INSTALL(TARGETS ${TARGET_CKM_TESTS} DESTINATION bin)
INSTALL(FILES test1801.pkcs12 DESTINATION /usr/share/ckm-test)
+INSTALL(FILES pkcs.p12 DESTINATION /usr/share/ckm-test)
#include <ckm/ckm-control.h>
#include <ckm/ckm-raw-buffer.h>
+#include <fstream>
+
#include <dpl/test/test_runner.h>
#include <dpl/test/test_runner_child.h>
#include <dpl/log/log.h>
void ReceivedSaveKey() { Succeeded(); }
void ReceivedSaveCertificate() { Succeeded(); }
void ReceivedSaveData() { Succeeded(); }
+ void ReceivedSavePKCS12() { Succeeded(); }
void ReceivedRemovedAlias() { Succeeded(); }
void ReceivedKey(Key &&) { Succeeded(); }
void ReceivedCertificate(Certificate &&) { Succeeded(); }
void ReceivedData(RawBuffer &&) { Succeeded(); }
+ void ReceivedPKCS12(PKCS12ShPtr && pkcs) { m_pkcs = pkcs; Succeeded(); }
void ReceivedKeyAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
void ReceivedCreateSignature(RawBuffer && buffer) { m_signed = move(buffer); Succeeded(); }
void ReceivedVerifySignature() { Succeeded(); }
+
void ReceivedOCSPCheck(int status) { m_ocspStatus = status; Succeeded(); }
void ReceivedSetPermission() { Succeeded(); }
-
void WaitForResponse()
{
unique_lock < mutex > lock(m_mutex);
int m_error;
AliasVector m_aliases;
CertificateShPtrVector m_certChain;
+ PKCS12ShPtr m_pkcs;
RawBuffer m_signed;
int m_ocspStatus;
}
}
+namespace
+{
+CKM::Alias alias_PKCS_exportable = "async-test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "async-test-PKCS-no-export";
+}
+
+RUNNER_TEST(TA2000_PKCS_add_bundle_with_chain_certs)
+{
+ DBCleanup dbc;
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG_BT(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG_BT(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG_BT(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG_BT(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+
+ // save to the CKM
+ int tmp;
+ CKM::Policy exportable;
+ CKM::Policy notExportable(CKM::Password(), false);
+
+ test_positive(&ManagerAsync::savePKCS12,
+ alias_PKCS_exportable,
+ pkcs,
+ exportable,
+ exportable);
+ test_negative(&ManagerAsync::savePKCS12,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ alias_PKCS_exportable,
+ pkcs,
+ exportable,
+ exportable);
+
+ test_positive(&ManagerAsync::savePKCS12,
+ alias_PKCS_not_exportable,
+ pkcs,
+ notExportable,
+ notExportable);
+ test_negative(&ManagerAsync::savePKCS12,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ alias_PKCS_not_exportable,
+ pkcs,
+ notExportable,
+ notExportable);
+}
+
+RUNNER_TEST(TA2010_PKCS_get)
+{
+ DBCleanup dbc;
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ // fail - no entry
+ test_negative(&ManagerAsync::getPKCS12,
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN,
+ "i-do-not-exist");
+
+
+ // fail - not exportable
+ test_negative(&ManagerAsync::getPKCS12,
+ CKM_API_ERROR_NOT_EXPORTABLE,
+ dbc.alias(alias_PKCS_not_exportable.c_str()));
+
+ // success - exportable
+ auto obs = test_positive(&ManagerAsync::getPKCS12,
+ dbc.alias(alias_PKCS_exportable.c_str()));
+
+ auto cert = obs->m_pkcs->getCertificate();
+ RUNNER_ASSERT_MSG_BT(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = obs->m_pkcs->getKey();
+ RUNNER_ASSERT_MSG_BT(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = obs->m_pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG_BT(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+}
+
RUNNER_TEST(TA9999_deinit)
{
int temp;
cnt ++;
}
- RUNNER_ASSERT_MSG(cnt == 2,"Invalid CA Cert Count");
+ RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
ckmc_key_free(private_key);
ckmc_cert_free(cert);
remove(p12file);
}
+RUNNER_TEST(T3097_CAPI_TYPE_load_p12_file2) {
+ std::string p12Base64 =
+ "MIINaQIBAzCCDS8GCSqGSIb3DQEHAaCCDSAEgg0cMIINGDCCChcGCSqGSIb3DQEH\n"
+ "BqCCCggwggoEAgEAMIIJ/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIvO01\n"
+ "D2ODdkYCAggAgIIJ0NscvWq3hmXai5DQcleOgELPbu2c97d+KJnRGCK7K3eRb0/v\n"
