From: Daniel Kita <d.kita@samsung.com>
Date: Mon, 29 May 2023 13:14:21 +0000 (+0200)
Subject: [ITC][UTC][key-manager][ACR-1757] Add key-wrapping and key-derivation tests
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F56%2F293456%2F4;p=test%2Ftct%2Fnative%2Fapi.git

[ITC][UTC][key-manager][ACR-1757] Add key-wrapping and key-derivation tests

Add ckmc_import/export_wrapped_key and ckmc_key_derive tests

Change-Id: I9e1e3906d2c0a9387fecddfc970e116796f86540
---

diff --git a/src/itc/key-manager/ITs-key-manager.c b/src/itc/key-manager/ITs-key-manager.c
index 7d1fded52..375f47421 100755
--- a/src/itc/key-manager/ITs-key-manager.c
+++ b/src/itc/key-manager/ITs-key-manager.c
@@ -1653,6 +1653,244 @@ int ITc_ckmc_encrypt_decrypt_data_p(void)
 	return 0;
 }
 
+//& purpose: Unwraps one key with another and stores it inside key manager.
+//& type: auto
+/**
+* @testcase				ITc_ckmc_import_export_wrapped_key_p
+* @since				6.5
+* @author				SRPOL(d.kita)
+* @reviewer				SRPOL(k.jackiewicz)
+* @type					auto
+* @scenario				Creates new AES key, encrypts it, unwraps it and stores inside key manager. Wraps key, exports from key manager and decrypts.
+* @apicovered			ckmc_import_wrapped_key, ckmc_export_wrapped_key
+* @passcase				When ckmc_import_wrapped_key API returns 0
+* @failcase				If ckmc_import_wrapped_key/ckmc_export_wrapped_key returns non zero value or decrypted key do not match encrypted key
+* @precondition			AES key should have been created, param list for AES algorithm should be created
+* @postcondition		NA
+*/
+int ITc_ckmc_import_export_wrapped_key_p(void)
+{
+	START_TEST;
+
+	ckmc_key_s *imported_key = NULL;
+	ckmc_key_s *aes_key = NULL;
+	ckmc_raw_buffer_s* imported_data = NULL;
+	ckmc_raw_buffer_s* encrypted = NULL;
+	ckmc_raw_buffer_s* decrypted = NULL;
+
+	ckmc_param_list_h params = NULL;
+	ckmc_raw_buffer_s plain_text;
+	ckmc_raw_buffer_s iv_buffer;
+
+	size_t size = 128;
+	const char *aes_key_alias = "aes-key-1";
+
+	const char *imported_alias = "imported_key_alias";
+	const ckmc_policy_s exportable = {"", true};
+
+	unsigned char data[32] = {0, };
+	unsigned char iv[16] = {0, };
+
+	plain_text.data = data;
+	plain_text.size = sizeof(data);
+	iv_buffer.data = iv;
+	iv_buffer.size = sizeof(iv);
+
+	int ret = ckmc_create_key_aes(size, aes_key_alias, exportable);
+	PRINT_RESULT(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_import_export_wrapped_key_p (ckmc_create_key_aes)", KeyMngrGetError(ret));
+
+	if((ret = ckmc_generate_new_params(CKMC_ALGO_AES_CTR, &params)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_import_export_wrapped_key_p (ckmc_generate_new_params)", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_param_list_set_buffer(params, CKMC_PARAM_ED_IV, &iv_buffer)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_import_export_wrapped_key_p (ckmc_param_list_set_buffer)", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_encrypt_data(params, aes_key_alias, "", plain_text, &encrypted)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_import_export_wrapped_key_p (ckmc_encrypt_data)", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_key_new(encrypted->data, encrypted->size, CKMC_KEY_AES, "", &aes_key)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_import_export_wrapped_key_p (ckmc_key_new)", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_import_wrapped_key(params, aes_key_alias, "", imported_alias, aes_key, exportable)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_import_wrapped_key", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_export_wrapped_key(params, aes_key_alias, "", imported_alias, "", &imported_key)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_export_wrapped_key", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_buffer_new(imported_key->raw_key, imported_key->key_size, &imported_data)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_buffer_new", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_decrypt_data(params, aes_key_alias, "", *imported_data, &decrypted)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_decrypt_data", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = memcmp(plain_text.data, decrypted->data, plain_text.size)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Failed, decrypted key does not match encrypted key\\n", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+cleanup:
+	ckmc_remove_alias(aes_key_alias);
+	ckmc_remove_alias(imported_alias);
+	ckmc_param_list_free(params);
+	ckmc_key_free(aes_key);
+	ckmc_key_free(imported_key);
+	ckmc_buffer_free(imported_data);
+	ckmc_buffer_free(encrypted);
+	ckmc_buffer_free(decrypted);
+
+	if(ret == CKMC_ERROR_NONE)
+		return 0;
+
+	return 1;
+}
+
+//& purpose: Derives a key from another key/secret and stores it inside key manager.
