From: Dariusz Michaluk Date: Thu, 9 May 2024 14:00:25 +0000 (+0200) Subject: Add concatenated wrapping API tests X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b9872c228082ae6bfbf7189258977e7d81c99056;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Add concatenated wrapping API tests Change-Id: I9ab387af866dae43b54ba59cd779d557d560b41d --- diff --git a/src/ckm/ckm-common.cpp b/src/ckm/ckm-common.cpp index 3380e9f6..72224673 100644 --- a/src/ckm/ckm-common.cpp +++ b/src/ckm/ckm-common.cpp @@ -637,6 +637,18 @@ void assert_buffers_equal(const ckmc_raw_buffer_s* b1, const ckmc_raw_buffer_s* } } +void assert_keys_equal(const ckmc_key_s* b1, const ckmc_key_s* b2, bool equal) +{ + if(equal) { + RUNNER_ASSERT_MSG(b1->key_size == b2->key_size, + "Keys size differs: " << b1->key_size << "!=" << b2->key_size); + RUNNER_ASSERT_MSG(0 == memcmp(b1->raw_key, b2->raw_key, b1->key_size), "Keys contents differ"); + } else { + RUNNER_ASSERT_MSG(b1->key_size != b2->key_size || 0 != memcmp(b1->raw_key, b2->raw_key, b1->key_size), + "Keys should be different"); + } +} + RawBufferPtr create_raw_buffer(ckmc_raw_buffer_s* buffer) { return RawBufferPtr(buffer, ckmc_buffer_free); diff --git a/src/ckm/ckm-common.h b/src/ckm/ckm-common.h index 7b7743fb..05af5b2d 100644 --- a/src/ckm/ckm-common.h +++ b/src/ckm/ckm-common.h @@ -227,6 +227,7 @@ void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* b void setParam(ParamListPtr& params, ckmc_param_name_e name, uint64_t integer); void assert_buffers_equal(const ckmc_raw_buffer_s* b1, const ckmc_raw_buffer_s* b2, bool equal=true); +void assert_keys_equal(const ckmc_key_s* b1, const ckmc_key_s* b2, bool equal=true); RawBufferPtr create_raw_buffer(ckmc_raw_buffer_s* buffer); diff --git a/src/ckm/unprivileged/key-wrapping.cpp b/src/ckm/unprivileged/key-wrapping.cpp index bedd4b36..ea2eabd7 100644 --- a/src/ckm/unprivileged/key-wrapping.cpp +++ b/src/ckm/unprivileged/key-wrapping.cpp @@ -19,6 +19,7 @@ #include #include #include +#include #include using namespace CKM; @@ -1804,3 +1805,221 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_OAEP){ testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PUB_ALIAS, nullptr, RSA_KEY_4096_PRV_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); #endif } + +RUNNER_TEST(TKW_WRAP_CONCATENATED_DATA_EXPORTABLE) +{ + ParamListPtr params = getDefaultParams(RSA_OAEP_ALGO); + setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_SHA384); + + AliasRemover removers[] = {"RSA_PRV", "RSA_PUB", "AES_KEY", "AES_KEY_IMP"}; + + assert_positive(ckmc_create_key_pair_rsa, 3072, "RSA_PRV", "RSA_PUB", EXPORTABLE, EXPORTABLE); + assert_positive(ckmc_create_key_aes, 256, "AES_KEY", EXPORTABLE); + + ckmc_raw_buffer_s *data = createRandomBufferCAPI(32); + ckmc_raw_buffer_s *data_imp = nullptr; + ckmc_key_s *wrappedKey = nullptr; + ckmc_key_s *aesKey = nullptr; + ckmc_key_s *aesKeyImp = nullptr; + + assert_positive(ckmc_wrap_concatenated_data, + params.get(), + "RSA_PUB", + nullptr, + "AES_KEY", + nullptr, + data, + &wrappedKey); + + assert_positive(ckmc_unwrap_concatenated_data, + params.get(), + "RSA_PRV", + nullptr, + wrappedKey, + "AES_KEY_IMP", + 256, + EXPORTABLE, + &data_imp); + + assert_positive(ckmc_get_key, "AES_KEY", nullptr, &aesKey); + assert_positive(ckmc_get_key, "AES_KEY_IMP", nullptr, &aesKeyImp); + + assert_buffers_equal(data, data_imp); + assert_keys_equal(aesKey, aesKeyImp); + + ckmc_buffer_free(data); + ckmc_buffer_free(data_imp); + ckmc_key_free(aesKey); + ckmc_key_free(aesKeyImp); + ckmc_key_free(wrappedKey); +} + +RUNNER_TEST(TKW_WRAP_CONCATENATED_DATA_EXPORTABLE_PWD) +{ + ParamListPtr params = getDefaultParams(RSA_OAEP_ALGO); + setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_SHA256); + + AliasRemover removers[] = {"RSA_PRV", "RSA_PUB", "AES_KEY", "AES_KEY_IMP"}; + + assert_positive(ckmc_create_key_pair_rsa, 2048, "RSA_PRV", "RSA_PUB", EXPORTABLE_PASS, EXPORTABLE_PASS); + assert_positive(ckmc_create_key_aes, 