/usr/src/suites/security/kmf/tests/kmf_api/kmf_verify_cert.c
C | 265 lines | 175 code | 32 blank | 58 comment | 39 complexity | 1b96b76a3a7cebfc81589492333fcd64 MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception
- /*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
- /*
- * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
- */
- #include "kmf_test_util.h"
- #ifdef __stc_assertion__
- /*
- * ASSERTION: kmf_verify_cert_001, kmf_verify_cert_002,
- * kmf_verify_cert_003
- *
- * DESCRIPTION:
- * If kmf_verify_cert() is called with one or some unaccepted
- * parameters, it will fail with KMF_ERR_BAD_PARAMETER.
- *
- * If kmf_verify_cert() is called with an invalid kstype,
- * it will fail with KMF_ERR_PLUGIN_NOTFOUND.
- *
- * If kmf_verify_cert() is called with cert data couldn't be
- * decoded, it will fail with KMF_ERR_BAD_CERT_FORMAT.
- *
- * STRATEGY:
- * 1) Call KMF_Initialize.
- * 2) Set one or some of the four input parameters
- * to NULL, then call kmf_verify_cert.
- * 3) Verify the return value is KMF_ERR_BAD_PARAMETER.
- *
- * 4) Call kmf_verify_cert with an invalid params->kstype
- * (other than NSS, PKCS11, OpenSSL).
- * 5) Verify the return value is KMF_ERR_PLUGIN_NOTFOUND.
- *
- * 6) Given cert format couldn't be decoded,
- * call kmf_verify_cert.
- * 7) Verify the return value is KMF_ERR_BAD_CERT_FORMAT.
- *
- * 8) Free memory.
- * 9) Call KMF_Finalize.
- *
- * INTERFACES: kmf_verify_cert
- */
- #endif /* __stc_assertion_ */
- static int failure = 0;
- static int param_fail = 0;
- static int param_tests = 0;
- static int test_num = 0;
- static char *func_name = "kmf_verify_cert()";
- static int
- set_attrlist(KMF_ATTRIBUTE *attrs, KMF_KEY_HANDLE *key, KMF_DATA *cert,
- KMF_DATA *SignerCert)
- {
- int i = 0;
- if (key) {
- kmf_set_attr_at_index(attrs, i, KMF_KEY_HANDLE_ATTR,
- key, sizeof (KMF_KEY_HANDLE));
- i++;
- }
- if (cert) {
- kmf_set_attr_at_index(attrs, i, KMF_CERT_DATA_ATTR,
- cert, sizeof (KMF_DATA));
- i++;
- }
- if (SignerCert) {
- kmf_set_attr_at_index(attrs, i, KMF_SIGNER_CERT_DATA_ATTR,
- SignerCert, sizeof (KMF_DATA));
- i++;
- }
- return (i);
- }
- int
- main(int argc, char *argv[])
- {
- KMF_RETURN exp_ret;
- int ret = STF_PASS;
- KMF_HANDLE_T kmfhandle, tmphandle = NULL;
- KMF_KEY_HANDLE key, privKey, pubKey;
- KMF_DATA signedCert;
- KMF_HANDLE_T *arg1[2] = {&tmphandle, &kmfhandle};
- KMF_KEY_HANDLE *arg21[2] = {NULL, &pubKey};
- KMF_DATA *arg3[2] = {NULL, &signedCert};
- int i, j, k;
- KMF_CREATEKEYPAIR_PARAMS params;
- KMF_X509_CERTIFICATE cert, tobesigned;
- uchar_t sernum[16];
- uint32_t numlen;
- KMF_DATA x509Cert = {NULL, 0};
- int numattr = 0;
- KMF_ATTRIBUTE attrlist[32];
- KMF_CRYPTOWITHCERT_PARAMS crypto_params;
- KMF_DATA signercert = {NULL, 0};
- KMF_DATA nokeyusage_signercert = {NULL, 0};
- KMF_DATA *arg22[2] = {NULL, &signercert};
- uint32_t isCert = 1;
- if ((kmf_test_initialize(&kmfhandle, NULL)) != 0)
- return (STF_UNRESOLVED);
- exp_ret = KMF_ERR_BAD_PARAMETER;
- print_test(++test_num, func_name, exp_ret);
- for (i = 0; i < 2; i++) {
- for (j = 0; j < 2; j++) {
- for (k = 0; k < 2; k++) {
- if (k == 1 && j == 1 && i == 1)
- continue;
- param_tests++;
- numattr = set_attrlist(attrlist, arg21[j], arg3[k], NULL);
- if ((compare_result(kmf_verify_cert(
- *arg1[i], numattr, attrlist), exp_ret))
