X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;ds=sidebyside;f=tests%2Fckm%2Fmain.cpp;h=f723677d81647cf30868d1e0f14b4aa2637b95df;hb=1b027816c188589067f5b68b768b37b086bb21e4;hp=53ed8dc95004df52a0769173e03f261fa5ed0295;hpb=032548af14aef1e856cfed54c6b4356bec1b4a33;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git diff --git a/tests/ckm/main.cpp b/tests/ckm/main.cpp index 53ed8dc..f723677 100644 --- a/tests/ckm/main.cpp +++ b/tests/ckm/main.cpp @@ -20,9 +20,14 @@ #include -static const int USER_APP = 5000; -static const int GROUP_APP = 5000; -static const int USER_TEST = 5001; +namespace { +const int USER_APP = 5000; +const int GROUP_APP = 5000; +const int USER_TEST = 5001; + +const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR; +const CKM::AliasVector EMPTY_ALIAS_VECTOR; +} // namespace anonymous /* * How to numerate tests: @@ -33,6 +38,28 @@ static const int USER_TEST = 5001; * D - subtest. */ +RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT); +RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) { + stop_service(MANAGER); + start_service(MANAGER); + + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); + RUNNER_ASSERT_MSG( + NULL != pkcs.get(), + "Error in PKCS12::create()"); + + // all further tests will start with newly started service, + // OpenSSL on the service side will have to be properly initialized too + stop_service(MANAGER); + start_service(MANAGER); +} RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL); @@ -76,7 +103,31 @@ RUNNER_TEST(T0014_Control) int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "simple-password")), + CKM_API_SUCCESS == (temp = control->removeUserData(14)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->lockUserKey(14)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->removeUserData(14)), "Error=" << CKM::ErrorToString(temp)); } @@ -98,6 +149,27 @@ RUNNER_TEST(T0015_Control) "Error=" << CKM::ErrorToString(temp)); } +RUNNER_TEST(T0016_Control_negative_wrong_password) +{ + int temp; + auto control = CKM::Control::create(); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->lockUserKey(20)), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->removeUserData(20)), + "Error=" << CKM::ErrorToString(temp)); +} + RUNNER_TEST_GROUP_INIT(T101_CKM_QUICK_SET_GET_TESTS); RUNNER_TEST(T1010_init) @@ -105,7 +177,7 @@ RUNNER_TEST(T1010_init) int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")), + CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), @@ -487,6 +559,10 @@ RUNNER_TEST(T1031_save_get_bin_data) RUNNER_ASSERT_MSG( buffer == buffer2, "Data corrupted"); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)), + "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp)); } RUNNER_CHILD_TEST(T1032_app_user_save_bin_data) @@ -560,7 +636,33 @@ RUNNER_TEST(T1033_remove_bin_data) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T1039_deinit) +RUNNER_TEST(T1034_getData_wrong_password) +{ + int temp; + auto manager = CKM::Manager::create(); + + std::string binData1 = "My bin data4"; + + CKM::RawBuffer buffer1(binData1.begin(), binData1.end()); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))), + "Error=" << CKM::ErrorToString(temp)); + + CKM::RawBuffer buffer; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + buffer == buffer1, + "Data corrupted"); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1035_deinit) { int temp; auto control = CKM::Control::create(); @@ -1298,17 +1400,20 @@ RUNNER_TEST(T1312_get_chain) RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, + EMPTY_CERT_VECTOR, + EMPTY_CERT_VECTOR, + true, + certChain); + RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, + "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 0 == certChain.size(), "Wrong size of certificate chain."); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 3 == certChain.size(), @@ -1402,9 +1507,9 @@ RUNNER_TEST(T1313_get_chain_with_alias) RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain); + RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, + "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 0 == certChain.size(), @@ -1416,9 +1521,8 @@ RUNNER_TEST(T1313_get_chain_with_alias) aliasVector.push_back(full_address); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 3 == certChain.size(), @@ -1511,17 +1615,16 @@ RUNNER_TEST(T1314_ocsp_check) RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain); + RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, + "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 0 == certChain.size(), "Wrong size of certificate chain."); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 3 == certChain.size(), @@ -2193,6 +2296,8 @@ RUNNER_TEST(T1420_deinit) "Error=" << CKM::ErrorToString(temp)); } +RUNNER_TEST_GROUP_INIT(T1418_signature_tests); + RUNNER_TEST(T14180_init) { int temp; @@ -2519,7 +2624,7 @@ RUNNER_CHILD_TEST(T1510_init_unlock_key) "Error=" << CKM::ErrorToString(tmp)); } -RUNNER_CHILD_TEST(T1511_init_insert_data) +RUNNER_CHILD_TEST(T1511_insert_data) { AccessProvider ap("my-label"); ap.allowAPI("key-manager::api-storage", "rw"); @@ -2760,7 +2865,7 @@ RUNNER_TEST(T1701_init_unlock_key) "Error=" << CKM::ErrorToString(tmp)); } -RUNNER_CHILD_TEST(T1702_init_insert_data) +RUNNER_CHILD_TEST(T1702_insert_data) { int temp; AccessProvider ap("t170-special-label"); @@ -3083,7 +3188,31 @@ RUNNER_TEST(T17112_deinit) RUNNER_TEST_GROUP_INIT(T180_PKCS12); -RUNNER_TEST(T1801) { +namespace +{ +CKM::Alias alias_PKCS_collision = "test-PKCS-collision"; +CKM::Alias alias_PKCS_exportable = "test-PKCS-export"; +CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export"; +CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy"; +CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong"; +} + +RUNNER_TEST(T1800_init) { + int