cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
testfunc.c
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * cryptlib Test Code *
4 * Copyright Peter Gutmann 1995-2009 *
5 * *
6 ****************************************************************************/
7 
8 #include "cryptlib.h"
9 #include "test/test.h"
10 
11 #if defined( __MVS__ ) || defined( __VMCMS__ )
12  /* Suspend conversion of literals to ASCII. */
13  #pragma convlit( suspend )
14 #endif /* IBM big iron */
15 #if defined( __ILEC400__ )
16  #pragma convert( 0 )
17 #endif /* IBM medium iron */
18 
19 /****************************************************************************
20 * *
21 * Utility Routines *
22 * *
23 ****************************************************************************/
24 
25 /* The tests that use databases and certificate stores require that the user
26  set up a suitable ODBC data source (at least when running under Windows),
27  to automate this process we try and create the data source if it isn't
28  present.
29 
30  This is complicated by the fact that the universal default MSJET database
31  driver doesn't have a 64-bit version so it's not possible to use it under
32  Vista/Windows 7 x64. To work around this we fall back to the SQL Server
33  driver, which replaces MSJET on x64 systems */
34 
35 #if defined( _MSC_VER ) && defined( _WIN32 ) && !defined( _WIN32_WCE )
36 
37 #define DATABASE_AUTOCONFIG
38 
39 #include <odbcinst.h>
40 
41 #define DRIVER_NAME TEXT( "Microsoft Access Driver (*.MDB)" )
42 #define DATABASE_ATTR_NAME "DSN=" DATABASE_KEYSET_NAME_ASCII "#" \
43  "DESCRIPTION=cryptlib test key database#" \
44  "DBQ="
45 #define DATABASE_ATTR_CREATE "DSN=" DATABASE_KEYSET_NAME_ASCII "#" \
46  "DESCRIPTION=cryptlib test key database#" \
47  "CREATE_DB="
48 #define DATABASE_ATTR_TAIL DATABASE_KEYSET_NAME_ASCII ".mdb#"
49 #define CERTSTORE_ATTR_NAME "DSN=" CERTSTORE_KEYSET_NAME_ASCII "#" \
50  "DESCRIPTION=cryptlib test key database#" \
51  "DBQ="
52 #define CERTSTORE_ATTR_CREATE "DSN=" CERTSTORE_KEYSET_NAME_ASCII "#" \
53  "DESCRIPTION=cryptlib test key database#" \
54  "CREATE_DB="
55 #define CERTSTORE_ATTR_TAIL CERTSTORE_KEYSET_NAME_ASCII ".mdb#"
56 
57 #define DRIVER_NAME_ALT TEXT( "SQL Server" )
58 #define DATABASE_ATTR_NAME_ALT "DSN=" DATABASE_KEYSET_NAME_ASCII "#" \
59  "DESCRIPTION=cryptlib test key database#" \
60  "Server=localhost#" \
61  "Database="
62 #define DATABASE_ATTR_CREATE_ALT ""
63 #define DATABASE_ATTR_TAIL_ALT DATABASE_KEYSET_NAME_ASCII "#"
64 #define CERTSTORE_ATTR_NAME_ALT "DSN=" CERTSTORE_KEYSET_NAME_ASCII "#" \
65  "DESCRIPTION=cryptlib test key database#" \
66  "Server=localhost#" \
67  "Database="
68 #define CERTSTORE_ATTR_CREATE_ALT ""
69 #define CERTSTORE_ATTR_TAIL_ALT CERTSTORE_KEYSET_NAME_ASCII "#"
70 
71 static void buildDBString( char *buffer, const char *attrName,
72  const char *attrTail, const char *path )
73  {
74  const int attrNameSize = strlen( attrName );
75  const int attrTailSize = strlen( attrTail ) + 1;
76  const int pathSize = strlen( path );
77  int dbStringLen, i;
78 
79  /* Build up the data-source control string */
80  memcpy( buffer, attrName, attrNameSize + 1 );
81  memcpy( buffer + attrNameSize, path, pathSize );
82  if( attrTailSize > 0 )
83  {
84  memcpy( buffer + attrNameSize + pathSize, attrTail,
85  attrTailSize );
86  }
87  buffer[ attrNameSize + pathSize + attrTailSize ] = '\0';
88 
89  /* Finally, convert the strings to the weird embedded-null strings
90  required by SQLConfigDataSource() */
91  dbStringLen = strlen( buffer );
92  for( i = 0; i < dbStringLen; i++ )
93  {
94  if( buffer[ i ] == '#' )
95  buffer[ i ] = '\0';
96  }
97  }
98 
99 static BOOLEAN createDatabase( const char *driverName,
100  const char *keysetName,
101  const char *nameString,
102  const char *createString,
103  const char *trailerString,
104  const BOOLEAN isSqlServer )
105  {
106  char tempPathBuffer[ 512 ];
107  char attrBuffer[ 1024 ];
108 #ifdef UNICODE_STRINGS
109  wchar_t wcAttrBuffer[ 1024 ];
110 #endif /* UNICODE_STRINGS */
111  int status;
112 
113  if( !GetTempPath( 512, tempPathBuffer ) )
114  strcpy( tempPathBuffer, "C:\\Temp\\" );
115 
116  /* Try and create the DSN. For the default Access driver his is a two-
117  step process, first we create the DSN and then the underlying file
118  that contains the database. For SQL Server it's simpler, the database
119  server already exists so all we have to do is create the database */
120  if( isSqlServer )
121  {
122  printf( "Attempting to create keyset '%s' using alternative data "
123  "source...\n", keysetName );
124  }
125  else
126  {
127  printf( "Database keyset '%s' not found, attempting to create data "
128  "source...\n", keysetName );
129  }
