2 * Copyright (c) 2023 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
19 #include <dpl/test/test_runner.h>
20 #include <ckm-common.h>
21 #include <ckmc/ckmc-manager.h>
22 #include <ckmc/ckmc-control.h>
27 const uid_t UID = 5001;
28 ckmc_raw_buffer_s* DEFAULT_IV = nullptr;
29 ckmc_raw_buffer_s* AAD64 = nullptr;
30 ckmc_raw_buffer_s* IV11 = nullptr;
31 ckmc_raw_buffer_s* IV12 = nullptr;
32 ckmc_raw_buffer_s* IV15 = nullptr;
33 ckmc_raw_buffer_s* IV17 = nullptr;
34 ckmc_raw_buffer_s* IV128 = nullptr;
35 ckmc_raw_buffer_s* AAD32 = nullptr;
37 const Alias AES_KEY_128_ALIAS = "AES-gen-test-128";
38 const Alias AES_KEY_192_ALIAS = "AES-gen-test-192";
39 const Alias AES_KEY_256_ALIAS = "AES-gen-test-256";
40 const Alias AES_KEY_128_PASS_ALIAS = "AES-gen-test-128-pass";
41 const Alias AES_KEY_UNEXP_PASS_ALIAS = "AES-gen-test-128-unexp-pass";
42 const Alias AES_KEY_UNEXP_ALIAS = "AES-gen-test-128-unexp";
43 const Alias RSA_KEY_1024_PRV_ALIAS = "RSA-gen-test-1024-prv";
44 const Alias RSA_KEY_1024_PUB_ALIAS = "RSA-gen-test-1024-pub";
45 const Alias RSA_KEY_2048_PRV_ALIAS = "RSA-gen-test-2048-prv";
46 const Alias RSA_KEY_2048_PUB_ALIAS = "RSA-gen-test-2048-pub";
47 const Alias RSA_KEY_4096_PRV_ALIAS = "RSA-gen-test-4096-prv";
48 const Alias RSA_KEY_4096_PUB_ALIAS = "RSA-gen-test-4096-pub";
50 const Alias IMP_AES_CTR = "imp-AES-CTR";
51 const Alias IMP_AES_CTR_PASS = "imp-AES-CTR-p";
52 const Alias IMPORTED_ALIAS = "imported-key-1";
54 const char* KEY_PASSWORD = "test-pass-1";
55 const ckmc_policy_s EXPORTABLE = {nullptr, 1};
56 const ckmc_policy_s EXPORTABLE_PASS = {const_cast<char*>(KEY_PASSWORD), 1};
57 const ckmc_policy_s UNEXPORTABLE = {nullptr, 0};
58 const ckmc_policy_s UNEXPORTABLE_PASS = {const_cast<char*>(KEY_PASSWORD), 0};
61 ckmc_algo_type_e type;
65 const Algo AES_CTR_ALGO = {CKMC_ALGO_AES_CTR, 16};
66 const Algo AES_CBC_ALGO = {CKMC_ALGO_AES_CBC, 16};
67 const Algo AES_GCM_ALGO = {CKMC_ALGO_AES_GCM, 16};
68 const Algo AES_CFB_ALGO = {CKMC_ALGO_AES_CFB, 16};
69 const Algo RSA_OAEP_ALGO = {CKMC_ALGO_RSA_OAEP, 0};
71 void importKey(const Algo &algo,
73 const Alias &wrappingKeyAlias,
74 const char* wrappingKeyPass,
75 const Alias &importedKeyAlias,
76 const ckmc_policy_s &importedKeyPolicy);
78 class GroupFixture: public DPL::Test::TestGroup{
80 void Init() override {
81 remove_user_data(UID);
82 int ret = ckmc_unlock_user_key(UID,"db-pass");
83 if (ret != CKMC_ERROR_NONE)
84 RUNNER_ERROR_MSG("DB unlock failed: " <<CKMCErrorToString(ret));
86 AAD64 = createRandomBufferCAPI(64);
87 IV11 = createRandomBufferCAPI(11);
88 IV12 = createRandomBufferCAPI(12);
89 IV15 = createRandomBufferCAPI(15);
90 IV17 = createRandomBufferCAPI(17);
91 IV128 = createRandomBufferCAPI(128);
92 AAD32 = createRandomBufferCAPI(32);
94 assert_positive(ckmc_create_key_pair_rsa,
96 RSA_KEY_1024_PRV_ALIAS.c_str(),
97 RSA_KEY_1024_PUB_ALIAS.c_str(),
101 assert_positive(ckmc_create_key_pair_rsa,
103 RSA_KEY_2048_PRV_ALIAS.c_str(),
104 RSA_KEY_2048_PUB_ALIAS.c_str(),
108 assert_positive(ckmc_create_key_pair_rsa,
110 RSA_KEY_4096_PRV_ALIAS.c_str(),
111 RSA_KEY_4096_PUB_ALIAS.c_str(),
115 assert_positive(ckmc_create_key_aes, 128, AES_KEY_128_ALIAS.c_str(), EXPORTABLE);
116 assert_positive(ckmc_create_key_aes, 192, AES_KEY_192_ALIAS.c_str(), EXPORTABLE);
117 assert_positive(ckmc_create_key_aes, 256, AES_KEY_256_ALIAS.c_str(), EXPORTABLE);
118 assert_positive(ckmc_create_key_aes, 128, AES_KEY_128_PASS_ALIAS.c_str(), EXPORTABLE_PASS);
119 assert_positive(ckmc_create_key_aes, 128, AES_KEY_UNEXP_ALIAS.c_str(), UNEXPORTABLE);
120 assert_positive(ckmc_create_key_aes, 128, AES_KEY_UNEXP_PASS_ALIAS.c_str(), UNEXPORTABLE_PASS);
122 importKey(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, IMP_AES_CTR, EXPORTABLE);
123 importKey(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, IMP_AES_CTR_PASS, EXPORTABLE_PASS);
125 void Finish() override {
126 int ret = ckmc_lock_user_key(UID);
127 if (ret != CKMC_ERROR_NONE)
128 RUNNER_ERROR_MSG("DB lock failed: " <<CKMCErrorToString(ret));
130 remove_user_data(UID);
131 ckmc_buffer_free(DEFAULT_IV);
132 ckmc_buffer_free(AAD64);
133 ckmc_buffer_free(AAD32);
134 ckmc_buffer_free(IV128);
135 ckmc_buffer_free(IV17);
136 ckmc_buffer_free(IV15);
137 ckmc_buffer_free(IV12);
138 ckmc_buffer_free(IV11);
140 ckmc_remove_key(RSA_KEY_1024_PRV_ALIAS.c_str());
141 ckmc_remove_key(RSA_KEY_1024_PUB_ALIAS.c_str());
142 ckmc_remove_key(RSA_KEY_2048_PRV_ALIAS.c_str());
143 ckmc_remove_key(RSA_KEY_2048_PUB_ALIAS.c_str());
144 ckmc_remove_key(RSA_KEY_4096_PRV_ALIAS.c_str());
145 ckmc_remove_key(RSA_KEY_4096_PUB_ALIAS.c_str());
146 ckmc_remove_key(AES_KEY_128_ALIAS.c_str());
147 ckmc_remove_key(AES_KEY_192_ALIAS.c_str());
148 ckmc_remove_key(AES_KEY_256_ALIAS.c_str());
149 ckmc_remove_key(AES_KEY_128_PASS_ALIAS.c_str());
150 ckmc_remove_key(AES_KEY_UNEXP_ALIAS.c_str());
151 ckmc_remove_key(AES_KEY_UNEXP_PASS_ALIAS.c_str());
153 ckmc_remove_key(IMP_AES_CTR.c_str());
154 ckmc_remove_key(IMP_AES_CTR_PASS.c_str());
158 ParamListPtr getDefaultParams(const Algo &algo){
