11 #if defined( __MVS__ ) || defined( __VMCMS__ )
13 #pragma convlit( suspend )
15 #if defined( __ILEC400__ )
55 return(
"<Unknown>" );
78 return(
TEXT(
"<Unknown>" ) );
101 printf(
"Algorithm %d not available, line %d.\n", cryptAlgo, __LINE__ );
108 const char *certTypeName,
118 printf(
"Returned object isn't a %s, line %d.\n", certTypeName,
128 puts(
"Attempt to perform external operation on context with "
129 "internal-only action\npermissions succeeded. " );
140 static int copyModifiedFile(
const C_STR srcFileName,
141 const C_STR destFileName,
const int bytePos )
148 if( ( filePtr = fopen(
convertFileName( srcFileName ),
"rb" ) ) != NULL )
159 buffer[ bytePos ] ^= 0xFF;
162 if( ( filePtr = fopen(
convertFileName( destFileName ),
"wb" ) ) != NULL )
166 writeCount = fwrite( buffer, 1, count, filePtr );
167 if( writeCount != count )
183 static int getPGPPublicKey(
const KEYFILE_TYPE keyFileType,
184 const C_STR keyFileTemplate,
185 const char *description )
191 #ifdef UNICODE_STRINGS
210 if( keyFileTemplate != NULL )
213 #ifdef UNICODE_STRINGS
214 mbstowcs( wcBuffer, fileName, strlen( fileName ) + 1 );
215 keysetName = wcBuffer;
221 printf(
"Testing %s public key read...\n", description );
228 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
253 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
258 printf(
"Read of public key from %s keyring succeeded.\n\n",
281 static int getPGPPrivateKey(
const KEYFILE_TYPE keyFileType,
282 const char *description )
290 printf(
"Testing %s private key read...\n", description );
297 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
340 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
349 printf(
"Read of private key from %s keyring succeeded.\n\n",
393 static int borkenKeyImport(
const int fileNo )
427 userID =
TEXT(
"test pkcs#12" );
428 password =
TEXT(
"test" );
432 userID =
TEXT(
"[none]" );
433 password =
TEXT(
"<unknown>" );
437 userID =
TEXT(
"[none]" );
438 password =
TEXT(
"7OPWKMIX" );
442 userID =
TEXT(
"server" );
443 password =
TEXT(
"cryptlib" );
447 userID =
TEXT(
"[none]" );
448 password =
TEXT(
"password" );
452 userID =
TEXT(
"SignLabel" );
453 password =
TEXT(
"vpsign" );
472 printf(
"Testing PKCS #12 file #%d import...\n", fileNo );
475 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
518 if( !checkCertPresence( cryptContext,
"private key with certificate",
528 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
533 printf(
"Read of key from PKCS #12 file #%d succeeded.\n\n", fileNo );
541 for( i = 1; i <= 5; i++ )
543 if( !borkenKeyImport( i ) )
565 printf(
"Testing %s private key read from %skey file...\n",
566 getAlgoName( cryptAlgo ), useAltKeyFile ?
"alternative " :
"" );
578 puts(
"Read of RSA private key from alternative key file "
582 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
611 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
616 printf(
"Read of %s private key from %skey file succeeded.\n\n",
617 getAlgoName( cryptAlgo ), useAltKeyFile ?
"alternative " :
"" );
629 printf(
"Testing %s private key write to %skey file...\n",
630 getAlgoName( cryptAlgo ), useAltKeyFile ?
"alternative " :
"" );
640 getAlgoLabel( cryptAlgo ),
649 if( !loadPrivateKeyContext( &privateKeyContext, cryptAlgo ) )
665 puts(
"Write of RSA private key to alternative key file "
669 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
688 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
695 printf(
"Write of %s private key to %skey file succeeded.\n\n",
696 getAlgoName( cryptAlgo ), useAltKeyFile ?
