testlib.c

cryptlib安全工具包

		if( !testMACExportImport() )
			goto errorExit;
		}
	if( cryptStatusOK( cryptQueryCapability( CRYPT_ALGO_RSA, NULL ) ) )
		{
		/* Only test the PKC functions if RSA is enabled */
		if( !testKeyExportImport() )
			goto errorExit;
		if( !testSignData() )
			goto errorExit;
		if( !testKeygen() )
			goto errorExit;
		if( !testKeygenAsync() )
			goto errorExit;
		}
	/* No need for putchar, mid-level functions leave a blank line at end */
#else
	puts( "Skipping test of mid-level encryption routines...\n" );
#endif /* TEST_MIDLEVEL */

	/* Test the certificate management routines */
#ifdef TEST_CERT
	if( !testCert() )
		goto errorExit;
	if( !testCACert() )
		goto errorExit;
	if( !testXyzzyCert() )
		goto errorExit;
	if( !testTextStringCert() )
		goto errorExit;
	if( !testComplexCert() )
		goto errorExit;
	if( !testCertExtension() )
		goto errorExit;
	if( !testCustomDNCert() )
		goto errorExit;
	if( !testSETCert() )
		goto errorExit;
	if( !testAttributeCert() )
		goto errorExit;
	if( !testCertRequest() )
		goto errorExit;
	if( !testComplexCertRequest() )
		goto errorExit;
	if( !testCRMFRequest() )
		goto errorExit;
	if( !testComplexCRMFRequest() )
		goto errorExit;
	if( !testCRL() )
		goto errorExit;
	if( !testComplexCRL() )
		goto errorExit;
	if( !testRevRequest() )
		goto errorExit;
	if( !testCertChain() )
		goto errorExit;
	if( !testCMSAttributes() )
		goto errorExit;
	if( !testOCSPReqResp() )
		goto errorExit;
	if( !testCertImport() )
		goto errorExit;
	if( !testCertReqImport() )
		goto errorExit;
	if( !testCRLImport() )
		goto errorExit;
	if( !testCertChainImport() )
		goto errorExit;
	if( !testOCSPImport() )
		goto errorExit;
	if( !testBase64CertImport() )
		goto errorExit;
	if( !testBase64CertChainImport() )
		goto errorExit;
	if( !testMiscImport() )
		goto errorExit;
	if( !testNonchainCert() )
		goto errorExit;
	if( !testCertComplianceLevel() )
		goto errorExit;
	if( !testPKCS1Padding() )
		goto errorExit;
#if 0	/* This takes a while to run and produces a lot of output that won't
		   be meaningful to anyone other than cryptlib developers so it's
		   disabled by default */
	if( !testPathProcessing() )
		goto errorExit;
#endif /* 0 */
#else
	puts( "Skipping test of certificate managment routines...\n" );
#endif /* TEST_CERT */

	/* Test the keyset read routines */
#ifdef TEST_KEYSET
  #ifdef DATABASE_AUTOCONFIG
	checkCreateDatabaseKeysets();
  #endif /* DATABASE_AUTOCONFIG */
	if( !testGetPGPPublicKey() )
		goto errorExit;
	if( !testGetPGPPrivateKey() )
		goto errorExit;
	if( !testGetBorkenKey() )
		goto errorExit;
	if( !testReadWriteFileKey() )
		goto errorExit;
	if( !testReadBigFileKey() )
		goto errorExit;
	if( !testReadFilePublicKey() )
		goto errorExit;
	if( !testDeleteFileKey() )
		goto errorExit;
	if( !testUpdateFileCert() )
		goto errorExit;
	if( !testReadFileCert() )
		goto errorExit;
	if( !testReadFileCertPrivkey() )
		goto errorExit;
	if( !testWriteFileCertChain() )
		goto errorExit;
	if( !testReadFileCertChain() )
		goto errorExit;
	if( !testAddTrustedCert() )
		goto errorExit;
#if 0	/* This changes the global config file and is disabled by default */
	if( !testAddGloballyTrustedCert() )
		goto errorExit;
#endif /* 0 */
	if( !testWriteFileLongCertChain() )
		goto errorExit;
	if( !testSingleStepFileCert() )
		goto errorExit;
	if( !testDoubleCertFile() )
		goto errorExit;
	if( !testRenewedCertFile() )
		goto errorExit;
	if( !testReadMiscFile() )
		goto errorExit;
	status = testWriteCert();
	if( status == CRYPT_ERROR_NOTAVAIL )
		{
		puts( "Handling for certificate databases doesn't appear to be "
			  "enabled in this\nbuild of cryptlib, skipping the test of "
			  "the certificate database routines.\n" );
		}
	else
		{
		if( status == TRUE )
			{
			if( !testReadCert() )
				goto errorExit;
			if( !testKeysetQuery() )
				goto errorExit;

