From 4429c653d7a1b4aaa4bd799672553e6c26671152 Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Fri, 14 Nov 2014 16:08:52 +0100 Subject: [PATCH] Add tests for storing PKCS12 files. Change-Id: I444b07febf2dc78a3ac2a952f1cd29141716ecb9 --- tests/ckm/CMakeLists.txt | 1 + tests/ckm/async-api.cpp | 111 ++++++++++- tests/ckm/capi-testcases.cpp | 380 +++++++++++++++++++++++++++++++++++-- tests/ckm/cc-mode.cpp | 22 +-- tests/ckm/ckm-common.cpp | 18 ++ tests/ckm/ckm-common.h | 10 + tests/ckm/main.cpp | 439 ++++++++++++++++++++++++++++++++++++++++++- tests/ckm/pkcs.p12 | Bin 0 -> 2900 bytes tests/common/tests_common.h | 7 +- 9 files changed, 940 insertions(+), 48 deletions(-) create mode 100644 tests/ckm/pkcs.p12 diff --git a/tests/ckm/CMakeLists.txt b/tests/ckm/CMakeLists.txt index c5975d7..1c7d931 100644 --- a/tests/ckm/CMakeLists.txt +++ b/tests/ckm/CMakeLists.txt @@ -55,3 +55,4 @@ TARGET_LINK_LIBRARIES(${TARGET_CKM_TESTS} ${CKM_DEP_LIBRARIES} ${COMMON_TARGET_T INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin) INSTALL(FILES test1801.pkcs12 DESTINATION /usr/share/ckm-test) +INSTALL(FILES pkcs.p12 DESTINATION /usr/share/ckm-test) diff --git a/tests/ckm/async-api.cpp b/tests/ckm/async-api.cpp index ded20be..20145fb 100644 --- a/tests/ckm/async-api.cpp +++ b/tests/ckm/async-api.cpp @@ -32,6 +32,8 @@ #include #include +#include + #include #include #include @@ -65,12 +67,14 @@ public: void ReceivedSaveKey() { Succeeded(); } void ReceivedSaveCertificate() { Succeeded(); } void ReceivedSaveData() { Succeeded(); } + void ReceivedSavePKCS12() { Succeeded(); } void ReceivedRemovedAlias() { Succeeded(); } void ReceivedKey(Key &&) { Succeeded(); } void ReceivedCertificate(Certificate &&) { Succeeded(); } void ReceivedData(RawBuffer &&) { Succeeded(); } + void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); } void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); } void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); } @@ -85,11 +89,11 @@ public: void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); } void ReceivedVerifySignature() { Succeeded(); } + void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); } void ReceivedSetPermission() { Succeeded(); } - void WaitForResponse() { unique_lock < mutex > lock(m_mutex); @@ -101,6 +105,7 @@ public: int m_error; AliasVector m_aliases; CertificateShPtrVector m_certChain; + PKCS12ShPtr m_pkcs; RawBuffer m_signed; int m_ocspStatus; @@ -1231,6 +1236,110 @@ RUNNER_TEST(TA1920_deny_access) } } +namespace +{ +CKM::Alias alias_PKCS_exportable = "async-test-PKCS-export"; +CKM::Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export"; +} + +RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs) +{ + DBCleanup dbc; + auto manager = CKM::Manager::create(); + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); + RUNNER_ASSERT_MSG_BT( + NULL != pkcs.get(), + "Error in PKCS12::create()"); + + auto cert = pkcs->getCertificate(); + RUNNER_ASSERT_MSG_BT( + NULL != cert.get(), + "Error in PKCS12::getCertificate()"); + + auto key = pkcs->getKey(); + RUNNER_ASSERT_MSG_BT( + NULL != key.get(), + "Error in PKCS12::getKey()"); + + auto caVector = pkcs->getCaCertificateShPtrVector(); + RUNNER_ASSERT_MSG_BT( + 2 == caVector.size(), + "Wrong size of vector"); + + // save to the CKM + int tmp; + CKM::Policy exportable; + CKM::Policy notExportable(CKM::Password(), false); + + test_positive(&ManagerAsync::savePKCS12, + alias_PKCS_exportable, + pkcs, + exportable, + exportable); + test_negative(&ManagerAsync::savePKCS12, + CKM_API_ERROR_DB_ALIAS_EXISTS, + alias_PKCS_exportable, + pkcs, + exportable, + exportable); + + test_positive(&ManagerAsync::savePKCS12, + alias_PKCS_not_exportable, + pkcs, + notExportable, + notExportable); + test_negative(&ManagerAsync::savePKCS12, + CKM_API_ERROR_DB_ALIAS_EXISTS, + alias_PKCS_not_exportable, + pkcs, + notExportable, + notExportable); +} + +RUNNER_TEST(TA2010_PKCS_get) +{ + DBCleanup dbc; + int temp; + auto manager = CKM::Manager::create(); + + // fail - no entry + test_negative(&ManagerAsync::getPKCS12, + CKM_API_ERROR_DB_ALIAS_UNKNOWN, + "i-do-not-exist"); + + + // fail - not exportable + test_negative(&ManagerAsync::getPKCS12, + CKM_API_ERROR_NOT_EXPORTABLE, + dbc.alias(alias_PKCS_not_exportable.c_str())); + + // success - exportable + auto obs = test_positive(&ManagerAsync::getPKCS12, + dbc.alias(alias_PKCS_exportable.c_str())); + + auto cert = obs->m_pkcs->getCertificate(); + RUNNER_ASSERT_MSG_BT( + NULL != cert.get(), + "Error in PKCS12::getCertificate()"); + + auto key = obs->m_pkcs->getKey(); + RUNNER_ASSERT_MSG_BT( + NULL != key.get(), + "Error in PKCS12::getKey()"); + + auto caVector = obs->m_pkcs->getCaCertificateShPtrVector(); + RUNNER_ASSERT_MSG_BT( + 2 == caVector.size(), + "Wrong size of vector"); +} + RUNNER_TEST(TA9999_deinit) { int temp; diff --git a/tests/ckm/capi-testcases.cpp b/tests/ckm/capi-testcases.cpp index fb23a87..cf6cc70 100644 --- a/tests/ckm/capi-testcases.cpp +++ b/tests/ckm/capi-testcases.cpp @@ -2404,7 +2404,7 @@ RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) { cnt ++; } - RUNNER_ASSERT_MSG(cnt == 2,"Invalid CA Cert Count"); + RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count"); ckmc_key_free(private_key); ckmc_cert_free(cert); @@ -2414,6 +2414,145 @@ RUNNER_TEST(T3096_CAPI_TYPE_load_p12_file) { remove(p12file); } +RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) { + std::string p12Base64 = + "MIINaQIBAzCCDS8GCSqGSIb3DQEHAaCCDSAEgg0cMIINGDCCChcGCSqGSIb3DQEH\n" + "BqCCCggwggoEAgEAMIIJ/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIvO01\n" + "D2ODdkYCAggAgIIJ0NscvWq3hmXai5DQcleOgELPbu2c97d+KJnRGCK7K3eRb0/v\n" + "4F3f3LFSFFT9OAK0/OS1ZYCiO+IuZ6Rpc8Baqe89xVcOHrQ0dQ7sIvbq10dnp5nY\n" + "fEcrt7qPXcRa3IdOX4PFo4aCOFq5bHv5M3quHldKRh4itosjsAGuF/xtnVnO6lU5\n" + "UlPhtAdr2Mpr4SHh+oBbJknLvyd6n/4xZ2elEA8ui4Qt5GfiHwWs2J7KO3Z8M1vW\n" + "yukuyVTaZ6RNkj8dkq/RttvVinlgATYLoosjCsH7VVcd+/z9JqD37QQ89pzdjvJg\n" + "CtXFVbqsOIbjPMkQMYtMdaPsLDDzw6l+q7BJreGIoJmTHbhTtNOJo03XPEnlVXUq\n" + "Q+224ibNKzLAvpSWOo8BUHK7ZDc1oaLODDZ+WAA6jfgHkuhhWYr9dxce6UdhMghJ\n" + "M7ixWwa350psdACREdGxNQzxmucmueprbDumVPAnnJfnKfgRXdKpTDFWS4TaYRc/\n" + "TE4lKSBZpFFduy/gdpLGCHdklTs33aWZ/mEVZJnk2PggKyvSKH9oL3DxkZIFkGdQ\n" + "wcy8gAuLBirdWB/q4JWqW7sH8kMfEwXACEm1z4SzCik8afamQNJEbovA3Pvrhw/P\n" + "1HE5KPNvKMaIr9kk5rTnGGTSNrSMqUCnBl4MjVS4HacrZvvt60y0D3RFB8IqlFMt\n" + "od2FagxojPyO/wP8jDERnySo2Irz0x0WUjWARtcLLH2FOK7ROkX1/WjRZmDV0jtv\n" + "yL8r97XZf/NddVU13Jt13dBJCjxZRvfJZgNI8RybkPQ3Y9J5LIOLVFPU3ZKIi7W7\n" + "KtCw/FCUfEdNarLQMWG0Z9bux7vu/eK1+KpF9pfzD3Q1V0sj2M158Q5W2gy9q/u0\n" + "gOOuybiZB2AL9kxBv0rqb8h7SF5ZIRoy85PrwtnX7w4Xq+4I7RA68bcEGyqgTWWb\n" + "XZxcY65F2slqekXddKeDSTizQk/APgWva/TwgaUeXR9YBCO4o71pla//FNqJ6pRm\n" + "tZjEY9ALBCc083gsImc7+LAeubEcYzjhhgRPQwGJfJTMqgC/NOa9wFhvNO4QcFjf\n" + "XQxxIFxlQJ64qU316FyeuyxLYGd02uakrLLgYtAGG7nPZCYNkUKvCwICKJYI+wAg\n" + "CX0FVwXsR1f33kVuV6sd4YConz80Lk9ayvNJVeCzEOBvhthbMcP3mIn22X+GT3jU\n" + "O5Z0bkXAU0C8XTfLQMk2m6Ag3mctrn4iJBPwQ7j12GnlSLko+e7IssRd4Qj4vBZd\n" + "KXUIoRcOsXqWoQgXJAtdLJEHVo0SUyxVojXsXqUZ3yYOkVUykvXZUcBnS6xwtaUt\n" + "EzdFsEO3NQSLOju5Tpp12lKbrgIToV75zyA3CULEdimEUWD/wA+pDaIS39shNyeE\n" + "edtAp3WF3mDkHQFyKG52IVx7hJU8jXXunvY21tshTAx/Gda0X1CtgSU7Q00ROr+L\n" + "TaehRiKsSgxQa6/jyJY5KY1hIDzwaem5Y7gDnxotmQuPhIX8MeD5Qdv6AVovfScN\n" + "07QuWyUBgFsZzbp79AsnPRLzoiAMQljMn7TXDDLq+uF922OU47BQkzlPfKAuHbyu\n" + "R+uZwtDfMD71FqWjCAHMPyENinsnUehCwX2pVxa6KSs61IsTfb3oUPY1TRxfZnfd\n" + "8SAUfPjKVss9Eyahuv+kzenPUDZn5LV9E0G0DGNxIf493A5Z29scNkQcCBjTJJvx\n" + "4BBJCES6SgkTQl7eFoBGOIqqytpYP9QZW5jy7ramgz/gF2kMKjAfikhbd5vB4Fwd\n" + "QlExMlbW+wL/ffr4AGlwenlDzXBFKQM0mYZNKLuB9LrRzw35fVFZ9XY06VCxhbMa\n" + "wI9gN4rKA3bNG3DCWTsr1TZ6CvrqFJjlfK4KF/+eNfnkIY8uVYxnPlRRkmPw4dpE\n" + "KdaXUiu5WJvZupeYqqNsWdxs+v2KS1E/PcM9BgUFKFD4lW84WbWUHPxvxXoZhSCs\n" + "nQ0hsPd53NKBBdEOao5HAAf+T5yFnJzZ3rVkYBEC67gHyWgXB1Zy283yAIihvUXw\n" + "DOEVppNHnIqAjQpncQcDpV0/zYCvqOEfU+JPpmepgo737Tq2MlUKLTByhg1mQhKm\n" + "2pI63BFiw2/2igImFbmhzJjilWkaM4kwM1uGKOKgjacXI/VSVEajuYAfo37quBxF\n" + "ZWyWJoFXBvQ7jolTKXUVbCqnSSaItosZrS3vcDdGUegRm0rf6IzCRPdSIsfCDdZG\n" + "9UeChoznNezoLENgmqQJTV3wDo3uSZbztlctoERvZpn457MLZEn8hXEwMLPXx2Ur\n" + "HQ5fYAdTBzBpoLiy8ujzFxFJDzW9ytnb7aFF7YVivfj42eVGnCANvVcwkp2/E3MW\n" + "Img0OyqKRQHaGGI7iGNO5KYpTk0CdSyErQarH52ZRvr0t2CK6J6vDgrhJnzd5Ayr\n" + "6t+coAZBw8eIJqiM5WzAm4mlZRSHL+JcaKkrqoYOo+kewj7wgW2Kk/7S8re38RvP\n" + "+V9nqpfr18gIV72G2yZ60C21eRqOFPgl1CYbmWHqYKXatuT4o+kgBmJpez5uvIHz\n" + "LSd88An02ow+WQ+KP8YGV38ZtuA6D4FPA3fsMdhNOqjtwWiPei+ILaXD5PsOfDGH\n" + "2fZgOWXivFYqq9Cm3B3ffFX/oD/7sFMs+/AWeZOh8XqU8ro73L1HNRXx4HdyRUY/\n" + "pInwA0mWaFNGgBRPbNW0A6cZ2dY0Hn8sRRsF+5tIs0hOelpT1y/ZEVyGImTQgEbK\n" + "KeggQGT9h9rhrrUK+hE27MorcRi6tVteKlNyGQsCJko0ZoqqctM4o7wT5ce4nWtb\n" + "ixzp5xDkDmcP6eldHiVm8TsZn0hkmNDu0xpgIVtb4VDRmWP687EOaGHYhjOBw6X1\n" + "GD1d1yyg/VxlUr0lKmbsFVC2mDiWbnWd49+FGsrySc2RO8DlC9xkXLaG+ubjmLpK\n" + "lwagiI2P1MzkHuZiz7WlIjFefuYh0yrYvDA5UDiQTDdoZWFuR5r93QWdsUcHlvdF\n" + "rYmhQ93F6I4gaT9HSVEDJfisIjIUmIwhh20tdGnf3FC5VyqBYS5GQObq3VnC8stU\n" + "b7byCEMlKr5bWslEem6gRGTB9xektKgrsFgS7nb3Geegq9K+mWIBC/iBOInVqFYx\n" + "Uw8+s6ywApXPLPEIrVZumkwo7Rl8lJfCTDNni/68XHhhVHY70N0PSdfnCAvV9G41\n" + "3wuTZHqLOeQG3Sm8I1JJXkWSuuk0QI7DVKZpmz+x4aFBd+rncfvWOEbN9G0ZqbUT\n" + "lGkfxtUWY6pWX/XJpyBzOlv2+fCPi/Yd0csb45IEuFHNG1svgqGMJw5BmFu5v0Qs\n" + "0i1zKBrNA/Acd6+uL0UqDZStB6lyPn6+uifh3sMwggL5BgkqhkiG9w0BBwGgggLq\n" + "BIIC5jCCAuIwggLeBgsqhkiG9w0BDAoBAqCCAqYwggKiMBwGCiqGSIb3DQEMAQMw\n" + "DgQIBJuBj07uHGACAggABIICgJBfOlC99JJjEUBibYLXIJPe53Cy7eDXCtVaPbhX\n" + "VHPCsBrUd7+6Ul7Vh/JHMlJL1VA3WvGnX93f0p5FICgZZA3sIZjpxBoeVkZ0Zx6r\n" + "ZMnBPIN4GaHYufCGPyAlPXgEGjlBr3g6Sxr8j50vsWtfspwiILsyte+nQ3kE1nV4\n" + "TjNBnayXmCMnEkf4kKu+dlLFbd1OY/fQJbiT+f9YtMfcfp2IR+7bXb23UIv8Wt1I\n" + "XyqsYTcUjIvnByKSDrvVu941x1EN5DF1964qQbAZb/z5ueTl8tCpaCFlGbZcXz7X\n" + "7L3k0YWdymx1J+szd6heQJrzqMjcHK3XWC7YlDytWB59j0eNMx42XEFP0pAO+gt9\n" + "Iny2XL+sxJC/xzf6apYMmmGwEXrZkkudsSVMgLCtYyin4zM7PFzLAPK9ryEhsxaP\n" + "g077MJ/aIaZ7PLi7cABz/g+gQ1dSXakNOof6EjRUADHpav9UKeKwWdR8ycB/8AQV\n" + "XxQTpEsFJ7izdNZDNC/ZeOhc/ohnei169rfH0shVeeckjf++c8zlh/Y5UWIi3V6i\n" + "5c7RlIJLMtHrvpB5UxRpZgWSdXvCuTCBEzlZAeWJ11I4DAeioqJ1V3h2KcUjNKf1\n" + "z8mTJrzAycuhm8npaC0Gj6JU7jiYPZLvj+cK/e/gjadWggHFYsjAKhACDbAtG64N\n" + "Gu9PWJszvhSO8ga7TOVEzdbe2jm4oWtqPe3gb6eYl2Ma6GTfj/PUEDpNAOnr99qV\n" + "g3uKIXMBp2115bfUf5sbfPdMbnH12XILXR9Va+JjeQHexa64QWlsiRgtXEAXxoEb\n" + "D2aTlfdsJpgilyj31Y45xOdN7FI+Ltfhudxt1kABPdmKwRMxJTAjBgkqhkiG9w0B\n" + "CRUxFgQUMvxYuPi3XpEeXbzAkXaNbAw7P5gwMTAhMAkGBSsOAwIaBQAEFOBC4ppE\n" + "AXO+xdzSBKimvjBBTLbEBAjlaWiC5IVtmAICCAA=\n"; + + // write file + const char *p12base64file = "/tmp/ckmc_test_p12.p12.b64"; + const char *p12file = "/tmp/ckmc_test_p12.p12"; + const char *password = "password"; + + remove(p12base64file); + remove(p12file); + + FILE* b64_file; + b64_file = fopen(p12base64file, "w"); + fprintf(b64_file, "%s",p12Base64.c_str()); + fclose(b64_file); + + std::string cmd("openssl base64 -d -in "); + cmd.append(p12base64file); + cmd.append(" -out "); + cmd.append(p12file); + system(cmd.c_str()); + + int temp; + + ckmc_pkcs12_s *ppkcs12 = NULL; + + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file2(p12file, password, &ppkcs12)), + "Error=" << temp); + RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key"); + RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert"); + RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list"); + + ckmc_policy_s policy; + policy.password = NULL; + policy.extractable = 1; + + + const char *pkey_alias = "pkey_alias2"; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *(ppkcs12->priv_key), policy)), + "Error=" << temp); + + const char *cert_alias = "cert_alias2"; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *(ppkcs12->cert), policy)), + "Error=" << temp); + std::string caCertAlias = "ca_cert_alias_2_"; + const char *idx = "0"; + int cnt = 0; + ckmc_cert_list_s *tmpList = ppkcs12->ca_chain; + while(tmpList != NULL) { + caCertAlias.append(idx); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)), + "Error=" << temp); + tmpList = tmpList->next; + cnt ++; + } + + RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count"); + + ckmc_pkcs12_free(ppkcs12); + + remove(p12base64file); + remove(p12file); +} RUNNER_TEST(T3098_CAPI_TYPE_deinit) { @@ -2432,21 +2571,222 @@ RUNNER_TEST(T3098_CAPI_TYPE_deinit) "Error=" << temp); } +RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12); -RUNNER_TEST_GROUP_INIT(T3000_CAPI_LOCKTYPE_TESTS); - -RUNNER_TEST(T3100_CAPI_locktype_init) +namespace { - int temp; - RUNNER_ASSERT_MSG_BT( - CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), - "Error=" << temp); - RUNNER_ASSERT_MSG_BT( - CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)), - "Error=" << temp); -} - -RUNNER_CHILD_TEST(T3101_CAPI_init_lock_key) +const char* alias_PKCS_collision = "CAPI-test-PKCS-collision"; +const char* alias_PKCS_exportable = "CAPI-test-PKCS-export"; +const char* alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export"; +const char* alias_PKCS_priv_key_copy = "CAPI-test-PKCS-private-key-copy"; +const char* alias_PKCS_priv_key_wrong = "CAPI-test-PKCS-private-key-wrong"; +} + +RUNNER_TEST(T3101_CAPI_PKCS12_init) +{ + int temp; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), + "Error=" << temp); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")), + "Error=" << temp); + + ckmc_remove_pkcs12(alias_PKCS_collision); + ckmc_remove_pkcs12(alias_PKCS_exportable); + ckmc_remove_pkcs12(alias_PKCS_not_exportable); + ckmc_remove_pkcs12(alias_PKCS_priv_key_copy); + ckmc_remove_pkcs12(alias_PKCS_priv_key_wrong); +} + +RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password) +{ + const char *wrong_passwd = "wrong"; + ckmc_pkcs12_s *ppkcs12 = NULL; + int temp; + RUNNER_ASSERT_MSG( + CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_load_from_pkcs12_file2("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)), + "Error=" << temp); +} + +RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs) +{ + ckmc_pkcs12_s *ppkcs12 = NULL; + int