From: Dariusz Michaluk <d.michaluk@samsung.com>
Date: Fri, 10 May 2024 09:49:45 +0000 (+0200)
Subject: Adjust tests to implementation changes
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bc00d74f5b44b1d2c76b95ced4e5c8140698934b;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git

Adjust tests to implementation changes

Allow using SHA384 & SHA512 with RSA OAEP

Change-Id: Iaf60a99d5046c94cce0c370ce4d1660886720f59
---

diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp
index 811af3a7..59358d6f 100644
--- a/src/ckm/unprivileged/encryption-decryption.cpp
+++ b/src/ckm/unprivileged/encryption-decryption.cpp
@@ -1541,9 +1541,11 @@ RUNNER_TEST_MULTIPLE(TED_1360_rsa_different_hashes, SyncEnv, AsyncEnv)
     };
     checkHash(CKMC_HASH_SHA1);
     checkHash(CKMC_HASH_SHA256);
+    checkHash(CKMC_HASH_SHA384);
+    checkHash(CKMC_HASH_SHA512);
 }
 
-RUNNER_TEST_MULTIPLE(TED_1370_rsa_invalid_hashes, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1370_rsa_invalid_hash, SyncEnv, AsyncEnv)
 {
     // prepare buffers
     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(126));
@@ -1555,22 +1557,16 @@ RUNNER_TEST_MULTIPLE(TED_1370_rsa_invalid_hashes, SyncEnv, AsyncEnv)
     ckmc_param_list_h handle = NULL;
     assert_positive(ckmc_generate_new_params, CKMC_ALGO_RSA_OAEP, &handle);
     auto params = ParamListPtr(handle, ckmc_param_list_free);
+    setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_NONE);
 
-    auto hashInvalid = [&](ckmc_hash_algo_e hash){
-        setParam(params, CKMC_PARAM_ED_OAEP_HASH, static_cast<uint64_t>(hash));
-
-        assert_crypto_result(EncryptionError::INVALID_PARAM,
-                             apiEncrypt,
-                             params.get(),
-                             aliases.pub.c_str(),
-                             nullptr,
-                             *plain.get(),
-                             &encrypted);
-    };
+    assert_crypto_result(EncryptionError::INVALID_PARAM,
+                         apiEncrypt,
+                         params.get(),
+                         aliases.pub.c_str(),
+                         nullptr,
+                         *plain.get(),
+                         &encrypted);
 
-    hashInvalid(CKMC_HASH_NONE);
-    hashInvalid(CKMC_HASH_SHA384);
-    hashInvalid(CKMC_HASH_SHA512);
 }
 
 /////////////////////////////////////////
diff --git a/src/ckm/unprivileged/key-wrapping.cpp b/src/ckm/unprivileged/key-wrapping.cpp
index 74e0c9fc..bedd4b36 100644
--- a/src/ckm/unprivileged/key-wrapping.cpp
+++ b/src/ckm/unprivileged/key-wrapping.cpp
@@ -1220,22 +1220,16 @@ RUNNER_TEST(TKW_RSAOAEP_INVALID_BUFF_LENGTH){
 RUNNER_TEST(TKW_RSAOAEP_EXPORT_INVALID_HASH){
 	ParamListPtr params = getDefaultParams(RSA_OAEP_ALGO);
 	ckmc_key_s *wrappedKey = nullptr;
+	setParam(params, CKMC_PARAM_ED_OAEP_HASH, CKMC_HASH_NONE);
 
-	auto checkHash = [&](ckmc_hash_algo_e hash){
-		setParam(params, CKMC_PARAM_ED_OAEP_HASH, hash);
-
-		assert_invalid_param(ckmc_export_wrapped_key,
-					params.get(),
-					RSA_KEY_1024_PUB_ALIAS.c_str(),
-					nullptr,
-					AES_KEY_128_ALIAS.c_str(),
-					nullptr,
-					&wrappedKey);
-	};
+	assert_invalid_param(ckmc_export_wrapped_key,
+				params.get(),
+				RSA_KEY_1024_PUB_ALIAS.c_str(),
+				nullptr,
+				AES_KEY_128_ALIAS.c_str(),
+				nullptr,
+				&wrappedKey);
 
-	checkHash(CKMC_HASH_NONE);
-	checkHash(CKMC_HASH_SHA384);
-	checkHash(CKMC_HASH_SHA512);
 }
 
 RUNNER_TEST(TKW_WRONG_TYPE_WRAPPING_KEY){
@@ -1538,7 +1532,7 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_LABEL){
 
 RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_HASH){
 	auto test = [](const Alias &wrappingKeyAlias, const Alias &unwrappingKeyAlias){
-		for (auto hash : {CKMC_HASH_SHA1, CKMC_HASH_SHA256}) {
+		for (auto hash : {CKMC_HASH_SHA1, CKMC_HASH_SHA256, CKMC_HASH_SHA384, CKMC_HASH_SHA512}) {
 			// DEFAULT_IV will be ignored by RSA
 			testImportExportCustomParameters(RSA_OAEP_ALGO,
 						wrappingKeyAlias,
@@ -1550,7 +1544,6 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_HASH){
 						hash);
 		}
 	};
-	test(RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PRV_ALIAS);
 	test(RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PRV_ALIAS);
 	test(RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PRV_ALIAS);
 #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations
@@ -1558,6 +1551,26 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_HASH){
 #endif
 }
 
+RUNNER_TEST(TKW_RSAOAEP_EXPORT_DATA_LIMIT){
+	ParamListPtr params = getDefaultParams(RSA_OAEP_ALGO);
+	ckmc_key_s *wrappedKey = nullptr;
+
+	auto checkHash = [&](ckmc_hash_algo_e hash){
+		setParam(params, CKMC_PARAM_ED_OAEP_HASH, hash);
+
+		assert_invalid_param(ckmc_export_wrapped_key,
+					params.get(),
+					RSA_KEY_1024_PUB_ALIAS.c_str(),
+					nullptr,
+					AES_KEY_256_ALIAS.c_str(),
+					nullptr,
+					&wrappedKey);
+	};
+
+	checkHash(CKMC_HASH_SHA384);
+	//checkHash(CKMC_HASH_SHA512); // TODO TA panicked while executing command
+}
+
 RUNNER_TEST(TKW_RSA_WRAPPED_KEY){
 	ParamListPtr params = getDefaultParams(AES_CTR_ALGO);