#include <netdb.h>
-#include <dpl/log/log.h>
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
#include <tests_common.h>
-#include <access_provider.h>
+#include <access_provider2.h>
+#include <ckm-common.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
#include <ckm/ckm-password.h>
#include <fstream>
-static const int USER_APP = 5000;
-static const int GROUP_APP = 5000;
-static const int USER_TEST = 5001;
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include <dpl/log/log.h>
+
+namespace {
+const int USER_APP = 5000;
+const int GROUP_APP = 5000;
+const int USER_TEST = 5001;
+
+const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CKM::AliasVector EMPTY_ALIAS_VECTOR;
+} // namespace anonymous
/*
* How to numerate tests:
* D - subtest.
*/
+RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT);
+RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) {
+ stop_service(MANAGER);
+ start_service(MANAGER);
+
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ // all further tests will start with newly started service,
+ // OpenSSL on the service side will have to be properly initialized too
+ stop_service(MANAGER);
+ start_service(MANAGER);
+}
-RUNNER_TEST_GROUP_INIT(T0000_CKM_CONTROL);
+RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL);
-RUNNER_TEST(T0010_Control)
+RUNNER_TEST(T0011_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0020_Control)
+RUNNER_TEST(T0012_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0030_Control)
+RUNNER_TEST(T0013_Control)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0040_Control)
+RUNNER_TEST(T0014_Control)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(14)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(14)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T0015_Control)
{
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "simple-password")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(20)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T0050_Control)
+RUNNER_TEST(T0016_Control_negative_wrong_password)
{
int temp;
auto control = CKM::Control::create();
CKM_API_SUCCESS == (temp = control->lockUserKey(20)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->removeUserData(20)),
"Error=" << CKM::ErrorToString(temp));
}
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
RUNNER_CHILD_TEST(T1013_user_app_save_key)
{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
key->getDER() == key2->getDER(), "Key value has been changed by service");
}
+RUNNER_TEST(T1014_save_with_label)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::KeyShPtr key_name, key_full_addr;
+ CKM::Alias alias = "mykey-2";
+ CharPtr top_label = get_label();
+ std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // lookup by name
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key_name->getDER(),
+ "Key value has been changed by service");
+
+ // lookup by full address
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key_full_addr->getDER(),
+ "Key value has been changed by service");
+}
-RUNNER_TEST(T1014_deinit)
+RUNNER_TEST(T1015_deinit)
{
int temp;
auto control = CKM::Control::create();
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey1", key, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveKey("rootkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_CHILD_TEST(T1022_app_user_save_keys_get_alias)
{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveKey("appkey1", key, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveKey("appkey3", key, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_CHILD_TEST(T1023_app_user_save_keys_exportable_flag)
{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
CKM::RawBuffer buffer3(binData3.begin(), binData3.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer1, CKM::Policy())),
CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveData("data4", buffer3, CKM::Policy(CKM::Password(), false))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
RUNNER_ASSERT_MSG(
buffer == buffer2,
"Data corrupted");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)),
+ "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp));
}
RUNNER_CHILD_TEST(T1032_app_user_save_bin_data)
{
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
int temp;
CKM::RawBuffer buffer(binData.begin(), binData.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->saveData("appdata1", buffer, CKM::Policy())),
CKM_API_SUCCESS == (temp = manager->saveData("appdata3", buffer, CKM::Policy(CKM::Password(), true))),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 3,
- "Wrong size of list: " << aliasVector.size() << " Expected: 3");
+ labelAliasVector.size() == 3,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 3");
}
RUNNER_TEST(T1033_remove_bin_data)
std::string binData2 = "My bin data2";
CKM::RawBuffer buffer2(binData2.begin(), binData2.end());
- CKM::AliasVector aliasVector;
+ CKM::AliasVector labelAliasVector;
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1");
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeData("data1")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias("data1")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeData("data3")),
+ CKM_API_SUCCESS == (temp = manager->removeAlias("data3")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getDataAliasVector(aliasVector)),
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
- aliasVector.size() == 1,
- "Wrong size of list: " << aliasVector.size() << " Expected: 1");
+ labelAliasVector.size() == 1,
+ "Wrong size of list: " << labelAliasVector.size() << " Expected: 1");
CKM::RawBuffer buffer;
RUNNER_ASSERT_MSG(
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1039_deinit)
+RUNNER_TEST(T1034_getData_wrong_password)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string binData1 = "My bin data4";
+
+ CKM::RawBuffer buffer1(binData1.begin(), binData1.end());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))),
+ "Error=" << CKM::ErrorToString(temp));
+
+ CKM::RawBuffer buffer;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ buffer == buffer1,
+ "Data corrupted");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1035_deinit)
{
int temp;
auto control = CKM::Control::create();
auto manager = CKM::Manager::create();
CKM::AliasVector av;
- SecurityServer::AccessProvider ap("mylabel");
- ap.addObjectRule("key-manager::api-storage", "rw");
+ AccessProvider ap("mylabel-rsa");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1_RSA"), CKM::Alias("PUB_KEY1_RSA"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 2 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 2");
+}
+
+RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::AliasVector av;
+
+ AccessProvider ap("mylabel-rsa");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T1043_create_dsa_key)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::AliasVector av;
+
+ AccessProvider ap("mylabel-dsa");
+ ap.allowAPI("key-manager::api-storage", "rw");
ap.applyAndSwithToUser(USER_APP, GROUP_APP);
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY1"), CKM::Alias("PUB_KEY1"), CKM::Policy(), CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, CKM::Alias("PRV_KEY1_DSA"), CKM::Alias("PUB_KEY1_DSA"), CKM::Policy(), CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
}
-RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPairRSA);
+RUNNER_TEST_GROUP_INIT(T111_CKM_CreateKeyPair);
RUNNER_TEST(T1110_init)
{
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1112_CreateKeyPairECDSA)
+RUNNER_TEST(T1112_CreateKeyPairDSA)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::Alias a1("dsa-test-1");