+//& type: auto
+/**
+* @testcase				ITc_ckmc_key_derive_p
+* @since				6.5
+* @author				SRPOL(d.kita)
+* @reviewer				SRPOL(k.jackiewicz)
+* @type					auto
+* @scenario				Creates 2 pairs of EC keys, derives secrets from each other and compares whether they are equal
+* @apicovered			ckmc_key_derive
+* @passcase				when ckmc_key_derive API returns 0 and the secrets match
+* @failcase				If ckmc_key_derive API returns non zero value or keys are not equal
+* @precondition			ECDSA key should have been created, param list for ECDH algorithm should be created
+* @postcondition		NA
+*/
+
+int ITc_ckmc_key_derive_p(void)
+{
+	START_TEST;
+
+	const ckmc_policy_s exportable = {"", true};
+	const ckmc_policy_s unexportable = {"", false};
+	const ckmc_policy_s unexportable_p = {"password", false};
+
+	ckmc_param_list_h params = NULL;
+	ckmc_key_s *ec_key = NULL;
+	ckmc_key_s *ec_key2 = NULL;
+	ckmc_raw_buffer_s *pub_buff = NULL;
+	ckmc_raw_buffer_s *pub_buff2 = NULL;
+	ckmc_raw_buffer_s *derived_buff = NULL;
+	ckmc_raw_buffer_s *derived_buff2 = NULL;
+
+	int ret = ckmc_create_key_pair_ecdsa(CKMC_EC_PRIME256V1, "EC-1-prv", "EC-1-pub", unexportable, exportable);
+	PRINT_RESULT(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_key_derive_p (ckmc_create_key_pair_ecdsa)", KeyMngrGetError(ret));
+
+	if((ret = ckmc_create_key_pair_ecdsa(CKMC_EC_PRIME256V1, "EC-2-prv", "EC-2-pub", unexportable_p, exportable)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_key_derive_p (ckmc_create_key_pair_ecdsa)", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_get_key("EC-2-pub", "", &ec_key)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_key_derive_p (ckmc_get_key)", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_buffer_new(ec_key->raw_key, ec_key->key_size, &pub_buff)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_key_derive_p (ckmc_buffer_new)", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_param_list_new(&params)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_key_derive_p (ckmc_param_list_new)", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_param_list_set_integer(params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_ECDH)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_key_derive_p (ckmc_param_list_set_integer)", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+	if((ret = ckmc_param_list_set_buffer(params, CKMC_PARAM_ECDH_PUBKEY, pub_buff)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "Preconditon for ITc_ckmc_key_derive_p (ckmc_param_list_set_buffer)", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_key_derive(params, "EC-1-prv", "", "derived", exportable)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_key_derive", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_get_data("derived", "", &derived_buff)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_get_data", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	ckmc_remove_alias("derived");
+
