SET(EIV_PLAIN_MESSAGE "ShortTestMessage")
SET(EIV_MESSAGE_ENCRYPTION_IV "abcdefghijklmnop")
+SET(EIV_TEST_ASYM_XML_FILENAME "encrypted_initial_values_asym.xml")
+SET(EIV_TEST_ASYM_XML ${CMAKE_CURRENT_SOURCE_DIR}/${EIV_TEST_ASYM_XML_FILENAME})
+
# encrypt ShortTestMessage using the imported key and 'abcdefghijklmnop' IV
EXECUTE_PROCESS(
COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/aes_128_cbc_encrypt.sh ${EIV_KEY_TO_BE_IMPORTED} ${EIV_MESSAGE_ENCRYPTION_IV}
MESSAGE(FATAL_ERROR "Encryption failed: ${EIV_ENCRYPTION_STDERR}")
ENDIF(NOT ${EIV_ENCRYPTION_RESULT} STREQUAL "0")
+SET(EIV_FILES ${EIV_TEST_XML} ${EIV_TEST_ASYM_XML})
+
# prepare initial values xml target
-ADD_CUSTOM_COMMAND(OUTPUT ${EIV_TEST_XML}
- COMMAND echo -n ${EIV_KEY_TO_BE_IMPORTED} > /tmp/key
+ADD_CUSTOM_COMMAND(OUTPUT ${EIV_FILES}
COMMAND echo -n THIS/STRING/MUST/BE/REPLACED/IN/REAL/DEVICE= | base64 --decode > /tmp/encryption_key
- COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/key -k /tmp/encryption_key -n TEI_0 -t Key -s AES -b hardware -x ${EIV_TEST_XML}
+
+ COMMAND echo -n ${EIV_KEY_TO_BE_IMPORTED} > /tmp/key
+ COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/key -k /tmp/encryption_key -n TEI_0 -t Key -s AES -b hardware > ${EIV_TEST_XML}
+
+ COMMAND openssl genpkey -algorithm RSA -outform DER > /tmp/prvkey
+ COMMAND openssl rsa -in /tmp/prvkey -inform DER -pubout -outform DER > /tmp/pubkey
+ COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/prvkey -k /tmp/encryption_key -n TEI_RSA_PRV -t Key -s RSA_PRV > ${EIV_TEST_ASYM_XML}
+ COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/pubkey -k /tmp/encryption_key -n TEI_RSA_PUB -t Key -s RSA_PUB -x ${EIV_TEST_ASYM_XML}
+
+ COMMAND openssl genpkey -algorithm RSA -outform PEM > /tmp/prvkey.pem
+ COMMAND openssl pkcs8 -topk8 -inform PEM -in /tmp/prvkey.pem -outform DER -nocrypt -out /tmp/prvkey
+ COMMAND openssl rsa -in /tmp/prvkey -inform DER -pubout -outform DER > /tmp/pubkey
+ COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/prvkey -k /tmp/encryption_key -n TEI_RSA_PKCS8_PRV -t Key -s RSA_PRV -x ${EIV_TEST_ASYM_XML}
+ COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/pubkey -k /tmp/encryption_key -n TEI_RSA_PKCS8_PUB -t Key -s RSA_PUB -x ${EIV_TEST_ASYM_XML}
+
+ COMMAND openssl genpkey -genparam -algorithm DSA -pkeyopt dsa_paramgen_bits:1024 -pkeyopt dsa_paramgen_q_bits:160 > /tmp/params.pem
+ COMMAND openssl genpkey -paramfile /tmp/params.pem -outform DER > /tmp/prvkey
+ COMMAND openssl dsa -in /tmp/prvkey -inform DER -pubout -outform DER > /tmp/pubkey
+ COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/prvkey -k /tmp/encryption_key -n TEI_DSA_PRV -t Key -s DSA_PRV -x ${EIV_TEST_ASYM_XML}
+ COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/ckm_initial_values -d /tmp/pubkey -k /tmp/encryption_key -n TEI_DSA_PUB -t Key -s DSA_PUB -x ${EIV_TEST_ASYM_XML}
+
COMMENT "Generating encrypted initial values test xml"
VERBATIM
)