+ CKM::Alias a2("dsa-test-2");
+ CKM::Policy p1;
+ CKM::Policy p2;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->createKeyPairDSA(1024, a1, a2, p1, p2)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1113_CreateKeyPairECDSA)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1113_deinit)
+RUNNER_TEST(T1114_deinit)
{
int temp;
auto control = CKM::Control::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12103_saveKey_empty_key)
+RUNNER_TEST(T12103_saveKey_foreign_label)
+{
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer);
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int ret;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12104_saveKey_empty_key)
{
CKM::KeyShPtr key; //key is not initialized
CKM::Alias alias = "empty-key";
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12104_saveCertificate_empty_alias)
+RUNNER_TEST(T12105_saveCertificate_empty_alias)
{
std::string certPem =
"-----BEGIN CERTIFICATE-----\n"
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12105_saveCertificate_empty_cert)
+RUNNER_TEST(T12106_saveCertificate_foreign_label)
+{
+ std::string certPem =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n"
+ "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n"
+ "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n"
+ "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n"
+ "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n"
+ "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
+ "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n"
+ "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n"
+ "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n"
+ "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n"
+ "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n"
+ "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n"
+ "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n"
+ "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n"
+ "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n"
+ "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n"
+ "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n"
+ "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n"
+ "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n"
+ "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n"
+ "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n"
+ "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n"
+ "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n"
+ "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n"
+ "rHva8A==\n"
+ "-----END CERTIFICATE-----\n";
+
+ CKM::RawBuffer buffer(certPem.begin(), certPem.end());
+ auto cert = CKM::Certificate::create(buffer, CKM::DataFormat::FORM_PEM);
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12107_saveCertificate_empty_cert)
{
CKM::CertificateShPtr cert; //cert is not initialized
CKM::Alias alias = "empty-cert";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12106_saveData_empty_alias)
+RUNNER_TEST(T12108_saveData_empty_alias)
{
std::string testData = "test data test data test data";
CKM::RawBuffer buffer(testData.begin(), testData.end());
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12107_saveData_empty_data)
+RUNNER_TEST(T12109_saveData_foreign_label)
+{
+ std::string testData = "test data test data test data";
+ CKM::RawBuffer buffer(testData.begin(), testData.end());
+ CKM::Alias alias = "iamsomebodyelse alias";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12110_saveData_empty_data)
{
CKM::RawBuffer buffer;
CKM::Alias alias = "empty-data";
* These test cases tests API when trying to get data from not existing alias
*/
-RUNNER_TEST(T12108_getKey_alias_not_exist)
+RUNNER_TEST(T12111_getKey_alias_not_exist)
{
CKM::KeyShPtr key;
CKM::Alias alias = "this-alias-not-exist";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12109_getCertificate_alias_not_exist)
+RUNNER_TEST(T12112_getCertificate_alias_not_exist)
{
CKM::CertificateShPtr certificate;
CKM::Alias alias = "this-alias-not-exist";
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12110_getData_alias_not_exist)
+RUNNER_TEST(T12113_getData_alias_not_exist)
{
int temp;
auto manager = CKM::Manager::create();
/*
* These test cases tests API when damaged keys are used
*/
-RUNNER_TEST(T12111_rsa_key_damaged)
+RUNNER_TEST(T12114_rsa_key_damaged)
{
int ret;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12112_rsa_key_too_short)
+RUNNER_TEST(T12115_rsa_key_too_short)
{
int ret;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12113_deinit)
+RUNNER_TEST(T12116_dsa_key_too_short)
{
- int temp;
- auto control = CKM::Control::create();
+ int ret;
+ auto manager = CKM::Manager::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
-}
+ const std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
+ "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
+ //"A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
+ "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
+ //"AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
+ "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
+ "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
+ "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
+ "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
+ "YMYCBhubtrVaLmc=\n"
+ "-----END PUBLIC KEY-----";
-RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer);
+ CKM::Alias alias = "short-dsa";
-RUNNER_TEST(T1311_init)
-{
- int temp;
- auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(time(0) > 1405343457,
- "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
-
- struct hostent* he = gethostbyname("google.com");
-
- RUNNER_ASSERT_MSG(he != NULL, "There is problem with translate domain google.com into ip address. Probably network "
- "is not woking on the device. OCSP tests requires network access!");
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T1312_get_chain)
+
+/*
+ * These test cases tests CKM service if malicious data is provided over the socket.
+ */
+
+RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
+{
+ int ret;
+ auto manager = CKM::Manager::create();
+
+ // fake the client - let the service detect the problem
+ class WrongKeyImpl : public CKM::Key
+ {
+ public:
+ WrongKeyImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
+ }
+
+ virtual bool empty() const {
+ return false;
+ }
+
+ virtual CKM::KeyType getType() const {
+ return CKM::KeyType::KEY_RSA_PUBLIC;
+ }
+ virtual int getSize() const {
+ return 1024;
+ }
+ virtual CKM::ElipticCurve getCurve() const {
+ return CKM::ElipticCurve::prime192v1;
+ }
+ virtual CKM::RawBuffer getDER() const {
+ return m_dummy;
+ }
+ virtual ~WrongKeyImpl() {}
+ private:
+ CKM::RawBuffer & m_dummy;
+ };
+ std::string dummyData = "my_cat_Berta\n";
+ CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
+ auto key = std::make_shared<WrongKeyImpl>(buffer);
+ CKM::Alias alias = "damaged-rsa";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
+
+RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
+{
+ // fake the client - let the service detect the problem
+ class WrongCertImpl : public CKM::Certificate
+ {
+ public:
+ WrongCertImpl(CKM::RawBuffer & dummy_content) : m_dummy(dummy_content) {
+ m_x509 = X509_new();
+ }
+
+ bool empty() const {
+ return false;
+ }
+
+ virtual X509 *getX509() const {
+ return m_x509;
+ }
+
+ virtual CKM::RawBuffer getDER() const {
+ return m_dummy;
+ }
+
+ virtual ~WrongCertImpl() {
+ X509_free(m_x509);
+ }
+ private:
+ X509* m_x509;
+ CKM::RawBuffer & m_dummy;
+ };
+ std::string dummyData = "my_cat_Stefan\n";
+ CKM::RawBuffer buffer(dummyData.begin(), dummyData.end());
