test.h

提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发

  #define COMPRESS_FILE				"test/test.h"
#endif /* More MSC braindamage */

/* Since the handling of filenames can get unwieldy when we have large
   numbers of similar files, we use a function to map a filename template
   and number into an actual filename rather the having to use huge
   numbers of defines */

#define filenameFromTemplate( buffer, template, count ) \
		sprintf( buffer, template, count )

/* The password for private keys */

#define TEST_PRIVKEY_PASSWORD	"test"

/* The database keyset type and name.  Under Windoze we use ODBC, for
   anything else we use the first database which is enabled by a preprocessor
   define, defaulting to MySQL (which doesn't have to be available, if it's
   not present we continue after printing a warning) */

#if defined( _MSC_VER )
  #define DATABASE_KEYSET_TYPE	CRYPT_KEYSET_ODBC
  #define CERTSTORE_KEYSET_TYPE	CRYPT_KEYSET_ODBC_STORE
#elif defined( DBX_MYSQL )
  #define DATABASE_KEYSET_TYPE	CRYPT_KEYSET_MYSQL
  #define CERTSTORE_KEYSET_TYPE	CRYPT_KEYSET_MYSQL_STORE
#elif defined( DBX_DATABASE )
  #define DATABASE_KEYSET_TYPE	CRYPT_KEYSET_DATABASE
  #define CERTSTORE_KEYSET_TYPE	CRYPT_KEYSET_DATABASE_STORE
#else
  #define DATABASE_KEYSET_TYPE	CRYPT_KEYSET_MYSQL
  #define CERTSTORE_KEYSET_TYPE	CRYPT_KEYSET_MYSQL_STORE
#endif /* Various database backends */
#define DATABASE_KEYSET_NAME		"testkeys"
#define CERTSTORE_KEYSET_NAME		"testcertstore"
#define DATABASE_PLUGIN_KEYSET_NAME	"localhost:6500"

/* Some LDAP keyset names and names of probably-present certs and CRLs.  
   These keysets (and their contents) come and go, so we have a variety of 
   them and try them in turn until something works.  There's a list of more 
   LDAP servers at http://www.dante.net/np/pdi.html, but none of these are 
   known to contain certificates */

#define LDAP_KEYSET_NAME1		"ldap.diginotar.nl"
#define LDAP_CERT_NAME1			"cn=Root Certificaat Productie, "\
								"o=DigiNotar Root,c=NL"
#define LDAP_CRL_NAME1			"CN=CRL Productie,O=DigiNotar CRL,C=NL"
#define LDAP_KEYSET_NAME2		"ds.katalog.posten.se"
#define LDAP_CERT_NAME2			"cn=Posten CertPolicy_eIDKort_1 CA_nyckel_1, " \
								"o=Posten_Sverige_AB 556451-4148, c=SE"
#define LDAP_CRL_NAME2			"cn=Posten CertPolicy_eIDKort_1 CA_nyckel_1, " \
								"o=Posten_Sverige_AB 556451-4148, c=SE"

/* The HTTP keyset names (actually URLs for pages containing a cert and
   CRL) */

#define HTTP_KEYSET_CERT_NAME	"www.thawte.com/persfree.crt"
#define HTTP_KEYSET_CRL_NAME	"crl.verisign.com/Class1Individual.crl"

/* The SSH, SSL, TLS, and TSP (for the CMS enveloping test) default server
   names and authentication information.  There are so many TSP, OCSP, and
   CMP servers, and they never stay around for long, that we allow remapping
   in the functions where the secure session tests are performed */

#define SSH1_SERVER_NAME		"localhost"
#define SSH2_SERVER_NAME		"localhost"
#define SSH_USER_NAME			"test"
#define SSH_PASSWORD			"test"
#define SSL_SERVER1_NAME		"localhost"
#define SSL_SERVER2_NAME		"https://www.amazon.com"
#define TLS_SERVER1_NAME		"localhost"
#define TLS_SERVER2_NAME		"https://www.amazon.com"
#define TSP_DEFAULTSERVER_NAME	"test.timeproof.de"

/* Labels for the various public-key objects.  These are needed when the
   underlying implementation creates persistent objects (eg keys held in PKCS
   #11 tokens) which need to be identified */

#define RSA_PUBKEY_LABEL		"Test RSA public key"
#define RSA_PRIVKEY_LABEL		"Test RSA private key"
#define RSA_BIG_PRIVKEY_LABEL	"Test RSA big private key"
#define DSA_PUBKEY_LABEL		"Test DSA sigcheck key"
#define DSA_PRIVKEY_LABEL		"Test DSA signing key"
#define ELGAMAL_PUBKEY_LABEL	"Test Elgamal public key"
#define ELGAMAL_PRIVKEY_LABEL	"Test Elgamal private key"
#define DH_KEY1_LABEL			"Test DH key #1"
#define DH_KEY2_LABEL			"Test DH key #2"
#define CA_PRIVKEY_LABEL		RSA_PRIVKEY_LABEL
#define USER_PRIVKEY_LABEL		"Test user key"
#define USER_EMAIL				"dave@wetaburgers.com"
#define DUAL_SIGNKEY_LABEL		"Test signing key"
#define DUAL_ENCRYPTKEY_LABEL	"Test encryption key"
#define SSH_PRIVKEY_LABEL		"SSH host key"