159 ckmc_param_list_h handle = nullptr;
161 assert_positive(ckmc_generate_new_params, algo.type, &handle);
162 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
163 if(algo.type == CKMC_ALGO_RSA_OAEP)
166 DEFAULT_IV = createRandomBufferCAPI(algo.initVector);
167 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
171 RawBufferPtr encryptAndImport(const ParamListPtr ¶ms,
173 const Alias &wrappingKeyAlias,
174 const char* wrappingKeyPass,
175 const Alias &importedKeyAlias,
176 const ckmc_policy_s &importedKeyPolicy){
177 RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(buffLen));
179 ckmc_raw_buffer_s *encrypted = nullptr;
180 ckmc_key_s *aesKey = nullptr;
182 assert_positive(ckmc_encrypt_data,
184 wrappingKeyAlias.c_str(),
189 assert_positive(ckmc_key_new,
196 assert_positive(ckmc_import_wrapped_key,
198 wrappingKeyAlias.c_str(),
200 importedKeyAlias.c_str(),
204 ckmc_buffer_free(encrypted);
205 ckmc_key_free(aesKey);
208 void testInvalidAlgoParameters(const ParamListPtr &invalidParams, const Algo &algo){
209 ParamListPtr params = getDefaultParams(algo);
210 RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(32));
212 ckmc_raw_buffer_s *encrypted = nullptr;
213 ckmc_key_s *aesKey = nullptr;
215 assert_positive(ckmc_encrypt_data,
217 AES_KEY_128_ALIAS.c_str(),
222 assert_positive(ckmc_key_new,
229 assert_invalid_param(ckmc_import_wrapped_key,
231 AES_KEY_128_ALIAS.c_str(),
233 IMPORTED_ALIAS.c_str(),
237 ckmc_buffer_free(encrypted);
238 ckmc_key_free(aesKey);
240 void testImportInvalidBuffLen(const Algo &algo,
242 const Alias &wrappingKeyAlias){
243 RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(buffLen));
245 ckmc_raw_buffer_s *encrypted = nullptr;
246 ckmc_key_s *aesKey = nullptr;
248 ParamListPtr params = getDefaultParams(algo);
250 assert_positive(ckmc_encrypt_data,
252 wrappingKeyAlias.c_str(),
257 assert_positive(ckmc_key_new,
264 assert_invalid_param(ckmc_import_wrapped_key,
266 wrappingKeyAlias.c_str(),
268 IMPORTED_ALIAS.c_str(),
271 ckmc_buffer_free(encrypted);
272 ckmc_key_free(aesKey);
275 void testImportValidArgs(const Algo &algo, int buffLen, const Alias &wrappingKeyAlias){
276 ckmc_key_s *ppKey = nullptr;
277 ckmc_raw_buffer_s *finalData = nullptr;
279 ParamListPtr params = getDefaultParams(algo);
281 RawBufferPtr plainData = encryptAndImport(params,
285 IMPORTED_ALIAS.c_str(),
288 assert_positive(ckmc_get_key, IMPORTED_ALIAS.c_str(), nullptr, &ppKey);
289 assert_positive(ckmc_buffer_new, ppKey->raw_key, ppKey->key_size, &finalData);
290 assert_buffers_equal(plainData.get(), finalData);
292 ckmc_buffer_free(finalData);
293 ckmc_key_free(ppKey);
294 ckmc_remove_key(IMPORTED_ALIAS.c_str());
297 void testBadWrappedKey(const Algo &algo){
298 ParamListPtr params = getDefaultParams(algo);
299 ckmc_key_s *wrongKey = generate_AES_key(128, nullptr);
301 assert_invalid_param(ckmc_import_wrapped_key,
303 AES_KEY_128_ALIAS.c_str(),
305 IMPORTED_ALIAS.c_str(),
309 ckmc_key_free(wrongKey);
312 void testExportableImported(const Algo &algo,
314 const Alias &wrappingKeyAlias,
315 const char* wrappingKeyPass,
316 const ckmc_policy_s &importedKeyPolicy,
317 const char* importedKeyPass){
318 ckmc_key_s *ppKey = nullptr;
319 ckmc_raw_buffer_s* finalData = nullptr;
321 ParamListPtr params = getDefaultParams(algo);
323 RawBufferPtr plainData = encryptAndImport(params,
327 IMPORTED_ALIAS.c_str(),
330 assert_positive(ckmc_get_key,
331 IMPORTED_ALIAS.c_str(),
335 assert_positive(ckmc_buffer_new,
340 assert_buffers_equal(plainData.get(), finalData);
342 ckmc_buffer_free(finalData);
343 ckmc_key_free(ppKey);
344 ckmc_remove_key(IMPORTED_ALIAS.c_str());
347 void importKey(const Algo &algo,
349 const Alias &wrappingKeyAlias,
350 const char* wrappingKeyPass,
351 const Alias &importedKeyAlias,
352 const ckmc_policy_s &importedKeyPolicy){
353 RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(buffLen));
355 ckmc_key_s *aesKey = nullptr;
356 ckmc_raw_buffer_s* encrypted = nullptr;
358 ParamListPtr params = getDefaultParams(algo);
360 assert_positive(ckmc_encrypt_data,
362 wrappingKeyAlias.c_str(),
367 assert_positive(ckmc_key_new,
374 assert_positive(ckmc_import_wrapped_key,
376 wrappingKeyAlias.c_str(),
378 importedKeyAlias.c_str(),
382 ckmc_buffer_free(encrypted);
383 ckmc_key_free(aesKey);
386 void testDiffKeysAndAlgorithms(const Algo &unwrapAlgo,
387 const Alias &unwrappingKeyAlias,
388 const char* unwrappingKeyPass,
389 const Algo &wrapAlgo,
390 const Alias &wrappingKeyAlias,
391 const char* wrappingKeyPass){
392 const int buffLen = 32;
393 ckmc_key_s *ppKey = nullptr;
394 ckmc_raw_buffer_s* finalData = nullptr;
395 ckmc_raw_buffer_s* decrypted = nullptr;
397 ParamListPtr wrapParams = getDefaultParams(wrapAlgo);
398 ParamListPtr unwrapParams = getDefaultParams(unwrapAlgo);
400 RawBufferPtr plainData = encryptAndImport(unwrapParams,
402 unwrappingKeyAlias.c_str(),
407 assert_positive(ckmc_export_wrapped_key,
409 wrappingKeyAlias.c_str(),
411 IMPORTED_ALIAS.c_str(),
415 assert_positive(ckmc_buffer_new,