+	if((ret = ckmc_get_key("EC-1-pub", "", &ec_key2)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_get_key", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_buffer_new(ec_key2->raw_key, ec_key2->key_size, &pub_buff2)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_buffer_new", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_param_list_set_integer(params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_ECDH)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_param_list_set_integer", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_param_list_set_buffer(params, CKMC_PARAM_ECDH_PUBKEY, pub_buff2)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_param_list_set_buffer", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_key_derive(params, "EC-2-prv", "password", "derived", exportable)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_key_derive", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = ckmc_get_data("derived", "", &derived_buff2)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "ckmc_get_data", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+	if((ret = memcmp(derived_buff->data, derived_buff2->data, derived_buff->size)) != CKMC_ERROR_NONE){
+		PRINT_RESULT_NORETURN(CKMC_ERROR_NONE, ret, "memcmp", KeyMngrGetError(ret));
+		goto cleanup;
+	}
+
+cleanup:
+	ckmc_key_free(ec_key);
+	ckmc_key_free(ec_key2);
+	ckmc_param_list_free(params);
+	ckmc_buffer_free(pub_buff);
+	ckmc_buffer_free(pub_buff2);
+	ckmc_buffer_free(derived_buff);
+	ckmc_buffer_free(derived_buff2);
+	ckmc_remove_alias("EC-1-prv");
+	ckmc_remove_alias("EC-1-pub");
+	ckmc_remove_alias("EC-2-prv");
+	ckmc_remove_alias("EC-2-pub");
+	ckmc_remove_alias("derived");
+
+	if(ret == CKMC_ERROR_NONE)
+		return 0;
+
+	return 1;
+}
+
 //& purpose: Creates AES key and stores it inside key manager based on the policy.
 //& type: auto
 /**
@@ -1886,18 +2124,18 @@ int ITc_ckmc_alias_new_p(void)
 	START_TEST;
 
 	char *pFullAlias = NULL;
-    const char *pAalias = "ckmc_alias_new_p_alias";
+	const char *pAalias = "ckmc_alias_new_p_alias";
 
-    int nRet = ckmc_alias_new(ckmc_owner_id_system, pAalias, &pFullAlias);
+	int nRet = ckmc_alias_new(ckmc_owner_id_system, pAalias, &pFullAlias);
 	PRINT_RESULT(CKMC_ERROR_NONE, nRet, "ckmc_alias_new", KeyMngrGetError(nRet));
 	if(pFullAlias == NULL)
 	{
 		FPRINTF("[Line : %d][%s] failed,new alias not set\\n", __LINE__, API_NAMESPACE);
 		return 1;
 	}
-		
-    FREE_MEMORY(pFullAlias);
-	
+
+	FREE_MEMORY(pFullAlias);
+
 	return 0;
 }
 
@@ -1954,7 +2192,7 @@ int ITc_ckmc_get_key_alias_info_list_p(void)
 * @author				SRID(karanam.s)
 * @reviewer				SRID(manoj.g2)
 * @type					auto
-* @scenario				Destroys the ckmc_alias_info_list_s handle and releases resources of ckmc_alias_info_list_s from the provided first 						handle cascadingly.
+* @scenario				Destroys the ckmc_alias_info_list_s handle and releases resources of ckmc_alias_info_list_s from the provided first handle cascadingly.
