From: isaac2.lee Date: Tue, 1 Nov 2022 06:21:25 +0000 (+0900) Subject: implement se-backend functions(encrypt/decrypt/sign/verify/etc) X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=91d68e09978b33fe80d217f4f2ceeab06d8d98bc;p=platform%2Fcore%2Fsecurity%2Fkey-manager-se-backend.git implement se-backend functions(encrypt/decrypt/sign/verify/etc) Change-Id: Ida965301fed5acc6c11d30c32ebd45900818d59a --- diff --git a/include/key-manager-se-backend.h b/include/key-manager-se-backend.h index 3583afb..0fddae4 100644 --- a/include/key-manager-se-backend.h +++ b/include/key-manager-se-backend.h @@ -189,8 +189,8 @@ kmsb_error_e kmsb_aes_encrypt(const unsigned int key_idx, * @param param [in] Parameters for AES algorithm. * @param input [in] pointer for input data to decrypt * @param input_len [in] length for input data - * @param output [out] double pointer for output data. - * The memory for this is allocated by SE backend + * @param output [out] double pointer for output data. + * The memory for this is allocated by SE backend * and it must be freed using `frsecp192r1Cee()` by a caller after the usage. * @param output_len [out] pointer for output data length. * @return kmsb_error_e: TIZEN_ERROR_NONE means success, and other means fail @@ -209,7 +209,7 @@ kmsb_error_e kmsb_aes_decrypt(const unsigned int key_idx, /** * @brief Enumeration for elliptic curve. - * + * * @note This is the same as ckmc_ec_type_e in key-manager. */ typedef enum __kmsb_ec_type { @@ -290,13 +290,13 @@ kmsb_error_e kmsb_verify_signature(const unsigned int key_idx, /* * @brief Get a key value from SE - * + * * @note Only the value of public key can be extracted from SE. * Private keys or symmetric keys can not be extracted from SE. - * + * * @param key_idx [in] Key index to get - * @param output [out] double pointer for output data. - * The memory for this is allocated by SE backend + * @param output [out] double pointer for output data. + * The memory for this is allocated by SE backend * and it must be freed using `free()` by a caller after the usage. * @param output_len [out] pointer for output data length. * @return kmsb_error_e: TIZEN_ERROR_NONE means success, and other means fail @@ -311,12 +311,12 @@ kmsb_error_e kmsb_get_key(const unsigned int key_idx, unsigned char **output, un /* * @brief Get a certificate value from SE - * + * * @note the format of certificate is the DER encoded form of X.509. - * + * * @param cert_idx [in] Certificate index to get - * @param output [out] double pointer for output data. - * The memory for this is allocated by SE backend + * @param output [out] double pointer for output data. + * The memory for this is allocated by SE backend * and it must be freed using `free()` by a caller after the usage. * @param output_len [out] pointer for output data length. * @return kmsb_error_e: TIZEN_ERROR_NONE means success, and other means fail @@ -331,10 +331,10 @@ kmsb_error_e kmsb_get_certificate(const unsigned int cert_idx, unsigned char **o /* * @brief Get a data value from SE - * + * * @param data_idx [in] Certificate index to get - * @param output [out] double pointer for output data. - * The memory for this is allocated by SE backend + * @param output [out] double pointer for output data. + * The memory for this is allocated by SE backend * and it must be freed using `free()` by a caller after the usage. * @param output_len [out] pointer for output data length. * @return kmsb_error_e: TIZEN_ERROR_NONE means success, and other means fail diff --git a/srcs/km_se_backend.c b/srcs/km_se_backend.c index 480fa17..778ff2d 100644 --- a/srcs/km_se_backend.c +++ b/srcs/km_se_backend.c @@ -369,7 +369,6 @@ kmsb_error_e kmsb_aes_encrypt(const unsigned int key_idx, unsigned char* buf = NULL; unsigned char* key = KEY_ARRAY[key_idx]; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - switch (param->mode) { case KMSB_ALGO_AES_CTR: ret = EVP_EncryptInit_ex(ctx, EVP_aes_256_ctr(), NULL, key, param->iv); diff --git a/tests/test_cases.cpp b/tests/test_cases.cpp index 561f99d..183a43a 100644 --- a/tests/test_cases.cpp +++ b/tests/test_cases.cpp @@ -94,7 +94,7 @@ BOOST_AUTO_TEST_CASE(kmsb_generate_dbp_key_p, ret = kmsb_generate_dbp_key(false); BOOST_REQUIRE(ret == KMSB_ERROR_NONE); - + ret = kmsb_encrypt_with_dbp_key(SE_BACKEND_DBP_SCHEME_VERSION, input, sizeof(input), iv, sizeof(iv), @@ -200,7 +200,11 @@ BOOST_AUTO_TEST_CASE(kmsb_encrypt_with_dbp_key_invalid_parameter_n) BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); } -/////////////////////////// +//////////////////////////////////////////////////////////////////////////////////////////////////// +// TEST [AES encrypt/decrypt], [ECDSA sign/verify], [get public key], [get certificate], [get data] +// !!! WARNING test code set the key index, cert index, data index arbitrarily for sample codes +// !!! For Secure Element, it should be re-set the right index. +//////////////////////////////////////////////////////////////////////////////////////////////////// const int TEST_AES_KEY_IDX = 1; const int TEST_ECDSA_P192_KEY_IDX = 2; const int TEST_ECDSA_P256_KEY_IDX = 3; @@ -208,7 +212,52 @@ const int TEST_ECDSA_S384_KEY_IDX = 4; const int TEST_CERT_IDX = 0; const int TEST_DATA_IDX = 0; -BOOST_AUTO_TEST_CASE(kmsb_aes_cbc_encrypt_p) +bool _aes_mode_checker(kmsb_aes_mode_e mode) +{ + bool mode_exist = true; + kmsb_error_e ret = KMSB_ERROR_NONE; + + unsigned char input[32] = {0x01}; + unsigned char iv[16] = {0x02}; + unsigned char aad[16] = {0x03}; + unsigned char tag[16]; + unsigned char *output = NULL; + unsigned int output_len = 0; + + kmsb_aes_param_s param; + param.mode = mode; + param.iv = iv; + param.iv_len = sizeof(iv); + param.aad = aad; + param.aad_len = sizeof(aad), + param.tag = tag; + + ret = kmsb_aes_encrypt(TEST_AES_KEY_IDX, ¶m, + input, sizeof(input), + &output, &output_len); + if (ret == KMSB_ERROR_NOT_SUPPORTED) + mode_exist = false; + + BOOST_TEST_MESSAGE( "Check Support of AES mode(" << mode << "): Valid=" + << std::boolalpha << mode_exist ); + + if (output) free(output); + return mode_exist; +} + +struct aes_mode_checker +{ + aes_mode_checker() {} + aes_mode_checker(kmsb_aes_mode_e mode):_mode(mode) {} + boost::test_tools::assertion_result operator()(boost::unit_test::test_unit_id) + { + return _aes_mode_checker(_mode); + } + kmsb_aes_mode_e _mode; +}; + +BOOST_AUTO_TEST_CASE(kmsb_aes_encrypt_cbc_p, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_CBC))) { kmsb_error_e ret = KMSB_ERROR_NONE; @@ -221,7 +270,7 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_cbc_encrypt_p) kmsb_aes_param_s param; param.mode = KMSB_ALGO_AES_CBC; param.iv = iv; - param.iv_len = 16; + param.iv_len = sizeof(iv); ret = kmsb_aes_encrypt(TEST_AES_KEY_IDX, ¶m, input, sizeof(input), @@ -238,7 +287,8 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_cbc_encrypt_p) if (output2) free(output2); } -BOOST_AUTO_TEST_CASE(kmsb_aes_cbc_decrypt_p) +BOOST_AUTO_TEST_CASE(kmsb_aes_decrypt_cbc_p, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_CBC))) { kmsb_error_e ret = KMSB_ERROR_NONE; @@ -251,7 +301,7 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_cbc_decrypt_p) kmsb_aes_param_s param; param.mode = KMSB_ALGO_AES_CBC; param.iv = iv; - param.iv_len = 16; + param.iv_len = sizeof(iv); ret = kmsb_aes_encrypt(TEST_AES_KEY_IDX, ¶m, input, sizeof(input), @@ -269,7 +319,8 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_cbc_decrypt_p) if (output2) free(output2); } -BOOST_AUTO_TEST_CASE(kmsb_aes_ctr_encrypt_p) +BOOST_AUTO_TEST_CASE(kmsb_aes_encrypt_ctr_p, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_CTR))) { kmsb_error_e ret = KMSB_ERROR_NONE; @@ -282,7 +333,7 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_ctr_encrypt_p) kmsb_aes_param_s param; param.mode = KMSB_ALGO_AES_CTR; param.iv = iv; - param.iv_len = 16; + param.iv_len = sizeof(iv); ret = kmsb_aes_encrypt(TEST_AES_KEY_IDX, ¶m, input, sizeof(input), &output1, &output_len); @@ -301,7 +352,8 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_ctr_encrypt_p) if (output2) free(output2); } -BOOST_AUTO_TEST_CASE(kmsb_aes_ctr_decrypt_p) +BOOST_AUTO_TEST_CASE(kmsb_aes_decrypt_ctr_p, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_CTR))) { kmsb_error_e ret = KMSB_ERROR_NONE; @@ -314,7 +366,7 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_ctr_decrypt_p) kmsb_aes_param_s param; param.mode = KMSB_ALGO_AES_CTR; param.iv = iv; - param.iv_len = 16; + param.iv_len = sizeof(iv); ret = kmsb_aes_encrypt(TEST_AES_KEY_IDX, ¶m, input, sizeof(input), @@ -333,7 +385,8 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_ctr_decrypt_p) if (output2) free(output2); } -BOOST_AUTO_TEST_CASE(kmsb_aes_cfb_encrypt_p) +BOOST_AUTO_TEST_CASE(kmsb_aes_encrypt_cfb_p, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_CFB))) { kmsb_error_e ret = KMSB_ERROR_NONE; @@ -346,7 +399,8 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_cfb_encrypt_p) kmsb_aes_param_s param; param.mode = KMSB_ALGO_AES_CFB; param.iv = iv; - param.iv_len = 16; + param.iv_len = sizeof(iv); + ret = kmsb_aes_encrypt(TEST_AES_KEY_IDX, ¶m, input, sizeof(input), &output1, &output_len); @@ -365,7 +419,8 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_cfb_encrypt_p) if (output2) free(output2); } -BOOST_AUTO_TEST_CASE(kmsb_aes_cfb_decrypt_p) +BOOST_AUTO_TEST_CASE(kmsb_aes_decrypt_cfb_p, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_CFB))) { kmsb_error_e ret = KMSB_ERROR_NONE; @@ -378,7 +433,7 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_cfb_decrypt_p) kmsb_aes_param_s param; param.mode = KMSB_ALGO_AES_CFB; param.iv = iv; - param.iv_len = 16; + param.iv_len = sizeof(iv); ret = kmsb_aes_encrypt(TEST_AES_KEY_IDX, ¶m, input, sizeof(input), @@ -397,7 +452,8 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_cfb_decrypt_p) if (output2) free(output2); } -BOOST_AUTO_TEST_CASE(kmsb_aes_gcm_encrypt_p) +BOOST_AUTO_TEST_CASE(kmsb_aes_encrypt_gcm_p, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_GCM))) { kmsb_error_e ret = KMSB_ERROR_NONE; @@ -412,7 +468,7 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_gcm_encrypt_p) kmsb_aes_param_s param; param.mode = KMSB_ALGO_AES_GCM; param.iv = iv; - param.iv_len = 16; + param.iv_len = sizeof(iv); param.aad = aad; param.aad_len = sizeof(aad), param.tag = tag; @@ -434,7 +490,8 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_gcm_encrypt_p) if (output2) free(output2); } -BOOST_AUTO_TEST_CASE(kmsb_aes_gcm_decrypt_p) +BOOST_AUTO_TEST_CASE(kmsb_aes_decrypt_gcm_p, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_GCM))) { kmsb_error_e ret = KMSB_ERROR_NONE; @@ -449,7 +506,7 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_gcm_decrypt_p) kmsb_aes_param_s param; param.mode = KMSB_ALGO_AES_GCM; param.iv = iv; - param.iv_len = 16; + param.iv_len = sizeof(iv); param.aad = aad; param.aad_len = sizeof(aad); param.tag = tag; @@ -471,7 +528,184 @@ BOOST_AUTO_TEST_CASE(kmsb_aes_gcm_decrypt_p) if (output2) free(output2); } -void test_kmsb_create_signature(int key_idx, +BOOST_AUTO_TEST_CASE(kmsb_aes_decrypt_fail_n, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_CBC))) +{ + kmsb_error_e ret = KMSB_ERROR_NONE; + + unsigned char input[32] = {0x01}; + unsigned char iv[16] = {0x02}; + unsigned char *output1 = NULL; + unsigned char *output2 = NULL; + unsigned int output_len = 0; + + kmsb_aes_param_s param; + param.mode = KMSB_ALGO_AES_CBC; + param.iv = iv; + param.iv_len = 16; + + ret = kmsb_aes_encrypt(TEST_AES_KEY_IDX, ¶m, + input, sizeof(input), + &output1, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_NONE); + + output_len--; + ret = kmsb_aes_decrypt(TEST_AES_KEY_IDX, ¶m, + output1, output_len, + &output2, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_OPERATION_FAILED); + + if (output1) free(output1); + if (output2) free(output2); +} + +BOOST_AUTO_TEST_CASE(kmsb_aes_encrypt_invalid_parameters_n, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_CBC))) +{ + kmsb_error_e ret = KMSB_ERROR_NONE; + + unsigned char input[32] = {0x01}; + unsigned char iv[16] = {0x02}; + unsigned char *output = NULL; + unsigned int output_len = 0; + unsigned int key_idx = TEST_AES_KEY_IDX; + + kmsb_aes_param_s param; + param.mode = KMSB_ALGO_AES_CBC; + param.iv = iv; + param.iv_len = 16; + + ret = kmsb_aes_encrypt(key_idx, ¶m, + NULL, sizeof(input), + &output, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + ret = kmsb_aes_encrypt(key_idx, ¶m, + input, 0, + &output, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + param.iv = NULL; + ret = kmsb_aes_encrypt(key_idx, ¶m, + input, sizeof(input), + &output, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + param.iv = iv; + param.iv_len = 0; + ret = kmsb_aes_encrypt(key_idx, ¶m, + input, sizeof(input), + &output, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); +} + +BOOST_AUTO_TEST_CASE(kmsb_aes_decrypt_invalid_parameters_n, + * boost::unit_test::precondition(aes_mode_checker(KMSB_ALGO_AES_CBC))) +{ + kmsb_error_e ret = KMSB_ERROR_NONE; + + unsigned char input[32] = {0x01}; + unsigned char iv[16] = {0x02}; + unsigned char *output = NULL; + unsigned int output_len = 0; + unsigned int key_idx = TEST_AES_KEY_IDX; + + kmsb_aes_param_s param; + param.mode = KMSB_ALGO_AES_CBC; + param.iv = iv; + param.iv_len = 16; + + ret = kmsb_aes_encrypt(key_idx, ¶m, + input, sizeof(input), + &output, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_NONE); + + ret = kmsb_aes_decrypt(key_idx, ¶m, + NULL, sizeof(input), + &output, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + ret = kmsb_aes_decrypt(key_idx, ¶m, + input, 0, + &output, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + ret = kmsb_aes_decrypt(key_idx, ¶m, + input, sizeof(input), + NULL, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + ret = kmsb_aes_decrypt(key_idx, ¶m, + input, sizeof(input), + &output, NULL); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + param.iv = NULL; + ret = kmsb_aes_decrypt(key_idx, ¶m, + input, sizeof(input), + &output, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + param.iv = iv; + param.iv_len = 0; + ret = kmsb_aes_encrypt(key_idx, ¶m, + input, sizeof(input), + &output, &output_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + if (output) free(output); +} + +bool _hash_curv_checker(kmsb_hash_algo_e hash, kmsb_ec_type_e ec) +{ + bool valid = true; + unsigned char input[32] = {0x01}; + unsigned char *signature = NULL; + unsigned int signature_len = 0; + + kmsb_error_e ret = KMSB_ERROR_NONE; + kmsb_sign_param_s param; + param.ec_type = ec; + param.hash_algo = hash; + + int key_idx = 0; + switch (ec) { + case