420 assert_positive(ckmc_decrypt_data,
422 wrappingKeyAlias.c_str(),
427 assert_buffers_equal(plainData.get(), decrypted);
429 ckmc_buffer_free(finalData);
430 ckmc_buffer_free(decrypted);
431 ckmc_key_free(ppKey);
432 ckmc_remove_key(IMPORTED_ALIAS.c_str());
435 template <typename T>
436 void testImportExportCustomParameters(const Algo &algo,
437 const Alias &wrappingKeyAlias,
438 const char* wrappingKeyPass,
439 ckmc_raw_buffer_s* initVec,
440 ckmc_param_name_e name,
442 ckmc_key_s *ppKey = nullptr;
443 ckmc_raw_buffer_s* finalData = nullptr;
444 ckmc_raw_buffer_s* decrypted = nullptr;
446 ckmc_param_list_h handle = nullptr;
447 assert_positive(ckmc_generate_new_params, algo.type, &handle);
448 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
449 setParam(params, CKMC_PARAM_ED_IV, initVec);
450 setParam(params, name, parameter);
452 RawBufferPtr plainData = encryptAndImport(params,
454 wrappingKeyAlias.c_str(),
459 assert_positive(ckmc_export_wrapped_key,
461 wrappingKeyAlias.c_str(),
463 IMPORTED_ALIAS.c_str(),
467 assert_positive(ckmc_buffer_new,
472 assert_positive(ckmc_decrypt_data,
474 wrappingKeyAlias.c_str(),
479 assert_buffers_equal(plainData.get(), decrypted);
481 ckmc_buffer_free(finalData);
482 ckmc_buffer_free(decrypted);
483 ckmc_key_free(ppKey);
484 ckmc_remove_key(IMPORTED_ALIAS.c_str());
487 void testImportExportValidArgs(const Algo &algo,
489 const Alias &wrappingKeyAlias,
490 const char* wrappingKeyPass,
491 const ckmc_policy_s &importedKeyPolicy,
492 const char* importedKeyPass){
493 ckmc_key_s *ppKey = nullptr;
494 ckmc_raw_buffer_s* finalData = nullptr;
495 ckmc_raw_buffer_s* decrypted = nullptr;
497 ParamListPtr params = getDefaultParams(algo);
499 RawBufferPtr plainData = encryptAndImport(params,
501 wrappingKeyAlias.c_str(),
506 assert_positive(ckmc_export_wrapped_key,
508 wrappingKeyAlias.c_str(),
510 IMPORTED_ALIAS.c_str(),
514 assert_positive(ckmc_buffer_new,
519 assert_positive(ckmc_decrypt_data,
521 wrappingKeyAlias.c_str(),
526 assert_buffers_equal(plainData.get(), decrypted);
528 ckmc_buffer_free(finalData);
529 ckmc_buffer_free(decrypted);
530 ckmc_key_free(ppKey);
531 ckmc_remove_key(IMPORTED_ALIAS.c_str());
534 } //END OF THE NAMESPACE
536 RUNNER_TEST_GROUP_INIT_ENV(CKM_KEY_WRAPPING, GroupFixture);
538 RUNNER_TEST(TKW_NO_ADDED_ALGO){
539 RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(32));
541 ckmc_key_s *aesKey = nullptr;
542 ckmc_raw_buffer_s* encrypted = nullptr;
544 ParamListPtr params = getDefaultParams(AES_CBC_ALGO);
546 ckmc_param_list_h handle = nullptr;
548 assert_positive(ckmc_encrypt_data,
550 AES_KEY_128_ALIAS.c_str(),
555 assert_positive(ckmc_key_new,
562 assert_invalid_param(ckmc_import_wrapped_key,
564 AES_KEY_128_ALIAS.c_str(),
566 IMPORTED_ALIAS.c_str(),
569 ckmc_buffer_free(encrypted);
570 ckmc_key_free(aesKey);
573 RUNNER_TEST(TKW_WRONG_ALGO_PARAMS){
574 ckmc_param_list_h handle = nullptr;
575 assert_positive(ckmc_generate_new_params, AES_CTR_ALGO.type, &handle);
576 ParamListPtr invalidParams = ParamListPtr(handle, ckmc_param_list_free);
577 ckmc_raw_buffer_s *initVec = createRandomBufferCAPI(8);
578 setParam(invalidParams, CKMC_PARAM_ED_IV, initVec);
580 testInvalidAlgoParameters(invalidParams, AES_CTR_ALGO);
581 ckmc_buffer_free(initVec);
582 invalidParams.reset();
584 assert_positive(ckmc_generate_new_params, AES_GCM_ALGO.type, &handle);
585 invalidParams = ParamListPtr(handle, ckmc_param_list_free);
586 initVec = createRandomBufferCAPI(16);
587 setParam(invalidParams, CKMC_PARAM_ED_IV, initVec);
588 setParam(invalidParams, CKMC_PARAM_ED_TAG_LEN, 130);
590 testInvalidAlgoParameters(invalidParams, AES_GCM_ALGO);
591 invalidParams.reset();
593 assert_positive(ckmc_generate_new_params, AES_GCM_ALGO.type, &handle);
594 invalidParams = ParamListPtr(handle, ckmc_param_list_free);
595 setParam(invalidParams, CKMC_PARAM_ED_IV, initVec);
596 setParam(invalidParams, CKMC_PARAM_ED_AAD, IV11);
598 testInvalidAlgoParameters(invalidParams, AES_GCM_ALGO);
599 ckmc_buffer_free(initVec);
602 RUNNER_TEST(TKW_WRONG_PASS_WRAPPING_KEY){
604 RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(buffLen));
606 ckmc_key_s *aesKey = nullptr;
607 ckmc_raw_buffer_s* encrypted = nullptr;
608 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
610 assert_positive(ckmc_encrypt_data,
612 AES_KEY_128_PASS_ALIAS.c_str(),
617 assert_positive(ckmc_key_new,
624 assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
625 ckmc_import_wrapped_key,
627 AES_KEY_128_PASS_ALIAS.c_str(),
629 IMPORTED_ALIAS.c_str(),
633 assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
634 ckmc_import_wrapped_key,
636 AES_KEY_128_PASS_ALIAS.c_str(),
638 IMPORTED_ALIAS.c_str(),
642 assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
643 ckmc_import_wrapped_key,
645 AES_KEY_128_ALIAS.c_str(),
646 "non_empty_password",
647 IMPORTED_ALIAS.c_str(),
651 ckmc_buffer_free(encrypted);
652 ckmc_key_free(aesKey);
655 RUNNER_TEST(TKW_UNKNOWN_ALIAS_WRAPPING_KEY){
656 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