 * @apicovered			ckmc_alias_info_list_all_free
 * @passcase				When ckmc_alias_info_list_all_free API returns 0
 * @failcase				If ckmc_alias_info_list_all_free returns non zero value
diff --git a/src/itc/key-manager/tct-key-manager-native_mobile.h b/src/itc/key-manager/tct-key-manager-native_mobile.h
index 72a821d0a..d45d255de 100755
--- a/src/itc/key-manager/tct-key-manager-native_mobile.h
+++ b/src/itc/key-manager/tct-key-manager-native_mobile.h
@@ -56,6 +56,8 @@ extern int ITc_ckmc_cert_list_new_p(void);
 extern int ITc_ckmc_cert_list_add_p(void);
 extern int ITc_ckmc_cert_list_free_p(void);
 extern int ITc_ckmc_encrypt_decrypt_data_p(void);
+extern int ITc_ckmc_import_export_wrapped_key_p(void);
+extern int ITc_ckmc_key_derive_p(void);
 extern int ITc_ckmc_create_key_aes_p(void);
 extern int ITc_ckmc_param_list_new_free_p(void);
 extern int ITc_ckmc_generate_new_params_p(void);
@@ -104,6 +106,8 @@ testcase tc_array[] = {
 	{"ITc_ckmc_cert_list_add_p",ITc_ckmc_cert_list_add_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_cert_list_free_p",ITc_ckmc_cert_list_free_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_encrypt_decrypt_data_p",ITc_ckmc_encrypt_decrypt_data_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
+	{"ITc_ckmc_import_export_wrapped_key_p",ITc_ckmc_import_export_wrapped_key_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
+	{"ITc_ckmc_key_derive_p",ITc_ckmc_key_derive_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_create_key_aes_p",ITc_ckmc_create_key_aes_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_param_list_new_free_p",ITc_ckmc_param_list_new_free_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_generate_new_params_p",ITc_ckmc_generate_new_params_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
diff --git a/src/itc/key-manager/tct-key-manager-native_tizeniot.h b/src/itc/key-manager/tct-key-manager-native_tizeniot.h
index 72a821d0a..d45d255de 100755
--- a/src/itc/key-manager/tct-key-manager-native_tizeniot.h
+++ b/src/itc/key-manager/tct-key-manager-native_tizeniot.h
@@ -56,6 +56,8 @@ extern int ITc_ckmc_cert_list_new_p(void);
 extern int ITc_ckmc_cert_list_add_p(void);
 extern int ITc_ckmc_cert_list_free_p(void);
 extern int ITc_ckmc_encrypt_decrypt_data_p(void);
+extern int ITc_ckmc_import_export_wrapped_key_p(void);
+extern int ITc_ckmc_key_derive_p(void);
 extern int ITc_ckmc_create_key_aes_p(void);
 extern int ITc_ckmc_param_list_new_free_p(void);
 extern int ITc_ckmc_generate_new_params_p(void);
@@ -104,6 +106,8 @@ testcase tc_array[] = {
 	{"ITc_ckmc_cert_list_add_p",ITc_ckmc_cert_list_add_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_cert_list_free_p",ITc_ckmc_cert_list_free_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_encrypt_decrypt_data_p",ITc_ckmc_encrypt_decrypt_data_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
+	{"ITc_ckmc_import_export_wrapped_key_p",ITc_ckmc_import_export_wrapped_key_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
+	{"ITc_ckmc_key_derive_p",ITc_ckmc_key_derive_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_create_key_aes_p",ITc_ckmc_create_key_aes_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_param_list_new_free_p",ITc_ckmc_param_list_new_free_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_generate_new_params_p",ITc_ckmc_generate_new_params_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
diff --git a/src/itc/key-manager/tct-key-manager-native_tv.h b/src/itc/key-manager/tct-key-manager-native_tv.h
index 72a821d0a..d45d255de 100755
--- a/src/itc/key-manager/tct-key-manager-native_tv.h
+++ b/src/itc/key-manager/tct-key-manager-native_tv.h
@@ -56,6 +56,8 @@ extern int ITc_ckmc_cert_list_new_p(void);
 extern int ITc_ckmc_cert_list_add_p(void);
 extern int ITc_ckmc_cert_list_free_p(void);
 extern int ITc_ckmc_encrypt_decrypt_data_p(void);
+extern int ITc_ckmc_import_export_wrapped_key_p(void);
+extern int ITc_ckmc_key_derive_p(void);
 extern int ITc_ckmc_create_key_aes_p(void);
 extern int ITc_ckmc_param_list_new_free_p(void);
 extern int ITc_ckmc_generate_new_params_p(void);
@@ -104,6 +106,8 @@ testcase tc_array[] = {
