diff options
author | Jakub Jelen <jjelen@redhat.com> | 2022-06-17 12:36:18 +0200 |
---|---|---|
committer | Jakub Jelen <jjelen@redhat.com> | 2022-06-17 17:56:00 +0200 |
commit | 09fe9b23731c31b7b850437e3c36a8c3ede0e8d0 (patch) | |
tree | 7dfbd609730c5f0e05ca5ef3df46c7ac2d7a4acd | |
parent | 961eca798d0ce3998987d6512742c6049fc6738d (diff) |
Implement tests with second PKI object
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r-- | tests/common.c | 42 | ||||
-rw-r--r-- | tests/common.h | 15 | ||||
-rw-r--r-- | tests/db2.crypt | bin | 0 -> 256 bytes | |||
-rw-r--r-- | tests/hwtests.c | 27 | ||||
-rw-r--r-- | tests/libcacard.c | 36 | ||||
-rwxr-xr-x | tests/setup-softhsm2.sh | 2 |
6 files changed, 105 insertions, 17 deletions
diff --git a/tests/common.c b/tests/common.c index e5bc3e2..d1681f2 100644 --- a/tests/common.c +++ b/tests/common.c @@ -192,7 +192,7 @@ void get_properties_coid(VReader *reader, const unsigned char coid[2], case 0x43: /* PKI properties */ g_assert_cmphex(p2[0], ==, 0x06); - if (hw_tests) { + if (hw_tests && object_type == TEST_PKI) { /* Assuming CAC card with 1024 b RSA keys */ key_bits = 1024; } else { @@ -248,7 +248,7 @@ void get_properties_coid(VReader *reader, const unsigned char coid[2], g_assert_cmpint(num_objects_expected, ==, 0); } - if (object_type == TEST_PKI) { + if (object_type == TEST_PKI || object_type == TEST_PKI_2) { g_assert_cmpint(verified_pki_properties, ==, 1); } @@ -307,12 +307,17 @@ void get_properties(VReader *reader, int object_type) unsigned char coid[2]; switch (object_type) { case TEST_PKI: - // XXX only the first PKI for now coid[0] = 0x01; coid[1] = 0x00; get_properties_coid(reader, coid, object_type); break; + case TEST_PKI_2: + coid[0] = 0x01; + coid[1] = 0x01; + get_properties_coid(reader, coid, object_type); + break; + case TEST_CCC: coid[0] = 0xDB; coid[1] = 0x00; @@ -426,6 +431,10 @@ void select_applet(VReader *reader, int type) /* Select first PKI Applet */ 0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x00 }; + uint8_t selfile_pki_2[] = { + /* Select second PKI Applet */ + 0xa0, 0x00, 0x00, 0x00, 0x79, 0x01, 0x01 + }; uint8_t selfile_passthrough[] = { /* Select Person Instance (passthrough) */ 0xa0, 0x00, 0x00, 0x00, 0x79, 0x02, 0x00 @@ -442,6 +451,11 @@ void select_applet(VReader *reader, int type) aid_len = sizeof(selfile_pki); break; + case TEST_PKI_2: + aid = selfile_pki_2; + aid_len = sizeof(selfile_pki_2); + break; + case TEST_CCC: aid = selfile_ccc; aid_len = sizeof(selfile_ccc); @@ -562,7 +576,7 @@ void do_sign(VReader *reader, int parts) } -void do_decipher(VReader *reader) +void do_decipher(VReader *reader, int type) { VReaderStatus status; int dwRecvLength = APDUBufSize; @@ -589,14 +603,30 @@ void do_decipher(VReader *reader) /* Read the encrypted file */ if (hw_tests) { - filename = g_test_build_filename(G_TEST_BUILT, "01.crypt", NULL); + const char *name; + if (type == TEST_PKI) { + name = "01.crypt"; + } else if (type == TEST_PKI_2) { + name = "02.crypt"; + } else { + g_assert_not_reached(); + } + filename = g_test_build_filename(G_TEST_BUILT, name, NULL); } else { /* Generated from existing db using: * echo "1234567890" > data * certutil -L -d sql:$PWD/tests/db/ -n cert1 -r > tests/db.cert * openssl rsautl -encrypt -inkey "tests/db.cert" -keyform DER -certin -in data -out "tests/db.crypt" */ - filename = g_test_build_filename(G_TEST_DIST, "db.crypt", NULL); + const char *name; + if (type == TEST_PKI) { + name = "db.crypt"; + } else if (type == TEST_PKI_2) { + name = "db2.crypt"; + } else { + g_assert_not_reached(); + } + filename = g_test_build_filename(G_TEST_DIST, name, NULL); } if (!g_file_get_contents(filename, &ciphertext, &ciphertext_len, NULL)) { g_test_skip("The encrypted file not found"); diff --git a/tests/common.h b/tests/common.h index db217b4..459d980 100644 --- a/tests/common.h +++ b/tests/common.h @@ -17,12 +17,13 @@ enum { TEST_PKI = 1, - TEST_CCC = 2, - TEST_ACA = 3, - TEST_GENERIC = 4, - TEST_EMPTY_BUFFER = 5, - TEST_EMPTY = 6, - TEST_PASSTHROUGH = 7, + TEST_PKI_2, + TEST_CCC, + TEST_ACA, + TEST_GENERIC, + TEST_EMPTY_BUFFER, + TEST_EMPTY, + TEST_PASSTHROUGH, }; void select_coid_good(VReader *reader, unsigned char *coid); @@ -40,7 +41,7 @@ void read_buffer(VReader *reader, uint8_t