CKM: Add extra key-wrapping tests

author Daniel Kita <d.kita@samsung.com>

Fri, 14 Apr 2023 08:47:59 +0000 (10:47 +0200)

committer Daniel Kita <d.kita@samsung.com>

Fri, 14 Apr 2023 11:15:55 +0000 (13:15 +0200)
author Daniel Kita <d.kita@samsung.com>
Fri, 14 Apr 2023 08:47:59 +0000 (10:47 +0200)
committer Daniel Kita <d.kita@samsung.com>
Fri, 14 Apr 2023 11:15:55 +0000 (13:15 +0200)
diff --git a/src/ckm/unprivileged/key-wrapping.cpp b/src/ckm/unprivileged/key-wrapping.cpp

index cfb88a0..dd0f5cd 100644 (file)
--- a/src/ckm/unprivileged/key-wrapping.cpp
+++ b/src/ckm/unprivileged/key-wrapping.cpp
@@ -26,6 +26,13 @@ namespace {
  
  const uid_t UID = 5001;
  ckmc_raw_buffer_s* DEFAULT_IV = nullptr;
  
  const uid_t UID = 5001;
  ckmc_raw_buffer_s* DEFAULT_IV = nullptr;
+ckmc_raw_buffer_s* AAD64 = nullptr;
+ckmc_raw_buffer_s* IV11 = nullptr;
+ckmc_raw_buffer_s* IV12 = nullptr;
+ckmc_raw_buffer_s* IV15 = nullptr;
+ckmc_raw_buffer_s* IV17 = nullptr;
+ckmc_raw_buffer_s* IV128 = nullptr;
+ckmc_raw_buffer_s* AAD32 = nullptr;
  
  const Alias AES_KEY_128_ALIAS = "AES-gen-test-128";
  const Alias AES_KEY_192_ALIAS = "AES-gen-test-192";
  
  const Alias AES_KEY_128_ALIAS = "AES-gen-test-128";
  const Alias AES_KEY_192_ALIAS = "AES-gen-test-192";
@@ -54,6 +61,7 @@ struct Algo {
         ckmc_algo_type_e type;
         size_t initVector;
  };
         ckmc_algo_type_e type;
         size_t initVector;
  };
+
  const Algo AES_CTR_ALGO = {CKMC_ALGO_AES_CTR, 16};
  const Algo AES_CBC_ALGO = {CKMC_ALGO_AES_CBC, 16};
  const Algo AES_GCM_ALGO = {CKMC_ALGO_AES_GCM, 16};
  const Algo AES_CTR_ALGO = {CKMC_ALGO_AES_CTR, 16};
  const Algo AES_CBC_ALGO = {CKMC_ALGO_AES_CBC, 16};
  const Algo AES_GCM_ALGO = {CKMC_ALGO_AES_GCM, 16};
@@ -75,6 +83,14 @@ public:
                 if (ret != CKMC_ERROR_NONE)
                         RUNNER_ERROR_MSG("DB unlock failed: " <<CKMCErrorToString(ret));
  
                 if (ret != CKMC_ERROR_NONE)
                         RUNNER_ERROR_MSG("DB unlock failed: " <<CKMCErrorToString(ret));
  
+               AAD64 = createRandomBufferCAPI(64);
+               IV11 = createRandomBufferCAPI(11);
+               IV12 = createRandomBufferCAPI(12);
+               IV15 = createRandomBufferCAPI(15);
+               IV17 = createRandomBufferCAPI(17);
+               IV128 = createRandomBufferCAPI(128);
+               AAD32 = createRandomBufferCAPI(32);
+
                 assert_positive(ckmc_create_key_pair_rsa,
                                 1024,
                                 RSA_KEY_1024_PRV_ALIAS.c_str(),
                 assert_positive(ckmc_create_key_pair_rsa,
                                 1024,
                                 RSA_KEY_1024_PRV_ALIAS.c_str(),
@@ -113,6 +129,13 @@ public:
  
                 remove_user_data(UID);
                 ckmc_buffer_free(DEFAULT_IV);
  