+ "4F3f3LFSFFT9OAK0/OS1ZYCiO+IuZ6Rpc8Baqe89xVcOHrQ0dQ7sIvbq10dnp5nY\n"
+ "fEcrt7qPXcRa3IdOX4PFo4aCOFq5bHv5M3quHldKRh4itosjsAGuF/xtnVnO6lU5\n"
+ "UlPhtAdr2Mpr4SHh+oBbJknLvyd6n/4xZ2elEA8ui4Qt5GfiHwWs2J7KO3Z8M1vW\n"
+ "yukuyVTaZ6RNkj8dkq/RttvVinlgATYLoosjCsH7VVcd+/z9JqD37QQ89pzdjvJg\n"
+ "CtXFVbqsOIbjPMkQMYtMdaPsLDDzw6l+q7BJreGIoJmTHbhTtNOJo03XPEnlVXUq\n"
+ "Q+224ibNKzLAvpSWOo8BUHK7ZDc1oaLODDZ+WAA6jfgHkuhhWYr9dxce6UdhMghJ\n"
+ "M7ixWwa350psdACREdGxNQzxmucmueprbDumVPAnnJfnKfgRXdKpTDFWS4TaYRc/\n"
+ "TE4lKSBZpFFduy/gdpLGCHdklTs33aWZ/mEVZJnk2PggKyvSKH9oL3DxkZIFkGdQ\n"
+ "wcy8gAuLBirdWB/q4JWqW7sH8kMfEwXACEm1z4SzCik8afamQNJEbovA3Pvrhw/P\n"
+ "1HE5KPNvKMaIr9kk5rTnGGTSNrSMqUCnBl4MjVS4HacrZvvt60y0D3RFB8IqlFMt\n"
+ "od2FagxojPyO/wP8jDERnySo2Irz0x0WUjWARtcLLH2FOK7ROkX1/WjRZmDV0jtv\n"
+ "yL8r97XZf/NddVU13Jt13dBJCjxZRvfJZgNI8RybkPQ3Y9J5LIOLVFPU3ZKIi7W7\n"
+ "KtCw/FCUfEdNarLQMWG0Z9bux7vu/eK1+KpF9pfzD3Q1V0sj2M158Q5W2gy9q/u0\n"
+ "gOOuybiZB2AL9kxBv0rqb8h7SF5ZIRoy85PrwtnX7w4Xq+4I7RA68bcEGyqgTWWb\n"
+ "XZxcY65F2slqekXddKeDSTizQk/APgWva/TwgaUeXR9YBCO4o71pla//FNqJ6pRm\n"
+ "tZjEY9ALBCc083gsImc7+LAeubEcYzjhhgRPQwGJfJTMqgC/NOa9wFhvNO4QcFjf\n"
+ "XQxxIFxlQJ64qU316FyeuyxLYGd02uakrLLgYtAGG7nPZCYNkUKvCwICKJYI+wAg\n"
+ "CX0FVwXsR1f33kVuV6sd4YConz80Lk9ayvNJVeCzEOBvhthbMcP3mIn22X+GT3jU\n"
+ "O5Z0bkXAU0C8XTfLQMk2m6Ag3mctrn4iJBPwQ7j12GnlSLko+e7IssRd4Qj4vBZd\n"
+ "KXUIoRcOsXqWoQgXJAtdLJEHVo0SUyxVojXsXqUZ3yYOkVUykvXZUcBnS6xwtaUt\n"
+ "EzdFsEO3NQSLOju5Tpp12lKbrgIToV75zyA3CULEdimEUWD/wA+pDaIS39shNyeE\n"
+ "edtAp3WF3mDkHQFyKG52IVx7hJU8jXXunvY21tshTAx/Gda0X1CtgSU7Q00ROr+L\n"
+ "TaehRiKsSgxQa6/jyJY5KY1hIDzwaem5Y7gDnxotmQuPhIX8MeD5Qdv6AVovfScN\n"
+ "07QuWyUBgFsZzbp79AsnPRLzoiAMQljMn7TXDDLq+uF922OU47BQkzlPfKAuHbyu\n"
+ "R+uZwtDfMD71FqWjCAHMPyENinsnUehCwX2pVxa6KSs61IsTfb3oUPY1TRxfZnfd\n"
+ "8SAUfPjKVss9Eyahuv+kzenPUDZn5LV9E0G0DGNxIf493A5Z29scNkQcCBjTJJvx\n"
+ "4BBJCES6SgkTQl7eFoBGOIqqytpYP9QZW5jy7ramgz/gF2kMKjAfikhbd5vB4Fwd\n"
+ "QlExMlbW+wL/ffr4AGlwenlDzXBFKQM0mYZNKLuB9LrRzw35fVFZ9XY06VCxhbMa\n"
+ "wI9gN4rKA3bNG3DCWTsr1TZ6CvrqFJjlfK4KF/+eNfnkIY8uVYxnPlRRkmPw4dpE\n"
+ "KdaXUiu5WJvZupeYqqNsWdxs+v2KS1E/PcM9BgUFKFD4lW84WbWUHPxvxXoZhSCs\n"
+ "nQ0hsPd53NKBBdEOao5HAAf+T5yFnJzZ3rVkYBEC67gHyWgXB1Zy283yAIihvUXw\n"
+ "DOEVppNHnIqAjQpncQcDpV0/zYCvqOEfU+JPpmepgo737Tq2MlUKLTByhg1mQhKm\n"
+ "2pI63BFiw2/2igImFbmhzJjilWkaM4kwM1uGKOKgjacXI/VSVEajuYAfo37quBxF\n"
+ "ZWyWJoFXBvQ7jolTKXUVbCqnSSaItosZrS3vcDdGUegRm0rf6IzCRPdSIsfCDdZG\n"
+ "9UeChoznNezoLENgmqQJTV3wDo3uSZbztlctoERvZpn457MLZEn8hXEwMLPXx2Ur\n"
+ "HQ5fYAdTBzBpoLiy8ujzFxFJDzW9ytnb7aFF7YVivfj42eVGnCANvVcwkp2/E3MW\n"
+ "Img0OyqKRQHaGGI7iGNO5KYpTk0CdSyErQarH52ZRvr0t2CK6J6vDgrhJnzd5Ayr\n"
+ "6t+coAZBw8eIJqiM5WzAm4mlZRSHL+JcaKkrqoYOo+kewj7wgW2Kk/7S8re38RvP\n"
+ "+V9nqpfr18gIV72G2yZ60C21eRqOFPgl1CYbmWHqYKXatuT4o+kgBmJpez5uvIHz\n"
+ "LSd88An02ow+WQ+KP8YGV38ZtuA6D4FPA3fsMdhNOqjtwWiPei+ILaXD5PsOfDGH\n"
+ "2fZgOWXivFYqq9Cm3B3ffFX/oD/7sFMs+/AWeZOh8XqU8ro73L1HNRXx4HdyRUY/\n"
+ "pInwA0mWaFNGgBRPbNW0A6cZ2dY0Hn8sRRsF+5tIs0hOelpT1y/ZEVyGImTQgEbK\n"
+ "KeggQGT9h9rhrrUK+hE27MorcRi6tVteKlNyGQsCJko0ZoqqctM4o7wT5ce4nWtb\n"
+ "ixzp5xDkDmcP6eldHiVm8TsZn0hkmNDu0xpgIVtb4VDRmWP687EOaGHYhjOBw6X1\n"
+ "GD1d1yyg/VxlUr0lKmbsFVC2mDiWbnWd49+FGsrySc2RO8DlC9xkXLaG+ubjmLpK\n"
+ "lwagiI2P1MzkHuZiz7WlIjFefuYh0yrYvDA5UDiQTDdoZWFuR5r93QWdsUcHlvdF\n"
+ "rYmhQ93F6I4gaT9HSVEDJfisIjIUmIwhh20tdGnf3FC5VyqBYS5GQObq3VnC8stU\n"
+ "b7byCEMlKr5bWslEem6gRGTB9xektKgrsFgS7nb3Geegq9K+mWIBC/iBOInVqFYx\n"
+ "Uw8+s6ywApXPLPEIrVZumkwo7Rl8lJfCTDNni/68XHhhVHY70N0PSdfnCAvV9G41\n"
+ "3wuTZHqLOeQG3Sm8I1JJXkWSuuk0QI7DVKZpmz+x4aFBd+rncfvWOEbN9G0ZqbUT\n"
+ "lGkfxtUWY6pWX/XJpyBzOlv2+fCPi/Yd0csb45IEuFHNG1svgqGMJw5BmFu5v0Qs\n"
+ "0i1zKBrNA/Acd6+uL0UqDZStB6lyPn6+uifh3sMwggL5BgkqhkiG9w0BBwGgggLq\n"
+ "BIIC5jCCAuIwggLeBgsqhkiG9w0BDAoBAqCCAqYwggKiMBwGCiqGSIb3DQEMAQMw\n"
+ "DgQIBJuBj07uHGACAggABIICgJBfOlC99JJjEUBibYLXIJPe53Cy7eDXCtVaPbhX\n"