/* A structure which allows us to specify a collection of extension
   components.  This is used when adding a collection of extensions to a
   cert */

typedef enum { IS_VOID, IS_NUMERIC, IS_STRING, IS_TIME } COMPONENT_TYPE;

typedef struct {
	const CRYPT_ATTRIBUTE_TYPE type;/* Extension component ID */
	const COMPONENT_TYPE componentType;	/* Component type */
	const int numericValue;			/* Value if numeric */
	const char *stringValue;		/* Value if string */
	const time_t timeValue;			/* Value if time */
	} CERT_DATA;

/****************************************************************************
*																			*
*								Utility Functions							*
*																			*
****************************************************************************/

/* Prototypes for functions in certutil.c */

void printCertErrorInfo( const CRYPT_CERTIFICATE certificate );
int printCertInfo( const CRYPT_CERTIFICATE certificate );
int printCertChainInfo( const CRYPT_CERTIFICATE certChain );
void printExtError( const CRYPT_HANDLE cryptHandle,
					const char *functionName, const int functionStatus,
					const int lineNo );
int importCertFile( CRYPT_CERTIFICATE *cryptCert, const char *fileName );
int importCertFromTemplate( CRYPT_CERTIFICATE *cryptCert,
							const char *template, const int number );
int addCertFields( const CRYPT_CERTIFICATE certificate,
				   const CERT_DATA *certData );
int getPublicKey( CRYPT_CONTEXT *cryptContext, const char *keysetName,
				  const char *keyName );
int getPrivateKey( CRYPT_CONTEXT *cryptContext, const char *keysetName,
				   const char *keyName, const char *password );
void debugDump( const char *fileName, const void *data,
				const int dataLength );

/* Exit with an error message, in certutil.c.  attrErrorExit() prints the
   locus and type, extErrorExit() prints the extended error code and
   message */

BOOLEAN attrErrorExit( const CRYPT_HANDLE cryptHandle,
					   const char *functionName, const int errorCode,
					   const int lineNumber );
BOOLEAN extErrorExit( const CRYPT_HANDLE cryptHandle,
					  const char *functionName, const int errorCode,
					  const int lineNumber );

/* Prototypes for functions in testcert.c */

BOOLEAN certErrorExit( const CRYPT_HANDLE cryptHandle,
					   const char *functionName, const int errorCode,
					   const int lineNumber );

/* Prototypes for functions in testlib.c */

#if defined( UNIX_THREADS ) || defined( WINDOWS_THREADS ) || defined( OS2_THREADS )
  void delayThread( const int seconds );
#else
  #define delayThread( x )
#endif /* Systems with threading support */
CRYPT_ALGO selectCipher( const CRYPT_ALGO algorithm );

/* Prototypes for functions in testll.c */

BOOLEAN loadRSAContextsEx( const CRYPT_DEVICE cryptDevice,
						   CRYPT_CONTEXT *cryptContext,
						   CRYPT_CONTEXT *decryptContext,
						   const char *cryptContextLabel,
						   const char *decryptContextLabel );
BOOLEAN loadRSAContexts( const CRYPT_DEVICE cryptDevice,
						 CRYPT_CONTEXT *cryptContext,
						 CRYPT_CONTEXT *decryptContext );
BOOLEAN loadDSAContextsEx( const CRYPT_DEVICE cryptDevice,
						   CRYPT_CONTEXT *signContext,
						   CRYPT_CONTEXT *sigCheckContext,
						   const char *signContextLabel,
						   const char *sigCheckContextLabel );
BOOLEAN loadDSAContexts( const CRYPT_DEVICE cryptDevice,
						 CRYPT_CONTEXT *signContext,
						 CRYPT_CONTEXT *sigCheckContext );
BOOLEAN loadElgamalContexts( CRYPT_CONTEXT *cryptContext,
							 CRYPT_CONTEXT *decryptContext );
BOOLEAN loadDHContexts( CRYPT_CONTEXT *cryptContext1,
						CRYPT_CONTEXT *cryptContext2, int keySize );
void destroyContexts( const CRYPT_DEVICE cryptDevice,
					  CRYPT_CONTEXT cryptContext,
					  CRYPT_CONTEXT decryptContext );
int testLowlevel( const CRYPT_DEVICE cryptDevice, const CRYPT_ALGO cryptAlgo,
				  const BOOLEAN checkOnly );

/* Prototypes for functions in testenv.c */

int testCMSEnvelopeSignEx( const CRYPT_CONTEXT signContext );
int testCMSEnvelopePKCCryptEx( const CRYPT_HANDLE encryptContext,
							   const CRYPT_HANDLE decryptKeyset,
							   const char *password );

