const size_t DEFAULT_IV_LEN = 16;
const size_t DEFAULT_IV_LEN_BITS = 8*DEFAULT_IV_LEN;
-RawBufferPtr IV(createRandomBuffer(DEFAULT_IV_LEN), ckmc_buffer_free);
+RawBufferPtr IV(createRandomBufferCAPI(DEFAULT_IV_LEN), ckmc_buffer_free);
void assert_list_empty(const ckmc_param_list_s* list)
{
check_int_param(list.get(), CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_GCM);
assert_param_count(list.get(),1);
- RawBufferPtr buffer(createRandomBuffer(DEFAULT_IV_LEN), ckmc_buffer_free);
+ RawBufferPtr buffer(createRandomBufferCAPI(DEFAULT_IV_LEN), ckmc_buffer_free);
assert_positive(ckmc_param_list_add_buffer,
list.get(),
CKMC_PARAM_ED_IV,
#include <test-certs.h>
#include <ckm-common.h>
#include <access_provider2.h>
+#include <random>
using namespace CKM;
using namespace std;
void ReceivedCertificateAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
void ReceivedDataAliasVector(AliasVector && av) { m_aliases = move(av); Succeeded(); }
+ void ReceivedCreateKeyAES() { Succeeded(); }
void ReceivedCreateKeyPair() { Succeeded(); }
void ReceivedGetCertificateChain(CertificateShPtrVector && chain)
enum Type {
RSA,
DSA,
- ECDSA
+ ECDSA,
+ AES
};
-struct KeyPair
+struct KeyContainer
{
- KeyPair(const std::string& prv_pem, const std::string& pub_pem) {
+ // assymetric
+ KeyContainer(const std::string& prv_pem, const std::string& pub_pem) {
RawBuffer buffer_prv(prv_pem.begin(), prv_pem.end());
prv = Key::create(buffer_prv);
assert(prv);
assert(pub);
}
+ // symmetric
+ KeyContainer(const RawBuffer& key_raw) {
+ prv = pub = Key::createAES(key_raw);
+ assert(prv);
+ assert(pub);
+ }
+
KeyShPtr prv;
KeyShPtr pub;
};
-typedef map<Type, vector<KeyPair> > KeyMap;
+typedef map<Type, vector<KeyContainer> > KeyMap;
KeyMap initializeKeys()
"2glhz9wNmWTiUpSmZu+b/9FZ/VTtqDe05XKx\n"
"-----END PUBLIC KEY-----"
);
+
+ CKM::RawBuffer AES_key = createRandomBuffer(256/8);
+ km[AES].emplace_back(AES_key);
+
return km;
}
RUNNER_TEST(TA0050_save_key_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
+ test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
+ test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
+ test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
}
RUNNER_TEST(TA0350_remove_key_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy());
- test_positive(&ManagerAsync::removeAlias, "alias");
+ test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
+ test_positive(&ManagerAsync::removeAlias, "alias_RSA");
+ test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
+ test_positive(&ManagerAsync::removeAlias, "alias_DSA");
+ test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
+ test_positive(&ManagerAsync::removeAlias, "alias_AES");
+
}
RUNNER_TEST(TA0640_get_key_wrong_password, UserEnv)
{
- test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy("password"));
+ test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy("password"));
test_negative(&ManagerAsync::getKey,
CKM_API_ERROR_AUTHENTICATION_FAILED,
- "alias",
+ "alias_RSA",
+ "wrong-password");
+ test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy("password"));
+ test_negative(&ManagerAsync::getKey,
+ CKM_API_ERROR_AUTHENTICATION_FAILED,
+ "alias_DSA",
+ "wrong-password");
+ test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy("password"));
+ test_negative(&ManagerAsync::getKey,
+ CKM_API_ERROR_AUTHENTICATION_FAILED,
+ "alias_AES",
"wrong-password");
}
RUNNER_TEST(TA0650_get_key_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveKey, "alias", keys[RSA][0].prv, Policy("password"));
- test_positive(&ManagerAsync::getKey, "alias", "password");
