From: Krzysztof Jackiewicz Date: Mon, 25 Sep 2023 09:52:51 +0000 (+0200) Subject: Add tests for different OAEP hashes X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=89a3e7686deb41f1d78a585c00e4ed5386a32caf;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Add tests for different OAEP hashes Change-Id: If15830a880bd4ffb9f546afd55d885a78ece37c5 --- diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp index 3da42d26..10e23e24 100644 --- a/src/ckm/unprivileged/encryption-decryption.cpp +++ b/src/ckm/unprivileged/encryption-decryption.cpp @@ -1488,6 +1488,74 @@ RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv) testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 4096}, 471); } +RUNNER_TEST_MULTIPLE(TED_1360_rsa_different_hashes, SyncEnv, AsyncEnv) +{ + // prepare buffers + RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(126)); + ckmc_raw_buffer_s* decrypted = nullptr; + ckmc_raw_buffer_s* encrypted = nullptr; + KeyAliasPair aliases = getKey({CKMC_ALGO_RSA_OAEP, 2048}, PRIMARY); + + ckmc_param_list_h handle = NULL; + assert_positive(ckmc_generate_new_params, CKMC_ALGO_RSA_OAEP, &handle); + auto params = ParamListPtr(handle, ckmc_param_list_free); + + auto checkHash = [&](ckmc_hash_algo_e hash) { + setParam(params, CKMC_PARAM_ED_OAEP_HASH, static_cast(hash)); + + assert_crypto_positive(apiEncrypt, + params.get(), + aliases.pub.c_str(), + nullptr, + *plain.get(), + &encrypted); + + auto encryptedPtr = create_raw_buffer(encrypted); + + assert_crypto_positive(apiDecrypt, + params.get(), + aliases.prv.c_str(), + nullptr, + *encrypted, + &decrypted); + auto tmp = create_raw_buffer(decrypted); + + assert_buffers_equal(plain.get(), decrypted); + }; + checkHash(CKMC_HASH_SHA1); + checkHash(CKMC_HASH_SHA256); +} + +RUNNER_TEST_MULTIPLE(TED_1370_rsa_invalid_hashes, SyncEnv, AsyncEnv) +{ + // prepare buffers + RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(126)); + + // encrypt + ckmc_raw_buffer_s* encrypted = nullptr; + KeyAliasPair aliases = getKey({CKMC_ALGO_RSA_OAEP, 2048}, PRIMARY); + + ckmc_param_list_h handle = NULL; + assert_positive(ckmc_generate_new_params, CKMC_ALGO_RSA_OAEP, &handle); + auto params = ParamListPtr(handle, ckmc_param_list_free); + + auto hashInvalid = [&](ckmc_hash_algo_e hash){ + setParam(params, CKMC_PARAM_ED_OAEP_HASH, static_cast(hash)); + + assert_crypto_result(EncryptionError::INVALID_PARAM, + apiEncrypt, + params.get(), + aliases.pub.c_str(), + nullptr, + *plain.get(), + &encrypted); + }; + + hashInvalid(CKMC_HASH_NONE); + hashInvalid(CKMC_HASH_SHA384); + hashInvalid(CKMC_HASH_SHA512); +} + ///////////////////////////////////////// // Asynchronous only tests ///////////////////////////////////////// diff --git a/src/ckm/unprivileged/key-wrapping.cpp b/src/ckm/unprivileged/key-wrapping.cpp index 2a5efb6d..830469ed 100644 --- a/src/ckm/unprivileged/key-wrapping.cpp +++ b/src/ckm/unprivileged/key-wrapping.cpp @@ -363,6 +363,33 @@ void testImportValidArgs(const Algo &algo, ckmc_remove_key(IMPORTED_ALIAS.c_str()); } +void testImportRSAHashes(int buffLen, + const Alias &wrappingKeyAlias, + const Alias &unwrappingKeyAlias){ + ParamListPtr params = getDefaultParams({CKMC_ALGO_RSA_OAEP, 0}); + + auto test = [&]{ + RawBufferPtr plainKey = encryptAndImport(params, + buffLen, + wrappingKeyAlias, + nullptr, + unwrappingKeyAlias, + nullptr, + IMPORTED_ALIAS.c_str(), + UNEXPORTABLE); + + assert_aes_key_value(IMPORTED_ALIAS, nullptr, plainKey); + + ckmc_remove_key(IMPORTED_ALIAS.c_str()); + }; + + test(); + setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_SHA1); + test(); + setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_SHA256); + test(); +} + void testBadWrappedKey(const Algo &algo){ ParamListPtr params = getDefaultParams(algo); ckmc_key_s *wrongKey = generate_AES_key(128, nullptr); @@ -1127,6 +1154,12 @@ RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_4096){ testImportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PRV_ALIAS); } +RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_DIFFERENT_HASH){ + // 1024 is too short for SHA512 hash + testImportRSAHashes(16, RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PRV_ALIAS); + testImportRSAHashes(16, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PRV_ALIAS); +} + RUNNER_TEST(TKW_RSAOAEP_INVALID_BUFF_LENGTH){ testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PRV_ALIAS); testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PRV_ALIAS); @@ -1139,6 +1172,27 @@ RUNNER_TEST(TKW_RSAOAEP_INVALID_BUFF_LENGTH){ testImportInvalidBuffLen(RSA_OAEP_ALGO, 82, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PRV_ALIAS); } +RUNNER_TEST(TKW_RSAOAEP_EXPORT_INVALID_HASH){ + ParamListPtr params = getDefaultParams(RSA_OAEP_ALGO); + ckmc_key_s *wrappedKey = nullptr; + + auto checkHash = [&](ckmc_hash_algo_e hash){ + setParam(params, CKMC_PARAM_ED_OAEP_HASH, hash); + + assert_invalid_param(ckmc_export_wrapped_key, + params.get(), + RSA_KEY_1024_PUB_ALIAS.c_str(), + nullptr, + AES_KEY_128_ALIAS.c_str(), + nullptr, + &wrappedKey); + }; + + checkHash(CKMC_HASH_NONE); + checkHash(CKMC_HASH_SHA384); + checkHash(CKMC_HASH_SHA512); +} + RUNNER_TEST(TKW_WRONG_TYPE_WRAPPING_KEY){ testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PUB_ALIAS); testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PUB_ALIAS);