Esempio n. 1
0
/*
 * This test attempts to use a client certificate to
 * verify the TLS client authentiaiton is working.
 * The certificate used is signed by the explicit cert
 * chain. Valid HTTP authentication credentials are
 * also provided.  This should succeed.
 */
static void us901_test21(void) {
    long rv;
    int st_rv;

    st_rv = us901_start_server('B');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    SLEEP(1);
    rv = curl_http_post_certuid(US901_ENROLL_URL,
    US901_PKCS10_CT,
    US901_PKCS10_REQ,
    US901_UIDPWD_GOOD,
    US901_EXPLICIT_CERT,
    US901_EXPLICIT_KEY,
    US901_CACERTS,
    NULL);
    /*
     * Since we passed in a valid userID/password,
     * we expect the server to respond with 200
     */
    CU_ASSERT(rv == 200);
    st_stop();
    SLEEP(1);
}
Esempio n. 2
0
int st_buffer_delay(uint32_t milliseconds, int16_t line_number) {
  struct Block 	*block;

  if (milliseconds==0) {
    st_stop();
  	return 0;
  }
	
  while (st_buffer_full()) { sleep_mode();}  // makes sure there are two

/*                                             // slots left on buffer
 printPgmString(PSTR("in st_buffer_delay. Delay = "));
 printInteger(milliseconds);
 printPgmString(PSTR("\r\n"));*/
 
 
   // Setup block record
  block = &block_buffer[block_buffer_head];
  block->backlash=0;
  block->line_number = line_number;
  
  block->maximum_steps = milliseconds;
  block->rate = 1000;
  block->mode = SM_HALT;

  // Move buffer head
  block_buffer_head = (block_buffer_head + 1) % BLOCK_BUFFER_SIZE;	//next_buffer_head;
  
  // Ensure that blocks will be processed by enabling the Stepper Driver Interrupt
  ENABLE_STEPPER_DRIVER_INTERRUPT();
  return 1;
}
Esempio n. 3
0
/*
 * This routine is called when CUnit uninitializes this test
 * suite.  This can be used to deallocate data or close any
 * resources that were used for the test cases.
 */
static int us895_destroy_suite (void)
{
    st_stop();
    st_proxy_stop();
    SLEEP(2);
    return 0;
}
Esempio n. 4
0
/*
 * This test attempts to enroll without using a certificate
 * to identity the client, while using a good user ID/pwd.
 * However, the EST server is setup to only perform
 * certificate authentication (HTTP auth disabled).
 * This should fail with a 401 response.
 */
static void us901_test23(void) {
    long rv;
    int st_rv;

    st_rv = us901_start_server('N');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    SLEEP(1);
    rv = curl_http_post(US901_ENROLL_URL,
    US901_PKCS10_CT,
    US901_PKCS10_REQ,
    US901_UIDPWD_GOOD,
    US901_CACERTS,
    CURLAUTH_BASIC,
    NULL, NULL, NULL);
    /*
     * Since we passed in an invalid userID/password,
     * we expect the server to respond with 401
     */
    CU_ASSERT(rv == 401);
    st_stop();
    SLEEP(1);
}
Esempio n. 5
0
/*
 * This test attempts to use a revoked client certificate to
 * verify CRL checks are working in the TLS layer.
 * This should fail.
 */
static void us901_test12(void) {
    long rv;
    int st_rv;

    st_rv = us901_start_server('R');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    SLEEP(1);
    rv = curl_http_post_cert(US901_ENROLL_URL,
    US901_PKCS10_CT,
    US901_PKCS10_REQ,
    US901_REVOKED_CERT,
    US901_REVOKED_KEY,
    US901_CACERTS,
    NULL);

    /*
     * Since the client cert has been revoked the TLS handshake
     * will fail.  The EST server should return a 401 response.
     */
    CU_ASSERT(rv == 0);
    st_stop();
}
Esempio n. 6
0
/*
 * This test attempts to use a self-signed client certificate to
 * verify cert chain will reject a cert that has not been
 * signed by a valid CA.  This should fail.
 */
static void us901_test13(void) {
    long rv;
    int st_rv;

    st_rv = us901_start_server('D');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    SLEEP(1);
    rv = curl_http_post_cert(US901_ENROLL_URL,
    US901_PKCS10_CT,
    US901_PKCS10_REQ,
    US901_SELFSIGN_CERT,
    US901_SELFSIGN_KEY,
    US901_CACERTS,
    NULL);