+ test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy("password"));
+ test_positive(&ManagerAsync::getKey, "alias_RSA", "password");
+ test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy("password"));
+ test_positive(&ManagerAsync::getKey, "alias_DSA", "password");
+ test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy("password"));
+ test_positive(&ManagerAsync::getKey, "alias_AES", "password");
}
RUNNER_TEST(TA0950_get_key_alias_vector_positive, UserEnv)
{
- test_positive(&ManagerAsync::saveKey, "alias1", keys[RSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias1") });
+ test_positive(&ManagerAsync::saveKey, "alias_RSA", keys[RSA][0].prv, Policy());
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA") });
- test_positive(&ManagerAsync::saveKey, "alias2", keys[DSA][0].prv, Policy());
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias1"),
- aliasWithLabel(TEST_LABEL, "alias2") });
+ test_positive(&ManagerAsync::saveKey, "alias_DSA", keys[DSA][0].prv, Policy());
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
+ aliasWithLabel(TEST_LABEL, "alias_DSA") });
- test_positive(&ManagerAsync::removeAlias, "alias1");
- test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias2") });
+ test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
+ aliasWithLabel(TEST_LABEL, "alias_DSA"),
+ aliasWithLabel(TEST_LABEL, "alias_AES") });
+
+ // remove DSA key
+ test_positive(&ManagerAsync::removeAlias, "alias_DSA");
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_RSA"),
+ aliasWithLabel(TEST_LABEL, "alias_AES")});
}
// createKeyPairRSA
-RUNNER_TEST(TA1210_create_key_pair_rsa_invalid_param, UserEnv)
+RUNNER_TEST(TA1210_create_key_pair_RSA_invalid_param, UserEnv)
{
test_no_observer(&ManagerAsync::createKeyPairRSA,
1024,
Policy());
}
-RUNNER_TEST(TA1220_create_key_pair_rsa_already_exists, UserEnv)
+RUNNER_TEST(TA1220_create_key_pair_RSA_already_exists, UserEnv)
{
test_positive(&ManagerAsync::saveKey, "alias_prv", keys[RSA][0].prv, Policy());
test_negative(&ManagerAsync::createKeyPairRSA,
Policy());
}
-RUNNER_TEST(TA1250_create_key_pair_rsa_positive, UserEnv)
+RUNNER_TEST(TA1250_create_key_pair_RSA_positive, UserEnv)
{
test_positive(&ManagerAsync::createKeyPairRSA,
1024,
}
// createKeyPairDSA
-RUNNER_TEST(TA1270_create_key_pair_dsa_invalid_param, UserEnv)
+RUNNER_TEST(TA1270_create_key_pair_DSA_invalid_param, UserEnv)
{
test_no_observer(&ManagerAsync::createKeyPairDSA,
1024,
Policy());
}
-RUNNER_TEST(TA1280_create_key_pair_dsa_already_exists, UserEnv)
+RUNNER_TEST(TA1280_create_key_pair_DSA_already_exists, UserEnv)
{
test_positive(&ManagerAsync::saveKey, "alias_prv", keys[DSA][0].prv, Policy());
test_negative(&ManagerAsync::createKeyPairDSA,
Policy());
}
-RUNNER_TEST(TA1290_create_key_pair_dsa_positive, UserEnv)
+RUNNER_TEST(TA1290_create_key_pair_DSA_positive, UserEnv)
{
test_positive(&ManagerAsync::createKeyPairDSA,
1024,
}
// createKeyPairECDSA
-RUNNER_TEST(TA1310_create_key_pair_ecdsa_invalid_param, UserEnv)
+RUNNER_TEST(TA1310_create_key_pair_ECDSA_invalid_param, UserEnv)
{
test_no_observer(&ManagerAsync::createKeyPairECDSA,
ElipticCurve::prime192v1,
Policy());
}
-RUNNER_TEST(TA1320_create_key_pair_ecdsa_already_exists, UserEnv)
+RUNNER_TEST(TA1320_create_key_pair_ECDSA_already_exists, UserEnv)
{
test_positive(&ManagerAsync::saveKey, "alias_prv", keys[ECDSA][0].prv, Policy());
test_negative(&ManagerAsync::createKeyPairECDSA,
Policy());
}
-RUNNER_TEST(TA1350_create_key_pair_ecdsa_positive, UserEnv)
+RUNNER_TEST(TA1350_create_key_pair_ECDSA_positive, UserEnv)