                 remove_user_data(UID);
                 ckmc_buffer_free(DEFAULT_IV);
+               ckmc_buffer_free(AAD64);
+               ckmc_buffer_free(AAD32);
+               ckmc_buffer_free(IV128);
+               ckmc_buffer_free(IV17);
+               ckmc_buffer_free(IV15);
+               ckmc_buffer_free(IV12);
+               ckmc_buffer_free(IV11);
  
                 ckmc_remove_key(RSA_KEY_1024_PRV_ALIAS.c_str());
                 ckmc_remove_key(RSA_KEY_1024_PUB_ALIAS.c_str());
  
                 ckmc_remove_key(RSA_KEY_1024_PRV_ALIAS.c_str());
                 ckmc_remove_key(RSA_KEY_1024_PUB_ALIAS.c_str());
@@ -250,7 +273,7 @@ void testImportInvalidBuffLen(const Algo &algo,
  }
  
  void testImportValidArgs(const Algo &algo, int buffLen, const Alias &wrappingKeyAlias){
  }
  
  void testImportValidArgs(const Algo &algo, int buffLen, const Alias &wrappingKeyAlias){
-       ckmc_key_s *ppkey = nullptr;
+       ckmc_key_s *ppKey = nullptr;
         ckmc_raw_buffer_s *finalData = nullptr;
  
         ParamListPtr params = getDefaultParams(algo);
         ckmc_raw_buffer_s *finalData = nullptr;
  
         ParamListPtr params = getDefaultParams(algo);
@@ -262,12 +285,12 @@ void testImportValidArgs(const Algo &algo, int buffLen, const Alias &wrappingKey
                                 IMPORTED_ALIAS.c_str(),
                                 EXPORTABLE);
  
                                 IMPORTED_ALIAS.c_str(),
                                 EXPORTABLE);
  
-       assert_positive(ckmc_get_key, IMPORTED_ALIAS.c_str(), nullptr, &ppkey);
-       assert_positive(ckmc_buffer_new, ppkey->raw_key, ppkey->key_size, &finalData);
+       assert_positive(ckmc_get_key, IMPORTED_ALIAS.c_str(), nullptr, &ppKey);
+       assert_positive(ckmc_buffer_new, ppKey->raw_key, ppKey->key_size, &finalData);
         assert_buffers_equal(plainData.get(), finalData);
  
         ckmc_buffer_free(finalData);
         assert_buffers_equal(plainData.get(), finalData);
  
         ckmc_buffer_free(finalData);
-       ckmc_key_free(ppkey);
+       ckmc_key_free(ppKey);
         ckmc_remove_key(IMPORTED_ALIAS.c_str());
  }
  
         ckmc_remove_key(IMPORTED_ALIAS.c_str());
  }
  
@@ -292,7 +315,7 @@ void testExportableImported(const Algo &algo,
                         const char* wrappingKeyPass,
                         const ckmc_policy_s &importedKeyPolicy,
                         const char* importedKeyPass){
                         const char* wrappingKeyPass,
                         const ckmc_policy_s &importedKeyPolicy,
                         const char* importedKeyPass){
-       ckmc_key_s *ppkey = nullptr;
+       ckmc_key_s *ppKey = nullptr;
         ckmc_raw_buffer_s* finalData = nullptr;
  
         ParamListPtr params = getDefaultParams(algo);
         ckmc_raw_buffer_s* finalData = nullptr;
  
         ParamListPtr params = getDefaultParams(algo);
@@ -307,42 +330,17 @@ void testExportableImported(const Algo &algo,
         assert_positive(ckmc_get_key,
                                 IMPORTED_ALIAS.c_str(),
                                 importedKeyPass,
         assert_positive(ckmc_get_key,
                                 IMPORTED_ALIAS.c_str(),
                                 importedKeyPass,
-                               &ppkey);
+                               &ppKey);
  
         assert_positive(ckmc_buffer_new,
  
         assert_positive(ckmc_buffer_new,
-                               ppkey->raw_key,
-                               ppkey->key_size,
+                               ppKey->raw_key,
+                               ppKey->key_size,
                                 &finalData);
  
         assert_buffers_equal(plainData.get(), finalData);
  