    /*
     * Since the client cert is not signed by either the local CA
     * or external CA, the TLS handshake will fail.
     * We will not receive an HTTP status message
     * from the server.
     */
    CU_ASSERT(rv == 0);
    st_stop();
}
Esempio n. 7
0
File: us893.c Progetto: DDvO/libest
/*
 * This routine is called when CUnit uninitializes this test
 * suite.  This can be used to deallocate data or close any
 * resources that were used for the test cases.
 */
static int us893_destory_suite (void)
{
    st_stop();
    st_proxy_stop();
    free(cacerts);
    return 0;
}
Esempio n. 8
0
/*
 * This test case does a simple cacerts request
 * and looks for the HTTP 200 response code.
 */
static void us901_test5(void) {
    long rv;
    char cmd[200];
    int st_rv;

    st_rv = us901_start_server('D');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    SLEEP(1);

    outfile = fopen(test5_outfile, "w");
    rv = curl_http_get(US901_CACERT_URL, US901_CACERTS, &write_func);
    fclose(outfile);

    /*
     * we expect the server to respond with a 200
     */
    CU_ASSERT(rv == 200);

    sprintf(cmd,
            "openssl base64 -d -in %s | openssl pkcs7 -inform DER -text -print_certs",
            test5_outfile);
    rv = system(cmd);
    CU_ASSERT(rv == 0);
    st_stop();
    SLEEP(1);
}
Esempio n. 9
0
/*
 * This test case attempts simple cacerts request using
 * POST instead of GET.  It should fail.
 */
static void us901_test20(void) {
    long rv;
    int st_rv;

    st_rv = us901_start_server('D');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    SLEEP(1);

    outfile = fopen(test5_outfile, "w");
    rv = curl_http_post(US901_CACERT_URL, US901_PKCS10_CT, US901_PKCS10_REQ,
    US901_UIDPWD_GOOD, US901_CACERTS, CURLAUTH_BASIC,
    NULL, NULL, NULL);
    fclose(outfile);

    /*
     * we expect the server to respond with a 400
     */
    CU_ASSERT(rv == 400);
    st_stop();
    SLEEP(1);
}
Esempio n. 10
0
/*
 * This test will initialize EST w/o a trust anchor,
 * enable SRP, and perform a simpleenroll. 
 * This should succeed since SRP doesn't require a
 * trust anchor.
 */
static void us1060_test104 ()
{
    EST_CTX *ectx;
    EVP_PKEY *new_key;
    int rv;
    int pkcs7_len = 0;

    LOG_FUNC_NM;

    /*
     * We need to restart the EST server using an RSA key
     * None of the SRP cipher suites support ECDSA
     */
    st_stop();
    sleep(2);
    us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 1);

    /*
     * Create a client context 
     */
    ectx = est_client_init(NULL, 0, EST_CERT_FORMAT_PEM, NULL);
    CU_ASSERT(ectx != NULL);

    /*
     * Set the authentication mode to use a user id/password
     */
    rv = est_client_set_auth(ectx, US1060_UID, US1060_PWD, NULL, NULL);
    CU_ASSERT(rv == EST_ERR_NONE);

    /*
     * Set the EST server address/port
     */
    est_client_set_server(ectx, US1060_SERVER_IP, US1060_SERVER_PORT);

    /*
     * Enable SRP on the client
     */
    rv = est_client_enable_srp(ectx, 1024, US1060_UID, US1060_PWD); 

    /*
     * generate a new private key
     */
    new_key = generate_private_key();
    CU_ASSERT(new_key != NULL);

    /*
     * Attempt to provision a new cert
     */
    rv = est_client_enroll(ectx, "US1060_TEST104", &pkcs7_len, new_key);
    CU_ASSERT(rv == EST_ERR_NONE);