+ auto cert = std::make_shared<WrongCertImpl>(buffer);
+ CKM::Alias alias = "damaged-cert";
+
+ int temp;
+ auto manager = CKM::Manager::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->saveCertificate(alias, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T12119_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T131_CKM_QUICK_SET_GET_TESTS);
+
+RUNNER_TEST(T1311_init)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(time(0) > 1405343457,
+ "Time error. Device date is before 14th of July 2014. You must set proper time on device before run this tests!");
+
+ struct hostent* he = gethostbyname("google.com");
+
+ RUNNER_ASSERT_MSG(he != NULL, "There is problem with translate domain google.com into ip address. Probably network "
+ "is not woking on the device. OCSP tests requires network access!");
+}
+
+RUNNER_TEST(T1312_get_chain)
{
std::string ee = "-----BEGIN CERTIFICATE-----\n"
"MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert,
+ EMPTY_CERT_VECTOR,
+ EMPTY_CERT_VECTOR,
+ true,
+ certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
"Wrong size of certificate chain.");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
CKM::CertificateShPtrVector certChain;
CKM::AliasVector aliasVector;
CKM::Alias alias("imcert");
+ CharPtr top_label = get_label();
+ std::string full_address = aliasWithLabel(top_label.get(), alias.c_str());
int tmp;
auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
CKM_API_SUCCESS == (tmp = manager->saveCertificate(alias, cert1, CKM::Policy())),
"Error=" << CKM::ErrorToString(tmp));
- aliasVector.push_back(alias);
+ aliasVector.push_back(full_address);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
RUNNER_TEST(T1314_ocsp_check)
{
+ RUNNER_IGNORED_MSG("Fixed in next version of ckm!");
+
std::string ee = "-----BEGIN CERTIFICATE-----\n"
"MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
"ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty");
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
0 == certChain.size(),
"Wrong size of certificate chain.");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)),
- "Error=" << CKM::ErrorToString(tmp));
+ tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
3 == certChain.size(),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1413_rsa_key_create_verify_negative)
+RUNNER_TEST(T1413_dsa_key_create_verify)
{
int temp;
auto manager = CKM::Manager::create();
- std::string message = "message asdfaslkdfjlksadjf test";
- CKM::Alias aliasPub = "pub1";
- CKM::Alias aliasPrv = "prv1";
+ std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
+ "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
+ "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
+ "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
+ "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
+ "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
+ "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
+ "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
+ "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
+ "u1roOuaPY+Hl19BlTE2qdw==\n"
+ "-----END DSA PRIVATE KEY-----";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
+ "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
+ "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
+ "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
+ "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
+ "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
+ "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
+ "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
+ "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
+ "YMYCBhubtrVaLmc=\n"
+ "-----END PUBLIC KEY-----";
+ std::string message = "message test";
+
+ CKM::Alias aliasPub = "pub2";
+ CKM::Alias aliasPrv = "prv2";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
+ auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+
+ RUNNER_ASSERT_MSG(NULL != keyPub.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = manager->createSignature(
aliasPrv,
hash,
padd)),
"Error=" << CKM::ErrorToString(temp));
-
- RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
- memcpy((void*)signature.data(), "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
- aliasPub,
- CKM::Password(),
- CKM::RawBuffer(message.begin(), message.end()),
- signature,
- hash,
- padd)),
- "Error=" << CKM::ErrorToString(temp));
}
+
RUNNER_TEST(T1414_ec_key_create_verify)
{
int temp;
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1415_rsa_cert_create_verify_signature)
+RUNNER_TEST(T1415_rsa_key_create_verify_negative)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub1";
+ CKM::Alias aliasPrv = "prv1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1416_dsa_key_create_verify_negative)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub2";
+ CKM::Alias aliasPrv = "prv2";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1417_rsa_cert_create_verify_signature)
{
int temp;
auto manager = CKM::Manager::create();
std::string message = "message test";
- CKM::Alias aliasPub = "pub3";
- CKM::Alias aliasPrv = "prv3";
+ CKM::Alias aliasPub = "pub1-cert";
+ CKM::Alias aliasPrv = "prv1-cert";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1416_ecdsa_cert_create_verify_signature)
+RUNNER_TEST(T1418_dsa_cert_create_verify_signature)
{
int temp;
auto manager = CKM::Manager::create();
- std::string prv =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
- "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
- "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
- "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
- "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
- "ELyhe7yPCAuOoLZlTLgf\n"
- "-----END EC PRIVATE KEY-----\n";
+ const std::string pub = "-----BEGIN CERTIFICATE-----\n"
+ "MIIDUzCCAxECCQCer/fKcXtJgTALBglghkgBZQMEAwIwgYsxCzAJBgNVBAYTAlBM\n"
+ "MQ8wDQYDVQQIDAZQb2xhbmQxDzANBgNVBAcMBldhcnNhdzEQMA4GA1UECgwHU2Ft\n"
+ "c3VuZzEMMAoGA1UECwwDS1NGMRMwEQYDVQQDDAptLmthcnBpdWsyMSUwIwYJKoZI\n"
+ "hvcNAQkBFhZtLmthcnBpdWsyQHNhbXN1bmcuY29tMCAXDTE0MDkyNjEzNTQwN1oY\n"
+ "DzIxNDAwOTA1MTM1NDA3WjCBizELMAkGA1UEBhMCUEwxDzANBgNVBAgMBlBvbGFu\n"
+ "ZDEPMA0GA1UEBwwGV2Fyc2F3MRAwDgYDVQQKDAdTYW1zdW5nMQwwCgYDVQQLDANL\n"
+ "U0YxEzARBgNVBAMMCm0ua2FycGl1azIxJTAjBgkqhkiG9w0BCQEWFm0ua2FycGl1\n"
+ "azJAc2Ftc3VuZy5jb20wggG3MIIBKwYHKoZIzjgEATCCAR4CgYEA9Bhh7ZA4onkY\n"
+ "uDNQbYR4EwkJ6RpD505hB0GF6yppUNp2LanvNcQXcyXY88MB6OdP7Rikbu1H2zP4\n"
+ "gONCtdxKW58Za7h9bFzYjxcObZsS52F9DP7sv3C4sX4xNWApfhUgbfzKaRCJOkOs\n"
+ "06tV7teu3G/v26PdI8dlykIuQXQZmH8CFQCHsIV0njb2yC3ggfKz+exH+g5jAQKB\n"
+ "gBVLYfVCMjUz5XJH+xYU3A8W8rpSLqZKIK2d9mbXqhpz8QK1bvNQUlSRZo+o1ZYV\n"
+ "mJn3Mx2YuiifHZNKdBNweCqe5a+HV2RSl1Yv/TV9famZKlogGslsmPHUOJMlSIdh\n"
+ "MfMwVny4/rNtjEtEFE1WnaTr1W6MKH1EBbizVo8fmWFrA4GFAAKBgQCaPjrlkAyX\n"
+ "kBitWo+w0xZN4OSk13SsCzZ/PG+5zOgMRaFm2XbiC04YsGCi4NFOd9kaiP7w1CsP\n"
+ "iqG6Vwv0T/VcoxBl/hp6jEqTDSrM6z0ungjDO9wGOdI+jZS0UjVahgC4ZLDHhrOa\n"
+ "CjfxcHruO3e416b/Rm2CjhOzjKdoSFUWVzALBglghkgBZQMEAwIDLwAwLAIUHa+A\n"
+ "5xo8O/tPuH9gXkr1mee6kRYCFGNycJ1xkc3nIJaEQOtGfDe7S71A\n"
+ "-----END CERTIFICATE-----\n";
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
- "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
- "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
- "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
- "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
- "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
- "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
- "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
- "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
- "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
