RUNNER_TEST(T3045_save_big_data_C_API, RemoveDataEnv<USER_APP>)
{
- // We don't know which backend will be used
- const size_t BIG_SIZE = 100000;
+ ckmc_backend_info_h info;
+ size_t big_size = 100000;
+#if TZ_BACKEND
+ ckmc_backend_id_e backend = CKMC_BACKEND_TZ;
+#else
+ ckmc_backend_id_e backend = CKMC_BACKEND_SW;
+#endif
+ assert_positive(ckmc_get_backend_info, backend, &info);
+ assert_positive(ckmc_backend_get_max_chunk_size, info, &big_size);
- std::vector<char> big_data(BIG_SIZE);
+ if (big_size == 0)
+ big_size = 100000;
+
+ std::vector<char> big_data(big_size);
std::ifstream is("/dev/urandom", std::ifstream::binary);
if(is)
- is.read(big_data.data(), BIG_SIZE);
+ is.read(big_data.data(), big_size);
RUNNER_ASSERT_MSG(is,
- "Only " << is.gcount() << "/" << BIG_SIZE << " bytes read from /dev/urandom");
+ "Only " << is.gcount() << "/" << big_size << " bytes read from /dev/urandom");
- save_data(TEST_OBJECT1, big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
+ save_data(TEST_OBJECT1, big_data.data(), big_size, CKMC_ERROR_NONE);
auto self_label = getOwnerIdFromSelf();
- check_read(TEST_OBJECT1, self_label.c_str(), big_data.data(), BIG_SIZE, CKMC_ERROR_NONE);
+ check_read(TEST_OBJECT1, self_label.c_str(), big_data.data(), big_size, CKMC_ERROR_NONE);
}
RUNNER_TEST(T3046_save_get_password_protected_data)
CKMC_ERROR_NONE == (temp = ckmc_remove_alias(alias)),
CKMCReadableError(temp));
}
+RUNNER_TEST(T3047_get_public_key_from_TZ)
+{
+ const char *private_key_alias = "ECDSA-test-priv";
+ const char *public_key_alias = "ECDSA-test-pub";
+ ckmc_policy_s policy_private_key;
+ ckmc_policy_s policy_public_key;
+ ckmc_key_s *test_key2 = NULL;
+ ckmc_key_s *test_key3 = NULL;
+ policy_private_key.password = NULL;
+ policy_private_key.extractable = false;
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = true;
+
+ //Testing getting exportable public key without password
+ assert_positive(ckmc_create_key_pair_ecdsa,
+ CKMC_EC_PRIME192V1,
+ private_key_alias,
+ public_key_alias,
+ policy_private_key,
+ policy_public_key);
+
+ assert_positive(ckmc_get_key, public_key_alias, nullptr, &test_key2);
+
+ assert_result(CKMC_ERROR_NOT_EXPORTABLE,
+ ckmc_get_key,
+ private_key_alias,
+ nullptr,
+ &test_key3);
+
+ ckmc_remove_alias(public_key_alias);
+ ckmc_remove_alias(private_key_alias);
+
+ ckmc_key_free(test_key2);
+ test_key2 = NULL;
+ ckmc_key_free(test_key3);
+ test_key3 = NULL;
+
+ //Testing getting exportable public key with password
+ const char *password = "password";
+ policy_public_key.password = const_cast<char *>(password);
+ policy_public_key.extractable = true;
+
+ assert_positive(ckmc_create_key_pair_ecdsa,
+ CKMC_EC_PRIME192V1,
+ private_key_alias,
+ public_key_alias,
+ policy_private_key,
+ policy_public_key);
+
+ assert_positive(ckmc_get_key, public_key_alias, policy_public_key.password, &test_key2);
+
+ assert_result(CKMC_ERROR_NOT_EXPORTABLE, ckmc_get_key, private_key_alias, nullptr, &test_key3);
+
+ ckmc_remove_alias(public_key_alias);
+ ckmc_remove_alias(private_key_alias);
+
+ ckmc_key_free(test_key2);
+ test_key2 = NULL;
+ ckmc_key_free(test_key3);
+ test_key3 = NULL;
+
+ //Testing getting non-exportable public key
+ policy_public_key.password = NULL;
+ policy_public_key.extractable = false;
+
+ assert_positive(ckmc_create_key_pair_ecdsa,
+ CKMC_EC_PRIME192V1,
+ private_key_alias,
+ public_key_alias,
+ policy_private_key,
+ policy_private_key);
+
+ assert_result(CKMC_ERROR_NOT_EXPORTABLE, ckmc_get_key, public_key_alias, nullptr, &test_key3);
+
+ ckmc_remove_alias(public_key_alias);
+ ckmc_remove_alias(private_key_alias);
+
+ ckmc_key_free(test_key2);
+ test_key2 = NULL;
+ ckmc_key_free(test_key3);
+ test_key3 = NULL;
+}
RUNNER_TEST(T3050_deinit_C_API)
{
ckmc_buffer_free(signature);
}
-
-RUNNER_TEST(T3084_CAPI__ec_key_create_verify)
-{
- int temp;
-
- std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
- "MHQCAQEEIJNud6U4h8EM1rASn4W5vQOJELTaVPQTUiESaBULvQUVoAcGBSuBBAAK\n"
- "oUQDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT05YHeT7vK0w08AUL1HCH5nFV\n"
- "ljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END EC PRIVATE KEY-----\n";
-
- std::string pub = "-----BEGIN PUBLIC KEY-----\n"
- "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEL1R+hgjiFrdjbUKRNOxUG8ze9nveD9zT\n"
- "05YHeT7vK0w08AUL1HCH5nFVljePBYSxe6CybFiseayaxRxjA+iF1g==\n"
- "-----END PUBLIC KEY-----\n";
-
- ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
- CKM::Alias pri_alias = "ecprv2";
- CKM::Alias pub_alias = "ecpub2";
- char *key_passwd = NULL;
- char *pri_passwd = NULL;
- char *pub_passwd = NULL;
- ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
- ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
- ckmc_raw_buffer_s *signature;
