importedKeyPolicy,
importedKeyPass);
}
+
+#ifdef TZ_BACKEND
+void testImportExportAesBetweenTzSwBackends(const Algo &wrapAlgo,
+ int targetKeyLen,
+ int wrappingKeyLen) {
+ const Alias targetKeyAlias0 = "targetKeyAlias0";
+ const Alias targetKeyAlias1 = "targetKeyAlias1";
+ const Alias targetKeyAlias2 = "targetKeyAlias2";
+ const Alias wrappingKeyExpAlias = "wrappingKeyExpAlias";
+ const Alias wrappingKeyUnexpAlias = "wrappingKeyUnexpAlias";
+
+ AliasRemover remover0(wrappingKeyExpAlias.c_str());
+ AliasRemover remover1(wrappingKeyUnexpAlias.c_str());
+ AliasRemover remover2(targetKeyAlias0.c_str());
+ AliasRemover remover3(targetKeyAlias1.c_str());
+ AliasRemover remover4(targetKeyAlias2.c_str());
+
+ ParamListPtr wrapParams = getDefaultParams(wrapAlgo);
+ ckmc_key_s *targetKey = nullptr;
+ ckmc_key_s *wrappingKey = nullptr;
+ ckmc_key_s *pTmpKey0 = nullptr;
+ ckmc_key_s *pTmpKey1 = nullptr;
+
+ // 1. Get random values with the length of targetKeyLen/wrappingKeyLen.
+ RawBufferPtr targetKeyValue(createRandomBufferCAPI(targetKeyLen), ckmc_buffer_free);
+ RawBufferPtr wrappingKeyValue(createRandomBufferCAPI(wrappingKeyLen), ckmc_buffer_free);
+
+ assert_positive(ckmc_key_new, targetKeyValue->data, targetKeyValue->size,
+ CKMC_KEY_AES, nullptr, &targetKey);
+ assert_positive(ckmc_key_new, wrappingKeyValue->data, wrappingKeyValue->size,
+ CKMC_KEY_AES, nullptr, &wrappingKey);
+
+ // 2. Save wrapping keys with Exportable=true & false in SW Backend and TZ Backend
+ assert_positive(ckmc_save_key, wrappingKeyExpAlias.c_str(), *wrappingKey, EXPORTABLE);
+ assert_positive(ckmc_save_key, wrappingKeyUnexpAlias.c_str(), *wrappingKey, UNEXPORTABLE);
+
+ // 3. Save target key to SW Backend
+ assert_positive(ckmc_save_key, targetKeyAlias0.c_str(), *targetKey, EXPORTABLE);
+
+ // 4. Export target key from SW Backend to TZ Backend
+ assert_positive(ckmc_export_wrapped_key,
+ wrapParams.get(),
+ wrappingKeyExpAlias.c_str(),
+ nullptr,
+ targetKeyAlias0.c_str(),
+ nullptr,
+ &pTmpKey0);
+ assert_positive(ckmc_import_wrapped_key,
+ wrapParams.get(),
+ wrappingKeyUnexpAlias.c_str(),
+ nullptr,
+ targetKeyAlias1.c_str(),
+ pTmpKey0,
+ UNEXPORTABLE);
+
+ // 5. Export target key from TZ Backend to SW Backend
+ assert_positive(ckmc_export_wrapped_key,
+ wrapParams.get(),
+ wrappingKeyUnexpAlias.c_str(),
+ nullptr,
+ targetKeyAlias1.c_str(),
+ nullptr,
+ &pTmpKey1);
+ assert_positive(ckmc_import_wrapped_key,
+ wrapParams.get(),
+ wrappingKeyExpAlias.c_str(),
+ nullptr,
+ targetKeyAlias2.c_str(),
+ pTmpKey1,
+ EXPORTABLE);
+
+ // 6. Check key values
+ assert_aes_key_value(targetKeyAlias0.c_str(), nullptr, targetKeyValue);
+ assert_aes_key_value(targetKeyAlias1.c_str(), nullptr, targetKeyValue);
+ assert_aes_key_value(targetKeyAlias2.c_str(), nullptr, targetKeyValue);
+
+ // 7. free keys
+ ckmc_key_free(targetKey);
+ ckmc_key_free(wrappingKey);
+ ckmc_key_free(pTmpKey0);
+ ckmc_key_free(pTmpKey1);
+}
+#endif
+
} //END OF THE NAMESPACE
RUNNER_TEST_GROUP_INIT_ENV(CKM_KEY_WRAPPING, GroupFixture);
testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE_PASS, KEY_PASSWORD);
}
+#ifdef TZ_BACKEND
+RUNNER_TEST(TKW_IMPORT_EXPORT_AES_BETWEEN_BACKENDS){
+ testImportExportAesBetweenTzSwBackends(AES_CTR_ALGO, 16, 16);
+ testImportExportAesBetweenTzSwBackends(AES_CTR_ALGO, 24, 24);
+ testImportExportAesBetweenTzSwBackends(AES_CTR_ALGO, 32, 32);
+ testImportExportAesBetweenTzSwBackends(AES_CBC_ALGO, 16, 16);
+ testImportExportAesBetweenTzSwBackends(AES_CBC_ALGO, 24, 24);
+ testImportExportAesBetweenTzSwBackends(AES_CBC_ALGO, 32, 32);
+ testImportExportAesBetweenTzSwBackends(AES_GCM_ALGO, 16, 16);
+ testImportExportAesBetweenTzSwBackends(AES_GCM_ALGO, 24, 24);
+ testImportExportAesBetweenTzSwBackends(AES_GCM_ALGO, 32, 32);
+ testImportExportAesBetweenTzSwBackends(AES_CFB_ALGO, 16, 16);
+ testImportExportAesBetweenTzSwBackends(AES_CFB_ALGO, 24, 24);
+ testImportExportAesBetweenTzSwBackends(AES_CFB_ALGO, 32, 32);
+}
+#endif
+
RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_OAEP){
testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PUB_ALIAS, nullptr, RSA_KEY_1024_PRV_ALIAS, nullptr, UNEXPORTABLE, nullptr);
testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PUB_ALIAS, nullptr, RSA_KEY_1024_PRV_ALIAS, nullptr, UNEXPORTABLE, nullptr);
projects / platform / core / test / security-tests.git / commitdiff