130  buildDBString( attrBuffer, nameString, trailerString, tempPathBuffer );
131 #ifdef UNICODE_STRINGS
132  mbstowcs( wcAttrBuffer, attrBuffer, strlen( attrBuffer ) + 1 );
133  status = SQLConfigDataSource( NULL, ODBC_ADD_DSN, driverName,
134  wcAttrBuffer );
135 #else
136  status = SQLConfigDataSource( NULL, ODBC_ADD_DSN, driverName,
137  attrBuffer );
138 #endif /* UNICODE_STRINGS */
139  if( status != 1 )
140  {
141  DWORD dwErrorCode;
142  WORD errorMessageLen;
143  char errorMessage[ 256 ];
144 
145  if( SQLInstallerError( 1, &dwErrorCode, errorMessage, 256,
146  &errorMessageLen ) != SQL_NO_DATA )
147  {
148  printf( "SQLConfigDataSource() returned error code %d,\n "
149  "message '%s'.\n", dwErrorCode, errorMessage );
150 #if defined( _M_X64 )
151  if( !isSqlServer )
152  {
153  puts( " (This is probably because there's no appropriate "
154  "64-bit driver present,\n retrying the create with "
155  "an alternative driver...)." );
156  }
157 #endif /* _M_X64 */
158  }
159  return( FALSE );
160  }
161  if( isSqlServer )
162  {
163  /* The server already exists and we're done */
164  return( TRUE );
165  }
166  buildDBString( attrBuffer, createString, trailerString, tempPathBuffer );
167 #ifdef UNICODE_STRINGS
168  mbstowcs( wcAttrBuffer, attrBuffer, strlen( attrBuffer ) + 1 );
169  status = SQLConfigDataSource( NULL, ODBC_ADD_DSN, driverName,
170  wcAttrBuffer );
171 #else
172  status = SQLConfigDataSource( NULL, ODBC_ADD_DSN, driverName,
173  attrBuffer );
174 #endif /* UNICODE_STRINGS */
175 
176  return( ( status == 1 ) ? TRUE : FALSE );
177  }
178 
179 static BOOLEAN createDatabaseKeyset( void )
180  {
181  int status;
182 
183  status = createDatabase( DRIVER_NAME, DATABASE_KEYSET_NAME_ASCII,
184  DATABASE_ATTR_NAME, DATABASE_ATTR_CREATE,
185  DATABASE_ATTR_TAIL, FALSE );
186  if( status == FALSE )
187  {
188  /* The create with the default (MS Access) driver failed, fall back
189  to the SQL server alternative */
190  status = createDatabase( DRIVER_NAME_ALT, DATABASE_KEYSET_NAME_ASCII,
191  DATABASE_ATTR_NAME_ALT,
192  DATABASE_ATTR_CREATE_ALT,
193  DATABASE_ATTR_TAIL_ALT, TRUE );
194  }
195  puts( ( status == TRUE ) ? "Data source creation succeeded." : \
196  "Data source creation failed.\n\nYou need to create the "
197  "keyset data source as described in the cryptlib manual\n"
198  "for the database keyset tests to run." );
199 
200  return( status );
201  }
202 
203 static BOOLEAN createDatabaseCertstore( void )
204  {
205  int status;
206 
207  status = createDatabase( DRIVER_NAME, CERTSTORE_KEYSET_NAME_ASCII,
208  CERTSTORE_ATTR_NAME, CERTSTORE_ATTR_CREATE,
209  CERTSTORE_ATTR_TAIL, FALSE );
210  if( status == FALSE )
211  {
212  /* The create with the default (MS Access) driver failed, fall back
213  to the SQL server alternative */
214  status = createDatabase( DRIVER_NAME_ALT, CERTSTORE_KEYSET_NAME_ASCII,
215  CERTSTORE_ATTR_NAME_ALT,
216  CERTSTORE_ATTR_CREATE_ALT,
217  CERTSTORE_ATTR_TAIL_ALT, TRUE );
218  }
219  puts( ( status == TRUE ) ? "Data source creation succeeded.\n" : \
220  "Data source creation failed.\n\nYou need to create the "
221  "certificate store data source as described in the\n"
222  "cryptlib manual for the certificate management tests to "
223  "run.\n" );
224 
225  return( status );
226  }
227 
228 static void checkCreateDatabaseKeysets( void )
229  {
230  CRYPT_KEYSET cryptKeyset;
231  int status;
232 
233  /* Try and open the test keyset */
234  status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED,
235  CRYPT_KEYSET_ODBC, DATABASE_KEYSET_NAME,
236  CRYPT_KEYOPT_READONLY );
237  if( cryptStatusOK( status ) )
238  cryptKeysetClose( cryptKeyset );
239  else
240  {
241  if( status == CRYPT_ERROR_OPEN )
242  createDatabaseKeyset();
243  }
244 
245  /* Try and open the test certificate store. This can return a
246  CRYPT_ARGERROR_PARAM3 as a normal condition since a freshly-created
247  database is empty and therefore can't be identified as a certificate
248  store until data is written to it */
249  status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED,
250  CRYPT_KEYSET_ODBC_STORE, CERTSTORE_KEYSET_NAME,
251  CRYPT_KEYOPT_READONLY );
252  if( cryptStatusOK( status ) )
253  cryptKeysetClose( cryptKeyset );
254  else
255  {
256  if( status == CRYPT_ERROR_OPEN )
257  createDatabaseCertstore();
258  }
259  }
260 #endif /* Win32 with VC++ */
261 
262 /****************************************************************************
263 * *
264 * Test Low-level Functions *
265 * *
266 ****************************************************************************/
267 
268 #ifdef TEST_SELFTEST
269 
270 /* Test the cryptlib self-test routines */
271 
272 BOOLEAN testSelfTest( void )
273  {
274  int value, status;
275 
