From: Dongsun Lee Date: Mon, 18 Mar 2024 06:59:08 +0000 (+0900) Subject: Add test-cases for RSA 3072 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F15%2F308115%2F3;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Add test-cases for RSA 3072 Change-Id: I9a42988035717b8bb128a4dc06add83c080e9cbc --- diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp index a4a9e499..811af3a7 100644 --- a/src/ckm/unprivileged/encryption-decryption.cpp +++ b/src/ckm/unprivileged/encryption-decryption.cpp @@ -209,6 +209,7 @@ public: generateSymmetricKeys(256); generateRsaKeys(1024); generateRsaKeys(2048); + generateRsaKeys(3072); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations generateRsaKeys(4096); #endif @@ -367,6 +368,7 @@ void testAllAlgorithms(const std::function& test) test( { CKMC_ALGO_RSA_OAEP, 1024 }); test( { CKMC_ALGO_RSA_OAEP, 2048 }); + test( { CKMC_ALGO_RSA_OAEP, 3072 }); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations test( { CKMC_ALGO_RSA_OAEP, 4096 }); #endif @@ -1184,6 +1186,7 @@ RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv, testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 1024}, false); testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 2048}, false); + testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 3072}, false); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 4096}, false); #endif @@ -1476,6 +1479,7 @@ RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv) RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl"); encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 1024}, CKMC_PARAM_ED_LABEL); encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 2048}, CKMC_PARAM_ED_LABEL); + encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 3072}, CKMC_PARAM_ED_LABEL); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 4096}, CKMC_PARAM_ED_LABEL); #endif @@ -1485,6 +1489,7 @@ RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv) { testRsaLongestData({CKMC_ALGO_RSA_OAEP, 1024}, 86); testRsaLongestData({CKMC_ALGO_RSA_OAEP, 2048}, 214); + testRsaLongestData({CKMC_ALGO_RSA_OAEP, 3072}, 342); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations testRsaLongestData({CKMC_ALGO_RSA_OAEP, 4096}, 470); #endif @@ -1494,6 +1499,7 @@ RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv) { testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 1024}, 87); testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 2048}, 215); + testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 3072}, 343); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 4096}, 471); #endif diff --git a/src/ckm/unprivileged/key-wrapping.cpp b/src/ckm/unprivileged/key-wrapping.cpp index c1b7c5f2..74e0c9fc 100644 --- a/src/ckm/unprivileged/key-wrapping.cpp +++ b/src/ckm/unprivileged/key-wrapping.cpp @@ -45,6 +45,8 @@ const Alias RSA_KEY_1024_PRV_ALIAS = "RSA-gen-test-1024-prv"; const Alias RSA_KEY_1024_PUB_ALIAS = "RSA-gen-test-1024-pub"; const Alias RSA_KEY_2048_PRV_ALIAS = "RSA-gen-test-2048-prv"; const Alias RSA_KEY_2048_PUB_ALIAS = "RSA-gen-test-2048-pub"; +const Alias RSA_KEY_3072_PRV_ALIAS = "RSA-gen-test-3072-prv"; +const Alias RSA_KEY_3072_PUB_ALIAS = "RSA-gen-test-3072-pub"; const Alias RSA_KEY_4096_PRV_ALIAS = "RSA-gen-test-4096-prv"; const Alias RSA_KEY_4096_PUB_ALIAS = "RSA-gen-test-4096-pub"; @@ -107,6 +109,13 @@ public: RSA_KEY_2048_PUB_ALIAS.c_str(), UNEXPORTABLE, EXPORTABLE); + + assert_positive(ckmc_create_key_pair_rsa, + 3072, + RSA_KEY_3072_PRV_ALIAS.c_str(), + RSA_KEY_3072_PUB_ALIAS.c_str(), + UNEXPORTABLE, + EXPORTABLE); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations assert_positive(ckmc_create_key_pair_rsa, 4096, @@ -145,6 +154,8 @@ public: ckmc_remove_key(RSA_KEY_1024_PUB_ALIAS.c_str()); ckmc_remove_key(RSA_KEY_2048_PRV_ALIAS.c_str()); ckmc_remove_key(RSA_KEY_2048_PUB_ALIAS.c_str()); + ckmc_remove_key(RSA_KEY_3072_PRV_ALIAS.c_str()); + ckmc_remove_key(RSA_KEY_3072_PUB_ALIAS.c_str()); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations ckmc_remove_key(RSA_KEY_4096_PRV_ALIAS.c_str()); ckmc_remove_key(RSA_KEY_4096_PUB_ALIAS.c_str()); @@ -1175,6 +1186,12 @@ RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_2048){ testImportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PRV_ALIAS); } +RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_3072){ + testImportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PRV_ALIAS); + testImportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PRV_ALIAS); + testImportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PRV_ALIAS); +} + #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_4096){ testImportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PRV_ALIAS); @@ -1190,6 +1207,9 @@ RUNNER_TEST(TKW_RSAOAEP_INVALID_BUFF_LENGTH){ testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PRV_ALIAS); testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PRV_ALIAS); testImportInvalidBuffLen(RSA_OAEP_ALGO, 82, RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 82, RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PRV_ALIAS); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PRV_ALIAS); testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PRV_ALIAS); @@ -1225,6 +1245,9 @@ RUNNER_TEST(TKW_WRONG_TYPE_WRAPPING_KEY){ testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PUB_ALIAS); testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PUB_ALIAS); testImportInvalidBuffLen(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 32, RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PUB_ALIAS); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PUB_ALIAS); testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PUB_ALIAS); @@ -1507,6 +1530,7 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_LABEL){ RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl"); testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_1024_PUB_ALIAS, nullptr, RSA_KEY_1024_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64); testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_2048_PUB_ALIAS, nullptr, RSA_KEY_2048_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64); + testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_3072_PUB_ALIAS, nullptr, RSA_KEY_3072_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_4096_PUB_ALIAS, nullptr, RSA_KEY_4096_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64); #endif @@ -1528,6 +1552,7 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_HASH){ }; test(RSA_KEY_1024_PUB_ALIAS, RSA_KEY_1024_PRV_ALIAS); test(RSA_KEY_2048_PUB_ALIAS, RSA_KEY_2048_PRV_ALIAS); + test(RSA_KEY_3072_PUB_ALIAS, RSA_KEY_3072_PRV_ALIAS); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations test(RSA_KEY_4096_PUB_ALIAS, RSA_KEY_4096_PRV_ALIAS); #endif @@ -1743,6 +1768,9 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_OAEP){ testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PUB_ALIAS, nullptr, RSA_KEY_2048_PRV_ALIAS, nullptr, UNEXPORTABLE, nullptr); testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PUB_ALIAS, nullptr, RSA_KEY_2048_PRV_ALIAS, nullptr, UNEXPORTABLE, nullptr); testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PUB_ALIAS, nullptr, RSA_KEY_2048_PRV_ALIAS, nullptr, UNEXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_3072_PUB_ALIAS, nullptr, RSA_KEY_3072_PRV_ALIAS, nullptr, UNEXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_3072_PUB_ALIAS, nullptr, RSA_KEY_3072_PRV_ALIAS, nullptr, UNEXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_3072_PUB_ALIAS, nullptr, RSA_KEY_3072_PRV_ALIAS, nullptr, UNEXPORTABLE, nullptr); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PUB_ALIAS, nullptr, RSA_KEY_4096_PRV_ALIAS, nullptr, UNEXPORTABLE, nullptr); testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PUB_ALIAS, nullptr, RSA_KEY_4096_PRV_ALIAS, nullptr, UNEXPORTABLE, nullptr); @@ -1754,6 +1782,9 @@ RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_OAEP){ testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PUB_ALIAS, nullptr, RSA_KEY_2048_PRV_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PUB_ALIAS, nullptr, RSA_KEY_2048_PRV_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PUB_ALIAS, nullptr, RSA_KEY_2048_PRV_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_3072_PUB_ALIAS, nullptr, RSA_KEY_3072_PRV_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_3072_PUB_ALIAS, nullptr, RSA_KEY_3072_PRV_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_3072_PUB_ALIAS, nullptr, RSA_KEY_3072_PRV_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PUB_ALIAS, nullptr, RSA_KEY_4096_PRV_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PUB_ALIAS, nullptr, RSA_KEY_4096_PRV_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); diff --git a/src/ckm/unprivileged/sign-verify.cpp b/src/ckm/unprivileged/sign-verify.cpp index bfda65d1..a74d5789 100644 --- a/src/ckm/unprivileged/sign-verify.cpp +++ b/src/ckm/unprivileged/sign-verify.cpp @@ -121,6 +121,7 @@ public: m_manager = Manager::create(); generateKeys(RSA, 1024); generateKeys(RSA, 2048); + generateKeys(RSA, 3072); #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations generateKeys(RSA, 4096); #endif @@ -448,6 +449,16 @@ RUNNER_TEST(TSV_0140_sign_verify_rsa_2048_pw) testSignVerify(RSA, 2048, PASSWORD_PROTECTED); } +RUNNER_TEST(TSV_0130_sign_verify_rsa_3072) +{ + testSignVerify(RSA, 3072, PRIMARY); +} + +RUNNER_TEST(TSV_0140_sign_verify_rsa_3072_pw) +{ + testSignVerify(RSA, 3072, PASSWORD_PROTECTED); +} + #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations RUNNER_TEST(TSV_0150_sign_verify_rsa_4096) { @@ -545,6 +556,11 @@ RUNNER_TEST(TSV_0401_verify_with_exported_pubkey_rsa_2048) testSignVerifyWithExportedPubkey(RSA, 2048, PRIMARY); } +RUNNER_TEST(TSV_0402_verify_with_exported_pubkey_rsa_3072) +{ + testSignVerifyWithExportedPubkey(RSA, 3072, PRIMARY); +} + #ifndef TZ_LEGACY_BACKEND // no support for RSA 4k keys in old TEE implementations RUNNER_TEST(TSV_0402_verify_with_exported_pubkey_rsa_4096) {