			/* The database plugin test will usually fail unless the user has
			   set up a plugin, so we don't check the return value */
			testWriteCertDbx();
			}
		}
	/* For the following tests we may have read access but not write access,
	   so we test a read of known-present certs before trying a write -
	   unlike the local keysets we don't need to add a cert before we can try
	   reading it */
	status = testReadCertLDAP();
	if( status == CRYPT_ERROR_NOTAVAIL )
		{
		puts( "Handling for LDAP certificate directories doesn't appear to "
			  "be enabled in\nthis build of cryptlib, skipping the test of "
			  "the certificate directory\nroutines.\n" );
		}
	else
		{
		/* LDAP access can fail if the directory doesn't use the standard
		   du jour, so we don't treat a failure as a fatal error */
		if( status )
			{
			/* LDAP writes are even worse than LDAP reads, so we don't
			   treat failures here as fatal either */
			testWriteCertLDAP();
			}
		}
	status = testReadCertURL();
	if( status == CRYPT_ERROR_NOTAVAIL )
		{
		puts( "Handling for fetching certificates from web pages doesn't "
			  "appear to be\nenabled in this build of cryptlib, skipping "
			  "the test of the HTTP routines.\n" );
		}
	else
		{
		/* Being able to read a cert from a web page is rather different from
		   access to an HTTP cert store, so we don't treat an error here as
		   fatal */
		if( status )
			testReadCertHTTP();
		}
#else
	puts( "Skipping test of keyset read routines...\n" );
#endif /* TEST_KEYSET */

	/* Test the certificate processing and CA cert management functionality.
	   A side-effect of the cert-management functionality is that the OCSP
	   EE test certs are written to the test data directory */
#ifdef TEST_CERTPROCESS
	if( !testCertProcess() )
		goto errorExit;
	status = testCertManagement();
	if( status == CRYPT_ERROR_NOTAVAIL )
		{
		puts( "Handling for CA certificate stores doesn't appear to be "
			  "enabled in this\nbuild of cryptlib, skipping the test of "
			  "the certificate management routines.\n" );
		}
	else
		{
		if( !status )
			goto errorExit;
		}
#else
	puts( "Skipping test of certificate handling/CA management...\n" );
#endif /* TEST_CERTPROCESS */

	/* Test the high-level routines (these are similar to the mid-level
	   routines but rely on things like certificate management to work) */
#ifdef TEST_HIGHLEVEL
	if( !testKeyExportImportCMS() )
		goto errorExit;
	if( !testSignDataCMS() )
		goto errorExit;
#endif /* TEST_HIGHLEVEL */