276  /* Perform the self-test. First we write the value to true to force a
277  self-test, then we read it back to see whether it succeeded */
278  status = cryptSetAttribute( CRYPT_UNUSED, CRYPT_OPTION_SELFTESTOK,
279  TRUE );
280  if( cryptStatusError( status ) )
281  {
282  printf( "Attempt to perform cryptlib algorithm self-test failed "
283  "with error code %d, line %d.\n", status, __LINE__ );
284  return( FALSE );
285  }
286  status = cryptGetAttribute( CRYPT_UNUSED, CRYPT_OPTION_SELFTESTOK,
287  &value );
288  if( cryptStatusError( status ) || value != TRUE )
289  {
290  /* Unfortunately all that we can report at this point is that the
291  self-test failed, we can't try each algorithm individually
292  because the self-test has disabled the failed one(s) */
293  printf( "cryptlib algorithm self-test failed, line %d.\n",
294  __LINE__ );
295  return( FALSE );
296  }
297  puts( "cryptlib algorithm self-test succeeded.\n" );
298 
299  return( TRUE );
300  }
301 #else
302 
303 BOOLEAN testSelfTest( void )
304  {
305  puts( "Skipping test of self-test routines...\n" );
306  return( TRUE );
307  }
308 #endif /* TEST_SELFTEST */
309 
310 #ifdef TEST_LOWLEVEL
311 
312 /* Test the low-level encryption routines */
313 
314 BOOLEAN testLowLevel( void )
315  {
316  CRYPT_ALGO_TYPE cryptAlgo;
317  BOOLEAN algosEnabled;
318 
319  /* Test the conventional encryption routines */
320  algosEnabled = FALSE;
321  for( cryptAlgo = CRYPT_ALGO_FIRST_CONVENTIONAL;
322  cryptAlgo <= CRYPT_ALGO_LAST_CONVENTIONAL; cryptAlgo++ )
323  {
324  if( cryptStatusOK( cryptQueryCapability( cryptAlgo, NULL ) ) )
325  {
326  if( !testLowlevel( CRYPT_UNUSED, cryptAlgo, FALSE ) )
327  return( FALSE );
328  algosEnabled = TRUE;
329  }
330  }
331  if( !algosEnabled )
332  puts( "(No conventional-encryption algorithms enabled)." );
333 
334  /* Test the public-key encryption routines */
335  algosEnabled = FALSE;
336  for( cryptAlgo = CRYPT_ALGO_FIRST_PKC;
337  cryptAlgo <= CRYPT_ALGO_LAST_PKC; cryptAlgo++ )
338  {
339  if( cryptStatusOK( cryptQueryCapability( cryptAlgo, NULL ) ) )
340  {
341  if( !testLowlevel( CRYPT_UNUSED, cryptAlgo, FALSE ) )
342  return( FALSE );
343  algosEnabled = TRUE;
344  }
345  }
346  if( cryptStatusOK( cryptQueryCapability( CRYPT_ALGO_RSA, NULL ) ) && \
347  !testRSAMinimalKey() )
348  return( FALSE );
349  if( !algosEnabled )
350  puts( "(No public-key algorithms enabled)." );
351 
352  /* Test the hash routines */
353  algosEnabled = FALSE;
354  for( cryptAlgo = CRYPT_ALGO_FIRST_HASH;
355  cryptAlgo <= CRYPT_ALGO_LAST_HASH; cryptAlgo++ )
356  {
357  if( cryptStatusOK( cryptQueryCapability( cryptAlgo, NULL ) ) )
358  {
359  if( !testLowlevel( CRYPT_UNUSED, cryptAlgo, FALSE ) )
360  return( FALSE );
361  algosEnabled = TRUE;
362  }
363  }
364  if( !algosEnabled )
365  puts( "(No hash algorithms enabled)." );
366 
367  /* Test the MAC routines */
368  algosEnabled = FALSE;
369  for( cryptAlgo = CRYPT_ALGO_FIRST_MAC;
370  cryptAlgo <= CRYPT_ALGO_LAST_MAC; cryptAlgo++ )
371  {
372  if( cryptStatusOK( cryptQueryCapability( cryptAlgo, NULL ) ) )
373  {
374  if( !testLowlevel( CRYPT_UNUSED, cryptAlgo, FALSE ) )
375  return( FALSE );
376  algosEnabled = TRUE;
377  }
378  }
379  if( !algosEnabled )
380  puts( "(No MAC algorithms enabled)." );
381  printf( "\n" );
382 
383  return( TRUE );
384  }
385 #else
386 
387 BOOLEAN testLowLevel( void )
388  {
389  puts( "Skipping test of low-level encryption routines...\n" );
390  return( TRUE );
391  }
392 #endif /* TEST_LOWLEVEL */
393 
394 /****************************************************************************
395 * *
396 * Test Randomness, Config, and Device Functions *
397 * *
398 ****************************************************************************/
399 
400 #ifdef TEST_RANDOM
401 
402 /* Test the randomness-gathering routines */
403 
404 BOOLEAN testRandom( void )
405  {
406  if( !testRandomRoutines() )
407  {
408  puts( "The self-test will proceed without using a strong random "
409  "number source.\n" );
410 
411  /* Kludge the randomness routines so we can continue the self-tests */
412  cryptAddRandom( "xyzzy", 5 );
413  }
414 
415  return( TRUE );
416  }
417 #else
418 
419 BOOLEAN testRandom( void )
420  {
421  puts( "Skipping test of randomness routines...\n" );
422  return( TRUE );
423  }
424 #endif /* TEST_RANDOM */
425 
426 #ifdef TEST_CONFIG
427 
428 /* The names of the configuration options we check for */
429 
430 static struct {
431  const CRYPT_ATTRIBUTE_TYPE option; /* Option */
432  const char FAR_BSS *name; /* Option name */
433  const BOOLEAN isNumeric; /* Whether it's a numeric option */
434  } FAR_BSS configOption[] = {
435  { CRYPT_OPTION_INFO_DESCRIPTION, "CRYPT_OPTION_INFO_DESCRIPTION", FALSE },