    /*
     * Cleanup
     */
    EVP_PKEY_free(new_key);
    est_destroy(ectx);
}
Esempio n. 11
0
/*
 * This routine is called when CUnit uninitializes this test
 * suite.  This can be used to deallocate data or close any
 * resources that were used for the test cases.
 */
static int us1060c_destroy_suite (void)
{
    if (srpdb) {
	SRP_VBASE_free(srpdb);
    }

    st_stop();
    free(cacerts);
    return 0;
}
Esempio n. 12
0
/*
 * Simple "happy path" test case using the easy provision
 * API with SRP disabled.
 */
static void us1060c_test100 (void)
{
    LOG_FUNC_NM;

    st_stop();
    SLEEP(2);
    us1060c_start_server(US1060C_SERVER_CERTKEY, US1060C_SERVER_CERTKEY, 0, 0, 1);

    us1060c_easy_provision(0, 1, NULL, US1060C_SERVER_PORT, EST_ERR_NONE);
}
Esempio n. 13
0
/*
 * Simple "happy path" test case using the easy provision
 * API with SRP disabled.
 */
static void us1060_test100 ()
{
    LOG_FUNC_NM;

    st_stop();
    sleep(2);
    us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 1);

    us1060_easy_provision(0, 1, NULL, US1060_SERVER_PORT, EST_ERR_NONE);
}
Esempio n. 14
0
static void us901_test_sslversion(const SSL_METHOD *m, int expect_fail) {
    BIO *conn;
    SSL *ssl;
    SSL_CTX *ssl_ctx = NULL;
    int rv;
    int st_rv;

    st_rv = us901_start_server('D');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    ssl_ctx = SSL_CTX_new(m);
    CU_ASSERT(ssl_ctx != NULL);

    /*
     * Now that the SSL context is ready, open a socket
     * with the server and bind that socket to the context.
     */
    conn = open_tcp_socket_ipv4("127.0.0.1", "29901");
    CU_ASSERT(conn != NULL);

    /*
     * Creaea SSL session context
     */
    ssl = SSL_new(ssl_ctx);
    SSL_set_bio(ssl, conn, conn);

    /*
     * Now that we have everything ready, let's initiate the TLS
     * handshake.
     */
    rv = SSL_connect(ssl);
    if (!expect_fail) {
        CU_ASSERT(rv > 0);
    } else {
        CU_ASSERT(rv <= 0);
    }

    /*
     * Cleanup all the data
     */
    SSL_shutdown(ssl);
    SSL_free(ssl);
    SSL_CTX_free(ssl_ctx);
    st_stop();
    SLEEP(1);
}
Esempio n. 15
0
/*
 * This test will enable a just the SRP-RSA-AES-128-CBC-SHA
 * cipher suite, which forces the server to send a certificate
 * to the client while SRP is used.  The FQDN check should occur
 * and succeed.
 */
static void us1060_test102 ()
{
    LOG_FUNC_NM;

    /*
     * We need to restart the EST server using an RSA key
     * None of the SRP cipher suites support ECDSA
     */
    st_stop();
    sleep(2);
    us1060_start_server(US1060_RSA_CERT, US1060_RSA_KEY, 0, 0, 1);

    us1060_easy_provision(1, 1, "SRP-RSA-AES-128-CBC-SHA", US1060_SERVER_PORT, EST_ERR_NONE);
}
Esempio n. 16
0
/*
 * This test case is verifies the happy path when EST
 * proxy is configured in SRP mode.  The client will attempt
 * to use SRP.  The connection between the proxy and
 * server does not use SRP.  We perform a simple enroll
 * operation.
 */
static void us1060_test200 ()
{
    long rv;

    LOG_FUNC_NM;

    /*
     * Restart the EST server with SRP disabled
     */
    st_stop();
    sleep(2);
    rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 0);
    CU_ASSERT(rv == 0);

    rv = curl_http_post_srp(US1060_PROXY_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, 
	                    US1060_UIDPWD_GOOD, NULL, CURLAUTH_BASIC, 
			    NULL, "srp_user", "srp_pwd", NULL, NULL);
    /* 
     * Since we passed in a valid SRP userID/password,
     * we expect the server to respond with success
     */
    CU_ASSERT(rv == 200);
}
Esempio n. 17
0
/*
 * TLS anonymous cipher suites disabled
 *
 * This test case uses libcurl to test that the
 * EST server will not accept anonymous cipher
 * suites from the client.  We only test a single
 * cipher suite here.  This attempts to do a
 * simple enroll with the server.
 */
static void us901_test14(void) {
    long rv;
    int st_rv;

    st_rv = us901_start_server('D');
    if (st_rv) {
        return;
    }

    LOG_FUNC_NM
    ;