-
- ckmc_key_s pubkey;
- pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
- pubkey.key_size = pub.size();
- pubkey.key_type = CKMC_KEY_NONE;
- pubkey.password = NULL;
-
- ckmc_policy_s pubpolicy;
- pubpolicy.password = pub_passwd;
- pubpolicy.extractable = 1;
-
- ckmc_key_s prikey;
- prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
- prikey.key_size = prv.size();
- prikey.key_type = CKMC_KEY_NONE;
- prikey.password = key_passwd;
-
- ckmc_policy_s pripolicy;
-
- pripolicy.password = pri_passwd;
-
-#ifdef TZ_BACKEND // TZ backend does not support EC key import
- pripolicy.extractable = 1;
-#else
- pripolicy.extractable = 0;
-#endif
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
- CKMCReadableError(temp));
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_create_signature(
- pri_alias.c_str(),
- pri_passwd,
- msg_buff,
- hash_algo,
- pad_algo,
- &signature)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-
- RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
- memcpy((void*)signature->data, "BROKEN", 6);
-
- RUNNER_ASSERT_MSG(
- CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
- pub_alias.c_str(),
- pub_passwd,
- msg_buff,
- *signature,
- hash_algo,
- pad_algo)),
- CKMCReadableError(temp));
-}
-
RUNNER_TEST(T3085_CAPI__rsa_cert_create_verify_signature)
{
int temp;
prikey.key_type = CKMC_KEY_NONE;
prikey.password = NULL;
+ AliasRemover removers[] = {pri_alias.c_str(), pub_alias.c_str()};
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
*signature,
hash_algo,
pad_algo)),
+ CKMCReadableError(temp)); // DSA verification is broken in tef-simulator
+
+ // negative test
+ ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ invalid_msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
CKMCReadableError(temp));
+ ckmc_buffer_free(signature);
+}
+
+RUNNER_TEST(T3086_CAPI__dsa_ext_priv_key_create_verify_with_negative)
+{
+ int temp;
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MIIBtzCCASwGByqGSM44BAEwggEfAoGBALeveaD/EheW+ws1YuW77f344+brkEzm\n"
+ "BVfFYHr7t+jwu6nQe341SoESJG+PCgrrhy76KNDCfveiwEoWufVHnI4bYBU/ClzP\n"
+ "A3amf6c5yud45ZR/b6OiAuew6ohY0mQGnzqeio8BaCsZaJ6EziCSlkdIDJisSfPg\n"
+ "nlWHqf4AwHVdAhUA7I1JQ7sBFJ+N19w3Omu+aO8EG08CgYEAldagy/Ccxhh43cZu\n"
+ "AZQxgJLCcp1jg6NdPMdkZ2TcSijvaVxBu+gjEGOqN5Os2V6UF7S/k/rjHYmcX9ux\n"
+ "gpjkC31yTNrKyERIAFIYZtG2K7LVBUZq5Fgm7I83QBVchJ2PA7mBaugJFEhNjbhK\n"
+ "NRip5UH38le1YDZ/IiA+svFOpeoDgYQAAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+\n"
+ "hq0c3FGUCtGbVOqg2KPqMBgwSb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdO\n"
+ "OSCQciDXnRfSqKbT6tjDTgR5jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rC\n"
+ "YMYCBhubtrVaLmc=\n"
+ "-----END PUBLIC KEY-----";
+
+ std::string priv = "-----BEGIN DSA PRIVATE KEY-----\n"
+ "MIIBvAIBAAKBgQC3r3mg/xIXlvsLNWLlu+39+OPm65BM5gVXxWB6+7fo8Lup0Ht+\n"
+ "NUqBEiRvjwoK64cu+ijQwn73osBKFrn1R5yOG2AVPwpczwN2pn+nOcrneOWUf2+j\n"
+ "ogLnsOqIWNJkBp86noqPAWgrGWiehM4gkpZHSAyYrEnz4J5Vh6n+AMB1XQIVAOyN\n"
+ "SUO7ARSfjdfcNzprvmjvBBtPAoGBAJXWoMvwnMYYeN3GbgGUMYCSwnKdY4OjXTzH\n"
+ "ZGdk3Eoo72lcQbvoIxBjqjeTrNlelBe0v5P64x2JnF/bsYKY5At9ckzayshESABS\n"
+ "GGbRtiuy1QVGauRYJuyPN0AVXISdjwO5gWroCRRITY24SjUYqeVB9/JXtWA2fyIg\n"
+ "PrLxTqXqAoGAPT91aEgwFdulzmHlvr3k+GBCE9z+hq0c3FGUCtGbVOqg2KPqMBgw\n"
+ "Sb4MC0msQys4DTVZhLJI+C5eIPEHgfBMqY1ZNJdOOSCQciDXnRfSqKbT6tjDTgR5\n"
+ "jmh5bG1Q8QFeBTHCDsQHoQYWgx0nyu12lASN80rCYMYCBhubtrVaLmcCFQC0IB4m\n"
+ "u1roOuaPY+Hl19BlTE2qdw==\n"
+ "-----END DSA PRIVATE KEY-----";
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ CKM::Alias pub_alias = "dsa-T3086-ext-pub1";
+ CKM::Alias pri_alias = "dsa-T3086-ext-prv1";
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA1;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature = NULL;
+
+ ckmc_key_s pubkey;
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
+ pubkey.key_size = pub.size();
+ pubkey.key_type = CKMC_KEY_NONE;
+ pubkey.password = NULL;
+
+ ckmc_policy_s pubpolicy;
+ pubpolicy.password = pub_passwd;
+ pubpolicy.extractable = 1;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 0;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = reinterpret_cast<unsigned char *>(priv.data());
+ prikey.key_size = priv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = NULL;
+
+ AliasRemover removers[] = {pri_alias.c_str(), pub_alias.c_str()};
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+ // positive test
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp)); // DSA verification is broken in tef-simulator
// negative test
ckmc_raw_buffer_s invalid_msg_buff = prepare_message_buffer("invalid message test");
RUNNER_ASSERT_MSG(
ckmc_buffer_free(signature);
}
+// No support for EC import in tizen.org's TA. EC import is not required by E2EE.
