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key_name->getDER(),
+ "Key value has been changed by service");
+
+ // lookup by full address
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key_full_addr->getDER(),
+ "Key value has been changed by service");
+}
-RUNNER_TEST(T1014_deinit)
+RUNNER_TEST(T1015_deinit)
{
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
buffer == buffer2,
"Data corrupted");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)),
+ "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
}
RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1");
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeData(invalid_address.c_str())),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeData("data1")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias("data1")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeData("data3")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias("data3")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1039_deinit)
+RUNNER_TEST(T1034_getData_wrong_password)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string binData1 = "My bin data4";
+
+ CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
+ "Error=" << CKM::ErrorToString(temp));
+
+ CKM::RawBuffer buffer;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ buffer == buffer1,
+ "Data corrupted");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1035_deinit)
{
int temp;
auto control = CKM::Control::create();
"Vector size: " << temp << ". Expected: 2");
}
-RUNNER_CHILD_TEST(T1042_create_dsa_key)
+RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::AliasVector av;
+
+ AccessProvider ap("mylabel-rsa");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T1043_create_dsa_key)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12103_saveKey_empty_key)
+RUNNER_TEST(T12103_saveKey_foreign_label)
+{
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer);
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int ret;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12104_saveKey_empty_key)
{
CKM::KeyShPtr key; //key is not initialized
CKM::Alias alias = "empty-key";
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12104_saveCertificate_empty_alias)
+RUNNER_TEST(T12105_saveCertificate_empty_alias)
{
std::string certPem =
"-----BEGIN CERTIFICATE-----\n"
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12105_saveCertificate_empty_cert)
+RUNNER_TEST(T12106_saveCertificate_foreign_label)
+{
+ std::string certPem =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
+ "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+ "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
+ "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+ "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
+ "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
+ "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
+ "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
+ "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
+ "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
+ "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
+ "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
+ "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
+ "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
+ "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
+ "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
+ "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
+ "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
+ "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
+ "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
+ "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
+ "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
+ "rHva8A==\n"
+ "-----END CERTIFICATE-----\n";
+
+ CKM::RawBuffer buffer(certPem.begin(), certPem.end());
+ auto cert = CKM::Certificate::create(buffer, CKM::DataFormat::FORM_PEM);
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
CKM::CertificateShPtr cert; //cert is not initialized
CKM::Alias alias = "empty-cert";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12106_saveData_empty_alias)
+RUNNER_TEST(T12108_saveData_empty_alias)
{
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12107_saveData_empty_data)
+RUNNER_TEST(T12109_saveData_foreign_label)
+{
+ std::string testData = "test data test data test data";
+ CKM::RawBuffer buffer(testData.begin(), testData.end());
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12110_saveData_empty_data)
{
CKM::RawBuffer buffer;
CKM::Alias alias = "empty-data";
* These test cases tests API when trying to get data from not existing alias
*/
-RUNNER_TEST(T12108_getKey_alias_not_exist)
+RUNNER_TEST(T12111_getKey_alias_not_exist)
{
CKM::KeyShPtr key;
CKM::Alias alias = "this-alias-not-exist";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12109_getCertificate_alias_not_exist)
+RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
CKM::CertificateShPtr certificate;
CKM::Alias alias = "this-alias-not-exist";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12110_getData_alias_not_exist)
+RUNNER_TEST(T12113_getData_alias_not_exist)
{
int temp;
auto manager = CKM::Manager::create();
/*
* These test cases tests API when damaged keys are used
*/
-RUNNER_TEST(T12111_rsa_key_damaged)
+RUNNER_TEST(T12114_rsa_key_damaged)
{
int ret;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12112_rsa_key_too_short)
+RUNNER_TEST(T12115_rsa_key_too_short)
{
int ret;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12113_dsa_key_too_short)
+RUNNER_TEST(T12116_dsa_key_too_short)
{
int ret;
auto manager = CKM::Manager::create();
* These test cases tests CKM service if malicious data is provided over the socket.