         ckmc_buffer_free(finalData);
                                 &finalData);
  
         assert_buffers_equal(plainData.get(), finalData);
  
         ckmc_buffer_free(finalData);
-       ckmc_key_free(ppkey);
-       ckmc_remove_key(IMPORTED_ALIAS.c_str());
-}
-
-void testUnEXPORTABLEImported(const Algo &algo,
-                       int buffLen,
-                       const Alias &wrappingKeyAlias,
-                       const char* wrappingKeyPass,
-                       const ckmc_policy_s &importedKeyPolicy,
-                       const char* importedKeyPass){
-       ckmc_key_s *ppkey = nullptr;
-       ParamListPtr params = getDefaultParams(algo);
-
-       RawBufferPtr plainData = encryptAndImport(params,
-                               buffLen,
-                               wrappingKeyAlias,
-                               wrappingKeyPass,
-                               IMPORTED_ALIAS.c_str(),
-                               importedKeyPolicy);
-
-       assert_result(CKMC_ERROR_NOT_EXPORTABLE,
-                               ckmc_get_key,
-                               IMPORTED_ALIAS.c_str(),
-                               importedKeyPass,
-                               &ppkey);
-       ckmc_key_free(ppkey);
+       ckmc_key_free(ppKey);
         ckmc_remove_key(IMPORTED_ALIAS.c_str());
  }
  
         ckmc_remove_key(IMPORTED_ALIAS.c_str());
  }
  
@@ -385,13 +383,114 @@ void importKey(const Algo &algo,
         ckmc_key_free(aesKey);
  }
  
         ckmc_key_free(aesKey);
  }
  
+void testDiffKeysAndAlgorithms(const Algo &unwrapAlgo,
+                       const Alias &unwrappingKeyAlias,
+                       const char* unwrappingKeyPass,
+                       const Algo &wrapAlgo,
+                       const Alias &wrappingKeyAlias,
+                       const char* wrappingKeyPass){
+       const int buffLen = 32;
+       ckmc_key_s *ppKey = nullptr;
+       ckmc_raw_buffer_s* finalData = nullptr;
+       ckmc_raw_buffer_s* decrypted = nullptr;
+
+       ParamListPtr wrapParams = getDefaultParams(wrapAlgo);
+       ParamListPtr unwrapParams = getDefaultParams(unwrapAlgo);
+
+       RawBufferPtr plainData = encryptAndImport(unwrapParams,
+                               buffLen,
+                               unwrappingKeyAlias.c_str(),
+                               unwrappingKeyPass,
+                               IMPORTED_ALIAS,
+                               EXPORTABLE);
+
+       assert_positive(ckmc_export_wrapped_key,
+                               wrapParams.get(),
+                               wrappingKeyAlias.c_str(),
+                               wrappingKeyPass,
+                               IMPORTED_ALIAS.c_str(),
+                               nullptr,
+                               &ppKey);
+
+       assert_positive(ckmc_buffer_new,
+                               ppKey->raw_key,
+                               ppKey->key_size,
+                               &finalData);
+
+       assert_positive(ckmc_decrypt_data,
+                               wrapParams.get(),
+                               wrappingKeyAlias.c_str(),
+                               wrappingKeyPass,
+                               *finalData,
+                               &decrypted);
+
+       assert_buffers_equal(plainData.get(), decrypted);
+
+       ckmc_buffer_free(finalData);
+       ckmc_buffer_free(decrypted);
+       ckmc_key_free(ppKey);
+       ckmc_remove_key(IMPORTED_ALIAS.c_str());
+}
+
+template <typename T>
+void testImportExportCustomParameters(const Algo &algo,
+                       const Alias &wrappingKeyAlias,
+                       const char* wrappingKeyPass,
+                       ckmc_raw_buffer_s* initVec,
+                       ckmc_param_name_e name,
+                       const T& parameter){
+       ckmc_key_s *ppKey = nullptr;
+       ckmc_raw_buffer_s* finalData = nullptr;
+       ckmc_raw_buffer_s* decrypted = nullptr;
+
+       ckmc_param_list_h handle = nullptr;
+       assert_positive(ckmc_generate_new_params, algo.type, &handle);
+       ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
+       setParam(params, CKMC_PARAM_ED_IV, initVec);
+       setParam(params, name, parameter);
+
+       RawBufferPtr plainData = encryptAndImport(params,
+                               32,
+                               wrappingKeyAlias.c_str(),
+                               wrappingKeyPass,
+                               IMPORTED_ALIAS,
+                               EXPORTABLE);
+
+       assert_positive(ckmc_export_wrapped_key,
+                               params.get(),
+                               wrappingKeyAlias.c_str(),
+                               wrappingKeyPass,
+                               IMPORTED_ALIAS.c_str(),
+                               nullptr,
+                               &ppKey);
+
+       assert_positive(ckmc_buffer_new,
+                               ppKey->raw_key,
+                               ppKey->key_size,
+                               &finalData);
+
+       assert_positive(ckmc_decrypt_data,
+                               params.get(),
+                               wrappingKeyAlias.c_str(),
+                               wrappingKeyPass,
+                               *finalData,
+                               &decrypted);
+
+       assert_buffers_equal(plainData.get(), decrypted);
+
+       ckmc_buffer_free(finalData);
+       ckmc_buffer_free(decrypted);
+       ckmc_key_free(ppKey);
+       ckmc_remove_key(IMPORTED_ALIAS.c_str());
+}
+
  void testImportExportValidArgs(const Algo &algo,
                         int buffLen,
                         const Alias &wrappingKeyAlias,
                         const char* wrappingKeyPass,
                         const ckmc_policy_s &importedKeyPolicy,
                         const char* importedKeyPass){
  void testImportExportValidArgs(const Algo &algo,
                         int buffLen,
                         const Alias &wrappingKeyAlias,
                         const char* wrappingKeyPass,
                         const ckmc_policy_s &importedKeyPolicy,
                         const char* importedKeyPass){
-       ckmc_key_s *ppkey = nullptr;
+       ckmc_key_s *ppKey = nullptr;
         ckmc_raw_buffer_s* finalData = nullptr;
         ckmc_raw_buffer_s* decrypted = nullptr;
  
