CKM: test for encrypted initial values 00/42500/17
authorMaciej J. Karpiuk <m.karpiuk2@samsung.com>
Mon, 29 Jun 2015 10:23:02 +0000 (12:23 +0200)
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Tue, 24 Nov 2015 12:15:19 +0000 (04:15 -0800)
Change-Id: Ic395d86caff2649d2a4adb801007dc68d1cc502f

27 files changed:
src/ckm/CMakeLists.txt
src/ckm/XML_1_okay.xml
src/ckm/XML_2_okay.xml
src/ckm/XML_3_wrong.xml
src/ckm/device_key.xml [new file with mode: 0644]
src/ckm/initial-values.cpp
src/ckm/keys/EIV/ascii_data [new file with mode: 0644]
src/ckm/keys/EIV/ascii_data.encrypted [new file with mode: 0644]
src/ckm/keys/EIV/cert.der [new file with mode: 0644]
src/ckm/keys/EIV/cert.der.encrypted [new file with mode: 0644]
src/ckm/keys/EIV/code.png [new file with mode: 0644]
src/ckm/keys/EIV/code.png.encrypted [new file with mode: 0644]
src/ckm/keys/EIV/device.priv [new file with mode: 0644]
src/ckm/keys/EIV/device.pub [new file with mode: 0644]
src/ckm/keys/EIV/encryption_AES_IV [new file with mode: 0644]
src/ckm/keys/EIV/encryption_AES_IV_cert [new file with mode: 0644]
src/ckm/keys/EIV/encryption_AES_IV_data_ASCII [new file with mode: 0644]
src/ckm/keys/EIV/encryption_AES_IV_data_PNG [new file with mode: 0644]
src/ckm/keys/EIV/encryption_AES_key [new file with mode: 0644]
src/ckm/keys/EIV/encryption_AES_key.encrypted [new file with mode: 0644]
src/ckm/keys/EIV/instructions.txt [new file with mode: 0644]
src/ckm/keys/EIV/test.der.priv [new file with mode: 0644]
src/ckm/keys/EIV/test.der.priv.enc [new file with mode: 0644]
src/ckm/keys/EIV/test.der.priv.enc.base64 [new file with mode: 0644]
src/ckm/keys/EIV/test.der.pub [new file with mode: 0644]
src/ckm/keys/EIV/test.priv [new file with mode: 0644]
src/ckm/keys/EIV/test.pub [new file with mode: 0644]

index b4f23b016fb3b2d06f79225f08fc49fcc3ac8570..d582601d6d2e0b9fa6367f16911ffeb43726acf9 100644 (file)
@@ -80,6 +80,7 @@ INSTALL(FILES
     XML_1_okay.xml
     XML_2_okay.xml
     XML_3_wrong.xml
+    device_key.xml
     DESTINATION /usr/share/ckm-test
     )
 