+#if ! defined(TZ_BACKEND) || defined(TZ_EC_IMPORT)
+RUNNER_TEST(T3088_CAPI__ec_key_create_verify)
+{
+ int temp;
+ std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
+ "MHcCAQEEIN/iPh6OPn45v3kWIVhJOtiZ9VEW1GSPBpzw4LoJOPEQoAoGCCqGSM49\n"
+ "AwEHoUQDQgAE0jsycj6iyxVIAPueKzkztY664Rc0jVW7U95yK8Cy7wKcjUTX2Sis\n"
+ "sOOUyftV3/nUgPAnzWVQTDal15xH5waI+A==\n"
+ "-----END EC PRIVATE KEY-----\n";
+
+ std::string pub = "-----BEGIN PUBLIC KEY-----\n"
+ "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0jsycj6iyxVIAPueKzkztY664Rc0\n"
+ "jVW7U95yK8Cy7wKcjUTX2SissOOUyftV3/nUgPAnzWVQTDal15xH5waI+A==\n"
+ "-----END PUBLIC KEY-----";
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+ CKM::Alias pri_alias = "ecprv2";
+ CKM::Alias pub_alias = "ecpub2";
+ char *key_passwd = NULL;
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_key_s pubkey;
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub.data());
+ pubkey.key_size = pub.size();
+ pubkey.key_type = CKMC_KEY_NONE;
+ pubkey.password = NULL;
+
+ ckmc_policy_s pubpolicy;
+ pubpolicy.password = pub_passwd;
+ pubpolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = key_passwd;
+
+ ckmc_policy_s pripolicy;
+
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 0;
+
+ AliasRemover removers[] = {pub_alias.c_str(), pri_alias.c_str()};
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub_alias.c_str(), pubkey, pubpolicy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+}
+
RUNNER_TEST(T3088_CAPI__ecdsa_cert_create_verify_signature)
{
int temp;
- std::string prv =
- "-----BEGIN EC PRIVATE KEY-----\n"
- "MIH8AgEBBBRPb/2utS5aCtyuwmzIHpU6LH3mc6CBsjCBrwIBATAgBgcqhkjOPQEB\n"
- "AhUA/////////////////////3////8wQwQU/////////////////////3////wE\n"
- "FByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UEKQRK\n"
- "lrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAAAAAA\n"
- "AAAAAfTI+Seu08p1IlcCAQGhLAMqAATehLqu61gKC3Tgr4wQMVoguAhhG3Uwwz8u\n"
- "ELyhe7yPCAuOoLZlTLgf\n"
+ std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
+ "MHcCAQEEIN/iPh6OPn45v3kWIVhJOtiZ9VEW1GSPBpzw4LoJOPEQoAoGCCqGSM49\n"
+ "AwEHoUQDQgAE0jsycj6iyxVIAPueKzkztY664Rc0jVW7U95yK8Cy7wKcjUTX2Sis\n"
+ "sOOUyftV3/nUgPAnzWVQTDal15xH5waI+A==\n"
"-----END EC PRIVATE KEY-----\n";
- std::string pub =
- "-----BEGIN CERTIFICATE-----\n"
- "MIICfDCCAjqgAwIBAgIJANIytpeTKlXBMAkGByqGSM49BAEwXjELMAkGA1UEBhMC\n"
- "UEwxDTALBgNVBAgMBExvZHoxDTALBgNVBAcMBExvZHoxEDAOBgNVBAoMB1NhbXN1\n"
- "bmcxETAPBgNVBAsMCFNlY3VyaXR5MQwwCgYDVQQDDANDS00wHhcNMTQwNzAyMTI0\n"
- "MTQ3WhcNMTcwNzAxMTI0MTQ3WjBeMQswCQYDVQQGEwJQTDENMAsGA1UECAwETG9k\n"
- "ejENMAsGA1UEBwwETG9kejEQMA4GA1UECgwHU2Ftc3VuZzERMA8GA1UECwwIU2Vj\n"
- "dXJpdHkxDDAKBgNVBAMMA0NLTTCB6jCBuwYHKoZIzj0CATCBrwIBATAgBgcqhkjO\n"
- "PQEBAhUA/////////////////////3////8wQwQU/////////////////////3//\n"
- "//wEFByXvvxUvXqLZaz4n4HU1K3FZfpFAxUAEFPN5CwU1pbmdodWFRdTO/P4M0UE\n"
- "KQRKlrVojvVzKEZkaYlow4u5E8v8giOmKFUxaJR9WdzJEgQjUTd6xfsyAhUBAAAA\n"
- "AAAAAAAAAfTI+Seu08p1IlcCAQEDKgAE3oS6rutYCgt04K+MEDFaILgIYRt1MMM/\n"
- "LhC8oXu8jwgLjqC2ZUy4H6NQME4wHQYDVR0OBBYEFELElWx3kbLo55Cfn1vywsEZ\n"
- "ccsmMB8GA1UdIwQYMBaAFELElWx3kbLo55Cfn1vywsEZccsmMAwGA1UdEwQFMAMB\n"
- "Af8wCQYHKoZIzj0EAQMxADAuAhUAumC4mGoyK97SxTvVBQ+ELfCbxEECFQCbMJ72\n"
- "Q1oBry6NEc+lLFmWMDesAA==\n"
- "-----END CERTIFICATE-----\n";
+ std::string pub = "-----BEGIN CERTIFICATE-----\n"
+ "MIICOTCCAd+gAwIBAgIUZutYnkt/bslUp9cypmBWUEehLZQwCgYIKoZIzj0EAwIw\n"
+ "cjELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNVV09OMQ4wDAYDVQQHDAVTVVdPTjEQ\n"
+ "MA4GA1UECgwHU0FNU1VORzELMAkGA1UECwwCVkQxJDAiBgNVBAMMG1NBTVNVTkcg\n"
+ "VEVTVCBFQyBDRVJUSUZJQ0FURTAeFw0yMzA3MTYxMjA0NTJaFw0yNDA3MTUxMjA0\n"
+ "NTJaMHIxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTVVdPTjEOMAwGA1UEBwwFU1VX\n"
+ "T04xEDAOBgNVBAoMB1NBTVNVTkcxCzAJBgNVBAsMAlZEMSQwIgYDVQQDDBtTQU1T\n"
+ "VU5HIFRFU1QgRUMgQ0VSVElGSUNBVEUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\n"
+ "AATSOzJyPqLLFUgA+54rOTO1jrrhFzSNVbtT3nIrwLLvApyNRNfZKKyw45TJ+1Xf\n"
+ "+dSA8CfNZVBMNqXXnEfnBoj4o1MwUTAdBgNVHQ4EFgQUKEjYUsPZiOTVWX7c6wzd\n"
+ "VE/G5NUwHwYDVR0jBBgwFoAUKEjYUsPZiOTVWX7c6wzdVE/G5NUwDwYDVR0TAQH/\n"
+ "BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBJYK+YXFme/yN0nwIiAw8SnAKy0I7s\n"
+ "fMkujlwV50KHWwIhAPaiSJdoKPPTX9pp0OZK0izd1xByAL5DSd4GSwLBOFWQ\n"
+ "-----END CERTIFICATE-----";
ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
ckmc_policy_s pripolicy;
pripolicy.password = pri_passwd;
-#ifdef TZ_BACKEND // TZ backend does not support EC key import
- pripolicy.extractable = 1;
-#else
pripolicy.extractable = 0;
-#endif