+ "VHPCsBrUd7+6Ul7Vh/JHMlJL1VA3WvGnX93f0p5FICgZZA3sIZjpxBoeVkZ0Zx6r\n"
+ "ZMnBPIN4GaHYufCGPyAlPXgEGjlBr3g6Sxr8j50vsWtfspwiILsyte+nQ3kE1nV4\n"
+ "TjNBnayXmCMnEkf4kKu+dlLFbd1OY/fQJbiT+f9YtMfcfp2IR+7bXb23UIv8Wt1I\n"
+ "XyqsYTcUjIvnByKSDrvVu941x1EN5DF1964qQbAZb/z5ueTl8tCpaCFlGbZcXz7X\n"
+ "7L3k0YWdymx1J+szd6heQJrzqMjcHK3XWC7YlDytWB59j0eNMx42XEFP0pAO+gt9\n"
+ "Iny2XL+sxJC/xzf6apYMmmGwEXrZkkudsSVMgLCtYyin4zM7PFzLAPK9ryEhsxaP\n"
+ "g077MJ/aIaZ7PLi7cABz/g+gQ1dSXakNOof6EjRUADHpav9UKeKwWdR8ycB/8AQV\n"
+ "XxQTpEsFJ7izdNZDNC/ZeOhc/ohnei169rfH0shVeeckjf++c8zlh/Y5UWIi3V6i\n"
+ "5c7RlIJLMtHrvpB5UxRpZgWSdXvCuTCBEzlZAeWJ11I4DAeioqJ1V3h2KcUjNKf1\n"
+ "z8mTJrzAycuhm8npaC0Gj6JU7jiYPZLvj+cK/e/gjadWggHFYsjAKhACDbAtG64N\n"
+ "Gu9PWJszvhSO8ga7TOVEzdbe2jm4oWtqPe3gb6eYl2Ma6GTfj/PUEDpNAOnr99qV\n"
+ "g3uKIXMBp2115bfUf5sbfPdMbnH12XILXR9Va+JjeQHexa64QWlsiRgtXEAXxoEb\n"
+ "D2aTlfdsJpgilyj31Y45xOdN7FI+Ltfhudxt1kABPdmKwRMxJTAjBgkqhkiG9w0B\n"
+ "CRUxFgQUMvxYuPi3XpEeXbzAkXaNbAw7P5gwMTAhMAkGBSsOAwIaBQAEFOBC4ppE\n"
+ "AXO+xdzSBKimvjBBTLbEBAjlaWiC5IVtmAICCAA=\n";
+
+ // write file
+ const char *p12base64file = "/tmp/ckmc_test_p12.p12.b64";
+ const char *p12file = "/tmp/ckmc_test_p12.p12";
+ const char *password = "password";
+
+ remove(p12base64file);
+ remove(p12file);
+
+ FILE* b64_file;
+ b64_file = fopen(p12base64file, "w");
+ fprintf(b64_file, "%s",p12Base64.c_str());
+ fclose(b64_file);
+
+ std::string cmd("openssl base64 -d -in ");
+ cmd.append(p12base64file);
+ cmd.append(" -out ");
+ cmd.append(p12file);
+ system(cmd.c_str());
+
+ int temp;
+
+ ckmc_pkcs12_s *ppkcs12 = NULL;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file2(p12file, password, &ppkcs12)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(ppkcs12->priv_key != NULL, "Null private_key");
+ RUNNER_ASSERT_MSG(ppkcs12->cert != NULL, "Null cert");
+ RUNNER_ASSERT_MSG(ppkcs12->ca_chain != NULL, "Null ca_cert_list");
+
+ ckmc_policy_s policy;
+ policy.password = NULL;
+ policy.extractable = 1;
+
+
+ const char *pkey_alias = "pkey_alias2";
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pkey_alias, *(ppkcs12->priv_key), policy)),
+ "Error=" << temp);
+
+ const char *cert_alias = "cert_alias2";
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(cert_alias, *(ppkcs12->cert), policy)),
+ "Error=" << temp);
+ std::string caCertAlias = "ca_cert_alias_2_";
+ const char *idx = "0";
+ int cnt = 0;
+ ckmc_cert_list_s *tmpList = ppkcs12->ca_chain;
+ while(tmpList != NULL) {
+ caCertAlias.append(idx);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(caCertAlias.c_str(), *(tmpList->cert), policy)),
+ "Error=" << temp);
+ tmpList = tmpList->next;
+ cnt ++;
+ }
+
+ RUNNER_ASSERT_MSG(cnt == 2, "Invalid CA Cert Count");
+
+ ckmc_pkcs12_free(ppkcs12);
+
+ remove(p12base64file);
+ remove(p12file);
+}
RUNNER_TEST(T3098_CAPI_TYPE_deinit)
{
"Error=" << temp);
}
+RUNNER_TEST_GROUP_INIT(T310_CKMC_CAPI_PKCS12);
-RUNNER_TEST_GROUP_INIT(T3000_CAPI_LOCKTYPE_TESTS);
-
-RUNNER_TEST(T3100_CAPI_locktype_init)
+namespace
{
- int temp;
- RUNNER_ASSERT_MSG_BT(
- CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
- "Error=" << temp);
- RUNNER_ASSERT_MSG_BT(
- CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, USER_PASS)),
- "Error=" << temp);
-}
-
-RUNNER_CHILD_TEST(T3101_CAPI_init_lock_key)
+const char* alias_PKCS_collision = "CAPI-test-PKCS-collision";
+const char* alias_PKCS_exportable = "CAPI-test-PKCS-export";
+const char* alias_PKCS_not_exportable = "CAPI-test-PKCS-no-export";
+const char* alias_PKCS_priv_key_copy = "CAPI-test-PKCS-private-key-copy";
+const char* alias_PKCS_priv_key_wrong = "CAPI-test-PKCS-private-key-wrong";
+}
+
+RUNNER_TEST(T3101_CAPI_PKCS12_init)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_unlock_user_key(USER_APP, "user-pass")),
+ "Error=" << temp);
+
+ ckmc_remove_pkcs12(alias_PKCS_collision);
+ ckmc_remove_pkcs12(alias_PKCS_exportable);
+ ckmc_remove_pkcs12(alias_PKCS_not_exportable);