    SLEEP(1);
    rv = curl_http_post(US901_ENROLL_URL, US901_PKCS10_CT, US901_PKCS10_REQ,
    US901_UIDPWD_GOOD, US901_CACERTS, CURLAUTH_BASIC, "ADH-AES128-SHA256", NULL,
            NULL);
    /*
     * TLS handshake should have failed, curl should return 0
     */
    CU_ASSERT(rv == 0);
    st_stop();
    SLEEP(1);
}
Esempio n. 18
0
/****************************************************************************
 *  Exported Functions
 ****************************************************************************/
uint8 stt_test_1(void)
{
    uint8 result = STT_SUCCESS;
    char string_0[ST_NODE_LIMIT] = {0};
    
    UART_1_Start();
    
    UART_1_PutString("\x1b\x5b\x32\x4a");
    UART_1_PutString("FINITE STATE MACHINE LIBRARY TEST\r\n");
    UART_1_PutString("\r\n");
    UART_1_PutString("Test\tFunction\t\tResult\r\n");
    UART_1_PutString("----\t--------\t\t------\r\n");
    
    /*
     *  Initialise test.
     */
    if (result == STT_SUCCESS)
    {
        st_start();
        
        UART_1_PutString("   -\tInitialise test...\tPASS\r\n");
    }
    
    /*
     *  Test st_add_key().
     */
    if (result == STT_SUCCESS)
    {
        if (st_add_key(NULL) == ST_BAD_ARGUMENT)
        {
            UART_1_PutString("   1\tst_add_key()\t\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   1\tst_add_key()\t\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    if (result == STT_SUCCESS)
    {
        if (st_add_key("A") == ST_SUCCESS)
        {
            UART_1_PutString("   2\tst_add_key()\t\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   2\tst_add_key()\t\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
        
    /*
     *  Test st_get_limit().
     */
    if (result == STT_SUCCESS)
    {
        if (st_get_limit() == ST_NODE_LIMIT)
        {
            UART_1_PutString("   3\tst_get_limit()\t\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   3\tst_get_limit()\t\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Initialise st_set_limit() test.
     */
    if (result == STT_SUCCESS)
    {
        if (st_add_key("B") == ST_SUCCESS)
        {
            UART_1_PutString("   -\tInitialise test...\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   -\tInitialise test...\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    if (result == STT_SUCCESS)
    {
        if (st_add_key("C") == ST_SUCCESS)
        {
            UART_1_PutString("   -\tInitialise test...\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   -\tInitialise test...\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Test st_set_limit().
     */
    if (result == STT_SUCCESS)
    {
        if (st_set_limit(1) == ST_FAILURE)
        {
            UART_1_PutString("   4\tst_set_limit()\t\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   4\tst_set_limit()\t\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    if (result == STT_SUCCESS)
    {
        if (st_set_limit(0) == ST_SUCCESS)
        {
            UART_1_PutString("   5\tst_set_limit()\t\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   5\tst_set_limit()\t\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Test st_copy_buffer().
     */
    if (result == STT_SUCCESS)
    {
        if (st_copy_buffer(NULL) == ST_BAD_ARGUMENT)
        {
            UART_1_PutString("   6\tst_copy_buffer()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   6\tst_copy_buffer()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    if (result == STT_SUCCESS)
    {
        if (st_copy_buffer(string_0) == ST_SUCCESS)
        {
            UART_1_PutString("   7\tst_copy_buffer()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   7\tst_copy_buffer()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    if (result == STT_SUCCESS)
    {
        if (strcmp(string_0, "ABC") == ST_SUCCESS)
        {
            UART_1_PutString("   8\tst_copy_buffer()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   8\tst_copy_buffer()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
        
