Add tests for different OAEP hashes

author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Mon, 25 Sep 2023 09:52:51 +0000 (11:52 +0200)

committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Wed, 11 Oct 2023 09:27:36 +0000 (11:27 +0200)
author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Mon, 25 Sep 2023 09:52:51 +0000 (11:52 +0200)
committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Wed, 11 Oct 2023 09:27:36 +0000 (11:27 +0200)
diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp

index 3da42d26f13de0937edc6b216ef1d68c89333160..10e23e240bfcd2f5e8dcd0dd38ad3d54c215ee7c 100644 (file)
--- a/src/ckm/unprivileged/encryption-decryption.cpp
+++ b/src/ckm/unprivileged/encryption-decryption.cpp
@@ -1488,6 +1488,74 @@ RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv)
      testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 4096}, 471);
  }
  
+RUNNER_TEST_MULTIPLE(TED_1360_rsa_different_hashes, SyncEnv, AsyncEnv)
+{
+    // prepare buffers
+    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(126));
+    ckmc_raw_buffer_s* decrypted = nullptr;
+    ckmc_raw_buffer_s* encrypted = nullptr;
+    KeyAliasPair aliases = getKey({CKMC_ALGO_RSA_OAEP, 2048}, PRIMARY);
+
+    ckmc_param_list_h handle = NULL;
+    assert_positive(ckmc_generate_new_params, CKMC_ALGO_RSA_OAEP, &handle);
+    auto params = ParamListPtr(handle, ckmc_param_list_free);
+
+    auto checkHash = [&](ckmc_hash_algo_e hash) {
+        setParam(params, CKMC_PARAM_ED_OAEP_HASH, static_cast<uint64_t>(hash));
+
+        assert_crypto_positive(apiEncrypt,
+                               params.get(),
+                               aliases.pub.c_str(),
+                               nullptr,
+                               *plain.get(),
+                               &encrypted);
+
+        auto encryptedPtr = create_raw_buffer(encrypted);
+
+        assert_crypto_positive(apiDecrypt,
+                               params.get(),
+                               aliases.prv.c_str(),
+                               nullptr,
+                               *encrypted,
+                               &decrypted);
+        auto tmp = create_raw_buffer(decrypted);
+
+        assert_buffers_equal(plain.get(), decrypted);
+    };
+    checkHash(CKMC_HASH_SHA1);
+    checkHash(CKMC_HASH_SHA256);
+}
+
+RUNNER_TEST_MULTIPLE(TED_1370_rsa_invalid_hashes, SyncEnv, AsyncEnv)
+{
+    // prepare buffers
+    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(126));
+
+    // encrypt
+    ckmc_raw_buffer_s* encrypted = nullptr;
+    KeyAliasPair aliases = getKey({CKMC_ALGO_RSA_OAEP, 2048}, PRIMARY);
+
+    ckmc_param_list_h handle = NULL;
+    assert_positive(ckmc_generate_new_params, CKMC_ALGO_RSA_OAEP, &handle);
+    auto params = ParamListPtr(handle, ckmc_param_list_free);
+
+    auto hashInvalid = [&](ckmc_hash_algo_e hash){
+        setParam(params, CKMC_PARAM_ED_OAEP_HASH, static_cast<uint64_t>(hash));
+
+        assert_crypto_result(EncryptionError::INVALID_PARAM,
+                             apiEncrypt,
+                             params.get(),
+                             aliases.pub.c_str(),
+                             nullptr,
+                             *plain.get(),
+                             &encrypted);
+    };
+
+    hashInvalid(CKMC_HASH_NONE);
+    hashInvalid(CKMC_HASH_SHA384);
+    hashInvalid(CKMC_HASH_SHA512);
+}
+
  /////////////////////////////////////////
  // Asynchronous only tests
  /////////////////////////////////////////
diff --git a/src/ckm/unprivileged/key-wrapping.cpp b/src/ckm/unprivileged/key-wrapping.cpp

index 2a5efb6d2c865e95273a1f6c4df6589b5d36cc43..830469edadda32890598cba9a83f82a7259b2375 100644 (file)
--- a/src/ckm/unprivileged/key-wrapping.cpp
+++ b/src/ckm/unprivileged/key-wrapping.cpp
@@ -363,6 +363,33 @@ void testImportValidArgs(const Algo &algo,
         ckmc_remove_key(IMPORTED_ALIAS.c_str());
  }
  
+void testImportRSAHashes(int buffLen,
+                                                const Alias &wrappingKeyAlias,
+                                                const Alias &unwrappingKeyAlias){
+       ParamListPtr params = getDefaultParams({CKMC_ALGO_RSA_OAEP, 0});
+
+       auto test = [&]{
+               RawBufferPtr plainKey = encryptAndImport(params,
+                                       buffLen,
+                                       wrappingKeyAlias,
+                                       nullptr,
+                                       unwrappingKeyAlias,
+                                       nullptr,
+                                       IMPORTED_ALIAS.c_str(),
+                                       UNEXPORTABLE);
+
+               assert_aes_key_value(IMPORTED_ALIAS, nullptr, plainKey);
+
+               ckmc_remove_key(IMPORTED_ALIAS.c_str());
+       };
+
+       test();
+       setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_SHA1);
+       test();
+       setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_SHA256);
+       test();
+}
+
  void testBadWrappedKey(const Algo &algo){
         ParamListPtr params = getDefaultParams(algo);
         ckmc_key_s *wrongKey = generate_AES_key(128, nullptr);
@@ -1127,6 +1154,12 @@ RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_4096){
         testImportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PRV_ALIAS);
  }
  
+RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_DIFFERENT_HASH){
+       // 1024 is too short for SHA512 hash
+       testImportRSAHashes(16, RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PRV_ALIAS);
+       testImportRSAHashes(16, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PRV_ALIAS);
+}
+
  RUNNER_TEST(TKW_RSAOAEP_INVALID_BUFF_LENGTH){
         testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PRV_ALIAS);
         testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PRV_ALIAS);
@@ -1139,6 +1172,27 @@ RUNNER_TEST(TKW_RSAOAEP_INVALID_BUFF_LENGTH){
         testImportInvalidBuffLen(RSA_OAEP_ALGO, 82, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PRV_ALIAS);
  }
  
+RUNNER_TEST(TKW_RSAOAEP_EXPORT_INVALID_HASH){
+       ParamListPtr params = getDefaultParams(RSA_OAEP_ALGO);
+       ckmc_key_s *wrappedKey = nullptr;
+
+       auto checkHash = [&](ckmc_hash_algo_e hash){
+               setParam(params, CKMC_PARAM_ED_OAEP_HASH, hash);
+
+               assert_invalid_param(ckmc_export_wrapped_key,
+                                       params.get(),
+                                       RSA_KEY_1024_PUB_ALIAS.c_str(),
+                                       nullptr,
+                                       AES_KEY_128_ALIAS.c_str(),
+                                       nullptr,
+                                       &wrappedKey);
+       };
+
+       checkHash(CKMC_HASH_NONE);
+       checkHash(CKMC_HASH_SHA384);
+       checkHash(CKMC_HASH_SHA512);
+}
+
  RUNNER_TEST(TKW_WRONG_TYPE_WRAPPING_KEY){
         testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PUB_ALIAS);
         testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PUB_ALIAS);
author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Mon, 25 Sep 2023 09:52:51 +0000 (11:52 +0200)
committer	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Wed, 11 Oct 2023 09:27:36 +0000 (11:27 +0200)
src/ckm/unprivileged/encryption-decryption.cpp		patch \| blob \| history
src/ckm/unprivileged/key-wrapping.cpp		patch \| blob \| history