*/
-RUNNER_TEST(T12114_rsa_key_damaged_serviceTest)
+RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
{
int ret;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12115_saveCertificate_damaged_serviceTest)
+RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
{
// fake the client - let the service detect the problem
class WrongCertImpl : public CKM::Certificate
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12116_deinit)
+RUNNER_TEST(T12119_deinit)
{
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert,
+ EMPTY_CERT_VECTOR,
+ EMPTY_CERT_VECTOR,
+ true,
+ certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
"Wrong size of certificate chain.");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
aliasVector.push_back(full_address);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
"Wrong size of certificate chain.");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
"Error=" << CKM::ErrorToString(temp));
}
+RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
+
RUNNER_TEST(T14180_init)
{
int temp;
"Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_CHILD_TEST(T1511_init_insert_data)
+RUNNER_CHILD_TEST(T1511_insert_data)
{
AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
std::string invalid_address = aliasWithLabel("i-do-not-exist", alias.c_str());
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeKey(invalid_address.c_str())),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeKey(alias)),
+ CKM_API_SUCCESS == (temp = manager->removeAlias(alias)),
"Error=" << CKM::ErrorToString(temp));
}
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"","user-pass")),
"Error=" << CKM::ErrorToString(tmp));
+ // confirm changed password
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_APP,"user-pass")),
+ CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM::ErrorToString(tmp));
}
RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative)
CKM_API_ERROR_DB_LOCKED == (temp = manager->getKey(alias, CKM::Password(), key2)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->removeKey(alias)),
+ CKM_API_ERROR_DB_LOCKED == (temp = manager->removeAlias(alias)),
"Error=" << CKM::ErrorToString(temp));
}
"Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_CHILD_TEST(T1702_init_insert_data)
+RUNNER_CHILD_TEST(T1702_insert_data)
{
int temp;
AccessProvider ap("t170-special-label");
RUNNER_TEST_GROUP_INIT(T180_PKCS12);
-RUNNER_TEST(T1801) {
+namespace
+{
+CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
+CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
+CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
+CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
+}
+
+RUNNER_TEST(T1800_init) {
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ auto manager = CKM::Manager::create();
+ manager->removeAlias(alias_PKCS_collision);
+ manager->removeAlias(alias_PKCS_exportable);
+ manager->removeAlias(alias_PKCS_not_exportable);
+ manager->removeAlias(alias_PKCS_priv_key_copy);
+ manager->removeAlias(alias_PKCS_priv_key_wrong);
+}
+
+RUNNER_TEST(T1801_parse_PKCS12) {
std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
std::istreambuf_iterator<char> begin(is), end;
std::vector<char> buff(begin, end);
"Expected error in PKCS12::create()");
}
-RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
-
-RUNNER_TEST(T1901_init_unlock_key)
+RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias)
{
- int tmp;
- auto control = CKM::Control::create();
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(tmp));
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ // save private key
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ int temp;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1902_get_data)
+RUNNER_TEST(T1805_add_bundle_with_chain_certificates)
{
auto manager = CKM::Manager::create();
- CKM::KeyShPtr ptr;
-
- int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1,
- "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
-}
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
-RUNNER_TEST(T1903_lock_database)
-{
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+
+ // save to the CKM
int tmp;
- auto control = CKM::Control::create();
+ CKM::Policy exportable;
+ CKM::Policy notExportable(CKM::Password(), false);
+
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
+ CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup key
+ CKM::KeyShPtr key_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup certificate
+ CKM::CertificateShPtr cert_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
"Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_TEST(T1904_get_data_from_locked_database)
+RUNNER_TEST(T1806_get_PKCS)
{
+ int temp;
auto manager = CKM::Manager::create();
- CKM::KeyShPtr ptr;
- int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
+ CKM::PKCS12ShPtr pkcs;
+ // fail - no entry
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == status1,
- "Could not get key from locked database. Error=" << CKM::ErrorToString(status1));
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // fail - not exportable
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // success - exportable
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
}
-RUNNER_TEST(T1905_deinit)
+RUNNER_TEST(T1807_create_and_verify_signature)
{
