From 7fd74a78fcad81227be3650239669bca5851a1db Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Fri, 15 Mar 2013 11:50:24 +0100 Subject: trust: Support a p11-kit specific serialization format This is documented in doc/internals/ subdirectory Add tests for the format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156 --- trust/tests/test-persist.c | 472 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 472 insertions(+) create mode 100644 trust/tests/test-persist.c (limited to 'trust/tests/test-persist.c') diff --git a/trust/tests/test-persist.c b/trust/tests/test-persist.c new file mode 100644 index 0000000..d3bd117 --- /dev/null +++ b/trust/tests/test-persist.c @@ -0,0 +1,472 @@ +/* + * Copyright (c) 2013 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" +#include "CuTest.h" + +#include +#include +#include + +#include "array.h" +#include "attrs.h" +#include "compat.h" +#include "debug.h" +#include "library.h" +#include "persist.h" +#include "pkcs11.h" +#include "pkcs11x.h" + +#include "test-data.h" + +static void +test_magic (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "value: \"blah\"\n" + "application: \"test-persist\"\n"; + + const char *other = " " + "\n\n[p11-kit-object-v1]\n" + "class: data\n" + "value: \"blah\"\n" + "application: \"test-persist\"\n"; + + CuAssertTrue (tc, p11_persist_magic ((unsigned char *)input, strlen (input))); + CuAssertTrue (tc, !p11_persist_magic ((unsigned char *)input, 5)); + CuAssertTrue (tc, p11_persist_magic ((unsigned char *)other, strlen (other))); + CuAssertTrue (tc, !p11_persist_magic ((unsigned char *)"blah", 4)); +} + +static p11_array * +args_to_array (void *arg, + ...) GNUC_NULL_TERMINATED; + +static p11_array * +args_to_array (void *arg, + ...) +{ + p11_array *array = p11_array_new (NULL); + + va_list (va); + va_start (va, arg); + + while (arg != NULL) { + p11_array_push (array, arg); + arg = va_arg (va, void *); + } + + va_end (va); + + return array; +} + +static void +check_read_msg (CuTest *tc, + const char *file, + int line, + const char *input, + p11_array *expected) +{ + p11_array *objects; + p11_persist *persist; + int i; + + persist = p11_persist_new (); + objects = p11_array_new (p11_attrs_free); + + if (p11_persist_read (persist, "test", (const unsigned char *)input, strlen (input), objects)) { + CuAssert_Line (tc, file, line, "decoding should have failed", expected != NULL); + for (i = 0; i < expected->num; i++) { + CuAssert_Line (tc, file, line, "too few objects read", i < objects->num); + test_check_attrs_msg (tc, file, line, expected->elem[i], objects->elem[i]); + } + CuAssert_Line (tc, file, line, "too many objects read", i == objects->num); + } else { + CuAssert_Line (tc, file, line, "decoding failed", expected == NULL); + } + + p11_array_free (objects); + p11_persist_free (persist); + p11_array_free (expected); +} + +#define check_read_success(tc, input, objs) \ + check_read_msg (tc, __FILE__, __LINE__, input, args_to_array objs) + +#define check_read_failure(tc, input) \ + check_read_msg (tc, __FILE__, __LINE__, input, NULL) + +static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE; +static CK_CERTIFICATE_TYPE x509 = CKC_X_509; +static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST; +static CK_OBJECT_CLASS data = CKO_DATA; +static CK_BBOOL truev = CK_TRUE; +static CK_BBOOL falsev = CK_FALSE; + +static void +test_simple (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "value: \"blah\"\n" + "application: \"test-persist\"\n"; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, "blah", 4 }, + { CKA_APPLICATION, "test-persist", 12 }, + { CKA_INVALID }, + }; + + check_read_success (tc, input, (expected, NULL)); +} + +static void +test_number (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "value: 29202390239\n" + "application: \"test-persist\"\n"; + + CK_ULONG value = 29202390239; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_VALUE, &value, sizeof (value) }, + { CKA_APPLICATION, "test-persist", 12 }, + { CKA_INVALID }, + }; + + check_read_success (tc, input, (expected, NULL)); +} + +static void +test_bool (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "private: true\n" + "modifiable: false\n" + "application: \"test-persist\"\n"; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_PRIVATE, &truev, sizeof (truev) }, + { CKA_MODIFIABLE, &falsev, sizeof (falsev) }, + { CKA_APPLICATION, "test-persist", 12 }, + { CKA_INVALID }, + }; + + check_read_success (tc, input, (expected, NULL)); +} + +static void +test_oid (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "object-id: 1.2.3.4"; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, + { CKA_INVALID }, + }; + + check_read_success (tc, input, (expected, NULL)); +} + +static void +test_constant (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "trust-server-auth: nss-trust-unknown"; + + CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, + { CKA_INVALID }, + }; + + check_read_success (tc, input, (expected, NULL)); +} + +static void +test_multiple (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "object-id: 