+ AliasRemover removers[] = {pri_alias.c_str(), pub_alias.c_str()};
RUNNER_ASSERT_MSG(
CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
hash_algo,
pad_algo)),
CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+}
+
+RUNNER_TEST(T3088_CAPI__ecdsa_secp384r1_cert_create_verify_signature)
+{
+ int temp;
+
+ std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
+ "MIGkAgEBBDDFzD40r9xPqwmdaXYYx0ESTPxkhOeXybiFZqbmdmyLxJM/ORc4JQj9\n"
+ "uDjIYeEt7ZSgBwYFK4EEACKhZANiAATY6RDFr+SUF+0WiJkkkb7kTHLEBbYsOUy0\n"
+ "j/+rOp5tGPFiDZkzhN0QFZVlmCMIoMxBYHIzzehiIHczPI3nduZwkAXbH+EnTAWh\n"
+ "UJzskqPt4aJc7Fd4DmI0Rl5uBnGUFUI=\n"
+ "-----END EC PRIVATE KEY-----";
+
+ std::string pub = "-----BEGIN CERTIFICATE-----\n"
+ "MIICjTCCAhSgAwIBAgIUVeItRpAxFiAlnYPwihsWwHcTrk4wCgYIKoZIzj0EAwIw\n"
+ "fjELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNVV09OMQ4wDAYDVQQHDAVTVVdPTjER\n"
+ "MA8GA1UECgwIU0FNU1VORyAxEzARBgNVBAsMClZEIFNBTVNVTkcxJzAlBgNVBAMM\n"
+ "HlZEIFNBTVNVTkcgRUMgQ0VSVElGSUNBVEUgVEVTVDAeFw0yMzA3MTYxMjQwNDVa\n"
+ "Fw0yNDA3MTUxMjQwNDVaMH4xCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTVVdPTjEO\n"
+ "MAwGA1UEBwwFU1VXT04xETAPBgNVBAoMCFNBTVNVTkcgMRMwEQYDVQQLDApWRCBT\n"
+ "QU1TVU5HMScwJQYDVQQDDB5WRCBTQU1TVU5HIEVDIENFUlRJRklDQVRFIFRFU1Qw\n"
+ "djAQBgcqhkjOPQIBBgUrgQQAIgNiAATY6RDFr+SUF+0WiJkkkb7kTHLEBbYsOUy0\n"
+ "j/+rOp5tGPFiDZkzhN0QFZVlmCMIoMxBYHIzzehiIHczPI3nduZwkAXbH+EnTAWh\n"
+ "UJzskqPt4aJc7Fd4DmI0Rl5uBnGUFUKjUzBRMB0GA1UdDgQWBBSOsbmH3l7UrFfq\n"
+ "hkySFU544ymvtTAfBgNVHSMEGDAWgBSOsbmH3l7UrFfqhkySFU544ymvtTAPBgNV\n"
+ "HRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA2cAMGQCME89T0LZGkg87BBBmA6coE1t\n"
+ "z0UQrQFot9F4LJgfIjnezAFmcapQZ40tVn1FAB/DzgIwJsnlsmxoXyWtFxEL/I3r\n"
+ "mtPbpS5ZhwJEKqoxwuhf+uJAEIDiBHkCnYsqeTG1z/BA\n"
+ "-----END CERTIFICATE-----";
+
+ std::string pub1 = "-----BEGIN PUBLIC KEY-----\n"
+ "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE2OkQxa/klBftFoiZJJG+5ExyxAW2LDlM\n"
+ "tI//qzqebRjxYg2ZM4TdEBWVZZgjCKDMQWByM83oYiB3MzyN53bmcJAF2x/hJ0wF\n"
+ "oVCc7JKj7eGiXOxXeA5iNEZebgZxlBVC\n"
+ "-----END PUBLIC KEY-----";
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ CKM::Alias pri_alias = "prv4-secp384r1";
+ CKM::Alias pub_alias = "pub4-secp384r1";
+ CKM::Alias pub1_alias = "pub41-secp384r1";
+ char *key_passwd = NULL;
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_cert_s cert;
+ cert.raw_cert = reinterpret_cast<unsigned char *>(pub.data());
+ cert.cert_size = pub.size();
+ cert.data_format = CKMC_FORM_PEM;
+
+ ckmc_policy_s certpolicy;
+ certpolicy.password = pub_passwd;
+ certpolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = key_passwd;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 0;
+
+ ckmc_key_s pubkey;
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub1.data());
+ pubkey.key_size = pub1.size();
+ pubkey.key_type = CKMC_KEY_NONE;
+ pubkey.password = NULL;
+
+ ckmc_policy_s pubpolicy;
+ pubpolicy.password = pub_passwd;
+ pubpolicy.extractable = 1;
+
+ AliasRemover removers[] = {pub1_alias.c_str(), pub_alias.c_str(), pri_alias.c_str()};
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub1_alias.c_str(), pubkey, pubpolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub1_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
+}
+
+RUNNER_TEST(T3088_CAPI__ecdsa_prime192v1_cert_create_verify_signature)
+{
+ int temp;
+
+ std::string prv = "-----BEGIN EC PRIVATE KEY-----\n"
+ "MF8CAQEEGHWU30LHvJMYREv1I4veekMCGB6RtuIaxaAKBggqhkjOPQMBAaE0AzIA\n"
+ "BPftMWeqeqlS3EBL1VF12l/TTWqTTVDdL6q2uPIyLvIW5jn4EzJaPmd+QIOflZZX\n"
+ "ng==\n"
+ "-----END EC PRIVATE KEY-----";
+
+ std::string pub = "-----BEGIN CERTIFICATE-----\n"
+ "MIICKTCCAd+gAwIBAgIUcTQU6exo9T+FDohlh2DvFPWE7gAwCgYIKoZIzj0EAwIw\n"
+ "ejELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNVV09OMQ4wDAYDVQQHDAVTVVdPTjEQ\n"
+ "MA4GA1UECgwHU0FNU1VORzETMBEGA1UECwwKVkQgU0FNU1VORzEkMCIGA1UEAwwb\n"
+ "U0FNU1VORyBURVNUIENFUlRJRklDQVRFIEVDMB4XDTIzMDcxNjEyMzczN1oXDTI0\n"
+ "MDcxNTEyMzczN1owejELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNVV09OMQ4wDAYD\n"
+ "VQQHDAVTVVdPTjEQMA4GA1UECgwHU0FNU1VORzETMBEGA1UECwwKVkQgU0FNU1VO\n"
+ "RzEkMCIGA1UEAwwbU0FNU1VORyBURVNUIENFUlRJRklDQVRFIEVDMEkwEwYHKoZI\n"
+ "zj0CAQYIKoZIzj0DAQEDMgAE9+0xZ6p6qVLcQEvVUXXaX9NNapNNUN0vqra48jIu\n"
+ "8hbmOfgTMlo+Z35Ag5+Vlleeo1MwUTAdBgNVHQ4EFgQUZVBaYOnlL5e9AejboK1i\n"
+ "BfgEkFIwHwYDVR0jBBgwFoAUZVBaYOnlL5e9AejboK1iBfgEkFIwDwYDVR0TAQH/\n"
+ "BAUwAwEB/zAKBggqhkjOPQQDAgM4ADA1AhkAxFetQL2yNYyOheIgt3FEfMNqkkv3\n"
+ "5J/kAhhHDuSYogH8wBe4RtRy8xcQZ1Lu7pGVoBY=\n"
+ "-----END CERTIFICATE-----";
+
+ std::string pub1 = "-----BEGIN PUBLIC KEY-----\n"
