X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=tests%2Fckm%2Fmain.cpp;h=f723677d81647cf30868d1e0f14b4aa2637b95df;hb=1b027816c188589067f5b68b768b37b086bb21e4;hp=95880a73beb35676539684597ce397ce7441620f;hpb=580adb617aa33bd3dbd869be1e444d9e7565b66a;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git diff --git a/tests/ckm/main.cpp b/tests/ckm/main.cpp index 95880a7..f723677 100644 --- a/tests/ckm/main.cpp +++ b/tests/ckm/main.cpp @@ -20,9 +20,14 @@ #include -static const int USER_APP = 5000; -static const int GROUP_APP = 5000; -static const int USER_TEST = 5001; +namespace { +const int USER_APP = 5000; +const int GROUP_APP = 5000; +const int USER_TEST = 5001; + +const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR; +const CKM::AliasVector EMPTY_ALIAS_VECTOR; +} // namespace anonymous /* * How to numerate tests: @@ -33,10 +38,32 @@ static const int USER_TEST = 5001; * D - subtest. */ +RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT); +RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) { + stop_service(MANAGER); + start_service(MANAGER); + + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); + RUNNER_ASSERT_MSG( + NULL != pkcs.get(), + "Error in PKCS12::create()"); + + // all further tests will start with newly started service, + // OpenSSL on the service side will have to be properly initialized too + stop_service(MANAGER); + start_service(MANAGER); +} -RUNNER_TEST_GROUP_INIT(T0000_CKM_CONTROL); +RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL); -RUNNER_TEST(T0010_Control) +RUNNER_TEST(T0011_Control) { int temp; auto control = CKM::Control::create(); @@ -50,7 +77,7 @@ RUNNER_TEST(T0010_Control) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T0020_Control) +RUNNER_TEST(T0012_Control) { int temp; auto control = CKM::Control::create(); @@ -62,7 +89,7 @@ RUNNER_TEST(T0020_Control) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T0030_Control) +RUNNER_TEST(T0013_Control) { int temp; auto control = CKM::Control::create(); @@ -71,16 +98,58 @@ RUNNER_TEST(T0030_Control) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T0040_Control) +RUNNER_TEST(T0014_Control) +{ + int temp; + auto control = CKM::Control::create(); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->removeUserData(14)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "simple-password")), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->resetUserPassword(14, "something")), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->unlockUserKey(14, "test-pass")), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->lockUserKey(14)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "something")), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->removeUserData(14)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T0015_Control) { int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_ERROR_BAD_REQUEST == (temp = control->resetUserPassword(14, "simple-password")), + CKM_API_SUCCESS == (temp = control->unlockUserKey(20, "test-pass")), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->changeUserPassword(20, "test-pass", "new-pass")), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->lockUserKey(20)), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->removeUserData(20)), "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T0050_Control) +RUNNER_TEST(T0016_Control_negative_wrong_password) { int temp; auto control = CKM::Control::create(); @@ -94,6 +163,9 @@ RUNNER_TEST(T0050_Control) CKM_API_SUCCESS == (temp = control->lockUserKey(20)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = control->unlockUserKey(20, "incorrect-password")), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = control->removeUserData(20)), "Error=" << CKM::ErrorToString(temp)); } @@ -105,7 +177,7 @@ RUNNER_TEST(T1010_init) int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")), + CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), @@ -226,8 +298,50 @@ RUNNER_CHILD_TEST(T1013_user_app_save_key) key->getDER() == key2->getDER(), "Key value has been changed by service"); } +RUNNER_TEST(T1014_save_with_label) +{ + int temp; + auto manager = CKM::Manager::create(); + + std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" + "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" + "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" + "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" + "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" + "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" + "zQIDAQAB\n" + "-----END PUBLIC KEY-----"; + + CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); + auto key = CKM::Key::create(buffer, CKM::Password()); + CKM::KeyShPtr key_name, key_full_addr; + CKM::Alias alias = "mykey-2"; + CharPtr top_label = get_label(); + std::string full_address = aliasWithLabel(top_label.get(), alias.c_str()); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveKey(full_address, key, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + + // lookup by name + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getKey(alias, CKM::Password(), key_name)), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + key->getDER() == key_name->getDER(), + "Key value has been changed by service"); + + // lookup by full address + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getKey(full_address, CKM::Password(), key_full_addr)), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + key->getDER() == key_full_addr->getDER(), + "Key value has been changed by service"); +} -RUNNER_TEST(T1014_deinit) +RUNNER_TEST(T1015_deinit) { int temp; auto control = CKM::Control::create(); @@ -445,6 +559,10 @@ RUNNER_TEST(T1031_save_get_bin_data) RUNNER_ASSERT_MSG( buffer == buffer2, "Data corrupted"); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getData("data2", CKM::Password("Password"), buffer)), + "The wrong password should be ignored because non was used in saveData. Error=" << CKM::ErrorToString(temp)); } RUNNER_CHILD_TEST(T1032_app_user_save_bin_data) @@ -491,13 +609,13 @@ RUNNER_TEST(T1033_remove_bin_data) std::string invalid_address = aliasWithLabel("i-do-not-exist", "data1"); RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeData(invalid_address.c_str())), + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->removeData("data1")), + CKM_API_SUCCESS == (temp = manager->removeAlias("data1")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->removeData("data3")), + CKM_API_SUCCESS == (temp = manager->removeAlias("data3")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = manager->getDataAliasVector(labelAliasVector)), @@ -518,7 +636,33 @@ RUNNER_TEST(T1033_remove_bin_data) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T1039_deinit) +RUNNER_TEST(T1034_getData_wrong_password) +{ + int temp; + auto manager = CKM::Manager::create(); + + std::string binData1 = "My bin data4"; + + CKM::RawBuffer buffer1(binData1.begin(), binData1.end()); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveData("data4", buffer1, CKM::Policy("CorrectPassword"))), + "Error=" << CKM::ErrorToString(temp)); + + CKM::RawBuffer buffer; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getData("data4", CKM::Password("CorrectPassword"), buffer)), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + buffer == buffer1, + "Data corrupted"); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getData("data4", CKM::Password("WrongPassword"), buffer)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1035_deinit) { int temp; auto control = CKM::Control::create(); @@ -570,7 +714,25 @@ RUNNER_CHILD_TEST(T1041_create_rsa_key) "Vector size: " << temp << ". Expected: 2"); } -RUNNER_CHILD_TEST(T1042_create_dsa_key) +RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label) +{ + int temp; + auto manager = CKM::Manager::create(); + CKM::AliasVector av; + + AccessProvider ap("mylabel-rsa"); + ap.allowAPI("key-manager::api-storage", "rw"); + ap.applyAndSwithToUser(USER_APP, GROUP_APP); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("iamsomebodyelse PRV_KEY2_RSA"), CKM::Alias("PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairRSA(2048, CKM::Alias("PRV_KEY2_RSA"), CKM::Alias("iamsomebodyelse PUB_KEY2_RSA"), CKM::Policy(), CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_CHILD_TEST(T1043_create_dsa_key) { int temp; auto manager = CKM::Manager::create(); @@ -746,7 +908,30 @@ RUNNER_TEST(T12102_saveKey_empty_alias) "Error=" << CKM::ErrorToString(ret)); } -RUNNER_TEST(T12103_saveKey_empty_key) +RUNNER_TEST(T12103_saveKey_foreign_label) +{ + std::string keyPem = "-----BEGIN PUBLIC KEY-----\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n" + "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n" + "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n" + "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n" + "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n" + "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n" + "zQIDAQAB\n" + "-----END PUBLIC KEY-----"; + + CKM::RawBuffer buffer(keyPem.begin(), keyPem.end()); + auto key = CKM::Key::create(buffer); + CKM::Alias alias = "iamsomebodyelse alias"; + + int ret; + auto manager = CKM::Manager::create(); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (ret = manager->saveKey(alias, key, CKM::Policy())), + "Error=" << CKM::ErrorToString(ret)); +} + +RUNNER_TEST(T12104_saveKey_empty_key) { CKM::KeyShPtr key; //key is not initialized CKM::Alias alias = "empty-key"; @@ -758,7 +943,7 @@ RUNNER_TEST(T12103_saveKey_empty_key) "Error=" << CKM::ErrorToString(ret)); } -RUNNER_TEST(T12104_saveCertificate_empty_alias) +RUNNER_TEST(T12105_saveCertificate_empty_alias) { std::string certPem = "-----BEGIN CERTIFICATE-----\n" @@ -800,7 +985,49 @@ RUNNER_TEST(T12104_saveCertificate_empty_alias) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T12105_saveCertificate_empty_cert) +RUNNER_TEST(T12106_saveCertificate_foreign_label) +{ + std::string certPem = + "-----BEGIN CERTIFICATE-----\n" + "MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE\n" + "BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl\n" + "cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNTIyMTEyOTQyWhcNMTQwODIwMDAwMDAw\n" + "WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN\n" + "TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEcMBoGA1UEAwwTYWNj\n" + "b3VudHMuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" + "ALtlLWVWPN3q3bSEQl1Z97gPdgl5vbgJOZSAr0ZY0tJCuFLBbUKetJWryyE+5KpG\n" + "gMMpLS4v8/bvXaZc6mAs+RfAqGM24C3vQg5hPnj4dflnhL0WiOCZBurm1tV4oexk\n" + "HLXs3jr/jpnb738AQpj8zZ9a4VEBuHJRZALnWZ/XhqU+dvYomAoRQNuL5OhkT7uu\n" + "d0NKJL9JjYLyQglGgE2sVsWv2kj7EO/P9Q6NEKt9BGmhMsFvtfeKUaymynaxpR1g\n" + "wEPlqYvB38goh1dIOgVLT0OVyLImeg5Mdwar/8c1U0OYhLOc6PJapOZAfUkE+3+w\n" + "xYt8AChLN1b5szOwInrCVpECAwEAAaOCAUYwggFCMB0GA1UdJQQWMBQGCCsGAQUF\n" + "BwMBBggrBgEFBQcDAjAeBgNVHREEFzAVghNhY2NvdW50cy5nb29nbGUuY29tMGgG\n" + "CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t\n" + "L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j\n" + "b20vb2NzcDAdBgNVHQ4EFgQU0/UtToEtNIfwDwHuYGuVKcj0xK8wDAYDVR0TAQH/\n" + "BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAO\n" + "MAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n\n" + "bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcGNI/X9f0g+7ij0o\n" + "ehLpk6vxSMQGrmOZ4+PG/MC9SLClCkt7zJkfU7erZnyVXyxCpwlljq+Wk9YTPUOq\n" + "xD/V2ikQVSAANoxGJFO9UoL5jzWusPhKKv8CcM7fuiERz8K+CfBcqfxbgI5rH0g5\n" + "dYclmLC81cJ/08i+9Nltvxv69Y3hGfEICT6K+EdSxwnQzOhpMZmvxZsIj+d6CVNa\n" + "9ICYgUthsNQVWzrIs5wknpjjZ9liDMwJX0vu8A0rce4X/Lna5hh2bW9igz2iP5WM\n" + "9fuwdbTw4y3jfPQgszU4YZxWxhMzccxe058Qx1tLndAknBQEBesQjXytVQpuM1SV\n" + "rHva8A==\n" + "-----END CERTIFICATE-----\n"; + + CKM::RawBuffer buffer(certPem.begin(), certPem.end()); + auto cert = CKM::Certificate::create(buffer, CKM::DataFormat::FORM_PEM); + CKM::Alias alias = "iamsomebodyelse alias"; + + int temp; + auto manager = CKM::Manager::create(); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveCertificate(alias, cert, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T12107_saveCertificate_empty_cert) { CKM::CertificateShPtr cert; //cert is not initialized CKM::Alias alias = "empty-cert"; @@ -812,7 +1039,7 @@ RUNNER_TEST(T12105_saveCertificate_empty_cert) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T12106_saveData_empty_alias) +RUNNER_TEST(T12108_saveData_empty_alias) { std::string testData = "test data test data test data"; CKM::RawBuffer buffer(testData.begin(), testData.end()); @@ -825,7 +1052,20 @@ RUNNER_TEST(T12106_saveData_empty_alias) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T12107_saveData_empty_data) +RUNNER_TEST(T12109_saveData_foreign_label) +{ + std::string testData = "test data test data test data"; + CKM::RawBuffer buffer(testData.begin(), testData.end()); + CKM::Alias alias = "iamsomebodyelse alias"; + + int temp; + auto manager = CKM::Manager::create(); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_ACCESS_DENIED == (temp = manager->saveData(alias, buffer, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T12110_saveData_empty_data) { CKM::RawBuffer buffer; CKM::Alias alias = "empty-data"; @@ -841,7 +1081,7 @@ RUNNER_TEST(T12107_saveData_empty_data) * These test cases tests API when trying to get data from not existing alias */ -RUNNER_TEST(T12108_getKey_alias_not_exist) +RUNNER_TEST(T12111_getKey_alias_not_exist) { CKM::KeyShPtr key; CKM::Alias alias = "this-alias-not-exist"; @@ -853,7 +1093,7 @@ RUNNER_TEST(T12108_getKey_alias_not_exist) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T12109_getCertificate_alias_not_exist) +RUNNER_TEST(T12112_getCertificate_alias_not_exist) { CKM::CertificateShPtr certificate; CKM::Alias alias = "this-alias-not-exist"; @@ -865,7 +1105,7 @@ RUNNER_TEST(T12109_getCertificate_alias_not_exist) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T12110_getData_alias_not_exist) +RUNNER_TEST(T12113_getData_alias_not_exist) { int temp; auto manager = CKM::Manager::create(); @@ -879,7 +1119,7 @@ RUNNER_TEST(T12110_getData_alias_not_exist) /* * These test cases tests API when damaged keys are used */ -RUNNER_TEST(T12111_rsa_key_damaged) +RUNNER_TEST(T12114_rsa_key_damaged) { int ret; auto manager = CKM::Manager::create(); @@ -906,7 +1146,7 @@ RUNNER_TEST(T12111_rsa_key_damaged) "Error=" << CKM::ErrorToString(ret)); } -RUNNER_TEST(T12112_rsa_key_too_short) +RUNNER_TEST(T12115_rsa_key_too_short) { int ret; auto manager = CKM::Manager::create(); @@ -930,7 +1170,7 @@ RUNNER_TEST(T12112_rsa_key_too_short) "Error=" << CKM::ErrorToString(ret)); } -RUNNER_TEST(T12113_dsa_key_too_short) +RUNNER_TEST(T12116_dsa_key_too_short) { int ret; auto manager = CKM::Manager::create(); @@ -962,7 +1202,7 @@ RUNNER_TEST(T12113_dsa_key_too_short) * These test cases tests CKM service if malicious data is provided over the socket. */ -RUNNER_TEST(T12114_rsa_key_damaged_serviceTest) +RUNNER_TEST(T12117_rsa_key_damaged_serviceTest) { int ret; auto manager = CKM::Manager::create(); @@ -1004,7 +1244,7 @@ RUNNER_TEST(T12114_rsa_key_damaged_serviceTest) "Error=" << CKM::ErrorToString(ret)); } -RUNNER_TEST(T12115_saveCertificate_damaged_serviceTest) +RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest) { // fake the client - let the service detect the problem class WrongCertImpl : public CKM::Certificate @@ -1045,7 +1285,7 @@ RUNNER_TEST(T12115_saveCertificate_damaged_serviceTest) "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T12116_deinit) +RUNNER_TEST(T12119_deinit) { int temp; auto control = CKM::Control::create(); @@ -1160,17 +1400,20 @@ RUNNER_TEST(T1312_get_chain) RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); RUNNER_ASSERT_MSG(false != cert1.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, + EMPTY_CERT_VECTOR, + EMPTY_CERT_VECTOR, + true, + certChain); + RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, + "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 0 == certChain.size(), "Wrong size of certificate chain."); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 3 == certChain.size(), @@ -1264,9 +1507,9 @@ RUNNER_TEST(T1313_get_chain_with_alias) RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain); + RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, + "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 0 == certChain.size(), @@ -1278,9 +1521,8 @@ RUNNER_TEST(T1313_get_chain_with_alias) aliasVector.push_back(full_address); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, aliasVector, EMPTY_ALIAS_VECTOR, true, certChain); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 3 == certChain.size(), @@ -1373,17 +1615,16 @@ RUNNER_TEST(T1314_ocsp_check) RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); RUNNER_ASSERT_MSG(NULL != cert1.get(), "Certificate should not be empty"); - RUNNER_ASSERT_MSG( - CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, CKM::CertificateShPtrVector(), certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, EMPTY_CERT_VECTOR, EMPTY_CERT_VECTOR, true, certChain); + RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, + "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 0 == certChain.size(), "Wrong size of certificate chain."); - RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, certVector, certChain)), - "Error=" << CKM::ErrorToString(tmp)); + tmp = manager->getCertificateChain(cert, certVector, EMPTY_CERT_VECTOR, true, certChain); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( 3 == certChain.size(), @@ -2055,6 +2296,8 @@ RUNNER_TEST(T1420_deinit) "Error=" << CKM::ErrorToString(temp)); } +RUNNER_TEST_GROUP_INIT(T1418_signature_tests); + RUNNER_TEST(T14180_init) { int temp; @@ -2381,7 +2624,7 @@ RUNNER_CHILD_TEST(T1510_init_unlock_key) "Error=" << CKM::ErrorToString(tmp)); } -RUNNER_CHILD_TEST(T1511_init_insert_data) +RUNNER_CHILD_TEST(T1511_insert_data) { AccessProvider ap("my-label"); ap.allowAPI("key-manager::api-storage", "rw"); @@ -2542,10 +2785,10 @@ RUNNER_CHILD_TEST(T1611_unlock_default_passwd) std::string invalid_address = aliasWithLabel("i-do-not-exist", alias.c_str()); RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeKey(invalid_address.c_str())), + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->removeAlias(invalid_address.c_str())), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->removeKey(alias)), + CKM_API_SUCCESS == (temp = manager->removeAlias(alias)), "Error=" << CKM::ErrorToString(temp)); } @@ -2560,9 +2803,13 @@ RUNNER_CHILD_TEST(T1612_init_change_user_password) RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->changeUserPassword(USER_APP,"","user-pass")), "Error=" << CKM::ErrorToString(tmp)); + // confirm changed password + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = control->unlockUserKey(USER_APP,"user-pass")), + CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->lockUserKey(USER_APP)), - "Error=" << CKM::ErrorToString(tmp)); + CKM::ErrorToString(tmp)); } RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative) @@ -2596,7 +2843,7 @@ RUNNER_CHILD_TEST(T1613_unlock_default_passwd_negative) CKM_API_ERROR_DB_LOCKED == (temp = manager->getKey(alias, CKM::Password(), key2)), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_LOCKED == (temp = manager->removeKey(alias)), + CKM_API_ERROR_DB_LOCKED == (temp = manager->removeAlias(alias)), "Error=" << CKM::ErrorToString(temp)); } @@ -2618,7 +2865,7 @@ RUNNER_TEST(T1701_init_unlock_key) "Error=" << CKM::ErrorToString(tmp)); } -RUNNER_CHILD_TEST(T1702_init_insert_data) +RUNNER_CHILD_TEST(T1702_insert_data) { int temp; AccessProvider ap("t170-special-label"); @@ -2941,7 +3188,31 @@ RUNNER_TEST(T17112_deinit) RUNNER_TEST_GROUP_INIT(T180_PKCS12); -RUNNER_TEST(T1801) { +namespace +{ +CKM::Alias alias_PKCS_collision = "test-PKCS-collision"; +CKM::Alias