#include <unistd.h>
#include <sys/types.h>
#include <cstdlib>
-#include <string>
#include <fstream>
#include <sys/smack.h>
#include <ckm/ckm-type.h>
#include <ckmc/ckmc-manager.h>
#include <fcntl.h>
#include <unistd.h>
-#include <unordered_map>
#include <tzplatform_config.h>
const std::string SMACK_USER_APP_PREFIX = "User::Pkg::";
void check_alias_info_list_helper(const InfoVector& expected,
const InfoMap& actual,
- const std::string &userSmackLabel)
+ const std::string &userSmackLabel,
+ const bool shouldHaveSameSize)
{
std::string errorLogMsg;
- RUNNER_ASSERT_MSG(expected.size() == actual.size(), "Aliases item count differs, expected: " <<
- expected.size() << " actual: " << actual.size());
+ if (shouldHaveSameSize)
+ {
+ RUNNER_ASSERT_MSG(expected.size() == actual.size(),
+ "Aliases item count differs, expected: " <<
+ expected.size() << " actual: " << actual.size());
+ }
for (const auto &expectedIt : expected)
{
- auto actualIt = actual.find(userSmackLabel + expectedIt.alias);
+ const auto expectedAlias = aliasWithLabel(userSmackLabel.empty() ? nullptr :
+ userSmackLabel.c_str(),
+ expectedIt.alias.c_str());
+ auto actualIt = actual.find(expectedAlias);
if (actualIt != actual.end()) {
if (actualIt->second.passwordProtected != expectedIt.passwordProtected) {
- errorLogMsg += "Alias: " + actualIt->second.alias + " has wrong encryption status: "
- + std::to_string(actualIt->second.passwordProtected) + "\n";
+ errorLogMsg += "Alias: " + actualIt->second.alias +
+ " has wrong encryption status: " +
+ std::to_string(actualIt->second.passwordProtected) + "\n";
}
if (actualIt->second.backend != expectedIt.backend) {
- errorLogMsg += "Alias: " + actualIt->second.alias + " belongs to wrong backend: "
- + std::to_string(static_cast<int>(actualIt->second.backend)) + "\n";
+ errorLogMsg += "Alias: " + actualIt->second.alias +
+ " belongs to wrong backend: " +
+ std::to_string(static_cast<int>(actualIt->second.backend)) +
+ "\n";
}
}
else {
- errorLogMsg += "Expected alias: " + actualIt->second.alias + " not found.\n";
+ errorLogMsg += "Expected alias: " + expectedAlias + " not found.\n";
}
}
" status: " + std::to_string(info.passwordProtected) +
" backend: " + std::to_string(static_cast<int>(info.backend)) + "\n";
}
- RUNNER_FAIL_MSG("Actual list of aliases differ from expected list.\n" + errorLogMsg);
+ RUNNER_FAIL_MSG(errorLogMsg);
}
}
+CKM::BackendId get_self_key_alias_backend(const std::string& key)
+{
+ return get_alias_backend(ckmc_get_key_alias_info_list, getOwnerIdFromSelf(), key);
+}
+
+CKM::BackendId get_self_data_alias_backend(const std::string& key)
+{
+ return get_alias_backend(ckmc_get_data_alias_info_list, getOwnerIdFromSelf(), key);
+}
+
+bool isPasswordProtected(const ckmc_policy_s& policy)
+{
+ return policy.password != nullptr;
+}
+
CKM::BackendId backend()
{
#ifdef TZ_BACKEND
#endif
}
-void check_alias_info_list(const InfoVector& expected)
-{
- ckmc_alias_info_list_s *aliasInfoList = NULL;
- int ret = ckmc_get_data_alias_info_list(&aliasInfoList);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get the list of data aliases. " << ret << " / "
- << CKMCErrorToString(ret));
-
- InfoMap actual;
- ckmc_alias_info_list_s *plist = aliasInfoList;
- char* alias = nullptr;
- bool isPasswordProtected;
- unsigned int it = 0;