657 ckmc_key_s *key = generate_AES_key(128, nullptr);
659 assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
660 ckmc_import_wrapped_key,
664 IMPORTED_ALIAS.c_str(),
671 RUNNER_TEST(TKW_EXISTING_ALIAS_WRAPPING_KEY){
672 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
673 ckmc_key_s *key = generate_AES_key(128, nullptr);
675 assert_result(CKMC_ERROR_DB_ALIAS_EXISTS,
676 ckmc_import_wrapped_key,
678 AES_KEY_128_ALIAS.c_str(),
687 RUNNER_TEST(TKW_INVALID_ALIAS_IMPORT){
688 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
689 ckmc_key_s *key = generate_AES_key(128, nullptr);
690 Alias invalidAlias = "invalid alias";
692 assert_result(CKMC_ERROR_PERMISSION_DENIED,
693 ckmc_import_wrapped_key,
695 AES_KEY_128_ALIAS.c_str(),
697 invalidAlias.c_str(),
704 RUNNER_TEST(TKW_BAD_WRAPPED_KEY){
705 testBadWrappedKey(AES_CBC_ALGO);
706 testBadWrappedKey(AES_GCM_ALGO);
707 testBadWrappedKey(RSA_OAEP_ALGO);
710 RUNNER_TEST(TKW_NULL_PARAMETER){
711 RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(16));
713 ckmc_key_s *aesKey = nullptr;
714 ckmc_raw_buffer_s* encrypted = nullptr;
716 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
718 assert_positive(ckmc_encrypt_data,
720 AES_KEY_128_ALIAS.c_str(),
725 assert_positive(ckmc_key_new,
732 assert_invalid_param(ckmc_import_wrapped_key,
734 AES_KEY_128_ALIAS.c_str(),
736 IMPORTED_ALIAS.c_str(),
740 assert_invalid_param(ckmc_import_wrapped_key,
744 IMPORTED_ALIAS.c_str(),
748 assert_invalid_param(ckmc_import_wrapped_key,
750 AES_KEY_128_ALIAS.c_str(),
756 assert_invalid_param(ckmc_import_wrapped_key,
758 AES_KEY_128_ALIAS.c_str(),
760 IMPORTED_ALIAS.c_str(),
763 ckmc_buffer_free(encrypted);
764 ckmc_key_free(aesKey);
767 RUNNER_TEST(TKW_VALID_ARGS_AES_CTR_128){
768 testImportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS);
769 testImportValidArgs(AES_CTR_ALGO, 24, AES_KEY_128_ALIAS);
770 testImportValidArgs(AES_CTR_ALGO, 32, AES_KEY_128_ALIAS);
773 RUNNER_TEST(TKW_VALID_ARGS_AES_CBC_128){
774 testImportValidArgs(AES_CBC_ALGO, 16, AES_KEY_128_ALIAS);
775 testImportValidArgs(AES_CBC_ALGO, 24, AES_KEY_128_ALIAS);
776 testImportValidArgs(AES_CBC_ALGO, 32, AES_KEY_128_ALIAS);
779 RUNNER_TEST(TKW_VALID_ARGS_AES_GCM_128){
780 testImportValidArgs(AES_GCM_ALGO, 16, AES_KEY_128_ALIAS);
781 testImportValidArgs(AES_GCM_ALGO, 24, AES_KEY_128_ALIAS);
782 testImportValidArgs(AES_GCM_ALGO, 32, AES_KEY_128_ALIAS);
785 RUNNER_TEST(TKW_VALID_ARGS_AES_CFB_128){
786 testImportValidArgs(AES_CFB_ALGO, 16, AES_KEY_128_ALIAS);
787 testImportValidArgs(AES_CFB_ALGO, 24, AES_KEY_128_ALIAS);
788 testImportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_ALIAS);
791 RUNNER_TEST(TKW_VALID_ARGS_AES_CTR_192){
792 testImportValidArgs(AES_CTR_ALGO, 16, AES_KEY_192_ALIAS);
793 testImportValidArgs(AES_CTR_ALGO, 24, AES_KEY_192_ALIAS);
794 testImportValidArgs(AES_CTR_ALGO, 32, AES_KEY_192_ALIAS);
797 RUNNER_TEST(TKW_VALID_ARGS_AES_CBC_192){
798 testImportValidArgs(AES_CBC_ALGO, 16, AES_KEY_192_ALIAS);
799 testImportValidArgs(AES_CBC_ALGO, 24, AES_KEY_192_ALIAS);
800 testImportValidArgs(AES_CBC_ALGO, 32, AES_KEY_192_ALIAS);
803 RUNNER_TEST(TKW_VALID_ARGS_AES_GCM_192){
804 testImportValidArgs(AES_GCM_ALGO, 16, AES_KEY_192_ALIAS);
805 testImportValidArgs(AES_GCM_ALGO, 24, AES_KEY_192_ALIAS);
806 testImportValidArgs(AES_GCM_ALGO, 32, AES_KEY_192_ALIAS);
809 RUNNER_TEST(TKW_VALID_ARGS_AES_CFB_192){
810 testImportValidArgs(AES_CFB_ALGO, 16, AES_KEY_192_ALIAS);
811 testImportValidArgs(AES_CFB_ALGO, 24, AES_KEY_192_ALIAS);
812 testImportValidArgs(AES_CFB_ALGO, 32, AES_KEY_192_ALIAS);
814 RUNNER_TEST(TKW_VALID_ARGS_AES_CTR_256){
815 testImportValidArgs(AES_CTR_ALGO, 16, AES_KEY_256_ALIAS);
816 testImportValidArgs(AES_CTR_ALGO, 24, AES_KEY_256_ALIAS);
817 testImportValidArgs(AES_CTR_ALGO, 32, AES_KEY_256_ALIAS);
820 RUNNER_TEST(TKW_VALID_ARGS_AES_CBC_256){
821 testImportValidArgs(AES_CBC_ALGO, 16, AES_KEY_256_ALIAS);
822 testImportValidArgs(AES_CBC_ALGO, 24, AES_KEY_256_ALIAS);
823 testImportValidArgs(AES_CBC_ALGO, 32, AES_KEY_256_ALIAS);
826 RUNNER_TEST(TKW_VALID_ARGS_AES_GCM_256){
827 testImportValidArgs(AES_GCM_ALGO, 16, AES_KEY_256_ALIAS);
828 testImportValidArgs(AES_GCM_ALGO, 24, AES_KEY_256_ALIAS);
829 testImportValidArgs(AES_GCM_ALGO, 32, AES_KEY_256_ALIAS);
832 RUNNER_TEST(TKW_VALID_ARGS_AES_CFB_256){
833 testImportValidArgs(AES_CFB_ALGO, 16, AES_KEY_256_ALIAS);
834 testImportValidArgs(AES_CFB_ALGO, 24, AES_KEY_256_ALIAS);
835 testImportValidArgs(AES_CFB_ALGO, 32, AES_KEY_256_ALIAS);
838 RUNNER_TEST(TKW_AES_CTR_INVALID_BUFF_LENGTH){
839 testImportInvalidBuffLen(AES_CTR_ALGO, 8, AES_KEY_128_ALIAS);
840 testImportInvalidBuffLen(AES_CTR_ALGO, 12, AES_KEY_128_ALIAS);
841 testImportInvalidBuffLen(AES_CTR_ALGO, 128, AES_KEY_128_ALIAS);
842 testImportInvalidBuffLen(AES_CTR_ALGO, 8, AES_KEY_192_ALIAS);
843 testImportInvalidBuffLen(AES_CTR_ALGO, 12, AES_KEY_192_ALIAS);
844 testImportInvalidBuffLen(AES_CTR_ALGO, 128, AES_KEY_192_ALIAS);
845 testImportInvalidBuffLen(AES_CTR_ALGO, 8, AES_KEY_256_ALIAS);