- "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
- "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
- "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
- "Q1oBry6NEc+lLFmWMDesAA==\n"
- "-----END CERTIFICATE-----\n";
+ const std::string prv = "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBuwIBAAKBgQD0GGHtkDiieRi4M1BthHgTCQnpGkPnTmEHQYXrKmlQ2nYtqe81\n"
+ "xBdzJdjzwwHo50/tGKRu7UfbM/iA40K13EpbnxlruH1sXNiPFw5tmxLnYX0M/uy/\n"
+ "cLixfjE1YCl+FSBt/MppEIk6Q6zTq1Xu167cb+/bo90jx2XKQi5BdBmYfwIVAIew\n"
+ "hXSeNvbILeCB8rP57Ef6DmMBAoGAFUth9UIyNTPlckf7FhTcDxbyulIupkogrZ32\n"
+ "ZteqGnPxArVu81BSVJFmj6jVlhWYmfczHZi6KJ8dk0p0E3B4Kp7lr4dXZFKXVi/9\n"
+ "NX19qZkqWiAayWyY8dQ4kyVIh2Ex8zBWfLj+s22MS0QUTVadpOvVbowofUQFuLNW\n"
+ "jx+ZYWsCgYEAmj465ZAMl5AYrVqPsNMWTeDkpNd0rAs2fzxvuczoDEWhZtl24gtO\n"
+ "GLBgouDRTnfZGoj+8NQrD4qhulcL9E/1XKMQZf4aeoxKkw0qzOs9Lp4IwzvcBjnS\n"
+ "Po2UtFI1WoYAuGSwx4azmgo38XB67jt3uNem/0Ztgo4Ts4ynaEhVFlcCFGMH+Z9l\n"
+ "vonbjii3BYe4AIdkzOvp\n"
+ "-----END DSA PRIVATE KEY-----\n";
std::string message = "message test";
- CKM::Alias aliasPub = "pub4";
- CKM::Alias aliasPrv = "prv4";
+ CKM::Alias aliasPub = "pub2-cert";
+ CKM::Alias aliasPrv = "prv2-cert";
CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
CKM::RawBuffer signature;
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1417_deinit)
+RUNNER_TEST(T1419_ecdsa_cert_create_verify_signature)
{
int temp;
- auto control = CKM::Control::create();
-
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(temp));
-}
-
-RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
-
-RUNNER_CHILD_TEST(T1510_init_unlock_key)
-{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
-
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
+ auto manager = CKM::Manager::create();
-RUNNER_CHILD_TEST(T1511_init_insert_data)
-{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+ std::string prv =
+ "-----BEGIN EC PRIVATE KEY-----\n"
+ "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
+ "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
+ "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
+ "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
+ "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
+ "ELyhe7yPCAuOoLZlTLgf\n"
+ "-----END EC PRIVATE KEY-----\n";
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
+ std::string pub =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
+ "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
+ "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
+ "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
+ "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
+ "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
+ "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
+ "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
+ "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
+ "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
+ "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
+ "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
+ "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
+ "Q1oBry6NEc+lLFmWMDesAA==\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string message = "message test";
+
+ CKM::Alias aliasPub = "pub3";
+ CKM::Alias aliasPrv = "prv3";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(pub.begin(), pub.end()), CKM::DataFormat::FORM_PEM);
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()));
+
+ RUNNER_ASSERT_MSG(NULL != cert.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveCertificate(aliasPub, cert, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1420_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST_GROUP_INIT(T1418_signature_tests);
+
+RUNNER_TEST(T14180_init)
+{
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ auto manager = CKM::Manager::create();
+
+ // Prepare RSA Key Pair
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "Proc-Type: 4,ENCRYPTED\n"
+ "DEK-Info: DES-EDE3-CBC,6C6507B11671DABC\n"
+ "\n"
+ "YiKNviNqc/V/i241CKtAVsNckesE0kcaka3VrY7ApXR+Va93YoEwVQ8gB9cE/eHH\n"
+ "S0j3ZS1PAVFM/qo4ZnPdMzaSLvTQw0GAL90wWgF3XQ+feMnWyBObEoQdGXE828TB\n"
+ "SLz4UOIQ55Dx6JSWTfEhwAlPs2cEWD14xvuxPzAEzBIYmWmBBsCN94YgFeRTzjH0\n"
+ "TImoYVMN60GgOfZWw6rXq9RaV5dY0Y6F1piypCLGD35VaXAutdHIDvwUGECPm7SN\n"
+ "w05jRro53E1vb4mYlZEY/bs4q7XEOI5+ZKT76Xn0oEJNX1KRL1h2q8fgUkm5j40M\n"
+ "uQj71aLR9KyIoQARwGLeRy09tLVjH3fj66CCMqaPcxcIRIyWi5yYBB0s53ipm6A9\n"
+ "CYuyc7MS2C0pOdWKsDvYsHR/36KUiIdPuhF4AbaTqqO0eWeuP7Na7dGK56Fl+ooi\n"
+ "cUpJr7cIqMl2vL25B0jW7d4TB3zwCEkVVD1fBPeNoZWo30z4bILcBqjjPkQfHZ2e\n"
+ "xNraG3qI4FHjoPT8JEE8p+PgwaMoINlICyIMKiCdvwz9yEnsHPy7FkmatpS+jFoS\n"
+ "mg8R9vMwgK/HGEm0dmb/7/a0XsG2jCDm6cOmJdZJFQ8JW7hFs3eOHpNlQYDChG2D\n"
+ "A1ExslqBtbpicywTZhzFdYU/hxeCr4UqcY27Zmhr4JlBPMyvadWKeOqCamWepjbT\n"
+ "T/MhWJbmWgZbI5s5sbpu7cOYubQcUIEsTaQXGx/KEzGo1HLn9tzSeQfP/nqjAD/L\n"
+ "T5t1Mb8o4LuV/fGIT33Q3i2FospJMqp2JINNzG18I6Fjo08PTvJ3row40Rb76+lJ\n"
+ "wN1IBthgBgsgsOdB6XNc56sV+uq2TACsNNWw+JnFRCkCQgfF/KUrvN+WireWq88B\n"
+ "9UPG+Hbans5A6K+y1a+bzfdYnKws7x8wNRyPxb7Vb2t9ZTl5PBorPLVGsjgf9N5X\n"
+ "tCdBlfJsUdXot+EOxrIczV5zx0JIB1Y9hrDG07RYkzPuJKxkW7skqeLo8oWGVpaQ\n"
+ "LGWvuebky1R75hcSuL3e4QHfjBHPdQ31fScB884tqkbhBAWr2nT9bYEmyT170bno\n"
+ "8QkyOSb99xZBX55sLDHs9p61sTJr2C9Lz/KaWQs+3hTkpwSjSRyjEMH2n491qiQX\n"
+ "G+kvLEnvtR8sl9zinorj/RfsxyPntAxudfY3qaYUu2QkLvVdfTVUVbxS/Fg8f7B3\n"
+ "hEjCtpKgFjPxQuHE3didNOr5xM7mkmLN/QA7yHVgdpE64T5mFgC3JcVRpcR7zBPH\n"
+ "3OeXHgjrhDfN8UIX/cq6gNgD8w7O0rhHa3mEXI1xP14ykPcJ7wlRuLm9P3fwx5A2\n"
+ "jQrVKJKw1Nzummmspn4VOpJY3LkH4Sxo4e7Soo1l1cxJpzmERwgMF+vGz1L70+DG\n"
+ "M0hVrz1PxlOsBBFgcdS4TB91DIs/RcFDqrJ4gOPNKCgBP+rgTXXLFcxUwJfE3lKg\n"
+ "Kmpwdne6FuQYX3eyRVAmPgOHbJuRQCh/V4fYo51UxCcEKeKy6UgOPEJlXksWGbH5\n"
+ "VFmlytYW6dFKJvjltSmK6L2r+TlyEQoXwTqe4bkfhB2LniDEq28hKQ==\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----\n";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+ CKM::Password password = "1234";
+
+ auto keyPub = CKM::Key::create(CKM::RawBuffer(pub.begin(), pub.end()));
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), password);
+
+ RUNNER_ASSERT_MSG(NULL != keyPub.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPub, keyPub, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasPrv, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // Prepare ECDSA Key Pair
+ std::string ecprv = "-----BEGIN EC PRIVATE KEY-----\n"
+ "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
+ "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
+ "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END EC PRIVATE KEY-----\n";
+
+ std::string ecpub = "-----BEGIN PUBLIC KEY-----\n"
+ "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
+ "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
+ "-----END PUBLIC KEY-----\n";
+
+ CKM::Alias aliasEcPub = "ecpub_nohash1";
+ CKM::Alias aliasEcPrv = "ecprv_nohash1";
+
+ auto ecKeyPub = CKM::Key::create(CKM::RawBuffer(ecpub.begin(), ecpub.end()));
+ auto ecKeyPrv = CKM::Key::create(CKM::RawBuffer(ecprv.begin(), ecprv.end()));
+
+ RUNNER_ASSERT_MSG(NULL != ecKeyPub.get(),
+ "Key is empty. Failed to import public key.");
+ RUNNER_ASSERT_MSG(NULL != ecKeyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPub, ecKeyPub, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(aliasEcPrv, ecKeyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST(T14181_rsa_create_signatue_nohash)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T14182_rsa_create_signatue_nohash_nopad)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "message asdfaslkdfjlksadjf test";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T14183_rsa_create_signatue_nohash_bigmsg)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ std::string message = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+
