CKM::Alias aes256_key_alias = "aes256-key";
CKM::Alias aes128_key_first_alias = "aes128-first-key";
CKM::Alias aes128_key_second_alias = "aes128-second-key";
+CKM::Alias ec_private_key_alias = "ec-priv-alias";
+CKM::Alias ec_public_key_alias = "ec-pub-alias";
+CKM::Alias ec_derived_secret = "ec-derived-secret";
const ckmc_policy_s UNEXPORTABLE { nullptr, false };
const ckmc_policy_s EXPORTABLE { nullptr, true };
return derive_params;
}
+RawBufferPtr getPublicKey(CKM::Alias public_key_alias)
+{
+ ckmc_key_s *public_key = nullptr;
+ assert_positive(ckmc_get_key, public_key_alias.c_str(), "", &public_key);
+
+ ckmc_raw_buffer_s* public_key_buffer = nullptr;
+ assert_positive(ckmc_buffer_new, public_key->raw_key, public_key->key_size, &public_key_buffer);
+ ckmc_key_free(public_key);
+
+ return create_raw_buffer(public_key_buffer);
+}
+
+ParamListPtr getDefaultECDHParams(CKM::Alias public_key_alias) {
+ ParamListPtr params = createParamListPtr();
+ setParam(params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_ECDH);
+ RawBufferPtr public_key = getPublicKey(public_key_alias);
+ setParam(params, CKMC_PARAM_ECDH_PUBKEY, public_key.get());
+ return params;
+}
+
void assert_encaps_decaps_positive(ParamListPtr params,
CKM::Alias private_key_alias,
CKM::Alias public_key_alias,
ckmc_remove_alias(aes256_key_alias.c_str());
ckmc_remove_alias(aes128_key_first_alias.c_str());
ckmc_remove_alias(aes128_key_second_alias.c_str());
+ ckmc_remove_alias(ec_private_key_alias.c_str());
+ ckmc_remove_alias(ec_public_key_alias.c_str());
+ ckmc_remove_alias(ec_derived_secret.c_str());
}
};
ckmc_key_free(aes_key_first_part);
ckmc_key_free(aes_key_second_part);
}
+
+RUNNER_TEST(KEM_derive_hybrid_ecdh_pqc, KemDeriveHybridFixture)
+{
+ assert_positive(ckmc_create_key_pair_ecdsa,
+ CKMC_EC_PRIME192V1,
+ ec_private_key_alias.c_str(),
+ ec_public_key_alias.c_str(),
+ UNEXPORTABLE,
+ EXPORTABLE);
+
+ auto ecdhParams = getDefaultECDHParams(ec_public_key_alias);
+ assert_positive(ckmc_key_derive,
+ ecdhParams.get(),
+ ec_private_key_alias.c_str(),
+ nullptr,
+ ec_derived_secret.c_str(),
+ UNEXPORTABLE);
+
+ assert_positive(ckmc_key_derive_hybrid,
+ derive_params.get(),
+ ec_derived_secret.c_str(),
+ nullptr,
+ encapsulated_secret_alias.c_str(),
+ PASSWORD,
+ derived_secret_alias.c_str(),
+ UNEXPORTABLE);
+
+ assert_positive(ckmc_key_derive_hybrid,
+ derive_params.get(),
+ ec_derived_secret.c_str(),
+ nullptr,
+ decapsulated_secret_alias.c_str(),
+ nullptr,
+ derived_secret_alias_second.c_str(),
+ UNEXPORTABLE);
+
+ ckmc_raw_buffer_s *encrypted = nullptr;
+ ckmc_raw_buffer_s *decrypted = nullptr;
+ ckmc_raw_buffer_s *dataToEncrypt = createRandomBufferCAPI(32);
+ ParamListPtr params = getDefaultParams(AES_CBC_ALGO);
+ assert_positive(ckmc_encrypt_data,
+ params.get(),
+ derived_secret_alias.c_str(),
+ nullptr,
+ *dataToEncrypt,
+ &encrypted);
+
+ assert_positive(ckmc_decrypt_data,
+ params.get(),
+ derived_secret_alias_second.c_str(),
+ nullptr,
+ *encrypted,
+ &decrypted);
+
+ assert_buffers_equal(dataToEncrypt, decrypted);
+
+ ckmc_buffer_free(dataToEncrypt);
+ ckmc_buffer_free(encrypted);
+ ckmc_buffer_free(decrypted);
+}
\ No newline at end of file
projects / platform / core / test / security-tests.git / commitdiff