    /*
     *  Test st_get_count().
     */
    if (result == STT_SUCCESS)
    {
        if (st_get_count() == 3)
        {
            UART_1_PutString("   9\tst_get_count()\t\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   9\tst_get_count()\t\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
        
    /*
     *  Test st_empty_buffer().
     */
    if (result == STT_SUCCESS)
    {
        st_empty_buffer();
        
        if (st_get_count() == 0)
        {
            UART_1_PutString("  10\tst_empty_buffer()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  10\tst_empty_buffer()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Test st_copy_buffer().
     */
    if (result == STT_SUCCESS)
    {
        if (st_copy_buffer(string_0) == ST_EMPTY)
        {
            UART_1_PutString("  11\tst_copy_buffer()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  11\tst_copy_buffer()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Test st_is_valid_input().
     */
    if (result == STT_SUCCESS)
    {
        if (st_is_valid_input() == ST_FAILURE)
        {
            UART_1_PutString("  12\tst_is_valid_input()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  12\tst_is_valid_input()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Initialise st_is_valid_input() test.
     */
    if (result == STT_SUCCESS)
    {
        if (st_add_key("C") == ST_SUCCESS)
        {
            UART_1_PutString("   -\tInitialise test...\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   -\tInitialise test...\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Test st_is_valid_input().
     */
    if (result == STT_SUCCESS)
    {
        if (st_is_valid_input() == ST_SUCCESS)
        {
            UART_1_PutString("  13\tst_is_valid_input()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  13\tst_is_valid_input()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    if (result == STT_SUCCESS)
    {   
        if (st_get_count() == 0)
        {
            UART_1_PutString("  14\tst_is_valid_input()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  14\tst_is_valid_input()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Test st_set_state().
     */
    if (result == STT_SUCCESS)
    {
        if (st_set_state(ST_STATE_MAXIMUM) == ST_BAD_ARGUMENT)
        {
            UART_1_PutString("  15\tst_set_state()\t\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  15\tst_set_state()\t\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
     
    if (result == STT_SUCCESS)
    {
        if (st_set_state(ST_STATE_4) == ST_SUCCESS)
        {
            UART_1_PutString("  16\tst_set_state()\t\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  16\tst_set_state()\t\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Initialise st_is_valid_input() test.
     */
    if (result == STT_SUCCESS)
    {
        if (st_add_key("\r") == ST_SUCCESS)
        {
            UART_1_PutString("   -\tInitialise test...\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   -\tInitialise test...\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Test st_is_valid_input().
     */
    if (result == STT_SUCCESS)
    {
        if (st_is_valid_input() == ST_SUCCESS)
        {
            UART_1_PutString("  17\tst_is_valid_input()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  17\tst_is_valid_input()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    if (result == STT_SUCCESS)
    {   
        if (st_get_count() == 1)
        {
            UART_1_PutString("  18\tst_is_valid_input()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  18\tst_is_valid_input()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Initialise st_is_valid_input() test.
     */
    if (result == STT_SUCCESS)
    {
        if (st_set_state(ST_STATE_2) == ST_SUCCESS)
        {
            UART_1_PutString("   -\tInitialise test...\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("   -\tInitialise test...\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Test st_is_valid_input().
     */
    if (result == STT_SUCCESS)
    {   
        if (st_is_valid_input() == ST_FAILURE)
        {
            UART_1_PutString("  19\tst_is_valid_input()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  19\tst_is_valid_input()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    if (result == STT_SUCCESS)
    {
        st_set_bit(ST_HARDWARE_EVENT);
        
        if (st_is_valid_input() == ST_SUCCESS)
        {
            UART_1_PutString("  20\tst_is_valid_input()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  20\tst_is_valid_input()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
    
    /*
     *  Initialise st_is_valid_input() test.
     */
    if (result == STT_SUCCESS)
    {
        st_clear_bit(ST_CARRIAGE_RETURN);
        