{
test_positive(&ManagerAsync::createKeyPairECDSA,
ElipticCurve::prime192v1,
aliasWithLabel(TEST_LABEL, "alias_pub") });
}
+// createKeyAES
+RUNNER_TEST(TA1360_create_key_AES_invalid_param, UserEnv)
+{
+ test_invalid_param(&ManagerAsync::createKeyAES,
+ 147,
+ "alias_AES",
+ Policy());
+}
+
+RUNNER_TEST(TA1370_create_key_AES_already_exists, UserEnv)
+{
+ test_positive(&ManagerAsync::saveKey, "alias_AES", keys[AES][0].prv, Policy());
+ test_negative(&ManagerAsync::createKeyAES,
+ CKM_API_ERROR_DB_ALIAS_EXISTS,
+ 256,
+ "alias_AES",
+ Policy());
+}
+
+RUNNER_TEST(TA1380_create_key_AES_positive, UserEnv)
+{
+ test_positive(&ManagerAsync::createKeyAES,
+ 256,
+ "alias_AES",
+ Policy());
+
+ test_check_aliases(&ManagerAsync::getKeyAliasVector, { aliasWithLabel(TEST_LABEL, "alias_AES")});
+}
// getCertificateChain
RUNNER_TEST(TA1410_get_certificate_chain_invalid_param, UserEnv)
RUNNER_TEST_GROUP_INIT (T302_CKMC_QUICK_SET_GET_TESTS_C_API);
-RUNNER_TEST(T3021_init_C_API)
+RUNNER_TEST(T30201_init_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3022_key_C_API)
+RUNNER_TEST(T30202_RSA_key_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3023_certificate_C_API)
+RUNNER_TEST(T30203_AES_key_C_API)
+{
+ int temp;
+ CKM::Alias alias = sharedDatabase("my_AES_key");
+ size_t key_length = 192;
+
+ ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
+ ckmc_key_s *test_key2;
+ ckmc_policy_s test_policy;
+ test_policy.password = NULL;
+ test_policy.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), NULL, &test_key2)),
+ CKMCReadableError(temp));
+
+ compare_AES_keys(test_key, test_key2);
+ ckmc_key_free(test_key);
+ ckmc_key_free(test_key2);
+}
+
+RUNNER_TEST(T30204_certificate_C_API)
{
int temp;
ckmc_cert_free(cert2);
}
-RUNNER_TEST(T3024_certificate_remove_C_API)
+RUNNER_TEST(T30205_certificate_remove_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3025_certificate_list_C_API)
+RUNNER_TEST(T30206_certificate_list_C_API)
{
int temp;
}
-RUNNER_CHILD_TEST(T3026_user_app_save_key_C_API)
+RUNNER_CHILD_TEST(T30207_user_app_save_RSA_key_C_API)
{
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
// RUNNER_ASSERT_MSG(
// key.getDER() == key2.getDER(), "Key value has been changed by service");
+
+ delete [] char_keypem;
+}
+
+RUNNER_CHILD_TEST(T30208_user_app_save_AES_key_C_API)
+{
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ const char* password = NULL;
+ size_t key_length = 192;
+ CKM::Alias alias = "my_AES_key";
+
+ ckmc_key_s *test_key = generate_AES_key(key_length, password);
+ ckmc_key_s *test_key2;
+ ckmc_policy_s test_policy;
+ test_policy.password = const_cast<char *>(password);
+ test_policy.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
+ CKMCReadableError(temp));
+
+ compare_AES_keys(test_key, test_key2);
+ ckmc_key_free(test_key);
+ ckmc_key_free(test_key2);
}
-RUNNER_CHILD_TEST(T3027_app_user_save_keys_exportable_flag)
+RUNNER_CHILD_TEST(T30209_user_app_save_AES_key_passwd_C_API)
+{
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int temp;
+ const char* password = "x";
+ size_t key_length = 192;
+ CKM::Alias alias = "my_AES_key-2";
+
+ ckmc_key_s *test_key = generate_AES_key(key_length, password);
+ ckmc_policy_s test_policy;
+ test_policy.password = const_cast<char *>(password);
+ test_policy.extractable = 1;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_INVALID_PARAMETER == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
+ CKMCReadableError(temp));
+ ckmc_key_free(test_key);
+}
+
+RUNNER_CHILD_TEST(T30210_app_user_save_RSA_keys_exportable_flag)
{