-ADD_CUSTOM_TARGET(TARGET_EIV_TEST_XML DEPENDS ${EIV_TEST_XML})
+ADD_CUSTOM_TARGET(TARGET_EIV_TEST_XML DEPENDS ${EIV_FILES})
-INSTALL(FILES ${EIV_TEST_XML} DESTINATION ${CKM_TEST_DIR})
+INSTALL(FILES ${EIV_FILES} DESTINATION ${CKM_TEST_DIR})
# ckm-tests
PKG_CHECK_MODULES(CKM_DEP
PRIVATE EIV_ENCRYPTED_MESSAGE_HEX="${EIV_ENCRYPTED_MESSAGE_HEX}"
PRIVATE EIV_MESSAGE_ENCRYPTION_IV="${EIV_MESSAGE_ENCRYPTION_IV}"
PRIVATE EIV_TEST_XML_FILENAME="${EIV_TEST_XML_FILENAME}"
+ PRIVATE EIV_TEST_ASYM_XML_FILENAME="${EIV_TEST_ASYM_XML_FILENAME}"
)
INSTALL(TARGETS ${TARGET_CKM_PRIVILEGED_TESTS} DESTINATION bin)
std::string XML_3_EXPECTED_CERT_1 = aliasWithLabel(ckmc_owner_id_system, "test3-cert1");
std::string XML_3_EXPECTED_DATA_1 = aliasWithLabel(ckmc_owner_id_system, "test3-data1");
-std::string format_src_path(const char *file)
+auto format_dest_path(const char *file)
{
- return std::string(CKM_TEST_DIR) + std::string(file);
+ return std::string(CKM_RW_DATA_DIR "/initial_values/") + file;
}
-std::string format_dest_path(const char *file)
-{
- return std::string(CKM_RW_DATA_DIR) + std::string( "/initial_values/") + std::string(file);
+void test_not_exists(const char *file) {
+ const auto name = format_dest_path(file);
+ const bool file_exists = access(name.c_str(), F_OK) != -1;
+ RUNNER_ASSERT_MSG(!file_exists, "File " << name << " exists");
}
-void copy_file(const std::string &from, const std::string &to)
+void copy_file(const char *file)
{
- std::ifstream infile(from, std::ios_base::binary);
- RUNNER_ASSERT_MSG(infile, "Input file " << from << " does not exist.");
- std::ofstream outfile(to, std::ios_base::binary);
- RUNNER_ASSERT_MSG(outfile, "Output file " << to << " does not exist. Reinstall key-manager.");
+ const auto src = std::string(CKM_TEST_DIR) + file;
+ const auto dest = format_dest_path(file);
+ std::ifstream infile(src, std::ios_base::binary);
+ RUNNER_ASSERT_MSG(infile, "Input file " << src << " does not exist.");
+ std::ofstream outfile(dest, std::ios_base::binary);
+ RUNNER_ASSERT_MSG(outfile, "Output file " << dest << " does not exist. Reinstall key-manager.");
outfile << infile.rdbuf();
}
-void restart_key_manager()
+void restart_key_manager(const std::initializer_list<const char * const> files_to_copy = {})
{
stop_service(MANAGER);
+ for (const auto f : files_to_copy)
+ copy_file(f);
start_service(MANAGER);
}
-void test_exists(const std::string& name, bool expected) {
- bool file_exists = (access( name.c_str(), F_OK ) != -1);
- RUNNER_ASSERT_MSG(file_exists == expected,
- "File " << name << " status: " << file_exists <<
- " while expected: " << expected);
-}
-
-}
-
int hexToBin(char h) {
if (h >= '0' && h <= '9')
return h - '0';
return output;
}
+} // namespace
+
RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
RUNNER_TEST(T6001_init)
// restart the key-manager
// check XML file doesn't exist
- copy_file(format_src_path(XML_1_okay), format_dest_path(XML_1_okay));
- copy_file(format_src_path(XML_2_okay), format_dest_path(XML_2_okay));
