CKMC_ERROR_NONE == (temp = ckmc_remove_alias(alias)),
CKMCReadableError(temp));
}
-RUNNER_TEST(T3047_get_public_key_from_TZ)
+
+template<typename F, typename U>
+void get_public_key_from_tz(F&& create_fun, U&& create_arg)
{
- const char *private_key_alias = "ECDSA-test-priv";
- const char *public_key_alias = "ECDSA-test-pub";
+ const char *private_key_alias = "EXPORT-test-priv";
+ const char *public_key_alias = "EXPORT-test-pub";
ckmc_policy_s policy_private_key;
ckmc_policy_s policy_public_key;
ckmc_key_s *test_key2 = NULL;
policy_public_key.extractable = true;
//Testing getting exportable public key without password
- assert_positive(ckmc_create_key_pair_ecdsa,
- CKMC_EC_PRIME192V1,
+ assert_positive(create_fun,
+ create_arg,
private_key_alias,
public_key_alias,
policy_private_key,
policy_public_key.password = const_cast<char *>(password);
policy_public_key.extractable = true;
- assert_positive(ckmc_create_key_pair_ecdsa,
- CKMC_EC_PRIME192V1,
+ assert_positive(create_fun,
+ create_arg,
private_key_alias,
public_key_alias,
policy_private_key,
policy_public_key.password = NULL;
policy_public_key.extractable = false;
- assert_positive(ckmc_create_key_pair_ecdsa,
- CKMC_EC_PRIME192V1,
+ assert_positive(create_fun,
+ create_arg,
private_key_alias,
public_key_alias,
policy_private_key,
test_key3 = NULL;
}
+RUNNER_TEST(T3047_get_public_ec_key_from_TZ)
+{
+ get_public_key_from_tz(ckmc_create_key_pair_ecdsa, CKMC_EC_PRIME192V1);
+}
+
+RUNNER_TEST(T3048_get_public_rsa_key_from_TZ)
+{
+ get_public_key_from_tz(ckmc_create_key_pair_rsa, 1024);
+}
+
+// Not supported yet from key-manager-ta.
+// RUNNER_TEST(T3049_get_public_dsa_key_from_TZ)
+// {
+// get_public_key_from_tz(ckmc_create_key_pair_dsa, 1024);
+// }
+
RUNNER_TEST(T3050_deinit_C_API)
{
int temp;
padding,
signature);
}
+
+void signVerifyWithExportedPubkey(const KeyAliasPair& aliasPair,
+ const char* pw,
+ const RawBufferPtr& message,
+ const ckmc_hash_algo_e hash,
+ const ckmc_rsa_padding_algo_e padding)
+{
+ KeyAliasPair pubExportedAliasPair;
+ pubExportedAliasPair.prv = aliasPair.prv;
+ pubExportedAliasPair.pub = std::string("exp_") + aliasPair.pub;
+
+ ckmc_policy_s pubpolicy;
+ pubpolicy.password = const_cast<char *>(pw);
+ pubpolicy.extractable = 1;
+
+ ckmc_key_s *get_key = NULL;
+
+ // remove previous test data if exists.