index d4b42c5695a1659ebd7008c9ef39a7ba881ff8a7..eace3d8921d61f3bfdfc3bbddddbc102ba1ce7d8 100644 (file)
@@ -1,5 +1,18 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd ">
+<InitialValues version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="initial_values.xsd">
+  <!-- if EncryptionKey present, the content is an AES key encrypted using device key.
+       The format is Base64(encrypt(AES_key_binary))
+       i.e.:
+           * RSA-OAEP encrypt AES key: openssl rsautl -encrypt -oaep -pubin -inkey device.pub -in encryption_AES_key -out encryption_AES_key.encrypted
+           * encode base64: openssl enc -base64 -in encryption_AES_key.encrypted -->
+  <EncryptionKey>
+      QL/5RW1VfS1uya04CWkVy1eykdhnRaTFiQ6Lcv0XFYhqgUKp6+PxxT1xjaz8TCVp
+      UcKorZayMPCuStRAylViZfxHFhXKR3awH+FcnGMZrhV6kORy39YCba0NGc5eAk3s
+      CBPYdRRiV7ejJSOI8n3zFjituVhHLcLuZB6xHvQQpQFFYV0BuF3BXfx6roP4+Olj
+      bZ1fYDrj8QIzqi3RV/ORGbl1BqHVRoMN/5XB+8oVKVn/EMRZPao4hnkV3pTI01Ss
+      Wid4fIHzBpi8rkkxr80/ym2BkeA/piaPNGOQtKjVfBOn/SuR2LQJreG6QbI6MYXC
+      ZVOanzc0euaenw1q9b+yEQ==
+  </EncryptionKey>
   <Key name="test-key1" type="RSA_PUB" password="123">
     <PEM>
       -----BEGIN PUBLIC KEY-----
     <Permission accessor="web_app1"/>
     <Permission accessor="web_app2"/>
   </Data>
-  <Key name="test-aes1" type="AES">
+  <Key name="test-aes1" type="AES" exportable="true">
     <Base64>
-      MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+      QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
     </Base64>
     <Permission accessor="web_app1"/>
     <Permission accessor="web_app2"/>
   </Key>
+  <!-- key below is encrypted using AES-CBC algorithm.
+     The key used is decrypted <EncryptionKey> provided above.
+     Encryption:
+       * encrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -e -in data -out data.enc
+  -->
+  <Key name="test-encryption-prv" type="RSA_PRV" exportable="true">
+    <EncryptedDER IV="X1RoaXNJc0lWRm9yQUVTXw==">
+      BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da
+      6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF
+      0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/
+      tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do
+      +iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY
+      xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v
+      FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8
+      vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r
+      54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy
+      Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz
+      wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo
+      j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s
+      bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14
+    </EncryptedDER>
+  </Key>
+  <Key name="test-encryption-pub" type="RSA_PUB" exportable="true">
+    <PEM>
+      -----BEGIN PUBLIC KEY-----
+      MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt
+      JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B
+      CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+
+      3Op0tEjy0jpmzeyNiQIDAQAB
+      -----END PUBLIC KEY-----
+    </PEM>
+  </Key>
+  <Cert name="test-encryption-certificate" exportable="true">
+    <!-- Note IV differs between items -->
+    <EncryptedDER IV="SVZkaWZmZXJzRnJJdGVtcw==">
+      pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw
+      /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv
+      l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7
+      XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2
+      /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d
+      osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU
+      2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf
+      TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e
+      ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL
+      oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG
+      ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ
+      tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos
+      kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC
+      DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo
+      LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO
+      XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi
+      4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk
+      a+r+N4lsYPKJbX2ywUvDHg==
+    </EncryptedDER>
+  </Cert>
+  <Data name="test-ascii-data-encryption" exportable="true">
+    <!-- this below decrypts to ASCII: "My secret data" -->
+    <EncryptedASCII IV="X19hbm90aGVyX0lWXzJfXw==">zuBDjp8ptFthrU69Ua5cfg==</EncryptedASCII>
+  </Data>
+  <Data name="test-binary-data-encryption" exportable="true">
+    <!-- this below decrypts to small PNG image -->
+    <EncryptedBinary IV="UE5HSVZQTkdJVlBOR0lWUA==">
+      weK/LmGIPHeNA2YipqJa4K1+KPkE/Jl5EtfJjzP5x5ZGhf/OOTYe+fj4p2Wx47AC
+      Nd/heOAi3MkFrwu5x+swFMIeQMCMzQpRbXeCvTEuTXWnmRMoyMbHlPd7Nnk9xooF
+      oYfbKhVd5DOcHN3pwc+5DQkrRy/XaD1faj3YR3JEYSfOLq4F6hLlj4U7rYJyyFuf
+      kSBOTAQOXs0q83cc2L7RaK7OzFJPKYJjDkVYIakpIHXUcvNrb2DrJ13se4pcX6Zk
+      KARviziVu4x9r7hTRErU8SNEWrO6E63oDfyetWvtymT17MEhRsRKS39zhrVLHzGy
+      iWx2Igh6eH6t4UNkMIHZvJW4j8hxdmbRwhQstXrVq7Uyne0B1Fl2w7Lpn48jYEq8
+      gaNlTZDzd8Pjz2ByrRq3/jln/xWnFwEY9oV/H53j6ctoJ2KUMiVYKej8anan8Fju
+      yO86HVEIYx++LblhqzuaqBhveVfB/feMYWpP8hi4AeWKcAGdM3L9QOYxbQ9OAOuC
+      Totu55NULkrzb5b+Rr+exTFpdEyic7sSEpBRV0vi6t/Lz72ebBq1oY3kn0dzZ6Ps
+      ia6ccITSdHW1MmW7cOkiA4XtyfvXtZtEJgmVnAnRrj4Qh0Oa9gxNOZrY/tlyyJod