- copy_file(format_src_path(XML_3_wrong), format_dest_path(XML_3_wrong));
-
- test_exists(format_dest_path(XML_1_okay), true);
- test_exists(format_dest_path(XML_2_okay), true);
- test_exists(format_dest_path(XML_3_wrong), true);
-
- restart_key_manager();
-
- test_exists(format_dest_path(XML_1_okay), false);
- test_exists(format_dest_path(XML_2_okay), false);
- test_exists(format_dest_path(XML_3_wrong), false);
+ const auto files = {XML_1_okay, XML_2_okay, XML_3_wrong};
+ restart_key_manager(files);
+ for (const auto f : files)
+ test_not_exists(f);
}
RUNNER_TEST(T6010_PARSE_XML_FILE_AT_STARTUP)
std::string messageHex = EIV_ENCRYPTED_MESSAGE_HEX;
std::string iv = EIV_MESSAGE_ENCRYPTION_IV;
- copy_file(format_src_path(EIV_TEST_XML_FILENAME), format_dest_path(EIV_TEST_XML_FILENAME));
- restart_key_manager();
+ restart_key_manager({EIV_TEST_XML_FILENAME});
CKM::CryptoAlgorithm algo;
CKM::RawBuffer messageBin = hexToBin(messageHex);
RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == EIV_PLAIN_MESSAGE, "Data does not match");
}
+RUNNER_TEST_TZ_BACKEND(T7010_Encrypted_initial_values_asymmetric, RemoveDataEnv<0>)
+{
+ restart_key_manager({EIV_TEST_ASYM_XML_FILENAME});
+ constexpr char testDataStr[] = "test-data";
+ const CKM::RawBuffer testData(testDataStr, testDataStr+sizeof(testDataStr)-1);
+ CKM::RawBuffer encrypted, decrypted, signature;
+ CKM::CryptoAlgorithm algoRsa;
+ algoRsa.setParam(CKM::ParamName::ALGO_TYPE, CKM::AlgoType::RSA_OAEP);
+
+ auto mgr = CKM::Manager::create();
+ int temp;
+
+ #define MGR(OP, ...) do { RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = mgr->OP(__VA_ARGS__)), "Failed to " #OP " " << CKM::APICodeToString(temp)); } while (0)
+
+ const auto rsaCrypt = [&](auto pub, auto prv) {
+ MGR(encrypt, algoRsa, pub, CKM::Password(), testData, encrypted);
+ RUNNER_ASSERT_MSG(testData != encrypted, "Data not encrypted");
+ MGR(decrypt, algoRsa, prv, CKM::Password(), encrypted, decrypted);
+ RUNNER_ASSERT_MSG(testData == decrypted, "Data does not match");
+ };
+
+ rsaCrypt("/System TEI_RSA_PUB", "/System TEI_RSA_PRV");
+ rsaCrypt("/System TEI_RSA_PKCS8_PUB", "/System TEI_RSA_PKCS8_PRV");
+
+ const auto sign = [&](auto prv, auto pub, auto hash, auto pad) {
+ MGR(createSignature, prv, CKM::Password(), testData, hash, pad, signature);
+ MGR(verifySignature, pub, CKM::Password(), testData, signature, hash, pad);
+ };
+
+ constexpr auto rsaHashAlgo = CKM::HashAlgorithm::SHA512;
+ constexpr auto rsaPaddingAlgo = CKM::RSAPaddingAlgorithm::X931;
+ sign("/System TEI_RSA_PRV", "/System TEI_RSA_PUB", rsaHashAlgo, rsaPaddingAlgo);
+ sign("/System TEI_RSA_PKCS8_PRV", "/System TEI_RSA_PKCS8_PUB", rsaHashAlgo, rsaPaddingAlgo);
+ sign("/System TEI_DSA_PRV", "/System TEI_DSA_PUB", CKM::HashAlgorithm::SHA1, CKM::RSAPaddingAlgorithm::NONE);
+
+ #undef MGR
+}
+
/* TODO
* - RW/RO location support (files removal, flag handling)
* - item overwrite
projects / platform / core / test / security-tests.git / commitdiff