- while (plist)
- {
- ret = ckmc_alias_info_get_alias(plist->info, &alias);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get alias. " << ret << " / "
- << CKMCErrorToString(ret));
- RUNNER_ASSERT_MSG(alias != nullptr, "Got null alias. Iterator: " << it);
-
- ret = ckmc_alias_info_is_password_protected(plist->info, &isPasswordProtected);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get password protection status" << ret << " / "
- << CKMCErrorToString(ret));
-
- ckmc_backend_id_e backend;
- ret = ckmc_alias_info_get_backend(plist->info, &backend);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get backend" << ret << " / "
- << CKMCErrorToString(ret));
-
- actual.try_emplace(alias, alias, isPasswordProtected, static_cast<CKM::BackendId>(backend));
- plist = plist->next;
- it++;
- }
- ckmc_alias_info_list_all_free(aliasInfoList);
- check_alias_info_list_helper(expected, actual);
-}
-
size_t count_aliases(alias_type_ type, size_t minimum_initial_element_count)
{
ckmc_alias_list_s *aliasList = NULL;
#include <string>
#include <memory>
#include <stdexcept>
+#include <unordered_map>
#include <ckm/ckm-type.h>
#include <ckm/ckm-manager-async.h>
#include <ckmc/ckmc-type.h>
ckmc_raw_buffer_s prepare_message_buffer(const char * input);
void check_alias_list(const CKM::AliasVector& expected);
+CKM::BackendId get_self_key_alias_backend(const std::string& key);
+CKM::BackendId get_self_data_alias_backend(const std::string& key);
+
+bool isPasswordProtected(const ckmc_policy_s&);
+
struct Info {
Info(const CKM::Alias &alias,
bool passwordProtected,
passwordProtected(passwordProtected),
backend(backend) {}
+ Info(const CKM::Alias &alias,
+ const ckmc_policy_s &policy,
+ const CKM::BackendId backend = CKM::BackendId::SW) :
+ Info(alias, isPasswordProtected(policy), backend) {}
+
+ Info(const CKM::Alias &alias,
+ const ckmc_policy_s &policy,
+ const CKM::Alias &aliasWithSameBackend,
+ const bool isAliasWithSameBackendKey = true) :
+ Info(alias, policy, isAliasWithSameBackendKey ?
+ get_self_key_alias_backend(aliasWithSameBackend) :
+ get_self_data_alias_backend(aliasWithSameBackend)) {}
+
CKM::Alias alias;
bool passwordProtected;
CKM::BackendId backend;
void check_alias_info_list_helper(const InfoVector& expected,
const InfoMap& actual,
- const std::string &userSmackLabel = {});
-void check_alias_info_list(const InfoVector& expected);
+ const std::string &userSmackLabel = {},
+ const bool shouldHaveSameSize = true);
+
+template <typename Func>
+void check_alias_info_list(Func&& getAliasInfoList,
+ const InfoVector& expected,
+ const std::string &userSmackLabel = {},
+ const bool shouldHaveSameSize = true)
+{
+ ckmc_alias_info_list_s *aliasInfoList = nullptr;
+ int ret = std::forward<Func>(getAliasInfoList)(&aliasInfoList);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get the list of data aliases. "
+ << ret << " / " << CKMCErrorToString(ret));
+ std::unique_ptr<ckmc_alias_info_list_s, decltype(&ckmc_alias_info_list_all_free)>
+ remover(aliasInfoList, &ckmc_alias_info_list_all_free);
+
+ InfoMap actual;
+ ckmc_alias_info_list_s *plist = aliasInfoList;
+ char* alias = nullptr;
+ bool isPasswordProtected;
+ unsigned int it = 0;
+ while (plist)
+ {
