From: i.pazderskyy Date: Tue, 24 May 2016 15:34:25 +0000 (+0300) Subject: Implement missing unit tests for CKM. X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c2b7d54fdd4c59e3422d2ff635475eca0d7dec80;p=contrib%2Fiotivity.git Implement missing unit tests for CKM. Added CKM unit tests to common build. Added result state to functions. Change-Id: I11ef2d003f95d850ed395f5c2584bbb34ca154a4 Signed-off-by: i.pazderskyy Reviewed-on: https://gerrit.iotivity.org/gerrit/8307 Tested-by: jenkins-iotivity Reviewed-by: Dmitriy Zhuravlev Reviewed-by: Chul Lee Reviewed-by: Jongsung Lee Reviewed-by: Randeep Singh --- diff --git a/resource/csdk/connectivity/api/casecurityinterface.h b/resource/csdk/connectivity/api/casecurityinterface.h index 3d12870..cab30a7 100644 --- a/resource/csdk/connectivity/api/casecurityinterface.h +++ b/resource/csdk/connectivity/api/casecurityinterface.h @@ -121,7 +121,7 @@ typedef int (*CAGetDTLSX509CredentialsHandler)(CADtlsX509Creds_t *credInfo); * credInfo which is then freed by CA * @return NONE */ -typedef void (*CAGetDTLSCrlHandler)(ByteArray crlInfo); +typedef void (*CAGetDTLSCrlHandler)(ByteArray* crlInfo); /** * @brief Register callback to get DTLS Cert credentials. diff --git a/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c b/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c index 43f7337..e31c1cf 100644 --- a/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c +++ b/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c @@ -838,7 +838,7 @@ int CAInitX509() { uint8_t crlData[CRL_MAX_LEN] = {0}; ByteArray crlArray = {crlData, CRL_MAX_LEN}; - g_getCrlCallback(crlArray); + g_getCrlCallback(&crlArray); if (crlArray.len > 0) { uint8_t keyData[PUBLIC_KEY_SIZE] = {0}; diff --git a/resource/csdk/security/include/internal/crlresource.h b/resource/csdk/security/include/internal/crlresource.h index 454bec7..3e98f8c 100644 --- a/resource/csdk/security/include/internal/crlresource.h +++ b/resource/csdk/security/include/internal/crlresource.h @@ -51,7 +51,7 @@ uint8_t* GetCrl(); * * @return encoded CRL with DER format. array len is 0 if error occured (e.g. CRL did not set). */ -void GetDerCrl(ByteArray crlArray); +void GetDerCrl(ByteArray* crlArray); /** * This function converts CRL to CBOR @@ -90,8 +90,10 @@ OCStackResult InitCRLResource(); /** * Perform cleanup for CRL resources. + * + * @return ::OC_STACK_OK for Success, otherwise some error value. */ -void DeInitCRLResource(); +OCStackResult DeInitCRLResource(); /** * Get an instance of CRL resource. diff --git a/resource/csdk/security/provisioning/ck_manager/unittest/SConscript b/resource/csdk/security/provisioning/ck_manager/unittest/SConscript index 6218806..7a6f072 100644 --- a/resource/csdk/security/provisioning/ck_manager/unittest/SConscript +++ b/resource/csdk/security/provisioning/ck_manager/unittest/SConscript @@ -68,14 +68,19 @@ if not env.get('RELEASE'): ###################################################################### # Source files and Targets ###################################################################### -unittest = pki_test_env.Program('unittest', ['pki_test.cpp']) +unittest = pki_test_env.Program('unittest', ['pki_test.cpp', + 'ckm_info_test.cpp', + 'crl_generator_test.cpp', + 'csr_generator_test.cpp']) Alias("test", [unittest]) unittest_src_dir = src_dir + '/resource/csdk/security/provisioning/ck_manager/unittest/test_data/' -unittest_build_dir = env.get('BUILD_DIR') +'/resource/csdk/security/provisioning/ck_manager/unittest' +unittest_build_dir = env.get('BUILD_DIR') +'resource/csdk/security/provisioning/ck_manager/unittest' + +pki_test_env.AppendUnique(CPPDEFINES = ['SECURITY_BUILD_UNITTEST_DIR='+unittest_build_dir]) pki_test_env.Alias("install",env.Install( unittest_build_dir, [ unittest_src_dir + '01.der', unittest_src_dir + 'cacert.der', @@ -95,6 +100,6 @@ if env.get('TEST') == '1': pki_test_env.AppendENVPath('GTEST_OUTPUT', ['xml:'+ result_dir]) pki_test_env.AppendENVPath('LD_LIBRARY_PATH', [out_dir]) pki_test_env.AppendENVPath('LD_LIBRARY_PATH', [src_dir + '/extlibs/gtest/gtest-1.7.0/lib/.libs']) - ut = pki_test_env.Command ('ut', None, out_dir + '/resource/csdk/security/unittest/unittest') + ut = pki_test_env.Command ('ut', None, out_dir + '/resource/csdk/security/provisioning/ck_manager/unittest/unittest') AlwaysBuild ('ut') diff --git a/resource/csdk/security/provisioning/ck_manager/unittest/ckm_info_test.cpp b/resource/csdk/security/provisioning/ck_manager/unittest/ckm_info_test.cpp new file mode 100644 index 0000000..28fc7d7 --- /dev/null +++ b/resource/csdk/security/provisioning/ck_manager/unittest/ckm_info_test.cpp @@ -0,0 +1,277 @@ +/****************************************************************** + * + * Copyright 2016 Samsung Electronics All Rights Reserved. + * + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + + ******************************************************************/ + +#include +#include +#include "ckm_info.h" + +#define ISSUER_NAME_SIZE (16) +#define CERT_LEN 469 + +class CKMInfoTest : public ::testing::Test +{ +public: + static void SetUpTestCase() + { + } + + static void TearDownTestCase() + { + } + + static const ByteArray publicKey; + static const ByteArray privateKey; + static const ByteArray derCode ; + static const long nextSN; + static const long crlSerialNum; + static const ByteArray caName; +}; + +const ByteArray CKMInfoTest::publicKey = {(uint8_t[]) +{ + 0x8c, 0xc8, 0x92, 0x1d, 0xaa, 0x7f, 0xf0, 0xe4, 0xb2, 0x75, 0xd6, 0x4a, 0xf1, 0xd5, 0x14, 0x3f, + 0x1a, 0x09, 0xc5, 0x3e, 0x52, 0xd6, 0xda, 0xa0, 0xbf, 0x90, 0x43, 0xd1, 0x6b, 0xfe, 0xd1, 0xb3, + 0x75, 0x5c, 0xdd, 0x69, 0xac, 0x42, 0xa1, 0xcb, 0x03, 0x16, 0xee, 0xa4, 0x30, 0xa5, 0x8d, 0x36, + 0x8f, 0xc5, 0x7b, 0xb4, 0xb5, 0x6a, 0x7d, 0x9b, 0x16, 0x04, 0x46, 0xab, 0xae, 0xbb, 0x56, 0xa1 +}, PUBLIC_KEY_SIZE }; + +const ByteArray CKMInfoTest::privateKey = {(uint8_t[]) +{ + 0xd6, 0xc8, 0x92, 0x16, 0x36, 0x7f, 0xf0, 0xe4, 0xb2, 0x75, 0xd6, 0x4a, 0xf1, 0x3f, 0x14, 0x30, + 0x1a, 0x69, 0xc5, 0x3e, 0x52, 0xd6, 0xda, 0xa0, 0xbf, 0xae, 0x43, 0xd1, 0x6b, 0xfe, 0xd1, 0x36 +}, PRIVATE_KEY_SIZE }; + +const ByteArray CKMInfoTest::derCode = {(uint8_t[]) + { + 0x30, 0x82, 0x01, 0xd1, 0x30, 0x82, 0x01, 0x77, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, + 0xd7, 0x56, 0x8c, 0xfc, 0x53, 0x18, 0xb0, 0xab, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, + 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, + 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, + 0x35, 0x30, 0x33, 0x31, 0x32, 0x31, 0x32, 0x32, 0x35, 0x31, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x37, + 0x30, 0x33, 0x31, 0x31, 0x31, 0x32, 0x32, 0x35, 0x31, 0x31, 0x5a, 0x30, 0x45, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, + 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, + 0x74, 0x64, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x8c, 0xc8, 0x92, + 0x1d, 0xaa, 0x7f, 0xf0, 0xe4, 0xb2, 0x75, 0xd6, 0x4a, 0xf1, 0xd5, 0x14, 0x3f, 0x1a, 0x09, 0xc5, + 0x3e, 0x52, 0xd6, 0xda, 0xa0, 0xbf, 0x90, 0x43, 0xd1, 0x6b, 0xfe, 0xd1, 0xb3, 0x75, 0x5c, 0xdd, + 0x69, 0xac, 0x42, 0xa1, 0xcb, 0x03, 0x16, 0xee, 0xa4, 0x30, 0xa5, 0x8d, 0x36, 0x8f, 0xc5, 0x7b, + 0xb4, 0xb5, 0x6a, 0x7d, 0x9b, 0x16, 0x04, 0x46, 0xab, 0xae, 0xbb, 0x56, 0xa1, 0xa3, 0x50, 0x30, + 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x5c, 0x0e, 0x30, 0xa8, + 0x8e, 0x7f, 0xc9, 0x02, 0xcd, 0xa8, 0xed, 0x0d, 0x1a, 0x1b, 0xd9, 0x7d, 0xe6, 0xce, 0x2a, 0x59, + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x5c, 0x0e, 0x30, + 0xa8, 0x8e, 0x7f, 0xc9, 0x02, 0xcd, 0xa8, 0xed, 0x0d, 0x1a, 0x1b, 0xd9, 0x7d, 0xe6, 0xce, 0x2a, + 0x59, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, + 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, + 0x02, 0x21, 0x00, 0xf6, 0x79, 0xed, 0x69, 0xd5, 0xe5, 0xba, 0x42, 0x14, 0xfc, 0xce, 0x47, 0xf1, + 0x61, 0x1c, 0x51, 0x11, 0x2b, 0xba, 