436  { CRYPT_OPTION_INFO_COPYRIGHT, "CRYPT_OPTION_INFO_COPYRIGHT", FALSE },
437  { CRYPT_OPTION_INFO_MAJORVERSION, "CRYPT_OPTION_INFO_MAJORVERSION", TRUE },
438  { CRYPT_OPTION_INFO_MINORVERSION, "CRYPT_OPTION_INFO_MINORVERSION", TRUE },
439  { CRYPT_OPTION_INFO_STEPPING, "CRYPT_OPTION_INFO_STEPPING", TRUE },
440 
441  { CRYPT_OPTION_ENCR_ALGO, "CRYPT_OPTION_ENCR_ALGO", TRUE },
442  { CRYPT_OPTION_ENCR_HASH, "CRYPT_OPTION_ENCR_HASH", TRUE },
443  { CRYPT_OPTION_ENCR_MAC, "CRYPT_OPTION_ENCR_MAC", TRUE },
444 
445  { CRYPT_OPTION_PKC_ALGO, "CRYPT_OPTION_PKC_ALGO", TRUE },
446  { CRYPT_OPTION_PKC_KEYSIZE, "CRYPT_OPTION_PKC_KEYSIZE", TRUE },
447 
448  { CRYPT_OPTION_SIG_ALGO, "CRYPT_OPTION_SIG_ALGO", TRUE },
449  { CRYPT_OPTION_SIG_KEYSIZE, "CRYPT_OPTION_SIG_KEYSIZE", TRUE },
450 
451  { CRYPT_OPTION_KEYING_ALGO, "CRYPT_OPTION_KEYING_ALGO", TRUE },
452  { CRYPT_OPTION_KEYING_ITERATIONS, "CRYPT_OPTION_KEYING_ITERATIONS", TRUE },
453 
454  { CRYPT_OPTION_CERT_SIGNUNRECOGNISEDATTRIBUTES, "CRYPT_OPTION_CERT_SIGNUNRECOGNISEDATTRIBUTES", TRUE },
455  { CRYPT_OPTION_CERT_VALIDITY, "CRYPT_OPTION_CERT_VALIDITY", TRUE },
456  { CRYPT_OPTION_CERT_UPDATEINTERVAL, "CRYPT_OPTION_CERT_UPDATEINTERVAL", TRUE },
457  { CRYPT_OPTION_CERT_COMPLIANCELEVEL, "CRYPT_OPTION_CERT_COMPLIANCELEVEL", TRUE },
458  { CRYPT_OPTION_CERT_REQUIREPOLICY, "CRYPT_OPTION_CERT_REQUIREPOLICY", TRUE },
459 
460  { CRYPT_OPTION_CMS_DEFAULTATTRIBUTES, "CRYPT_OPTION_CMS_DEFAULTATTRIBUTES", TRUE },
461 
462  { CRYPT_OPTION_KEYS_LDAP_OBJECTCLASS, "CRYPT_OPTION_KEYS_LDAP_OBJECTCLASS", FALSE },
463  { CRYPT_OPTION_KEYS_LDAP_OBJECTTYPE, "CRYPT_OPTION_KEYS_LDAP_OBJECTTYPE", TRUE },
464  { CRYPT_OPTION_KEYS_LDAP_FILTER, "CRYPT_OPTION_KEYS_LDAP_FILTER", FALSE },
465  { CRYPT_OPTION_KEYS_LDAP_CACERTNAME, "CRYPT_OPTION_KEYS_LDAP_CACERTNAME", FALSE },
466  { CRYPT_OPTION_KEYS_LDAP_CERTNAME, "CRYPT_OPTION_KEYS_LDAP_CERTNAME", FALSE },
467  { CRYPT_OPTION_KEYS_LDAP_CRLNAME, "CRYPT_OPTION_KEYS_LDAP_CRLNAME", FALSE },
468  { CRYPT_OPTION_KEYS_LDAP_EMAILNAME, "CRYPT_OPTION_KEYS_LDAP_EMAILNAME", FALSE },
469 
470  { CRYPT_OPTION_DEVICE_PKCS11_DVR01, "CRYPT_OPTION_DEVICE_PKCS11_DVR01", FALSE },
471  { CRYPT_OPTION_DEVICE_PKCS11_DVR02, "CRYPT_OPTION_DEVICE_PKCS11_DVR02", FALSE },
472  { CRYPT_OPTION_DEVICE_PKCS11_DVR03, "CRYPT_OPTION_DEVICE_PKCS11_DVR03", FALSE },
473  { CRYPT_OPTION_DEVICE_PKCS11_DVR04, "CRYPT_OPTION_DEVICE_PKCS11_DVR04", FALSE },
474  { CRYPT_OPTION_DEVICE_PKCS11_DVR05, "CRYPT_OPTION_DEVICE_PKCS11_DVR05", FALSE },
475  { CRYPT_OPTION_DEVICE_PKCS11_HARDWAREONLY, "CRYPT_OPTION_DEVICE_PKCS11_HARDWAREONLY", TRUE },
476 
477  { CRYPT_OPTION_NET_SOCKS_SERVER, "CRYPT_OPTION_NET_SOCKS_SERVER", FALSE },
478  { CRYPT_OPTION_NET_SOCKS_USERNAME, "CRYPT_OPTION_NET_SOCKS_USERNAME", FALSE },
479  { CRYPT_OPTION_NET_HTTP_PROXY, "CRYPT_OPTION_NET_HTTP_PROXY", FALSE },
480  { CRYPT_OPTION_NET_CONNECTTIMEOUT, "CRYPT_OPTION_NET_CONNECTTIMEOUT", TRUE },
481  { CRYPT_OPTION_NET_READTIMEOUT, "CRYPT_OPTION_NET_READTIMEOUT", TRUE },
482  { CRYPT_OPTION_NET_WRITETIMEOUT, "CRYPT_OPTION_NET_WRITETIMEOUT", TRUE },
483 
484  { CRYPT_OPTION_MISC_ASYNCINIT, "CRYPT_OPTION_MISC_ASYNCINIT", TRUE },
485  { CRYPT_OPTION_MISC_SIDECHANNELPROTECTION, "CRYPT_OPTION_MISC_SIDECHANNELPROTECTION", TRUE },
486 
487  { CRYPT_ATTRIBUTE_NONE, NULL, 0 }
488  };
489 
490 /* Test the configuration options routines */
491 
492 BOOLEAN testConfig( void )
493  {
494  int i, value, status;
495 
496  for( i = 0; configOption[ i ].option != CRYPT_ATTRIBUTE_NONE; i++ )
497  {
498  C_CHR buffer[ 256 ];
499  int length;
500 
501  if( configOption[ i ].isNumeric )
502  {
503  status = cryptGetAttribute( CRYPT_UNUSED, configOption[ i ].option,
504  &value );
505  if( cryptStatusError( status ) )
506  {
507  printf( "%s appears to be disabled/unavailable in this build.\n",
508  configOption[ i ].name );
509  continue;
510  }
511  printf( "%s = %d.\n", configOption[ i ].name, value );
512  continue;
513  }
514  status = cryptGetAttributeString( CRYPT_UNUSED,
515  configOption[ i ].option,
516  buffer, &length );
517  if( cryptStatusError( status ) )
518  {
519  printf( "%s appears to be disabled/unavailable in this build.\n",
520  configOption[ i ].name );
521  continue;
522  }
523  assert( length < 256 );
524 #ifdef UNICODE_STRINGS
525  buffer[ length / sizeof( wchar_t ) ] = TEXT( '\0' );
526  printf( "%s = %S.\n", configOption[ i ].name, buffer );
527 #else
528  buffer[ length ] = '\0';
529  printf( "%s = %s.\n", configOption[ i ].name, buffer );
530 #endif /* UNICODE_STRINGS */
531  }
532  printf( "\n" );
533 
534  return( TRUE );
535  }
536 #else
537 
538 BOOLEAN testConfig( void )
539  {
540  puts( "Skipping display of config options...\n" );
541  return( TRUE );
542  }