temp; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file2("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)), + "Error=" << temp); + + RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12"); + RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12"); + RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12"); + + // save to the CKM + int tmp; + ckmc_policy_s exportable; + exportable.password = NULL; + exportable.extractable = 1; + ckmc_policy_s notExportable; + notExportable.password = NULL; + notExportable.extractable = 0; + + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)), + "Error=" << temp); + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)), + "Error=" << temp); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)), + "Error=" << temp); + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)), + "Error=" << temp); + + // try to lookup key + ckmc_key_s *key_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)), + "Error=" << temp); + ckmc_key_free(key_lookup); + key_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable, "", &key_lookup)), + "Error=" << temp << " CKMC_ERROR_NOT_EXPORTABLE=" << CKMC_ERROR_NOT_EXPORTABLE << " CKMC_ERROR_DB_ERROR=" << CKMC_ERROR_DB_ERROR); + ckmc_key_free(key_lookup); + + // try to lookup certificate + ckmc_cert_s *cert_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)), + "Error=" << temp); + ckmc_cert_free(cert_lookup); + cert_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)), + "Error=" << temp); + ckmc_cert_free(cert_lookup); +} + +RUNNER_TEST(T3103_CAPI_PKCS12_get_PKCS) +{ + int temp; + auto manager = CKM::Manager::create(); + + ckmc_pkcs12_s *pkcs = NULL; + + // fail - no entry + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12("i-do-not-exist", &pkcs)), + "Error=" << temp); + ckmc_pkcs12_free(pkcs); + pkcs = NULL; + + // fail - not exportable + RUNNER_ASSERT_MSG( + CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable, &pkcs)), + "Error=" << temp); + ckmc_pkcs12_free(pkcs); + pkcs = NULL; + + // success - exportable + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable, &pkcs)), + "Error=" << temp); + + RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12"); + RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12"); + RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12"); + size_t cntr = 0; + ckmc_cert_list_s *iter = pkcs->ca_chain; + do { + cntr ++; + iter = iter->next; + } while(iter); + RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12"); + + ckmc_pkcs12_free(pkcs); +} + +RUNNER_TEST(T3104_CAPI_PKCS12_create_and_verify_signature) +{ + ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test"); + + int temp; + ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256; + ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING; + ckmc_raw_buffer_s *signature = NULL; + + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_create_signature( + alias_PKCS_exportable, + NULL, + msg_buff, + hash_algo, + pad_algo, + &signature)), + "Error=" << temp); + + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_verify_signature( + alias_PKCS_exportable, + NULL, + msg_buff, + *signature, + hash_algo, + pad_algo)), + "Error=" << temp); +} + +RUNNER_TEST(T3105_CAPI_PKCS12_remove_bundle_with_chain_certs) +{ + int tmp; + + // remove the whole PKCS12 bundles + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable)), + "Error=" << tmp); + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable)), + "Error=" << tmp); + + // expect lookup fails due to unknown alias + // try to lookup key + ckmc_key_s *key_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)), + "Error=" << tmp); + ckmc_key_free(key_lookup); + key_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable, NULL, &key_lookup)), + "Error=" << tmp); + ckmc_key_free(key_lookup); + + // try to lookup certificate + ckmc_cert_s *cert_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)), + "Error=" << tmp); + ckmc_cert_free(cert_lookup); + cert_lookup = NULL; + RUNNER_ASSERT_MSG( + CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)), + "Error=" << tmp); + ckmc_cert_free(cert_lookup); +} + +RUNNER_TEST(T3109_CAPI_PKCS12_deinit) +{ + int temp; + RUNNER_ASSERT_MSG( + CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), + "Error=" << temp); +} + +RUNNER_TEST_GROUP_INIT(T3110_CAPI_LOCKTYPE_TESTS); + +RUNNER_CHILD_TEST(T3111_CAPI_init_lock_key) { int tmp; AccessProvider ap("my-label"); @@ -2462,7 +2802,7 @@ RUNNER_CHILD_TEST(T3101_CAPI_init_lock_key) CKM::ErrorToString(tmp)); } -RUNNER_CHILD_TEST(T3102_CAPI_unlock_default_passwd) +RUNNER_CHILD_TEST(T3112_CAPI_unlock_default_passwd) { AccessProvider ap("my-label"); ap.allowAPI("key-manager::api-storage", "rw"); @@ -2511,7 +2851,7 @@ RUNNER_CHILD_TEST(T3102_CAPI_unlock_default_passwd) "Error=" << temp); } -RUNNER_CHILD_TEST(T3103_CAPI_init_change_user_password) +RUNNER_CHILD_TEST(T3113_CAPI_init_change_user_password) { int tmp; AccessProvider ap("my-label"); @@ -2536,7 +2876,7 @@ RUNNER_CHILD_TEST(T3103_CAPI_init_change_user_password) CKM::ErrorToString(tmp)); } -RUNNER_CHILD_TEST(T3104_CAPI_unlock_default_passwd_negative) +RUNNER_CHILD_TEST(T3114_CAPI_unlock_default_passwd_negative) { AccessProvider ap("my-label"); ap.allowAPI("key-manager::api-storage", "rw"); @@ -2582,13 +2922,13 @@ RUNNER_CHILD_TEST(T3104_CAPI_unlock_default_passwd_negative) "Error=" << temp); } -RUNNER_CHILD_TEST(T3109_CAPI_deinit) +RUNNER_CHILD_TEST(T3119_CAPI_deinit) { int temp; - RUNNER_ASSERT_MSG_BT( + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)), "Error=" << temp); - RUNNER_ASSERT_MSG_BT( + RUNNER_ASSERT_MSG( CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)), "Error=" << temp); } diff --git a/tests/ckm/cc-mode.cpp b/tests/ckm/cc-mode.cpp index 2fee45e..3d62a54 100644 --- a/tests/ckm/cc-mode.cpp +++ b/tests/ckm/cc-mode.cpp @@ -31,8 +31,7 @@ #include #include -#include - +#include #include #include @@ -54,14 +53,7 @@ const char* const ENFORCING = "Enforcing"; const char* const DISABLED = "Disabled"; const char* const CKM_LOCK = "/var/run/key-manager.pid"; -const char* SERVICE[] = { - "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2dlistener_2eservice", - "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2eservice" }; -enum ServiceIdx { - LISTENER, - MANAGER -}; // disable CC int _unset_mdpp_key = vconf_unset(VCONFKEY_SECURITY_MDPP_STATE); @@ -104,18 +96,6 @@ void MdppState::set(const char* const value) vconf_unset(VCONFKEY_SECURITY_MDPP_STATE); } -void start_service(ServiceIdx idx) -{ - DBusAccess dbus(SERVICE[idx]); - dbus.start(); -} - -void stop_service(ServiceIdx idx) -{ - DBusAccess dbus(SERVICE[idx]); - dbus.stop(); -} - void remove_user_data() { auto control = Control::create(); diff --git a/tests/ckm/ckm-common.cpp b/tests/ckm/ckm-common.cpp index 676b5b0..df289db 100644 --- a/tests/ckm/ckm-common.cpp +++ b/tests/ckm/ckm-common.cpp @@ -25,6 +25,24 @@ #include #include #include +#include + +const char* SERVICE[] = { + "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2dlistener_2eservice", + "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2eservice" }; + +void start_service(ServiceIdx idx) +{ + DBusAccess dbus(SERVICE[idx]); + dbus.start(); +} + +void stop_service(ServiceIdx idx) +{ + DBusAccess dbus(SERVICE[idx]); + dbus.stop(); +} + void switch_to_storage_user(const char* label) { diff --git a/tests/ckm/ckm-common.h b/tests/ckm/ckm-common.h index d1f36a7..694e265 100644 --- a/tests/ckm/ckm-common.h +++ b/tests/ckm/ckm-common.h @@ -28,6 +28,16 @@ void switch_to_storage_user(const char* label); void switch_to_storage_ocsp_user(const char* label); + +// service lifecycle management +enum ServiceIdx { + LISTENER, + MANAGER +}; +void start_service(ServiceIdx idx); +void stop_service(ServiceIdx idx); + + // Class responsible for db cleanup after positive tests. Will remove all used aliases in destructor class DBCleanup { diff --git a/tests/ckm/main.cpp b/tests/ckm/main.cpp index 53ed8dc..325cc19 100644 --- a/tests/ckm/main.cpp +++ b/tests/ckm/main.cpp @@ -33,6 +33,28 @@ static const int USER_TEST = 5001; * D - subtest. */ +RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT); +RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) { + stop_service(MANAGER); + start_service(MANAGER); + + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); + RUNNER_ASSERT_MSG( + NULL != pkcs.get(), + "Error in PKCS12::create()"); + + // all further tests will start with newly started service, + // OpenSSL on the service side will have to be properly initialized too + stop_service(MANAGER); + start_service(MANAGER); +} RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL); @@ -105,7 +127,7 @@ RUNNER_TEST(T1010_init) int temp; auto control = CKM::Control::create(); RUNNER_ASSERT_MSG( - CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")), + CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")), "Error=" << CKM::ErrorToString(temp)); RUNNER_ASSERT_MSG( CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), @@ -2519,7 +2541,7 @@ RUNNER_CHILD_TEST(T1510_init_unlock_key) "Error=" << CKM::ErrorToString(tmp)); } -RUNNER_CHILD_TEST(T1511_init_insert_data) +RUNNER_CHILD_TEST(T1511_insert_data) { AccessProvider ap("my-label"); ap.allowAPI("key-manager::api-storage", "rw"); @@ -2760,7 +2782,7 @@ RUNNER_TEST(T1701_init_unlock_key) "Error=" << CKM::ErrorToString(tmp)); } -RUNNER_CHILD_TEST(T1702_init_insert_data) +RUNNER_CHILD_TEST(T1702_insert_data) { int