         ckmc_raw_buffer_s* finalData = nullptr;
         ckmc_raw_buffer_s* decrypted = nullptr;
  
@@ -410,11 +509,11 @@ void testImportExportValidArgs(const Algo &algo,
                                 wrappingKeyPass,
                                 IMPORTED_ALIAS.c_str(),
                                 importedKeyPass,
                                 wrappingKeyPass,
                                 IMPORTED_ALIAS.c_str(),
                                 importedKeyPass,
-                               &ppkey);
+                               &ppKey);
  
         assert_positive(ckmc_buffer_new,
  
         assert_positive(ckmc_buffer_new,
-                               ppkey->raw_key,
-                               ppkey->key_size,
+                               ppKey->raw_key,
+                               ppKey->key_size,
                                 &finalData);
  
         assert_positive(ckmc_decrypt_data,
                                 &finalData);
  
         assert_positive(ckmc_decrypt_data,
@@ -428,7 +527,7 @@ void testImportExportValidArgs(const Algo &algo,
  
         ckmc_buffer_free(finalData);
         ckmc_buffer_free(decrypted);
  
         ckmc_buffer_free(finalData);
         ckmc_buffer_free(decrypted);
-       ckmc_key_free(ppkey);
+       ckmc_key_free(ppKey);
         ckmc_remove_key(IMPORTED_ALIAS.c_str());
  }
  
         ckmc_remove_key(IMPORTED_ALIAS.c_str());
  }
  
@@ -479,9 +578,9 @@ RUNNER_TEST(TKW_WRONG_ALGO_PARAMS){
         setParam(invalidParams, CKMC_PARAM_ED_IV, initVec);
  
         testInvalidAlgoParameters(invalidParams, AES_CTR_ALGO);
         setParam(invalidParams, CKMC_PARAM_ED_IV, initVec);
  