+ CKM::Alias aliasPub = "pub_nohash1";
+ CKM::Alias aliasPrv = "prv_nohash1";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST(T14184_ec_create_signatue_nohash)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string message = "message test";
+
+ CKM::Alias aliasPub = "ecpub_nohash1";
+ CKM::Alias aliasPrv = "ecprv_nohash1";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(signature.size() > 6, "Signature is too small");
+
+ memcpy((void*)signature.data(), "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ aliasPub,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T14185_ec_create_signatue_nohash_bigmsg)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ int msgSize = 1024*1024;
+ char big_msg[msgSize];
+ for(int i =0; i<msgSize-1; i++) {
+ big_msg[i] = 'a';
+ }
+ big_msg[msgSize-1]=0x00;
+ std::string message(big_msg);
+
+ CKM::Alias aliasPub = "ecpub_nohash1";
+ CKM::Alias aliasPrv = "ecprv_nohash1";
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::NONE;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::NONE;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ aliasPrv,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST(T14189_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(0)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+
+RUNNER_TEST_GROUP_INIT(T151_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_CHILD_TEST(T1510_init_unlock_key)
+{
+ int tmp;
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST, "strong-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1511_insert_data)
+{
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST, GROUP_APP);
+
+ std::string ee = "-----BEGIN CERTIFICATE-----\n"
+ "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
+ "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+ "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
+ "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
+ "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
+ "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
+ "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
+ "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
+ "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
+ "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
+ "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
+ "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
+ "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
+ "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
+ "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
+ "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
+ "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
+ "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
+ "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
+ "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
+ "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
+ "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
+ "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
+ "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
+ "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
+ "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
+ "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
+ "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
+ "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
+ "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
+ "oFXtrg0=\n"
+ "-----END CERTIFICATE-----\n";
+
+ std::string im =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
+ "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+ "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
+ "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
+ "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
+ "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
+ "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
+ "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
+ "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
+ "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
+ "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
+ "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
+ "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
+ "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
+ "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
+ "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
+ "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
+ "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
+ "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
+ "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
+ "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
+ "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
+ "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
+ "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
+ "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
+ "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
+ "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
+ "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
+ "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
+ "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
+ "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
+ "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
+ "-----END CERTIFICATE-----\n";
+
+ auto manager = CKM::Manager::create();
+ auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
+ auto certim = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+
+ int status1 = manager->saveCertificate(CKM::Alias("CertEE"), certee, CKM::Policy());
+ int status2 = manager->saveCertificate(CKM::Alias("CertIM"), certim, CKM::Policy());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
+ "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
+ "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
+}
+
+RUNNER_CHILD_TEST(T1519_deinit)
+{
+ int tmp;
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+
+RUNNER_TEST_GROUP_INIT(T161_CKM_LOCKTYPE_TESTS);
+
+RUNNER_CHILD_TEST(T1610_init_lock_key)
+{
+ int tmp;
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"user-pass","")),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1611_unlock_default_passwd)
+{
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::KeyShPtr key2;
+ CKM::Alias alias = "mykey_defpasswd";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ key->getDER() == key2->getDER(),
+ "Key value has been changed by service");
+
+ std::string invalid_address = aliasWithLabel("i-do-not-exist", alias.c_str());
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->removeAlias(alias)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T1612_init_change_user_password)
+{
+ int tmp;
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"","user-pass")),
+ "Error=" << CKM::ErrorToString(tmp));
+ // confirm changed password
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_APP,"user-pass")),
+ CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
+ CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative)
+{
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+ "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+ "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+ "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+ "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+ "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+ "zQIDAQAB\n"
+ "-----END PUBLIC KEY-----";
+
+ CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+ auto key = CKM::Key::create(buffer, CKM::Password());