543 #endif /* TEST_CONFIG */
544 
545 #ifdef TEST_DEVICE
546 
547 /* Test the crypto device routines */
548 
549 BOOLEAN testDevice( void )
550  {
551  int status;
552 
553  status = testDevices();
554  if( status == CRYPT_ERROR_NOTAVAIL )
555  {
556  puts( "Handling for crypto devices doesn't appear to be enabled in "
557  "this build of\ncryptlib.\n" );
558  return( TRUE );
559  }
560  if( !status )
561  return( FALSE );
562 
563  return( TRUE );
564  }
565 #else
566 
567 BOOLEAN testDevice( void )
568  {
569  puts( "Skipping test of crypto device routines...\n" );
570  return( TRUE );
571  }
572 #endif /* TEST_DEVICE */
573 
574 /****************************************************************************
575 * *
576 * Test Mid/High-level Functions *
577 * *
578 ****************************************************************************/
579 
580 #ifdef TEST_MIDLEVEL
581 
582 /* Test the mid-level routines */
583 
584 BOOLEAN testMidLevel( void )
585  {
586  if( !testLargeBufferEncrypt() )
587  return( FALSE );
588  if( !testDeriveKey() )
589  return( FALSE );
590  if( !testConventionalExportImport() )
591  return( FALSE );
592  if( cryptStatusOK( cryptQueryCapability( CRYPT_ALGO_HMAC_SHA1, NULL ) ) )
593  {
594  /* Only test the MAC functions of HMAC-SHA1 is enabled */
595  if( !testMACExportImport() )
596  return( FALSE );
597  }
598  if( cryptStatusOK( cryptQueryCapability( CRYPT_ALGO_RSA, NULL ) ) )
599  {
600  /* Only test the PKC functions if RSA is enabled */
601  if( !testKeyExportImport() )
602  return( FALSE );
603  if( !testSignData() )
604  return( FALSE );
605  if( !testKeygen() )
606  return( FALSE );
607  if( !testKeygenAsync() )
608  return( FALSE );
609  }
610  /* No need for putchar, mid-level functions leave a blank line at end */
611 
612  return( TRUE );
613  }
614 #else
615 
616 BOOLEAN testMidLevel( void )
617  {
618  puts( "Skipping test of mid-level encryption routines...\n" );
619  return( TRUE );
620  }
621 #endif /* TEST_MIDLEVEL */
622 
623 #ifdef TEST_HIGHLEVEL
624 
625 /* Test the high-level routines (these are similar to the mid-level routines
626  but rely on things like certificate management to work) */
627 
628 BOOLEAN testHighLevel( void )
629  {
630  if( !testKeyExportImportCMS() )
631  return( FALSE );
632  if( !testSignDataCMS() )
633  return( FALSE );
634 
635  return( TRUE );
636  }
637 #else
638 
639 BOOLEAN testHighLevel( void )
640  {
641  puts( "Skipping test of high-level routines...\n" );
642  return( TRUE );
643  }
644 #endif /* TEST_HIGHLEVEL */
645 
646 /****************************************************************************
647 * *
648 * Test Certificates *
649 * *
650 ****************************************************************************/
651 
652 #ifdef TEST_CERT
653 
654 /* Test the certificate routines */
655 
656 BOOLEAN testCert( void )
657  {
658  if( !testBasicCert() )
659  return( FALSE );
660  if( !testCACert() )
661  return( FALSE );
662  if( !testXyzzyCert() )
663  return( FALSE );
664  if( !testTextStringCert() )
665  return( FALSE );
666  if( !testComplexCert() )
667  return( FALSE );
668  if( !testCertExtension() )
669  return( FALSE );
670  if( !testCustomDNCert() )
671  return( FALSE );
672  if( !testSETCert() )
673  return( FALSE );
674  if( !testAttributeCert() )
675  return( FALSE );
676  if( !testCertRequest() )
677  return( FALSE );
678  if( !testComplexCertRequest() )
679  return( FALSE );
680  if( !testCRMFRequest() )
681  return( FALSE );
682  if( !testComplexCRMFRequest() )
683  return( FALSE );
684  if( !testCRL() )
685  return( FALSE );
686  if( !testComplexCRL() )
687  return( FALSE );
688  if( !testRevRequest() )
689  return( FALSE );
690  if( !testCertChain() )
691  return( FALSE );
692  if( !testCMSAttributes() )
693  return( FALSE );
694  if( !testOCSPReqResp() )
695  return( FALSE );
696  if( !testCertImport() )
697  return( FALSE );
698  if( !testCertImportECC() )
699  return( FALSE );
700  if( !testCertReqImport() )
701  return( FALSE );
702  if( !testCRLImport() )
703  return( FALSE );
704  if( !testCertChainImport() )
705  return( FALSE );
706  if( !testOCSPImport() )
707  return( FALSE );
708  if( !testBase64CertImport() )
709  return( FALSE );
710  if( !testBase64CertChainImport() )
711  return( FALSE );
712  if( !testMiscImport() )
713  return( FALSE );
714  if( !testNonchainCert() )
715  return( FALSE );
716  if( !testCertComplianceLevel() )
717  return( FALSE );
718  if( !testPKCS1Padding() )
719  return( FALSE );
720 #if 0 /* This takes a while to run and produces a lot of output that won't
721  be meaningful to anyone other than cryptlib developers so it's
722  disabled by default */
723  if( !testPathProcessing() )
724  return( FALSE );
725 #endif /* 0 */
726 