0x04, 0x70, 0x56, 0x78, 0xaf, 0xa9, 0xa6, 0x98, 0x8f, 0x4b, + 0xa8, 0x11, 0x67, 0x02, 0x20, 0x3a, 0xdf, 0xf1, 0x74, 0xc9, 0x2f, 0xfb, 0x84, 0x46, 0xde, 0xbc, + 0x2d, 0xda, 0xe3, 0x05, 0xb4, 0x81, 0x31, 0x45, 0xf7, 0x3d, 0x71, 0x46, 0x07, 0xa7, 0xd8, 0xcb, + 0xae, 0x1e, 0x1b, 0x1c, 0x5a + }, CERT_LEN }; + +const long CKMInfoTest::nextSN = 0x111111; + +const long CKMInfoTest::crlSerialNum = 0x22222; + +const ByteArray CKMInfoTest::caName = {(uint8_t[]) +{ + 0x1a, 0x1a, 0x1a, 0x1d, 0xaa, 0x7f, 0xf0, 0xe4, 0xb2, 0x75, 0xd6, 0x4a, 0xf1, 0xd5, 0x14, 0x3f +}, ISSUER_NAME_SIZE }; + +//InitCRT test +TEST(CKMInfoTest, InitCRT) +{ + ASSERT_EQ(PKI_SUCCESS, InitCRT()); +} + +//SaveCRT test +TEST(CKMInfoTest, SaveCRT) +{ + ASSERT_EQ(PKI_SUCCESS, SaveCRT()); +} + +//InitCRL test +TEST(CKMInfoTest, InitCRL) +{ + ASSERT_EQ(PKI_SUCCESS, InitCRL()); +} + +//SaveCRL test +TEST(CKMInfoTest, SaveCRL) +{ + ASSERT_EQ(PKI_SUCCESS, SaveCRL()); +} + +//InitCKMInfo test +TEST(CKMInfoTest, InitCKMInfo) +{ + ASSERT_EQ(PKI_SUCCESS, InitCKMInfo()); +} + +//SaveCKMInfo test +TEST(CKMInfoTest, SaveCKMInfo) +{ + ASSERT_EQ(PKI_SUCCESS, SaveCKMInfo()); +} + +//SetGetNextSerialNumber test +TEST(CKMInfoTest, SetGetNextSerialNumber) +{ + ASSERT_EQ(PKI_SUCCESS, SetNextSerialNumber(CKMInfoTest::nextSN)); + long nSn = 0; + ASSERT_EQ(PKI_SUCCESS, GetNextSerialNumber(&nSn)); + EXPECT_TRUE(nSn == CKMInfoTest::nextSN); +} + +//SetGetCAPrivateKey test +TEST(CKMInfoTest, SetGetCAPrivateKey) +{ + ASSERT_EQ(PKI_SUCCESS, SetCAPrivateKey(&CKMInfoTest::privateKey)); + + ByteArray privateKey = {0,0}; + privateKey.data = (uint8_t*)OICMalloc(PRIVATE_KEY_SIZE); + privateKey.len = PRIVATE_KEY_SIZE; + EXPECT_TRUE(NULL != privateKey.data); + + EXPECT_EQ(PKI_SUCCESS, GetCAPrivateKey(&privateKey)); + EXPECT_TRUE(0 == memcmp(CKMInfoTest::privateKey.data, privateKey.data, PRIVATE_KEY_SIZE)); + OICFree(privateKey.data); +} + +//SetGetCAPublicKey test +TEST(CKMInfoTest, SetGetCAPublicKey) +{ + ASSERT_EQ(PKI_SUCCESS, SetCAPublicKey(&CKMInfoTest::publicKey)); + + ByteArray publicKey = {0,0}; + publicKey.data = (uint8_t*)OICMalloc(PUBLIC_KEY_SIZE); + publicKey.len = PUBLIC_KEY_SIZE; + EXPECT_TRUE(NULL != publicKey.data); + + EXPECT_EQ(PKI_SUCCESS, GetCAPublicKey(&publicKey)); + EXPECT_TRUE(0 == memcmp(CKMInfoTest::publicKey.data, publicKey.data, PUBLIC_KEY_SIZE)); + OICFree(publicKey.data); +} + +//SetGetCAName test +TEST(CKMInfoTest, SetGetCAName) +{ + ASSERT_EQ(PKI_SUCCESS, SetCAName(&CKMInfoTest::caName)); + + ByteArray caName = {0,0}; + caName.data = (uint8_t*)OICMalloc(ISSUER_NAME_SIZE); + caName.len = ISSUER_NAME_SIZE; + EXPECT_TRUE(NULL != caName.data); + + EXPECT_EQ(PKI_SUCCESS, GetCAName(&caName)); + EXPECT_TRUE(0 == memcmp(CKMInfoTest::caName.data, caName.data, ISSUER_NAME_SIZE)); + OICFree(caName.data); +} + +//SetGetCKMInfo test +TEST(CKMInfoTest, SetGetCKMInfo) +{ + ASSERT_EQ(PKI_SUCCESS, SetCKMInfo(CKMInfoTest::nextSN, CKMInfoTest::crlSerialNum, + &CKMInfoTest::privateKey, &CKMInfoTest::publicKey, &CKMInfoTest::caName)); + + long nSn = 0; + long serialNum = 0; + + ByteArray publicKey = {0,0}; + publicKey.data = (uint8_t*)OICMalloc(PUBLIC_KEY_SIZE); + publicKey.len = PUBLIC_KEY_SIZE; + EXPECT_TRUE(NULL != publicKey.data); + + ByteArray privateKey = {0,0}; + privateKey.data = (uint8_t*)OICMalloc(PRIVATE_KEY_SIZE); + privateKey.len = PRIVATE_KEY_SIZE; + EXPECT_TRUE(NULL != privateKey.data); + + ByteArray caName = {0,0}; + caName.data = (uint8_t*)OICMalloc(ISSUER_NAME_SIZE); + caName.len = ISSUER_NAME_SIZE; + EXPECT_TRUE(NULL != caName.data); + + EXPECT_EQ(PKI_SUCCESS, GetCKMInfo(&nSn, &serialNum, + &privateKey, &publicKey, &caName)); + + EXPECT_TRUE(nSn == CKMInfoTest::nextSN); + EXPECT_TRUE(serialNum == CKMInfoTest::crlSerialNum); + EXPECT_TRUE(0 == memcmp(CKMInfoTest::privateKey.data, privateKey.data, PRIVATE_KEY_SIZE)); + EXPECT_TRUE(0 == memcmp(CKMInfoTest::publicKey.data, publicKey.data, PUBLIC_KEY_SIZE)); + EXPECT_TRUE(0 == memcmp(CKMInfoTest::caName.data, caName.data, ISSUER_NAME_SIZE)); + + OICFree(publicKey.data); + OICFree(privateKey.data); + OICFree(caName.data); +} + +//SetGetCACertificate test +TEST(CKMInfoTest, SetGetCACertificate) +{ + ASSERT_EQ(PKI_SUCCESS, SetCACertificate(&CKMInfoTest::derCode)); + + ByteArray der = {0,0}; + der.data = (uint8_t*)OICMalloc(CERT_LEN); + der.len = CERT_LEN; + EXPECT_TRUE(NULL != der.data); + EXPECT_EQ(PKI_SUCCESS, GetCACertificate(&der)); + EXPECT_TRUE(0 == memcmp(CKMInfoTest::derCode.data, der.data, CERT_LEN)); + + OICFree(der.data); +} + +//SetGetCRLSerialNumber test +TEST(CKMInfoTest, SetGetCRLSerialNumber) +{ + ASSERT_EQ(PKI_SUCCESS, SetCRLSerialNumber(CKMInfoTest::crlSerialNum)); + long serialNum = 0; + ASSERT_EQ(PKI_SUCCESS, GetCRLSerialNumber(&serialNum)); + EXPECT_TRUE(serialNum == CKMInfoTest::crlSerialNum); +} + +//SetGetNumberOfRevoked test +TEST(CKMInfoTest, SetGetNumberOfRevoked) +{ + const long NUM_OF_REVOKED = 5; + ASSERT_EQ(PKI_SUCCESS, SetNumberOfRevoked(NUM_OF_REVOKED)); + long numRev = 0; + ASSERT_EQ(PKI_SUCCESS, GetNumberOfRevoked(&numRev)); + EXPECT_TRUE(numRev == NUM_OF_REVOKED); +} + +//SetCertificateRevocationList test +TEST(CKMInfoTest, SetCertificateRevocationList) +{ + ASSERT_EQ(PKI_SUCCESS, SetCertificateRevocationList(&CKMInfoTest::derCode)); +} + +//CloseCKMInfo test +TEST(CKMInfoTest, CloseCKMInfo) +{ + ASSERT_EQ(PKI_SUCCESS, CloseCKMInfo()); +} diff --git a/resource/csdk/security/provisioning/ck_manager/unittest/crl_generator_test.cpp b/resource/csdk/security/provisioning/ck_manager/unittest/crl_generator_test.cpp new file mode 100644 index 0000000..93d0343 --- /dev/null +++ b/resource/csdk/security/provisioning/ck_manager/unittest/crl_generator_test.cpp @@ -0,0 +1,98 @@ +/****************************************************************** + * + * Copyright 2016 Samsung Electronics All Rights Reserved. + * + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + + ******************************************************************/ + +#include +#include +#include "crl_generator.h" + +static const ByteArray privateKey = {(uint8_t[]) +{ + 0xd6, 0xc8, 0x92, 0x16, 0x36, 0x7f, 0xf0, 0xe4, 0xb2, 0x75, 0xd6, 0x4a, 0xf1, 0x3f, 0x14, 0x30, + 0x1a, 0x69, 0xc5, 0x3e, 0x52, 0xd6, 0xda, 0xa0, 0xbf, 0xae, 0x43, 0xd1, 0x6b, 0xfe, 0xd1, 0x36 +}, PRIVATE_KEY_SIZE }; + +//GenerateCRL test +TEST(CRLGeneratorTest, GenerateCRL) +{ + uint8_t *uint8ThisUpdateTime = (uint8_t *)"130101000000Z"; + uint32_t numberOfRevoked = 2; + uint32_t revokedNumbers[2]; + const uint8_t *revocationDates[2]; + CertificateRevocationInfo_t *certificateRevocationInfo = NULL; + UTF8String_t *issuerName = NULL; + UTCTime_t *thisUpdateTime = NULL; + ByteArray encodedCRL = BYTE_ARRAY_INITIALIZER; + BIT_STRING_t issuerPrivateKey; + + revokedNumbers[0] = 100; // serial number of first revoked certificate + revokedNumbers[1] = 200; // serial number of second revoked certificate + + revocationDates[0] = (const uint8_t *)"130101000001Z"; + revocationDates[1] = (const uint8_t *)"130101000002Z"; + + certificateRevocationInfo = (CertificateRevocationInfo_t *)OICCalloc(numberOfRevoked, + sizeof(CertificateRevocationInfo_t)); + EXPECT_TRUE(NULL != certificateRevocationInfo); + + issuerName = (UTF8String_t *)OICCalloc(1, sizeof(UTF8String_t)); + EXPECT_TRUE(NULL != issuerName); + + thisUpdateTime = (UTCTime_t *)OICCalloc(1, sizeof(UTCTime_t)); + EXPECT_TRUE(NULL != thisUpdateTime); + + encodedCRL.data = (uint8_t *)OICCalloc(1, + (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4))); + EXPECT_TRUE(NULL != encodedCRL.data); + encodedCRL.len = (CRL_MIN_SIZE + numberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)); + + issuerPrivateKey.size = PRIVATE_KEY_SIZE + 1; + issuerPrivateKey.buf = (uint8_t *)OICCalloc((issuerPrivateKey.size), sizeof(uint8_t)); + EXPECT_TRUE(NULL != issuerPrivateKey.buf); + + if(NULL != certificateRevocationInfo && NULL != issuerName && + NULL != thisUpdateTime && NULL != encodedCRL.data && NULL != issuerPrivateKey.buf) + { + ByteArray issName = BYTE_ARRAY_INITIALIZER; + issName.data = (uint8_t *)"Issuer"; + issName.len = strlen((char *)issName.data); + + issuerName->buf = issName.data; + issuerName->size = issName.len; + + for (size_t i = 0; i < numberOfRevoked; i++ ) + { + certificateRevocationInfo[i].userCertificate = revokedNumbers[i]; + certificateRevocationInfo[i].revocationDate.buf = (uint8_t *)revocationDates[i]; + certificateRevocationInfo[i].revocationDate.size = + strlen((const char *)revocationDates[i]); + } + + memcpy((issuerPrivateKey.buf) + 1, privateKey.data, PRIVATE_KEY_SIZE); + + EXPECT_EQ(PKI_SUCCESS, GenerateCRL(issuerName, thisUpdateTime, numberOfRevoked, + certificateRevocationInfo, &issuerPrivateKey, &encodedCRL)); + } + + OICFree(certificateRevocationInfo); + OICFree(issuerName); + OICFree(thisUpdateTime); +} + diff --git a/resource/csdk/security/provisioning/ck_manager/unittest/csr_generator_test.cpp b/resource/csdk/security/provisioning/ck_manager/unittest/csr_generator_test.cpp new file mode 100644 index 0000000..c94f3c5 --- /dev/null +++ b/resource/csdk/security/provisioning/ck_manager/unittest/csr_generator_test.cpp @@ -0,0 +1,110 @@ +/****************************************************************** + * + * Copyright 2016 Samsung Electronics All Rights Reserved. + * + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + + ******************************************************************/ +#include +#include "ck_manager.h" +#include "crl_generator.h" +#include "pki.h" +#include "oic_malloc.h" +#include "ckm_info.h" +#define ASN1_UNCOMPRESSED_KEY_ID (0x04) + +//EncodeDecodeCSR test +TEST(CSRGeneratorTest, EncodeDecodeCSR) +{ + uint8_t csrData[CSR_MAX_SIZE] = {0}; + uint8_t subjPubKey[PUBLIC_KEY_SIZE] = {0}; + uint8_t subjPrivKey[PRIVATE_KEY_SIZE] = {0}; + ByteArray pubKeySubj = BYTE_ARRAY_INITIALIZER; + ByteArray privKeySubj = BYTE_ARRAY_INITIALIZER; + uint8_t *subjName = (uint8_t *)"Subject05"; + UTF8String_t* subjectName = NULL; + BIT_STRING_t* subjectPublicKey = NULL; + BIT_STRING_t* subjectPrivateKey = NULL; + ByteArray csrDer = BYTE_ARRAY_INITIALIZER; + BIT_STRING_t* subjectPublicKeyOut = NULL; + UTF8String_t* subjectNameOut = NULL; + uint8_t uint8SubjectName[ISSUER_MAX_NAME_SIZE]; + uint8_t uint8SubjectPublicKey[PUBLIC_KEY_SIZE + 1]; + + csrDer.data = csrData; + csrDer.len = CSR_MAX_SIZE; + + pubKeySubj.data = subjPubKey; + pubKeySubj.len = sizeof(subjPubKey); + privKeySubj.data = subjPrivKey; + privKeySubj.len = sizeof(subjPrivKey); + + ASSERT_EQ(PKI_SUCCESS, GenerateKeyPair(&privKeySubj, &pubKeySubj)); + + subjectName = (UTF8String_t*)OICCalloc(1, sizeof(UTF8String_t)); + EXPECT_TRUE(NULL != subjectName); + + subjectPublicKey = (BIT_STRING_t*)OICCalloc(1, sizeof(BIT_STRING_t)); + EXPECT_TRUE(NULL != subjectPublicKey); + + subjectPrivateKey = (BIT_STRING_t*)OICCalloc(1, sizeof(BIT_STRING_t)); + EXPECT_TRUE(NULL != subjectPrivateKey); + + if(NULL != subjectName && NULL != subjectPublicKey && NULL != subjectPrivateKey) + { + subjectName->buf = (uint8_t *)subjName; + subjectName->size = strlen((const char *)subjectName->buf); + + subjectPrivateKey->size = PRIVATE_KEY_SIZE + 1; + subjectPrivateKey->buf = (uint8_t *)OICCalloc((subjectPrivateKey->size), sizeof(uint8_t)); + EXPECT_TRUE(NULL != subjectPrivateKey->buf); + + subjectPublicKey->size = PUBLIC_KEY_SIZE + 1; + subjectPublicKey->buf = (uint8_t *)OICCalloc(subjectPublicKey->size, sizeof(uint8_t)); + EXPECT_TRUE(NULL != subjectPublicKey->buf); + + if(NULL!