+ ckmc_remove_pkcs12(alias_PKCS_priv_key_copy);
+ ckmc_remove_pkcs12(alias_PKCS_priv_key_wrong);
+}
+
+RUNNER_TEST(T3102_CAPI_PKCS12_negative_wrong_password)
+{
+ const char *wrong_passwd = "wrong";
+ ckmc_pkcs12_s *ppkcs12 = NULL;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_FORMAT == (temp = ckmc_load_from_pkcs12_file2("/usr/share/ckm-test/test1801.pkcs12", wrong_passwd, &ppkcs12)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T3103_CAPI_PKCS12_add_bundle_with_chain_certs)
+{
+ ckmc_pkcs12_s *ppkcs12 = NULL;
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_load_from_pkcs12_file2("/usr/share/ckm-test/pkcs.p12", NULL, &ppkcs12)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->cert, "no certificate in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->priv_key, "no private key in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != ppkcs12->ca_chain, "no chain certificates in PKCS12");
+
+ // save to the CKM
+ int tmp;
+ ckmc_policy_s exportable;
+ exportable.password = NULL;
+ exportable.extractable = 1;
+ ckmc_policy_s notExportable;
+ notExportable.password = NULL;
+ notExportable.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_exportable, ppkcs12, exportable, exportable)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)),
+ "Error=" << temp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_EXISTS == (temp = ckmc_save_pkcs12(alias_PKCS_not_exportable, ppkcs12, notExportable, notExportable)),
+ "Error=" << temp);
+
+ // try to lookup key
+ ckmc_key_s *key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)),
+ "Error=" << temp);
+ ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias_PKCS_not_exportable, "", &key_lookup)),
+ "Error=" << temp << " CKMC_ERROR_NOT_EXPORTABLE=" << CKMC_ERROR_NOT_EXPORTABLE << " CKMC_ERROR_DB_ERROR=" << CKMC_ERROR_DB_ERROR);
+ ckmc_key_free(key_lookup);
+
+ // try to lookup certificate
+ ckmc_cert_s *cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)),
+ "Error=" << temp);
+ ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)),
+ "Error=" << temp);
+ ckmc_cert_free(cert_lookup);
+}
+
+RUNNER_TEST(T3103_CAPI_PKCS12_get_PKCS)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ ckmc_pkcs12_s *pkcs = NULL;
+
+ // fail - no entry
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_pkcs12("i-do-not-exist", &pkcs)),
+ "Error=" << temp);
+ ckmc_pkcs12_free(pkcs);
+ pkcs = NULL;
+
+ // fail - not exportable
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_pkcs12(alias_PKCS_not_exportable, &pkcs)),
+ "Error=" << temp);
+ ckmc_pkcs12_free(pkcs);
+ pkcs = NULL;
+
+ // success - exportable
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_pkcs12(alias_PKCS_exportable, &pkcs)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(NULL != pkcs->cert, "no certificate in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != pkcs->priv_key, "no private key in PKCS12");
+ RUNNER_ASSERT_MSG(NULL != pkcs->ca_chain, "no chain certificates in PKCS12");
+ size_t cntr = 0;
+ ckmc_cert_list_s *iter = pkcs->ca_chain;
+ do {
+ cntr ++;
+ iter = iter->next;
+ } while(iter);
+ RUNNER_ASSERT_MSG(2 == cntr, "invalid number of chain certificates in PKCS12");
+
+ ckmc_pkcs12_free(pkcs);
+}
+
+RUNNER_TEST(T3104_CAPI_PKCS12_create_and_verify_signature)
+{
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ int temp;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature = NULL;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ alias_PKCS_exportable,
+ NULL,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ "Error=" << temp);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ alias_PKCS_exportable,
+ NULL,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST(T3105_CAPI_PKCS12_remove_bundle_with_chain_certs)
+{
+ int tmp;
+
+ // remove the whole PKCS12 bundles
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_exportable)),