        UART_1_PutString("   -\tInitialise test...\tPASS\r\n");
    }
    
    /*
     *  Test st_is_valid_input().
     */
    if (result == STT_SUCCESS)
    {   
        if (st_is_valid_input() == ST_FAILURE)
        {
            UART_1_PutString("  21\tst_is_valid_input()\tPASS\r\n");
        }
        else
        {
            UART_1_PutString("  21\tst_is_valid_input()\tFAIL\r\n");
            result = STT_FAILURE;
        }
    }
        
    /*
     *  Report test result.
     */
    if (result == STT_SUCCESS)
    {
        UART_1_PutString("\r\n");
        UART_1_PutString("TEST PASSED\r\n");
    }
    else
    {
        UART_1_PutString("\r\n");
        UART_1_PutString("TEST FAILED\r\n");
    }
    
    /*
     *  Clean-up test.
     */
    while (UART_1_ReadTxStatus() != UART_1_TX_STS_FIFO_EMPTY)
    {
        CyDelay(1);
    }
    
    UART_1_Stop();
    
    st_stop();
    
    return result;
}
Esempio n. 19
0
void us748_stop_server() 
{
    st_stop();
    st_proxy_stop();
    sleep(2);
}
Esempio n. 20
0
void us1190_stop_server ()
{
    st_stop();
    SLEEP(2);
}
Esempio n. 21
0
/*
 * This test does a simple enroll with SRP using a
 * non-default value for the SRP strength.
 */
static void us1060_test106 ()
{
    EST_CTX *ectx;
    EVP_PKEY *new_key;
    int rv;
    int pkcs7_len = 0;

    LOG_FUNC_NM;

    /*
     * We need to restart the EST server using an RSA key
     * None of the SRP cipher suites support ECDSA
     */
    st_stop();
    sleep(2);
    rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 1);

    /*
     * Create a client context 
     */
    ectx = est_client_init(NULL, 0, EST_CERT_FORMAT_PEM, NULL);
    CU_ASSERT(ectx != NULL);

    /*
     * Set the authentication mode to use a user id/password
     */
    rv = est_client_set_auth(ectx, US1060_UID, US1060_PWD, NULL, NULL);
    CU_ASSERT(rv == EST_ERR_NONE);

    /*
     * Set the EST server address/port
     */
    est_client_set_server(ectx, US1060_SERVER_IP, US1060_SERVER_PORT);

    /*
     * Enable SRP on the client
     * Use a strength below the minimum
     */
    rv = est_client_enable_srp(ectx, 1023, US1060_UID, US1060_PWD); 
    CU_ASSERT(rv == EST_ERR_SRP_STRENGTH_LOW);

    /*
     * Enable SRP on the client
     * Use a strength slightly larger then the N value in passwd.srpv
     */
    rv = est_client_enable_srp(ectx, 1537, US1060_UID, US1060_PWD); 
    CU_ASSERT(rv == EST_ERR_NONE);

    /*
     * generate a new private key
     */
    new_key = generate_private_key();
    CU_ASSERT(new_key != NULL);

    /*
     * Attempt to provision a new cert
     */
    rv = est_client_enroll(ectx, "US1060_TEST106a", &pkcs7_len, new_key);
    CU_ASSERT(rv == EST_ERR_SSL_CONNECT);

    /*
     * Enable SRP on the client
     * Use a strength the same size as the N value in passwd.srpv
     */
    rv = est_client_enable_srp(ectx, 1536, US1060_UID, US1060_PWD); 
    CU_ASSERT(rv == EST_ERR_NONE);

    /*
     * Attempt to provision a new cert
     */
    rv = est_client_enroll(ectx, "US1060_TEST106b", &pkcs7_len, new_key);
    CU_ASSERT(rv == EST_ERR_NONE);

    /*
     * Cleanup
     */
    EVP_PKEY_free(new_key);
    est_destroy(ectx);
}
Esempio n. 22
0
/*
 * This test will enable a just the SRP-RSA-AES-128-CBC-SHA
 * cipher suite, which forces the server to send a certificate
 * to the client while SRP is used.  Similar to #104, we'll
 * omit configuring the trust anchor on the client context.
 * This should cause the TLS session to fail since the
 * server cert can not be verified without a trust anchor. 
 */
static void us1060_test105 ()
{
    EST_CTX *ectx;
    EVP_PKEY *new_key;
    int rv;
    int pkcs7_len = 0;
    struct est_dumb_ctx *ed;