+ ret = ckmc_alias_info_get_alias(plist->info, &alias);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get alias. " << ret << " / "
+ << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(alias != nullptr, "Got null alias. Iterator: " << it);
+ ret = ckmc_alias_info_is_password_protected(plist->info, &isPasswordProtected);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get password protection status"
+ << ret << " / " << CKMCErrorToString(ret));
+ ckmc_backend_id_e backend;
+ ret = ckmc_alias_info_get_backend(plist->info, &backend);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get backend" << ret << " / "
+ << CKMCErrorToString(ret));
+
+ actual.try_emplace(alias, alias, isPasswordProtected, static_cast<CKM::BackendId>(backend));
+ plist = plist->next;
+ ++it;
+ }
+
+ check_alias_info_list_helper(expected, actual, userSmackLabel, shouldHaveSameSize);
+}
+
+template <typename Func, typename... Args>
+void check_alias_info_list(Func&& getAliasInfoList,
+ const std::string &userSmackLabel,
+ const bool shouldHaveSameSize,
+ Args&&... args)
+{
+ InfoVector expected;
+ expected.reserve(sizeof...(args));
+ (expected.emplace_back(std::forward<Info>(args)), ...);
+ check_alias_info_list(std::forward<Func>(getAliasInfoList), expected,
+ userSmackLabel, shouldHaveSameSize);
+}
+
+template <typename... Args>
+void check_self_key_alias_info_list(const bool shouldHaveSameSize,
+ Args&&... args)
+{
+ check_alias_info_list(ckmc_get_key_alias_info_list,
+ getOwnerIdFromSelf(),
+ shouldHaveSameSize,
+ std::forward<Args>(args)...);
+}
+
+template <typename... Args>
+void check_self_data_alias_info_list(const bool shouldHaveSameSize,
+ Args&&... args)
+{
+ check_alias_info_list(ckmc_get_data_alias_info_list,
+ getOwnerIdFromSelf(),
+ shouldHaveSameSize,
+ std::forward<Args>(args)...);
+}
+
+template <typename Func>
+CKM::BackendId get_alias_backend(Func&& getAliasInfoList,
+ const std::string &userSmackLabel,
+ const std::string &key)
+{
+ ckmc_alias_info_list_s *aliasInfoList = nullptr;
+ int ret = std::forward<Func>(getAliasInfoList)(&aliasInfoList);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get the list of data aliases. "
+ << ret << " / " << CKMCErrorToString(ret));
+ std::unique_ptr<ckmc_alias_info_list_s, decltype(&ckmc_alias_info_list_all_free)>
+ remover(aliasInfoList, &ckmc_alias_info_list_all_free);
+
+ ckmc_alias_info_list_s *plist = aliasInfoList;
+ char* alias = nullptr;
+ unsigned int it = 0;
+ const auto expectedAlias = aliasWithLabel(userSmackLabel.empty() ? nullptr :
+ userSmackLabel.c_str(), key.c_str());
+ while (plist)
+ {
+ ret = ckmc_alias_info_get_alias(plist->info, &alias);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get alias. " << ret << " / "
+ << CKMCErrorToString(ret));
+ RUNNER_ASSERT_MSG(alias != nullptr, "Got null alias. Iterator: " << it);
+
+ if (expectedAlias == alias)
+ {
+ ckmc_backend_id_e backend;
+ ret = ckmc_alias_info_get_backend(plist->info, &backend);
+ RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE, "Failed to get backend" << ret << " / "
+ << CKMCErrorToString(ret));
+
+ return static_cast<CKM::BackendId>(backend);
+ }
+
+ plist = plist->next;
+ ++it;
+ }
+
+ RUNNER_FAIL_MSG("Could not find alias: " << expectedAlias);
+}
typedef enum {
ALIAS_KEY,
expected.emplace_back(TEST_SYSTEM_ALIAS, false, backend());