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
test_key.raw_key = (unsigned char *)char_keypem;
test_key.key_size = keyPem.length();
test_key.key_type = CKMC_KEY_RSA_PUBLIC;
- test_key.password = password;
+ test_key.password = NULL;
test_policy.password = password;
test_policy.extractable = 0;
CKMCReadableError(temp));
}
+RUNNER_CHILD_TEST(T30211_app_user_save_AES_keys_exportable_flag)
+{
+ AccessProvider ap("mylabel");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-RUNNER_TEST(T3028_certificate_with_DSA_key_C_API)
+ int temp;
+ const char* password = NULL;
+ size_t key_length = 256;
+ CKM::Alias alias = "my_AES_key-3";
+
+ ckmc_key_s *test_key = generate_AES_key(key_length, password);
+ ckmc_key_s *test_key2;
+ ckmc_policy_s test_policy;
+ test_policy.password = const_cast<char *>(password);
+ test_policy.extractable = 0;
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(alias.c_str(), *test_key, test_policy)),
+ CKMCReadableError(temp));
+ ckmc_key_free(test_key);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NOT_EXPORTABLE == (temp = ckmc_get_key(alias.c_str(), password, &test_key2)),
+ CKMCReadableError(temp));
+}
+
+RUNNER_TEST(T30212_certificate_with_DSA_key_C_API)
{
int temp;
ckmc_cert_free(cert2);
}
-RUNNER_TEST(T3029_deinit_C_API)
+RUNNER_TEST(T30213_deinit_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3032_save_keys_get_alias_C_API)
+RUNNER_TEST(T3032_save_asymmetric_keys_get_alias_C_API)
{
int temp;
}
-RUNNER_TEST(T3033_remove_key_C_API)
+RUNNER_TEST(T3033_remove_asymmetric_key_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_TEST(T3034_deinit_C_API)
+RUNNER_TEST(T3034_save_symmetric_keys_get_alias_C_API)
+{
+ int temp;
+ size_t key_length = 128;
+ ckmc_key_s *test_key = generate_AES_key(key_length, NULL);
+ ckmc_policy_s test_policy1, test_policy2, test_policy3;
+ test_policy1.password = NULL;
+ test_policy1.extractable = 1;
+
+ test_policy2.password = NULL;
+ test_policy2.extractable = 1;
+
+ test_policy3.password = NULL;
+ test_policy3.extractable = 1;
+
+ int current_aliases_num = count_aliases(ALIAS_KEY);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key1").c_str(), *test_key, test_policy1)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key2").c_str(), *test_key, test_policy2)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(sharedDatabase("AES_key3").c_str(), *test_key, test_policy3)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+3) == (temp = count_aliases(ALIAS_KEY)),
+ "Error: expecting " << (current_aliases_num+3) << " aliases, while found " << temp);
+
+ ckmc_key_free(test_key);
+}
+
+
+RUNNER_TEST(T3035_remove_symmetric_key_C_API)
+{
+ int temp;
+
+ ckmc_key_s *test_key2;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key1").c_str(), NULL, &test_key2)),
+ CKMCReadableError(temp));
+ validate_AES_key(test_key2);
+ ckmc_key_free(test_key2);
+
+ // actual test - remove middle item
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_remove_key(sharedDatabase("AES_key2").c_str())),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_DB_ALIAS_UNKNOWN == (temp = ckmc_get_key(sharedDatabase("AES_key2").c_str(), NULL, &test_key2)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(sharedDatabase("AES_key3").c_str(), NULL, &test_key2)),
+ CKMCReadableError(temp));
+ validate_AES_key(test_key2);
+ ckmc_key_free(test_key2);
+
+}
+
+RUNNER_TEST(T3036_deinit_C_API)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T3052_CAPI_create_rsa_key)
+RUNNER_CHILD_TEST(T3052_CAPI_create_RSA_key)
{
int temp;
CKMCReadableError(temp));
}
