kmsb_error_e kmsb_verify_signature(const unsigned int key_idx,
const kmsb_sign_param_s *param,
const unsigned char *msg, const unsigned int msg_len,
- unsigned char *sig, unsigned int sig_len);
+ const unsigned char *sig, const unsigned int sig_len);
/*
* @brief Get a key value from SE
* - KMSB_ERROR_NOT_SUPPORTED: when this operation is not supported
* - KMSB_ERROR_OPERATION_FAILED: when operation fails with unknown reason
*/
-int kmsb_get_key(const unsigned int key_idx, unsigned char **output, unsigned int *output_len);
+kmsb_error_e kmsb_get_key(const unsigned int key_idx, unsigned char **output, unsigned int *output_len);
/*
* @brief Get a certificate value from SE
* - KMSB_ERROR_NOT_SUPPORTED: when this operation is not supported
* - KMSB_ERROR_OPERATION_FAILED: when operation fails with unknown reason
*/
-int kmsb_get_certificate(const unsigned int cert_idx, unsigned char **output, unsigned int *output_len);
+kmsb_error_e kmsb_get_certificate(const unsigned int cert_idx, unsigned char **output, unsigned int *output_len);
/*
* @brief Get a data value from SE
* - KMSB_ERROR_NOT_SUPPORTED: when this operation is not supported
* - KMSB_ERROR_OPERATION_FAILED: when operation fails with unknown reason
*/
-int kmsb_get_data(const unsigned int data_idx, unsigned char **output, unsigned int *output_len);
+kmsb_error_e kmsb_get_data(const unsigned int data_idx, unsigned char **output, unsigned int *output_len);
#ifdef __cplusplus
}
#define MAX_SLOT_INDEX 8
static unsigned char *KEY_ARRAY[MAX_SLOT_INDEX] = {NULL,};
+static unsigned char CERT_ARRAY[MAX_SLOT_INDEX][1244] =
+ {"MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw" \
+ "EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD" \
+ "VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy" \
+ "MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ" \
+ "MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN" \
+ "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1" \
+ "2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm" \
+ "6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x" \
+ "54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY" \
+ "+Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID" \
+ "AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1" \
+ "PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ" \
+ "51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy" \
+ "9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU" \
+ "wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7" \
+ "7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK" \
+ "kOg11TpPdNDkhb1J4ZCh2gupDg==",};
+static unsigned char DATA_ARRAY[MAX_SLOT_INDEX][1000] =
+ {"My secret data",};
const size_t DBP_KEY_SIZE = 32;
const size_t AES_KEY_SIZE = 32;
if (buf) free(buf); \
return result; \
}
+
//################################################################################
// For Supporting Key Manager DB Encryption with SE Key
//################################################################################
return KMSB_ERROR_NONE;
}
-static kmsb_error_e generate_ecdsa_key(const unsigned int key_idx,
+static kmsb_error_e generate_ecdsa_key(const unsigned int key_idx,
kmsb_ec_type_e ec, const bool delete_old)
{
if (!delete_old && KEY_ARRAY[key_idx])
if (!buf) return KMSB_ERROR_OUT_OF_MEMORY;
/*
- * Set Padding zero forcely, with our concept, there should be no padding
+ * Set Padding zero forcely, with our concept, there should be no padding
* to increase buffer size.
*/
if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
buf = calloc(clen, sizeof(unsigned char));
if (!buf) return KMSB_ERROR_OUT_OF_MEMORY;
/*
- * Set Padding zero forcely, with our concept, there should be no padding
+ * Set Padding zero forcely, with our concept, there should be no padding
* to increase buffer size.
*/
if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
unsigned char **output, unsigned int *output_len)
{
// check the input parameters
- if (input == NULL ||
+ if (key_idx >= MAX_SLOT_INDEX ||
+ input == NULL ||
input_len == 0 ||
output == NULL ||
output_len == NULL ||
if (!buf) return KMSB_ERROR_OUT_OF_MEMORY;
/*
- * Set Padding zero forcely, with our concept, there should be no padding
+ * Set Padding zero forcely, with our concept, there should be no padding
* to increase buffer size.