727  return( TRUE );
728  }
729 #else
730 
731 BOOLEAN testCert( void )
732  {
733  puts( "Skipping test of certificate routines...\n" );
734  return( TRUE );
735  }
736 #endif /* TEST_CERT */
737 
738 #ifdef TEST_CERTPROCESS
739 
740 /* Test the certificate processing and CA certificate management
741  functionality. A side-effect of the certificate-management
742  functionality is that the OCSP EE test certificates are written
743  to the test data directory */
744 
745 BOOLEAN testCertMgmt( void )
746  {
747  int status;
748 
749  if( !testCertProcess() )
750  return( FALSE );
751  status = testCertManagement();
752  if( status == CRYPT_ERROR_NOTAVAIL )
753  {
754  puts( "Handling for CA certificate stores doesn't appear to be "
755  "enabled in this\nbuild of cryptlib, skipping the test of "
756  "the certificate management routines.\n" );
757  }
758  else
759  {
760  if( !status )
761  return( FALSE );
762  }
763 
764  return( TRUE );
765  }
766 #else
767 
768 BOOLEAN testCertMgmt( void )
769  {
770  puts( "Skipping test of certificate handling/CA management...\n" );
771  return( TRUE );
772  }
773 #endif /* TEST_CERTPROCESS */
774 
775 /****************************************************************************
776 * *
777 * Test Keysets *
778 * *
779 ****************************************************************************/
780 
781 #ifdef TEST_KEYSET
782 
783 /* Test the file and database keyset read routines */
784 
785 BOOLEAN testKeysetFile( void )
786  {
787  if( !testGetPGPPublicKey() )
788  return( FALSE );
789  if( !testGetPGPPrivateKey() )
790  return( FALSE );
791  if( !testReadWriteFileKey() )
792  return( FALSE );
793  if( !testReadWriteAltFileKey() )
794  return( FALSE );
795  if( !testImportFileKey() )
796  return( FALSE );
797  if( !testReadFilePublicKey() )
798  return( FALSE );
799  if( !testDeleteFileKey() )
800  return( FALSE );
801  if( !testUpdateFileCert() )
802  return( FALSE );
803  if( !testReadFileCert() )
804  return( FALSE );
805  if( !testReadFileCertPrivkey() )
806  return( FALSE );
807  if( !testWriteFileCertChain() )
808  return( FALSE );
809  if( !testReadFileCertChain() )
810  return( FALSE );
811  if( !testAddTrustedCert() )
812  return( FALSE );
813 #if 0 /* This changes the global config file and is disabled by default */
814  if( !testAddGloballyTrustedCert() )
815  return( FALSE );
816 #endif /* 0 */
817  if( !testWriteFileLongCertChain() )
818  return( FALSE );
819  if( !testSingleStepFileCert() )
820  return( FALSE );
821  if( !testSingleStepAltFileCert() )
822  return( FALSE );
823  if( !testDoubleCertFile() )
824  return( FALSE );
825  if( !testRenewedCertFile() )
826  return( FALSE );
827  if( !testReadAltFileKey() )
828  return( FALSE );
829  if( !testReadMiscFile() )
830  return( FALSE );
831  return( TRUE );
832  }
833 
834 BOOLEAN testKeysetDatabase( void )
835  {
836  int status;
837 
838  #ifdef DATABASE_AUTOCONFIG
839  checkCreateDatabaseKeysets();
840  #endif /* DATABASE_AUTOCONFIG */
841  status = testWriteCert();
842  if( status == CRYPT_ERROR_NOTAVAIL )
843  {
844  puts( "Handling for certificate databases doesn't appear to be "
845  "enabled in this\nbuild of cryptlib, skipping the test of "
846  "the certificate database routines.\n" );
847  }
848  else
849  {
850  if( status == TRUE )
851  {
852  if( !testReadCert() )
853  return( FALSE );
854  if( !testKeysetQuery() )
855  return( FALSE );
856  }
857  }
858  /* For the following tests we may have read access but not write access,
859  so we test a read of known-present certs before trying a write -
860  unlike the local keysets we don't need to add a certificate before we
861  can try reading it */
862  status = testReadCertLDAP();
863  if( status == CRYPT_ERROR_NOTAVAIL )
864  {
865  puts( "Handling for LDAP certificate directories doesn't appear to "
866  "be enabled in\nthis build of cryptlib, skipping the test of "
867  "the certificate directory\nroutines.\n" );
868  }
869  else
870  {
871  /* LDAP access can fail if the directory doesn't use the standard
872  du jour, so we don't treat a failure as a fatal error */
873  if( status )
874  {
875  /* LDAP writes are even worse than LDAP reads, so we don't
876  treat failures here as fatal either */
877  testWriteCertLDAP();
878  }
879  }
880  status = testReadCertURL();
881  if( status == CRYPT_ERROR_NOTAVAIL )
882  {
883  puts( "Handling for fetching certificates from web pages doesn't "
884  "appear to be\nenabled in this build of cryptlib, skipping "
885  "the test of the HTTP routines.\n" );
886  }
887  else
888  {
889  /* Being able to read a certificate from a web page is rather
890  different from access to an HTTP certificate store so we don't
891  treat an error here as fatal */
892  if( status )