expected.emplace_back(TEST_SYSTEM_ALIAS_2, false, backend());
- check_alias_info_list(expected);
+ check_alias_info_list(ckmc_get_data_alias_info_list, expected);
}
RUNNER_TEST(T5047_CLIENT_GET_ALIAS_STATUS_PASSWORD_PROTECTED, RemoveDataEnv<0>)
expected.emplace_back(TEST_SYSTEM_ALIAS_2, true, backend());
expected.emplace_back(TEST_SYSTEM_ALIAS_2 + "1", true, backend());
- check_alias_info_list(expected);
+ check_alias_info_list(ckmc_get_data_alias_info_list, expected);
}
CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias, public_key_alias, policy_private_key, policy_public_key)),
CKMCReadableError(temp));
+ check_self_key_alias_info_list(false,
+ Info(private_key_alias, policy_private_key),
+ Info(public_key_alias, policy_public_key));
+
size_t actual_cnt = count_aliases(ALIAS_KEY);
RUNNER_ASSERT_MSG(
(current_aliases_num+2) == actual_cnt,
int temp;
size_t size = 1024;
- CKM::Alias private_key_alias = "dsa-test-1";
- CKM::Alias public_key_alias = "dsa-test-2";
- ckmc_policy_s policy_private_key;
- ckmc_policy_s policy_public_key;
-
- policy_private_key.password = const_cast<char *>("privatepassword");
- policy_private_key.extractable = 0;
-
- policy_public_key.password = NULL;
- policy_public_key.extractable = 1;
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, private_key_alias.c_str(), public_key_alias.c_str(), policy_private_key, policy_public_key)),
- CKMCReadableError(temp));
+ CKM::Alias private_key_alias_1 = "private-dsa-test-1";
+ CKM::Alias public_key_alias_1 = "public-dsa-test-1";
+ ckmc_policy_s policy_private_key_1 = { const_cast<char *>("privatepassword"), true };
+ ckmc_policy_s policy_public_key_1 = { NULL, true };
+
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE ==
+ (temp = ckmc_create_key_pair_dsa(size,
+ private_key_alias_1.c_str(),
+ public_key_alias_1.c_str(),
+ policy_private_key_1,
+ policy_public_key_1)),
+ CKMCReadableError(temp));
+
+ CKM::Alias private_key_alias_2 = "private-dsa-test-2";
+ CKM::Alias public_key_alias_2 = "public-dsa-test-2";
+ ckmc_policy_s policy_private_key_2 = { NULL, true };
+ ckmc_policy_s policy_public_key_2 = { NULL, false };
+
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE ==
+ (temp = ckmc_create_key_pair_dsa(size,
+ private_key_alias_2.c_str(),
+ public_key_alias_2.c_str(),
+ policy_private_key_2,
+ policy_public_key_2)),
+ CKMCReadableError(temp));
+
+ CKM::Alias private_key_alias_3 = "private-dsa-test-3";
+ CKM::Alias public_key_alias_3 = "public-dsa-test-3";
+ ckmc_policy_s policy_private_key_3 = { NULL, false };
+ ckmc_policy_s policy_public_key_3 = { NULL, true };
+
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE ==
+ (temp = ckmc_create_key_pair_dsa(size,
+ private_key_alias_3.c_str(),
+ public_key_alias_3.c_str(),
+ policy_private_key_3,
+ policy_public_key_3)),
+ CKMCReadableError(temp));
+
+ CKM::Alias private_key_alias_4 = "private-dsa-test-4";
+ CKM::Alias public_key_alias_4 = "public-dsa-test-4";
+ ckmc_policy_s policy_private_key_4 = { NULL, false };
+ ckmc_policy_s policy_public_key_4 = { NULL, false };
+
+ RUNNER_ASSERT_MSG(CKMC_ERROR_NONE ==
+ (temp = ckmc_create_key_pair_dsa(size,
+ private_key_alias_4.c_str(),
+ public_key_alias_4.c_str(),
+ policy_private_key_4,
+ policy_public_key_4)),
+ CKMCReadableError(temp));
+