+      v8JLYeBi3HRSlm2TME5hCHpBShVCRpkjLMQQ/nTPHvRNqr/BlPoXZg2FbJwreEzW
+      NZ2BaiKylRds5gnmmSnqnYUl4QtVSGsJPn8Hx0bNWwUeImjrXO9Nm01P8e5Iy+Ti
+      udxXTwpxZGyK2pbTs6EVxFY+fRF3SB4xcpup5fB6NHVPjiSrWABN848OReny3iS0
+      FXwimWaVzmA5Ppnfqx1HGopmhH++oZyKt8W/f8GbhOffON0Gg3bsewhysW5Rz+Rx
+      IAGqzV5RR1lOb+UKPBI2OPXqYUWZ9ipicSw1LC39olImBZbDmmxLDEjX5r+rg77h
+      ss0hG/6847KQybmemJ7zUVE2oxmic2fONpgjn3OLecOZpUY/5n/1cvN8utLBJ2nx
+      asan7zBT+nW5RjAny8pOyyV1Ux2qga/CyV46LajHJiFPokAAl6JnDYRmahtA5BM0
+      +jBvvnvSDGSM5qTh0EBLIN50WmN2TeEy/u2ZjuHFwJ41gtB6pARdJ1OT59+g5TcA
+      Ffc8twDzdbPbmWq8CGXVQHCvfS+2N2ECjwgnfVL1UZF69d5t9b5ysK17pU+ITPyI
+      Bxxde23I6U7sh2owrZgRAOVoA804flRg6g6rDJyVfu00oDkuui+Z/3RAsu6EiqiK
+      XISmLg236iumsxXcdAtOYyXn0nPZolsZnxzY2/bI0Df7rNSQ7RF5SSqhkFg1+OYT
+      gM4wMYYU0ts9jqr3ckJRWMRMdJxRsVVqSBo4fz8M5/dXMsOvGbLfnbwrqZSPCXrg
+      g+MX3QQdemmOgiEAGE+hxFBQMyQ6nIrDP061F4TVVhu4kGkZGxs/2W+CcQJT0aF8
+      DC0EwfEBVP8yq4ytCU7Js72KkA4YsK2udUsQF/90cuzPSgT8FPDEOzszKsLGuct4
+      T7Fj2Du1bVeVq4gPfdLgOdVRrZLab6vS5GFbli8UO0oAbM/Srxfh2Ghn4zS7Ol3q
+      MnwX36r3+KFNJYkBxCDMNEnj/QrSWpOlKo8LfAyGdvP/29CpmzPIGTUc1u8xZpJ0
+      CmFOaxjaAFJH3BjW625QbcicOnN02p0Pv00andcDNEO4k3b3MgW6yjkDBKqQ61dz
+      traH19g0fFa0pjXycMqy2uwq7PhLW0QqYt4Q7cfvWRMnAOwJqhHOGGyzEixB1U5c
+      q4d8izdqb0JacE6px+WJ44a530L1nhy2O5jpaKVQmNYIKTBM+HYVuHNWTWmnauKP
+      ag4q8G+9EI/SRp9wKoGy81W5GwonV3D6/4N9hnQfqqRKUrbrhWc9NcUciWKh4b1n
+      Om499jdDw+7qXipi3ggPCFq0H3b9CPkKMFh4Y/YDy1SvXEDSlwJ4bXXakOpVzW9t
+      gDxk/fvZ8AHrFAYzW1wiDFZ8H5ZnhgBMyfztLOYBbjr5YSGej++Sq0DYoOkrK4X3
+      7+2nMrrhqmlukI7ufoP+8nsJjHdQK8yoQYGmwEEw9QHLyupqPVIQrO/VDgSN+6mW
+      YsulTKW9wPhk6dvsSMOscLUdDiOTeK0jGH7Qa6QQwk/u/agHSPWh7qLpEICjKBxx
+      pOMbZ3mGqTXIj+7tG0yO1/y2UXE6JTIXiMEvMmdCEiRcz1RJ6xx/aBwC2//tfiys
+      nNMswTCXePtv5P9Zn+ibIiOhpm0napHopQcqmevn/DSkxSuDfwevae3bgEcJ1gN9
+      pkTnOm22CQzoGJY/b0wgNvxXdWhAAfeRhzpdh3V1C4dZEF8VXHDDt5gdjb0s1fNI
+      2LiSruLVdAWmRNX5mrkUFfBOzWwsN3D34pG2Vaj6GuH8mAoko68oy6fUdjCjZooY
+      hn+u5bGm1T8Mf/YYloTWg4hlOWIEfOiLP7nCdCgRdsg+y0Gi5MY04fS29SlfffUp
+      VUdLzQAij+a/wbBLJZMLzJiYeHv+pFY6m1SbMoUsDbAo4PTRaLHmMOFKa6s/hlka
+      lfN408DHSNs63Gd6s3W+Owe5hMccfKyRvWdNRVrXBe39I101Sci7GwWAvHhhS9EP
+      2HxxNyiwF1OCovnRHcm1b8Fcd42gbAveRVuFdI96dbFIeP0Z4I2gj+nk/yzlsG32
+      LYYzE9D4WR2zjrTyVnylsJN76lyvjvkYjMt7fPt7lFYz7QLdZX8riGxqeFmim6Sk
+      UQ4RXxw/ObCw4omILxvgigW+eAhgng63Yb9mRDOrqk/cL5XECiahSs3VWTjV9sy2
+      rNSPViWZW/LFOjuC3cT5rWEbc64cl0eKJTivEangOXxirRGW1ltTlzQo5kA933l/
+      sRMr2tBSrX/+LqfPWNA8UZWSdMBcc0oDvDGrpTUtLcor5kshYN7PPdaR9TAf8ikY
+      631mOef0HkQFsBUCFp9sr6QJD0/cfLlK5iLlyt+qFo2IgX2boddFwMtpYCt1+Uy1
+      H2u6FuItIfpRu9lZ7MZf24HGibGx5/fzTXjqGMObPOaoLxI4eh1GGhIfVqmT9ntv
+      e2xHoNH+tLxOHPRNHEkKRtJoB1HH20+mT6JzEdPNPmsdTcN4R0xjw0ZHTha2iBkt
+      ocGow+1nYgkoieq1QweEbbCbF71XtUpyMxMSd+BAPIJJReRGvt3mD9RZ54HqlczW
+      MA0LYe1rUX0Mh2Ic0x1rXZuo33PXcsKsUpfb+EIPhBjpx2vCNMiFPcM+F0NVh/PP
+      zgbdjlnHr6DXn3rut6Y9fTau6UY8BmeOjG4LcNzcvcHHr9/8jXyW9wWAYYVRUI3J
+      89/GR+YxW4WGuRBIV+wMkzBJmP7QDwAedSNBSAKa+08GKfJJRL2zIVgjffeBO+Un
+      TMTT7Q/a3bm+yekGsM6bchWTpY2ywdYQr936D55THonqCGlvPKyVHQaEa4U2eFDb
+      aIH84kP4olPCcC+TmWHBeBwMGvbW160hRCr3kSGY7hHcD0aXkdZPh1bYyWsIz/yS
+      eyUYCR+4Abu9lT1rTwHiSeo4YjNHOwQcfzBN9BwFUs6G1R81oC3qCwTYuJS2Eo09
+      +sii/oH/o/7VjvewMmUzDHVJ4iMa8yRXtfOObrM9MfsQ0p9GnP7UTG3VwleIenFZ
+      43DhvDl+kolw9phRuyCuCy7fSI8e7ejcQ3gSYWcIcgIIA5y/KdoCJDNdTjj3xDdo
+      p+hzg0OTjK57Fw286IVdzO5e5zznX0SPqXnZYncHHl2OmGZ+DT8ftkvD4BUJ74aO
+      fLsVwAZYJT1tSG2ymzu9yJR5p+hPTScpPi8HUDCnL4xL304Lmj3UfDauNJQcM/gT
+      mAJ/bfEtRqldMtN1EuH1TexvSkwkPrTUkryq2TYcw7vS72tNi+g6aZ7NdrQ8l4KZ
+      ZmrfwFnKNiVWus+zrffSDooEFZ3mj/vsFvV6fhw/Ni4QD1XAb0fJawUHvt0WHqZA
+      YnszBOzdmd8coJI17XbcwcP7DEoKIhLbPl1n0KNjL6j4EEoClwxZC+hAhi8kKMB3
+      aWj4zpeIExYST8NgtCz44SoBTv5U0iCR19mhdcTnafGyRK82dGiBNguk8//siUiC
+      jt3Aa7chapoiQNwZGDCmSrZOxOoxMYlBuPRVQqeokPinsw5rkLh8+arz1XRDyuTK
+      vQ+jttyIVA9OFI5+e/hN0ryn4GPbiCG5wV5SKweRUCcX9m8TK5u6A3rhMvlcls3T
+      INn9/XjCX6HhVGgZ47LSmcZ5ojtWzOKpad0v8qjD3z2BWzUlbalgYsdWrsRPSeDA
+      wiGpKbqb9u0S1e6hMmGyNa8UbzhYtJ/AQ0qh003YR7j+nlfJXffNkt2B4DkDdsG3
+      Alfhalwn5YUdcgm/6E+gnIg7JR4gXZhBL1R5SV1mzUgzyDEq5w2LBOx+TU33a3qf
+      ld0dJDJl0cG22n+GzQmm/6nPMnWX1ymK49h0tO9fLBLZsL8T1muo/PshhjhIv5VR
+      9ET5UN5I+9d0nHWAv2DjNwetyD3WGZDHnuq0mpti58xzkOr4jfYqy9qKwFk/coAu
+      Briwv8OJ2U5XEOuU/9fEL+NdYWkHga++oObyxJUU5Qgfs6OWUXERyPwzgXHkbDqm
+      q6+GP1AxBAP32zD0XyGUht1nl+L5qpnbOpISJjMMrl7wuKezWbFAE8VzQNbbp62O
+      eI1GEX2c2resPXZ/tS5LtoZ2TrT8TKYRZ0k1qLuQhOTXXNYQhP8i4PGOAL6BMZsZ
+      USAEHcAZnlByBS8i49IlvJMewPfHmm7ceLu8aYlm3yOAr1QBNRMkxoJBXjAAnCCx
+      qCGIQtINrVIJNQDSogMPXa4JQzCRSsT0Hz8ejQeQ9xmaK4VjM64VRj11RWsHFexk
+      p+GdAGVteipz1xEQHBvnUdOVm/5ULHK+8w+5LgEwN0jGXlsQ6KhUX5BLQMWob0jL
+      1np3Hml3MDxsPJPJjT4OKxNdWyyyP6PIDZj7DFqEa6+9Eg5Io7TSNk4e+LylfpPS
+      orsF2xaUzCaKOXjyXwPrW57UH8HtjnaeWh03qqdZCozCDdQ0pNpPk2vJYStZR/rY
+      BpQHZ6kZyLFdqLs+wMoPphF7q4bhjYk6MXwdHp5Q9q+MWPuM916g6vKaHUX+q6pL
+      YM8s13NkuUX1hEHaOC8I2dEsgcVPk++kDAR7JL5tn5hfJ06K8u5IHwuLUMtLKPt5
+      ZA3LfrnXxqlZD164blhAvb1qPlRTh79+Tj+3zfwaUPma3PmTY12fvJiOn1aD4aYm
+      HgA0yrl2cApzB3C6M1S2QllsoJ/KrWVeSg16XuC+vjSnsRWgIj3PSvSwh9YVZT0h
+      TQlD/PoxrMOlPtQnpHzryQ8YKrTBc4SAuO23wKGkfUBkaBDFrUeprO2p0K9Eeus9
+      jLkIgwTBwmF9bWMi214VdAI3I2BrJkGnx8Rb11C6rEu/5ZeI7g2dACSO27OhckNQ
+      ex490kQvqs1OJ6Fb/CyO8BsLBIyOhkEtglJsVibbcZrHnvoRYeRaWZj9TNdN6I3B
+      Dj0SwxDK9XAwGgWb+E4iwFUUg6yGrbBhUDWv5K7/ncgXz8iESXFKRowuD/J7rriU
+      V/s+yZ8URntBrZ35unuKu4xRieOEkn/JZg+HP0Grs5q3OQumEvZVjHqeJt40WaZ5
+      RJ3NiiHGwWVa6Db/1q0cfETbTn5Qcy2k8ZE+OnRzAmI14nr6lt4eJRnMJ63k4nGc