893  testReadCertHTTP();
894  }
895 
896  return( TRUE );
897  }
898 #else
899 
900 BOOLEAN testKeysetFile( void )
901  {
902  puts( "Skipping test of file keyset read routines...\n" );
903  return( TRUE );
904  }
905 
906 BOOLEAN testKeysetDatabase( void )
907  {
908  puts( "Skipping test of database keyset read routines...\n" );
909  return( TRUE );
910  }
911 #endif /* TEST_KEYSET */
912 
913 /****************************************************************************
914 * *
915 * Test Enveloping *
916 * *
917 ****************************************************************************/
918 
919 #ifdef TEST_ENVELOPE
920 
921 /* Test the enveloping routines */
922 
923 BOOLEAN testEnveloping( void )
924  {
925  if( !testEnvelopeData() )
926  return( FALSE );
927  if( !testEnvelopeDataLargeBuffer() )
928  return( FALSE );
929  if( !testEnvelopeCompress() )
930  return( FALSE );
931  if( !testPGPEnvelopeCompressedDataImport() )
932  return( FALSE );
933  if( !testEnvelopeSessionCrypt() )
934  return( FALSE );
935  if( !testEnvelopeSessionCryptLargeBuffer() )
936  return( FALSE );
937  if( !testEnvelopeCrypt() )
938  return( FALSE );
939  if( !testEnvelopePasswordCrypt() )
940  return( FALSE );
941  if( !testEnvelopePasswordCryptImport() )
942  return( FALSE );
943  if( !testPGPEnvelopePasswordCryptImport() )
944  return( FALSE );
945  if( !testEnvelopePKCCrypt() )
946  return( FALSE );
947  if( !testEnvelopePKCCryptAlgo() )
948  return( FALSE );
949  if( !testPGPEnvelopePKCCryptImport() )
950  return( FALSE );
951  if( !testEnvelopeSign() )
952  return( FALSE );
953  if( !testEnvelopeSignAlgo() )
954  return( FALSE );
955  if( !testEnvelopeSignOverflow() )
956  return( FALSE );
957  if( !testPGPEnvelopeSignedDataImport() )
958  return( FALSE );
959  if( !testEnvelopeAuthenticate() )
960  return( FALSE );
961  if( !testEnvelopeAuthEnc() )
962  return( FALSE );
963  if( !testCMSEnvelopePKCCrypt() )
964  return( FALSE );
965  if( !testCMSEnvelopePKCCryptDoubleCert() )
966  return( FALSE );
967  if( !testCMSEnvelopePKCCryptImport() )
968  return( FALSE );
969  if( !testCMSEnvelopeSign() )
970  return( FALSE );
971  if( !testCMSEnvelopeDualSign() )
972  return( FALSE );
973  if( !testCMSEnvelopeDetachedSig() )
974  return( FALSE );
975  if( !testCMSEnvelopeSignedDataImport() )
976  return( FALSE );
977 
978  return( TRUE );
979  }
980 #else
981 
982 BOOLEAN testEnveloping( void )
983  {
984  puts( "Skipping test of enveloping routines...\n" );
985  return( TRUE );
986  }
987 #endif /* TEST_ENVELOPE */
988 
989 /****************************************************************************
990 * *
991 * Test Sessions *
992 * *
993 ****************************************************************************/
994 
995 #ifdef TEST_SESSION
996 
997 /* Test the session routines */
998 
999 BOOLEAN testSessions( void )
1000  {
1001  int status;
1002 
1003  status = testSessionUrlParse();
1004  if( !status )
1005  return( FALSE );
1006  if( status == CRYPT_ERROR_NOTAVAIL )
1007  {
1008  puts( "Network access doesn't appear to be enabled in this build of "
1009  "cryptlib,\nskipping the test of the secure session routines.\n" );
1010  return( TRUE );
1011  }
1012  if( !checkNetworkAccess() )
1013  {
1014  puts( "Couldn't perform a test connect to a well-known site "
1015  "(Amazon.com) which\nindicates that external network access "
1016  "isn't available. Is this machine\nsituated behind a "
1017  "firewall?\n" );
1018  return( FALSE );
1019  }
1020  if( !testSessionAttributes() )
1021  return( FALSE );
1022  if( !testSessionSSHv1() )
1023  return( FALSE );
1024  if( !testSessionSSH() )
1025  return( FALSE );
1026  if( !testSessionSSHClientCert() )
1027  return( FALSE );
1028  if( !testSessionSSHPortforward() )
1029  return( FALSE );
1030  if( !testSessionSSHExec() )
1031  return( FALSE );
1032  if( !testSessionSSL() )
1033  return( FALSE );
1034  if( !testSessionSSLLocalSocket() )
1035  return( FALSE );
1036  if( !testSessionTLS() )
1037  return( FALSE );
1038  if( !testSessionTLS11() )
1039  return( FALSE );
1040  if( !testSessionTLS12() )
1041  return( FALSE );
1042 #if 0 /* The MS test server used for the general TLS 1.2 tests requires
1043  fairly extensive custom configuration of client certs and the
1044  ability to do rehandshakes due to the oddball way that schannel
1045  handles client-auth, so we disable this test until another
1046  server that actually does TLS 1.2 client auth appears */
1047  if( !testSessionTLS12ClientCert() )
1048  return( FALSE );
1049 #endif /* 0 */
1050  if( !testSessionOCSP() )
1051  return( FALSE );
1052  if( !testSessionTSP() )
1053  return( FALSE );
1054  if( !testSessionEnvTSP() )
1055  return( FALSE );
1056  if( !testSessionCMP() )