alias_PKCS_exportable = "test-PKCS-export"; +CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export"; +CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy"; +CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong"; +} + +RUNNER_TEST(T1800_init) { + int temp; + auto control = CKM::Control::create(); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), + "Error=" << CKM::ErrorToString(temp)); + + auto manager = CKM::Manager::create(); + manager->removeAlias(alias_PKCS_collision); + manager->removeAlias(alias_PKCS_exportable); + manager->removeAlias(alias_PKCS_not_exportable); + manager->removeAlias(alias_PKCS_priv_key_copy); + manager->removeAlias(alias_PKCS_priv_key_wrong); +} + +RUNNER_TEST(T1801_parse_PKCS12) { std::ifstream is("/usr/share/ckm-test/test1801.pkcs12"); std::istreambuf_iterator begin(is), end; std::vector buff(begin, end); @@ -3001,242 +3272,511 @@ RUNNER_TEST(T1803_negative_broken_buffer) { "Expected error in PKCS12::create()"); } -RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS); - -RUNNER_TEST(T1901_init_unlock_key) +RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias) { - int tmp; - auto control = CKM::Control::create(); + auto manager = CKM::Manager::create(); + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(0)), - "Error=" << CKM::ErrorToString(tmp)); + NULL != pkcs.get(), + "Error in PKCS12::create()"); + + // save private key + std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n" + "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n" + "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n" + "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n" + "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n" + "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n" + "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n" + "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n" + "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n" + "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n" + "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n" + "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n" + "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n" + "-----END RSA PRIVATE KEY-----\n"; + + std::string message = "message test"; + + auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); + RUNNER_ASSERT_MSG(NULL != keyPrv.get(), + "Key is empty. Failed to import private key."); + + int temp; RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(tmp)); + CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")), - "Error=" << CKM::ErrorToString(tmp)); + CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T1902_get_data) +RUNNER_TEST(T1805_add_bundle_with_chain_certificates) { auto manager = CKM::Manager::create(); - CKM::KeyShPtr ptr; - - int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr); + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1, - "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1)); -} + NULL != pkcs.get(), + "Error in PKCS12::create()"); -RUNNER_TEST(T1903_lock_database) -{ + auto cert = pkcs->getCertificate(); + RUNNER_ASSERT_MSG( + NULL != cert.get(), + "Error in PKCS12::getCertificate()"); + + auto key = pkcs->getKey(); + RUNNER_ASSERT_MSG( + NULL != key.get(), + "Error in PKCS12::getKey()"); + + auto caVector = pkcs->getCaCertificateShPtrVector(); + RUNNER_ASSERT_MSG( + 2 == caVector.size(), + "Wrong size of vector"); + + // save to the CKM int tmp; - auto control = CKM::Control::create(); + CKM::Policy exportable; + CKM::Policy notExportable(CKM::Password(), false); + RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->lockUserKey(0)), + CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)), + "Error=" << CKM::ErrorToString(tmp)); + + // try to lookup key + CKM::KeyShPtr key_lookup; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + + // try to lookup certificate + CKM::CertificateShPtr cert_lookup; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)), "Error=" << CKM::ErrorToString(tmp)); } -RUNNER_TEST(T1904_get_data_from_locked_database) +RUNNER_TEST(T1806_get_PKCS) { + int temp; auto manager = CKM::Manager::create(); - CKM::KeyShPtr ptr; - int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr); + CKM::PKCS12ShPtr pkcs; + // fail - no entry RUNNER_ASSERT_MSG( - CKM_API_ERROR_DB_LOCKED == status1, - "Could not get key from locked database. Error=" << CKM::ErrorToString(status1)); + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + // fail - not exportable + RUNNER_ASSERT_MSG( + CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + // success - exportable + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + auto cert = pkcs->getCertificate(); + RUNNER_ASSERT_MSG( + NULL != cert.get(), + "Error in PKCS12::getCertificate()"); + + auto key = pkcs->getKey(); + RUNNER_ASSERT_MSG( + NULL != key.get(), + "Error in PKCS12::getKey()"); + + auto caVector = pkcs->getCaCertificateShPtrVector(); + RUNNER_ASSERT_MSG( + 2 == caVector.size(), + "Wrong size of vector"); } -RUNNER_TEST(T1905_deinit) +RUNNER_TEST(T1807_create_and_verify_signature) { - int tmp; - auto control = CKM::Control::create(); + int temp; + auto manager = CKM::Manager::create(); + + std::string message = "message test"; + + CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; + CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; + CKM::RawBuffer signature; + RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(tmp)); + CKM_API_SUCCESS == (temp = manager->createSignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + hash, + padd, + signature)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->verifySignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + signature, + hash, + padd)), + "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST_GROUP_INIT (T200_CKM_CC_MODE_TESTS); // this test group is only for non-cc certified device -/* sequence - * default status : no event callback registered. // vconftool unset file/security_mdpp/security_mdpp_state - * - `ps axf | grep key-manager-listener | grep -v grep | awk '{print "kill -9 " $1}'` - * - vconftool unset file/security_mdpp/security_mdpp_state - * - /usr/bin/key-manager-listener - - * - Create RSA key // createKeyPairRSA - * - try to get private key -> must be success // getKey - * - vconftool set -t string file/security_mdpp/security_mdpp_state "Enabled" - * - try to get private key : must be success because no callback registered. // getKey - * - * new status : event callback registered. // unset mdpp_state vconf key and reset mdpp state vconf key - * - `ps axf | grep key-manager-listener | grep -v grep | awk '{print "kill -9 " $1}'` - * - vconftool set -t string file/security_mdpp/security_mdpp_state "Disabled" -f - * - /usr/bin/key-manager-listener - * - Create RSA key // createKeyPairRSA - * - try to get private key -> must be success // getKey - * - vconftool set -t string file/security_mdpp/security_mdpp_state "Enabled" -f - * - try to get private key -> must be fail because cc mode is set to 1 - */ +RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS) +{ + int temp; + auto manager = CKM::Manager::create(); + + std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n" + "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n" + "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n" + "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n" + "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n" + "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n" + "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n" + "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n" + "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n" + "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n" + "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n" + "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n" + "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n" + "-----END RSA PRIVATE KEY-----"; + std::string message = "message test"; + + auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); + RUNNER_ASSERT_MSG(NULL != keyPrv.get(), + "Key is empty. Failed to import private key."); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + + CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; + CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; + CKM::RawBuffer signature; -RUNNER_TEST(T2001_init_cc_mode_tests) + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->createSignature( + alias_PKCS_priv_key_copy, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + hash, + padd, + signature)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->verifySignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + signature, + hash, + padd)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS) { - system("`ps axf | grep key-manager-listener | grep -v grep | awk '{print \"kill -9 \" $1}'`"); - system("vconftool unset file/security_mdpp/security_mdpp_state"); - system("/usr/bin/key-manager-listener"); + int temp; + auto manager = CKM::Manager::create(); + + std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n" + "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n" + "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n" + "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n" + "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n" + "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n" + "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n" + "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n" + "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n" + "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n" + "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n" + "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n" + "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n" + "-----END RSA PRIVATE KEY-----\n"; + + std::string message = "message