+      Xj0WpVm7vhVWAQ9gfiYCcbYrR31dUeOBxsRtF+Lvg3TNEx8/x4LeGfxC9c5Ho1Sc
+      Z7fz+/ZycHFx+08W5Mb6PlKhI44uY8bed2Xz5gQhZ1hyXk6Y41uxabUryeCvrLrh
+      PJX25FkOcLhZnWDcyCQ1Rt4JltnZcZzHq12Ipgovos3lPOarySOzSHjs1TjB6Bv1
+      zfBrCAGiY3rrG/W5gXs5eb97dWn5P8CD2uuZCBbTo0GVHdSHV9+JFHQO/0udmnEV
+      e9KRka43HU7AC+3aLeCq1KMoW/anl4DwPXdBCV6hj75TZ0EaA7Q51ETYFCLtyXzt
+      eiU9PE+bEymV6nk927wg7v38GLmdLTJ0F/G4MV0T4UxAdUrsAW33MGXC9/8YyOAz
+      zGh36fBdxTpM6hb1FHJl/tdboIAcTBJRobgmvhaDDVhsJiMJMwRhSFqcE7Q04c3c
+      6rLNGZQ3/u5/Atj5ApZ60ZMH0N5LYcTm98HOROGiFbrYSiSqUyeoIPvME5FwijLw
+      eCxbwjP3WvUSw8XTeIoAf5QwzdI6GRX+6ontCvw6m3l1TohH/ACA+MK+qV1cTgMV
+      HdjywH4SKs3KfwCcTF4gxkHdYlNYDW63Z0lhAtDBXMxUNM/u215Wo+zX0gaSUqeu
+      by47hfhTHP5mW6ITRFvKcS/qUqo3iELljwSXhdw7PwM0whLnSEMGsYh27YVxEzBT
+      n9vcM5tqGykKs1wwmpXpEa6Zliu9swprpQCL5TcOVFKVMjSmDH2OwmaDwcFeTM50
+      mg7BpiA5xLyQFphs8BPbyzkxNlbSI20S67Gx6yScrjsDxcEcVqmcyVVPwn/SqzVL
+      PyklAUbvRcRzkhvibBngIaFUfXXdCOrdQc8Ym/5kKeQ+QLiXxfIYmYKa2uyvMeTe
+      xoag7cmuUnICIYBrmHnVDNxXtC9mNiooUaX2S1lH2ct4s/NwRJm2c5O/igKO/byg
+      wQjiGqDZHyLlPSRxXbxG+tTf3qx8thYbJAO0r+AXYRj+sjJ+MtRozgY0nUeFEJb0
+      ZeYQGlvtoXlGo876JWJ/e7JMatHxGGQ58vJApMTphe/PPh3WTJTE02Bs3Ylft2bp
+      EK5ODopXJ0UmQTn6T1hUwBRu9RO5rICr34XnFav06WekBT5/QTqHEvZ4k4//hvGr
+      d7PQS/EVLApiYWySLg56svmjn4RwfPSPHOwGagU311QOx7woYJD/vb4NBxXb99Qb
+      7z42exUoZgqX+uKwHCuTzH/OVxhqrSoMX2yj09V6ZDUVHU11GOtDzVv07OU+u2vi
+      F0wPdrbedpmIr5BMCdCmqlIPYeBiaMVa/2+q3ud4o6/TeWmQpDZJCQ3xtxrNORQ7
+      HTlY0MDp7G+sdPWJCN5OJ0Ac7uKW72ZC/5yHBJY7Lmrhi3V3vA+DH7A4GgPAphQM
+      yWlBP7sQqVWcA1XlgTycRzkfffXEUoS6qef+IgU/3i/kXmeNnf2kSvmtbiO4GRhC
+      Nhk2s71NUtYXNFJPav5/ZPXI3qOuySow5GYp3njGYmDhO45IzFCcQu40FqiOeyoV
+      lRYTS/BrybkMCu2S3VmIY9/2e7gguYigmyZRvvqOUED9JRqOfC14n5+wtxzSj/nw
+      xFFukVHQRNF6jcZLUNs0SoeFS/obPCE+QiDYBKVrTeT54LuwNLpTrgTnTkDE5VIm
+      LpX9ERh0Yh8HAO7eLHIPAiU/G1Etlc43GcDLN7bbGPQbCvKRzWKSUrLwKmryvTPi
+      eC36fh/yZEWtT2zEtddwbncRgXT20opzMJxB3qF5ZMQ1qLIsQbGYeUsRl9lxsT7A
+      CE6vCP235+urdA9IaBRPN1VpWDpV7YDbF/ZIkRDJevSnSSrBTed4WcXcSe7JNGFb
+      U3eFPi2vsekvb59CHqHPD8QvvqF3N/3Xp1uQZV+eBOCtRpMOZduBJ6QdZlGBaGrB
+      +RKJEl9ziqGkiqiQzw8MR2kSrRVKIs5cISbl/dOEqfkbp2A1Siy4kWt+2Zk5V+Sw
+      IPJDrjYIZKSzV6XhhN+fhMNOYJjByxEXXLvHRTydIUQpS5JPe3T1sMJCN8o41uKx
+      4g+oPomYfJzKSbdpP84fVC4WQCMj+CiMGz/dWV27LgKPF0X9wel5s5gke4UDYQKe
+      FDf/4n3+neMgKohFUIcnqGnBTtThXqvK637m37WfQTIqNWkRH4pU/Acl/djkd+TD
+      yYRBt5UqwGovABM08jYkuA==
+    </EncryptedBinary>
+  </Data>
 </InitialValues>
index 8c8aa592c40507409b271ec086e2d09d6646040d..bfdc2995440dce39e38b8f5bd734b97fcc9949a4 100644 (file)
@@ -93,9 +93,9 @@
     <Permission accessor="web_app1"/>
     <Permission accessor="web_app2"/>
   </Data>
-  <Key name="test2-aes1" type="AES">
+  <Key name="test2-aes1" type="AES" exportable="true">
     <Base64>
-      MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+      QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
     </Base64>
     <Permission accessor="web_app1"/>
     <Permission accessor="web_app2"/>
index 40a64b972ae2e40172a0bf29d3fa09902cba2842..6a1d78a9f2173686200c0082bb829bb2919f7489 100644 (file)
@@ -95,7 +95,7 @@
   </Data>
   <Key name="test3-aes1" type="AES">
     <Base64>
-      MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
+      QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY=
     </Base64>
     <Permission accessor="web_app1"/>
     <Permission accessor="web_app2"/>
diff --git a/src/ckm/device_key.xml b/src/ckm/device_key.xml
new file mode 100644 (file)
index 0000000..30c162a
--- /dev/null
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<DeviceKey version="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="sw_key.xsd ">
+  <RSAPrivateKey>
+    <DERBase64>
+      MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll
+      1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr
+      S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g
+      OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R
+      DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl
+      yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr
+      MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK
+      koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay
+      IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO
+      HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM
+      mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv
+      l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD
+      u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K
+      4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m
+      Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP
+      IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ
+      hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM
+      38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91
+      2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir
+      XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1
+      ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI
+      n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/
+      upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG
+      RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI
+      tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT
+    </DERBase64>
+  </RSAPrivateKey>
+</DeviceKey>
index b8c3192cf9c1beaab02e943a058b1a9db29acc7f..73c6357d9359b6836cac9c8161131515f9b4d8a1 100644 (file)
@@ -36,21 +36,28 @@ const char* APP_PASS            = "user-pass";
 const char* TEST_WEB_APP_1      = "web_app1";
 const char* TEST_WEB_APP_2      = "web_app2";
 