- int tmp;
- auto control = CKM::Control::create();
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string message = "message test";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST_GROUP_INIT (T200_CKM_CC_MODE_TESTS); // this test group is only for non-cc certified device
-/* sequence
- * default status : no event callback registered. // vconftool unset file/security_mdpp/security_mdpp_state
- * - `ps axf | grep key-manager-listener | grep -v grep | awk '{print "kill -9 " $1}'`
- * - vconftool unset file/security_mdpp/security_mdpp_state
- * - /usr/bin/key-manager-listener
-
- * - Create RSA key // createKeyPairRSA
- * - try to get private key -> must be success // getKey
- * - vconftool set -t string file/security_mdpp/security_mdpp_state "Enabled"
- * - try to get private key : must be success because no callback registered. // getKey
- *
- * new status : event callback registered. // unset mdpp_state vconf key and reset mdpp state vconf key
- * - `ps axf | grep key-manager-listener | grep -v grep | awk '{print "kill -9 " $1}'`
- * - vconftool set -t string file/security_mdpp/security_mdpp_state "Disabled" -f
- * - /usr/bin/key-manager-listener
- * - Create RSA key // createKeyPairRSA
- * - try to get private key -> must be success // getKey
- * - vconftool set -t string file/security_mdpp/security_mdpp_state "Enabled" -f
- * - try to get private key -> must be fail because cc mode is set to 1
- */
+RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n"
+ "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n"
+ "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n"
+ "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n"
+ "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n"
+ "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n"
+ "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n"
+ "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n"
+ "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n"
+ "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n"
+ "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n"
+ "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n"
+ "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n"
+ "-----END RSA PRIVATE KEY-----";
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
-RUNNER_TEST(T2001_init_cc_mode_tests)
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_priv_key_copy,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
{
- system("`ps axf | grep key-manager-listener | grep -v grep | awk '{print \"kill -9 \" $1}'`");
- system("vconftool unset file/security_mdpp/security_mdpp_state");
- system("/usr/bin/key-manager-listener");
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_priv_key_wrong,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1810_verify_get_certificate_chain)
+{
+ // this certificate has been signed using PKCS chain
+ std::string im = "-----BEGIN CERTIFICATE-----\n"
+ "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
+ "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n"
+ "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n"
+ "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n"
+ "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n"
+ "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n"
+ "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n"
+ "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n"
+ "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n"
+ "Qw==\n"
+ "-----END CERTIFICATE-----\n";
+
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ CKM::CertificateShPtrVector certChain;
+ CKM::AliasVector aliasVector;
int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->setCCMode(CKM::CCModeState::CC_MODE_OFF)), // default state : cc mode off
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
+
+ tmp = manager->getCertificateChain(cert,
+ EMPTY_ALIAS_VECTOR,
+ EMPTY_ALIAS_VECTOR,
+ true,
+ certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ 0 == certChain.size(),
+ "Wrong size of certificate chain.");
+
+ aliasVector.push_back(alias_PKCS_exportable);
+
+ tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
+
+ // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4
+ RUNNER_ASSERT_MSG(
+ 4 == certChain.size(),
+ "Wrong size of certificate chain: " << certChain.size());
+}
+
+RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
+{
+ auto manager = CKM::Manager::create();
+ int tmp;
+
+
+ // remove the whole PKCS12 bundles
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)),
"Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)),
"Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
+
+ // expect lookup fails due to unknown alias
+ // try to lookup key
+ CKM::KeyShPtr key_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
"Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t200-special-password")),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup certificate
+ CKM::CertificateShPtr cert_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
"Error=" << CKM::ErrorToString(tmp));
- system("");
}
-RUNNER_TEST(T2002_CC_Mode_Changed_Event_Callback_Not_Registered)
+RUNNER_TEST(T1812_get_pkcs12_password_tests)
{
- int temp;
+ CKM::Alias alias = "t1812alias1";
+
auto manager = CKM::Manager::create();
- CKM::Alias rsa_pri_alias("rsa-private-T2002");