KMSB_EC_PRIME192V1: + key_idx = TEST_ECDSA_P192_KEY_IDX; + break; + case KMSB_EC_PRIME256V1: + key_idx = TEST_ECDSA_P256_KEY_IDX; + break; + case KMSB_EC_SECP384R1: + key_idx = TEST_ECDSA_S384_KEY_IDX; + break; + } + + ret = kmsb_create_signature(key_idx, ¶m, + input, sizeof(input), + &signature, &signature_len); + if (ret == KMSB_ERROR_NOT_SUPPORTED) + valid = false; + + BOOST_TEST_MESSAGE( "Check Support of hash mode(" << hash << "|" << ec << "): Valid=" + << std::boolalpha << valid ); + if (signature) free(signature); + return valid; +} + +struct ec_checker +{ + ec_checker() {} + ec_checker(kmsb_hash_algo_e hash, kmsb_ec_type_e ec): _hash(hash), _ec(ec) {} + boost::test_tools::assertion_result operator()(boost::unit_test::test_unit_id) + { + return _hash_curv_checker(_hash, _ec); + } + kmsb_hash_algo_e _hash; + kmsb_ec_type_e _ec; +}; + +void test_kmsb_create_signature(int key_idx, kmsb_hash_algo_e alg, kmsb_ec_type_e ec, unsigned char *input, unsigned int input_len, unsigned char **output, unsigned int *output_len) @@ -487,7 +721,7 @@ void test_kmsb_create_signature(int key_idx, BOOST_REQUIRE(ret == KMSB_ERROR_NONE); } -void test_kmsb_verify_signature(int key_idx, +void test_kmsb_verify_signature(int key_idx, kmsb_hash_algo_e alg, kmsb_ec_type_e ec, unsigned char *input, unsigned int input_len, unsigned char **output, unsigned int *output_len) @@ -508,7 +742,8 @@ void test_kmsb_verify_signature(int key_idx, BOOST_REQUIRE(ret == KMSB_ERROR_NONE); } -BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha1_p) +BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha1_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA1, KMSB_EC_PRIME256V1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -523,7 +758,8 @@ BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha1_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha256_p) +BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha256_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_PRIME256V1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -538,7 +774,8 @@ BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha256_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha384_p) +BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha384_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA384, KMSB_EC_PRIME256V1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -553,7 +790,8 @@ BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha384_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha512_p) +BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha512_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA512, KMSB_EC_PRIME256V1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -568,7 +806,8 @@ BOOST_AUTO_TEST_CASE(kmsb_create_signature_sha512_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_create_signature_p192v1_p) +BOOST_AUTO_TEST_CASE(kmsb_create_signature_p192v1_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_PRIME192V1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -583,7 +822,8 @@ BOOST_AUTO_TEST_CASE(kmsb_create_signature_p192v1_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_create_signature_secp384r1_p) +BOOST_AUTO_TEST_CASE(kmsb_create_signature_secp384r1_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_SECP384R1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -598,7 +838,8 @@ BOOST_AUTO_TEST_CASE(kmsb_create_signature_secp384r1_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha1_p) +BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha1_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA1, KMSB_EC_PRIME256V1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -613,7 +854,8 @@ BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha1_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha256_p) +BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha256_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_PRIME256V1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -628,7 +870,8 @@ BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha256_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha384_p) +BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha384_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA384, KMSB_EC_PRIME256V1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -643,7 +886,8 @@ BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha384_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha512_p) +BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha512_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA512, KMSB_EC_PRIME256V1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -658,7 +902,8 @@ BOOST_AUTO_TEST_CASE(kmsb_verify_signature_sha512_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_verify_signature_p192v1_p) +BOOST_AUTO_TEST_CASE(kmsb_verify_signature_p192v1_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_PRIME192V1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -673,7 +918,8 @@ BOOST_AUTO_TEST_CASE(kmsb_verify_signature_p192v1_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_verify_signature_secp384r1_p) +BOOST_AUTO_TEST_CASE(kmsb_verify_signature_secp384r1_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_SECP384R1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -688,132 +934,8 @@ BOOST_AUTO_TEST_CASE(kmsb_verify_signature_secp384r1_p) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_aes_decrypt_fail_n) -{ - kmsb_error_e ret = KMSB_ERROR_NONE; - - unsigned char input[32] = {0x01}; - unsigned char iv[16] = {0x02}; - unsigned char *output1 = NULL; - unsigned char *output2 = NULL; - unsigned int output_len = 0; - - kmsb_aes_param_s param; - param.mode = KMSB_ALGO_AES_CBC; - param.iv = iv; - param.iv_len = 16; - - ret = kmsb_aes_encrypt(TEST_AES_KEY_IDX, ¶m, - input, sizeof(input), - &output1, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_NONE); - - output_len--; - ret = kmsb_aes_decrypt(TEST_AES_KEY_IDX, ¶m, - output1, output_len, - &output2, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_OPERATION_FAILED); - - if (output1) free(output1); - if (output2) free(output2); -} - -BOOST_AUTO_TEST_CASE(kmsb_aes_encrypt_invalid_parameters_n) -{ - kmsb_error_e ret = KMSB_ERROR_NONE; - - unsigned char input[32] = {0x01}; - unsigned char iv[16] = {0x02}; - unsigned char *output = NULL; - unsigned int output_len = 0; - unsigned int key_idx = TEST_AES_KEY_IDX; - - kmsb_aes_param_s param; - param.mode = KMSB_ALGO_AES_CBC; - param.iv = iv; - param.iv_len = 16; - - ret = kmsb_aes_encrypt(key_idx, ¶m, - NULL, sizeof(input), - &output, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); - - ret = kmsb_aes_encrypt(key_idx, ¶m, - input, 0, - &output, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); - - param.iv = NULL; - ret = kmsb_aes_encrypt(key_idx, ¶m, - input, sizeof(input), - &output, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); - - param.iv = iv; - param.iv_len = 0; - ret = kmsb_aes_encrypt(key_idx, ¶m, - input, sizeof(input), - &output, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); -} - -BOOST_AUTO_TEST_CASE(kmsb_aes_decrypt_invalid_parameters_n) -{ - kmsb_error_e ret = KMSB_ERROR_NONE; - - unsigned char input[32] = {0x01}; - unsigned char iv[16] = {0x02}; - unsigned char *output = NULL; - unsigned int