	/* Test the enveloping routines */
#ifdef TEST_ENVELOPE
	if( !testEnvelopeData() )
		goto errorExit;
	if( !testEnvelopeDataLargeBuffer() )
		goto errorExit;
	if( !testEnvelopeCompress() )
		goto errorExit;
	if( !testPGPEnvelopeCompressedDataImport() )
		goto errorExit;
	if( !testEnvelopeSessionCrypt() )
		goto errorExit;
	if( !testEnvelopeSessionCryptLargeBuffer() )
		goto errorExit;
	if( !testEnvelopeCrypt() )
		goto errorExit;
	if( !testEnvelopePasswordCrypt() )
		goto errorExit;
	if( !testPGPEnvelopePasswordCryptImport() )
		goto errorExit;
	if( !testEnvelopePKCCrypt() )
		goto errorExit;
	if( !testPGPEnvelopePKCCryptImport() )
		goto errorExit;
	if( !testEnvelopeSign() )
		goto errorExit;
	if( !testEnvelopeSignOverflow() )
		goto errorExit;
	if( !testPGPEnvelopeSignedDataImport() )
		goto errorExit;
	if( !testEnvelopeAuthenticate() )
		goto errorExit;
	if( !testEnvelopeAuthEnc() )
		goto errorExit;
	if( !testCMSEnvelopePKCCrypt() )
		goto errorExit;
	if( !testCMSEnvelopePKCCryptDoubleCert() )
		goto errorExit;
	if( !testCMSEnvelopePKCCryptImport() )
		goto errorExit;
	if( !testCMSEnvelopeSign() )
		goto errorExit;
	if( !testCMSEnvelopeDualSign() )
		goto errorExit;
	if( !testCMSEnvelopeDetachedSig() )
		goto errorExit;
	if( !testCMSEnvelopeSignedDataImport() )
		goto errorExit;
#else
	puts( "Skipping test of enveloping routines...\n" );
#endif /* TEST_ENVELOPE */

	/* Test the session routines */
#ifdef TEST_SESSION
	status = testSessionUrlParse();
	if( !status )
		goto errorExit;
	if( status == CRYPT_ERROR_NOTAVAIL )
		{
		puts( "Network access doesn't appear to be enabled in this build of "
			  "cryptlib,\nskipping the test of the secure session routines.\n" );
		}
	else
		{
		if( !checkNetworkAccess() )
			{
			puts( "Couldn't perform a test connect to a well-known site "
				  "(Amazon.com) which\nindicates that external network "
				  "access isn't available.  Is this machine\nsituated "
				  "behind a firewall?\n" );
			goto errorExit;
			}
		if( !testSessionAttributes() )
			goto errorExit;
		if( !testSessionSSHv1() )
			goto errorExit;
		if( !testSessionSSH() )
			goto errorExit;
		if( !testSessionSSHClientCert() )
			goto errorExit;
		if( !testSessionSSHPortforward() )
			goto errorExit;
		if( !testSessionSSHExec() )
			goto errorExit;
		if( !testSessionSSL() )
			goto errorExit;
		if( !testSessionSSLLocalSocket() )
			goto errorExit;
		if( !testSessionTLS() )
			goto errorExit;
		if( !testSessionTLS11() )
			goto errorExit;
#if 0	/* Nothing to test against yet */
		if( !testSessionTLS12() )
			goto errorExit;
#endif /* 0 */
		if( !testSessionOCSP() )
			goto errorExit;
		if( !testSessionTSP() )
			goto errorExit;
		if( !testSessionEnvTSP() )
			goto errorExit;
		if( !testSessionCMP() )
			goto errorExit;
		}
#endif /* TEST_SESSION */

	/* Test loopback client/server sessions.  These require a threaded OS 
	   and are aliased to no-ops on non-threaded systems.  In addition there 
	   can be synchronisation problems between the two threads if the server 
	   is delayed for some reason, resulting in the client waiting for a 
	   socket that isn't opened yet.  This isn't easy to fix without a lot 
	   of explicit intra-thread synchronisation, if there's a problem it's 
	   easier to just re-run the tests */
#ifdef TEST_SESSION_LOOPBACK
	if( !testSessionSSHv1ClientServer() )
		goto errorExit;
	if( !testSessionSSHClientServer() )
		goto errorExit;
	if( !testSessionSSHClientServerFingerprint() )
		goto errorExit;
	if( !testSessionSSHClientServerPortForward() )
		goto errorExit;
	if( !testSessionSSHClientServerExec() )
		goto errorExit;
	if( !testSessionSSHClientServerMultichannel() )
		goto errorExit;