"alternative " :
"" );
732 static int fileKeyImport(
const int fileNo )
739 printf(
"Testing PKCS #15 file #%d import...\n", fileNo );
750 printf(
"Keyset contains too many items to read, line %d.\n (This "
751 "is an expected condition, continuing...).\n", __LINE__ );
759 puts(
"Skipping keyset containing specil-case data values." );
764 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
774 TEXT(
"password" ) );
780 TEXT(
"password" ) );
794 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
807 for( i = 1; i <= 1; i++ )
809 if( !fileKeyImport( i ) )
826 puts(
"Testing public key read from key file..." );
833 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
852 puts(
"Returned object isn't a public-key context." );
860 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
867 puts(
"Read of public key from key file succeeded.\n" );
871 static int readCert(
const char *certTypeName,
878 printf(
"Testing %s read from key file...\n", certTypeName );
885 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
905 if( !checkCertPresence( cryptContext, certTypeName, certType ) )
925 printf(
"Returned object isn't a %s, line %d.\n", certTypeName,
936 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
941 printf(
"Read of %s from key file succeeded.\n\n", certTypeName );
966 puts(
"Testing detection of key corruption in key file..." );
967 for( i = 0; i < 4; i++ )
975 printf(
"Couldn't copy keyset to temporary file, line %d.\n",
987 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
997 printf(
"Read of corrupted key succeeded when it should have "
998 "failed, line %d.\n", __LINE__ );
1003 puts(
"Detection of key corruption succeeded.\n" );
1022 puts(
"Testing trusted certificate add to key file..." );
1029 puts(
"Couldn't read certificate from file, skipping test of trusted "
1030 "certificate write..." );
1046 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
1053 printf(
"cryptAddPublicKey() of non-trusted certificate succeeded "
1054 "when it should have failed, line %d.\n", __LINE__ );
1070 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
1075 puts(
"Trusted certificate add to key file succeeded.\n" );
1084 puts(
"Testing globally trusted certificate add..." );
1090 puts(
"Couldn't read certificate from file, skipping test of trusted "
1091 "certificate write..." );
1101 printf(
"Globally trusted certificate add failed with error code "
1102 "%d, line %d.\n", status, __LINE__ );
1112 printf(
"Globally trusted certificate delete failed with error code "
1113 "%d, line %d.\n", status, __LINE__ );
1117 puts(
"Globally trusted certificate add succeeded.\n" );
1147 puts(
"Testing certificate update to key file ..." );
1157 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
1171 printf(
"Certificate creation failed with error code %d, "
1172 "line %d.\n", status, __LINE__ );
1182 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
1197 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
1202 puts(
"Certificate update to key file succeeded.\n" );
1208 static int writeFileCertChain(
const CERT_DATA *certRequestData,
1209 const C_STR keyFileName,
1210 const C_STR certFileName,
1223 printf(
"Testing %scert chain write to key file ...\n",
1224 writeLongChain ?
"long " :
"" );
1245 printf(
"Test key generation failed with error code %d, line %d.\n",
1253 if( writeLongChain )
1261 printf(
"CA private key read failed with error code %d, line %d.\n",
1271 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
1292 !
addCertFields( cryptCertChain, certRequestData, __LINE__ ) )
1297 const time_t validity = time( NULL ) + ( 86400L * 365 * 3 );
1310 printf(
"Certificate chain creation failed with error code %d, "
1311 "line %d.\n", status, __LINE__ );
1324 if( certFileName != NULL )
1337 printf(
"cryptExportCert() failed with error code %d, "
1338 "line %d.\n", status, __LINE__ );
1346 count = fwrite( certBuffer, 1, length, filePtr );
1348 if( count < length )
1351 puts(
"Warning: Couldn't save certificate chain to disk, "
1352 "this will cause later\n tests to fail. "
1353 "Press a key to continue." );
1362 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
1368 puts(
"Certificate chain write to key file succeeded.\n" );
1386 return( writeFileCertChain( certRequestData, TEST_PRIVKEY_FILE, NULL,
1393 return( writeFileCertChain( certRequestData, TEST_PRIVKEY_FILE, NULL,
1406 puts(
"Testing delete from key file..." );
1413 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
1424 printExtError( cryptKeyset,
"cryptDeletePrivateKey()", status,
1433 puts(
"cryptDeleteKey() claimed the key was deleted but it's still "
1442 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
1447 puts(
"Delete from key file succeeded.\n" );
1459 puts(
"Testing change of key password for key file..." );
1466 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
1497 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
1502 puts(
"Password change for key in key file succeeded.\n" );
1516 printf(
"Testing single-step %s key+certificate write to %skey file...\n",
1517 getAlgoName( cryptAlgo ), useAltKeyFile ?