+ CKM::KeyShPtr key2;
+ CKM::Alias alias = "mykey_defpasswd";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_LOCKED == (temp = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_LOCKED == (temp = manager->getKey(alias, CKM::Password(), key2)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_LOCKED == (temp = manager->removeAlias(alias)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T1619_deinit)
+{
+ AccessProvider ap("my-label");
+ ap.allowAPI("key-manager::api-control", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+}
+
+RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
+
+RUNNER_TEST(T1701_init_unlock_key)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1702_insert_data)
+{
+ int temp;
+ AccessProvider ap("t170-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ std::string ee = "-----BEGIN CERTIFICATE-----\n"
"MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
"ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
"ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
"oFXtrg0=\n"
"-----END CERTIFICATE-----\n";
- std::string im =
- "-----BEGIN CERTIFICATE-----\n"
- "MIIF5DCCBMygAwIBAgIQW3dZxheE4V7HJ8AylSkoazANBgkqhkiG9w0BAQUFADCB\n"
- "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
- "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
- "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
- "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBujEL\n"
- "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
- "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
- "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMrVmVy\n"
- "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTCCASIwDQYJ\n"
- "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJjboFXrnP0XeeOabhQdsVuYI4cWbod2\n"
- "nLU4O7WgerQHYwkZ5iqISKnnnbYwWgiXDOyq5BZpcmIjmvt6VCiYxQwtt9citsj5\n"
- "OBfH3doxRpqUFI6e7nigtyLUSVSXTeV0W5K87Gws3+fBthsaVWtmCAN/Ra+aM/EQ\n"
- "wGyZSpIkMQht3QI+YXZ4eLbtfjeubPOJ4bfh3BXMt1afgKCxBX9ONxX/ty8ejwY4\n"
- "P1C3aSijtWZfNhpSSENmUt+ikk/TGGC+4+peGXEFv54cbGhyJW+ze3PJbb0S/5tB\n"
- "Ml706H7FC6NMZNFOvCYIZfsZl1h44TO/7Wg+sSdFb8Di7Jdp91zT91ECAwEAAaOC\n"
- "AdIwggHOMB0GA1UdDgQWBBT8ilC6nrklWntVhU+VAGOP6VhrQzASBgNVHRMBAf8E\n"
- "CDAGAQH/AgEAMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRw\n"
- "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6\n"
- "Ly9FVlNlY3VyZS1jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\n"
- "/wQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZ\n"
- "MFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7\n"
- "GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwKQYDVR0R\n"
- "BCIwIKQeMBwxGjAYBgNVBAMTEUNsYXNzM0NBMjA0OC0xLTQ3MD0GCCsGAQUFBwEB\n"
- "BDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL0VWU2VjdXJlLW9jc3AudmVyaXNpZ24u\n"
- "Y29tMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEB\n"
- "BQUAA4IBAQCWovp/5j3t1CvOtxU/wHIDX4u6FpAl98KD2Md1NGNoElMMU4l7yVYJ\n"
- "p8M2RE4O0GJis4b66KGbNGeNUyIXPv2s7mcuQ+JdfzOE8qJwwG6Cl8A0/SXGI3/t\n"
- "5rDFV0OEst4t8dD2SB8UcVeyrDHhlyQjyRNddOVG7wl8nuGZMQoIeRuPcZ8XZsg4\n"
- "z+6Ml7YGuXNG5NOUweVgtSV1LdlpMezNlsOjdv3odESsErlNv1HoudRETifLriDR\n"
- "fip8tmNHnna6l9AW5wtsbfdDbzMLKTB3+p359U64drPNGLT5IO892+bKrZvQTtKH\n"
- "qQ2mRHNQ3XBb7a1+Srwi1agm5MKFIA3Z\n"
- "-----END CERTIFICATE-----\n";
+ auto manager = CKM::Manager::create();
+ auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
+
+ int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == status1,
+ "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
+
+ CKM::AliasVector av;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T1703_removeApplicationData)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T1704_data_test)
+{
+ int temp;
+ AccessProvider ap("t170-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_TEST(T1705_deinit)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST(T17101_init)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+2, "t1706-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17102_prep_data_01)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data1", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17103_prep_data_02)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data2", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17104_prep_data_03)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data3", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_CHILD_TEST(T17105_prep_data_04)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ std::string data = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4";
+
+ CKM::RawBuffer buffer(data.begin(), data.end());
+ CKM::Policy exportable(CKM::Password(), true);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer, exportable)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T17106_remove_application)
+{
+ int tmp;
+
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeApplicationData("t1706-special-label")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_CHILD_TEST(T17107_check_data_01)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_CHILD_TEST(T17108_check_data_02)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+2, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
+}
+
+RUNNER_TEST(T17109_unlock_user2)
+{
+ int tmp;
- auto manager = CKM::Manager::create();
- auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- auto certim = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+3, "t1706-special-password")),
+ "Error=" << CKM::ErrorToString(tmp));
+}
- int status1 = manager->saveCertificate(CKM::Alias("CertEE"), certee, CKM::Policy());
- int status2 = manager->saveCertificate(CKM::Alias("CertIM"), certim, CKM::Policy());
+RUNNER_CHILD_TEST(T17110_check_data_03)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status1,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status1));
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 0 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 0");
+}
+
+RUNNER_CHILD_TEST(T17111_check_data_04)
+{
+ int temp;
+ AccessProvider ap("t1706-special-label2");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_TEST+3, GROUP_APP);
+
+ CKM::AliasVector av;
+ auto manager = CKM::Manager::create();
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_ALIAS_EXISTS == status2,
- "Certificate should be in database already. Error=" << CKM::ErrorToString(status2));
+ CKM_API_SUCCESS == (temp = manager->getDataAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ 1 == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: 1");
}
-RUNNER_CHILD_TEST(T1519_deinit)
+RUNNER_TEST(T17112_deinit)
{
int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST)),
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+2)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+2)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+3)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+3)),
"Error=" << CKM::ErrorToString(tmp));
}
+RUNNER_TEST_GROUP_INIT(T180_PKCS12);
-RUNNER_TEST_GROUP_INIT(T161_CKM_LOCKTYPE_TESTS);
+namespace
+{
+CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
+CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
+CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
+CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
+}
-RUNNER_CHILD_TEST(T1610_init_lock_key)
+RUNNER_TEST(T1800_init) {
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ auto manager = CKM::Manager::create();
+ manager->removeAlias(alias_PKCS_collision);
+ manager->removeAlias(alias_PKCS_exportable);
+ manager->removeAlias(alias_PKCS_not_exportable);
+ manager->removeAlias(alias_PKCS_priv_key_copy);