-RUNNER_CHILD_TEST(T3053_CAPI_create_dsa_key)
+RUNNER_CHILD_TEST(T3053_CAPI_create_DSA_key)
{
int temp;
}
-RUNNER_TEST(T3054_CAPI_deinit)
+RUNNER_CHILD_TEST(T3054_CAPI_create_AES_key)
+{
+ int temp;
+ size_t size = 128;
+ CKM::Alias key_alias = sharedDatabase("AES-gen-test-1");
+ ckmc_policy_s policy_key;
+
+ policy_key.password = NULL;
+ policy_key.extractable = 1;
+
+ int current_aliases_num = count_aliases(ALIAS_KEY);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_key_aes(size, key_alias.c_str(), policy_key)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+1) == (temp = count_aliases(ALIAS_KEY)),
+ "Error: expecting " << (current_aliases_num+2) << " aliases, while found " << temp);
+
+ ckmc_key_s *get_AES_key = 0;
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_get_key(key_alias.c_str(), policy_key.password, &get_AES_key)),
+ CKMCReadableError(temp));
+ validate_AES_key(get_AES_key);
+ ckmc_key_free(get_AES_key);
+}
+
+
+RUNNER_TEST(T3055_CAPI_deinit)
{
int temp;
Alias rsa_pub_alias = sharedDatabase("rsa-public-T2002");
Alias ecdsa_pri_alias = sharedDatabase("ecdsa-private-T2002");
Alias ecdsa_pub_alias = sharedDatabase("ecdsa-public-T2002");
+Alias aes_alias = sharedDatabase("aes-T2002");
+size_t aes_length = 128;
void save_keys()
{
Policy(Password(), true),
Policy(Password(), true))),
"Error=" << ErrorToString(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyAES(
+ aes_length,
+ aes_alias,
+ Policy(Password(), true))),
+ "Error=" << ErrorToString(temp));
}
void read_key(ManagerShPtr& manager, const Alias& alias, int expected) {
read_key(manager, rsa_pri_alias, expected);
read_key(manager, ecdsa_pri_alias, expected);
+ read_key(manager, aes_alias, expected);
}
void update_cc_mode()
*/
#include <string>
#include <fstream>
-
#include <sys/smack.h>
#include <ckmc/ckmc-type.h>
#include <ckm-common.h>
#include <ckmc/ckmc-control.h>
#include <ckmc/ckmc-manager.h>
#include <service_manager.h>
+#include <fcntl.h>
#include <unistd.h>
+void generate_random(size_t random_bytes, char *output)
+{
+ RUNNER_ASSERT(random_bytes>0 && output);
+
+ std::ifstream is("/dev/urandom", std::ifstream::binary);
+ RUNNER_ASSERT_MSG(is, "Failed to read /dev/urandom");
+ is.read(output, random_bytes);
+ if(static_cast<std::streamsize>(random_bytes) != is.gcount()) {
+ RUNNER_ASSERT_MSG(false,
+ "Not enough bytes read from /dev/urandom: " << random_bytes << "!=" <<
+ is.gcount());
+ }
+}
+
const char* SERVICE[] = {
"central-key-manager-listener.service",
"central-key-manager.service" };
return aliasWithLabel(ckmc_label_shared_owner, alias.c_str());
}
-ckmc_raw_buffer_s* createRandomBuffer(size_t len)
+ckmc_raw_buffer_s* createRandomBufferCAPI(size_t random_bytes)
{
ckmc_raw_buffer_s* buffer = NULL;
- char* data = static_cast<char*>(malloc(len*sizeof(char)));
- std::ifstream is("/dev/urandom", std::ifstream::binary);
- RUNNER_ASSERT_MSG(is, "Failed to read /dev/urandom");
- is.read(data, len);
- if(static_cast<std::streamsize>(len) != is.gcount()) {
- free(data);
- RUNNER_ASSERT_MSG(false,
- "Not enough bytes read from /dev/urandom: " << len << "!=" <<
- is.gcount());
- }
- int ret = ckmc_buffer_new(reinterpret_cast<unsigned char*>(data), len, &buffer);
+ char* data = static_cast<char*>(malloc(random_bytes*sizeof(char)));
+ RUNNER_ASSERT(data);
+ generate_random(random_bytes, data);
+ int ret = ckmc_buffer_new(reinterpret_cast<unsigned char*>(data), random_bytes, &buffer);
RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Buffer creation failed: " << CKMCErrorToString(ret));
return buffer;
}