temp; AccessProvider ap("t170-special-label"); @@ -3083,7 +3105,31 @@ RUNNER_TEST(T17112_deinit) RUNNER_TEST_GROUP_INIT(T180_PKCS12); -RUNNER_TEST(T1801) { +namespace +{ +CKM::Alias alias_PKCS_collision = "test-PKCS-collision"; +CKM::Alias alias_PKCS_exportable = "test-PKCS-export"; +CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export"; +CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy"; +CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong"; +} + +RUNNER_TEST(T1800_init) { + int temp; + auto control = CKM::Control::create(); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")), + "Error=" << CKM::ErrorToString(temp)); + + auto manager = CKM::Manager::create(); + manager->removeAlias(alias_PKCS_collision); + manager->removeAlias(alias_PKCS_exportable); + manager->removeAlias(alias_PKCS_not_exportable); + manager->removeAlias(alias_PKCS_priv_key_copy); + manager->removeAlias(alias_PKCS_priv_key_wrong); +} + +RUNNER_TEST(T1801_parse_PKCS12) { std::ifstream is("/usr/share/ckm-test/test1801.pkcs12"); std::istreambuf_iterator begin(is), end; std::vector buff(begin, end); @@ -3143,6 +3189,391 @@ RUNNER_TEST(T1803_negative_broken_buffer) { "Expected error in PKCS12::create()"); } +RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias) +{ + auto manager = CKM::Manager::create(); + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); + RUNNER_ASSERT_MSG( + NULL != pkcs.get(), + "Error in PKCS12::create()"); + + // save private key + std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n" + "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n" + "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n" + "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n" + "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n" + "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n" + "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n" + "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n" + "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n" + "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n" + "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n" + "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n" + "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n" + "-----END RSA PRIVATE KEY-----\n"; + + std::string message = "message test"; + + auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); + RUNNER_ASSERT_MSG(NULL != keyPrv.get(), + "Key is empty. Failed to import private key."); + + int temp; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1805_add_bundle_with_chain_certificates) +{ + auto manager = CKM::Manager::create(); + std::ifstream is("/usr/share/ckm-test/pkcs.p12"); + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); + + CKM::RawBuffer buffer(buff.size()); + memcpy(buffer.data(), buff.data(), buff.size()); + + auto pkcs = CKM::PKCS12::create(buffer, CKM::Password()); + RUNNER_ASSERT_MSG( + NULL != pkcs.get(), + "Error in PKCS12::create()"); + + auto cert = pkcs->getCertificate(); + RUNNER_ASSERT_MSG( + NULL != cert.get(), + "Error in PKCS12::getCertificate()"); + + auto key = pkcs->getKey(); + RUNNER_ASSERT_MSG( + NULL != key.get(), + "Error in PKCS12::getKey()"); + + auto caVector = pkcs->getCaCertificateShPtrVector(); + RUNNER_ASSERT_MSG( + 2 == caVector.size(), + "Wrong size of vector"); + + // save to the CKM + int tmp; + CKM::Policy exportable; + CKM::Policy notExportable(CKM::Password(), false); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)), + "Error=" << CKM::ErrorToString(tmp)); + + // try to lookup key + CKM::KeyShPtr key_lookup; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + + // try to lookup certificate + CKM::CertificateShPtr cert_lookup; + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)), + "Error=" << CKM::ErrorToString(tmp)); +} + +RUNNER_TEST(T1806_get_PKCS) +{ + int temp; + auto manager = CKM::Manager::create(); + + CKM::PKCS12ShPtr pkcs; + + // fail - no entry + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + // fail - not exportable + RUNNER_ASSERT_MSG( + CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + // success - exportable + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)), + "Error=" << CKM::ErrorToString(temp)); + + auto cert = pkcs->getCertificate(); + RUNNER_ASSERT_MSG( + NULL != cert.get(), + "Error in PKCS12::getCertificate()"); + + auto key = pkcs->getKey(); + RUNNER_ASSERT_MSG( + NULL != key.get(), + "Error in PKCS12::getKey()"); + + auto caVector = pkcs->getCaCertificateShPtrVector(); + RUNNER_ASSERT_MSG( + 2 == caVector.size(), + "Wrong size of vector"); +} + +RUNNER_TEST(T1807_create_and_verify_signature) +{ + int temp; + auto manager = CKM::Manager::create(); + + std::string message = "message test"; + + CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; + CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; + CKM::RawBuffer signature; + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->createSignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + hash, + padd, + signature)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->verifySignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + signature, + hash, + padd)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS) +{ + int temp; + auto manager = CKM::Manager::create(); + + std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n" + "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n" + "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n" + "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n" + "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n" + "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n" + "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n" + "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n" + "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n" + "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n" + "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n" + "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n" + "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n" + "-----END RSA PRIVATE KEY-----"; + std::string message = "message test"; + + auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); + RUNNER_ASSERT_MSG(NULL != keyPrv.get(), + "Key is empty. Failed to import private key."); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + + CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; + CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; + CKM::RawBuffer signature; + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->createSignature( + alias_PKCS_priv_key_copy, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + hash, + padd, + signature)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->verifySignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + signature, + hash, + padd)), + "Error=" << CKM::ErrorToString(temp)); +} + +RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS) +{ + int temp; + auto manager = CKM::Manager::create(); + + std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n" + "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n" + "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n" + "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n" + "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n" + "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n" + "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n" + "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n" + "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n" + "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n" + "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n" + "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n" + "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n" + "-----END RSA PRIVATE KEY-----\n"; + + std::string message = "message test"; + + auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password()); + RUNNER_ASSERT_MSG(NULL != keyPrv.get(), + "Key is empty. Failed to import private key."); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())), + "Error=" << CKM::ErrorToString(temp)); + + CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256; + CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1; + CKM::RawBuffer signature; + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = manager->createSignature( + alias_PKCS_priv_key_wrong, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + hash, + padd, + signature)), + "Error=" << CKM::ErrorToString(temp)); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature( + alias_PKCS_exportable, + CKM::Password(), + CKM::RawBuffer(message.begin(), message.end()), + signature, + hash, + padd)), + "Error=" << CKM::ErrorToString(temp)); +} + +// MJK TODO: to be uncommented once custom CA root can be provided to the CKM +/* +RUNNER_TEST(T1810_verify_get_certificate_chain) +{ + // this certificate has been signed using PKCS chain + std::string im = "-----BEGIN CERTIFICATE-----\n" + "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n" + "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n" + "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n" + "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n" + "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n" + "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n" + "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n" + "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n" + "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n" + "Qw==\n" + "-----END