From: Lukasz Pawelczyk Date: Thu, 30 Jun 2016 10:35:36 +0000 (+0200) Subject: YACA: key import/export vector tests X-Git-Tag: security-manager_5.5_testing~58 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=226060e307832bbd9fe88cf494f4b99a801279d4;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git YACA: key import/export vector tests Also some additional invalid params tests that were originally missing. Change-Id: I21cc16a8809ebfd2c29feaf8c3a1101655fd6723 --- diff --git a/src/yaca/test-vectors/key.txt b/src/yaca/test-vectors/key.txt new file mode 100644 index 00000000..3237ec71 --- /dev/null +++ b/src/yaca/test-vectors/key.txt @@ -0,0 +1,197 @@ +########################### SYMMETRIC ########################### +key_type=SYMMETRIC +key_len_bits=128 +key_format=DEFAULT +key_file_format=RAW +password= + +key_type=SYMMETRIC +key_len_bits=192 +key_format=DEFAULT +key_file_format=RAW +password= + +key_type=SYMMETRIC +key_len_bits=256 +key_format=DEFAULT +key_file_format=RAW +password= + +key_type=SYMMETRIC +key_len_bits=128 +key_format=DEFAULT +key_file_format=BASE64 +password= + +key_type=SYMMETRIC +key_len_bits=192 +key_format=DEFAULT +key_file_format=BASE64 +password= + +key_type=SYMMETRIC +key_len_bits=256 +key_format=DEFAULT +key_file_format=BASE64 +password= + +########################### DES ########################### +key_type=DES +key_len_bits=64 +key_format=DEFAULT +key_file_format=RAW +password= + +key_type=DES +key_len_bits=128 +key_format=DEFAULT +key_file_format=RAW +password= + +key_type=DES +key_len_bits=192 +key_format=DEFAULT +key_file_format=RAW +password= + +key_type=DES +key_len_bits=64 +key_format=DEFAULT +key_file_format=BASE64 +password= + +key_type=DES +key_len_bits=128 +key_format=DEFAULT +key_file_format=BASE64 +password= + +key_type=DES +key_len_bits=192 +key_format=DEFAULT +key_file_format=BASE64 +password= + +########################### RSA DEFAULT ########################### +key_type=RSA_PRIV +key_len_bits=512 +key_format=DEFAULT +key_file_format=PEM +password= + +key_type=RSA_PRIV +key_len_bits=1024 +key_format=DEFAULT +key_file_format=PEM +password= + +key_type=RSA_PRIV +key_len_bits=512 +key_format=DEFAULT +key_file_format=PEM +password=123456qwerty + +key_type=RSA_PRIV +key_len_bits=1024 +key_format=DEFAULT +key_file_format=PEM +password=123456qwerty + +key_type=RSA_PRIV +key_len_bits=512 +key_format=DEFAULT +key_file_format=DER +password= + +key_type=RSA_PRIV +key_len_bits=1024 +key_format=DEFAULT +key_file_format=DER +password= + +########################### RSA PKCS8 ########################### +key_type=RSA_PRIV +key_len_bits=512 +key_format=PKCS8 +key_file_format=PEM +password=123456qwerty + +key_type=RSA_PRIV +key_len_bits=1024 +key_format=PKCS8 +key_file_format=PEM +password=123456qwerty + +key_type=RSA_PRIV +key_len_bits=512 +key_format=PKCS8 +key_file_format=DER +password=123456qwerty + +key_type=RSA_PRIV +key_len_bits=1024 +key_format=PKCS8 +key_file_format=DER +password=123456qwerty + +########################### DSA DEFAULT ########################### +key_type=DSA_PRIV +key_len_bits=512 +key_format=DEFAULT +key_file_format=PEM +password= + +key_type=DSA_PRIV +key_len_bits=1024 +key_format=DEFAULT +key_file_format=PEM +password= + +key_type=DSA_PRIV +key_len_bits=512 +key_format=DEFAULT +key_file_format=PEM +password=123456qwerty + +key_type=DSA_PRIV +key_len_bits=1024 +key_format=DEFAULT +key_file_format=PEM +password=123456qwerty + +key_type=DSA_PRIV +key_len_bits=512 +key_format=DEFAULT +key_file_format=DER +password= + +key_type=DSA_PRIV +key_len_bits=1024 +key_format=DEFAULT +key_file_format=DER +password= + +########################### DSA PKCS8 ########################### +key_type=DSA_PRIV +key_len_bits=512 +key_format=PKCS8 +key_file_format=PEM +password=123456qwerty + +key_type=DSA_PRIV +key_len_bits=1024 +key_format=PKCS8 +key_file_format=PEM +password=123456qwerty + +key_type=DSA_PRIV +key_len_bits=512 +key_format=PKCS8 +key_file_format=DER +password=123456qwerty + +key_type=DSA_PRIV +key_len_bits=1024 +key_format=PKCS8 +key_file_format=DER +password=123456qwerty diff --git a/src/yaca/yaca-test-key.cpp b/src/yaca/yaca-test-key.cpp index 1c9beeb2..94dace06 100644 --- a/src/yaca/yaca-test-key.cpp +++ b/src/yaca/yaca-test-key.cpp @@ -30,6 +30,7 @@ #include #include "yaca-test-common.h" +#include "yaca-test-vector.h" namespace { @@ -59,6 +60,74 @@ void key_gen_invalid_param(yaca_key_type_e key_type, "Non-empty key returned from a function that failed"); } +void import_key_wrong_password(yaca_key_type_e key_type, + const std::string &password, + const char *data, + size_t data_len) +{ + yaca_key_h key = YACA_KEY_NULL; + std::string password_wrong = password + "!"; + + if (password.size() > 0) { + YACA_RESULT(YACA_ERROR_INVALID_PASSWORD, + yaca_key_import(key_type, "", data, data_len, &key)); + + YACA_ASSERT_MSG(key == YACA_KEY_NULL, + "Non-empty key returned from a function that failed"); + + YACA_RESULT(YACA_ERROR_INVALID_PASSWORD, + yaca_key_import(key_type, nullptr, data, data_len, &key)); + + YACA_ASSERT_MSG(key == YACA_KEY_NULL, + "Non-empty key returned from a function that failed"); + } + + YACA_RESULT(YACA_ERROR_INVALID_PASSWORD, + yaca_key_import(key_type, password_wrong.c_str(), data, data_len, &key)); + + YACA_ASSERT_MSG(key == YACA_KEY_NULL, + "Non-empty key returned from a function that failed"); +} + +void assert_keys_equal(const KeyPtr &key1, + const KeyPtr &key2) +{ + yaca_key_format_e key_fmt = YACA_KEY_FORMAT_DEFAULT; + yaca_key_file_format_e key_file_fmt; + yaca_key_type_e key1_type; + yaca_key_type_e key2_type; + + YACA_SUCCESS(yaca_key_get_type(key1.get(), &key1_type)); + YACA_SUCCESS(yaca_key_get_type(key2.get(), &key2_type)); + + YACA_ASSERT_MSG(key1_type == key2_type, "Key types are not equal"); + + switch(key1_type) { + case YACA_KEY_TYPE_SYMMETRIC: + case YACA_KEY_TYPE_DES: + case YACA_KEY_TYPE_IV: + key_file_fmt = YACA_KEY_FILE_FORMAT_RAW; + break; + case YACA_KEY_TYPE_RSA_PUB: + case YACA_KEY_TYPE_RSA_PRIV: + case YACA_KEY_TYPE_DSA_PUB: + case YACA_KEY_TYPE_DSA_PRIV: + key_file_fmt = YACA_KEY_FILE_FORMAT_DER; + break; + default: + RUNNER_FAIL_MSG("Wrong key_type passed"); + } + + size_t key1_len; + ChrPtr key1_data = export_key(key1, key_fmt, key_file_fmt, nullptr, &key1_len); + + size_t key2_len; + ChrPtr key2_data = export_key(key2, key_fmt, key_file_fmt, nullptr, &key2_len); + + YACA_ASSERT_MSG(key1_len == key2_len, "Compared keys are not of equal length"); + YACA_SUCCESS(yaca_memcmp(key1_data.get(), key2_data.get(), key1_len)); +} + } // anonymous namespace RUNNER_TEST_GROUP_INIT(T4000_YACA_KEY); @@ -239,6 +308,7 @@ RUNNER_TEST(T4220_yaca_key_export_invalid_param, YacaTest) { KeyPtr key_sym = generate_key(YACA_KEY_TYPE_SYMMETRIC, 1024); KeyPtr key_rsa = generate_key(YACA_KEY_TYPE_RSA_PRIV, 1024); + KeyPtr key_rsa_pub = extract_public_key(key_rsa); char *data; size_t data_len; @@ -297,9 +367,34 @@ RUNNER_TEST(T4220_yaca_key_export_invalid_param, YacaTest) YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, nullptr, &data, &data_len)); + + YACA_INVALID_PARAM(yaca_key_export(key_rsa_pub.get(), + YACA_KEY_FORMAT_PKCS8, + YACA_KEY_FILE_FORMAT_PEM, + nullptr, &data, &data_len)); + + /* passing password with a key/format that doesn't support it */ + YACA_INVALID_PARAM(yaca_key_export(key_rsa.get(), + YACA_KEY_FORMAT_DEFAULT, + YACA_KEY_FILE_FORMAT_DER, + "pass", &data, &data_len)); + YACA_INVALID_PARAM(yaca_key_export(key_rsa_pub.get(), + YACA_KEY_FORMAT_DEFAULT, + YACA_KEY_FILE_FORMAT_PEM, + "pass", &data, &data_len)); + + /* not