+ check_self_key_alias_info_list(false,
+ Info(private_key_alias_1,
+ policy_private_key_1),
+ Info(public_key_alias_1,
+ policy_public_key_1),
+ Info(private_key_alias_2,
+ policy_private_key_2),
+ Info(public_key_alias_2,
+ policy_public_key_2),
+ Info(private_key_alias_3,
+ policy_private_key_3),
+ Info(public_key_alias_3,
+ policy_public_key_3),
+ Info(private_key_alias_4,
+ policy_private_key_4,
+ backend()),
+ Info(public_key_alias_4,
+ policy_public_key_4,
+ backend()));
}
RUNNER_TEST(T3064_CAPI_CreateKeyPairECDSA)
CKMC_ERROR_NONE == (temp = ckmc_create_key_pair_dsa(size, pri_alias.c_str(), pub_alias.c_str(), policy_private_key, policy_public_key)),
"Error=" << temp);
+ check_self_key_alias_info_list(false,
+ Info(pri_alias, policy_private_key),
+ Info(pub_alias, policy_public_key));
+
char *pri_passwd = NULL;
char *pub_passwd = NULL;
ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
const KeyAliasPair RSA_EXPORTABLE = { "rsa_private_exp", "rsa_public_exp" };
const std::string DERIVED = "derived";
const std::string DERIVED2 = "derived2";
+const std::string DERIVED3 = "derived3";
+const std::string DERIVED4 = "derived4";
const std::string SECRET = "secret";
const ckmc_policy_s UNEXPORTABLE { nullptr, false };
RSA_EXPORTABLE.pub.c_str(),
EXPORTABLE,
EXPORTABLE);
+
+ check_self_key_alias_info_list(true,
+ Info(OURS.prv, UNEXPORTABLE, backend()),
+ Info(OURS.pub, EXPORTABLE, backend()),
+ Info(PEERS.prv, UNEXPORTABLE_PW, backend()),
+ Info(PEERS.pub, EXPORTABLE, backend()),
+ Info(PEERS2.prv, EXPORTABLE),
+ Info(PEERS2.pub, EXPORTABLE),
+ Info(WRONG.prv, UNEXPORTABLE, backend()),
+ Info(WRONG.pub, EXPORTABLE, backend()),
+ Info(RSA.prv, UNEXPORTABLE, backend()),
+ Info(RSA.pub, EXPORTABLE, backend()),
+ Info(RSA_EXPORTABLE.prv, EXPORTABLE),
+ Info(RSA_EXPORTABLE.pub, EXPORTABLE));
}
void Finish() override
{
ckmc_remove_alias(DERIVED.c_str());
ckmc_remove_alias(DERIVED2.c_str());
+ ckmc_remove_alias(DERIVED3.c_str());
+ ckmc_remove_alias(DERIVED4.c_str());
}
};
ckmc_raw_buffer_s *derivedBuffer = nullptr;
assert_positive(ckmc_get_data, derivedAlias.c_str(), derivedPolicy.password, &derivedBuffer);
- ckmc_remove_alias(derivedAlias.c_str());
+ check_self_data_alias_info_list(false, Info(derivedAlias, derivedPolicy, prvAlias));
return create_raw_buffer(derivedBuffer);
}
"",
DERIVED.c_str(),
UNEXPORTABLE);
+
+ check_self_key_alias_info_list(false, Info(DERIVED, UNEXPORTABLE, SECRET, false));
#else
assert_positive(ckmc_key_derive,
derive.get(),
DERIVED.c_str(),
EXPORTABLE);
+ check_self_key_alias_info_list(false, Info(DERIVED, EXPORTABLE, SECRET, false));
+
ckmc_key_s *derived = nullptr;
assert_positive(ckmc_get_key, DERIVED.c_str(), "", &derived);
size_t derived_size = derived->key_size;
RUNNER_TEST(TECDH_0010_positive, DerivedFixture)
{
auto ourDerived = deriveEcdhAndGet(OURS.prv, "", PEERS.pub, DERIVED, EXPORTABLE);
- auto peerDerived = deriveEcdhAndGet(PEERS.prv, PASSWORD, OURS.pub, DERIVED, EXPORTABLE_PW);
+ auto peerDerived = deriveEcdhAndGet(PEERS.prv, PASSWORD, OURS.pub, DERIVED2, EXPORTABLE_PW);
assert_buffers_equal(ourDerived.get(), peerDerived.get());
- auto wrongDerived = deriveEcdhAndGet(OURS.prv, "", PEERS2.pub, DERIVED, EXPORTABLE);
+ auto wrongDerived = deriveEcdhAndGet(OURS.prv, "", PEERS2.pub, DERIVED3, EXPORTABLE);