- != 0 && (++param_fail) == 1)
- failure++;
- param_tests++;
- numattr = set_attrlist(attrlist, NULL, arg3[k], arg22[j]);
- if ((compare_result(kmf_verify_cert(
- *arg1[i], numattr, attrlist), exp_ret))
- != 0 && (++param_fail) == 1)
- failure++;
- }
- }
- }
- if (param_fail)
- jnl_printf("%d parameter tests, %d failed\n",
- param_tests, param_fail);
- exp_ret = KMF_ERR_PLUGIN_NOTFOUND;
- print_test(++test_num, func_name, exp_ret);
- unlink(SSL_KEY_FILE);
- numlen = sizeof (sernum);
- memset(sernum, 0xa, numlen);
- if (create_signed_cert(kmfhandle, ¶ms, &privKey, &pubKey,
- KMF_KEYSTORE_OPENSSL, KMF_RSA, RSA_SIZE, NULL, &cert,
- sernum, numlen, &signedCert)) {
- failure++;
- goto out;
- }
- pubKey.kstype = 100;
- numattr = set_attrlist(attrlist, &pubKey, &signedCert, NULL);
- if (compare_result(kmf_verify_cert(kmfhandle, numattr, attrlist),
- exp_ret) != 0)
- failure++;
- pubKey.kstype = KMF_KEYSTORE_OPENSSL;
- exp_ret = KMF_ERR_BAD_CERT_FORMAT;
- print_test(++test_num, func_name, exp_ret);
- memset(signedCert.Data, 1, signedCert.Length);
- numattr = set_attrlist(attrlist, &pubKey, &signedCert, NULL);
- if (compare_result(kmf_verify_cert(kmfhandle, numattr, attrlist),
- exp_ret) != 0)
- failure++;
- kmf_free_data(&signedCert);
- kmf_free_signed_cert(&cert);
- exp_ret = KMF_ERR_KEYUSAGE;
- unlink(SSL_KEY_FILE);
- memset(sernum, 0xa, numlen);
- if (create_signed_cert(kmfhandle, ¶ms, &privKey, &pubKey,
- KMF_KEYSTORE_OPENSSL, KMF_RSA, RSA_SIZE, NULL, &cert,
- sernum, numlen, &signercert)) {
- failure++;
- goto out;
- }
- kmf_free_signed_cert(&cert);
- memset(sernum, 0xb, numlen);
- /* Create an unsigned X509_CERTIFICATE record */
- unlink(SSL_KEY_FILE);
- if (create_keypair(kmfhandle, &privKey, &pubKey, KMF_KEYSTORE_OPENSSL,
- KMF_RSA, RSA_SIZE, NULL)) {
- failure++;
- goto out;
- }
- if (build_x509_cert(kmfhandle, &tobesigned, sernum, numlen, &pubKey)) {
- failure++;
- goto out;
- }
- signedCert.Length = 0;
- signedCert.Data = NULL;
- print_test(++test_num, func_name, exp_ret);
- if (set_cryptowithcert_params(&crypto_params, KMF_KEYSTORE_OPENSSL,
- KMF_FORMAT_ASN1, NULL)) {
- failure++;
- } else {
- set_SignCertWithCert_attrs(attrlist, &numattr,
- &crypto_params, &tobesigned, &signercert, &signedCert);
- if (testcall(kmf_sign_cert(kmfhandle, numattr, attrlist),
- "kmf_sign_cert")) {
- failure++;
- goto out;
- }
- unlink(SSL_KEY_FILE);
- memset(sernum, 0xc, numlen);
- if (create_base_signed_cert(kmfhandle, ¶ms,
- &privKey, &pubKey,
- KMF_KEYSTORE_OPENSSL, KMF_RSA, RSA_SIZE, NULL, &cert,
- sernum, numlen, &nokeyusage_signercert)) {
- failure++;
- goto out;
- }
- numattr = set_attrlist(attrlist, NULL, &signedCert,
- &nokeyusage_signercert);
- if (compare_result(kmf_verify_cert(kmfhandle,
- numattr, attrlist), exp_ret) != 0)
- failure++;
- free_cryptowithcert_params(&crypto_params);
- }
- out:
- kmf_free_data(&x509Cert);
- kmf_free_data(&signedCert);
- kmf_free_kmf_key(kmfhandle, &privKey);
- kmf_free_kmf_key(kmfhandle, &pubKey);
- kmf_free_signed_cert(&cert);
- kmf_free_signed_cert(&tobesigned);
- kmf_free_data(&nokeyusage_signercert);
- kmf_test_finalize(kmfhandle);
- if (failure != 0) {
- jnl_printf("%d tests, only %d passed\n", test_num,
- test_num - failure);
- ret = STF_FAIL;
- }
- kmf_test_finalize(kmfhandle);
- return (ret);
- }