+ "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAE9+0xZ6p6qVLcQEvVUXXaX9NNapNN\n"
+ "UN0vqra48jIu8hbmOfgTMlo+Z35Ag5+Vllee\n"
+ "-----END PUBLIC KEY-----";
+
+ ckmc_raw_buffer_s msg_buff = prepare_message_buffer("message test");
+
+ CKM::Alias pri_alias = "prv4-prime192v1";
+ CKM::Alias pub_alias = "pub4-prime192v1";
+ CKM::Alias pub1_alias = "pub41-prime192v1";
+ char *key_passwd = NULL;
+ char *pri_passwd = NULL;
+ char *pub_passwd = NULL;
+ ckmc_hash_algo_e hash_algo = CKMC_HASH_SHA256;
+ ckmc_rsa_padding_algo_e pad_algo = CKMC_PKCS1_PADDING;
+ ckmc_raw_buffer_s *signature;
+
+ ckmc_cert_s cert;
+ cert.raw_cert = reinterpret_cast<unsigned char *>(pub.data());
+ cert.cert_size = pub.size();
+ cert.data_format = CKMC_FORM_PEM;
+
+ ckmc_policy_s certpolicy;
+ certpolicy.password = pub_passwd;
+ certpolicy.extractable = 1;
+
+ ckmc_key_s prikey;
+ prikey.raw_key = reinterpret_cast<unsigned char *>(prv.data());
+ prikey.key_size = prv.size();
+ prikey.key_type = CKMC_KEY_NONE;
+ prikey.password = key_passwd;
+
+ ckmc_policy_s pripolicy;
+ pripolicy.password = pri_passwd;
+ pripolicy.extractable = 0;
+
+ ckmc_key_s pubkey;
+ pubkey.raw_key = reinterpret_cast<unsigned char *>(pub1.data());
+ pubkey.key_size = pub1.size();
+ pubkey.key_type = CKMC_KEY_NONE;
+ pubkey.password = NULL;
+
+ ckmc_policy_s pubpolicy;
+ pubpolicy.password = pub_passwd;
+ pubpolicy.extractable = 1;
+
+ AliasRemover removers[] = {pub1_alias.c_str(), pub_alias.c_str(), pri_alias.c_str()};
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pub1_alias.c_str(), pubkey, pubpolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_cert(pub_alias.c_str(), cert, certpolicy)),
+ CKMCReadableError(temp));
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_save_key(pri_alias.c_str(), prikey, pripolicy)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_create_signature(
+ pri_alias.c_str(),
+ pri_passwd,
+ msg_buff,
+ hash_algo,
+ pad_algo,
+ &signature)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_NONE == (temp = ckmc_verify_signature(
+ pub1_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ RUNNER_ASSERT_MSG(signature->size > 6, "Signature is too small");
+ memcpy((void*)signature->data, "BROKEN", 6);
+
+ RUNNER_ASSERT_MSG(
+ CKMC_ERROR_VERIFICATION_FAILED == (temp = ckmc_verify_signature(
+ pub_alias.c_str(),
+ pub_passwd,
+ msg_buff,
+ *signature,
+ hash_algo,
+ pad_algo)),
+ CKMCReadableError(temp));
+
+ ckmc_buffer_free(signature);
}
+#endif //! defined(TZ_BACKEND) || defined(TZ_EC_IMPORT)
RUNNER_TEST(T3089_CAPI_deinit)
{
const RawBufferPtr FIX = create_raw_buffer(createRandomBufferCAPI(36));
const RawBufferPtr ONE = create_raw_buffer(createRandomBufferCAPI(1));
+struct Algo
+{
+ ckmc_algo_type_e type;
+ size_t initVector;
+};
+
+ckmc_raw_buffer_s* DEFAULT_IV = nullptr;
+
+const Algo AES_GCM_ALGO = { CKMC_ALGO_AES_GCM, 16 };
+const Algo AES_CBC_ALGO = { CKMC_ALGO_AES_CBC, 16 };
+
+ParamListPtr getDefaultParams(const Algo &algo)
+{
+ ckmc_param_list_h handle = nullptr;
+
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
+ ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
+ if (algo.type == CKMC_ALGO_RSA_OAEP)
+ return params;
+
+ DEFAULT_IV = createRandomBufferCAPI(algo.initVector);
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
+ return params;
+}
class EcdhGroupFixture: public DPL::Test::TestGroup
{
private:
void finish()
{
ckmc_remove_alias(DERIVED.c_str());
+ ckmc_remove_alias(DERIVED2.c_str());
}
};
return Test(
false, len, prf, mode, location, context, label, fixed, rlen, llen, noSeparator);
}
+
private:
void Test(bool ok,
const uint64_t* len,
setParam(derive, CKMC_PARAM_KBKDF_NO_SEPARATOR, 1);
if (ok) {
-
-
#ifdef TZ_BACKEND
assert_positive(ckmc_key_derive,
derive.get(),
RUNNER_ASSERT(derived_size == *len);
#endif
+ const RawBufferPtr randomData = create_raw_buffer(createRandomBufferCAPI(16));
+ ckmc_raw_buffer_s *encrypted = nullptr;
+ ckmc_raw_buffer_s *decrypted = nullptr;
+ ParamListPtr params = getDefaultParams(AES_CBC_ALGO);
+
+ assert_positive(ckmc_encrypt_data,
+ params.get(),
+ DERIVED.c_str(),
+ nullptr,
+ *randomData.get(),
+ &encrypted);
+
+ assert_positive(ckmc_decrypt_data,
+ params.get(),
+ DERIVED.c_str(),
+ nullptr,
+ *encrypted,
+ &decrypted);
+
+ assert_buffers_equal(randomData.get(), decrypted);
+
+ ckmc_buffer_free(encrypted);
+ ckmc_buffer_free(decrypted);
assert_positive(ckmc_remove_alias, DERIVED.c_str());
} else {
SECRET.c_str(),
"",
DERIVED.c_str(),
- EXPORTABLE);
+ UNEXPORTABLE);
}
}
};
RUNNER_TEST(TECDH_0220_different_key_types, DerivedFixture)
{