test"; + + auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); + RUNNER_ASSERT_MSG(NULL != keyPrv.get(), + "Key is empty. Failed to import private key."); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + + CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; + CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; + CKM::RawBuffer signature; + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->createSignature( + alias_PKCS_priv_key_wrong, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + hash, + padd, + signature)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + signature, + hash, + padd)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1810_verify_get_certificate_chain) +{ + // this certificate has been signed using PKCS chain + std::string im = "-----BEGIN CERTIFICATE-----\n" + "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n" + "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n" + "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n" + "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n" + "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n" + "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n" + "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n" + "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n" + "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n" + "Qw==\n" + "-----END CERTIFICATE-----\n"; + + auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM); + CKM::CertificateShPtrVector certChain; + CKM::AliasVector aliasVector; int tmp; - auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->setCCMode(CKM::CCModeState::CC_MODE_OFF)), // default state : cc mode off + auto manager = CKM::Manager::create(); + + RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); + + tmp = manager->getCertificateChain(cert, + EMPTY_ALIAS_VECTOR, + EMPTY_ALIAS_VECTOR, + true, + certChain); + RUNNER_ASSERT_MSG(CKM_API_ERROR_VERIFICATION_FAILED == tmp, + "Error=" << CKM::ErrorToString(tmp)); + + RUNNER_ASSERT_MSG( + 0 == certChain.size(), + "Wrong size of certificate chain."); + + aliasVector.push_back(alias_PKCS_exportable); + + tmp = manager->getCertificateChain(cert, EMPTY_ALIAS_VECTOR, aliasVector, false, certChain); + RUNNER_ASSERT_MSG(CKM_API_SUCCESS == tmp, "Error=" << CKM::ErrorToString(tmp)); + + // 1(cert) + 1(pkcs12 cert) + 2(pkcs12 chain cert) = 4 + RUNNER_ASSERT_MSG( + 4 == certChain.size(), + "Wrong size of certificate chain: " << certChain.size()); +} + +RUNNER_TEST(T1811_remove_bundle_with_chain_certificates) +{ + auto manager = CKM::Manager::create(); + int tmp; + + + // remove the whole PKCS12 bundles + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)), "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->lockUserKey(0)), + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)), "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->removeUserData(0)), + + // expect lookup fails due to unknown alias + // try to lookup key + CKM::KeyShPtr key_lookup; + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)), "Error=" << CKM::ErrorToString(tmp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t200-special-password")), + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + + // try to lookup certificate + CKM::CertificateShPtr cert_lookup; + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)), "Error=" << CKM::ErrorToString(tmp)); - system(""); } -RUNNER_TEST(T2002_CC_Mode_Changed_Event_Callback_Not_Registered) +RUNNER_TEST(T1812_get_pkcs12_password_tests) { - int temp; + CKM::Alias alias = "t1812alias1"; + auto manager = CKM::Manager::create(); - CKM::Alias rsa_pri_alias("rsa-private-T2002"); - CKM::Alias rsa_pub_alias("rsa-public-T2002"); - CKM::Alias ecdsa_pri_alias("ecdsa-private-T2002"); - CKM::Alias ecdsa_pub_alias("ecdsa-public-T2002"); + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + CKM::PKCS12ShPtr pkcs12; + CKM::Password pass1 = "easypass1"; + CKM::Password pass2 = "easypass2"; + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairRSA( - 1024, - rsa_pri_alias, - rsa_pub_alias, - CKM::Policy(CKM::Password(), true), - CKM::Policy(CKM::Password(), true))), - "Error=" << CKM::ErrorToString(temp)); + NULL != pkcs.get(), + "Error in PKCS12::create()"); + int temp; RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA( - CKM::ElipticCurve::prime192v1, - ecdsa_pri_alias, - ecdsa_pub_alias, - CKM::Policy(CKM::Password(), true), - CKM::Policy(CKM::Password(), true))), - "Error=" << CKM::ErrorToString(temp)); + CKM_API_SUCCESS == (temp = manager->savePKCS12(alias, pkcs, CKM::Policy(pass1), CKM::Policy(pass2))), + "Error=" << CKM::ErrorToString(temp)); - CKM::KeyShPtr key1; + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pkcs)), + "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey( - rsa_pri_alias, - CKM::Password(), - key1)), - "Error=" << CKM::ErrorToString(temp)); + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), CKM::Password(), pkcs)), + "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey( - ecdsa_pri_alias, - CKM::Password(), - key1)), - "Error=" << CKM::ErrorToString(temp)); + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, pass1, CKM::Password(), pkcs)), + "Error=" << CKM::ErrorToString(temp)); - system("vconftool