846 testImportInvalidBuffLen(AES_CTR_ALGO, 12, AES_KEY_256_ALIAS);
847 testImportInvalidBuffLen(AES_CTR_ALGO, 128, AES_KEY_256_ALIAS);
850 RUNNER_TEST(TKW_AES_CBC_INVALID_BUFF_LENGTH){
851 testImportInvalidBuffLen(AES_CBC_ALGO, 8, AES_KEY_128_ALIAS);
852 testImportInvalidBuffLen(AES_CBC_ALGO, 12, AES_KEY_128_ALIAS);
853 testImportInvalidBuffLen(AES_CBC_ALGO, 128, AES_KEY_128_ALIAS);
854 testImportInvalidBuffLen(AES_CBC_ALGO, 8, AES_KEY_192_ALIAS);
855 testImportInvalidBuffLen(AES_CBC_ALGO, 12, AES_KEY_192_ALIAS);
856 testImportInvalidBuffLen(AES_CBC_ALGO, 128, AES_KEY_192_ALIAS);
857 testImportInvalidBuffLen(AES_CBC_ALGO, 8, AES_KEY_256_ALIAS);
858 testImportInvalidBuffLen(AES_CBC_ALGO, 12, AES_KEY_256_ALIAS);
859 testImportInvalidBuffLen(AES_CBC_ALGO, 128, AES_KEY_256_ALIAS);
861 RUNNER_TEST(TKW_AES_GCM_INVALID_BUFF_LENGTH){
862 testImportInvalidBuffLen(AES_GCM_ALGO, 8, AES_KEY_128_ALIAS);
863 testImportInvalidBuffLen(AES_GCM_ALGO, 12, AES_KEY_128_ALIAS);
864 testImportInvalidBuffLen(AES_GCM_ALGO, 128, AES_KEY_128_ALIAS);
865 testImportInvalidBuffLen(AES_GCM_ALGO, 8, AES_KEY_192_ALIAS);
866 testImportInvalidBuffLen(AES_GCM_ALGO, 12, AES_KEY_192_ALIAS);
867 testImportInvalidBuffLen(AES_GCM_ALGO, 128, AES_KEY_192_ALIAS);
868 testImportInvalidBuffLen(AES_GCM_ALGO, 8, AES_KEY_256_ALIAS);
869 testImportInvalidBuffLen(AES_GCM_ALGO, 12, AES_KEY_256_ALIAS);
870 testImportInvalidBuffLen(AES_GCM_ALGO, 128, AES_KEY_256_ALIAS);
873 RUNNER_TEST(TKW_AES_CFB_INVALID_BUFF_LENGTH){
874 testImportInvalidBuffLen(AES_CFB_ALGO, 8, AES_KEY_128_ALIAS);
875 testImportInvalidBuffLen(AES_CFB_ALGO, 12, AES_KEY_128_ALIAS);
876 testImportInvalidBuffLen(AES_CFB_ALGO, 128, AES_KEY_128_ALIAS);
877 testImportInvalidBuffLen(AES_CFB_ALGO, 8, AES_KEY_192_ALIAS);
878 testImportInvalidBuffLen(AES_CFB_ALGO, 12, AES_KEY_192_ALIAS);
879 testImportInvalidBuffLen(AES_CFB_ALGO, 128, AES_KEY_192_ALIAS);
880 testImportInvalidBuffLen(AES_CFB_ALGO, 8, AES_KEY_256_ALIAS);
881 testImportInvalidBuffLen(AES_CFB_ALGO, 12, AES_KEY_256_ALIAS);
882 testImportInvalidBuffLen(AES_CFB_ALGO, 128, AES_KEY_256_ALIAS);
885 RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_1024){
886 testImportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PRV_ALIAS);
887 testImportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PRV_ALIAS);
888 testImportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_1024_PRV_ALIAS);
891 RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_2048){
892 testImportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PRV_ALIAS);
893 testImportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PRV_ALIAS);
894 testImportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PRV_ALIAS);
897 RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_4096){
898 testImportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PRV_ALIAS);
899 testImportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PRV_ALIAS);
900 testImportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PRV_ALIAS);
903 RUNNER_TEST(TKW_RSAOAEP_INVALID_BUFF_LENGTH){
904 testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_1024_PRV_ALIAS);
905 testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_1024_PRV_ALIAS);
906 testImportInvalidBuffLen(RSA_OAEP_ALGO, 82, RSA_KEY_1024_PRV_ALIAS);
907 testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_2048_PRV_ALIAS);
908 testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_2048_PRV_ALIAS);
909 testImportInvalidBuffLen(RSA_OAEP_ALGO, 82, RSA_KEY_2048_PRV_ALIAS);
910 testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_4096_PRV_ALIAS);
911 testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_4096_PRV_ALIAS);
912 testImportInvalidBuffLen(RSA_OAEP_ALGO, 82, RSA_KEY_4096_PRV_ALIAS);
915 RUNNER_TEST(TKW_WRONG_TYPE_WRAPPING_KEY){
916 testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PUB_ALIAS);
917 testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PUB_ALIAS);
918 testImportInvalidBuffLen(RSA_OAEP_ALGO, 32, RSA_KEY_1024_PUB_ALIAS);
919 testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PUB_ALIAS);
920 testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PUB_ALIAS);
921 testImportInvalidBuffLen(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PUB_ALIAS);
922 testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PUB_ALIAS);
923 testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PUB_ALIAS);
924 testImportInvalidBuffLen(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PUB_ALIAS);
927 RUNNER_TEST(TKW_DIF_POLICIES_EXPORTABLE_IMPORTED){
928 testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
929 testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
930 testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, EXPORTABLE, nullptr);
931 testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
933 testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
934 testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
935 testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
936 testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
