projects / platform / core / security / key-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2fefe6a)
Add RSA 3072 support 61/309961/10
authorJan Wojtkowski <j.wojtkowski@samsung.com>
Thu, 18 Apr 2024 10:32:32 +0000 (12:32 +0200)
committerJan Wojtkowski <j.wojtkowski@samsung.com>
Wed, 24 Apr 2024 08:30:36 +0000 (10:30 +0200)
Change-Id: Ic6616d1e67bc612f0f168f3d1d628b2f86689132

src/include/ckm/ckm-manager.h patch | blob | history
src/include/ckmc/ckmc-manager.h patch | blob | history
src/manager/client/client-manager-impl.h patch | blob | history
src/manager/client/client-manager.cpp patch | blob | history
src/manager/crypto/sw-backend/internals.cpp patch | blob | history
unit-tests/test_sw-backend.cpp patch | blob | history

diff --git a/src/include/ckm/ckm-manager.h b/src/include/ckm/ckm-manager.h
index 245b3d1eca5fcc56ff1a0ef446047c8cb939cb1f..b98b4c8db42fcbc5174eebb3518a3d67c639efea 100644 (file)
--- a/src/include/ckm/ckm-manager.h
+++ b/src/include/ckm/ckm-manager.h
@@ -84,7 +84,7 @@ public:
        int getDataEncryptionStatus(const Alias &alias, bool &status);
 
        int createKeyPairRSA(
-               const int size,              // size in bits [1024, 2048, 4096]
+               const int size,              // size in bits [1024, 2048, 3072, 4096]
                const Alias &privateKeyAlias,
                const Alias &publicKeyAlias,
                const Policy &policyPrivateKey = Policy(),
diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h
index 7e6819996f2e92ab824319a5fb148efe58c018c8..beab7f8836134008cc42d15963fe23a706a9abc1 100644 (file)
--- a/src/include/ckmc/ckmc-manager.h
+++ b/src/include/ckmc/ckmc-manager.h
@@ -536,7 +536,7 @@ int ckmc_get_data_alias_info_list(ckmc_alias_info_list_s **ppalias_list);
  *          use this function since 3.0.
  * @remarks If password in the policy is provided, the key is additionally encrypted with the
  *          password in the policy.
- * @param[in] size The size of key strength to be created. @c 1024, @c 2048, and @c 4096 are
+ * @param[in] size The size of key strength to be created. @c 1024, @c 2048, @c 3072 and @c 4096 are
  *                 supported
  * @param[in] private_key_alias The name of private key to be stored
  * @param[in] public_key_alias The name of public key to be stored
diff --git a/src/manager/client/client-manager-impl.h b/src/manager/client/client-manager-impl.h
index fd5fcf7aa39106df41b40058400dad3f199215e6..6e9b3d039fe7dcc46ff49fd837dda6bb7c946d3d 100644 (file)
--- a/src/manager/client/client-manager-impl.h
+++ b/src/manager/client/client-manager-impl.h
@@ -65,7 +65,7 @@ public:
        int removeAlias(const Alias &alias);
 
        int createKeyPairRSA(
-               const int size,              // size in bits [1024, 2048, 4096]
+               const int size,              // size in bits [1024, 2048, 3072, 4096]
                const Alias &privateKeyAlias,
                const Alias &publicKeyAlias,
                const Policy &policyPrivateKey = Policy(),
diff --git a/src/manager/client/client-manager.cpp b/src/manager/client/client-manager.cpp
index 1691037f7e3993db9d258d865c4961a68f380680..c808eb96282463c7301ad7c23cdf3fa61a9287fb 100644 (file)
--- a/src/manager/client/client-manager.cpp
+++ b/src/manager/client/client-manager.cpp
@@ -143,7 +143,7 @@ int Manager::getDataAliasInfoVector(AliasInfoVector &aliasInfoVector)
 }
 