+const char *XML_DEVICE_KEY              = "device_key.xml";
+
 const char *XML_1_okay                  = "XML_1_okay.xml";
 std::string XML_1_EXPECTED_KEY_1_RSA    = aliasWithLabel(ckmc_owner_id_system, "test-key1");
 std::string XML_1_EXPECTED_KEY_1_PASSWD = "123";
 std::string XML_1_EXPECTED_KEY_2_RSA    = aliasWithLabel(ckmc_owner_id_system, "test-key2");
 // uncomment when AES is supported (+ usage in the tests)
-//const char *XML_1_EXPECTED_KEY_3_AES    = "/System test-aes1";
+std::string XML_1_EXPECTED_KEY_3_AES    = aliasWithLabel(ckmc_owner_id_system, "test-aes1");
 std::string XML_1_EXPECTED_CERT_1       = aliasWithLabel(ckmc_owner_id_system, "test-cert1");
 std::string XML_1_EXPECTED_DATA_1       = aliasWithLabel(ckmc_owner_id_system, "test-data1");
 const char *XML_1_EXPECTED_DATA_1_DATA  = "My secret data";
+// encrypted
+std::string XML_1_EXPECTED_KEY_3_RSA_PRV    = aliasWithLabel(ckmc_owner_id_system, "test-encryption-prv");
+std::string XML_1_EXPECTED_KEY_3_RSA_PUB    = aliasWithLabel(ckmc_owner_id_system, "test-encryption-pub");
+std::string XML_1_EXPECTED_ASCII_DATA       = aliasWithLabel(ckmc_owner_id_system, "test-ascii-data-encryption");
+std::string XML_1_EXPECTED_BIG_DATA         = aliasWithLabel(ckmc_owner_id_system, "test-binary-data-encryption");
 