         testInvalidAlgoParameters(invalidParams, AES_CTR_ALGO);
-
         ckmc_buffer_free(initVec);
         invalidParams.reset();
         ckmc_buffer_free(initVec);
         invalidParams.reset();
+
         assert_positive(ckmc_generate_new_params, AES_GCM_ALGO.type, &handle);
         invalidParams = ParamListPtr(handle, ckmc_param_list_free);
         initVec = createRandomBufferCAPI(16);
         assert_positive(ckmc_generate_new_params, AES_GCM_ALGO.type, &handle);
         invalidParams = ParamListPtr(handle, ckmc_param_list_free);
         initVec = createRandomBufferCAPI(16);
@@ -489,7 +588,14 @@ RUNNER_TEST(TKW_WRONG_ALGO_PARAMS){
         setParam(invalidParams, CKMC_PARAM_ED_TAG_LEN, 130);
  
         testInvalidAlgoParameters(invalidParams, AES_GCM_ALGO);
         setParam(invalidParams, CKMC_PARAM_ED_TAG_LEN, 130);
  
         testInvalidAlgoParameters(invalidParams, AES_GCM_ALGO);
+       invalidParams.reset();
  
  
+       assert_positive(ckmc_generate_new_params, AES_GCM_ALGO.type, &handle);
+       invalidParams = ParamListPtr(handle, ckmc_param_list_free);
+       setParam(invalidParams, CKMC_PARAM_ED_IV, initVec);
+       setParam(invalidParams, CKMC_PARAM_ED_AAD, IV11);
+
+       testInvalidAlgoParameters(invalidParams, AES_GCM_ALGO);
         ckmc_buffer_free(initVec);
  }
  
         ckmc_buffer_free(initVec);
  }
  
@@ -830,35 +936,91 @@ RUNNER_TEST(TKW_DIF_POLICIES_EXPORTABLE_IMPORTED){
         testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
  }
  
         testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
  }
  
-RUNNER_TEST(TKW_DIF_POLICIES_UNEXPORTABLE_IMPORTED){
-       testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, UNEXPORTABLE, nullptr);
-       testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE, nullptr);
-       testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, UNEXPORTABLE, nullptr);
-       testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE, nullptr);
+RUNNER_TEST(TKW_UNEXPORTABLE_IMPORTED){
+       ckmc_key_s *ppKey = nullptr;
+       ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
+
+       RawBufferPtr plainData = encryptAndImport(params,
+                               32,
+                               AES_KEY_128_ALIAS,
+                               nullptr,
+                               IMPORTED_ALIAS.c_str(),
+                               UNEXPORTABLE);
+
+       assert_result(CKMC_ERROR_NOT_EXPORTABLE,
+                               ckmc_get_key,
+                               IMPORTED_ALIAS.c_str(),
+                               nullptr,
+                               &ppKey);
+       ckmc_key_free(ppKey);
+       ckmc_remove_key(IMPORTED_ALIAS.c_str());
+}
+
+RUNNER_TEST(TKW_EXPORT_WRONG_TYPE_WRAPPING_KEY){
+       ckmc_key_s *ppKey = nullptr;
+       ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
+
+       RawBufferPtr plainData = encryptAndImport(params,
+                               32,
+                               AES_KEY_128_ALIAS,
+                               nullptr,
+                               IMPORTED_ALIAS.c_str(),
+                               EXPORTABLE);
+
+       assert_invalid_param(ckmc_export_wrapped_key,
+                               params.get(),
+                               RSA_KEY_2048_PUB_ALIAS.c_str(),
+                               nullptr,
+                               IMPORTED_ALIAS.c_str(),
+                               nullptr,
+                               &ppKey);
+
+       assert_positive(ckmc_create_key_pair_ecdsa,
+                               CKMC_EC_PRIME256V1,
+                               "ECDSA-prv",
+                               "ECDSA-pub",
+                               EXPORTABLE,
+                               EXPORTABLE);
+
+       assert_invalid_param(ckmc_export_wrapped_key,
+                               params.get(),
+                               "ECDSA-prv",
+                               nullptr,
+                               IMPORTED_ALIAS.c_str(),
+                               nullptr,
+                               &ppKey);
+
+       assert_invalid_param(ckmc_export_wrapped_key,
+                               params.get(),
+                               "ECDSA-pub",
+                               nullptr,
+                               IMPORTED_ALIAS.c_str(),
+                               nullptr,
+                               &ppKey);
  