assert_buffers_equal(ourDerived.get(), wrongDerived.get(), false);
+
+ auto peer2Derived = deriveEcdhAndGet(PEERS2.prv, "", OURS.pub, DERIVED4, EXPORTABLE);
+
+ assert_buffers_equal(wrongDerived.get(), peer2Derived.get());
}
RUNNER_TEST(TECDH_0020_missing_arguments, DerivedFixture)
"",
DERIVED.c_str(),
EXPORTABLE);
+
+ check_self_data_alias_info_list(true, Info(DERIVED, EXPORTABLE, OURS.prv));
}
RUNNER_TEST(TECDH_0050_derived_password, DerivedFixture)
DERIVED.c_str(),
EXPORTABLE_PW);
+ check_self_data_alias_info_list(true, Info(DERIVED, EXPORTABLE_PW, OURS.prv));
+
ckmc_raw_buffer_s *derived = nullptr;
assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_get_data, DERIVED.c_str(), "", &derived);
assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_get_data, DERIVED.c_str(), "pw", &derived);
DERIVED.c_str(),
EXPORTABLE);
+ check_self_data_alias_info_list(true, Info(DERIVED, EXPORTABLE, OURS.prv));
+
assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_get_data, DERIVED.c_str(), "pw", &derived);
assert_result(
CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_get_data, DERIVED.c_str(), PASSWORD, &derived);
DERIVED.c_str(),
UNEXPORTABLE);
+ check_self_data_alias_info_list(true, Info(DERIVED, UNEXPORTABLE, OURS.prv));
+
ckmc_raw_buffer_s *derived = nullptr;
assert_result(CKMC_ERROR_NOT_EXPORTABLE, ckmc_get_data, DERIVED.c_str(), "", &derived);
}
ckmc_raw_buffer_s* secret = createRandomBufferCAPI(32);
assert_positive(ckmc_save_data, SECRET.c_str(), *secret, UNEXPORTABLE);
+
+ check_self_data_alias_info_list(true, Info(SECRET, UNEXPORTABLE, backend()));
}
void Finish() override
DERIVED2.c_str(),
UNEXPORTABLE);
+ const auto backend = get_self_data_alias_backend(SECRET);
+ check_self_key_alias_info_list(true,
+ Info(DERIVED, UNEXPORTABLE, backend),
+ Info(DERIVED2, UNEXPORTABLE, backend));
+
const RawBufferPtr randomData = create_raw_buffer(createRandomBufferCAPI(16));
ckmc_raw_buffer_s *encrypted = nullptr;
ckmc_raw_buffer_s *decrypted = nullptr;
DERIVED.c_str(),
UNEXPORTABLE);
+ check_self_key_alias_info_list(true, Info(DERIVED, UNEXPORTABLE, SECRET, false));
+
assert_result(CKMC_ERROR_DB_ALIAS_EXISTS,
ckmc_key_derive,
kbkdfParams.get(),
DERIVED2.c_str(),
UNEXPORTABLE);
+ const auto backend = get_self_data_alias_backend(SECRET);
+ check_self_key_alias_info_list(true,
+ Info(DERIVED, UNEXPORTABLE_PW, backend),
+ Info(DERIVED2, UNEXPORTABLE, backend));
+
const RawBufferPtr randomData = create_raw_buffer(createRandomBufferCAPI(16));
ckmc_raw_buffer_s *encrypted = nullptr;
ckmc_raw_buffer_s *decrypted = nullptr;
DERIVED.c_str(),
UNEXPORTABLE);
+ check_self_key_alias_info_list(true, Info(DERIVED, UNEXPORTABLE, SECRET, false));
+
ckmc_key_s *derived = nullptr;
assert_result(CKMC_ERROR_NOT_EXPORTABLE, ckmc_get_key, DERIVED.c_str(), "", &derived);
}
RSA_KEY_4096_PUB_ALIAS.c_str(),
UNEXPORTABLE,
EXPORTABLE);
+ check_self_key_alias_info_list(false,
+ Info(RSA_KEY_4096_PRV_ALIAS, UNEXPORTABLE, backend()),
+ Info(RSA_KEY_4096_PUB_ALIAS, EXPORTABLE, backend()));
#endif
assert_positive(ckmc_create_key_aes, 128, AES_KEY_128_ALIAS.c_str(), UNEXPORTABLE);
assert_positive(ckmc_create_key_aes, 192, AES_KEY_192_ALIAS.c_str(), UNEXPORTABLE);
assert_positive(ckmc_create_key_aes, 128, AES_KEY_UNEXP_ALIAS.c_str(), UNEXPORTABLE);