 const char *XML_2_okay                  = "XML_2_okay.xml";
 std::string XML_2_EXPECTED_KEY_1_RSA    = aliasWithLabel(ckmc_owner_id_system, "test2-key1");
 std::string XML_2_EXPECTED_KEY_2_RSA    = aliasWithLabel(ckmc_owner_id_system, "test2-key2");
 // uncomment when AES is supported
-//const char *XML_2_EXPECTED_KEY_3_AES    = "/System test2-aes1";
+std::string XML_2_EXPECTED_KEY_3_AES    = aliasWithLabel(ckmc_owner_id_system, "test2-aes1");
 std::string XML_2_EXPECTED_CERT_1       = aliasWithLabel(ckmc_owner_id_system, "test2-cert1");
 std::string XML_2_EXPECTED_DATA_1       = aliasWithLabel(ckmc_owner_id_system, "test2-data1");
 const char *XML_2_EXPECTED_DATA_1_DATA  = "My secret data";
@@ -59,7 +66,6 @@ const char *XML_3_wrong                 = "XML_3_wrong.xml";
 std::string XML_3_EXPECTED_KEY_1_RSA    = aliasWithLabel(ckmc_owner_id_system, "test3-key1");
 std::string XML_3_EXPECTED_KEY_2_RSA    = aliasWithLabel(ckmc_owner_id_system, "test3-key2");
 // uncomment when AES is supported
-//const char *XML_2_EXPECTED_KEY_3_AES    = "/System test3-aes1";
 std::string XML_3_EXPECTED_CERT_1       = aliasWithLabel(ckmc_owner_id_system, "test3-cert1");
 std::string XML_3_EXPECTED_DATA_1       = aliasWithLabel(ckmc_owner_id_system, "test3-data1");
 