- CKM::Alias rsa_pub_alias("rsa-public-T2002");
- CKM::Alias ecdsa_pri_alias("ecdsa-private-T2002");
- CKM::Alias ecdsa_pub_alias("ecdsa-public-T2002");
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+ CKM::PKCS12ShPtr pkcs12;
+ CKM::Password pass1 = "easypass1";
+ CKM::Password pass2 = "easypass2";
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
- 1024,
- rsa_pri_alias,
- rsa_pub_alias,
- CKM::Policy(CKM::Password(), true),
- CKM::Policy(CKM::Password(), true))),
- "Error=" << CKM::ErrorToString(temp));
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+ int temp;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
- CKM::ElipticCurve::prime192v1,
- ecdsa_pri_alias,
- ecdsa_pub_alias,
- CKM::Policy(CKM::Password(), true),
- CKM::Policy(CKM::Password(), true))),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy(pass1), CKM::Policy(pass2))),
+ "Error=" << CKM::ErrorToString(temp));
- CKM::KeyShPtr key1;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(
- rsa_pri_alias,
- CKM::Password(),
- key1)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), CKM::Password(), pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(
- ecdsa_pri_alias,
- CKM::Password(),
- key1)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pass1, CKM::Password(), pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
- system("vconftool set -t string file/security_mdpp/security_mdpp_state \"Enabled\"");
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), pass2, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(
- rsa_pri_alias,
- CKM::Password(),
- key1)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_SUCCESS == (temp = manager->getPKCS12(alias, pass1, pass2, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+ CKM::CertificateShPtr cert;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(
- ecdsa_pri_alias,
- CKM::Password(),
- key1)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_SUCCESS == (temp = manager->getCertificate(alias, pass2, cert)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ CKM::CertificateShPtrVector certChain;
+ CKM::AliasVector certVect;
+ certVect.push_back(alias);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getCertificateChain(cert, certVect, certVect, true, certChain)),
+ "Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T2003_CC_Mode_Changed_Event_Callback_Registered)
+RUNNER_TEST(T1813_deinit)
{
- system("`ps axf | grep key-manager-listener | grep -v grep | awk '{print \"kill -9 \" $1}'`");
- system("vconftool set -t string file/security_mdpp/security_mdpp_state \"Disabled\" -f");
- system("/usr/bin/key-manager-listener");
-
int temp;
- auto manager = CKM::Manager::create();
- CKM::Alias rsa_pri_alias("rsa-private-T2003");
- CKM::Alias rsa_pub_alias("rsa-public-T2003");
- CKM::Alias ecdsa_pri_alias("ecdsa-private-T2003");
- CKM::Alias ecdsa_pub_alias("ecdsa-public-T2003");
+ auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(
- 1024,
- rsa_pri_alias,
- rsa_pub_alias,
- CKM::Policy(CKM::Password(), true),
- CKM::Policy(CKM::Password(), true))),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
+RUNNER_TEST(T1901_init_unlock_key)
+{
+ int tmp;
+ auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA(
- CKM::ElipticCurve::prime192v1,
- ecdsa_pri_alias,
- ecdsa_pub_alias,
- CKM::Policy(CKM::Password(), true),
- CKM::Policy(CKM::Password(), true))),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST(T1902_get_data)
+{
+ auto manager = CKM::Manager::create();
+ CKM::KeyShPtr ptr;
- CKM::KeyShPtr key1;
+ int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(
- rsa_pri_alias,
- CKM::Password(),
- key1)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1,
+ "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
+}
+RUNNER_TEST(T1903_lock_database)
+{
+ int tmp;
+ auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(
- ecdsa_pri_alias,
- CKM::Password(),
- key1)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
- system("vconftool set -t string file/security_mdpp/security_mdpp_state \"Enabled\" -f");
+RUNNER_TEST(T1904_get_data_from_locked_database)
+{
+ auto manager = CKM::Manager::create();
+ CKM::KeyShPtr ptr;
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = manager->getKey(
- rsa_pri_alias,
- CKM::Password(),
- key1)),
- "Error=" << CKM::ErrorToString(temp));
+ int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr);
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = manager->getKey(
- ecdsa_pri_alias,
- CKM::Password(),
- key1)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_ERROR_DB_LOCKED == status1,
+ "Could not get key from locked database. Error=" << CKM::ErrorToString(status1));
}
-RUNNER_TEST(T2004_deinit)
+RUNNER_TEST(T1905_deinit)
{
int tmp;
auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->setCCMode(CKM::CCModeState::CC_MODE_OFF)), // default state : cc mode off
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
"Error=" << CKM::ErrorToString(tmp));
- system("`ps axf | grep key-manager-listener | grep -v grep | awk '{print \"kill -9 \" $1}'`");
- system("vconftool unset file/security_mdpp/security_mdpp_state");
- system("/usr/bin/key-manager-listener");
}
int main(int argc, char *argv[])
projects / platform / core / test / security-tests.git / blobdiff