******************************************************************/
-
+#include <fcntl.h>
#include <iostream>
#include <string.h>
#include <oic_malloc.h>
for (unsigned int i = 0; i < RUNS; i++)
{
- code.len = rand() % MAX_LEN;
+ code.len = (size_t)((size_t)rand() % MAX_LEN);
code.data = (uint8_t *)malloc(code.len * sizeof(uint8_t));
EXPECT_NE(code.data, (uint8_t *)NULL);
ASSERT_EQ(PKI_CERT_DATE_INVALID, CheckCertificate(certDer, pubKey));
certDer.len = sizeof(derData);
- ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate((uint8_t *)"160101000000Z", 0, &certDer));
+ ASSERT_EQ(PKI_SUCCESS, CKMIssueRootCertificate((uint8_t *)"170101000000Z", 0, &certDer));
ASSERT_EQ(PKI_CERT_DATE_INVALID, CheckCertificate(certDer, pubKey));
}
ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo());
//test checking of certificate generated by OpenSSL
TEST(OpenSSLCompatibility, verifyOpenSslCertSign)
{
+ struct stat st;
+ uint8_t crtData[ISSUER_MAX_CERT_SIZE] = {0};
+ uint8_t pubKeyData[PUBLIC_KEY_SIZE] = {0};
ByteArray crtDer = BYTE_ARRAY_INITIALIZER;
+ ByteArray pubKey = BYTE_ARRAY_INITIALIZER;
CertificateX509 certificate;
- FILE *fileCert = fopen("01.der", "rb");
- ASSERT_TRUE(fileCert != NULL);
+ crtDer.data = crtData;
+ crtDer.len = sizeof(crtData);
+ pubKey.data = pubKeyData;
+ pubKey.len = sizeof(pubKeyData);
- //get the length
- fseek(fileCert, 0, SEEK_END);
- crtDer.len = ftell(fileCert);
- fseek(fileCert, 0, SEEK_SET);
- //allocate memory
- crtDer.data = (uint8_t*)malloc(crtDer.len+1);
+ //open file
+ int fileCert = open("01.der", O_RDONLY);
+ ASSERT_TRUE(fileCert != -1);
+ //get status
+ ASSERT_TRUE(fstat(fileCert, &st) == 0);
//read the content
- EXPECT_EQ(READ_WRITE_BLOCK_N, fread(crtDer.data, crtDer.len, READ_WRITE_BLOCK_N, fileCert));
- fclose(fileCert);
-
- ByteArray pubKey = BYTE_ARRAY_INITIALIZER;
- FILE * fileKey = fopen("capub.der", "rb");
- ASSERT_TRUE(fileKey != NULL);
- fseek(fileKey, 0, SEEK_END);
- pubKey.len = ftell(fileKey);
- fseek(fileKey, 0, SEEK_SET);
- //openssl generates a public key that is longer than 64 bytes
- //with additional 27 bytes prepending the actual key
- if(pubKey.len > PUBLIC_KEY_SIZE){
- fseek(fileKey, (pubKey.len - PUBLIC_KEY_SIZE), SEEK_SET);
- pubKey.len = PUBLIC_KEY_SIZE;
+ int res = read(fileCert, crtDer.data, crtDer.len);
+ ASSERT_NE(-1, res);
+ EXPECT_EQ(st.st_size, res);
+ close(fileCert);
+
+ //open file
+ int fileKey = open("capub.der", O_RDONLY);
+ ASSERT_TRUE(fileKey != -1);
+ //get status
+ ASSERT_TRUE(fstat(fileKey, &st) == 0);
+
+ if(st.st_size > PUBLIC_KEY_SIZE)
+ {
+ ASSERT_NE(-1, lseek(fileKey, (st.st_size - PUBLIC_KEY_SIZE), SEEK_SET));
}
- pubKey.data = (uint8_t*)malloc(pubKey.len+1);
+
//read the content
- EXPECT_EQ(READ_WRITE_BLOCK_N, fread(pubKey.data, pubKey.len, READ_WRITE_BLOCK_N, fileKey));
- fclose(fileKey);
+ res = read(fileKey, pubKey.data, pubKey.len);
+ ASSERT_NE(-1, res);
+ EXPECT_EQ(PUBLIC_KEY_SIZE, res);
+ close(fileKey);
EXPECT_EQ(PKI_SUCCESS, DecodeCertificate(crtDer, &certificate));
EXPECT_EQ(PKI_SUCCESS, CheckCertificate(crtDer, pubKey));
-
- free(crtDer.data);
- free(pubKey.data);
}
//test parsing of certificate chain generated by OpenSSL