type, int object_type); void do_sign(VReader *reader, int parts); -void do_decipher(VReader *reader); +void do_decipher(VReader *reader, int type); void test_empty_applets(void); diff --git a/tests/db2.crypt b/tests/db2.crypt Binary files differnew file mode 100644 index 0000000..dc6f53f --- /dev/null +++ b/tests/db2.crypt diff --git a/tests/hwtests.c b/tests/hwtests.c index 3684642..2474578 100644 --- a/tests/hwtests.c +++ b/tests/hwtests.c @@ -256,6 +256,17 @@ static void test_sign(void) /* test also multipart signatures */ do_sign(reader, 1); + /* select the second PKI */ + select_applet(reader, TEST_PKI_2); + + /* get properties to figure out the key length */ + get_properties(reader, TEST_PKI_2); + + do_sign(reader, 0); + + /* test also multipart signatures */ + do_sign(reader, 1); + vreader_free(reader); /* get by id ref */ } @@ -281,7 +292,15 @@ static void test_decipher(void) /* get properties to figure out the key length */ get_properties(reader, TEST_PKI); - do_decipher(reader); + do_decipher(reader, TEST_PKI); + + /* select the second PKI */ + select_applet(reader, TEST_PKI_2); + + /* get properties to figure out the key length */ + get_properties(reader, TEST_PKI_2); + + do_decipher(reader, TEST_PKI_2); vreader_free(reader); /* get by id ref */ } @@ -318,7 +337,7 @@ static void test_sign_bad_data_x509(void) 0x00 /* <-- [Le] */ }; int sign_len = sizeof(sign); - int key_bits = getBits(); + int key_bits; g_assert_nonnull(reader); @@ -329,6 +348,10 @@ static void test_sign_bad_data_x509(void) return; } + /* get properties to figure out the key length */ + select_applet(reader, TEST_PKI); + get_properties(reader, TEST_PKI); + /* run the actual test */ key_bits = getBits(); diff --git a/tests/libcacard.c b/tests/libcacard.c index 5328ace..37dedbb 100644 --- a/tests/libcacard.c +++ b/tests/libcacard.c @@ -515,6 +515,25 @@ static void test_cac_pki(void) vreader_free(reader); /* get by id ref */ } +static void test_cac_pki_2(void) +{ + VReader *reader = vreader_get_reader_by_id(0); + + /* select the first PKI applet */ + select_applet(reader, TEST_PKI_2); + + /* get properties */ + get_properties(reader, TEST_PKI_2); + + /* get the TAG buffer length */ + read_buffer(reader, CAC_FILE_TAG, TEST_PKI_2); + + /* get the VALUE buffer length */ + read_buffer(reader, CAC_FILE_VALUE, TEST_PKI_2); + + vreader_free(reader); /* get by id ref */ +} + static void test_cac_ccc(void) { VReader *reader = vreader_get_reader_by_id(0); @@ -579,6 +598,14 @@ static void test_sign(void) /* test also multipart signatures */ do_sign(reader, 1); + /* select the second PKI */ + select_applet(reader, TEST_PKI_2); + + do_sign(reader, 0); + + /* test also multipart signatures */ + do_sign(reader, 1); + vreader_free(reader); /* get by id ref */ } @@ -594,7 +621,12 @@ static void test_decipher(void) /* select the PKI */ select_applet(reader, TEST_PKI); - do_decipher(reader); + do_decipher(reader, TEST_PKI); + + /* select the PKI */ + select_applet(reader, TEST_PKI_2); + + do_decipher(reader, TEST_PKI_2); vreader_free(reader); /* get by id ref */ } @@ -925,6 +957,7 @@ static void test_invalid_read_buffer(void) test_invalid_read_buffer_applet(reader, TEST_CCC); test_invalid_read_buffer_applet(reader, TEST_PKI); + test_invalid_read_buffer_applet(reader, TEST_PKI_2); test_invalid_read_buffer_applet(reader, TEST_PASSTHROUGH); test_invalid_read_buffer_applet(reader, TEST_EMPTY); @@ -1122,6 +1155,7 @@ int main(int argc, char *argv[]) g_test_add_func("/libcacard/xfer", test_xfer); g_test_add_func("/libcacard/select-coid", test_select_coid); g_test_add_func("/libcacard/cac-pki", test_cac_pki); + g_test_add_func("/libcacard/cac-pki-2", test_cac_pki_2); g_test_add_func("/libcacard/cac-ccc", test_cac_ccc); g_test_add_func("/libcacard/cac-aca", test_cac_aca); g_test_add_func("/libcacard/get-response", test_get_response); diff --git a/tests/setup-softhsm2.sh b/tests/setup-softhsm2.sh index c3874e5..f187191 100755 --- a/tests/setup-softhsm2.sh +++ b/tests/setup-softhsm2.sh @@ -111,7 +111,7 @@ if [ ! -d "tokens" ]; then # Generate 1024b RSA Key pair generate_cert "RSA:1024" "01" "RSA_auth" - #generate_cert "RSA:1024" "02" "RSA_sign" + generate_cert "RSA:2048" "02" "RSA_sign" fi # NSS DB if [ ! -d "$NSSDB" ]; then |