+ ckmc_remove_alias(pubExportedAliasPair.pub.c_str());
+
+ int ret = ckmc_get_key(aliasPair.pub.c_str(), pubpolicy.password, &get_key);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
+ "Failed to get key. alias=" << aliasPair.pub << ", error: " << ret);
+
+ ret = ckmc_save_key(pubExportedAliasPair.pub.c_str(), *get_key, pubpolicy);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
+ "Failed to save key. alias=" << pubExportedAliasPair.pub << ", error: " << ret);
+
+ signVerify(pubExportedAliasPair, pw, message, hash, padding);
+
+ ckmc_remove_alias(pubExportedAliasPair.pub.c_str());
+ ckmc_key_free(get_key);
+}
+
// test given key pair against all hash and padding algos
-void testSignVerify(Algo algo, size_t keyBits, int idx)
+void testSignVerify(Algo algo, size_t keyBits, int idx, bool testWithExportedPubkey)
{
#ifdef TZ_BACKEND
if (algo == DSA && keyBits > 1024)
// iterate over padding algorithms
for (const auto& pad : PAD2STR) {
auto expectSuccess = [&](const RawBufferPtr& msg) {
- signVerify(keys, pw.c_str(), msg, hash.first, pad.first);
+ if (testWithExportedPubkey)
+ signVerifyWithExportedPubkey(keys, pw.c_str(), msg, hash.first, pad.first);
+ else
+ signVerify(keys, pw.c_str(), msg, hash.first, pad.first);
};
auto expectInvalid = [&](const RawBufferPtr& msg) {
signInvalid(keys.prv, pw.c_str(), msg, hash.first, pad.first);
}
}
+void testSignVerify(Algo algo, size_t keyBits, int idx)
+{
+ testSignVerify(algo, keyBits, idx, false);
+}
+void testSignVerifyWithExportedPubkey(Algo algo, size_t keyBits, int idx)
+{
+ testSignVerify(algo, keyBits, idx, true);
+}
+
} // namespace anonymous
RUNNER_TEST_GROUP_INIT_ENV(CKM_SIGN_VERIFY, SignVerifyGroupFixture);
testSignVerify(ECDSA, EC_SECP384R1, PASSWORD_PROTECTED);
}
+// For testing exported public key
+RUNNER_TEST(TSV_0400_verify_with_exported_pubkey_rsa_1024)
+{
+ testSignVerifyWithExportedPubkey(RSA, 1024, PRIMARY);
+}
+
+RUNNER_TEST(TSV_0401_verify_with_exported_pubkey_rsa_2048)
+{
+ testSignVerifyWithExportedPubkey(RSA, 2048, PRIMARY);
+}
+
+#ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations
+RUNNER_TEST(TSV_0402_verify_with_exported_pubkey_rsa_4096)
+{
+ testSignVerifyWithExportedPubkey(RSA, 4096, PRIMARY);
+}
+#endif
+
+RUNNER_TEST(TSV_0410_verify_with_exported_pubkey_ecdsa_PRIME192V1)
+{
+ testSignVerifyWithExportedPubkey(ECDSA, EC_PRIME192V1, PRIMARY);
+}
+
+RUNNER_TEST(TSV_0411_verify_with_exported_pubkey_ecdsa_PRIME256V1)
+{
+ testSignVerifyWithExportedPubkey(ECDSA, EC_PRIME256V1, PRIMARY);
+}
+
+RUNNER_TEST(TSV_0412_verify_with_exported_pubkey_ecdsa_SECP384R1)
+{
+ testSignVerifyWithExportedPubkey(ECDSA, EC_SECP384R1, PRIMARY);
+}
+
+// Not supported yet from key-manager-ta.
+// RUNNER_TEST(TSV_0420_verify_with_exported_pubkey_dsa_1024)
+// {
+// testSignVerifyWithExportedPubkey(DSA, 1024, PRIMARY);
+// }
+
+// RUNNER_TEST(TSV_0421_verify_with_exported_pubkey_dsa_2048)
+// {
+// testSignVerifyWithExportedPubkey(DSA, 2048, PRIMARY);
+// }
+
+// RUNNER_TEST(TSV_0422_verify_with_exported_pubkey_dsa_3072)
+// {
+// testSignVerifyWithExportedPubkey(DSA, 3072, PRIMARY);
+// }
+
+// #ifndef TZ_LEGACY_BACKEND // no support for DSA 4k keys in old TEE implementations
+// RUNNER_TEST(TSV_0423_verify_with_exported_pubkey_dsa_4096)
+// {
+// testSignVerifyWithExportedPubkey(DSA, 4096, PRIMARY);
+// }
+// #endif
+
// TODO: border cases for padding
// TODO: invalid arguments
// TODO: Big data
projects / platform / core / test / security-tests.git / commitdiff