939 RUNNER_TEST(TKW_UNEXPORTABLE_IMPORTED){
940 ckmc_key_s *ppKey = nullptr;
941 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
943 RawBufferPtr plainData = encryptAndImport(params,
947 IMPORTED_ALIAS.c_str(),
950 assert_result(CKMC_ERROR_NOT_EXPORTABLE,
952 IMPORTED_ALIAS.c_str(),
955 ckmc_key_free(ppKey);
956 ckmc_remove_key(IMPORTED_ALIAS.c_str());
959 RUNNER_TEST(TKW_EXPORT_WRONG_TYPE_WRAPPING_KEY){
960 ckmc_key_s *ppKey = nullptr;
961 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
963 RawBufferPtr plainData = encryptAndImport(params,
967 IMPORTED_ALIAS.c_str(),
970 assert_invalid_param(ckmc_export_wrapped_key,
972 RSA_KEY_2048_PUB_ALIAS.c_str(),
974 IMPORTED_ALIAS.c_str(),
978 assert_positive(ckmc_create_key_pair_ecdsa,
985 assert_invalid_param(ckmc_export_wrapped_key,
989 IMPORTED_ALIAS.c_str(),
993 assert_invalid_param(ckmc_export_wrapped_key,
997 IMPORTED_ALIAS.c_str(),
1001 ckmc_key_free(ppKey);
1002 ckmc_remove_key("ECDSA-prv");
1003 ckmc_remove_key("ECDSA-pub");
1004 ckmc_remove_key(IMPORTED_ALIAS.c_str());
1007 RUNNER_TEST(TKW_EXPORT_IMPORTED_KEY){
1008 ckmc_key_s *ppKey = nullptr;
1010 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
1011 assert_positive(ckmc_export_wrapped_key,
1013 AES_KEY_128_ALIAS.c_str(),
1015 IMP_AES_CTR.c_str(),
1019 ckmc_key_free(ppKey);
1022 RUNNER_TEST(TKW_NO_ADDED_ALGO_EXPORT){
1023 ckmc_key_s *ppKey = nullptr;
1024 ckmc_param_list_h handle = nullptr;
1026 assert_invalid_param(ckmc_export_wrapped_key,
1028 AES_KEY_128_ALIAS.c_str(),
1030 IMP_AES_CTR.c_str(),
1034 ckmc_key_free(ppKey);
1037 RUNNER_TEST(TKW_EXPORT_UNKNOWN_WRAPPING_KEY_ALIAS){
1038 ckmc_key_s *ppKey = nullptr;
1039 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
1041 assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
1042 ckmc_export_wrapped_key,
1046 IMP_AES_CTR.c_str(),
1050 ckmc_key_free(ppKey);
1053 RUNNER_TEST(TKW_EXPORT_UNKNOWN_IMPORTED_KEY_ALIAS){
1054 ckmc_key_s *ppKey = nullptr;
1055 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
1056 Alias alias = "non_existing_alias";
1058 assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
1059 ckmc_export_wrapped_key,
1061 AES_KEY_128_ALIAS.c_str(),
1067 ckmc_key_free(ppKey);
1070 RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){
1071 ckmc_key_s *ppKey = nullptr;
1072 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
1074 assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
1075 ckmc_export_wrapped_key,
1077 AES_KEY_128_PASS_ALIAS.c_str(),
1079 IMP_AES_CTR.c_str(),
1083 assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
1084 ckmc_export_wrapped_key,
1086 AES_KEY_128_PASS_ALIAS.c_str(),
1088 IMP_AES_CTR.c_str(),
1092 assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
1093 ckmc_export_wrapped_key,
1095 AES_KEY_128_ALIAS.c_str(),
1097 IMP_AES_CTR_PASS.c_str(),
1101 assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
1102 ckmc_export_wrapped_key,
1104 AES_KEY_128_ALIAS.c_str(),
1106 IMP_AES_CTR_PASS.c_str(),
1110 ckmc_key_free(ppKey);
1113 RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){
1114 ckmc_key_s *ppKey = nullptr;
1115 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
1117 assert_invalid_param(ckmc_export_wrapped_key,
1119 AES_KEY_128_ALIAS.c_str(),
1121 IMP_AES_CTR.c_str(),
1125 assert_invalid_param(ckmc_export_wrapped_key,
1129 IMP_AES_CTR.c_str(),
1133 assert_invalid_param(ckmc_export_wrapped_key,
1135 AES_KEY_128_ALIAS.c_str(),
1141 assert_invalid_param(ckmc_export_wrapped_key,
1143 AES_KEY_128_ALIAS.c_str(),
1145 IMP_AES_CTR.c_str(),
1149 ckmc_key_free(ppKey);
1152 RUNNER_TEST(TKW_EXPORT_UNEXPORTABLE_WRAPPED_FORM){
1153 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
1154 ckmc_key_s *ppKey = nullptr;
1156 assert_positive(ckmc_create_key_aes, 128, "UNEXPORTABLE_AES", UNEXPORTABLE);
1158 assert_positive(ckmc_export_wrapped_key,
1160 AES_KEY_128_ALIAS.c_str(),
1165 ckmc_key_free(ppKey);
1166 ckmc_remove_alias("UNEXPORTABLE_AES");
1169 RUNNER_TEST(TKW_IMPORT_EXPORT_WITH_DIF_KEYS_AND_ALGORITHMS){
1170 testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, AES_CTR_ALGO, AES_KEY_128_ALIAS, nullptr);
1171 testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr);
1172 testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, RSA_OAEP_ALGO, RSA_KEY_1024_PRV_ALIAS, nullptr);
1175 RUNNER_TEST(TKW_AES_GCM_WITH_ADD_IV_PARAM){
1176 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64);
1177 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64);
1178 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64);
1180 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
1181 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
1182 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
1184 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV128, CKMC_PARAM_ED_AAD, AAD64);
1185 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV12, CKMC_PARAM_ED_AAD, AAD64);
1186 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV15, CKMC_PARAM_ED_AAD, AAD64);