/* Prototypes for functions in testsess.c */

int testSessionTSPServerEx( const CRYPT_CONTEXT privKeyContext );

/****************************************************************************
*																			*
*								Test Functions								*
*																			*
****************************************************************************/

/* Prototypes for functions in testhl.c */

int testLargeBufferEncrypt( void );
int testDeriveKey( void );
int testRandomRoutines( void );
int testConventionalExportImport( void );
int testMACExportImport( void );
int testKeyExportImport( void );
int testSignData( void );
int testKeyAgreement( void );
int testKeygen( void );
int testKeygenAsync( void );
int testKeyExportImportCMS( void );
int testSignDataCMS( void );

/* Prototypes for functions in testdev.c */

int testDevices( void );
int testUser( void );

/* Prototypes for functions in testkey.c */

int testGetPGPPublicKey( void );
int testGetPGPPrivateKey( void );
int testGetOpenPGPPublicKey( void );
int testGetOpenPGPPrivateKey( void );
int testGetBorkenKey( void );
int testReadWriteFileKey( void );
int testReadFilePublicKey( void );
int testAddTrustedCert( void );
int testAddGloballyTrustedCert( void );
int testDeleteFileKey( void );
int testChangeFileKeyPassword( void );
int testUpdateFileCert( void );
int testWriteFileCertChain( void );
int testReadFileCert( void );
int testReadFileCertChain( void );
int testSingleStepFileCert( void );
int testDoubleCertFile( void );
int testRenewedCertFile( void );
int testWriteCert( void );
int testReadCert( void );
int testKeysetQuery( void );
int testWriteCertDbx( void );
int testWriteCertLDAP( void );
int testReadCertLDAP( void );
int testReadCertURL( void );
int testReadCertHTTP( void );

/* Prototypes for functions in testenv.c */

int testEnvelopeData( void );
int testLargeBufferEnvelopeData( void );
int testEnvelopeCompress( void );
int testEnvelopeCompressedDataImport( void );
int testEnvelopeSessionCrypt( void );
int testEnvelopeCrypt( void );
int testEnvelopeCryptImport( void );
int testEnvelopePKCCrypt( void );
int testEnvelopePKCCryptImport( void );
int testEnvelopeSign( void );
int testEnvelopeSignedDataImport( void );
int testEnvelopeAuthenticate( void );
int testCMSEnvelopePKCCrypt( void );
int testCMSEnvelopePKCCryptDoubleCert( void );
int testCMSEnvelopeSign( void );
int testCMSEnvelopeDetachedSig( void );
int testCMSEnvelopeSignedDataImport( void );

/* Prototypes for functions in testcert.c */

int testCert( void );
int testCACert( void );
int testXyzzyCert( void );
int testComplexCert( void );
int testCertExtension( void );
int testCustomDNCert( void );
int testSETCert( void );
int testAttributeCert( void );
int testCRL( void );
int testComplexCRL( void );
int testCertChain( void );
int testCertRequest( void );
int testComplexCertRequest( void );
int testCRMFRequest( void );
int testComplexCRMFRequest( void );
int testRevRequest( void );
int testCMSAttributes( void );
int testOCSPReqResp( void );
int testPKIUser( void );
int testCertImport( void );
int testCertReqImport( void );
int testCRLImport( void );
int testCertChainImport( void );
int testOCSPImport( void );
int testCertProcess( void );
int testCertManagement( void );

/* Prototypes for functions in testsess.c (the last one is actually in with
   the enveloping code because the only way to fully exercise the TS
   functionality is by using it to timestamp an S/MIME signature) */

int testSessionSSHv1( void );
int testSessionSSHv2( void );
int testSessionSSHClientCert( void );
int testSessionSSHServer( void );
int testSessionSSL( void );
int testSessionSSLClientCert( void );
int testSessionSSLServer( void );
int testSessionSSLServerClientCert( void );
int testSessionTLS( void );
int testSessionTLSServer( void );
int testSessionOCSP( void );
int testSessionOCSPServer( void );
int testSessionTSP( void );
int testSessionTSPServer( void );
int testSessionCMP( void );
int testSessionCMPServer( void );
int testSessionEnvTSP( void );

/* Functions to test local client/server sessions.  These require threading
   support since they run the client and server in different threads */

#ifdef WINDOWS_THREADS
  int testSessionSSHClientServer( void );
  int testSessionSSLClientServer( void );
  int testSessionSSLClientCertClientServer( void );
  int testSessionTLSClientServer( void );
  int testSessionOCSPClientServer( void );
  int testSessionTSPClientServer( void );
  int testSessionCMPClientServer( void );
#else
  #define testSessionSSHClientServer()				TRUE
  #define testSessionSSLClientServer()				TRUE
  #define testSessionSSLClientCertClientServer()	TRUE
  #define testSessionTLSClientServer()				TRUE
  #define testSessionOCSPClientServer()				TRUE
  #define testSessionTSPClientServer()				TRUE
  #define testSessionCMPClientServer()				TRUE
#endif /* WINDOWS_THREADS */