//test checking CA certificate generated by OpenSSL
TEST(OpenSSLCompatibility, testOpenSSLCertificate)
{
+ struct stat st;
ByteArray crtDer = BYTE_ARRAY_INITIALIZER;
- FILE *fileCert = fopen("cacert.der", "rb");
- ASSERT_TRUE(fileCert != NULL);
+ uint8_t crtData[ISSUER_MAX_CERT_SIZE] = {0};
+
+ crtDer.data = crtData;
+ crtDer.len = sizeof(crtData);
+
+ //open file
+ int fd = open("cacert.der", O_RDONLY);
+ ASSERT_TRUE(fd != -1);
+ //get status
+ ASSERT_TRUE(fstat(fd, &st) == 0);
- //get the length
- fseek(fileCert, 0, SEEK_END);
- crtDer.len = ftell(fileCert);
- fseek(fileCert, 0, SEEK_SET);
- //allocate memory
- crtDer.data = (uint8_t*)malloc(crtDer.len+1);
//read the content
- EXPECT_EQ(READ_WRITE_BLOCK_N, fread(crtDer.data, crtDer.len, READ_WRITE_BLOCK_N, fileCert));
+ int res = read(fd, crtDer.data, crtDer.len);
+ ASSERT_NE(-1, res);
+ ASSERT_EQ(st.st_size, res);
+ close(fd);
+
+ crtDer.len = st.st_size;
- fclose(fileCert);
#ifdef X509_DEBUG
printf("Length of cert: %lu\n", crtDer.len);
#endif
EXPECT_EQ(PKI_SUCCESS, DecodeCertificate(crtDer, &PKITest::g_certificate));
- free(crtDer.data);
}
//test signatures checking of certificate chain generated by OpenSSL
TEST(OpenSSLCompatibility, ParseAndCheckCertificateChain)
{
+ struct stat st;
ByteArray crtChainDer[MAX_CHAIN_LEN] = {{0,0},};
CertificateX509 crtChain[MAX_CHAIN_LEN] = {{{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0}},};
ByteArray msg = BYTE_ARRAY_INITIALIZER;
ASSERT_TRUE(fileChain != NULL);
//get the length
- fseek(fileChain, 0, SEEK_END);
- msg.len = ftell(fileChain);
- fseek(fileChain, 0, SEEK_SET);
+ ASSERT_NE(-1, fseek(fileChain, 0, SEEK_END));
+ int len = ftell(fileChain);
+ ASSERT_NE(-1, len);
+ msg.len = (size_t) len;
+ ASSERT_NE(-1, fseek(fileChain, 0, SEEK_SET));
//allocate memory
msg.data = (uint8_t*)malloc(msg.len+1);
//read the content
- EXPECT_EQ(READ_WRITE_BLOCK_N, fread(msg.data, msg.len, READ_WRITE_BLOCK_N, fileChain));
+ ASSERT_EQ(READ_WRITE_BLOCK_N, fread(msg.data, msg.len, READ_WRITE_BLOCK_N, fileChain));
fclose (fileChain);
EXPECT_EQ(PKI_SUCCESS, ParseCertificateChain(crtChainDer, crtChain, chainLength));
ByteArray caPubKey = BYTE_ARRAY_INITIALIZER;
+ uint8_t pubKeyData[PUBLIC_KEY_SIZE] = {0};
+
+ caPubKey.data = pubKeyData;
+ caPubKey.len = sizeof(pubKeyData);
- const char* caPubKeyPath = {"capub.der"};
- FILE *fileCaPubKey = fopen(caPubKeyPath, "rb");
- ASSERT_TRUE(fileCaPubKey != NULL);
+ //open file
+ int fileKey = open("capub.der", O_RDONLY);
+ ASSERT_TRUE(fileKey != -1);
+ //get status
+ ASSERT_TRUE(fstat(fileKey, &st) == 0);
- fseek(fileCaPubKey, 0, SEEK_END);
- caPubKey.len = ftell(fileCaPubKey);
- fseek(fileCaPubKey, 0, SEEK_SET);
- if(caPubKey.len > PUBLIC_KEY_SIZE){
- fseek(fileCaPubKey, (caPubKey.len - PUBLIC_KEY_SIZE), SEEK_SET);
- caPubKey.len = PUBLIC_KEY_SIZE;
+ if(st.st_size > PUBLIC_KEY_SIZE)
+ {
+ ASSERT_NE(-1, lseek(fileKey, (st.st_size - PUBLIC_KEY_SIZE), SEEK_SET));
}
- caPubKey.data = (uint8_t*)malloc(caPubKey.len+1);
+
//read the content
- EXPECT_EQ(READ_WRITE_BLOCK_N, fread(caPubKey.data, caPubKey.len, READ_WRITE_BLOCK_N, fileCaPubKey));
- fclose(fileCaPubKey);