+CKM::RawBuffer createRandomBuffer(size_t random_bytes)
+{
+ char buffer[random_bytes];
+ generate_random(random_bytes, buffer);
+ return CKM::RawBuffer(buffer, buffer + random_bytes);
+}
+
+ckmc_key_s *generate_AES_key(size_t lengthBits, const char *passwd)
+{
+ ckmc_key_s *retval = reinterpret_cast<ckmc_key_s *>(malloc(sizeof(ckmc_key_s)));
+ RUNNER_ASSERT(retval != NULL);
+
+ RUNNER_ASSERT(lengthBits%8 == 0);
+ char *char_key_AES = reinterpret_cast<char*>(malloc(lengthBits/8));
+ RUNNER_ASSERT(char_key_AES != NULL);
+ generate_random(lengthBits/8, char_key_AES);
+
+ retval->raw_key = reinterpret_cast<unsigned char *>(char_key_AES);
+ retval->key_size = lengthBits/8;
+ retval->key_type = CKMC_KEY_AES;
+ retval->password = passwd?strdup(passwd):NULL;
+
+ return retval;
+}
+
+void validate_AES_key(ckmc_key_s *analyzed)
+{
+ RUNNER_ASSERT_MSG(analyzed, "provided key is NULL");
+ RUNNER_ASSERT_MSG(analyzed->raw_key != NULL, "provided key is empty");
+ RUNNER_ASSERT_MSG(analyzed->key_size==(128/8) ||
+ analyzed->key_size==(192/8) ||
+ analyzed->key_size==(256/8), "provided key length is invalid");
+ RUNNER_ASSERT_MSG(analyzed->key_type = CKMC_KEY_AES, "expected AES key, while got: " << analyzed->key_type);
+}
+
+void compare_AES_keys(ckmc_key_s *first, ckmc_key_s *second)
+{
+ validate_AES_key(first);
+ validate_AES_key(second);
+ RUNNER_ASSERT_MSG(
+ (first->key_size==second->key_size) &&
+ (memcmp(first->raw_key, second->raw_key, first->key_size)==0),
+ "data has been modified in key manager");
+ // bypassing password intentionally
+}
+
ParamListPtr createParamListPtr()
{
ckmc_param_list_s* list = NULL;
} alias_type_;
size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count = 0);
std::string sharedDatabase(const CKM::Alias & alias);
+CKM::RawBuffer createRandomBuffer(size_t random_bytes);
+ckmc_raw_buffer_s* createRandomBufferCAPI(size_t random_bytes);
+
+ckmc_key_s *generate_AES_key(size_t lengthBits, const char *passwd);
+void validate_AES_key(ckmc_key_s *analyzed);
+void compare_AES_keys(ckmc_key_s *first, ckmc_key_s *second); // true if equal
// Test env class for database cleanup. Pass database uids to cleanup before and after test
template <uid_t ...Args>
}
};
-ckmc_raw_buffer_s* createRandomBuffer(size_t len);
-
typedef std::shared_ptr<ckmc_raw_buffer_s> RawBufferPtr;
typedef std::shared_ptr<ckmc_param_list_s> ParamListPtr;
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1041_create_rsa_key)
+RUNNER_CHILD_TEST(T1041_create_RSA_key)
{
int temp;
auto manager = CKM::Manager::create();
"Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
}
-RUNNER_CHILD_TEST(T1042_create_rsa_key_foreign_label)
+RUNNER_CHILD_TEST(T1042_create_RSA_key_foreign_label)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_CHILD_TEST(T1043_create_dsa_key)
+RUNNER_CHILD_TEST(T1043_create_DSA_key)
{
int temp;
auto manager = CKM::Manager::create();
"Vector size: " << temp << ". Expected: " << (current_aliases_num+2));
}
+RUNNER_CHILD_TEST(T1044_create_AES_key)
+{
+ int temp;
+ auto manager = CKM::Manager::create();
+ CKM::AliasVector av;
+
+ AccessProvider ap("mylabel-aes");
+ ap.allowAPI("key-manager::api-storage", "rw");
+ ap.applyAndSwithToUser(USER_APP, GROUP_APP);
+
+ int current_aliases_num = count_aliases(ALIAS_KEY);
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->createKeyAES(128, CKM::Alias("KEY1_AES"), CKM::Policy())),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ CKM_API_SUCCESS == (temp = manager->getKeyAliasVector(av)),
+ "Error=" << CKM::ErrorToString(temp));
+ RUNNER_ASSERT_MSG(
+ (current_aliases_num+1) == (temp = av.size()),