 int Manager::createKeyPairRSA(
-       const int size,              // size in bits [1024, 2048, 4096]
+       const int size,              // size in bits [1024, 2048, 3072, 4096]
        const Alias &privateKeyAlias,
        const Alias &publicKeyAlias,
        const Policy &policyPrivateKey,
diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp
index ea2e7167a381432f81fececf2299a594a7feb48d..a1a15aab23a61a24514961c5f7a0d4451804805a 100644 (file)
--- a/src/manager/crypto/sw-backend/internals.cpp
+++ b/src/manager/crypto/sw-backend/internals.cpp
@@ -168,7 +168,7 @@ typedef ParamCheck<ParamName::ALGO_TYPE,
 typedef ParamCheck<ParamName::GEN_KEY_LEN,
                int,
                true,
-               Type<int>::Equals<1024, 2048, 4096>> RsaKeyLenCheck;
+               Type<int>::Equals<1024, 2048, 3072, 4096>> RsaKeyLenCheck;
 
 typedef ParamCheck<ParamName::GEN_KEY_LEN,
                int,
@@ -475,7 +475,7 @@ DataPair keyPair(const EvpPkeyCtxUPtr &ctx, KeyType prv, KeyType pub)
 DataPair createKeyPairRSA(const int size)
 {
        // validateParams<IsAsymGeneration> should prevent it
-       assert(size == 1024 || size == 2048 || size == 4096);
+       assert(size == 1024 || size == 2048 || size == 3072 || size == 4096);
 
        auto ctx = newCtx(EVP_PKEY_RSA);
 
diff --git a/unit-tests/test_sw-backend.cpp b/unit-tests/test_sw-backend.cpp
index d5e29a90034c415b0b7139bcef200d6951555dd7..24ec84a7751b16837060fc55e54b4c2c6fe937f7 100644 (file)
--- a/unit-tests/test_sw-backend.cpp
+++ b/unit-tests/test_sw-backend.cpp
@@ -392,6 +392,8 @@ POSITIVE_TEST_CASE(generateAKey)
        testAKey("prvpass", "pubpass");
        ca.setParam(ParamName::GEN_KEY_LEN, 2048);
        testAKey();
+       ca.setParam(ParamName::GEN_KEY_LEN, 3072);
+       testAKey();
        ca.setParam(ParamName::GEN_KEY_LEN, 4096);
        testAKey();
 
@@ -425,7 +427,7 @@ NEGATIVE_TEST_CASE(generateAKey)
        ca->setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
        invalidGen();
 
-       for (int keyLen : { 0, 512, 1023, 1025, 3072, 4097, 8192 }) {
+       for (int keyLen : { 0, 512, 1023, 1025, 3073, 4097, 8192 }) {
                ca->setParam(ParamName::GEN_KEY_LEN, keyLen);
                invalidGen();
        }
@@ -787,32 +789,34 @@ NEGATIVE_TEST_CASE(symmetricEncryptDecryptCbc)
 
 POSITIVE_TEST_CASE(asymmetricEncryptDecrypt)
 {
-       constexpr int KEY_BIT_LEN = 2048;
-       auto& rsaKeys = generateObjUPtrPair(AlgoType::RSA_GEN, KEY_BIT_LEN);
+       for (int KEY_BIT_LEN : {1024, 2048, 3072, 4096})
+       {
+               auto& rsaKeys = generateObjUPtrPair(AlgoType::RSA_GEN, KEY_BIT_LEN);
 
-       CryptoAlgorithm enc;
-       enc.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_OAEP);
+               CryptoAlgorithm enc;
+               enc.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_OAEP);
 
-       RawBuffer encrypted;
-       RawBuffer decrypted;
+               RawBuffer encrypted;
+               RawBuffer decrypted;
 
-       auto encryptDecrypt = [&](const RawBuffer& input)
-       {
-               BOOST_REQUIRE_NO_THROW(encrypted = rsaKeys.pub->encrypt(enc, input));
-               BOOST_REQUIRE(encrypted.size() == KEY_BIT_LEN / 8);
+               auto encryptDecrypt = [&](const RawBuffer& input)
+               {
+                       BOOST_REQUIRE_NO_THROW(encrypted = rsaKeys.pub->encrypt(enc, input));
+                       BOOST_REQUIRE(encrypted.size() == static_cast<unsigned int>(KEY_BIT_LEN / 8));
 