192, "AES_KEY", EXPORTABLE_PASS); + + ckmc_raw_buffer_s *data = createRandomBufferCAPI(32); + ckmc_raw_buffer_s *data_imp = nullptr; + ckmc_key_s *wrappedKey = nullptr; + ckmc_key_s *aesKey = nullptr; + ckmc_key_s *aesKeyImp = nullptr; + + assert_positive(ckmc_wrap_concatenated_data, + params.get(), + "RSA_PUB", + KEY_PASSWORD, + "AES_KEY", + KEY_PASSWORD, + data, + &wrappedKey); + + assert_positive(ckmc_unwrap_concatenated_data, + params.get(), + "RSA_PRV", + KEY_PASSWORD, + wrappedKey, + "AES_KEY_IMP", + 192, + EXPORTABLE_PASS, + &data_imp); + + assert_positive(ckmc_get_key, "AES_KEY", KEY_PASSWORD, &aesKey); + assert_positive(ckmc_get_key, "AES_KEY_IMP", KEY_PASSWORD, &aesKeyImp); + + assert_buffers_equal(data, data_imp); + assert_keys_equal(aesKey, aesKeyImp); + + ckmc_buffer_free(data); + ckmc_buffer_free(data_imp); + ckmc_key_free(aesKey); + ckmc_key_free(aesKeyImp); + ckmc_key_free(wrappedKey); +} + +RUNNER_TEST(TKW_WRAP_CONCATENATED_DATA_UNEXPORTABLE) +{ + ParamListPtr params = getDefaultParams(RSA_OAEP_ALGO); + setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_SHA1); + + AliasRemover removers[] = {"RSA_PRV", "RSA_PUB", "AES_KEY", "AES_KEY_IMP"}; + + assert_positive(ckmc_create_key_pair_rsa, 1024, "RSA_PRV", "RSA_PUB", UNEXPORTABLE, UNEXPORTABLE); + assert_positive(ckmc_create_key_aes, 128, "AES_KEY", UNEXPORTABLE); + + ckmc_raw_buffer_s *data = createRandomBufferCAPI(32); + ckmc_raw_buffer_s *data_imp = nullptr; + ckmc_key_s *wrappedKey = nullptr; + ckmc_raw_buffer_s *encrypted = nullptr; + ckmc_raw_buffer_s *decrypted = nullptr; + + assert_positive(ckmc_wrap_concatenated_data, + params.get(), + "RSA_PUB", + nullptr, + "AES_KEY", + nullptr, + data, + &wrappedKey); + + assert_positive(ckmc_unwrap_concatenated_data, + params.get(), + "RSA_PRV", + nullptr, + wrappedKey, + "AES_KEY_IMP", + 128, + UNEXPORTABLE, + &data_imp); + + assert_buffers_equal(data, data_imp); + + params = getDefaultParams(AES_CBC_ALGO); + assert_positive(ckmc_encrypt_data, + params.get(), + "AES_KEY", + nullptr, + *data, + &encrypted); + + assert_positive(ckmc_decrypt_data, + params.get(), + "AES_KEY_IMP", + nullptr, + *encrypted, + &decrypted); + + assert_buffers_equal(data, decrypted); + + ckmc_buffer_free(data); + ckmc_buffer_free(data_imp); + ckmc_buffer_free(encrypted); + ckmc_buffer_free(decrypted); + ckmc_key_free(wrappedKey); +} + +RUNNER_TEST(TKW_WRAP_CONCATENATED_DATA_UNEXPORTABLE_PWD) +{ + ParamListPtr params = getDefaultParams(RSA_OAEP_ALGO); + setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_SHA512); + + AliasRemover removers[] = {"RSA_PRV", "RSA_PUB", "AES_KEY", "AES_KEY_IMP"}; + + assert_positive(ckmc_create_key_pair_rsa, 4096, "RSA_PRV", "RSA_PUB", UNEXPORTABLE_PASS, UNEXPORTABLE_PASS); + assert_positive(ckmc_create_key_aes, 256, "AES_KEY", UNEXPORTABLE_PASS); + + ckmc_raw_buffer_s *data = createRandomBufferCAPI(64); + ckmc_raw_buffer_s *data_imp = nullptr; + ckmc_key_s *wrappedKey = nullptr; + ckmc_raw_buffer_s *encrypted = nullptr; + ckmc_raw_buffer_s *decrypted = nullptr; + + assert_positive(ckmc_wrap_concatenated_data, + params.get(), + "RSA_PUB", + KEY_PASSWORD, + "AES_KEY", + KEY_PASSWORD, + data, + &wrappedKey); + + assert_positive(ckmc_unwrap_concatenated_data, + params.get(), + "RSA_PRV", + KEY_PASSWORD, + wrappedKey, + "AES_KEY_IMP", + 256, + UNEXPORTABLE, + &data_imp); + + assert_buffers_equal(data, data_imp); + + params = getDefaultParams(AES_CBC_ALGO); + assert_positive(ckmc_encrypt_data, + params.get(), + "AES_KEY", + KEY_PASSWORD, + *data, + &encrypted); + + assert_positive(ckmc_decrypt_data, + params.get(), + "AES_KEY_IMP", + nullptr, + *encrypted, + &decrypted); + + assert_buffers_equal(data, decrypted); + + ckmc_buffer_free(data); + ckmc_buffer_free(data_imp); + ckmc_buffer_free(encrypted); + ckmc_buffer_free(decrypted); + ckmc_key_free(wrappedKey); +} \ No newline at end of file