"alternative " :
"" );
1520 if( !loadPrivateKeyContext( &cryptContext, cryptAlgo ) )
1526 printf(
"cryptCreateCert() failed with error code %d, line %d.\n",
1539 printf(
"Certificate creation failed with error code %d, "
1540 "line %d.\n", status, __LINE__ );
1556 puts(
"Single-step update to alternative key file skipped.\n" );
1559 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
1591 "private key read from in-memory cached keyset data",
1603 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
1617 "private key read from on-disk keyset data",
1622 printf(
"Single-step %s key+certificate write to %skey file succeeded.\n\n",
1623 getAlgoName( cryptAlgo ), useAltKeyFile ?
"alternative " :
"" );
1651 CRYPT_CONTEXT cryptCAKey, cryptSigContext, cryptEncryptContext;
1654 puts(
"Testing separate signature+encryption certificate write to key "
1663 printf(
"CA private key read failed with error code %d, line %d.\n",
1684 printf(
"Test key generation failed with error code %d, line %d.\n",
1698 printf(
"Test key generation failed with error code %d, line %d.\n",
1735 printf(
"Signature certificate creation failed with error code %d, "
1736 "line %d.\n", status, __LINE__ );
1746 !
addCertFields( cryptEncryptCert, certRequestData, __LINE__ ) )
1766 printf(
"Encryption certificate creation failed with error code %d, "
1767 "line %d.\n", status, __LINE__ );
1778 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
1805 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
1830 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
1838 #ifdef UNICODE_STRINGS
1850 status, __LINE__ ) );
1863 return(
extErrorExit( cryptKeyset,
"cryptAddPublicKey()",
1864 status, __LINE__ ) );
1896 puts(
"Separate signature+encryption certificate write to key file "
1910 time_t writtenValidTo = 0 , readValidTo;
1913 puts(
"Testing renewed certificate write to key file..." );
1920 printf(
"CA private key read failed with error code %d, line %d.\n",
1938 time_t validity = time( NULL );
1945 validity -= ( 86400 * 31 );
1953 printf(
"Signature certificate creation failed with error code %d, "
1954 "line %d.\n", status, __LINE__ );
1968 time_t validity = time( NULL );
1976 validity += ( 86400 * 32 );
1979 writtenValidTo = validity;
1985 printf(
"Encryption certificate creation failed with error code %d, "
1986 "line %d.\n", status, __LINE__ );
1999 printf(
"cryptKeysetOpen() failed with error code %d, line %d.\n",
2017 "cryptAddPublicKey() (in-memory update)",
2024 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
2044 printf(
"Keyset creation in preparation for on-disk update failed "
2045 "with error code %d, line %d.\n", status, __LINE__ );
2054 printExtError( cryptKeyset,
"cryptAddPublicKey() (on-disk update)",
2061 printf(
"cryptKeysetClose() failed with error code %d, line %d.\n",
2076 printf(
"Private key read failed with error code %d, line %d.\n",
2083 return(
attrErrorExit( cryptContext,
"cryptGetAttributeString",
2084 status, __LINE__ ) );
2085 if( writtenValidTo != readValidTo )
2087 const int diff = ( int ) ( readValidTo - writtenValidTo );
2088 const char *units = ( diff % 60 ) ?