 	{"ITc_ckmc_cert_list_add_p",ITc_ckmc_cert_list_add_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_cert_list_free_p",ITc_ckmc_cert_list_free_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_encrypt_decrypt_data_p",ITc_ckmc_encrypt_decrypt_data_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
+	{"ITc_ckmc_import_export_wrapped_key_p",ITc_ckmc_import_export_wrapped_key_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
+	{"ITc_ckmc_key_derive_p",ITc_ckmc_key_derive_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_create_key_aes_p",ITc_ckmc_create_key_aes_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_param_list_new_free_p",ITc_ckmc_param_list_new_free_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_generate_new_params_p",ITc_ckmc_generate_new_params_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
diff --git a/src/itc/key-manager/tct-key-manager-native_wearable.h b/src/itc/key-manager/tct-key-manager-native_wearable.h
index 72a821d0a..d45d255de 100755
--- a/src/itc/key-manager/tct-key-manager-native_wearable.h
+++ b/src/itc/key-manager/tct-key-manager-native_wearable.h
@@ -56,6 +56,8 @@ extern int ITc_ckmc_cert_list_new_p(void);
 extern int ITc_ckmc_cert_list_add_p(void);
 extern int ITc_ckmc_cert_list_free_p(void);
 extern int ITc_ckmc_encrypt_decrypt_data_p(void);
+extern int ITc_ckmc_import_export_wrapped_key_p(void);
+extern int ITc_ckmc_key_derive_p(void);
 extern int ITc_ckmc_create_key_aes_p(void);
 extern int ITc_ckmc_param_list_new_free_p(void);
 extern int ITc_ckmc_generate_new_params_p(void);
@@ -104,6 +106,8 @@ testcase tc_array[] = {
 	{"ITc_ckmc_cert_list_add_p",ITc_ckmc_cert_list_add_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_cert_list_free_p",ITc_ckmc_cert_list_free_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_encrypt_decrypt_data_p",ITc_ckmc_encrypt_decrypt_data_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
+	{"ITc_ckmc_import_export_wrapped_key_p",ITc_ckmc_import_export_wrapped_key_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
+	{"ITc_ckmc_key_derive_p",ITc_ckmc_key_derive_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_create_key_aes_p",ITc_ckmc_create_key_aes_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_param_list_new_free_p",ITc_ckmc_param_list_new_free_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
 	{"ITc_ckmc_generate_new_params_p",ITc_ckmc_generate_new_params_p,ITs_key_manager_startup,ITs_key_manager_cleanup},
diff --git a/src/utc/key-manager/tct-key-manager-core_mobile.h b/src/utc/key-manager/tct-key-manager-core_mobile.h
index ba220b98d..33d5cc7b6 100755
--- a/src/utc/key-manager/tct-key-manager-core_mobile.h
+++ b/src/utc/key-manager/tct-key-manager-core_mobile.h
@@ -52,6 +52,12 @@ extern int utc_ckmc_decrypt_data_p_3(void);
 extern int utc_ckmc_decrypt_data_p_4(void);
 extern int utc_ckmc_decrypt_data_p_5(void);
 extern int utc_ckmc_decrypt_data_n(void);
+extern int utc_ckmc_import_wrapped_key_p(void);
+extern int utc_ckmc_import_wrapped_key_n(void);
+extern int utc_ckmc_export_wrapped_key_p(void);
+extern int utc_ckmc_export_wrapped_key_n(void);
+extern int utc_ckmc_key_derive_p(void);
+extern int utc_ckmc_key_derive_n(void);
 extern int utc_ckmc_save_key_p(void);
 extern int utc_ckmc_save_key_n(void);
 extern int utc_ckmc_remove_key_p(void);
@@ -195,6 +201,12 @@ testcase tc_array[] = {
 	{"utc_ckmc_decrypt_data_p_4",utc_ckmc_decrypt_data_p_4,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_decrypt_data_p_5",utc_ckmc_decrypt_data_p_5,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_decrypt_data_n",utc_ckmc_decrypt_data_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_import_wrapped_key_p",utc_ckmc_import_wrapped_key_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_import_wrapped_key_n",utc_ckmc_import_wrapped_key_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_export_wrapped_key_p",utc_ckmc_export_wrapped_key_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_export_wrapped_key_n",utc_ckmc_export_wrapped_key_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_key_derive_p",utc_ckmc_key_derive_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_key_derive_n",utc_ckmc_key_derive_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_save_key_p",utc_ckmc_save_key_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_save_key_n",utc_ckmc_save_key_n,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_remove_key_p",utc_ckmc_remove_key_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