-               BOOST_REQUIRE_NO_THROW(decrypted = rsaKeys.prv->decrypt(enc, encrypted));
-               BOOST_REQUIRE(decrypted == input);
-       };
+                       BOOST_REQUIRE_NO_THROW(decrypted = rsaKeys.prv->decrypt(enc, encrypted));
+                       BOOST_REQUIRE(decrypted == input);
+               };
 
-       encryptDecrypt(createRandom(oaepMaxSize(KEY_BIT_LEN, HashAlgorithm::SHA1)));
-       encryptDecrypt(createRandom(oaepMaxSize(KEY_BIT_LEN, HashAlgorithm::SHA1) - 1));
-       encryptDecrypt(RawBuffer());
+               encryptDecrypt(createRandom(oaepMaxSize(KEY_BIT_LEN, HashAlgorithm::SHA1)));
+               encryptDecrypt(createRandom(oaepMaxSize(KEY_BIT_LEN, HashAlgorithm::SHA1) - 1));
+               encryptDecrypt(RawBuffer());
 
-       enc.setParam(ParamName::ED_OAEP_HASH, HashAlgorithm::SHA1);
-       encryptDecrypt(createRandom(oaepMaxSize(KEY_BIT_LEN, HashAlgorithm::SHA1)));
-       enc.setParam(ParamName::ED_OAEP_HASH, HashAlgorithm::SHA256);
-       encryptDecrypt(createRandom(oaepMaxSize(KEY_BIT_LEN, HashAlgorithm::SHA256)));
+               enc.setParam(ParamName::ED_OAEP_HASH, HashAlgorithm::SHA1);
+               encryptDecrypt(createRandom(oaepMaxSize(KEY_BIT_LEN, HashAlgorithm::SHA1)));
+               enc.setParam(ParamName::ED_OAEP_HASH, HashAlgorithm::SHA256);
+               encryptDecrypt(createRandom(oaepMaxSize(KEY_BIT_LEN, HashAlgorithm::SHA256)));
+       }
 }
 
 NEGATIVE_TEST_CASE(asymmetricEncryptDecrypt)
@@ -904,6 +908,7 @@ POSITIVE_TEST_CASE(sign)
        signVerify(AlgoType::RSA_GEN, 1024, HashAlgorithm::SHA384, RSAPaddingAlgorithm::PKCS1);
        signVerify(AlgoType::RSA_GEN, 1024, HashAlgorithm::SHA512, RSAPaddingAlgorithm::PKCS1);
        signVerify(AlgoType::RSA_GEN, 2048, HashAlgorithm::SHA1, RSAPaddingAlgorithm::PKCS1);
+       signVerify(AlgoType::RSA_GEN, 3072, HashAlgorithm::SHA1, RSAPaddingAlgorithm::PKCS1);
        signVerify(AlgoType::RSA_GEN, 4096, HashAlgorithm::SHA1, RSAPaddingAlgorithm::PKCS1);
 
        signVerify(AlgoType::DSA_GEN, 1024, HashAlgorithm::SHA1);
@@ -925,6 +930,8 @@ POSITIVE_TEST_CASE(sign)
        message[0] = 0; // make sure it's smaller than the modulus
        message.resize(4096/8);
        signVerify(AlgoType::RSA_GEN, 4096, HashAlgorithm::NONE);
+       message.resize(3072/8);
+       signVerify(AlgoType::RSA_GEN, 3072, HashAlgorithm::NONE);
        message.resize(2048/8);
        signVerify(AlgoType::RSA_GEN, 2048, HashAlgorithm::NONE);
        message.resize(1024/8);
@@ -933,6 +940,7 @@ POSITIVE_TEST_CASE(sign)
        // no hash + padding
        message.resize(512/8);
        signVerify(AlgoType::RSA_GEN, 4096, HashAlgorithm::NONE, RSAPaddingAlgorithm::PKCS1);
+       signVerify(AlgoType::RSA_GEN, 3072, HashAlgorithm::NONE, RSAPaddingAlgorithm::PKCS1);
        signVerify(AlgoType::RSA_GEN, 2048, HashAlgorithm::NONE, RSAPaddingAlgorithm::PKCS1);
        signVerify(AlgoType::RSA_GEN, 1024, HashAlgorithm::NONE, RSAPaddingAlgorithm::PKCS1);
 }
Domain: Security / Utilities;