+ int res = read(fileKey, caPubKey.data, caPubKey.len);
+ ASSERT_NE(-1, res);
+ EXPECT_EQ(PUBLIC_KEY_SIZE, res);
+ close(fileKey);
EXPECT_EQ(PKI_SUCCESS, CheckCertificateChain(crtChain, chainLength, caPubKey));
free(msg.data - 3);
- free(caPubKey.data);
}
//testing correctness of decoding certificate length from ASN.1 structure
TEST_F(PKITest, CAInitAndSerialNum)
{
ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
- long serialNum = rand() % (MAX_LEN - 1) + 1;
+ long serialNum = (long)((long)rand() % (MAX_LEN - 1) + 1);
ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
//all the serials should start from
ASSERT_EQ(PKI_SUCCESS, SetSerialNumber(serialNum));
TEST_F(PKITest, testCAName)
{
ByteArray caName = BYTE_ARRAY_INITIALIZER;
- caName.len = ((size_t)rand() % (ISSUER_MAX_NAME_SIZE - 1) + 1);
+ caName.len = (size_t)((size_t)rand() % (ISSUER_MAX_NAME_SIZE - 1) + 1);
caName.data = (uint8_t*)malloc(caName.len);
size_t i;
for(i = 0; i < caName.len; i++){
//checck correctness of saving root certificate to binary file
TEST_F(PKITest, StoreCKMInfo)
{
+ struct stat st;
ASSERT_EQ(PKI_SUCCESS, InitCKMInfo());
uint8_t derData[ISSUER_MAX_CERT_SIZE] = {0};
uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
// Check Certificate file
CertificateX509 certificate;
ByteArray crtDer = BYTE_ARRAY_INITIALIZER;
- FILE *filePtr = fopen(CA_STORAGE_CRT_FILE , "rb");
- ASSERT_TRUE(filePtr != NULL);
+ uint8_t crtDerData[ISSUER_MAX_CERT_SIZE] = {0};
- //get the length
- fseek(filePtr, 0, SEEK_END);
- crtDer.len = ftell(filePtr);
- fseek(filePtr, 0, SEEK_SET);
- //allocate memory
- crtDer.data = (uint8_t*)malloc(crtDer.len+1);
+ crtDer.data = crtDerData;
+ crtDer.len = sizeof(crtDerData);
+
+ //open file
+ int fd = open(CA_STORAGE_CRT_FILE, O_RDONLY);
+ ASSERT_TRUE(fd != -1);
+ //get status
+ ASSERT_TRUE(fstat(fd, &st) == 0);
//read the content
- EXPECT_EQ(READ_WRITE_BLOCK_N, fread(crtDer.data, crtDer.len, READ_WRITE_BLOCK_N, filePtr));
- fclose(filePtr);
+ int res = read(fd, crtDer.data, crtDer.len);
+ ASSERT_NE(-1, res);
+ EXPECT_EQ(st.st_size > ISSUER_MAX_CERT_SIZE ? ISSUER_MAX_CERT_SIZE : st.st_size, res);
+ close(fd);
+
ByteArray crtCheck;
crtCheck.data = crtDer.data + 3; //now file contains length of certificate
crtCheck.len = crtDer.len - 3;
EXPECT_EQ(PKI_SUCCESS, CloseCKMInfo());
free(crlDer.data);
free(code.data);
- free(crtDer.data);
}
//check correctness of root certificate generation
{
OicSecCrl_t *defaultCrl = NULL;
defaultCrl = (OicSecCrl_t *)OICCalloc(1, sizeof(OicSecCrl_t));
+ ASSERT_NE(defaultCrl, (OicSecCrl_t *) NULL);
defaultCrl->CrlId = CRL_DEFAULT_CRL_ID;
defaultCrl->CrlData.data = (uint8_t *)CRL_DEFAULT_CRL_DATA;
defaultCrl->CrlData.len = strlen(CRL_DEFAULT_CRL_DATA);
int main(int argc, char **argv)
{
+ int urandom;
+ unsigned int seed = 0;
+
+ urandom = open ("/dev/urandom", O_RDONLY);
+ if(urandom)
+ {
+ fprintf(stderr, "Cannot open /dev/urandom\n");
+ }
+ else
+ {
+ if(read(urandom, &seed, sizeof(seed)) != sizeof(seed))
+ {
+ fprintf(stderr, "Error read from /dev/urandom\n");
+ }
+ close(urandom);
+ }
+
+ srand(seed);
+
::testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}