Adjust tests to implementation changes

Allow using SHA384 & SHA512 with RSA OAEP

Change-Id: Iaf60a99d5046c94cce0c370ce4d1660886720f59

diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp
index 811af3a7c5783715a9f669b03f492e98a6e69cbb..59358d6f1f7fbaafbc9e485c9c5fd10be888c637 100644 (file)
--- a/src/ckm/unprivileged/encryption-decryption.cpp
+++ b/src/ckm/unprivileged/encryption-decryption.cpp
@@ -1541,9 +1541,11 @@ RUNNER_TEST_MULTIPLE(TED_1360_rsa_different_hashes, SyncEnv, AsyncEnv)
     };
     checkHash(CKMC_HASH_SHA1);
     checkHash(CKMC_HASH_SHA256);
+    checkHash(CKMC_HASH_SHA384);
+    checkHash(CKMC_HASH_SHA512);
 }
 
-RUNNER_TEST_MULTIPLE(TED_1370_rsa_invalid_hashes, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1370_rsa_invalid_hash, SyncEnv, AsyncEnv)
 {
     // prepare buffers
     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(126));
@@ -1555,22 +1557,16 @@ RUNNER_TEST_MULTIPLE(TED_1370_rsa_invalid_hashes, SyncEnv, AsyncEnv)
     ckmc_param_list_h handle = NULL;
     assert_positive(ckmc_generate_new_params, CKMC_ALGO_RSA_OAEP, &handle);
     auto params = ParamListPtr(handle, ckmc_param_list_free);
+    setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_NONE);
 
-    auto hashInvalid = [&](ckmc_hash_algo_e hash){
-        setParam(params, CKMC_PARAM_ED_OAEP_HASH, static_cast<uint64_t>(hash));
-
-        assert_crypto_result(EncryptionError::INVALID_PARAM,
-                             apiEncrypt,
-                             params.get(),
-                             aliases.pub.c_str(),
-                             nullptr,
-                             *plain.get(),
-                             &encrypted);
-    };
+    assert_crypto_result(EncryptionError::INVALID_PARAM,
+                         apiEncrypt,
+                         params.get(),
+                         aliases.pub.c_str(),
+                         nullptr,
+                         *plain.get(),
+                         &encrypted);
 
-    hashInvalid(CKMC_HASH_NONE);
-    hashInvalid(CKMC_HASH_SHA384);
-    hashInvalid(CKMC_HASH_SHA512);
 }
 
 /////////////////////////////////////////

diff --git a/src/ckm/unprivileged/key-wrapping.cpp b/src/ckm/unprivileged/key-wrapping.cpp
index 74e0c9fc381a3c85b8f8c4dc7c05032c49ace7ad..bedd4b367482df41d622356049c78ed96b5878a0 100644 (file)
--- a/src/ckm/unprivileged/key-wrapping.cpp
+++ b/src/ckm/unprivileged/key-wrapping.cpp
@@ -1220,22 +1220,16 @@ RUNNER_TEST(TKW_RSAOAEP_INVALID_BUFF_LENGTH){
 RUNNER_TEST(TKW_RSAOAEP_EXPORT_INVALID_HASH){
        ParamListPtr params = getDefaultParams(RSA_OAEP_ALGO);
        ckmc_key_s *wrappedKey = nullptr;
+       setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_NONE);
 
-       auto checkHash = [&](ckmc_hash_algo_e hash){
-               setParam(params, CKMC_PARAM_ED_OAEP_HASH, hash);
-
-               assert_invalid_param(ckmc_export_wrapped_key,
-                                       params.get(),
-                                       RSA_KEY_1024_PUB_ALIAS.c_str(),
-                                       nullptr,
-                                       AES_KEY_128_ALIAS.c_str(),
-                                       nullptr,
-                                       &wrappedKey);
-       };
+       assert_invalid_param(ckmc_export_wrapped_key,
+                               params.get(),
+                               RSA_KEY_1024_PUB_ALIAS.c_str(),
+                               nullptr,
+                               AES_KEY_128_ALIAS.c_str(),
+                               nullptr,
+                               &wrappedKey);
 
-       checkHash(CKMC_HASH_NONE);
-       checkHash(CKMC_HASH_SHA384);
-       checkHash(CKMC_HASH_SHA512);
 }
 
 RUNNER_TEST(TKW_WRONG_TYPE_WRAPPING_KEY){
@@ -1538,7 +1532,7 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_LABEL){
 
 RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_HASH){
        auto test = [](const Alias &wrappingKeyAlias, const Alias &unwrappingKeyAlias){
-               for (auto hash : {CKMC_HASH_SHA1, CKMC_HASH_SHA256}) {
+               for (auto hash : {CKMC_HASH_SHA1, CKMC_HASH_SHA256, CKMC_HASH_SHA384, CKMC_HASH_SHA512}) {
                        // DEFAULT_IV will be ignored by RSA
                        testImportExportCustomParameters(RSA_OAEP_ALGO,
                                                wrappingKeyAlias,
@@ -1550,7 +1544,6 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_HASH){
                                                hash);
                }
        };
-       test(RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PRV_ALIAS);
        test(RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PRV_ALIAS);
        test(RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PRV_ALIAS);
 #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations
@@ -1558,6 +1551,26 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_HASH){
 #endif
 }
 
+RUNNER_TEST(TKW_RSAOAEP_EXPORT_DATA_LIMIT){
+       ParamListPtr params = getDefaultParams(RSA_OAEP_ALGO);
+       ckmc_key_s *wrappedKey = nullptr;
+
+       auto checkHash = [&](ckmc_hash_algo_e hash){
+               setParam(params, CKMC_PARAM_ED_OAEP_HASH, hash);
+
+               assert_invalid_param(ckmc_export_wrapped_key,
+                                       params.get(),
+                                       RSA_KEY_1024_PUB_ALIAS.c_str(),
+                                       nullptr,
+                                       AES_KEY_256_ALIAS.c_str(),
+                                       nullptr,
+                                       &wrappedKey);
+       };
+
+       checkHash(CKMC_HASH_SHA384);
+       //checkHash(CKMC_HASH_SHA512); // TODO TA panicked while executing command
+}
+
 RUNNER_TEST(TKW_RSA_WRAPPED_KEY){
        ParamListPtr params = getDefaultParams(AES_CTR_ALGO);