+ "Error=" << tmp);
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (tmp = ckmc_remove_pkcs12(alias_PKCS_not_exportable)),
+ "Error=" << tmp);
+
+ // expect lookup fails due to unknown alias
+ // try to lookup key
+ ckmc_key_s *key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_exportable, NULL, &key_lookup)),
+ "Error=" << tmp);
+ ckmc_key_free(key_lookup);
+ key_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_key(alias_PKCS_not_exportable, NULL, &key_lookup)),
+ "Error=" << tmp);
+ ckmc_key_free(key_lookup);
+
+ // try to lookup certificate
+ ckmc_cert_s *cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_exportable, NULL, &cert_lookup)),
+ "Error=" << tmp);
+ ckmc_cert_free(cert_lookup);
+ cert_lookup = NULL;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (tmp = ckmc_get_cert(alias_PKCS_not_exportable, NULL, &cert_lookup)),
+ "Error=" << tmp);
+ ckmc_cert_free(cert_lookup);
+}
+
+RUNNER_TEST(T3109_CAPI_PKCS12_deinit)
+{
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
+ "Error=" << temp);
+}
+
+RUNNER_TEST_GROUP_INIT(T3110_CAPI_LOCKTYPE_TESTS);
+
+RUNNER_CHILD_TEST(T3111_CAPI_init_lock_key)
{
int tmp;
AccessProvider ap("my-label");
CKM::ErrorToString(tmp));
}
-RUNNER_CHILD_TEST(T3102_CAPI_unlock_default_passwd)
+RUNNER_CHILD_TEST(T3112_CAPI_unlock_default_passwd)
{
AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
"Error=" << temp);
}
-RUNNER_CHILD_TEST(T3103_CAPI_init_change_user_password)
+RUNNER_CHILD_TEST(T3113_CAPI_init_change_user_password)
{
int tmp;
AccessProvider ap("my-label");
CKM::ErrorToString(tmp));
}
-RUNNER_CHILD_TEST(T3104_CAPI_unlock_default_passwd_negative)
+RUNNER_CHILD_TEST(T3114_CAPI_unlock_default_passwd_negative)
{
AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
"Error=" << temp);
}
-RUNNER_CHILD_TEST(T3109_CAPI_deinit)
+RUNNER_CHILD_TEST(T3119_CAPI_deinit)
{
int temp;
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_lock_user_key(USER_APP)),
"Error=" << temp);
- RUNNER_ASSERT_MSG_BT(
+ RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_remove_user_data(USER_APP)),
"Error=" << temp);
}
#include <dpl/test/test_runner.h>
#include <tests_common.h>
-#include <dbus_access.h>
-
+#include <ckm-common.h>
#include <ckm/ckm-manager.h>
#include <ckm/ckm-control.h>
const char* const DISABLED = "Disabled";
const char* const CKM_LOCK = "/var/run/key-manager.pid";
-const char* SERVICE[] = {
- "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2dlistener_2eservice",
- "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2eservice" };
-enum ServiceIdx {
- LISTENER,
- MANAGER
-};
// disable CC
int _unset_mdpp_key = vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
vconf_unset(VCONFKEY_SECURITY_MDPP_STATE);
}
-void start_service(ServiceIdx idx)
-{
- DBusAccess dbus(SERVICE[idx]);
- dbus.start();
-}
-
-void stop_service(ServiceIdx idx)
-{
- DBusAccess dbus(SERVICE[idx]);
- dbus.stop();
-}
-
void remove_user_data()
{
auto control = Control::create();
#include <tests_common.h>
#include <access_provider2.h>
#include <ckm/ckm-manager.h>
+#include <dbus_access.h>
+
+const char* SERVICE[] = {
+ "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2dlistener_2eservice",
+ "/org/freedesktop/systemd1/unit/central_2dkey_2dmanager_2eservice" };
+
+void start_service(ServiceIdx idx)
+{
+ DBusAccess dbus(SERVICE[idx]);
+ dbus.start();
+}
+
+void stop_service(ServiceIdx idx)
+{
+ DBusAccess dbus(SERVICE[idx]);
+ dbus.stop();
+}
+
void switch_to_storage_user(const char* label)
{
void switch_to_storage_user(const char* label);
void switch_to_storage_ocsp_user(const char* label);
+
+// service lifecycle management
+enum ServiceIdx {
+ LISTENER,
+ MANAGER
+};
+void start_service(ServiceIdx idx);
+void stop_service(ServiceIdx idx);
+
+
// Class responsible for db cleanup after positive tests. Will remove all used aliases in destructor
class DBCleanup
{
* D - subtest.