= subjectPublicKey->buf && NULL != subjectPrivateKey->buf) + { + memcpy((subjectPrivateKey->buf) + 1, subjPrivKey, PRIVATE_KEY_SIZE); + memcpy((subjectPublicKey->buf) + 1, subjPubKey, PUBLIC_KEY_SIZE); + + EXPECT_EQ(PKI_SUCCESS, EncodeCSR(subjectName, subjectPublicKey, subjectPrivateKey, &csrDer)); + } + } + + subjectPublicKeyOut = (BIT_STRING_t*)OICCalloc(1, sizeof(BIT_STRING_t)); + EXPECT_TRUE(NULL != subjectPublicKey); + + subjectNameOut = (UTF8String_t*)OICCalloc(1, sizeof(UTF8String_t)); + EXPECT_TRUE(NULL != subjectNameOut); + + if(NULL != subjectNameOut && NULL != subjectPublicKeyOut) + { + subjectNameOut->buf = uint8SubjectName; + subjectPublicKeyOut->buf = uint8SubjectPublicKey; + EXPECT_EQ(PKI_SUCCESS, DecodeCSR(&csrDer, subjectNameOut, subjectPublicKeyOut)); + } + + OICFree(subjectName); + OICFree(subjectPublicKey); + OICFree(subjectNameOut); + OICFree(subjectPublicKeyOut); + if (subjectPrivateKey) + { + OICFree(subjectPrivateKey->buf); + OICFree(subjectPrivateKey); + } +} diff --git a/resource/csdk/security/provisioning/ck_manager/unittest/pki_test.cpp b/resource/csdk/security/provisioning/ck_manager/unittest/pki_test.cpp index e224b42..649888a 100644 --- a/resource/csdk/security/provisioning/ck_manager/unittest/pki_test.cpp +++ b/resource/csdk/security/provisioning/ck_manager/unittest/pki_test.cpp @@ -60,6 +60,23 @@ FILE* ckm_fopen(const char * /*path*/, const char *mode) return fopen(CKMI_PS_FILE_NAME, mode); } +#define STRINGIZE2(x) #x +#define STRINGIZE(x) STRINGIZE2(x) + +static char* resolve_file_path(const char* filename ) +{ + int len = strlen(STRINGIZE(SECURITY_BUILD_UNITTEST_DIR)) + strlen(filename) + 1; + char *filepath = (char *)OICCalloc(1, len); + + if (!filepath) + { + printf("filepath memory allocation failed. \n"); + return NULL; + } + int ret = snprintf(filepath, len, "%s%s", STRINGIZE(SECURITY_BUILD_UNITTEST_DIR), filename); + return filepath; +} + void SetPersistentHandler(OCPersistentStorage *ps) { if(ps) @@ -369,6 +386,7 @@ TEST(X509Certificate, testParsePublicKey) TEST(OpenSSLCompatibility, verifyOpenSslCertSign) { struct stat st; + char *fpath = NULL; uint8_t crtData[ISSUER_MAX_CERT_SIZE] = {0}; uint8_t pubKeyData[PUBLIC_KEY_SIZE] = {0}; ByteArray crtDer = BYTE_ARRAY_INITIALIZER; @@ -381,7 +399,10 @@ TEST(OpenSSLCompatibility, verifyOpenSslCertSign) pubKey.len = sizeof(pubKeyData); //open file - int fileCert = open("01.der", O_RDONLY); + fpath = resolve_file_path("/01.der"); + int fileCert = open(fpath, O_RDONLY); + OICFree(fpath); + ASSERT_TRUE(fileCert != -1); //get status ASSERT_TRUE(fstat(fileCert, &st) == 0); @@ -392,7 +413,9 @@ TEST(OpenSSLCompatibility, verifyOpenSslCertSign) close(fileCert); //open file - int fileKey = open("capub.der", O_RDONLY); + fpath = resolve_file_path("/capub.der"); + int fileKey = open(fpath, O_RDONLY); + OICFree(fpath); ASSERT_TRUE(fileKey != -1); //get status ASSERT_TRUE(fstat(fileKey, &st) == 0); @@ -415,13 +438,15 @@ TEST(OpenSSLCompatibility, verifyOpenSslCertSign) //test parsing of certificate chain generated by OpenSSL TEST(CertificateChain, LoadCertificateChain) { + char* fpath = NULL; ByteArray crtChainDer[MAX_CHAIN_LEN] = {{0,0},}; CertificateX509 crtChain[MAX_CHAIN_LEN] = {{{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0},{0,0}},}; ByteArray msg = BYTE_ARRAY_INITIALIZER; uint8_t chainLength; - FILE *file = fopen("cert_chain.dat", "rb"); - + fpath = resolve_file_path("/cert_chain.dat"); + FILE *file = fopen(fpath, "rb"); + OICFree(fpath); ASSERT_TRUE(file != NULL); while (!feof (file)) @@ -445,6 +470,7 @@ TEST(CertificateChain, LoadCertificateChain) //test checking CA certificate generated by OpenSSL TEST(OpenSSLCompatibility, testOpenSSLCertificate) { + char* fpath = NULL; struct stat st; ByteArray crtDer = BYTE_ARRAY_INITIALIZER; uint8_t crtData[ISSUER_MAX_CERT_SIZE] = {0}; @@ -453,7 +479,9 @@ TEST(OpenSSLCompatibility, testOpenSSLCertificate) crtDer.len = sizeof(crtData); //open file - int fd = open("cacert.der", O_RDONLY); + fpath = resolve_file_path("/cacert.der"); + int fd = open(fpath, O_RDONLY); + OICFree(fpath); ASSERT_TRUE(fd != -1); //get status ASSERT_TRUE(fstat(fd, &st) == 0); @@ -481,8 +509,9 @@ TEST(OpenSSLCompatibility, ParseAndCheckCertificateChain) ByteArray msg = BYTE_ARRAY_INITIALIZER; uint8_t chainLength; - const