    LOG_FUNC_NM;

    /*
     * We need to restart the EST server using an RSA key
     * None of the SRP cipher suites support ECDSA
     */
    st_stop();
    sleep(2);
    us1060_start_server(US1060_RSA_CERT, US1060_RSA_KEY, 0, 0, 1);

    /*
     * Create a client context 
     */
    ectx = est_client_init(NULL, 0, EST_CERT_FORMAT_PEM, NULL);
    CU_ASSERT(ectx != NULL);

    /*
     * Set the authentication mode to use a user id/password
     */
    rv = est_client_set_auth(ectx, US1060_UID, US1060_PWD, NULL, NULL);
    CU_ASSERT(rv == EST_ERR_NONE);

    /*
     * Set the EST server address/port
     */
    est_client_set_server(ectx, US1060_SERVER_IP, US1060_SERVER_PORT);

    /*
     * Enable SRP on the client
     */
    rv = est_client_enable_srp(ectx, 1024, US1060_UID, US1060_PWD); 

    /*
     * This is not an approved use of the EST API.  We do this
     * here only to increase code coverage for testing
     * purposes only.  If you are looking at this code as
     * an example of how to use the EST API, do not do this!
     */
    ed = (struct est_dumb_ctx*)ectx;
    rv = SSL_CTX_set_cipher_list(ed->ssl_ctx, "SRP-RSA-AES-128-CBC-SHA"); 
    CU_ASSERT(rv == 1);

    /*
     * generate a new private key
     */
    new_key = generate_private_key();
    CU_ASSERT(new_key != NULL);

    /*
     * Attempt to provision a new cert
     */
    rv = est_client_enroll(ectx, "US1060_TEST105", &pkcs7_len, new_key);
    CU_ASSERT(rv == EST_ERR_SSL_CONNECT);

    /*
     * Cleanup
     */
    EVP_PKEY_free(new_key);
    est_destroy(ectx);
}
Esempio n. 23
0
void
on_button10_clicked                    (GtkButton       *button,
                                        gpointer         user_data)
{
	st_stop();
}
Esempio n. 24
0
/*
 * This is our worker for each entry in the test matrix above.
 * We read the configuration from the entry, configure the
 * server and client as needed, and attempt a simple enroll
 * using Curl as the client.
 * The argument i is the index of the entry in the table above.
 */
static void us1060_test_matrix_item (int i) 
{
    long rv;

    LOG_FUNC_NM;

    printf("\nRunning matrix test %s\n", test_matrix[i].test_name);

    /*
     * Stop the server and restart it to make sure 
     * it's in the correct mode.
     */
    st_stop();
    if (test_matrix[i].server_srp == SRP_ON) {
	rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 1);
    } else {
	rv = us1060_start_server(US1060_SERVER_CERTKEY, US1060_SERVER_CERTKEY, 0, 0, 0);
    }
    CU_ASSERT(rv == 0);


    /*
     * Set the server HTTP auth configuration
     */
    switch (test_matrix[i].server_http) {
    case HTTP_OFF:
	st_disable_http_auth();
        break;
    case HTTP_OPTIONAL:
	st_enable_http_auth();
	st_set_http_auth_optional();
        break;
    case HTTP_REQUIRED:
	st_enable_http_auth();
	st_set_http_auth_required();
        break;
    }