- deriveEcdh(OURS.prv, "", RSA_EXPORTABLE.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
+ // tizen.org TA can't export RSA keys
+ deriveEcdh(OURS.prv, "", RSA.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
deriveEcdh(RSA.prv, "", OURS.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
}
RUNNER_TEST(TECDH_0230_wrong_key_types, DerivedFixture)
{
- deriveEcdh(RSA.prv, "", RSA_EXPORTABLE.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
+ // tizen.org TA can't export RSA keys
+ deriveEcdh(RSA.prv, "", RSA.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
}
kbkdfParams.get(),
DERIVED.c_str(),
"",
- "derived2",
+ DERIVED2.c_str(),
UNEXPORTABLE);
+
+ const RawBufferPtr randomData = create_raw_buffer(createRandomBufferCAPI(16));
+ ckmc_raw_buffer_s *encrypted = nullptr;
+ ckmc_raw_buffer_s *decrypted = nullptr;
+ ParamListPtr params = getDefaultParams(AES_CBC_ALGO);
+
+ assert_positive(ckmc_encrypt_data,
+ params.get(),
+ DERIVED2.c_str(),
+ nullptr,
+ *randomData.get(),
+ &encrypted);
+
+ assert_positive(ckmc_decrypt_data,
+ params.get(),
+ DERIVED2.c_str(),
+ nullptr,
+ *encrypted,
+ &decrypted);
+
+ assert_buffers_equal(randomData.get(), decrypted);
+
+ ckmc_buffer_free(encrypted);
+ ckmc_buffer_free(decrypted);
}
RUNNER_TEST(TKBKDF_0030_unknown_alias, DerivedFixture)
"nonexistent-alias",
"",
DERIVED.c_str(),
- EXPORTABLE);
+ UNEXPORTABLE);
}
RUNNER_TEST(TKBKDF_0040_wrong_password, DerivedFixture)
SECRET.c_str(),
"wrong-password",
DERIVED.c_str(),
- EXPORTABLE);
+ UNEXPORTABLE);
}
RUNNER_TEST(TKBKDF_0050_alias_exists, DerivedFixture)
RUNNER_TEST(TKBKDF_0060_derived_password, DerivedFixture)
{
-#ifndef TZ_BACKEND
auto kbkdfParams = getDefaultKBKDFParams();
assert_positive(ckmc_key_derive,
kbkdfParams.get(),
SECRET.c_str(),
"",
DERIVED.c_str(),
- EXPORTABLE);
-
- ckmc_key_s *derived = nullptr;
- assert_result(
- CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_get_key, DERIVED.c_str(), PASSWORD, &derived);
-
- assert_positive(ckmc_remove_alias, DERIVED.c_str());
-
- assert_positive(ckmc_key_derive,
- kbkdfParams.get(),
- SECRET.c_str(),
- "",
- DERIVED.c_str(),
- EXPORTABLE_PW);
+ UNEXPORTABLE_PW);
- assert_result(
- CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_get_key, DERIVED.c_str(), "", &derived);
- assert_positive(ckmc_get_key, DERIVED.c_str(), PASSWORD, &derived);
- ckmc_key_free(derived);
-#else
- auto kbkdfParams = getDefaultKBKDFParams();
assert_positive(ckmc_key_derive,
kbkdfParams.get(),
SECRET.c_str(),
"",
- DERIVED.c_str(),
- UNEXPORTABLE);
-
- assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
- ckmc_key_derive,
- kbkdfParams.get(),
- DERIVED.c_str(),
- PASSWORD,
DERIVED2.c_str(),
UNEXPORTABLE);
- assert_positive(ckmc_remove_alias, DERIVED.c_str());
-
- assert_positive(ckmc_key_derive,
- kbkdfParams.get(),
- SECRET.c_str(),
- "",
- DERIVED.c_str(),
- UNEXPORTABLE_PW);
+ const RawBufferPtr randomData = create_raw_buffer(createRandomBufferCAPI(16));
+ ckmc_raw_buffer_s *encrypted = nullptr;
+ ckmc_raw_buffer_s *decrypted = nullptr;
+ ParamListPtr params = getDefaultParams(AES_CBC_ALGO);
assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
- ckmc_key_derive,
- kbkdfParams.get(),
- DERIVED.c_str(),
- "",
- DERIVED2.c_str(),
- UNEXPORTABLE);
+ ckmc_encrypt_data,
+ params.get(),
+ DERIVED.c_str(),
+ nullptr,
+ *randomData.get(),
+ &encrypted);
- assert_positive(ckmc_remove_alias, DERIVED.c_str());
-#endif
+ assert_positive(ckmc_encrypt_data,
+ params.get(),
+ DERIVED.c_str(),
+ PASSWORD,
+ *randomData.get(),
+ &encrypted);
+
+ assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
+ ckmc_decrypt_data,
+ params.get(),
+ DERIVED2.c_str(),
+ PASSWORD,
+ *encrypted,
+ &decrypted);
+
+ assert_positive(ckmc_decrypt_data,
+ params.get(),
+ DERIVED2.c_str(),
+ "",
+ *encrypted,
+ &decrypted);
+ assert_buffers_equal(randomData.get(), decrypted);
+ ckmc_buffer_free(encrypted);
+ ckmc_buffer_free(decrypted);
}
RUNNER_TEST(TKBKDF_0070_unexportable, DerivedFixture)
ckmc_raw_buffer_s* IV12 = nullptr;
ckmc_raw_buffer_s* IV15 = nullptr;
ckmc_raw_buffer_s* IV17 = nullptr;
+ckmc_raw_buffer_s* IV63 = nullptr;
ckmc_raw_buffer_s* IV128 = nullptr;
ckmc_raw_buffer_s* AAD32 = nullptr;
IV12 = createRandomBufferCAPI(12);
IV15 = createRandomBufferCAPI(15);
IV17 = createRandomBufferCAPI(17);
+ IV63 = createRandomBufferCAPI(63);
IV128 = createRandomBufferCAPI(128);
AAD32 = createRandomBufferCAPI(32);
RSA_KEY_1024_PRV_ALIAS.c_str(),
RSA_KEY_1024_PUB_ALIAS.c_str(),
UNEXPORTABLE,
- UNEXPORTABLE);
+ EXPORTABLE);
assert_positive(ckmc_create_key_pair_rsa,
2048,