char* chainPath = {"chain.der"}; + char* chainPath = resolve_file_path("/chain.der"); FILE *fileChain = fopen(chainPath, "rb"); + OICFree(chainPath); ASSERT_TRUE(fileChain != NULL); //get the length @@ -514,7 +543,9 @@ TEST(OpenSSLCompatibility, ParseAndCheckCertificateChain) caPubKey.len = sizeof(pubKeyData); //open file - int fileKey = open("capub.der", O_RDONLY); + char* fpath = resolve_file_path("/capub.der"); + int fileKey = open(fpath, O_RDONLY); + OICFree(fpath); ASSERT_TRUE(fileKey != -1); //get status ASSERT_TRUE(fstat(fileKey, &st) == 0); @@ -979,8 +1010,27 @@ TEST_F(PKITest, CRLSetGet) EXPECT_NE((void *)NULL, GetCrl()); OICFree(defaultCrl); +} +//CKMGetCRL test +TEST_F(PKITest, CKMGetCRL) +{ + const size_t CRL_MAX_SIZE = 1024; + ByteArray certificateRevocationList; + certificateRevocationList.data = (uint8_t*)OICCalloc(1,CRL_MAX_SIZE); + certificateRevocationList.len = CRL_MAX_SIZE; + EXPECT_EQ(PKI_SUCCESS, CKMGetCRL(&certificateRevocationList)); + OICFree(certificateRevocationList.data); +} +//CKMSetCAInfo test +TEST_F(PKITest, CKMSetCAInfo) +{ + ByteArray rootName = BYTE_ARRAY_INITIALIZER; + rootName.data = (uint8_t *)"ROOT2"; + rootName.len = strlen((char *)rootName.data); + const long serNum = 100; + EXPECT_EQ(PKI_SUCCESS, CKMSetCAInfo(serNum, rootName)); } int main(int argc, char **argv) diff --git a/resource/csdk/security/src/crlresource.c b/resource/csdk/security/src/crlresource.c index 53f2ca2..d9f5caf 100644 --- a/resource/csdk/security/src/crlresource.c +++ b/resource/csdk/security/src/crlresource.c @@ -468,12 +468,13 @@ OCStackResult InitCRLResource() /** * Perform cleanup for ACL resources. */ -void DeInitCRLResource() +OCStackResult DeInitCRLResource() { - OCDeleteResource(gCrlHandle); + OCStackResult result = OCDeleteResource(gCrlHandle); gCrlHandle = NULL; DeleteCrlBinData(gCrl); gCrl = NULL; + return result; } OicSecCrl_t *GetCRLResource() @@ -516,17 +517,22 @@ uint8_t *GetCrl() return NULL; } -void GetDerCrl(ByteArray crlArray) +void GetDerCrl(ByteArray* crlArray) { + if(NULL == crlArray) + { + return; + } OicSecCrl_t * crlRes = GetCRLResource(); - if (crlRes && crlRes->CrlData.len <= crlArray.len) + if (NULL != crlArray->data && NULL != crlRes + && NULL !=crlRes->CrlData.data && crlRes->CrlData.len <= crlArray->len) { - memcpy(crlArray.data, crlRes->CrlData.data, crlRes->CrlData.len); - crlArray.len = crlRes->CrlData.len; + memcpy(crlArray->data, crlRes->CrlData.data, crlRes->CrlData.len); + crlArray->len = crlRes->CrlData.len; } else { - crlArray.len = 0; + crlArray->len = 0; } DeleteCrlBinData(crlRes); } diff --git a/resource/csdk/security/unittest/SConscript b/resource/csdk/security/unittest/SConscript index c431d77..72b22ce 100644 --- a/resource/csdk/security/unittest/SConscript +++ b/resource/csdk/security/unittest/SConscript @@ -82,7 +82,8 @@ unittest = srmtest_env.Program('unittest', ['aclresourcetest.cpp', 'base64tests.cpp', 'svcresourcetest.cpp', 'srmtestcommon.cpp', - 'directpairingtest.cpp']) + 'directpairingtest.cpp', + 'crlresourcetest.cpp']) Alias("test", [unittest]) @@ -104,7 +105,9 @@ srmtest_env.Alias("install", srmtest_env.Install( unittest_build_dir, unittest_src_dir + 'oic_unittest_acl1.dat')) srmtest_env.Alias("install", srmtest_env.Install( unittest_build_dir, unittest_src_dir + 'oic_unittest_default_acl.dat')) - +srmtest_env.Alias("install", srmtest_env.Install( unittest_build_dir, + unittest_src_dir + 'oic_svr_db_prov.dat')) + env.AppendTarget('test') if env.get('TEST') == '1': target_os = env.get('TARGET_OS') diff --git a/resource/csdk/security/unittest/credentialresource.cpp b/resource/csdk/security/unittest/credentialresource.cpp index fd63aa1..ed5e99a 100644 --- a/resource/csdk/security/unittest/credentialresource.cpp +++ b/resource/csdk/security/unittest/credentialresource.cpp @@ -357,3 +357,45 @@ TEST(CredGetResourceDataTest, GetCredResourceDataValidSubject) EXPECT_TRUE(NULL != GetCredResourceData(cred->subject)); } #endif + +#ifdef __WITH_X509__ +#include + +static char PROV_TOOL_DB_FILE[] = "/oic_svr_db_prov.dat"; + +#define STRINGIZE2(x) #x +#define STRINGIZE(x) STRINGIZE2(x) + +static FILE *client_fopen(const char* UNUSED_PARAM , const char *mode) +{ + (void)UNUSED_PARAM; + + int len = strlen(STRINGIZE(SECURITY_BUILD_UNITTEST_DIR)) + strlen(PROV_TOOL_DB_FILE) + 1; + char *filepath = (char *)OICCalloc(1, len); + + if (!filepath) + { + printf("filepath memory allocation failed. \n"); + return NULL; + } + + snprintf(filepath, len, "%s%s", STRINGIZE(SECURITY_BUILD_UNITTEST_DIR), PROV_TOOL_DB_FILE); + + FILE* file = fopen(filepath, mode); + OICFree(filepath); + return file; +} + +static OCPersistentStorage ps = { client_fopen, fread, fwrite, fclose, unlink }; + +//GetDtlsX509Credentials Test +TEST(CredResourceTest, GetDtlsX509Credentials) +{ + ASSERT_EQ(OC_STACK_OK, OCInit(NULL, 0, OC_CLIENT_SERVER)); + OCRegisterPersistentStorageHandler(&ps); + InitCredResource(); + CADtlsX509Creds_t g_X509Cred = {{0}, 0, 0, {0}, {0}, {0}}; + EXPECT_EQ(0, GetDtlsX509Credentials(&g_X509Cred)); +} + +#endif diff --git a/resource/csdk/security/unittest/crlresourcetest.cpp b/resource/csdk/security/unittest/crlresourcetest.cpp new file mode 100644 index 0000000..d7c17ef --- /dev/null +++ b/resource/csdk/security/unittest/crlresourcetest.cpp @@ -0,0 +1,113 @@ +/****************************************************************** +* +* Copyright 2016 Samsung Electronics All Rights Reserved. +* +* +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +* +******************************************************************/ +#ifdef __WITH_X509__ + +#include "gtest/gtest.h" +#include "logger.h" +#include "ocpayload.h" +#include "ocstack.h" +#include "oic_malloc.h" +#include "oic_string.h" +#include "resourcemanager.h" +#include "crlresource.h" +#include "securevirtualresourcetypes.h" +#include "srmtestcommon.h" +#include "srmutility.h" +#include "psinterface.h" +#include "security_internals.h" +#include "crl.h" + +#define TAG "SRM-CRL-UT" + +void DeleteCrl(OicSecCrl_t *crl) +{ + if (crl) + { + //Clean ThisUpdate + OICFree(crl->ThisUpdate.data); + crl->ThisUpdate.data = NULL; + //clean CrlData + OICFree(crl->CrlData.data); + crl->CrlData.data = NULL; + //Clean crl itself + OICFree(crl); + crl = NULL; + } +} + + //InitCRLResource Tests +TEST(CRLResourceTest, InitCRLResource) +{ + EXPECT_EQ(OC_STACK_INVALID_PARAM, InitCRLResource()); +} + +//DeInitCredResource Tests +TEST(CRLResourceTest, DeInitCRLResource) +{ + EXPECT_EQ(OC_STACK_INVALID_PARAM, DeInitCRLResource()); +} + +//GetCRLResource Tests +TEST(CRLResourceTest, GetCRLResource) +{ + OicSecCrl_t *nullCrl = GetCRLResource(); + EXPECT_NE((OicSecCrl_t*)NULL, nullCrl); + DeleteCrl(nullCrl); +} + +//CrlToCBORPayload Tests +TEST(CRLResourceTest, CrlToCBORPayload) +{ + uint8_t *payload = NULL; + size_t size; + OicSecCrl_t *crl = GetCRLResource(); + ASSERT_TRUE(NULL != crl); + size = crl->CrlData.len; + EXPECT_EQ(OC_STACK_OK, CrlToCBORPayload(crl, &payload, &size)); + DeleteCrl(crl); + OICFree(payload); +} + +//CBORPaylodToCrl Tests +TEST(CRLResourceTest, CBORPayloadToCrl) +{ + uint8_t *payload = NULL; + size_t size; + OicSecCrl_t *crl = GetCRLResource(); + ASSERT_TRUE(NULL != crl); + size = crl->CrlData.len; + EXPECT_EQ(OC_STACK_OK, CrlToCBORPayload(crl, &payload, &size)); + DeleteCrl(crl); + crl = NULL; + EXPECT_EQ(OC_STACK_OK, CBORPayloadToCrl(payload, size, &crl)); + DeleteCrl(crl); + OICFree(payload); +} + +//GetDerCrl Tests +TEST(CRLResourceTest, GetDerCrl) +{ + uint8_t crlData[CRL_MAX_LEN] = {0}; + ByteArray crlArray = {crlData, CRL_MAX_LEN}; + GetDerCrl(&crlArray); + EXPECT_NE(0, crlArray.len); +} + +#endif diff --git a/resource/csdk/security/unittest/oic_svr_db_prov.dat b/resource/csdk/security/unittest/oic_svr_db_prov.dat new file mode 100755 index 0000000..45086f6 Binary files /dev/null and b/resource/csdk/security/unittest/oic_svr_db_prov.dat differ