CKM::RawBuffer data;
CKM::RawBuffer wrappedKey;
+ const CKM::KemType type = CKM::KemType::ML_KEM_768;
+ const CKM::Alias privateKeyAlias;
+ const CKM::Alias publicKeyAlias;
+ const CKM::Alias firstSharedSecretAlias;
+ const CKM::Alias secondSharedSecretAlias;
+ const CKM::Alias newSharedSecretAlias;
+ CKM::RawBuffer ciphertext;
+
// We pass invalid data so we expect an error but it should not be ACCESS_DENIED as we have
// proper privileges
RUNNER_ASSERT_MSG(
CKM_API_ERROR_ACCESS_DENIED != (temp = manager->unwrapConcatenatedData(
params, wrappingKeyAlias, wrappingKeyPassword, wrappedKey, alias, 0, CKM::Policy(), data)),
"Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED != (temp = manager->createKeyPairKEM(
+ type, privateKeyAlias, publicKeyAlias, CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED != (temp = manager->encapsulateKey(
+ params, publicKeyAlias, password, firstSharedSecretAlias, CKM::Policy(), ciphertext)),
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED != (temp = manager->decapsulateKey(
+ params, privateKeyAlias, password, secondSharedSecretAlias, CKM::Policy(), ciphertext)),
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED != (temp = manager->deriveHybrid(
+ params, firstSharedSecretAlias, password, secondSharedSecretAlias, password, newSharedSecretAlias, CKM::Policy())),
+ "Error=" << CKM::APICodeToString(temp));
}
RUNNER_CHILD_TEST(G02T07_ExtendedNegative) {
CKM::RawBuffer data;
CKM::RawBuffer wrappedKey;
+ const CKM::KemType type = CKM::KemType::ML_KEM_768;
+ const CKM::Alias privateKeyAlias;
+ const CKM::Alias publicKeyAlias;
+ const CKM::Alias firstSharedSecretAlias;
+ const CKM::Alias secondSharedSecretAlias;
+ const CKM::Alias newSharedSecretAlias;
+ CKM::RawBuffer ciphertext;
+
// We expect to receive ACCESS_DENIED before the actual logic function is called (which would
// return a different error because we pass invalid parameters)
RUNNER_ASSERT_MSG(
params, wrappingKeyAlias, wrappingKeyPassword, wrappedKey, alias, 0,
CKM::Policy(), data)),
"Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->createKeyPairKEM(
+ type, privateKeyAlias, publicKeyAlias, CKM::Policy(), CKM::Policy())),
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->encapsulateKey(
+ params, publicKeyAlias, password, firstSharedSecretAlias, CKM::Policy(), ciphertext)),
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->decapsulateKey(
+ params, privateKeyAlias, password, secondSharedSecretAlias, CKM::Policy(), ciphertext)),
+ "Error=" << CKM::APICodeToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_ACCESS_DENIED == (temp = manager->deriveHybrid(
+ params, firstSharedSecretAlias, password, secondSharedSecretAlias, password, newSharedSecretAlias, CKM::Policy())),
+ "Error=" << CKM::APICodeToString(temp));
}
projects / platform / core / test / security-tests.git / commitdiff