*/
if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
unsigned char **output, unsigned int *output_len)
{
// check the input parameters
- if (input == NULL ||
+ if (key_idx >= MAX_SLOT_INDEX ||
+ input == NULL ||
input_len == 0 ||
output == NULL ||
output_len == NULL ||
if (!buf) return KMSB_ERROR_OUT_OF_MEMORY;
/*
- * Set Padding zero forcely, with our concept, there should be no padding
+ * Set Padding zero forcely, with our concept, there should be no padding
* to increase buffer size.
*/
if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
unsigned char **sig, unsigned int *sig_len)
{
// check the input parameters
- if (msg == NULL ||
+ if (key_idx >= MAX_SLOT_INDEX ||
+ msg == NULL ||
msg_len == 0 ||
sig == NULL ||
sig_len == NULL)
kmsb_error_e kmsb_verify_signature(const unsigned int key_idx,
const kmsb_sign_param_s *param,
const unsigned char *msg, const unsigned int msg_len,
- unsigned char *sig, unsigned int sig_len)
+ const unsigned char *sig, const unsigned int sig_len)
{
// check the input parameters
- if (msg == NULL ||
+ if (key_idx >= MAX_SLOT_INDEX ||
+ msg == NULL ||
msg_len == 0 ||
sig == NULL ||
sig_len == 0)
return KMSB_ERROR_NONE;
}
-int kmsb_get_key(const unsigned int key_idx, unsigned char **output, unsigned int *output_len)
+kmsb_error_e kmsb_get_key(const unsigned int key_idx, unsigned char **output, unsigned int *output_len)
{
- (void) key_idx;
- (void) output;
- (void) output_len;
- return KMSB_ERROR_NOT_SUPPORTED;
+ if (key_idx >= MAX_SLOT_INDEX ||
+ output == NULL ||
+ output_len == NULL)
+ return KMSB_ERROR_INVALID_PARAMETER;
+
+ if (!KEY_ARRAY[key_idx])
+ return KMSB_ERROR_NO_KEY;
+
+ EVP_PKEY *pkey = (EVP_PKEY *)KEY_ARRAY[key_idx];
+
+ EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pkey);
+ if (!ec_key)
+ return KMSB_ERROR_OPERATION_FAILED;
+
+ *output_len = EC_POINT_point2buf(EC_KEY_get0_group(ec_key),
+ EC_KEY_get0_public_key(ec_key),
+ 2, output, NULL);
+ if (!*output)
+ return KMSB_ERROR_OPERATION_FAILED;
+
+ return KMSB_ERROR_NONE;
}
-int kmsb_get_certificate(const unsigned int cert_idx, unsigned char **output, unsigned int *output_len)
+/* warn: The cerification data should be pre-loaded in Secure element */
+kmsb_error_e kmsb_get_certificate(const unsigned int cert_idx, unsigned char **output, unsigned int *output_len)
{
- (void) cert_idx;
- (void) output;
- (void) output_len;
- return KMSB_ERROR_NOT_SUPPORTED;
+ if (cert_idx >= MAX_SLOT_INDEX ||
+ output == NULL ||
+ output_len == NULL)
+ return KMSB_ERROR_INVALID_PARAMETER;
+
+ if (!CERT_ARRAY[cert_idx])
+ return KMSB_ERROR_OPERATION_FAILED;
+
+ *output_len = strlen((const char*)CERT_ARRAY[cert_idx]);
+ *output = calloc(*output_len, sizeof(unsigned char));
+ if (!*output) return KMSB_ERROR_OUT_OF_MEMORY;
+
+ memcpy(*output, CERT_ARRAY[cert_idx], *output_len);
+ return KMSB_ERROR_NONE;
}
-int kmsb_get_data(const unsigned int data_idx, unsigned char **output, unsigned int *output_len)
+/* warn: The data should be pre-loaded securely in Secure element */
+kmsb_error_e kmsb_get_data(const unsigned int data_idx, unsigned char **output, unsigned int *output_len)
{
- (void) data_idx;
- (void) output;
- (void) output_len;
- return KMSB_ERROR_NOT_SUPPORTED;
+ if (data_idx >= MAX_SLOT_INDEX ||
+ output == NULL ||
+ output_len == NULL)
+ return KMSB_ERROR_INVALID_PARAMETER;
+
+ if (!DATA_ARRAY[data_idx])
+ return KMSB_ERROR_OPERATION_FAILED;
+
+ *output_len = strlen((const char*)DATA_ARRAY[data_idx]);
+ *output = calloc(*output_len, sizeof(unsigned char));
+ if (!*output) return KMSB_ERROR_OUT_OF_MEMORY;
+
+ memcpy(*output, DATA_ARRAY[data_idx], *output_len);
+ return KMSB_ERROR_NONE;
}
const int TEST_ECDSA_P192_KEY_IDX = 2;
const int TEST_ECDSA_P256_KEY_IDX = 3;