"seconds" :
"minutes";
2090 printf(
"Returned certificate != latest valid certificate, diff.= "
2091 "%d %s, line %d.\n", ( diff % 60 ) ? diff : diff / 60,
2093 if( diff == 3600 || diff == -3600 )
2096 puts(
" (This is probably due to a difference between DST at "
2097 "certificate creation and DST\n now, and isn't a "
2098 "serious problem)." );
2105 puts(
"Renewed certificate write to key file succeeded.\n" );
2126 #ifdef UNICODE_STRINGS
2129 void *fileNamePtr = filenameBuffer;
2132 puts(
"Testing miscellaneous key file read..." );
2135 #ifdef UNICODE_STRINGS
2136 mbstowcs( wcBuffer, filenameBuffer, strlen( filenameBuffer ) + 1 );
2137 fileNamePtr = wcBuffer;
2143 printf(
"Couldn't open/scan keyset, status %d, line %d.\n",
2150 TEXT(
"56303156793b318327b25a84808f2cb311c55b0b" ),
2151 TEXT(
"PASSWORD" ) );
2161 puts(
"Miscellaneous key file succeeded.\n" );
2168 const char *password )
2180 if( password == NULL )
2195 void xxxPubKeyRead(
const char *fileName,
const char *keyName )
2250 static int createCAKeyFile(
void )
2259 const time_t validity = time( NULL ) + ( 86400L * 365 * 3 );
2312 if( ( filePtr = fopen( filenameBuffer,
"wb" ) ) != NULL )
2316 count = fwrite( certBuffer, 1, length, filePtr );
2318 if( count < length )
2320 remove( filenameBuffer );
2321 puts(
"Warning: Couldn't save CA certificate to disk, "
2322 "this will cause later\n tests to fail. "
2323 "Press a key to continue." );
2337 static int createSSHKeyFile(
const int keyNo )
2412 CRYPT_KEYUSAGE_DIGITALSIGNATURE | \
2413 CRYPT_KEYUSAGE_KEYENCIPHERMENT },
2445 #ifdef UNICODE_STRINGS
2448 void *fileNamePtr = filenameBuffer;
2451 puts(
"Creating custom key files and associated certificate files..." );
2456 puts(
"Error: ECDSA must be enabled to create the custom key "
2461 printf(
"CA root key + CMP request certificate... " );
2462 status = createCAKeyFile();
2465 printf(
"done.\nSSH RSA server key..." );
2466 status = createSSHKeyFile( 1 );
2470 printf(
"done.\nSSH DSA server key..." );
2471 status = createSSHKeyFile( 2 );
2475 printf(
"done.\nSSH ECC server key..." );
2476 status = createSSHKeyFile( 3 );
2480 printf(
"done.\nSSL/TLS RSA server key..." );
2483 #ifdef UNICODE_STRINGS
2484 mbstowcs( wcBuffer, filenameBuffer, strlen( filenameBuffer ) + 1 );
2485 fileNamePtr = wcBuffer;
2487 if( !writeFileCertChain( serverCertRequestData, fileNamePtr,
2494 printf(
"done.\nSSL/TLS ECC P256 server key..." );
2497 #ifdef UNICODE_STRINGS
2498 mbstowcs( wcBuffer, filenameBuffer, strlen( filenameBuffer ) + 1 );
2499 fileNamePtr = wcBuffer;
2501 if( !writeFileCertChain( serverCertRequestData, fileNamePtr,
2508 printf(
"done.\nSSL/TLS ECC P384 server key..." );
2511 #ifdef UNICODE_STRINGS
2512 mbstowcs( wcBuffer, filenameBuffer, strlen( filenameBuffer ) + 1 );
2513 fileNamePtr = wcBuffer;
2515 if( !writeFileCertChain( serverCertRequestData, fileNamePtr,
2522 printf(
"done.\nSSL/TLS ECC P521 server key..." );
2525 #ifdef UNICODE_STRINGS
2526 mbstowcs( wcBuffer, filenameBuffer, strlen( filenameBuffer ) + 1 );
2527 fileNamePtr = wcBuffer;
2529 if( !writeFileCertChain( serverCertRequestData, fileNamePtr,
2536 printf(
"done.\nIntermediate CA key..." );
2544 printf(
"done.\nSCEP CA key + SCEP request certificate..." );
2546 #ifdef UNICODE_STRINGS
2547 mbstowcs( wcBuffer, filenameBuffer, strlen( filenameBuffer ) + 1 );
2548 fileNamePtr = wcBuffer;
2557 printf(
"done.\nTSA key..." );
2565 printf(
"done.\nUser key..." );
2573 puts(
"\nCustom key file create failed.\n" );
2578 puts(
"Custom key file creation succeeded.\n" );