+ manager->removeAlias(alias_PKCS_priv_key_wrong);
+}
+
+RUNNER_TEST(T1801_parse_PKCS12) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, "secret");
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 0 == caVector.size(),
+ "Wrong size of vector");
+}
+
+RUNNER_TEST(T1802_negative_wrong_password) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, "error");
+ RUNNER_ASSERT_MSG(
+ NULL == pkcs.get(),
+ "Expected error in PKCS12::create()");
+}
+
+RUNNER_TEST(T1803_negative_broken_buffer) {
+ std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
+ buffer[4]=0;
+
+ auto pkcs = CKM::PKCS12::create(buffer, "secret");
+ RUNNER_ASSERT_MSG(
+ NULL == pkcs.get(),
+ "Expected error in PKCS12::create()");
+}
+
+RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias)
+{
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ // save private key
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1805_add_bundle_with_chain_certificates)
{
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+
+ // save to the CKM
int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ CKM::Policy exportable;
+ CKM::Policy notExportable(CKM::Password(), false);
- auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"user-pass","")),
+ CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
"Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup key
+ CKM::KeyShPtr key_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup certificate
+ CKM::CertificateShPtr cert_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
"Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_CHILD_TEST(T1611_unlock_default_passwd)
+RUNNER_TEST(T1806_get_PKCS)
{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::PKCS12ShPtr pkcs;
+
+ // fail - no entry
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // fail - not exportable
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // success - exportable
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+}
+
+RUNNER_TEST(T1807_create_and_verify_signature)
+{
int temp;
auto manager = CKM::Manager::create();
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
+ std::string message = "message test";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n"
+ "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n"
+ "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n"
+ "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n"
+ "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n"
+ "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n"
+ "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n"
+ "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n"
+ "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n"
+ "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n"
+ "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n"
+ "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n"
+ "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n"
+ "-----END RSA PRIVATE KEY-----";
+ std::string message = "message test";
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey_defpasswd";
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->saveKey(alias, key, CKM::Policy())),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key2)),
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- key->getDER() == key2->getDER(),
- "Key value has been changed by service");
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->removeKey(alias)),
- "Error=" << CKM::ErrorToString(temp));
-}
-RUNNER_CHILD_TEST(T1612_init_change_user_password)
-{
- int tmp;
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
- auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"","user-pass")),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_priv_key_copy,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)),
- "Error=" << CKM::ErrorToString(tmp));
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative)
+RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-
int temp;
auto manager = CKM::Manager::create();
- std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
- "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
- "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
- "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
- "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
- "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
- "zQIDAQAB\n"
- "-----END PUBLIC KEY-----";
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
- CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
- auto key = CKM::Key::create(buffer, CKM::Password());
- CKM::KeyShPtr key2;
- CKM::Alias alias = "mykey_defpasswd";
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->saveKey(alias, key, CKM::Policy())),
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())),
"Error=" << CKM::ErrorToString(temp));
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->getKey(alias, CKM::Password(), key2)),
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_priv_key_wrong,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
"Error=" << CKM::ErrorToString(temp));
+
RUNNER_ASSERT_MSG(
- CKM_API_ERROR_DB_LOCKED == (temp = manager->removeKey(alias)),
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1619_deinit)
+RUNNER_TEST(T1810_verify_get_certificate_chain)
{
- SecurityServer::AccessProvider ap("my-label");
- ap.addObjectRule("key-manager::api-control", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-}
+ // this certificate has been signed using PKCS chain
+ std::string im = "-----BEGIN CERTIFICATE-----\n"
+ "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
+ "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n"
+ "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n"
+ "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n"
+ "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n"
+ "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n"
+ "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n"
+ "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n"
+ "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n"
+ "Qw==\n"
+ "-----END CERTIFICATE-----\n";
-RUNNER_TEST_GROUP_INIT(T170_CKM_STORAGE_PERNAMENT_TESTS);
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ CKM::CertificateShPtrVector certChain;
+ CKM::AliasVector aliasVector;
-RUNNER_TEST(T1701_init_unlock_key)
-{
int tmp;
- auto control = CKM::Control::create();
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_TEST+1, "t170-special-password")),
- "Error=" << CKM::ErrorToString(tmp));
-}
-
-RUNNER_CHILD_TEST(T1702_init_insert_data)
-{
- int temp;
- SecurityServer::AccessProvider ap("t170-special-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- std::string ee = "-----BEGIN CERTIFICATE-----\n"
- "MIIF0TCCBLmgAwIBAgIQaPGTP4aS7Ut/WDNaBzdQrDANBgkqhkiG9w0BAQUFADCB\n"
- "ujELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
- "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
- "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE0MDIGA1UEAxMr\n"
- "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBDQTAeFw0x\n"
- "NDAyMjAwMDAwMDBaFw0xNTAyMjAyMzU5NTlaMIHmMRMwEQYLKwYBBAGCNzwCAQMT\n"
- "AlBMMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGA1UEBRMKMDAw\n"
- "MDAyNTIzNzELMAkGA1UEBhMCUEwxDzANBgNVBBEUBjAwLTk1MDEUMBIGA1UECBML\n"
- "bWF6b3dpZWNraWUxETAPBgNVBAcUCFdhcnN6YXdhMRYwFAYDVQQJFA1TZW5hdG9y\n"
- "c2thIDE4MRMwEQYDVQQKFAptQmFuayBTLkEuMQwwCgYDVQQLFANESU4xGTAXBgNV\n"
- "BAMUEHd3dy5tYmFuay5jb20ucGwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
- "AoIBAQDph6x8V6xUW/+651+qHF+UmorH9uaz2ZrX2bIWiMKIJFmpDDHlxcapKkqE\n"
- "BV04is83aiCpqKtc2ZHy2g4Hpj1eSF5BP2+OAlo0YUQZPIeRRdiMjmeAxw/ncBDx\n"