RSA_KEY_2048_PRV_ALIAS.c_str(),
RSA_KEY_2048_PUB_ALIAS.c_str(),
UNEXPORTABLE,
- UNEXPORTABLE);
+ EXPORTABLE);
assert_positive(ckmc_create_key_pair_rsa,
4096,
RSA_KEY_4096_PRV_ALIAS.c_str(),
RSA_KEY_4096_PUB_ALIAS.c_str(),
UNEXPORTABLE,
- UNEXPORTABLE);
+ EXPORTABLE);
assert_positive(ckmc_create_key_aes, 128, AES_KEY_128_ALIAS.c_str(), UNEXPORTABLE);
assert_positive(ckmc_create_key_aes, 192, AES_KEY_192_ALIAS.c_str(), UNEXPORTABLE);
assert_positive(ckmc_create_key_aes, 256, AES_KEY_256_ALIAS.c_str(), UNEXPORTABLE);
assert_positive(ckmc_create_key_aes, 128, AES_KEY_128_PASS_ALIAS.c_str(), UNEXPORTABLE_PASS);
+
assert_positive(ckmc_create_key_aes, 128, AES_KEY_UNEXP_ALIAS.c_str(), UNEXPORTABLE);
assert_positive(ckmc_create_key_aes, 128, AES_KEY_UNEXP_PASS_ALIAS.c_str(), UNEXPORTABLE_PASS);
ckmc_buffer_free(DEFAULT_IV);
ckmc_buffer_free(AAD64);
ckmc_buffer_free(AAD32);
- ckmc_buffer_free(IV128);
+ ckmc_buffer_free(IV63);
ckmc_buffer_free(IV17);
ckmc_buffer_free(IV15);
ckmc_buffer_free(IV12);
nullptr,
IMPORTED_ALIAS.c_str(),
aesKey,
- EXPORTABLE);
+ UNEXPORTABLE);
ckmc_buffer_free(encrypted);
ckmc_key_free(aesKey);
nullptr,
IMPORTED_ALIAS.c_str(),
aesKey,
- EXPORTABLE);
+ UNEXPORTABLE);
ckmc_buffer_free(encrypted);
ckmc_key_free(aesKey);
}
int buffLen,
const Alias &wrappingKeyAlias,
Alias unwrappingKeyAlias = ""){
-
if (unwrappingKeyAlias.empty())
unwrappingKeyAlias = wrappingKeyAlias;
ParamListPtr params = getDefaultParams(algo);
- RawBufferPtr plainKey = encryptAndImport(params,
- buffLen,
- wrappingKeyAlias,
+ RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(buffLen));
+
+ ckmc_raw_buffer_s *encrypted = nullptr;
+ ckmc_key_s *aesKey = nullptr;
+
+ assert_positive(ckmc_encrypt_data,
+ params.get(),
+ wrappingKeyAlias.c_str(),
+ nullptr,
+ *plainData.get(),
+ &encrypted);
+
+ assert_positive(ckmc_key_new,
+ encrypted->data,
+ encrypted->size,
+ CKMC_KEY_AES,
nullptr,
- unwrappingKeyAlias,
+ &aesKey);
+
+ AliasRemover remover(IMPORTED_ALIAS.c_str());
+ assert_positive(ckmc_import_wrapped_key,
+ params.get(),
+ unwrappingKeyAlias.c_str(),
nullptr,
IMPORTED_ALIAS.c_str(),
+ aesKey,
UNEXPORTABLE);
- assert_aes_key_value(IMPORTED_ALIAS, nullptr, plainKey);
+ ckmc_buffer_free(encrypted);
+ ckmc_key_free(aesKey);
- ckmc_remove_key(IMPORTED_ALIAS.c_str());
+ assert_aes_key_value(IMPORTED_ALIAS, nullptr, plainData);
}
void testImportRSAHashes(int buffLen,
nullptr,
IMPORTED_ALIAS.c_str(),
wrongKey,
- EXPORTABLE);
+ UNEXPORTABLE);
ckmc_key_free(wrongKey);
}
-#ifndef TZ_BACKEND
void testExportableImported(const Algo &algo,
int buffLen,
const Alias &wrappingKeyAlias,
const char* wrappingKeyPass,
- const ckmc_policy_s &importedKeyPolicy,
const char* importedKeyPass){
+ ParamListPtr params = getDefaultParams(algo);
+ ckmc_policy_s importedKeyPolicy = { const_cast<char*>(importedKeyPass), true };
+
+#ifdef TZ_BACKEND
+ RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(buffLen));
+
+ ckmc_raw_buffer_s *encrypted = nullptr;
+ ckmc_key_s *aesKey = nullptr;
+
+ assert_positive(ckmc_encrypt_data,
+ params.get(),
+ wrappingKeyAlias.c_str(),
+ wrappingKeyPass,
+ *plainData.get(),
+ &encrypted);
+
+ assert_positive(ckmc_key_new,
+ encrypted->data,
+ encrypted->size,
+ CKMC_KEY_AES,
+ nullptr,
+ &aesKey);
+
+ // can't import exportable key into into TZ backend
+ assert_invalid_param(ckmc_import_wrapped_key,
+ params.get(),
+ wrappingKeyAlias.c_str(),
+ wrappingKeyPass,
+ IMPORTED_ALIAS.c_str(),
+ aesKey,
+ importedKeyPolicy);
+
+ ckmc_key_free(aesKey);
+ ckmc_buffer_free(encrypted);
+#else
ckmc_key_s *ppKey = nullptr;
ckmc_raw_buffer_s* finalData = nullptr;
- ParamListPtr params = getDefaultParams(algo);
-
RawBufferPtr plainData = encryptAndImport(params,
buffLen,
wrappingKeyAlias,
ckmc_buffer_free(finalData);
ckmc_key_free(ppKey);
ckmc_remove_key(IMPORTED_ALIAS.c_str());
-}
#endif
+}
void importKey(const Algo &algo,
int buffLen,
nullptr,
IMPORTED_ALIAS.c_str(),
aesKey,
- EXPORTABLE);
+ UNEXPORTABLE);
ckmc_buffer_free(encrypted);
ckmc_key_free(aesKey);
}
nullptr,
IMPORTED_ALIAS.c_str(),
key,
- EXPORTABLE);
+ UNEXPORTABLE);
ckmc_key_free(key);
}
nullptr,
IMP_AES_CTR.c_str(),
key,
- EXPORTABLE);
+ UNEXPORTABLE);
ckmc_key_free(key);
}
nullptr,
invalidAlias.c_str(),
key,
- EXPORTABLE);
+ UNEXPORTABLE);
ckmc_key_free(key);
}
RUNNER_TEST(TKW_BAD_WRAPPED_KEY){
- testBadWrappedKey(AES_CBC_ALGO);
testBadWrappedKey(AES_GCM_ALGO);
testBadWrappedKey(RSA_OAEP_ALGO);
}
nullptr,
IMPORTED_ALIAS.c_str(),
aesKey,
- EXPORTABLE);
+ UNEXPORTABLE);
assert_invalid_param(ckmc_import_wrapped_key,
params.get(),
nullptr,
IMPORTED_ALIAS.c_str(),