assert_positive(ckmc_create_key_aes, 128, AES_KEY_UNEXP_PASS_ALIAS.c_str(), UNEXPORTABLE_PASS);
+ check_self_key_alias_info_list(false,
+ Info(RSA_KEY_1024_PRV_ALIAS, UNEXPORTABLE, backend()),
+ Info(RSA_KEY_1024_PUB_ALIAS, EXPORTABLE, backend()),
+ Info(RSA_KEY_2048_PRV_ALIAS, UNEXPORTABLE, backend()),
+ Info(RSA_KEY_2048_PUB_ALIAS, EXPORTABLE, backend()),
+ Info(RSA_KEY_3072_PRV_ALIAS, UNEXPORTABLE, backend()),
+ Info(RSA_KEY_3072_PUB_ALIAS, EXPORTABLE, backend()),
+ Info(AES_KEY_128_ALIAS, UNEXPORTABLE, backend()),
+ Info(AES_KEY_192_ALIAS, UNEXPORTABLE, backend()),
+ Info(AES_KEY_256_ALIAS, UNEXPORTABLE, backend()),
+ Info(AES_KEY_128_PASS_ALIAS, UNEXPORTABLE_PASS, backend()),
+ Info(AES_KEY_UNEXP_ALIAS, UNEXPORTABLE, backend()),
+ Info(AES_KEY_UNEXP_PASS_ALIAS, UNEXPORTABLE_PASS,
+ backend()));
+
importKey(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, IMP_AES_CTR, UNEXPORTABLE);
importKey(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, IMP_AES_CTR_PASS, UNEXPORTABLE_PASS);
}
+
void Finish() override {
int ret = ckmc_lock_user_key(UID);
if (ret != CKMC_ERROR_NONE)
aesKey,
importedKeyPolicy);
+ check_self_key_alias_info_list(false,
+ Info(importedKeyAlias, importedKeyPolicy, unwrappingKeyAlias));
+
ckmc_buffer_free(encrypted);
ckmc_key_free(aesKey);
return plainData;
ckmc_buffer_free(encrypted);
ckmc_key_free(aesKey);
}
+
void testImportInvalidBuffLen(const Algo &algo,
int buffLen,
const Alias &wrappingKeyAlias,
*aesKey,
UNEXPORTABLE);
+ check_self_key_alias_info_list(false, Info(SAVED_ALIAS, UNEXPORTABLE, backend()));
+
assert_positive(ckmc_encrypt_data,
encParams.get(),
SAVED_ALIAS.c_str(),
aesKey,
UNEXPORTABLE);
+ check_self_key_alias_info_list(false, Info(IMPORTED_ALIAS, UNEXPORTABLE, unwrappingKeyAlias));
+
ckmc_buffer_free(encrypted);
ckmc_key_free(aesKey);
nullptr,
&aesKey);
- // can't import exportable key into into TZ backend
+ // can't import exportable key into TZ backend
assert_invalid_param(ckmc_import_wrapped_key,
params.get(),
wrappingKeyAlias.c_str(),
aesKey,
importedKeyPolicy);
+ check_self_key_alias_info_list(false,
+ Info(importedKeyAlias, importedKeyPolicy, wrappingKeyAlias));
+
ckmc_buffer_free(encrypted);
ckmc_key_free(aesKey);
}
UNEXPORTABLE,
&dataImp);
+ check_self_key_alias_info_list(false, Info("AES_KEY_IMP", UNEXPORTABLE, prvAlias));
+
assert_buffers_equal(data, dataImp);
params = getDefaultParams(AES_CBC_ALGO);
keyPolicy,
&dataImp);
+ check_self_key_alias_info_list(false, Info("AES_KEY_IMP", keyPolicy, prvAlias));
+
assert_positive(ckmc_get_key, aliasAES.c_str(), keyPolicy.password, &aesKey);
assert_positive(ckmc_get_key, "AES_KEY_IMP", keyPolicy.password, &aesKeyImp);
pTmpKey1,
EXPORTABLE);
+ check_self_key_alias_info_list(false,
+ Info(targetKeyAlias0, EXPORTABLE),
+ Info(targetKeyAlias1, UNEXPORTABLE, wrappingKeyUnexpAlias),
+ Info(targetKeyAlias2, EXPORTABLE, wrappingKeyExpAlias),
+ Info(wrappingKeyExpAlias, EXPORTABLE),
+ Info(wrappingKeyUnexpAlias, UNEXPORTABLE, backend()));
+
// 6. Check key values
assert_aes_key_value(targetKeyAlias0.c_str(), nullptr, targetKeyValue);
assert_aes_key_value(targetKeyAlias1.c_str(), nullptr, targetKeyValue);
UNEXPORTABLE,
EXPORTABLE);
+ check_self_key_alias_info_list(false,
+ Info("ECDSA-prv", UNEXPORTABLE, backend()),
+ Info("ECDSA-pub", EXPORTABLE, backend()));