1057  return( FALSE );
1058 
1059  return( TRUE );
1060  }
1061 #else
1062 
1063 BOOLEAN testSessions( void )
1064  {
1065  puts( "Skipping test of session routines...\n" );
1066  return( TRUE );
1067  }
1068 #endif /* TEST_SESSION */
1069 
1070 #ifdef TEST_SESSION_LOOPBACK
1071 
1072 /* Test loopback client/server sessions. These require a threaded OS and
1073  are aliased to no-ops on non-threaded systems. In addition there can be
1074  synchronisation problems between the two threads if the server is delayed
1075  for some reason, resulting in the client waiting for a socket that isn't
1076  opened yet. This isn't easy to fix without a lot of explicit intra-
1077  thread synchronisation, if there's a problem it's easier to just re-run
1078  the tests */
1079 
1080 BOOLEAN testSessionsLoopback( void )
1081  {
1082  #ifdef DATABASE_AUTOCONFIG
1083  checkCreateDatabaseKeysets(); /* Needed for PKI tests */
1084  #endif /* DATABASE_AUTOCONFIG */
1085  if( !testSessionSSHv1ClientServer() )
1086  return( FALSE );
1087  if( !testSessionSSHClientServer() )
1088  return( FALSE );
1089  if( !testSessionSSHClientServerDsaKey() )
1090  return( FALSE );
1091  if( !testSessionSSHClientServerEccKey() )
1092  return( FALSE );
1093  if( !testSessionSSHClientServerFingerprint() )
1094  return( FALSE );
1095  if( !testSessionSSHClientServerPortForward() )
1096  return( FALSE );
1097  if( !testSessionSSHClientServerExec() )
1098  return( FALSE );
1099  if( !testSessionSSHClientServerMultichannel() )
1100  return( FALSE );
1101  if( !testSessionSSLClientServer() )
1102  return( FALSE );
1103  if( !testSessionSSLClientCertClientServer() )
1104  return( FALSE );
1105  if( !testSessionTLSClientServer() )
1106  return( FALSE );
1107  if( !testSessionTLSSharedKeyClientServer() )
1108  return( FALSE );
1109  if( !testSessionTLSNoSharedKeyClientServer() )
1110  return( FALSE );
1111  if( !testSessionTLSBulkTransferClientServer() )
1112  return( FALSE );
1113  if( !testSessionTLS11ClientServer() )
1114  return( FALSE );
1115  if( !testSessionTLS12ClientServer() )
1116  return( FALSE );
1117  if( !testSessionTLS12ClientCertClientServer() )
1118  return( FALSE );
1119  if( !testSessionHTTPCertstoreClientServer() )
1120  return( FALSE );
1121  if( !testSessionRTCSClientServer() )
1122  return( FALSE );
1123  if( !testSessionOCSPClientServer() )
1124  return( FALSE );
1125  if( !testSessionTSPClientServer() )
1126  return( FALSE );
1127  if( !testSessionTSPClientServerPersistent() )
1128  return( FALSE );
1129  if( !testSessionSCEPClientServer() )
1130  return( FALSE );
1131  if( !testSessionSCEPCACertClientServer() )
1132  return( FALSE );
1133  if( !testSessionCMPClientServer() )
1134  return( FALSE );
1135  if( !testSessionCMPSHA2ClientServer() )
1136  return( FALSE );
1137  if( !testSessionCMPPKIBootClientServer() )
1138  return( FALSE );
1139  if( !testSessionPNPPKIClientServer() )
1140  return( FALSE );
1141  if( !testSessionPNPPKICAClientServer() )
1142  return( FALSE );
1143  if( !testSessionCMPFailClientServer() )
1144  return( FALSE );
1145 
1146  /* The final set of loopback tests, which spawn a large number of
1147  threads, can be somewhat alarming due to the amount of message spew
1148  that they produce so we only run them on one specific development
1149  test machine */
1150 #if defined( __WINDOWS__ ) && !defined( _WIN32_WCE )
1151  {
1152  char name[ MAX_COMPUTERNAME_LENGTH + 1 ];
1153  int length = MAX_COMPUTERNAME_LENGTH + 1;
1154 
1155  if( GetComputerName( name, &length ) && length == 7 && \
1156  !memcmp( name, "WHISPER", length ) && 0 )
1157  {
1158  if( !testSessionSSHClientServerDualThread() )
1159  return( FALSE );
1160  if( !testSessionSSHClientServerMultiThread() )
1161  return( FALSE );
1162  if( !testSessionTLSClientServerMultiThread() )
1163  return( FALSE );
1164  }
1165  }
1166 #endif /* __WINDOWS__ && !WinCE */
1167  return( TRUE );
1168  }
1169 #else
1170 
1171 BOOLEAN testSessionsLoopback( void )
1172  {
1173  puts( "Skipping test of session routines...\n" );
1174  return( TRUE );
1175  }
1176 #endif /* TEST_SESSION_LOOPBACK */
1177 
1178 /****************************************************************************
1179 * *
1180 * Test Users *
1181 * *
1182 ****************************************************************************/
1183 
1184 #ifdef TEST_USER
1185 
1186 /* Test the user routines */
1187 
1188 BOOLEAN testUsers( void )
1189  {
1190  if( !testUser() )
1191  return( FALSE );
1192 
1193  return( TRUE );
1194  }
1195 #else
1196 
1197 BOOLEAN testUsers( void )
1198  {
1199  puts( "Skipping test of user routines...\n" );
1200  return( TRUE );
1201  }
1202 #endif /* TEST_USER */
Generated on Thu Jan 10 2013 10:00:55 for cryptlib by   doxygen 1.8.2