1187 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV17, CKMC_PARAM_ED_AAD, AAD64);
1190 RUNNER_TEST(TKW_AES_GCM_WITH_TAG_LEN){
1191 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 96);
1192 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 104 );
1193 testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 128);
1196 RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_LABEL){
1197 RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
1198 testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_1024_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64);
1199 testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_2048_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64);
1200 testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_4096_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64);
1203 RUNNER_TEST(TKW_RSA_WRAPPED_KEY){
1204 ckmc_raw_buffer_s *encrypted = nullptr;
1205 ckmc_raw_buffer_s *rsaKeyData = nullptr;
1206 ckmc_raw_buffer_s *decrypted = nullptr;
1207 ckmc_raw_buffer_s *finalData = nullptr;
1209 ckmc_key_s *ppKey = nullptr;
1210 ckmc_key_s *rsaKey = nullptr;
1211 ckmc_key_s *wrappedRsaKey = nullptr;
1213 ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
1215 assert_positive(ckmc_create_key_pair_rsa, 1024, "RPV", "RPB", EXPORTABLE, EXPORTABLE);
1216 assert_positive(ckmc_get_key, "RPV", nullptr, &rsaKey);
1217 assert_positive(ckmc_buffer_new, rsaKey->raw_key, rsaKey->key_size, &rsaKeyData);
1219 assert_positive(ckmc_encrypt_data,
1221 AES_KEY_256_ALIAS.c_str(),
1226 assert_positive(ckmc_key_new,
1229 CKMC_KEY_RSA_PRIVATE,
1233 assert_positive(ckmc_import_wrapped_key,
1235 AES_KEY_256_ALIAS.c_str(),
1237 IMPORTED_ALIAS.c_str(),
1241 assert_positive(ckmc_export_wrapped_key,
1243 AES_KEY_256_ALIAS.c_str(),
1245 IMPORTED_ALIAS.c_str(),
1249 assert_positive(ckmc_buffer_new,
1254 assert_positive(ckmc_decrypt_data,
1256 AES_KEY_256_ALIAS.c_str(),
1261 assert_buffers_equal(rsaKeyData, decrypted);
1263 ckmc_buffer_free(rsaKeyData);
1264 ckmc_buffer_free(finalData);
1265 ckmc_buffer_free(decrypted);
1266 ckmc_buffer_free(encrypted);
1267 ckmc_key_free(wrappedRsaKey);
1268 ckmc_key_free(rsaKey);
1269 ckmc_key_free(ppKey);
1270 ckmc_remove_key(IMPORTED_ALIAS.c_str());
1271 ckmc_remove_key("RPB");
1272 ckmc_remove_key("RPV");
1275 RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CTR){
1276 testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1277 testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1278 testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1279 testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1280 testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1281 testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1282 testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1283 testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1284 testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1286 testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1287 testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1288 testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1289 testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1290 testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1291 testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1292 testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1293 testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1294 testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1297 RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CTR_PASS){
1298 testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1299 testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1300 testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1302 testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1303 testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1304 testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1307 RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CBC){
1308 testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1309 testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1310 testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1311 testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1312 testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1313 testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1314 testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1315 testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1316 testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1318 testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1319 testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1320 testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1321 testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1322 testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1323 testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1324 testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1325 testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1326 testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1329 RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CBC_PASS){