  
-       testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD);
-       testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE_PASS, KEY_PASSWORD);
-       testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD);
-       testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE_PASS, KEY_PASSWORD);
+       ckmc_key_free(ppKey);
+       ckmc_remove_key("ECDSA-prv");
+       ckmc_remove_key("ECDSA-pub");
+       ckmc_remove_key(IMPORTED_ALIAS.c_str());
  }
  
  RUNNER_TEST(TKW_EXPORT_IMPORTED_KEY){
  }
  
  RUNNER_TEST(TKW_EXPORT_IMPORTED_KEY){
-       ckmc_key_s *ppkey = nullptr;
+       ckmc_key_s *ppKey = nullptr;
  
         ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
         assert_positive(ckmc_export_wrapped_key,
  
         ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
         assert_positive(ckmc_export_wrapped_key,
-                       params.get(),
-                       AES_KEY_128_ALIAS.c_str(),
-                       nullptr,
-                       IMP_AES_CTR.c_str(),
-                       nullptr,
-                       &ppkey);
+                               params.get(),
+                               AES_KEY_128_ALIAS.c_str(),
+                               nullptr,
+                               IMP_AES_CTR.c_str(),
+                               nullptr,
+                               &ppKey);
  
  
-       ckmc_key_free(ppkey);
+       ckmc_key_free(ppKey);
  }
  
  RUNNER_TEST(TKW_NO_ADDED_ALGO_EXPORT){
  }
  
  RUNNER_TEST(TKW_NO_ADDED_ALGO_EXPORT){
-       ckmc_key_s *ppkey = nullptr;
+       ckmc_key_s *ppKey = nullptr;
         ckmc_param_list_h handle = nullptr;
  
         assert_invalid_param(ckmc_export_wrapped_key,
         ckmc_param_list_h handle = nullptr;
  
         assert_invalid_param(ckmc_export_wrapped_key,
@@ -867,13 +1029,13 @@ RUNNER_TEST(TKW_NO_ADDED_ALGO_EXPORT){
                                 nullptr,
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
                                 nullptr,
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
-                               &ppkey);
+                               &ppKey);
  
  
-       ckmc_key_free(ppkey);
+       ckmc_key_free(ppKey);
  }
  
  RUNNER_TEST(TKW_EXPORT_UNKNOWN_WRAPPING_KEY_ALIAS){
  }
  
  RUNNER_TEST(TKW_EXPORT_UNKNOWN_WRAPPING_KEY_ALIAS){
-       ckmc_key_s *ppkey = nullptr;
+       ckmc_key_s *ppKey = nullptr;
         ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
  
         assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
         ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
  
         assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
@@ -883,13 +1045,13 @@ RUNNER_TEST(TKW_EXPORT_UNKNOWN_WRAPPING_KEY_ALIAS){
                                 nullptr,
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
                                 nullptr,
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
-                               &ppkey);
+                               &ppKey);
  
  
-       ckmc_key_free(ppkey);
+       ckmc_key_free(ppKey);
  }
  
  RUNNER_TEST(TKW_EXPORT_UNKNOWN_IMPORTED_KEY_ALIAS){
  }
  
  RUNNER_TEST(TKW_EXPORT_UNKNOWN_IMPORTED_KEY_ALIAS){
-       ckmc_key_s *ppkey = nullptr;
+       ckmc_key_s *ppKey = nullptr;
         ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
         Alias alias = "non_existing_alias";
  
         ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
         Alias alias = "non_existing_alias";
  
@@ -900,13 +1062,13 @@ RUNNER_TEST(TKW_EXPORT_UNKNOWN_IMPORTED_KEY_ALIAS){
                                 nullptr,
                                 alias.c_str(),
                                 nullptr,
                                 nullptr,
                                 alias.c_str(),
                                 nullptr,
-                               &ppkey);
+                               &ppKey);
  