- "9rQBuCJ4XTD6cqQox5SI0TASOZ+wyAEjbDRXzL73XqRAFZ1LOpb2ONkolS+RutMB\n"
- "vshvCsWPeNe7eGLuOh6DyC6r1vX9xhw3xnjM2mTSvmtimgzSLacNGKqRrsucUgcb\n"
- "0+O5C2jZAtAMLyZksL92cxmWbtVzUYzem4chjHu5cRxUlPNzUJWrrczueB7Ip4A8\n"
- "aQuFMfNXYc0x+WLWjy//urypMKjhAgMBAAGjggGjMIIBnzAbBgNVHREEFDASghB3\n"
- "d3cubWJhbmsuY29tLnBsMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud\n"
- "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBEBgNVHSAEPTA7MDkGC2CGSAGG+EUB\n"
- "BxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMw\n"
- "HQYDVR0OBBYEFN37iGaS7mZnENxZ9FGqNLR+QgoMMB8GA1UdIwQYMBaAFPyKULqe\n"
- "uSVae1WFT5UAY4/pWGtDMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9FVlNlY3Vy\n"
- "ZS1jcmwudmVyaXNpZ24uY29tL0VWU2VjdXJlMjAwNi5jcmwwfAYIKwYBBQUHAQEE\n"
- "cDBuMC0GCCsGAQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5j\n"
- "b20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9FVlNlY3VyZS1haWEudmVyaXNpZ24uY29t\n"
- "L0VWU2VjdXJlMjAwNi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAD0wO+rooUrIM4qp\n"
- "PHhp+hkXK6WMQ2qzGOmbMcZjw0govg5vkzkefPDryIXXbrF8mRagiJNMSfNaWWeh\n"
- "Cj41OV24EdUl0OLbFxNzcvub599zRs/apfaRLTfsmlmOgi0/YP305i+3tJ2ll946\n"
- "P+qV1wXnXqTqEdIl4Ys3+1HmDCdTB1hoDwAAzqRVUXZ5+iiwPAU7R/LTHfMjV1ke\n"
- "8jtNFfrorlZMCfVH/7eEnHJvVjOJt+YFe4aFMzE+DfuYIK7MH+olC2v79kBwbnEQ\n"
- "fvHMA9gFwOYLUBBdSfcocp8EKZ+mRlNPGR/3LBrPeaQQ0GZEkxzRK+v/aNTuiYfr\n"
- "oFXtrg0=\n"
- "-----END CERTIFICATE-----\n";
-
auto manager = CKM::Manager::create();
- auto certee = CKM::Certificate::create(CKM::RawBuffer(ee.begin(), ee.end()), CKM::DataFormat::FORM_PEM);
- int status1 = manager->saveCertificate(CKM::Alias("CertEEE"), certee, CKM::Policy());
+ RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
+
+ tmp = manager->getCertificateChain(cert,
+ EMPTY_ALIAS_VECTOR,
+ EMPTY_ALIAS_VECTOR,
+ true,
+ certChain);
+ RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp,
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == status1,
- "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
+ 0 == certChain.size(),
+ "Wrong size of certificate chain.");
- CKM::AliasVector av;
+ aliasVector.push_back(alias_PKCS_exportable);
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
- RUNNER_ASSERT_MSG(
- 1 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 1");
-}
+ tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain);
+ RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp));
-RUNNER_TEST(T1703_removeApplicationData)
-{
- int tmp;
- auto control = CKM::Control::create();
+ // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeApplicationData("t170-special-label")),
- "Error=" << CKM::ErrorToString(tmp));
+ 4 == certChain.size(),
+ "Wrong size of certificate chain: " << certChain.size());
}
-RUNNER_CHILD_TEST(T1704_data_test)
+RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
{
- int temp;
- SecurityServer::AccessProvider ap("t170-special-label");
- ap.addObjectRule("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_TEST+1, GROUP_APP);
-
- CKM::AliasVector av;
auto manager = CKM::Manager::create();
+ int tmp;
+
+ // remove the whole PKCS12 bundles
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = manager->getCertificateAliasVector(av)),
- "Error=" << CKM::ErrorToString(temp));
+ CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- 0 == (temp = av.size()),
- "Vector size: " << temp << ". Expected: 0");
-}
+ CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
-RUNNER_TEST(T1705_deinit)
-{
- int tmp;
+ // expect lookup fails due to unknown alias
+ // try to lookup key
+ CKM::KeyShPtr key_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
- auto control = CKM::Control::create();
+ // try to lookup certificate
+ CKM::CertificateShPtr cert_lookup;
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_TEST+1)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
"Error=" << CKM::ErrorToString(tmp));
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(USER_TEST+1)),
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
"Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_TEST_GROUP_INIT(T180_PKCS12);
+RUNNER_TEST(T1812_get_pkcs12_password_tests)
+{
+ CKM::Alias alias = "t1812alias1";
-RUNNER_TEST(T1801) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
std::istreambuf_iterator<char> begin(is), end;
std::vector<char> buff(begin, end);
+ CKM::PKCS12ShPtr pkcs12;
+ CKM::Password pass1 = "easypass1";
+ CKM::Password pass2 = "easypass2";
+
CKM::RawBuffer buffer(buff.size());
memcpy(buffer.data(), buff.data(), buff.size());
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
RUNNER_ASSERT_MSG(
NULL != pkcs.get(),
"Error in PKCS12::create()");
- auto cert = pkcs->getCertificate();
+ int temp;
RUNNER_ASSERT_MSG(
- NULL != cert.get(),
- "Error in PKCS12::getCertificate()");
+ CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy(pass1), CKM::Policy(pass2))),
+ "Error=" << CKM::ErrorToString(temp));
- auto key = pkcs->getKey();
RUNNER_ASSERT_MSG(
- NULL != key.get(),
- "Error in PKCS12::getKey()");
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
- auto caVector = pkcs->getCaCertificateShPtrVector();
RUNNER_ASSERT_MSG(
- 0 == caVector.size(),
- "Wrong size of vector");
-}
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), CKM::Password(), pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
-RUNNER_TEST(T1802_negative_wrong_password) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pass1, CKM::Password(), pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), pass2, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
- auto pkcs = CKM::PKCS12::create(buffer, "error");
RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
-}
+ CKM_API_SUCCESS == (temp = manager->getPKCS12(alias, pass1, pass2, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
-RUNNER_TEST(T1803_negative_broken_buffer) {
- std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
- std::istreambuf_iterator<char> begin(is), end;
- std::vector<char> buff(begin, end);
+ CKM::CertificateShPtr cert;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getCertificate(alias, pass2, cert)),
+ "Error=" << CKM::ErrorToString(temp));
- CKM::RawBuffer buffer(buff.size());
- memcpy(buffer.data(), buff.data(), buff.size());
+ CKM::CertificateShPtrVector certChain;
+ CKM::AliasVector certVect;
+ certVect.push_back(alias);
- RUNNER_ASSERT_MSG(buffer.size() > 5, "PKCS file is too small.");
- buffer[4]=0;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getCertificateChain(cert, certVect, certVect, true, certChain)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1813_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
- auto pkcs = CKM::PKCS12::create(buffer, "secret");
RUNNER_ASSERT_MSG(
- NULL == pkcs.get(),
- "Expected error in PKCS12::create()");
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
}
RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
"Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1));
}
-RUNNER_TEST(T1903_deinit)
+RUNNER_TEST(T1903_lock_database)
{
int tmp;
-
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (tmp = control->lockUserKey(0)),
"Error=" << CKM::ErrorToString(tmp));
- RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
- "Error=" << CKM::ErrorToString(tmp));
}
RUNNER_TEST(T1904_get_data_from_locked_database)
"Could not get key from locked database. Error=" << CKM::ErrorToString(status1));
}
+RUNNER_TEST(T1905_deinit)
+{
+ int tmp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = control->removeUserData(0)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
int main(int argc, char *argv[])
{
DPL::Log::LogSystemSingleton::Instance().SetTag("CKM_TESTS");