output_len = 0; - unsigned int key_idx = TEST_AES_KEY_IDX; - - kmsb_aes_param_s param; - param.mode = KMSB_ALGO_AES_CBC; - param.iv = iv; - param.iv_len = 16; - - ret = kmsb_aes_encrypt(key_idx, ¶m, - input, sizeof(input), - &output, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_NONE); - - ret = kmsb_aes_decrypt(key_idx, ¶m, - NULL, sizeof(input), - &output, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); - - ret = kmsb_aes_decrypt(key_idx, ¶m, - input, 0, - &output, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); - - ret = kmsb_aes_decrypt(key_idx, ¶m, - input, sizeof(input), - NULL, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); - - ret = kmsb_aes_decrypt(key_idx, ¶m, - input, sizeof(input), - &output, NULL); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); - - param.iv = NULL; - ret = kmsb_aes_decrypt(key_idx, ¶m, - input, sizeof(input), - &output, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); - - param.iv = iv; - param.iv_len = 0; - ret = kmsb_aes_encrypt(key_idx, ¶m, - input, sizeof(input), - &output, &output_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); - - if (output) free(output); -} - -BOOST_AUTO_TEST_CASE(kmsb_verify_signature_fail_n) +BOOST_AUTO_TEST_CASE(kmsb_verify_signature_fail_n, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_PRIME256V1))) { kmsb_error_e ret = KMSB_ERROR_NONE; unsigned char input[32] = {0x01}; @@ -838,7 +960,8 @@ BOOST_AUTO_TEST_CASE(kmsb_verify_signature_fail_n) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_create_signature_wrong_key_idx_n) +BOOST_AUTO_TEST_CASE(kmsb_create_signature_wrong_key_idx_n, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_SECP384R1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -853,7 +976,8 @@ BOOST_AUTO_TEST_CASE(kmsb_create_signature_wrong_key_idx_n) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_verify_signature_wrong_key_idx_n) +BOOST_AUTO_TEST_CASE(kmsb_verify_signature_wrong_key_idx_n, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_SECP384R1))) { unsigned char input[32] = {0x01}; unsigned char *signature = NULL; @@ -868,7 +992,8 @@ BOOST_AUTO_TEST_CASE(kmsb_verify_signature_wrong_key_idx_n) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_create_signature_invalid_parameters_n) +BOOST_AUTO_TEST_CASE(kmsb_create_signature_invalid_parameters_n, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_PRIME256V1))) { kmsb_error_e ret = KMSB_ERROR_NONE; unsigned char input[32] = {0x01}; @@ -907,7 +1032,8 @@ BOOST_AUTO_TEST_CASE(kmsb_create_signature_invalid_parameters_n) } -BOOST_AUTO_TEST_CASE(kmsb_verify_signature_invalid_parameters_n) +BOOST_AUTO_TEST_CASE(kmsb_verify_signature_invalid_parameters_n, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_PRIME256V1))) { kmsb_error_e ret = KMSB_ERROR_NONE; unsigned char input[32] = {0x01}; @@ -954,31 +1080,27 @@ BOOST_AUTO_TEST_CASE(kmsb_verify_signature_invalid_parameters_n) if (signature) free(signature); } -BOOST_AUTO_TEST_CASE(kmsb_get_key_invalid_parameters_n) +BOOST_AUTO_TEST_CASE(kmsb_get_key_p192_p, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_PRIME192V1))) { kmsb_error_e ret = KMSB_ERROR_NONE; unsigned char *public_key = NULL; unsigned int key_len = 0; - unsigned int key_idx = TEST_ECDSA_P256_KEY_IDX; - - ret = kmsb_get_key(100, &public_key, &key_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); - - ret = kmsb_get_key(key_idx, NULL, &key_len); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + unsigned int key_idx = TEST_ECDSA_P192_KEY_IDX; - ret = kmsb_get_key(key_idx, &public_key, NULL); - BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + ret = kmsb_get_key(key_idx, &public_key, &key_len); + BOOST_REQUIRE(ret == KMSB_ERROR_NONE); if (public_key) free(public_key); } -BOOST_AUTO_TEST_CASE(kmsb_get_key_p192_p) +BOOST_AUTO_TEST_CASE(kmsb_get_key_p256_n, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_PRIME256V1))) { kmsb_error_e ret = KMSB_ERROR_NONE; unsigned char *public_key = NULL; unsigned int key_len = 0; - unsigned int key_idx = TEST_ECDSA_P192_KEY_IDX; + unsigned int key_idx = TEST_ECDSA_P256_KEY_IDX; ret = kmsb_get_key(key_idx, &public_key, &key_len); BOOST_REQUIRE(ret == KMSB_ERROR_NONE); @@ -986,12 +1108,13 @@ BOOST_AUTO_TEST_CASE(kmsb_get_key_p192_p) if (public_key) free(public_key); } -BOOST_AUTO_TEST_CASE(kmsb_get_key_p256_n) +BOOST_AUTO_TEST_CASE(kmsb_get_key_secp384r1_n, + * boost::unit_test::precondition(ec_checker(KMSB_HASH_SHA256, KMSB_EC_SECP384R1))) { kmsb_error_e ret = KMSB_ERROR_NONE; unsigned char *public_key = NULL; unsigned int key_len = 0; - unsigned int key_idx = TEST_ECDSA_P256_KEY_IDX; + unsigned int key_idx = TEST_ECDSA_S384_KEY_IDX; ret = kmsb_get_key(key_idx, &public_key, &key_len); BOOST_REQUIRE(ret == KMSB_ERROR_NONE); @@ -999,19 +1122,38 @@ BOOST_AUTO_TEST_CASE(kmsb_get_key_p256_n) if (public_key) free(public_key); } -BOOST_AUTO_TEST_CASE(kmsb_get_key_secp384r1_n) +BOOST_AUTO_TEST_CASE(kmsb_get_key_invalid_parameters_n) { kmsb_error_e ret = KMSB_ERROR_NONE; unsigned char *public_key = NULL; unsigned int key_len = 0; - unsigned int key_idx = TEST_ECDSA_S384_KEY_IDX; + unsigned int key_idx = TEST_ECDSA_P256_KEY_IDX; - ret = kmsb_get_key(key_idx, &public_key, &key_len); - BOOST_REQUIRE(ret == KMSB_ERROR_NONE); + ret = kmsb_get_key(100, &public_key, &key_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + ret = kmsb_get_key(key_idx, NULL, &key_len); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); + + ret = kmsb_get_key(key_idx, &public_key, NULL); + BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER); if (public_key) free(public_key); } +BOOST_AUTO_TEST_CASE(kmsb_get_certificate_p) +{ + kmsb_error_e ret = KMSB_ERROR_NONE; + unsigned char *certificate = NULL; + unsigned int cert_len = 0; + unsigned int cert_idx = TEST_CERT_IDX; + + ret = kmsb_get_certificate(cert_idx, &certificate, &cert_len); + BOOST_REQUIRE(ret == KMSB_ERROR_NONE); + + if (certificate) free(certificate); +} + BOOST_AUTO_TEST_CASE(kmsb_get_certificate_invalid_parameters_n) { kmsb_error_e ret = KMSB_ERROR_NONE; @@ -1031,17 +1173,17 @@ BOOST_AUTO_TEST_CASE(kmsb_get_certificate_invalid_parameters_n) if (certificate) free(certificate); } -BOOST_AUTO_TEST_CASE(kmsb_get_certificate_p) +BOOST_AUTO_TEST_CASE(kmsb_get_data_p) { kmsb_error_e ret = KMSB_ERROR_NONE; - unsigned char *certificate = NULL; - unsigned int cert_len = 0; - unsigned int cert_idx = TEST_CERT_IDX; + unsigned char *data = NULL; + unsigned int data_len = 0; + unsigned int data_idx = TEST_DATA_IDX; - ret = kmsb_get_certificate(cert_idx, &certificate, &cert_len); + ret = kmsb_get_data(data_idx, &data, &data_len); BOOST_REQUIRE(ret == KMSB_ERROR_NONE); - if (certificate) free(certificate); + if (data) free(data); } BOOST_AUTO_TEST_CASE(kmsb_get_data_invalid_parameters_n) @@ -1063,19 +1205,6 @@ BOOST_AUTO_TEST_CASE(kmsb_get_data_invalid_parameters_n) if (data) free(data); } -BOOST_AUTO_TEST_CASE(kmsb_get_data_p) -{ - kmsb_error_e ret = KMSB_ERROR_NONE; - unsigned char *data = NULL; - unsigned int data_len = 0; - unsigned int data_idx = TEST_DATA_IDX; - - ret = kmsb_get_data(data_idx, &data, &data_len); - BOOST_REQUIRE(ret == KMSB_ERROR_NONE); - - if (data) free(data); -} - BOOST_AUTO_TEST_SUITE_END() // SE_EMUL BOOST_AUTO_TEST_SUITE_END() // USER