*/
+RUNNER_TEST_GROUP_INIT(A_T0010_CKM_OPENSSL_INIT);
+RUNNER_TEST(A_T0011_OpenSSL_not_init_client_parse_PKCS) {
+ stop_service(MANAGER);
+ start_service(MANAGER);
+
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ // all further tests will start with newly started service,
+ // OpenSSL on the service side will have to be properly initialized too
+ stop_service(MANAGER);
+ start_service(MANAGER);
+}
RUNNER_TEST_GROUP_INIT(T0010_CKM_CONTROL);
int temp;
auto control = CKM::Control::create();
RUNNER_ASSERT_MSG(
- CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "test-pass")),
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(0, "simple-password")),
"Error=" << CKM::ErrorToString(temp));
RUNNER_ASSERT_MSG(
CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
"Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_CHILD_TEST(T1511_init_insert_data)
+RUNNER_CHILD_TEST(T1511_insert_data)
{
AccessProvider ap("my-label");
ap.allowAPI("key-manager::api-storage", "rw");
"Error=" << CKM::ErrorToString(tmp));
}
-RUNNER_CHILD_TEST(T1702_init_insert_data)
+RUNNER_CHILD_TEST(T1702_insert_data)
{
int temp;
AccessProvider ap("t170-special-label");
RUNNER_TEST_GROUP_INIT(T180_PKCS12);
-RUNNER_TEST(T1801) {
+namespace
+{
+CKM::Alias alias_PKCS_collision = "test-PKCS-collision";
+CKM::Alias alias_PKCS_exportable = "test-PKCS-export";
+CKM::Alias alias_PKCS_not_exportable = "test-PKCS-no-export";
+CKM::Alias alias_PKCS_priv_key_copy = "test-PKCS-private-key-copy";
+CKM::Alias alias_PKCS_priv_key_wrong = "test-PKCS-private-key-wrong";
+}
+
+RUNNER_TEST(T1800_init) {
+ int temp;
+ auto control = CKM::Control::create();
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->unlockUserKey(USER_APP, "user-pass")),
+ "Error=" << CKM::ErrorToString(temp));
+
+ auto manager = CKM::Manager::create();
+ manager->removeAlias(alias_PKCS_collision);
+ manager->removeAlias(alias_PKCS_exportable);
+ manager->removeAlias(alias_PKCS_not_exportable);
+ manager->removeAlias(alias_PKCS_priv_key_copy);
+ manager->removeAlias(alias_PKCS_priv_key_wrong);
+}
+
+RUNNER_TEST(T1801_parse_PKCS12) {
std::ifstream is("/usr/share/ckm-test/test1801.pkcs12");
std::istreambuf_iterator<char> begin(is), end;
std::vector<char> buff(begin, end);
"Expected error in PKCS12::create()");
}
+RUNNER_TEST(T1804_add_PKCS_collision_with_existing_alias)
+{
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ // save private key
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ int temp;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_collision, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (temp = manager->savePKCS12(alias_PKCS_collision, pkcs, CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1805_add_bundle_with_chain_certificates)
+{
+ auto manager = CKM::Manager::create();
+ std::ifstream is("/usr/share/ckm-test/pkcs.p12");
+ std::istreambuf_iterator<char> begin(is), end;
+ std::vector<char> buff(begin, end);
+
+ CKM::RawBuffer buffer(buff.size());
+ memcpy(buffer.data(), buff.data(), buff.size());
+
+ auto pkcs = CKM::PKCS12::create(buffer, CKM::Password());
+ RUNNER_ASSERT_MSG(
+ NULL != pkcs.get(),
+ "Error in PKCS12::create()");
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+
+ // save to the CKM
+ int tmp;
+ CKM::Policy exportable;
+ CKM::Policy notExportable(CKM::Password(), false);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_exportable, pkcs, exportable, exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_EXISTS == (tmp = manager->savePKCS12(alias_PKCS_not_exportable, pkcs, notExportable, notExportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup key
+ CKM::KeyShPtr key_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup certificate
+ CKM::CertificateShPtr cert_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST(T1806_get_PKCS)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ CKM::PKCS12ShPtr pkcs;