@@ -69,6 +75,11 @@ std::string format_src_path(const char *file)
     return std::string("/usr/share/ckm-test/") + std::string(file);
 }
 
+std::string format_dest_key_path(const char *file)
+{
+    return std::string("/opt/data/ckm/") + std::string(file);
+}
+
 std::string format_dest_path(const char *file)
 {
     return std::string("/opt/data/ckm/initial_values/") + std::string(file);
@@ -120,6 +131,7 @@ RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP, RemoveDataEnv<0>)
 
     // [prepare]
     copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
+    copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
 
     // [test0]
     test_exists(format_dest_path(XML_1_okay), true);
@@ -129,7 +141,7 @@ RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP, RemoveDataEnv<0>)
     // [test1]
     check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
     check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
-    //check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
+    check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
     check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
     check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
 
@@ -142,7 +154,7 @@ RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP, RemoveDataEnv<0>)
 
         check_key(XML_1_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
         check_key_not_visible(XML_1_EXPECTED_KEY_2_RSA.c_str());
-        // check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
+        check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
         check_cert_not_visible(XML_1_EXPECTED_CERT_1.c_str());
         check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
     }
@@ -156,7 +168,7 @@ RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP, RemoveDataEnv<0>)
 
         check_key_not_visible(XML_1_EXPECTED_KEY_1_RSA.c_str());
         check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
-        // check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
+        check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
         check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
         check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
     }
@@ -175,6 +187,7 @@ RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP, RemoveDataEnv<0>)
     // check items existence as system service
 
     // [prepare]
+    copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
     copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
     copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
 
@@ -190,8 +203,8 @@ RUNNER_TEST(T6020_PARSE_TWO_XML_FILES_AT_STARTUP, RemoveDataEnv<0>)
     check_key(XML_2_EXPECTED_KEY_1_RSA.c_str(), CKMC_ERROR_NOT_EXPORTABLE);
     check_key_allowed(XML_1_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
     check_key_allowed(XML_2_EXPECTED_KEY_2_RSA.c_str(), CKMC_KEY_RSA_PRIVATE);
-    //check_key_allowed(XML_1_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
-    //check_key_allowed(XML_2_EXPECTED_KEY_3_AES, CKMC_KEY_AES);
+    check_key_allowed(XML_1_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
+    check_key_allowed(XML_2_EXPECTED_KEY_3_AES.c_str(), CKMC_KEY_AES);
     check_cert_allowed(XML_1_EXPECTED_CERT_1.c_str());
     check_cert_allowed(XML_2_EXPECTED_CERT_1.c_str());
     check_read_allowed(XML_1_EXPECTED_DATA_1.c_str(), XML_1_EXPECTED_DATA_1_DATA);
@@ -221,7 +234,6 @@ RUNNER_TEST(T6030_PARSE_FAIL_XML_AT_STARTUP, RemoveDataEnv<0>)
     // [test1]
     check_key_not_visible(XML_3_EXPECTED_KEY_1_RSA.c_str());
     check_key_not_visible(XML_3_EXPECTED_KEY_2_RSA.c_str());
-    //check_key_not_visible(XML_3_EXPECTED_KEY_3_AES);
     check_cert_not_visible(XML_3_EXPECTED_CERT_1.c_str());
     check_read_not_visible(XML_3_EXPECTED_DATA_1.c_str());
 }
@@ -236,6 +248,7 @@ RUNNER_TEST(T6040_CHECK_KEYS_VALID, RemoveDataEnv<0>)
     // check if key can create & verify signature
 
     // [prepare]
+    copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
     copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
     restart_key_manager();
 
@@ -279,3 +292,115 @@ RUNNER_TEST(T6040_CHECK_KEYS_VALID, RemoveDataEnv<0>)
 