+
assert_invalid_param(ckmc_export_wrapped_key,
params.get(),
"ECDSA-prv",
// TZ
assert_positive(ckmc_create_key_pair_rsa, 1024, "RPV2", "RPB2", UNEXPORTABLE, EXPORTABLE);
+ check_self_key_alias_info_list(false,
+ Info("RPV", EXPORTABLE),
+ Info("RPB", EXPORTABLE),
+ Info("RPV2", UNEXPORTABLE, backend()),
+ Info("RPB2", EXPORTABLE, backend()));
+
ckmc_raw_buffer_s *encrypted = nullptr;
ckmc_raw_buffer_s *rsaKeyData = nullptr;
actual.try_emplace(info.alias, info.alias, status, info.backend);
}
- check_alias_info_list_helper(expected, actual, "/User ");
+ check_alias_info_list_helper(expected, actual, getOwnerIdFromSelf());
remove_user_data(OWNER_USER_ID);
}
actual.try_emplace(info.alias, info.alias, status, info.backend);
}
- check_alias_info_list_helper(expected, actual, "/User ");
+ check_alias_info_list_helper(expected, actual, getOwnerIdFromSelf());
remove_user_data(OWNER_USER_ID);
}
actual.try_emplace(info.alias, info.alias, status, info.backend);
}
- check_alias_info_list_helper(expected, actual, "/User ");
+ check_alias_info_list_helper(expected, actual, getOwnerIdFromSelf());
remove_user_data(OWNER_USER_ID);
}
for (int i = 0; i < KEY_IDX_MAX; i++)
{
Policy prvPolicy(Password(), false, m_backend);
- Policy pubPolicy(Password(), true, m_backend);
+ Policy pubPolicy(Password(), type != DSA, m_backend);
if (i == PASSWORD_PROTECTED) {
prvPolicy.password.assign(PASSWORD);
pubPolicy.password.assign(PASSWORD);
RSA_KEYS.pub.c_str(),
UNEXPORTABLE,
EXPORTABLE);
+
+ check_self_key_alias_info_list(true,
+ Info(OURS.prv, UNEXPORTABLE, backend()),
+ Info(OURS.pub, EXPORTABLE, backend()),
+ Info(PEERS.prv, EXPORTABLE),
+ Info(PEERS.pub, EXPORTABLE),
+ Info(PEERS2.prv, EXPORTABLE),
+ Info(PEERS2.pub, EXPORTABLE),
+ Info(WRONG.prv, UNEXPORTABLE, backend()),
+ Info(WRONG.pub, EXPORTABLE, backend()),
+ Info(RSA_KEYS.prv, UNEXPORTABLE, backend()),
+ Info(RSA_KEYS.pub, EXPORTABLE, backend()));
}
void Finish() override
auto pub_key = getKey(pub);
assert_positive(ckmew_key_agreement, prv.c_str(), pub_key->raw_key, pub_key->key_size, derived);
+ check_self_key_alias_info_list(false, Info(derived, UNEXPORTABLE, prv));
+
return AliasRemover(derived);
}
pub_key->key_size,
DERIVED);
+ check_self_key_alias_info_list(false, Info(DERIVED, UNEXPORTABLE, OURS.prv));
+
AliasRemover remover(DERIVED);
assert_result(CKMC_ERROR_DB_ALIAS_EXISTS,
setParam(params, CKMC_PARAM_ED_IV, iv.get());
assert_positive(ckmew_key_derive_pbkdf2, "password", salt->data, salt->size, KEY_LEN, DERIVED);
+ check_self_key_alias_info_list(false, Info(DERIVED, UNEXPORTABLE, backend()));
auto remover1 = AliasRemover(DERIVED);
ckmc_raw_buffer_s* encrypted = nullptr;
{
const char* const DERIVED2 = "derived2";
assert_positive(ckmew_key_derive_pbkdf2, password, salt, salt_len, key_len, DERIVED2);
+ check_self_key_alias_info_list(false, Info(DERIVED2, UNEXPORTABLE, backend()));
auto remover = AliasRemover(DERIVED2);
ckmc_raw_buffer_s* decrypted = nullptr;
{
assert_positive(ckmew_key_derive_pbkdf2, "password", SALT, SALT_LEN, 32, DERIVED);
+ check_self_key_alias_info_list(false, Info(DERIVED, UNEXPORTABLE, backend()));
+
auto remover = AliasRemover(DERIVED);
assert_result(CKMC_ERROR_DB_ALIAS_EXISTS,
projects / platform / core / test / security-tests.git / commitdiff