+
+ // fail - no entry
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (temp = manager->getPKCS12("i-do-not-exist", pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // fail - not exportable
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_NOT_EXPORTABLE == (temp = manager->getPKCS12(alias_PKCS_not_exportable, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ // success - exportable
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getPKCS12(alias_PKCS_exportable, pkcs)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ auto cert = pkcs->getCertificate();
+ RUNNER_ASSERT_MSG(
+ NULL != cert.get(),
+ "Error in PKCS12::getCertificate()");
+
+ auto key = pkcs->getKey();
+ RUNNER_ASSERT_MSG(
+ NULL != key.get(),
+ "Error in PKCS12::getKey()");
+
+ auto caVector = pkcs->getCaCertificateShPtrVector();
+ RUNNER_ASSERT_MSG(
+ 2 == caVector.size(),
+ "Wrong size of vector");
+}
+
+RUNNER_TEST(T1807_create_and_verify_signature)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string message = "message test";
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1808_create_signature_on_raw_key_and_verify_on_PKCS)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQD1W9neUbXL1rnq9SvyzprjhWBKXyYKQirG3V2zyUnUaE24Sq2I\n"
+ "v7ISrwMN/G6WcjrGmeZDEWwrL4zXh002N8BD1waJPRonxwtVkhFy3emGatSmx7eI\n"
+ "ely5H+PBNImRvBh2u4GWga6OEXcUNdfaBUcxn+P6548/zpDhyNLzQKk5FwIDAQAB\n"
+ "AoGAR+4WkBuqTUj1FlGsAbHaLKt0UDlWwJknS0eoacWwFEpDxqx19WolfV67aYVA\n"
+ "snBolMKXg7/+0yZMhv8Ofr+XaHkPQplVVn9BwT0rmtEovJXwx+poRP9Bm3emglj/\n"
+ "iYd8EkaXDlIXCtewtQW9JEIctWppntHj3TvA/h7FCXPN6SkCQQD/N7sn5S1gBkVh\n"
+ "dyXQKoyKsZDb7hMIS1q6cKwYCMf2UrsD1/lnr7xXkvORdL213MfueO8g0WkuKfRY\n"
+ "bDD6WGX1AkEA9hxiOlsgvermqLJkOlJffbSaM8n/6wtnM0HV+Vd9NfSBOmxFDXPO\n"
+ "vrvdgiDPENhbqTJSQVDsfzHilTpK7lEvWwJBAJLxHoOg0tg3pBiyxgWtic+M3q+R\n"
+ "ykl7QViY6KzJ2X98MIrM/Z7yMollZXE4+sVLwZ0O6fdGOr3GkBWc7TImVUUCQQC7\n"
+ "pf6bQfof9Ce0fnf/I+ldHkPost7nJsWkBlGQkM2OQwP5OK4ZyK/dK76DxmI7FMwm\n"
+ "oJCo7nuzq6R4ZX7WYJ47AkBavxBDo/e9/0Vk5yrloGKW3f8RQXBJLcCkVUGyyJ3D\n"
+ "3gu/nafW4hzjSJniTjC1fOj0eb0OSg1JAvqHTYAnUsI7\n"
+ "-----END RSA PRIVATE KEY-----";
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_copy, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_priv_key_copy,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+RUNNER_TEST(T1809_create_signature_on_wrong_key_and_verify_on_PKCS)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+
+ std::string prv = "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQDCKb9BkTdOjCTXKPi/H5FSGuyrgzORBtR3nCTg7SRnL47zNGEj\n"
+ "l2wkgsY9ZO3UJHm0gy5KMjWeCuUVkSD3G46J9obg1bYJivCQBJKxfieA8sWOtNq1\n"
+ "M8emHGK8o3sjaRklrngmk2xSCs5vFJVlCluzAYUmrPDm64C3+n4yW4pBCQIDAQAB\n"
+ "AoGAd1IWgiHO3kuLvFome7XXpaB8P27SutZ6rcLcewnhLDRy4g0XgTrmL43abBJh\n"
+ "gdSkooVXZity/dvuKpHUs2dQ8W8zYiFFsHfu9qqLmLP6SuBPyUCvlUDH5BGfjjxI\n"
+ "5qGWIowj/qGHKpbQ7uB+Oe2BHwbHao0zFZIkfKqY0mX9U00CQQDwF/4zQcGS1RX/\n"
+ "229gowTsvSGVmm8cy1jGst6xkueEuOEZ/AVPO1fjavz+nTziUk4E5lZHAj18L6Hl\n"
+ "iO29LRujAkEAzwbEWVhfTJewCZIFf3sY3ifXhGZhVKDHVzPBNyoft8Z+09DMHTJb\n"
+ "EYg85MIbR73aUyIWsEci/CPk6LPRNv47YwJAHtQF2NEFqPPhakPjzjXAaSFz0YDN\n"
+ "6ZWWpZTMEWL6hUkz5iE9EUpeY54WNB8+dRT6XZix1VZNTMfU8uMdG6BSHwJBAKYM\n"
+ "gm47AGz5eVujwD8op6CACk+KomRzdI+P1lh9s+T+E3mnDiAY5IxiXp0Ix0K6lyN4\n"
+ "wwPuerQLwi2XFKZsMYsCQQDOiSQFP9PfXh9kFzN6e89LxOdnqC/r9i5GDB3ea8eL\n"
+ "SCRprpzqOXZvOP1HBAEjsJ6k4f8Dqj1fm+y8ZcgAZUPr\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+ std::string message = "message test";
+
+ auto keyPrv = CKM::Key::create(CKM::RawBuffer(prv.begin(), prv.end()), CKM::Password());
+ RUNNER_ASSERT_MSG(NULL != keyPrv.get(),
+ "Key is empty. Failed to import private key.");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->saveKey(alias_PKCS_priv_key_wrong, keyPrv, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+
+ CKM::HashAlgorithm hash = CKM::HashAlgorithm::SHA256;
