}
}
-void check_key(const char *alias, int expected_error, ckmc_key_type_e expected_type)
+void check_key(const char *alias, const char* pw, int expected_error, ckmc_key_type_e expected_type)
{
ckmc_key_s *test_key = NULL;
- int temp = ckmc_get_key(alias, 0, &test_key);
+ int temp = ckmc_get_key(alias, pw, &test_key);
RUNNER_ASSERT_MSG(
expected_error == temp,
"received: " << CKMCReadableError(temp) << " while expected: " << CKMCReadableError(expected_error));
}
ckmc_key_free(test_key);
}
+void check_key(const char *alias, int expected_error, ckmc_key_type_e expected_type)
+{
+ check_key(alias, nullptr, expected_error, expected_type);
+}
+void check_key_allowed(const char *alias,
+ const char *password,
+ ckmc_key_type_e expected_type)
+{
+ check_key(alias, password, CKMC_ERROR_NONE, expected_type);
+}
void check_key_allowed(const char *alias, ckmc_key_type_e expected_type)
{
- check_key(alias, CKMC_ERROR_NONE, expected_type);
+ check_key_allowed(alias, nullptr, expected_type);
}
-void check_key_not_visible(const char *alias)
+void check_key_not_visible(const char *alias, const char *password)
{
- check_key(alias, CKMC_ERROR_DB_ALIAS_UNKNOWN);
+ check_key(alias, password, CKMC_ERROR_DB_ALIAS_UNKNOWN);
}
void check_cert_allowed(const char *alias)
{
// [test1]
{
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
+ check_key_allowed(XML_1_EXPECTED_KEY_1_RSA.c_str(),
+ XML_1_EXPECTED_KEY_1_PASSWD.c_str(),
+ CKMC_KEY_RSA_PUBLIC);
+ check_key(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAppContext ctx(TEST_LABEL, USER_APP, GROUP_APP);
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
+ check_key_allowed(XML_1_EXPECTED_KEY_1_RSA.c_str(), XML_1_EXPECTED_KEY_1_PASSWD.c_str());
check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str());
ScopedDBUnlock unlock(USER_APP, APP_PASS);
ScopedAppContext ctx(TEST_LABEL_2, USER_APP, GROUP_APP);
- check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
+ check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str(),
+ XML_1_EXPECTED_KEY_1_PASSWD.c_str());
+ check_key(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
{
// [test]
// check items existence as system service
- check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
- check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
- check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
+ check_key_allowed(XML_1_EXPECTED_KEY_1_RSA.c_str(),
+ XML_1_EXPECTED_KEY_1_PASSWD.c_str(),
+ CKMC_KEY_RSA_PUBLIC);
+ check_key_allowed(XML_2_EXPECTED_KEY_1_RSA.c_str(),
+ XML_1_EXPECTED_KEY_1_PASSWD.c_str(),
+ CKMC_KEY_RSA_PUBLIC);
+ check_key(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
+ check_key(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
RUNNER_TEST(T6999_deinit)
{
+ ckmc_remove_alias(XML_1_EXPECTED_KEY_1_RSA.c_str());
+ ckmc_remove_alias(XML_1_EXPECTED_KEY_2_RSA.c_str());
+ ckmc_remove_alias(XML_1_EXPECTED_KEY_3_AES.c_str());
+ ckmc_remove_alias(XML_1_EXPECTED_CERT_1.c_str());
+ ckmc_remove_alias(XML_1_EXPECTED_DATA_1.c_str());
+ ckmc_remove_alias(XML_2_EXPECTED_KEY_1_RSA.c_str());
+ ckmc_remove_alias(XML_2_EXPECTED_KEY_2_RSA.c_str());
+ ckmc_remove_alias(XML_2_EXPECTED_KEY_3_AES.c_str());
+ ckmc_remove_alias(XML_2_EXPECTED_CERT_1.c_str());
+ ckmc_remove_alias(XML_2_EXPECTED_DATA_1.c_str());
+ ckmc_remove_alias(XML_3_EXPECTED_KEY_1_RSA.c_str());
+ ckmc_remove_alias(XML_3_EXPECTED_KEY_2_RSA.c_str());
+ ckmc_remove_alias(XML_3_EXPECTED_CERT_1.c_str());
+ ckmc_remove_alias(XML_3_EXPECTED_DATA_1.c_str());
+
remove_user_data(0);
}
auto mgr = CKM::Manager::create();
RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = mgr->decrypt(algo, "/System TEI_0", CKM::Password(), messageBin, decrypted)), "Failed to decrypt " << CKM::APICodeToString(temp));
RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == EIV_PLAIN_MESSAGE, "Data does not match");
+
+ ckmc_remove_alias("/System TEI_0");
}
RUNNER_TEST_TZ_BACKEND(T7010_Encrypted_initial_values_asymmetric, RemoveDataEnv<0>)
};
constexpr auto rsaHashAlgo = CKM::HashAlgorithm::SHA512;
- constexpr auto rsaPaddingAlgo = CKM::RSAPaddingAlgorithm::X931;
+ constexpr auto rsaPaddingAlgo = CKM::RSAPaddingAlgorithm::PKCS1;
sign("/System TEI_RSA_PRV", "/System TEI_RSA_PUB", rsaHashAlgo, rsaPaddingAlgo);
sign("/System TEI_RSA_PKCS8_PRV", "/System TEI_RSA_PKCS8_PUB", rsaHashAlgo, rsaPaddingAlgo);
sign("/System TEI_DSA_PRV", "/System TEI_DSA_PUB", CKM::HashAlgorithm::SHA1, CKM::RSAPaddingAlgorithm::NONE);
#undef MGR
+
+ ckmc_remove_alias("/System TEI_RSA_PRV");
+ ckmc_remove_alias("/System TEI_RSA_PUB");
+ ckmc_remove_alias("/System TEI_RSA_PKCS8_PRV");
+ ckmc_remove_alias("/System TEI_RSA_PKCS8_PUB");
+ ckmc_remove_alias("/System TEI_DSA_PRV");
+ ckmc_remove_alias("/System TEI_DSA_PUB");
}
/* TODO
projects / platform / core / test / security-tests.git / commitdiff