     ckmc_buffer_free(signature);
 }
+
+RUNNER_TEST(T6050_ENCRYPTED_KEY, RemoveDataEnv<0>)
+{
+    // [prepare]
+    // to encrypt using RSA OAEP:  openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
+    // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
+    // remove database 0
+    // copy to the initial-values folder
+    // restart the key-manager
+    // [test0]
+    // check if encrypted private key is present
+    // check if public key is present
+    // [test1]
+    // extract the private, encrypted key
+    // extract the public key
+    // create signature using the public key
+    // verify signature using the decrypted private key
+
+    // [prepare]
+    copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
+    copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
+    restart_key_manager();
+
+    // [test0]
+    check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(), CKMC_KEY_RSA_PRIVATE);
+    check_key_allowed(XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(), CKMC_KEY_RSA_PUBLIC);
+
+
+    ckmc_raw_buffer_s msg_buff = prepare_message_buffer("Raz ugryzla misia pszczola..");
+    ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+    ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+    ckmc_raw_buffer_s *signature = NULL;
+    int temp;
+    RUNNER_ASSERT_MSG(
+            CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+                    XML_1_EXPECTED_KEY_3_RSA_PRV.c_str(),
+                    NULL,
+                    msg_buff,
+                    hash_algo,
+                    pad_algo,
+                    &signature)),
+            CKMCReadableError(temp));
+
+    // invalid password
+    RUNNER_ASSERT_MSG(
+            CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+                        XML_1_EXPECTED_KEY_3_RSA_PUB.c_str(),
+                        NULL,
+                        msg_buff,
+                        *signature,
+                        hash_algo,
+                        pad_algo)),
+                CKMCReadableError(temp));
+
+    ckmc_buffer_free(signature);
+}
+
+RUNNER_TEST(T6060_ENCRYPTED_ASCII_DATA, RemoveDataEnv<0>)
+{
+    // [prepare]
+    // to encrypt using RSA OAEP:  openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
+    // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
+    // remove database 0
+    // copy to the initial-values folder
+    // restart the key-manager
+    // [test0]
+    // extract data
+    // check if data matches the expected size and content
+
+    // [prepare]
+    copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
+    copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
+    restart_key_manager();
+
+    // [test0]
+    ckmc_raw_buffer_s *testData1;
+    int temp;
+    RUNNER_ASSERT_MSG(
+            CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_ASCII_DATA.c_str(), NULL, &testData1)),
+            CKMCReadableError(temp));
+    size_t expected_len = 15;
+    RUNNER_ASSERT_MSG(expected_len /* src/ckm/keys/EIV/ascii_data */ == testData1->size, "invalid data size");
+    RUNNER_ASSERT_MSG(memcmp(reinterpret_cast<char*>(testData1->data), "My secret data\n", expected_len) == 0, "invalid data contents");
+    ckmc_buffer_free(testData1);
+}
+
+RUNNER_TEST(T6070_ENCRYPTED_BIG_DATA, RemoveDataEnv<0>)
+{
+    // [prepare]
+    // to encrypt using RSA OAEP:  openssl rsautl -encrypt -oaep -pubin -inkey pub.key -in input.txt -out cipher.out
+    // to decrypt RSA OAEP cipher: openssl rsautl -decrypt -oaep -in cipher.out -out plaintext -inkey priv.key
+    // remove database 0
+    // copy to the initial-values folder
+    // restart the key-manager
+    // [test0]
+    // extract data
+    // check if data matches the expected size
+
+    // [prepare]
+    copy_file(format_src_path(XML_DEVICE_KEY), format_dest_key_path(XML_DEVICE_KEY));
+    copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
+    restart_key_manager();
+
+    // [test0]
+    ckmc_raw_buffer_s *testData1;
+    int temp;
+    RUNNER_ASSERT_MSG(
+            CKMC_ERROR_NONE == (temp = ckmc_get_data(XML_1_EXPECTED_BIG_DATA.c_str(), NULL, &testData1)),
+            CKMCReadableError(temp));
+    RUNNER_ASSERT_MSG(5918 /* src/ckm/keys/EIV/code.png */ == testData1->size, "invalid data size");
+    ckmc_buffer_free(testData1);
+}
diff --git a/src/ckm/keys/EIV/ascii_data b/src/ckm/keys/EIV/ascii_data
new file mode 100644 (file)
index 0000000..5061b47
--- /dev/null
@@ -0,0 +1 @@
+My secret data
diff --git a/src/ckm/keys/EIV/ascii_data.encrypted b/src/ckm/keys/EIV/ascii_data.encrypted
new file mode 100644 (file)
index 0000000..448b06d
--- /dev/null
@@ -0,0 +1 @@
+ÎàC\8e\9f)´[a­N½Q®\~
\ No newline at end of file
diff --git a/src/ckm/keys/EIV/cert.der b/src/ckm/keys/EIV/cert.der
new file mode 100644 (file)
index 0000000..8ac37af
Binary files /dev/null and b/src/ckm/keys/EIV/cert.der differ
diff --git a/src/ckm/keys/EIV/cert.der.encrypted b/src/ckm/keys/EIV/cert.der.encrypted
new file mode 100644 (file)
index 0000000..ebf3c36
Binary files /dev/null and b/src/ckm/keys/EIV/cert.der.encrypted differ
diff --git a/src/ckm/keys/EIV/code.png b/src/ckm/keys/EIV/code.png
new file mode 100644 (file)
index 0000000..b062885
Binary files /dev/null and b/src/ckm/keys/EIV/code.png differ
diff --git a/src/ckm/keys/EIV/code.png.encrypted b/src/ckm/keys/EIV/code.png.encrypted
new file mode 100644 (file)
index 0000000..f28f0b1
Binary files /dev/null and b/src/ckm/keys/EIV/code.png.encrypted differ
diff --git a/src/ckm/keys/EIV/device.priv b/src/ckm/keys/EIV/device.priv
new file mode 100644 (file)
index 0000000..904e470
--- /dev/null
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll
+1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr
+S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g
+OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R
+DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl
+yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr
+MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK
+koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay
+IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO
+HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM
+mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv
+l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD
+u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K
+4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m
+Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP
+IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ
+hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM
+38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91
+2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir
+XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1
+ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI
+n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/
+upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG
+RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI
+tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT
+-----END RSA PRIVATE KEY-----
diff --git a/src/ckm/keys/EIV/device.pub b/src/ckm/keys/EIV/device.pub
new file mode 100644 (file)
index 0000000..4a26780
--- /dev/null
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Vx4MBKFGalaRh+BzSYn
+W8am8ajbnyD6AaweHcH+oAAQX7Ll1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy
++/X/pMBa4MHrjzH01gzzV0jyqEOrS6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLg
+jBkbrmKEMHMk6jT5NUtKhpBXo0/gOgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG
+1tFxGbeQkmBBxXVIr7u/z9WDG32RDiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspF
+y7ek0x0Lll3t1P7FMgF1V21PFhclyX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlc
+SQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/src/ckm/keys/EIV/encryption_AES_IV b/src/ckm/keys/EIV/encryption_AES_IV
new file mode 100644 (file)
index 0000000..f242b60
--- /dev/null
@@ -0,0 +1 @@
+_ThisIsIVForAES_
\ No newline at end of file
diff --git a/src/ckm/keys/EIV/encryption_AES_IV_cert b/src/ckm/keys/EIV/encryption_AES_IV_cert
new file mode 100644 (file)
index 0000000..2af2a62
--- /dev/null
@@ -0,0 +1 @@
+IVdiffersFrItems
\ No newline at end of file
diff --git a/src/ckm/keys/EIV/encryption_AES_IV_data_ASCII b/src/ckm/keys/EIV/encryption_AES_IV_data_ASCII
new file mode 100644 (file)
index 0000000..d9e5d75
--- /dev/null
@@ -0,0 +1 @@
+__another_IV_2__
\ No newline at end of file
diff --git a/src/ckm/keys/EIV/encryption_AES_IV_data_PNG b/src/ckm/keys/EIV/encryption_AES_IV_data_PNG
new file mode 100644 (file)
index 0000000..289160f
--- /dev/null
@@ -0,0 +1 @@
+PNGIVPNGIVPNGIVP
\ No newline at end of file
diff --git a/src/ckm/keys/EIV/encryption_AES_key b/src/ckm/keys/EIV/encryption_AES_key
new file mode 100644 (file)
index 0000000..5348cbc
--- /dev/null
@@ -0,0 +1 @@
+ABCDEFGHIJKLMNOPRSTUVWXYZ0123456
\ No newline at end of file
diff --git a/src/ckm/keys/EIV/encryption_AES_key.encrypted b/src/ckm/keys/EIV/encryption_AES_key.encrypted
new file mode 100644 (file)
index 0000000..0f5c30b
Binary files /dev/null and b/src/ckm/keys/EIV/encryption_AES_key.encrypted differ
diff --git a/src/ckm/keys/EIV/instructions.txt b/src/ckm/keys/EIV/instructions.txt
new file mode 100644 (file)
index 0000000..ef5ac1c
--- /dev/null
@@ -0,0 +1,4 @@
+* RSA-OAEP encrypt AES key: openssl rsautl -encrypt -oaep -pubin -inkey device.pub -in encryption_AES_key -out encryption_AES_key.encrypted
+* encode base64: openssl enc -base64 -in encryption_AES_key.encrypted
+* encrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -e -in test.der.priv -out test.der.priv.enc
+* decrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -d -in test.der.priv.enc -out test.der.priv
diff --git a/src/ckm/keys/EIV/test.der.priv b/src/ckm/keys/EIV/test.der.priv
new file mode 100644 (file)
index 0000000..cb2cc90
Binary files /dev/null and b/src/ckm/keys/EIV/test.der.priv differ
diff --git a/src/ckm/keys/EIV/test.der.priv.enc b/src/ckm/keys/EIV/test.der.priv.enc
new file mode 100644 (file)
index 0000000..2b9df8f
Binary files /dev/null and b/src/ckm/keys/EIV/test.der.priv.enc differ
diff --git a/src/ckm/keys/EIV/test.der.priv.enc.base64 b/src/ckm/keys/EIV/test.der.priv.enc.base64
new file mode 100644 (file)
index 0000000..4c76582
--- /dev/null
@@ -0,0 +1,13 @@
+BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da
+6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF
+0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/
+tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do
++iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY
+xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v
+FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8
+vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r
+54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy
+Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz
+wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo
+j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s
+bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14
diff --git a/src/ckm/keys/EIV/test.der.pub b/src/ckm/keys/EIV/test.der.pub
new file mode 100644 (file)
index 0000000..4196419
Binary files /dev/null and b/src/ckm/keys/EIV/test.der.pub differ
diff --git a/src/ckm/keys/EIV/test.priv b/src/ckm/keys/EIV/test.priv
new file mode 100644 (file)
index 0000000..d778ab4
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDMP6sKttnQ58BAi27b8X+8KVQtJgpJhhCF0RtWaTVqAhVDG3y4
+x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06BCWPYH2+7jOfQIOy/TMlt+W7x
+fou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+3Op0tEjy0jpmzeyNiQIDAQAB
+AoGBAJRDX1CuvNx1bkwsKvQDkTqwMYd4hp0qcVICIbsPMhPaoT6OdHHZkHOf+HDx
+KWhOj1LsXgzu95Q+Tp5k+LURI8ayu2RTsz/gYECgPNUsZ7gXl4co1bK+g5kiC+qr
+sgSfkbYpp0OXefnl5x4KaJlZeSpn0UdDqx0kwI1x2E098i1VAkEA5thNY9YZNQdN
+p6aopxOF5OmAjbLkq6wu255rDM5YgeepXXro/lmPociobtv8vPzbWKfoYZJL0Zj4
+Qzj7Qz7s0wJBAOKBbpeG9PuNP1nR1h8kvyuILW8F89JOcIOUeqwokq4eJVqXdFIj
+ct8eSEFmyXNqXD7b9+Tcw6vRIZuddVhNcrMCQAlpaD5ZzE1NLu1W7ilhsmPS4Vrl
+oE0fiAmMO/EZuKITP+R/zmAQZrrB45whe/x4krjan67auByjj/utpxDmz+ECQEg/
+UK80dN/n5dUYgVvdtLyF6zgGhgcGzgyqR5ayOlcfdnq25Htuoy1X02RJDOirfFDw
+iNmPMTqUskuYpd1MltECQBwcy1cpnJWIXwCTQwg3enjkOVw80Tbr3iU9ASjHJTH2
+N6FGHC4BQCm1fL6Bo0/0oSra+Ika3/1Vw1WwijUSiO8=
+-----END RSA PRIVATE KEY-----
diff --git a/src/ckm/keys/EIV/test.pub b/src/ckm/keys/EIV/test.pub
new file mode 100644 (file)
index 0000000..7bc39be
--- /dev/null
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMP6sKttnQ58BAi27b8X+8KVQt
+JgpJhhCF0RtWaTVqAhVDG3y4x6IuAvXDtPSjLe/2E01fYGVxNComPJOmUOfUD06B
+CWPYH2+7jOfQIOy/TMlt+W7xfou9rqnPRoKRaodoLqH5WK0ahkntWCAjstoKZoG+
+3Op0tEjy0jpmzeyNiQIDAQAB
+-----END PUBLIC KEY-----