    switch (test_matrix[i].curl_srp) {
    case SRP_GOOD:
	rv = curl_http_post_srp(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, 
				test_matrix[i].curl_http_auth, NULL, CURLAUTH_BASIC, 
				NULL, "srp_user", "srp_pwd", NULL, NULL);
	break;
    case SRP_BAD:
	rv = curl_http_post_srp(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, 
				test_matrix[i].curl_http_auth, NULL, CURLAUTH_BASIC, 
				NULL, "srp_user", "boguspwd", NULL, NULL);
	break;
    case SRP_NONE:
	/*
	 * Some of the SRP disabled test cases use a client
	 * certificate.
	 */
	if (test_matrix[i].curl_cert) {
	    rv = curl_http_post_certuid(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, 
					test_matrix[i].curl_http_auth, 
					test_matrix[i].curl_cert, test_matrix[i].curl_key,  
					US1060_CACERTS, NULL);
	} else {
	    rv = curl_http_post(US1060_ENROLL_URL, US1060_PKCS10_CT, US1060_PKCS10_REQ, 
				test_matrix[i].curl_http_auth, US1060_CACERTS, CURLAUTH_BASIC, 
				NULL, NULL, NULL);
	}
	break;
    }    
    CU_ASSERT(rv == test_matrix[i].expected_http_result);
    if (rv != test_matrix[i].expected_http_result) {
	printf("\nMatrix test %s failed with rv = %d\n", test_matrix[i].test_name, (int)rv);
    }
}
Esempio n. 25
0
/*
 * This routine is called when CUnit uninitializes this test
 * suite.  This can be used to deallocate data or close any
 * resources that were used for the test cases.
 */
static int us898_destroy_suite (void)
{
    st_stop();
    free(cacerts);
    return 0;
}
Esempio n. 26
0
/*
 * This test attempts to re-enroll an expired cert
 * while the EST server is configured for manual
 * approval.  The server will send back a retry-after
 * response.
 */
static void us898_test6 (void) 
{
    EST_CTX *ectx;
    EVP_PKEY *key;
    unsigned char *key_raw;
    int key_len;
    unsigned char *cert_raw;
    int cert_len;
    int rv;
    int pkcs7_len = 0;
    X509 *cert = NULL;
    BIO *in;
    unsigned char *attr_data = NULL;
    int attr_len;

    LOG_FUNC_NM;

    /*
     * Stop the server.
     */
    st_stop();

    /*
     * Restart the server with manual approval enabled
     */
    rv = us898_start_server(1, 0);
    CU_ASSERT(rv == 0);

    /*
     * Create a client context 
     */
    ectx = est_client_init(cacerts, cacerts_len, 
                           EST_CERT_FORMAT_PEM,
                           client_manual_cert_verify);
    CU_ASSERT(ectx != NULL);

    /*
     * Set the authentication mode to use a user id/password
     */
    rv = est_client_set_auth(ectx, US898_UID, US898_PWD, NULL, NULL);
    CU_ASSERT(rv == EST_ERR_NONE);

    /*
     * Set the EST server address/port
     */
    est_client_set_server(ectx, US898_SERVER_IP, US898_SERVER_PORT);

    /*
     * Read in the private key
     */
    key_len = read_binary_file("US898/key-expired.pem", &key_raw);
    CU_ASSERT(key_len > 0);
    key = est_load_key(key_raw, key_len, EST_FORMAT_PEM);
    CU_ASSERT(key != NULL);
    free(key_raw);

    /*
     * Read in the old cert
     */
    cert_len = read_binary_file("US898/cert-expired.pem", &cert_raw);
    CU_ASSERT(cert_len > 0);
    in = BIO_new_mem_buf(cert_raw, cert_len);
    CU_ASSERT(in != NULL);
    if (!in) return;
    cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
    CU_ASSERT(cert != NULL);
    if (!cert) return; 
    BIO_free_all(in);
    free(cert_raw);

    /*
     * Get the latest CSR attributes
     */
    rv = est_client_get_csrattrs(ectx, &attr_data, &attr_len);
    CU_ASSERT(rv == EST_ERR_NONE);

    /*
     * Enroll an expired cert that contains x509 extensions.
     */
    rv = est_client_reenroll(ectx, cert, &pkcs7_len, key);
    CU_ASSERT(rv == EST_ERR_CA_ENROLL_RETRY);

    /*
     * Clean up
     */
    est_destroy(ectx);

    /*
     * Stop the server.
     */
    st_stop();

    /*
     * Restart the server with manual approval disabled
     */
    rv = us898_start_server(0, 0);
    CU_ASSERT(rv == 0);
}
Esempio n. 27
0
File: us900.c Progetto: DDvO/libest
/*
 * This routine is called when CUnit uninitializes this test
 * suite.  This can be used to deallocate data or close any
 * resources that were used for the test cases.
 */
static int us900_destroy_suite (void)
{
    st_stop();
    sleep(2);
    return 0;
}