passing a password with a format that requires it */ + YACA_INVALID_PARAM(yaca_key_export(key_rsa.get(), + YACA_KEY_FORMAT_PKCS8, + YACA_KEY_FILE_FORMAT_PEM, + nullptr, &data, &data_len)); + YACA_INVALID_PARAM(yaca_key_export(key_rsa.get(), + YACA_KEY_FORMAT_PKCS8, + YACA_KEY_FILE_FORMAT_PEM, + "", &data, &data_len)); } -RUNNER_TEST(T4220_yaca_key_import_invalid_param, YacaTest) +RUNNER_TEST(T4230_yaca_key_import_invalid_param, YacaTest) { KeyPtr key_sym = generate_key(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_256BIT); size_t key_sym_data_len; @@ -313,6 +408,12 @@ RUNNER_TEST(T4220_yaca_key_import_invalid_param, YacaTest) YACA_KEY_FILE_FORMAT_DER, nullptr, &key_rsa_data_len); + KeyPtr key_rsa_pub = extract_public_key(key_rsa); + size_t key_rsa_pub_data_len; + ChrPtr key_rsa_pub_data = export_key(key_rsa_pub, YACA_KEY_FORMAT_DEFAULT, + YACA_KEY_FILE_FORMAT_PEM, + nullptr, &key_rsa_pub_data_len); + const char *inv_data1 = "qwertyuiopasdfghjklzxcvbnmqwerty"; size_t inv_data1_len = strlen(inv_data1); const char *inv_data2 = "--------qwertyuiopasdfghjklzxcvbnm"; @@ -348,4 +449,72 @@ RUNNER_TEST(T4220_yaca_key_import_invalid_param, YacaTest) key_rsa_data.get(), static_cast(INT_MAX) + 1, &out)); YACA_INVALID_PARAM(yaca_key_import(YACA_KEY_TYPE_RSA_PRIV, nullptr, key_rsa_data.get(), 3, &out)); + + /* passing password with a key/format that doesn't support it */ + YACA_INVALID_PARAM(yaca_key_import(YACA_KEY_TYPE_RSA_PRIV, "pass", + key_rsa_data.get(), key_rsa_data_len, &out)); + YACA_INVALID_PARAM(yaca_key_import(YACA_KEY_TYPE_RSA_PUB, "pass", + key_rsa_pub_data.get(), key_rsa_pub_data_len, &out)); +} + +RUNNER_TEST(T4240_yaca_key_export_import, YacaTest) +{ + auto tvv = loadTestVector("key.txt"); + + for (const auto& tv : tvv) { + yaca_key_type_e key_type; + size_t key_len_bits; + yaca_key_format_e key_format; + yaca_key_file_format_e key_file_format; + std::string password; + + tv.get("key_type", key_type); + tv.get("key_len_bits", key_len_bits); + tv.get("key_format", key_format); + tv.get("key_file_format", key_file_format); + tv.get("password", password); + + KeyPtr key = generate_key(key_type, key_len_bits); + + size_t key_data_len; + ChrPtr key_data = export_key(key, key_format, key_file_format, password.c_str(), &key_data_len); + KeyPtr key_imp = import_key(key_type, password.c_str(), key_data.get(), key_data_len); + + assert_keys_equal(key, key_imp); + + /* password test for asymmetric DEFAULT PEM */ + if (key_format == YACA_KEY_FORMAT_DEFAULT && + (key_type == YACA_KEY_TYPE_RSA_PRIV || key_type == YACA_KEY_TYPE_DSA_PRIV) && + key_file_format == YACA_KEY_FILE_FORMAT_PEM) + import_key_wrong_password(key_type, password, key_data.get(), key_data_len); + + /* password test for asymmetric PKCS8 PEM and DER */ + if (key_format == YACA_KEY_FORMAT_PKCS8 && + (key_type == YACA_KEY_TYPE_RSA_PRIV || key_type == YACA_KEY_TYPE_DSA_PRIV)) + import_key_wrong_password(key_type, password, key_data.get(), key_data_len); + + /* public key test for asymmetric DEFAULT PEM and DER */ + if (key_format == YACA_KEY_FORMAT_DEFAULT && + (key_type == YACA_KEY_TYPE_RSA_PRIV || key_type == YACA_KEY_TYPE_DSA_PRIV)) { + KeyPtr key_pub = extract_public_key(key); + yaca_key_type_e key_pub_type = static_cast(-1); // fix clang + + switch (key_type) { + case YACA_KEY_TYPE_RSA_PRIV: + key_pub_type = YACA_KEY_TYPE_RSA_PUB; + break; + case YACA_KEY_TYPE_DSA_PRIV: + key_pub_type = YACA_KEY_TYPE_DSA_PUB; + break; + default: + RUNNER_FAIL_MSG("Wrong key_type passed"); + } + + size_t key_pub_data_len; + ChrPtr key_pub_data = export_key(key_pub, key_format, key_file_format, nullptr, &key_pub_data_len); + KeyPtr key_pub_imp = import_key(key_pub_type, nullptr, key_pub_data.get(), key_pub_data_len); + + assert_keys_equal(key_pub, key_pub_imp); + } + } }