  
-       ckmc_key_free(ppkey);
+       ckmc_key_free(ppKey);
  }
  
  RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){
  }
  
  RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){
-       ckmc_key_s *ppkey = nullptr;
+       ckmc_key_s *ppKey = nullptr;
         ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
  
         assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
         ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
  
         assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
@@ -916,7 +1078,7 @@ RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){
                                 nullptr,
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
                                 nullptr,
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
-                               &ppkey);
+                               &ppKey);
  
         assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
                                 ckmc_export_wrapped_key,
  
         assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
                                 ckmc_export_wrapped_key,
@@ -925,7 +1087,7 @@ RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){
                                 "wrong_password",
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
                                 "wrong_password",
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
-                               &ppkey);
+                               &ppKey);
  
         assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
                                 ckmc_export_wrapped_key,
  
         assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
                                 ckmc_export_wrapped_key,
@@ -934,7 +1096,7 @@ RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){
                                 nullptr,
                                 IMP_AES_CTR_PASS.c_str(),
                                 nullptr,
                                 nullptr,
                                 IMP_AES_CTR_PASS.c_str(),
                                 nullptr,
-                               &ppkey);
+                               &ppKey);
  
         assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
                                 ckmc_export_wrapped_key,
  
         assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
                                 ckmc_export_wrapped_key,
@@ -943,13 +1105,13 @@ RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){
                                 nullptr,
                                 IMP_AES_CTR_PASS.c_str(),
                                 "wrong_password",
                                 nullptr,
                                 IMP_AES_CTR_PASS.c_str(),
                                 "wrong_password",
-                               &ppkey);
+                               &ppKey);
  
  
-       ckmc_key_free(ppkey);
+       ckmc_key_free(ppKey);
  }
  
  RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){
  }
  
  RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){
-       ckmc_key_s *ppkey = nullptr;
+       ckmc_key_s *ppKey = nullptr;
         ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
  
         assert_invalid_param(ckmc_export_wrapped_key,
         ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
  
         assert_invalid_param(ckmc_export_wrapped_key,
@@ -958,7 +1120,7 @@ RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){
                                 nullptr,
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
                                 nullptr,
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
-                               &ppkey);
+                               &ppKey);
  
         assert_invalid_param(ckmc_export_wrapped_key,
                                 params.get(),
  
         assert_invalid_param(ckmc_export_wrapped_key,
                                 params.get(),
@@ -966,7 +1128,7 @@ RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){
                                 nullptr,
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
                                 nullptr,
                                 IMP_AES_CTR.c_str(),
                                 nullptr,
-                               &ppkey);
+                               &ppKey);
  
         assert_invalid_param(ckmc_export_wrapped_key,
                                 params.get(),
  
         assert_invalid_param(ckmc_export_wrapped_key,
                                 params.get(),
@@ -974,7 +1136,7 @@ RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){
                                 nullptr,
                                 nullptr,
                                 nullptr,
                                 nullptr,
                                 nullptr,
                                 nullptr,
-                               &ppkey);
+                               &ppKey);
  
         assert_invalid_param(ckmc_export_wrapped_key,
                                 params.get(),
  
         assert_invalid_param(ckmc_export_wrapped_key,
                                 params.get(),
@@ -984,7 +1146,130 @@ RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){
                                 nullptr,
                                 nullptr);
  
                                 nullptr,
                                 nullptr);
  