+ "Vector size: " << temp << ". Expected: " << (current_aliases_num+1));
+}
+
RUNNER_TEST(T1049_deinit)
{
remove_user_data(USER_APP);
/*
* These test cases tests API when damaged keys are used
*/
-RUNNER_TEST(T12114_rsa_key_damaged)
+RUNNER_TEST(T12114_RSA_key_damaged)
{
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12115_rsa_key_too_short)
+RUNNER_TEST(T12115_RSA_key_too_short)
{
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12116_dsa_key_too_short)
+RUNNER_TEST(T12116_DSA_key_too_short)
{
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
"Error=" << CKM::ErrorToString(ret));
}
+RUNNER_TEST(T12117_AES_key_too_short)
+{
+ int ret;
+ auto manager = CKM::Manager::create();
+
+ size_t key_size = (128-1);
+ CKM::RawBuffer key_AES = createRandomBuffer(key_size/8);
+
+ auto key = CKM::Key::create(key_AES);
+ CKM::Alias alias = "short-AES";
+
+ RUNNER_ASSERT_MSG(
+ CKM_API_ERROR_INPUT_PARAM == (ret = manager->saveKey(alias, key, CKM::Policy())),
+ "Error=" << CKM::ErrorToString(ret));
+}
/*
* These test cases tests CKM service if malicious data is provided over the socket.
*/
-RUNNER_TEST(T12117_rsa_key_damaged_serviceTest)
+RUNNER_TEST(T12118_RSA_key_damaged_serviceTest)
{
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
"Error=" << CKM::ErrorToString(ret));
}
-RUNNER_TEST(T12118_saveCertificate_damaged_serviceTest)
+RUNNER_TEST(T12119_saveCertificate_damaged_serviceTest)
{
ScopedAccessProvider ap("mylabel");
ap.allowAPI("key-manager::api-storage", "rw");
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T12119_deinit)
+RUNNER_TEST(T12120_deinit)
{
remove_user_data(USER_APP);
}
remove_user_data(0);
}
-RUNNER_TEST(T1412_rsa_key_create_verify)
+RUNNER_TEST(T1412_RSA_key_create_verify)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1413_dsa_key_create_verify)
+RUNNER_TEST(T1413_DSA_key_create_verify)
{
int temp;
auto manager = CKM::Manager::create();
}
-RUNNER_TEST(T1414_ec_key_create_verify)
+RUNNER_TEST(T1414_ECDSA_key_create_verify)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1415_rsa_key_create_verify_negative)
+RUNNER_TEST(T1415_RSA_key_create_verify_negative)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1416_dsa_key_create_verify_negative)
+RUNNER_TEST(T1416_DSA_key_create_verify_negative)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1417_rsa_cert_create_verify_signature)
+RUNNER_TEST(T1417_RSA_cert_create_verify_signature)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1418_dsa_cert_create_verify_signature)
+RUNNER_TEST(T1418_DSA_cert_create_verify_signature)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T1419_ecdsa_cert_create_verify_signature)
+RUNNER_TEST(T1419_ECDSA_cert_create_verify_signature)
{
int temp;
auto manager = CKM::Manager::create();
}
-RUNNER_TEST(T14181_rsa_create_signatue_nohash)
+RUNNER_TEST(T14181_RSA_create_signatue_nohash)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T14182_rsa_create_signatue_nohash_nopad)
+RUNNER_TEST(T14182_RSA_create_signatue_nohash_nopad)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T14183_rsa_create_signatue_nohash_bigmsg)
+RUNNER_TEST(T14183_RSA_create_signatue_nohash_bigmsg)
{
int temp;
auto manager = CKM::Manager::create();
}
-RUNNER_TEST(T14184_ec_create_signatue_nohash)
+RUNNER_TEST(T14184_ECDSA_create_signatue_nohash)
{
int temp;
auto manager = CKM::Manager::create();
"Error=" << CKM::ErrorToString(temp));
}
-RUNNER_TEST(T14185_ec_create_signatue_nohash_bigmsg)
+RUNNER_TEST(T14185_ECDSA_create_signatue_nohash_bigmsg)
{
int temp;
auto manager = CKM::Manager::create();