temp; + auto control = CKM::Control::create(); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), + "Error=" << CKM::ErrorToString(temp)); + + auto manager = CKM::Manager::create(); + manager->removeAlias(alias_PKCS_collision); + manager->removeAlias(alias_PKCS_exportable); + manager->removeAlias(alias_PKCS_not_exportable); + manager->removeAlias(alias_PKCS_priv_key_copy); + manager->removeAlias(alias_PKCS_priv_key_wrong); +} + +RUNNER_TEST(T1801_parse_PKCS12) { std::ifstream is("/usr/share/ckm-test/test1801.pkcs12"); std::istreambuf_iterator begin(is), end; std::vector buff(begin, end); @@ -3143,6 +3272,453 @@ RUNNER_TEST(T1803_negative_broken_buffer) { "Expected error in PKCS12::create()"); } +RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias) +{ + auto manager = CKM::Manager::create(); + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); + RUNNER_ASSERT_MSG( + NULL != pkcs.get(), + "Error in PKCS12::create()"); + + // save private key + std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n" + "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n" + "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n" + "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n" + "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n" + "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n" + "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n" + "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n" + "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n" + "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n" + "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n" + "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n" + "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n" + "-----END RSA PRIVATE KEY-----\n"; + + std::string message = "message test"; + + auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); + RUNNER_ASSERT_MSG(NULL != keyPrv.get(), + "Key is empty. Failed to import private key."); + + int temp; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1805_add_bundle_with_chain_certificates) +{ + auto manager = CKM::Manager::create(); + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); + RUNNER_ASSERT_MSG( + NULL != pkcs.get(), + "Error in PKCS12::create()"); + + auto cert = pkcs->getCertificate(); + RUNNER_ASSERT_MSG( + NULL != cert.get(), + "Error in PKCS12::getCertificate()"); + + auto key = pkcs->getKey(); + RUNNER_ASSERT_MSG( + NULL != key.get(), + "Error in PKCS12::getKey()"); + + auto caVector = pkcs->getCaCertificateShPtrVector(); + RUNNER_ASSERT_MSG( + 2 == caVector.size(), + "Wrong size of vector"); + + // save to the CKM + int tmp; + CKM::Policy exportable; + CKM::Policy notExportable(CKM::Password(), false); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)), + "Error=" << CKM::ErrorToString(tmp)); + + // try to lookup key + CKM::KeyShPtr key_lookup; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + + // try to lookup certificate + CKM::CertificateShPtr cert_lookup; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)), + "Error=" << CKM::ErrorToString(tmp)); +} + +RUNNER_TEST(T1806_get_PKCS) +{ + int temp; + auto manager = CKM::Manager::create(); + + CKM::PKCS12ShPtr pkcs; + + // fail - no entry + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + // fail - not exportable + RUNNER_ASSERT_MSG( + CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + // success - exportable + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + auto cert = pkcs->getCertificate(); + RUNNER_ASSERT_MSG( + NULL != cert.get(), + "Error in PKCS12::getCertificate()"); + + auto key = pkcs->getKey(); + RUNNER_ASSERT_MSG( + NULL != key.get(), + "Error in PKCS12::getKey()"); + + auto caVector = pkcs->getCaCertificateShPtrVector(); + RUNNER_ASSERT_MSG( + 2 == caVector.size(), + "Wrong size of vector"); +} + +RUNNER_TEST(T1807_create_and_verify_signature) +{ + int temp; + auto manager = CKM::Manager::create(); + + std::string message = "message test"; + + CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; + CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; + CKM::RawBuffer signature; + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->createSignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + hash, + padd, + signature)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->verifySignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + signature, + hash, + padd)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS) +{ + int temp; + auto manager = CKM::Manager::create(); + + std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n" + "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n" + "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n" + "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n" + "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n" + "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n" + "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n" + "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n" + "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n" + "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n" + "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n" + "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n" + "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n" + "-----END RSA PRIVATE KEY-----"; + std::string message = "message test"; + + auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); + RUNNER_ASSERT_MSG(NULL != keyPrv.get(), + "Key is empty. Failed to import private key."); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + + CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; + CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; + CKM::RawBuffer signature; + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->createSignature( + alias_PKCS_priv_key_copy, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + hash, + padd, + signature)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->verifySignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + signature, + hash, + padd)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS) +{ + int temp; + auto manager = CKM::Manager::create(); + + std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n" + "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n" + "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n" + "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n" + "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n" + "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n" + "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n" + "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n" + "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n" + "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n" + "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n" + "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n" + "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n" + "-----END RSA PRIVATE KEY-----\n"; + + std::string message = "message test"; + + auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); + RUNNER_ASSERT_MSG(NULL != keyPrv.get(), + "Key is empty. Failed to import private key."); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + + CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; + CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; + CKM::RawBuffer signature; + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->createSignature( + alias_PKCS_priv_key_wrong, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + hash, + padd, + signature)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + signature, + hash, + padd)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1810_verify_get_certificate_chain) +{ + // this certificate has been signed using PKCS chain + std::string im = "-----BEGIN CERTIFICATE-----\n" + "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n" + "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n" + "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n" + "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n" + "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n" + "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n" + "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n" + "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n" + "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n" + "Qw==\n" + "-----END CERTIFICATE-----\n"; + + auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM); + CKM::CertificateShPtrVector certChain; + CKM::AliasVector aliasVector; + + int tmp; + auto manager = CKM::Manager::create(); + + RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); + + tmp = manager->getCertificateChain(cert, + EMPTY_ALIAS_VECTOR, + EMPTY_ALIAS_VECTOR, + true, + certChain); + RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, + "Error=" << CKM::ErrorToString(tmp)); + + RUNNER_ASSERT_MSG( + 0 == certChain.size(), + "Wrong size of certificate chain."); + + aliasVector.push_back(alias_PKCS_exportable); + + tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); + + // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4 + RUNNER_ASSERT_MSG( + 4 == certChain.size(), + "Wrong size of certificate chain: " << certChain.size()); +} + +RUNNER_TEST(T1811_remove_bundle_with_chain_certificates) +{ + auto manager = CKM::Manager::create(); + int tmp; + + + // remove the whole PKCS12 bundles + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)), + "Error=" << CKM::ErrorToString(tmp)); + + // expect lookup fails due to unknown alias + // try to lookup key + CKM::KeyShPtr key_lookup; + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + + // try to lookup certificate + CKM::CertificateShPtr cert_lookup; + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)), + "Error=" << CKM::ErrorToString(tmp)); +} + +RUNNER_TEST(T1812_get_pkcs12_password_tests) +{ + CKM::Alias alias = "t1812alias1"; + + auto manager = CKM::Manager::create(); + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + + CKM::PKCS12ShPtr pkcs12; + CKM::Password pass1 = "easypass1"; + CKM::Password pass2 = "easypass2"; + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); + RUNNER_ASSERT_MSG( + NULL != pkcs.get(), + "Error in PKCS12::create()"); + + int temp; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy(pass1), CKM::Policy(pass2))), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), CKM::Password(), pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pass1, CKM::Password(), pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), pass2, pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getPKCS12(alias, pass1, pass2, pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + CKM::CertificateShPtr cert; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getCertificate(alias, pass2, cert)), + "Error=" << CKM::ErrorToString(temp)); + + CKM::CertificateShPtrVector certChain; + CKM::AliasVector certVect; + certVect.push_back(alias); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getCertificateChain(cert, certVect, certVect, true, certChain)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1813_deinit) +{ + int temp; + auto control = CKM::Control::create(); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)), + "Error=" << CKM::ErrorToString(temp)); +} RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);