+ CKM::RSAPaddingAlgorithm padd = CKM::RSAPaddingAlgorithm::PKCS1;
+ CKM::RawBuffer signature;
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createSignature(
+ alias_PKCS_priv_key_wrong,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ hash,
+ padd,
+ signature)),
+ "Error=" << CKM::ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (temp = manager->verifySignature(
+ alias_PKCS_exportable,
+ CKM::Password(),
+ CKM::RawBuffer(message.begin(), message.end()),
+ signature,
+ hash,
+ padd)),
+ "Error=" << CKM::ErrorToString(temp));
+}
+
+// MJK TODO: to be uncommented once custom CA root can be provided to the CKM
+/*
+RUNNER_TEST(T1810_verify_get_certificate_chain)
+{
+ // this certificate has been signed using PKCS chain
+ std::string im = "-----BEGIN CERTIFICATE-----\n"
+ "MIIBrTCCARYCAQEwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRc2VydmVyQHRl\n"
+ "c3RtZS5jb20wHhcNMTQxMjAyMTMxNTQzWhcNMTUxMjAyMTMxNTQzWjAiMSAwHgYD\n"
+ "VQQDDBdlbmQtb24tY2hhaW5AdGVzdG1lLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB\n"
+ "jQAwgYkCgYEAsJS/jky4Cnxnlj6m2Eam3E3ARfR1PTaQV3Om09z3Ax15ca3kfHSb\n"
+ "n6UlDk9vjP3iE7Nbju5Nzw9Tu/Pe32g/54quUBgbTFWbztR/Q9Dxbt3evWZ98ADS\n"
+ "qAtH9OU23xS/5jGpmJSP0l22JItx8E8nEbEPj7GTWfVuYb3HXMHqzY8CAwEAATAN\n"
+ "BgkqhkiG9w0BAQsFAAOBgQCPJqjMH24kAngd0EunIPsVNSpWJMlMocFM5xHJsvgi\n"
+ "5DZ7swo0O/Jfqvo/vKDVqR/wiPeAxrwirECGC1O2hC7HcOt7kW4taHSVGGd4dHMn\n"
+ "oK70cUKQeVy3cYY6QUaonjuNVvYQHE3OSLDe56n6c7Mnek28qNtezeSWLUy8L8fA\n"
+ "Qw==\n"
+ "-----END CERTIFICATE-----\n";
+
+ auto cert = CKM::Certificate::create(CKM::RawBuffer(im.begin(), im.end()), CKM::DataFormat::FORM_PEM);
+ CKM::CertificateShPtrVector certChain;
+ CKM::AliasVector aliasVector;
+
+ int tmp;
+ auto manager = CKM::Manager::create();
+
+ RUNNER_ASSERT_MSG(NULL != cert.get(), "Certificate should not be empty");
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_VERIFICATION_FAILED == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ 0 == certChain.size(),
+ "Wrong size of certificate chain.");
+
+ aliasVector.push_back(alias_PKCS_exportable);
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->getCertificateChain(cert, aliasVector, certChain)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ RUNNER_ASSERT_MSG(
+ 3 == certChain.size(),
+ "Wrong size of certificate chain.");
+}*/
+
+RUNNER_TEST(T1811_remove_bundle_with_chain_certificates)
+{
+ auto manager = CKM::Manager::create();
+ int tmp;
+
+
+ // remove the whole PKCS12 bundles
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (tmp = manager->removeAlias(alias_PKCS_not_exportable)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // expect lookup fails due to unknown alias
+ // try to lookup key
+ CKM::KeyShPtr key_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getKey(alias_PKCS_not_exportable, CKM::Password(), key_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+
+ // try to lookup certificate
+ CKM::CertificateShPtr cert_lookup;
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_DB_ALIAS_UNKNOWN == (tmp = manager->getCertificate(alias_PKCS_not_exportable, CKM::Password(), cert_lookup)),
+ "Error=" << CKM::ErrorToString(tmp));
+}
+
+RUNNER_TEST(T1812_deinit)
+{
+ int temp;
+ auto control = CKM::Control::create();
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = control->lockUserKey(USER_APP)),
+ "Error=" << CKM::ErrorToString(temp));
+}
RUNNER_TEST_GROUP_INIT(T190_CKM_EMPTY_STORAGE_TESTS);
#include <errno.h>
#include <string.h>
-const uid_t APP_UID = 5000;
-const gid_t APP_GID = 5000;
+// separate DB-space for async tests
+// gives independence: other test sets can modify the password per will
+// without risk of making async tests fail
+const uid_t APP_UID = 5003;
+const gid_t APP_GID = 5003;
const uid_t DB_ALARM_UID = 6001;
const gid_t DB_ALARM_GID = 6001;
projects / platform / core / test / security-tests.git / commitdiff