const int TEST_ECDSA_S384_KEY_IDX = 4;
+const int TEST_CERT_IDX = 0;
+const int TEST_DATA_IDX = 0;
BOOST_AUTO_TEST_CASE(kmsb_aes_cbc_encrypt_p)
{
if (signature) free(signature);
}
+BOOST_AUTO_TEST_CASE(kmsb_get_key_invalid_parameters_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char *public_key = NULL;
+ unsigned int key_len = 0;
+ unsigned int key_idx = TEST_ECDSA_P256_KEY_IDX;
+
+ ret = kmsb_get_key(100, &public_key, &key_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_get_key(key_idx, NULL, &key_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_get_key(key_idx, &public_key, NULL);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ if (public_key) free(public_key);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_key_p192_p)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char *public_key = NULL;
+ unsigned int key_len = 0;
+ unsigned int key_idx = TEST_ECDSA_P192_KEY_IDX;
+
+ ret = kmsb_get_key(key_idx, &public_key, &key_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+ if (public_key) free(public_key);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_key_p256_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char *public_key = NULL;
+ unsigned int key_len = 0;
+ unsigned int key_idx = TEST_ECDSA_P256_KEY_IDX;
+
+ ret = kmsb_get_key(key_idx, &public_key, &key_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+ if (public_key) free(public_key);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_key_secp384r1_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char *public_key = NULL;
+ unsigned int key_len = 0;
+ unsigned int key_idx = TEST_ECDSA_S384_KEY_IDX;
+
+ ret = kmsb_get_key(key_idx, &public_key, &key_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+ if (public_key) free(public_key);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_certificate_invalid_parameters_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char *certificate = NULL;
+ unsigned int cert_len = 0;
+ unsigned int cert_idx = TEST_CERT_IDX;
+
+ ret = kmsb_get_certificate(100, &certificate, &cert_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_get_certificate(cert_idx, NULL, &cert_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_get_certificate(cert_idx, &certificate, NULL);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ if (certificate) free(certificate);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_certificate_p)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char *certificate = NULL;
+ unsigned int cert_len = 0;
+ unsigned int cert_idx = TEST_CERT_IDX;
+
+ ret = kmsb_get_certificate(cert_idx, &certificate, &cert_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+ if (certificate) free(certificate);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_data_invalid_parameters_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char *data = NULL;
+ unsigned int data_len = 0;
+ unsigned int data_idx = TEST_DATA_IDX;
+
+ ret = kmsb_get_data(100, &data, &data_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_get_data(data_idx, NULL, &data_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_get_data(data_idx, &data, NULL);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ if (data) free(data);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_data_p)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char *data = NULL;
+ unsigned int data_len = 0;
+ unsigned int data_idx = TEST_DATA_IDX;
+
+ ret = kmsb_get_data(data_idx, &data, &data_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+ if (data) free(data);
+}
+
BOOST_AUTO_TEST_SUITE_END() // SE_EMUL
BOOST_AUTO_TEST_SUITE_END() // USER
projects / platform / core / security / key-manager-se-backend.git / commitdiff