1.2.3.4\n" + "[p11-kit-object-v1]\n" + "class: nss-trust\n" + "trust-server-auth: nss-trust-unknown"; + + CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; + + CK_ATTRIBUTE expected1[] = { + { CKA_CLASS, &data, sizeof (data) }, + { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 }, + { CKA_INVALID }, + }; + + CK_ATTRIBUTE expected2[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, + { CKA_INVALID }, + }; + + check_read_success (tc, input, (expected1, expected2, NULL)); +} + +static void +test_pem_block (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: certificate\n" + "id: \"292c92\"\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" + "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" + "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" + "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" + "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" + "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" + "-----END CERTIFICATE-----\n" + "\n" + "trusted: true"; + + CK_ATTRIBUTE expected[] = { + { CKA_CLASS, &certificate, sizeof (certificate) }, + { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) }, + { CKA_TRUSTED, &truev, sizeof (truev) }, + { CKA_VALUE, &verisign_v1_ca, sizeof (verisign_v1_ca) }, + { CKA_INVALID }, + }; + + check_read_success (tc, input, (expected, NULL)); +} + +static void +test_pem_invalid (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: certificate\n" + "-----BEGIN CERT-----\n" + "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n" + "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n" + "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n" + "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n" + "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n" + "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n" + "-----END CERTIFICATEXXX-----\n"; + + p11_message_quiet (); + + check_read_failure (tc, input); + + p11_message_loud (); +} + +static void +test_pem_unsupported (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: certificate\n" + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n"; + + p11_message_quiet (); + + check_read_failure (tc, input); + + p11_message_loud (); +} + +static void +test_pem_first (CuTest *tc) +{ + const char *input = "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n" + "[p11-kit-object-v1]\n" + "class: certificate\n"; + + p11_message_quiet (); + + check_read_failure (tc, input); + + p11_message_loud (); +} + +static void +test_skip_unknown (CuTest *tc) +{ + const char *input = "[version-2]\n" + "class: data\n" + "object-id: 1.2.3.4\n" + "-----BEGIN BLOCK1-----\n" + "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" + "-----END BLOCK1-----\n" + "[p11-kit-object-v1]\n" + "class: nss-trust\n" + "trust-server-auth: nss-trust-unknown"; + + CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN; + + CK_ATTRIBUTE expected2[] = { + { CKA_CLASS, &nss_trust, sizeof (nss_trust) }, + { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) }, + { CKA_INVALID }, + }; + + p11_message_quiet (); + + check_read_success (tc, input, (expected2, NULL)); + + p11_message_loud (); +} + +static void +test_bad_value (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "value: \"%38%\"\n"; + + p11_message_quiet (); + + check_read_failure (tc, input); + + p11_message_loud (); +} + +static void +test_bad_oid (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "object-id: 1.2"; + + p11_message_quiet (); + + check_read_failure (tc, input); + + p11_message_loud (); +} + +static void +test_bad_field (CuTest *tc) +{ + const char *input = "[p11-kit-object-v1]\n" + "class: data\n" + "invalid-field: true"; + + p11_message_quiet (); + + check_read_failure (tc, input); + + p11_message_loud (); +} + +static void +test_attribute_first (CuTest *tc) +{ + const char *input = "class: data\n" + "[p11-kit-object-v1]\n" + "invalid-field: true"; + + p11_message_quiet (); + + check_read_failure (tc, input); + + p11_message_loud (); +} + +int +main (void) +{ + CuString *output = CuStringNew (); + CuSuite* suite = CuSuiteNew (); + int ret; + + putenv ("P11_KIT_STRICT=1"); + p11_debug_init (); + p11_library_init (); + + SUITE_ADD_TEST (suite, test_magic); + SUITE_ADD_TEST (suite, test_simple); + SUITE_ADD_TEST (suite, test_number); + SUITE_ADD_TEST (suite, test_bool); + SUITE_ADD_TEST (suite, test_oid); + SUITE_ADD_TEST (suite, test_constant); + SUITE_ADD_TEST (suite, test_multiple); + SUITE_ADD_TEST (suite, test_pem_block); + SUITE_ADD_TEST (suite, test_pem_invalid); + SUITE_ADD_TEST (suite, test_pem_unsupported); + SUITE_ADD_TEST (suite, test_pem_first); + SUITE_ADD_TEST (suite, test_bad_value); + SUITE_ADD_TEST (suite, test_bad_oid); + SUITE_ADD_TEST (suite, test_bad_field); + SUITE_ADD_TEST (suite, test_skip_unknown); + SUITE_ADD_TEST (suite, test_attribute_first); + + CuSuiteRun (suite); + CuSuiteSummary (suite, output); + CuSuiteDetails (suite, output); + printf ("%s\n", output->buffer); + ret = suite->failCount; + CuSuiteDelete (suite); + CuStringDelete (output); + + return ret; +} -- cgit v1.1