set -t string file/security_mdpp/security_mdpp_state \"Enabled\""); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getPKCS12(alias, CKM::Password(), pass2, pkcs)), + "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey( - rsa_pri_alias, - CKM::Password(), - key1)), - "Error=" << CKM::ErrorToString(temp)); + CKM_API_SUCCESS == (temp = manager->getPKCS12(alias, pass1, pass2, pkcs)), + "Error=" << CKM::ErrorToString(temp)); + CKM::CertificateShPtr cert; RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey( - ecdsa_pri_alias, - CKM::Password(), - key1)), - "Error=" << CKM::ErrorToString(temp)); + CKM_API_SUCCESS == (temp = manager->getCertificate(alias, pass2, cert)), + "Error=" << CKM::ErrorToString(temp)); + + CKM::CertificateShPtrVector certChain; + CKM::AliasVector certVect; + certVect.push_back(alias); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_AUTHENTICATION_FAILED == (temp = manager->getCertificateChain(cert, certVect, certVect, true, certChain)), + "Error=" << CKM::ErrorToString(temp)); } -RUNNER_TEST(T2003_CC_Mode_Changed_Event_Callback_Registered) +RUNNER_TEST(T1813_deinit) { - system("`ps axf | grep key-manager-listener | grep -v grep | awk '{print \"kill -9 \" $1}'`"); - system("vconftool set -t string file/security_mdpp/security_mdpp_state \"Disabled\" -f"); - system("/usr/bin/key-manager-listener"); - int temp; - auto manager = CKM::Manager::create(); - CKM::Alias rsa_pri_alias("rsa-private-T2003"); - CKM::Alias rsa_pub_alias("rsa-public-T2003"); - CKM::Alias ecdsa_pri_alias("ecdsa-private-T2003"); - CKM::Alias ecdsa_pub_alias("ecdsa-public-T2003"); + auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairRSA( - 1024, - rsa_pri_alias, - rsa_pub_alias, - CKM::Policy(CKM::Password(), true), - CKM::Policy(CKM::Password(), true))), - "Error=" << CKM::ErrorToString(temp)); + CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS); +RUNNER_TEST(T1901_init_unlock_key) +{ + int tmp; + auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->createKeyPairECDSA( - CKM::ElipticCurve::prime192v1, - ecdsa_pri_alias, - ecdsa_pub_alias, - CKM::Policy(CKM::Password(), true), - CKM::Policy(CKM::Password(), true))), - "Error=" << CKM::ErrorToString(temp)); + CKM_API_SUCCESS == (tmp = control->lockUserKey(0)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = control->removeUserData(0)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = control->unlockUserKey(0, "t190-special-password")), + "Error=" << CKM::ErrorToString(tmp)); +} + +RUNNER_TEST(T1902_get_data) +{ + auto manager = CKM::Manager::create(); + CKM::KeyShPtr ptr; - CKM::KeyShPtr key1; + int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey( - rsa_pri_alias, - CKM::Password(), - key1)), - "Error=" << CKM::ErrorToString(temp)); + CKM_API_ERROR_DB_ALIAS_UNKNOWN == status1, + "Could not put certificate in datbase. Error=" << CKM::ErrorToString(status1)); +} +RUNNER_TEST(T1903_lock_database) +{ + int tmp; + auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = manager->getKey( - ecdsa_pri_alias, - CKM::Password(), - key1)), - "Error=" << CKM::ErrorToString(temp)); + CKM_API_SUCCESS == (tmp = control->lockUserKey(0)), + "Error=" << CKM::ErrorToString(tmp)); +} - system("vconftool set -t string file/security_mdpp/security_mdpp_state \"Enabled\" -f"); +RUNNER_TEST(T1904_get_data_from_locked_database) +{ + auto manager = CKM::Manager::create(); + CKM::KeyShPtr ptr; - RUNNER_ASSERT_MSG( - CKM_API_ERROR_BAD_REQUEST == (temp = manager->getKey( - rsa_pri_alias, - CKM::Password(), - key1)), - "Error=" << CKM::ErrorToString(temp)); + int status1 = manager->getKey(CKM::Alias("CertEEE"), CKM::Password(), ptr); RUNNER_ASSERT_MSG( - CKM_API_ERROR_BAD_REQUEST == (temp = manager->getKey( - ecdsa_pri_alias, - CKM::Password(), - key1)), - "Error=" << CKM::ErrorToString(temp)); + CKM_API_ERROR_DB_LOCKED == status1, + "Could not get key from locked database. Error=" << CKM::ErrorToString(status1)); } -RUNNER_TEST(T2004_deinit) +RUNNER_TEST(T1905_deinit) { int tmp; auto control = CKM::Control::create(); - RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->removeUserData(0)), - "Error=" << CKM::ErrorToString(tmp)); - RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (tmp = control->setCCMode(CKM::CCModeState::CC_MODE_OFF)), // default state : cc mode off + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = control->removeUserData(0)), "Error=" << CKM::ErrorToString(tmp)); - system("`ps axf | grep key-manager-listener | grep -v grep | awk '{print \"kill -9 \" $1}'`"); - system("vconftool unset file/security_mdpp/security_mdpp_state"); - system("/usr/bin/key-manager-listener"); } int main(int argc, char *argv[])