1330 testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1331 testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1332 testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1334 testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1335 testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1336 testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1339 RUNNER_TEST(TKW_IMPORT_EXPORT_AES_GCM){
1340 testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1341 testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1342 testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1343 testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1344 testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1345 testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1346 testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1347 testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1348 testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1350 testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1351 testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1352 testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1353 testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1354 testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1355 testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1356 testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1357 testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1358 testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1361 RUNNER_TEST(TKW_IMPORT_EXPORT_AES_GCM_PASS){
1362 testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1363 testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1364 testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1366 testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1367 testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1368 testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1371 RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CFB){
1372 testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1373 testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1374 testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
1375 testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1376 testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1377 testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr);
1378 testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1379 testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1380 testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr);
1382 testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1383 testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1384 testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1385 testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1386 testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1387 testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1388 testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1389 testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1390 testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1393 RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CFB_PASS){
1394 testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1395 testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1396 testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
1398 testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1399 testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1400 testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
1403 RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_OAEP){
1404 testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE, nullptr);
1405 testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE, nullptr);
1406 testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE, nullptr);
1407 testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE, nullptr);
1408 testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE, nullptr);
1409 testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE, nullptr);
1410 testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE, nullptr);
1411 testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE, nullptr);
1412 testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE, nullptr);
1414 testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1415 testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1416 testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1417 testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1418 testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1419 testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1420 testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1421 testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
1422 testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);