-       ckmc_key_free(ppkey);
+       ckmc_key_free(ppKey);
+}
+
+RUNNER_TEST(TKW_EXPORT_UNEXPORTABLE_WRAPPED_FORM){
+       ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
+       ckmc_key_s *ppKey = nullptr;
+
+       assert_positive(ckmc_create_key_aes, 128, "UNEXPORTABLE_AES", UNEXPORTABLE);
+
+       assert_positive(ckmc_export_wrapped_key,
+                               params.get(),
+                               AES_KEY_128_ALIAS.c_str(),
+                               nullptr,
+                               "UNEXPORTABLE_AES",
+                               nullptr,
+                               &ppKey);
+       ckmc_key_free(ppKey);
+       ckmc_remove_alias("UNEXPORTABLE_AES");
+}
+
+RUNNER_TEST(TKW_IMPORT_EXPORT_WITH_DIF_KEYS_AND_ALGORITHMS){
+       testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, AES_CTR_ALGO, AES_KEY_128_ALIAS, nullptr);
+       testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr);
+       testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, RSA_OAEP_ALGO, RSA_KEY_1024_PRV_ALIAS, nullptr);
+}
+
+RUNNER_TEST(TKW_AES_GCM_WITH_ADD_IV_PARAM){
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64);
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64);
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64);
+
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
+
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV128, CKMC_PARAM_ED_AAD, AAD64);
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV12, CKMC_PARAM_ED_AAD, AAD64);
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV15, CKMC_PARAM_ED_AAD, AAD64);
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV17, CKMC_PARAM_ED_AAD, AAD64);
+}
+
+RUNNER_TEST(TKW_AES_GCM_WITH_TAG_LEN){
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 96);
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 104 );
+       testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 128);
+}
+
+RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_LABEL){
+       RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
+       testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_1024_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64);
+       testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_2048_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64);
+       testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_4096_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64);
+}
+
+RUNNER_TEST(TKW_RSA_WRAPPED_KEY){
+       ckmc_raw_buffer_s *encrypted = nullptr;
+       ckmc_raw_buffer_s *rsaKeyData = nullptr;
+       ckmc_raw_buffer_s *decrypted = nullptr;
+       ckmc_raw_buffer_s *finalData = nullptr;
+
+       ckmc_key_s *ppKey = nullptr;
+       ckmc_key_s *rsaKey = nullptr;
+       ckmc_key_s *wrappedRsaKey = nullptr;
+
+       ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
+
+       assert_positive(ckmc_create_key_pair_rsa, 1024, "RPV", "RPB", EXPORTABLE, EXPORTABLE);
+       assert_positive(ckmc_get_key, "RPV", nullptr, &rsaKey);
+       assert_positive(ckmc_buffer_new, rsaKey->raw_key, rsaKey->key_size, &rsaKeyData);
+
+       assert_positive(ckmc_encrypt_data,
+                               params.get(),
+                               AES_KEY_256_ALIAS.c_str(),
+                               nullptr,
+                               *rsaKeyData,
+                               &encrypted);
+
+       assert_positive(ckmc_key_new,
+                               encrypted->data,
+                               encrypted->size,
+                               CKMC_KEY_RSA_PRIVATE,
+                               nullptr,
+                               &wrappedRsaKey);
+
+       assert_positive(ckmc_import_wrapped_key,
+                               params.get(),
+                               AES_KEY_256_ALIAS.c_str(),
+                               nullptr,
+                               IMPORTED_ALIAS.c_str(),
+                               wrappedRsaKey,
+                               EXPORTABLE);
+
+       assert_positive(ckmc_export_wrapped_key,
+                               params.get(),
+                               AES_KEY_256_ALIAS.c_str(),
+                               nullptr,
+                               IMPORTED_ALIAS.c_str(),
+                               nullptr,
+                               &ppKey);
+
+       assert_positive(ckmc_buffer_new,
+                               ppKey->raw_key,
+                               ppKey->key_size,
+                               &finalData);
+
+       assert_positive(ckmc_decrypt_data,
+                               params.get(),
+                               AES_KEY_256_ALIAS.c_str(),
+                               nullptr,
+                               *finalData,
+                               &decrypted);
+
+       assert_buffers_equal(rsaKeyData, decrypted);
+
+       ckmc_buffer_free(rsaKeyData);
+       ckmc_buffer_free(finalData);
+       ckmc_buffer_free(decrypted);
+       ckmc_buffer_free(encrypted);
+       ckmc_key_free(wrappedRsaKey);
+       ckmc_key_free(rsaKey);
+       ckmc_key_free(ppKey);
+       ckmc_remove_key(IMPORTED_ALIAS.c_str());
+       ckmc_remove_key("RPB");
+       ckmc_remove_key("RPV");
  }
  
  RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CTR){
  }
  
  RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CTR){
author	Daniel Kita <d.kita@samsung.com>
	Fri, 14 Apr 2023 08:47:59 +0000 (10:47 +0200)
committer	Daniel Kita <d.kita@samsung.com>
	Fri, 14 Apr 2023 11:15:55 +0000 (13:15 +0200)