aesKey,
- EXPORTABLE);
+ UNEXPORTABLE);
assert_invalid_param(ckmc_import_wrapped_key,
params.get(),
nullptr,
nullptr,
aesKey,
- EXPORTABLE);
+ UNEXPORTABLE);
assert_invalid_param(ckmc_import_wrapped_key,
params.get(),
nullptr,
IMPORTED_ALIAS.c_str(),
nullptr,
- EXPORTABLE);
+ UNEXPORTABLE);
ckmc_buffer_free(encrypted);
ckmc_key_free(aesKey);
}
nullptr,
IMPORTED_ALIAS.c_str(),
aesKey,
- EXPORTABLE);
+ UNEXPORTABLE);
ckmc_buffer_free(encrypted);
ckmc_key_free(aesKey);
}
testImportInvalidBuffLen(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PUB_ALIAS);
}
-#ifndef TZ_BACKEND
RUNNER_TEST(TKW_DIF_POLICIES_EXPORTABLE_IMPORTED){
- testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr);
- testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
- testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, EXPORTABLE, nullptr);
- testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr);
+ testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, nullptr);
+ testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, nullptr);
+ testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, nullptr);
+ testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, nullptr);
- testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
- testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
- testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD);
- testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
+ testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, KEY_PASSWORD);
+ testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, KEY_PASSWORD);
+ testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, KEY_PASSWORD);
+ testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, KEY_PASSWORD);
}
-#endif
RUNNER_TEST(TKW_UNEXPORTABLE_IMPORTED){
ckmc_key_s *ppKey = nullptr;
"ECDSA-prv",
"ECDSA-pub",
UNEXPORTABLE,
- UNEXPORTABLE);
+ EXPORTABLE);
assert_invalid_param(ckmc_export_wrapped_key,
params.get(),
RUNNER_TEST(TKW_IMPORT_EXPORT_WITH_DIF_KEYS_AND_ALGORITHMS){
testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, AES_CTR_ALGO, AES_KEY_128_ALIAS, nullptr);
testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr);
+
+ // encryption is actually performed using the public part of the key
testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, RSA_OAEP_ALGO, RSA_KEY_1024_PRV_ALIAS, nullptr);
}
testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
- testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV128, CKMC_PARAM_ED_AAD, AAD64);
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV63, CKMC_PARAM_ED_AAD, AAD64);
testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV12, CKMC_PARAM_ED_AAD, AAD64);
testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV15, CKMC_PARAM_ED_AAD, AAD64);
testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV17, CKMC_PARAM_ED_AAD, AAD64);
testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_4096_PUB_ALIAS, nullptr, RSA_KEY_4096_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64);
}
-#ifndef TZ_BACKEND
RUNNER_TEST(TKW_RSA_WRAPPED_KEY){
+ ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
+
+ AliasRemover removers[] = {"RPV", "RPB", "RPV2", "RPB2"};
+
+ // SW
+ assert_positive(ckmc_create_key_pair_rsa, 1024, "RPV", "RPB", EXPORTABLE, EXPORTABLE);
+ // TZ
+ assert_positive(ckmc_create_key_pair_rsa, 1024, "RPV2", "RPB2", UNEXPORTABLE, EXPORTABLE);
+
ckmc_raw_buffer_s *encrypted = nullptr;
ckmc_raw_buffer_s *rsaKeyData = nullptr;
- ckmc_key_s *ppKey = nullptr;
ckmc_key_s *rsaKey = nullptr;
ckmc_key_s *wrappedRsaKey = nullptr;
+ ckmc_key_s *exportedKey = nullptr;
- ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
-
- assert_positive(ckmc_create_key_pair_rsa, 1024, "RPV", "RPB", EXPORTABLE, EXPORTABLE);
- assert_positive(ckmc_get_key, "RPV", nullptr, &rsaKey);
+ assert_positive(ckmc_get_key, "RPB", nullptr, &rsaKey);
assert_positive(ckmc_buffer_new, rsaKey->raw_key, rsaKey->key_size, &rsaKeyData);
assert_positive(ckmc_encrypt_data,
params.get(),
AES_KEY_256_ALIAS.c_str(),
nullptr,
- "RPV",
+ "RPV2",
nullptr,
- &ppKey);
+ &exportedKey);
ckmc_buffer_free(rsaKeyData);
ckmc_buffer_free(encrypted);
ckmc_key_free(wrappedRsaKey);
ckmc_key_free(rsaKey);
- ckmc_key_free(ppKey);
+ ckmc_key_free(exportedKey);
ckmc_remove_key(IMPORTED_ALIAS.c_str());
- ckmc_remove_key("RPB");
- ckmc_remove_key("RPV");
}
-#endif
RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CTR){
testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, UNEXPORTABLE, nullptr);
projects / platform / core / test / security-tests.git / commitdiff