CERTIFICATE-----\n"; + + auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM); + CKM::CertificateShPtrVector certChain; + CKM::AliasVector aliasVector; + + int tmp; + auto manager = CKM::Manager::create(); + + RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty"); + + RUNNER_ASSERT_MSG( + CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)), + "Error=" << CKM::ErrorToString(tmp)); + + RUNNER_ASSERT_MSG( + 0 == certChain.size(), + "Wrong size of certificate chain."); + + aliasVector.push_back(alias_PKCS_exportable); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)), + "Error=" << CKM::ErrorToString(tmp)); + + RUNNER_ASSERT_MSG( + 3 == certChain.size(), + "Wrong size of certificate chain."); +}*/ + +RUNNER_TEST(T1811_remove_bundle_with_chain_certificates) +{ + auto manager = CKM::Manager::create(); + int tmp; + + + // remove the whole PKCS12 bundles + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)), + "Error=" << CKM::ErrorToString(tmp)); + + // expect lookup fails due to unknown alias + // try to lookup key + CKM::KeyShPtr key_lookup; + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + + // try to lookup certificate + CKM::CertificateShPtr cert_lookup; + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)), + "Error=" << CKM::ErrorToString(tmp)); + RUNNER_ASSERT_MSG( + CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)), + "Error=" << CKM::ErrorToString(tmp)); +} + +RUNNER_TEST(T1812_deinit) +{ + int temp; + auto control = CKM::Control::create(); + + RUNNER_ASSERT_MSG( + CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)), + "Error=" << CKM::ErrorToString(temp)); +} RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS); diff --git a/tests/ckm/pkcs.p12 b/tests/ckm/pkcs.p12 new file mode 100644 index 0000000000000000000000000000000000000000..4548d51ff0de42136b88bb190fb50863979b03b5 GIT binary patch literal 2900 zcmY+Fc{mh|7RG0@4Q3?!E=zV}&6YJ9WE+Ysg9aJ0)Qly&Ny?TjSw{9HJ0-i2Y>_Pt zk!|eR>a$MC?R%bk?|1JX=bYzx-}9Wm-t+tr1bTB25R4$uvr*GYL?fe*8G$swJOVup zgh2mChMpq`G^Bql>O2BX{~zfC2nhHy+W&EY2p($azb`NVsSz*;?HKN`J!{3T6a=CL zL=b3_KIfQ_J;othI^t_#`V~E6FGowOb^={w>-`GA(H;(0}av_&@>LLzf!Qc=%KQ@-eM`Y5|(ZeY{+)HCWS?uwf|rf~3^#d&)FJQ!$b9&NT6sDp6Xu!bkM+%&EA0`%F-~REIqzHQMiNFGBMuo4j z?@lnOjb=Jd*lN->V+2)Qk6VIyhIH%YDc=@{T)#(#PpM%M^T1i*pVyvpiJtu)J#meD)2eW*t7~sgxTXcgQbm$;5FE>*SQD za*2VWt=?cH(C)6GSvTgi#w|>o9q);C4CiD8s#<&!?uaqJw7sx|u2T(J$Lcbg=pV@a zayD)8HNE@5`DfOw!Jy&fmp8_WEg2gkD4Vk#i)QBkeQhXOBU5YhW)gvIb z1ncsW!*-sSug9EB7C<^A_O+>xvYoL?dWf?I1}bNBkql(C^Se_xbk9lYSGy>TfwxTJ zUn*eZ=#f*jN;dwIxx|2x)I_p1PT+G#+0NUloQ7M(M<~NJ$}}2WI&9VJ(##2R#X_N* zwK9B5%Hon~Nv7hD9H*W0@e|q&VzOvna)}l`+mCxPH~sr7<%ooFk^sr^n8Y!5njkqZ zpC-cjvEK|hqVBt$A+y0w5fa&SbVj`r)&aw%D&S{jgS1v7x+#4 z1J1Cm_Q0}6R0@;y)!|p|PVos^uX6v^%mxNRPd413a?wU;2y+p z&C9dVmNsFY^xE()S+-}?R>eBTtX8_#mXk_Td(6$XpvnQ*P1U1Z{d?t5YyN@+Gf+=<{_oAWi3t$m1-oRgloX^!i^-I$Xp3FC+4V z*rbmoA{jW;j4bi7^Kq>aJY$)bm2X&{bWh}v?0c#TEkQwU{+{NZYw35N>$Kjp>u8ou2uNEu7WJ~S z$ilhX2t;ZNSKTkITsDzrKy^BNE>PYqp0|3-tU?OW+5tOL$!Y4|=r2}y6i_{!0-=jA zQCw|jlb-rsw}{d#BVs%$7^jTYn=hOTlw?B|A5O@iOcgG!ZD@?M+>z#spR%Dmuq^~x zc$ksPdG~WQqo!FN+3L<|7K(7ih%H=vy*&%fI8)FL{F}oPm-~?pd!N&HV!-> z+!{(Res-frlbeYHRs6kJLzIs%)d8?IoYz~RuyrSm2Ct-e6>mM5QlF!GvHI;zBFo`u zk+bH)l!f1`!bj}FsjU$VPL$fQOIMlvd|#Y4-@HWpabqve^?229UWG{mr77XdMx;7(v=+-1+H+i^a1=MRY^BqFbe4SWr{RLAOBsHy7J58U>YTX+&fB=?6Y) z)dXL034nU5>ZNyy=S{2JC^WTb+Sc>Wmy;dKmnL2>sD+eLcBM?N^?`?We{rP$C{+wX zD4ZFbJ_THW%Y$0LBbz=(pZwiwsM(7z*Hz`--7XYQw>fCZ?93BAf?X7`OuAyxQPZay zx}170t0jm#61s0dQ5U+m8?SDas&aMREX;(`UuoYv5s5R1kG&2}?~G^-))uWxNl$&o zyNFa5WER*}Vh>)Lkpks~YIiZL!p1Bf8(;h}#4rYB{|K^R4qUmlkPP<6-X|6vu^O2o zRT62=>RD~G51eBb6WD_Ljga4-d zF?$0#1rFx>oAM9>D54L+CfMzBIVa8V37{Qki$bD4cAaPyfo3%r4-p2_ztB!RL|UB0 z8hx|s*P_(&x-7>o&hLqVuUL(`u@l>LTMo9mbQkb0c~Kl=t`fYKrnp2FbmR5?q8ZV! z;L$M@n{H(V?_-T6_KffQjL98!9T@Mf__Dg(*w)g&R7lF1I=Y`ZVXFG8=4%&JSl_Qy zbVvb|;ADcZnnRyah#wBks`Zo6f6k;uGM^P6w*p(e@9!O5U0H2 zM2j~wp>XiA*5J5Vi1NxO^2-a849UM}X4>HH>N7&w0suQhq>7o-1nteALA94afzx zMC!P*V-{CJ-pZDU>WmG|+OR^!0ssn$m;*84g$%Q&GIoxl_93&0Uang)2cAw%(}>Nl zjIDJ+t;VKm366KjyesgtguQ7ht{UF0>~l%1+zo`#e^X7zD#r$48N`@;%ZNEV5#q@3 zOi*%Pf;-B5K#2Ua#3IMR#|FRyTmiU0-4TERxC5L4Sb#S`9wCPiM9@)FNy5M&E-C #include -const uid_t APP_UID = 5000; -const gid_t APP_GID = 5000; +// separate DB-space for async tests +// gives independence: other test sets can modify the password per will +// without risk of making async tests fail +const uid_t APP_UID = 5003; +const gid_t APP_GID = 5003; const uid_t DB_ALARM_UID = 6001; const gid_t DB_ALARM_GID = 6001; -- 2.7.4