@@ -238,7 +250,7 @@ testcase tc_array[] = {
 	{"utc_ckmc_allow_access_n2",utc_ckmc_allow_access_n2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_deny_access_p",utc_ckmc_deny_access_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_deny_access_p2",utc_ckmc_deny_access_p2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
-        {"utc_ckmc_deny_access_p3",utc_ckmc_deny_access_p3,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
+	{"utc_ckmc_deny_access_p3",utc_ckmc_deny_access_p3,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_allow_deny_n",utc_ckmc_allow_deny_n,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_allow_deny_n2",utc_ckmc_allow_deny_n2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_alias_new_p",utc_ckmc_alias_new_p,utc_key_manager_type_startup,utc_key_manager_type_cleanup},
diff --git a/src/utc/key-manager/tct-key-manager-core_tizeniot.h b/src/utc/key-manager/tct-key-manager-core_tizeniot.h
index ba220b98d..33d5cc7b6 100755
--- a/src/utc/key-manager/tct-key-manager-core_tizeniot.h
+++ b/src/utc/key-manager/tct-key-manager-core_tizeniot.h
@@ -52,6 +52,12 @@ extern int utc_ckmc_decrypt_data_p_3(void);
 extern int utc_ckmc_decrypt_data_p_4(void);
 extern int utc_ckmc_decrypt_data_p_5(void);
 extern int utc_ckmc_decrypt_data_n(void);
+extern int utc_ckmc_import_wrapped_key_p(void);
+extern int utc_ckmc_import_wrapped_key_n(void);
+extern int utc_ckmc_export_wrapped_key_p(void);
+extern int utc_ckmc_export_wrapped_key_n(void);
+extern int utc_ckmc_key_derive_p(void);
+extern int utc_ckmc_key_derive_n(void);
 extern int utc_ckmc_save_key_p(void);
 extern int utc_ckmc_save_key_n(void);
 extern int utc_ckmc_remove_key_p(void);
@@ -195,6 +201,12 @@ testcase tc_array[] = {
 	{"utc_ckmc_decrypt_data_p_4",utc_ckmc_decrypt_data_p_4,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_decrypt_data_p_5",utc_ckmc_decrypt_data_p_5,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_decrypt_data_n",utc_ckmc_decrypt_data_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_import_wrapped_key_p",utc_ckmc_import_wrapped_key_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_import_wrapped_key_n",utc_ckmc_import_wrapped_key_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_export_wrapped_key_p",utc_ckmc_export_wrapped_key_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_export_wrapped_key_n",utc_ckmc_export_wrapped_key_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_key_derive_p",utc_ckmc_key_derive_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_key_derive_n",utc_ckmc_key_derive_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_save_key_p",utc_ckmc_save_key_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_save_key_n",utc_ckmc_save_key_n,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_remove_key_p",utc_ckmc_remove_key_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
@@ -238,7 +250,7 @@ testcase tc_array[] = {
 	{"utc_ckmc_allow_access_n2",utc_ckmc_allow_access_n2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_deny_access_p",utc_ckmc_deny_access_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_deny_access_p2",utc_ckmc_deny_access_p2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
-        {"utc_ckmc_deny_access_p3",utc_ckmc_deny_access_p3,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
+	{"utc_ckmc_deny_access_p3",utc_ckmc_deny_access_p3,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_allow_deny_n",utc_ckmc_allow_deny_n,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_allow_deny_n2",utc_ckmc_allow_deny_n2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_alias_new_p",utc_ckmc_alias_new_p,utc_key_manager_type_startup,utc_key_manager_type_cleanup},
diff --git a/src/utc/key-manager/tct-key-manager-core_tv.h b/src/utc/key-manager/tct-key-manager-core_tv.h
index ba220b98d..33d5cc7b6 100755
--- a/src/utc/key-manager/tct-key-manager-core_tv.h
+++ b/src/utc/key-manager/tct-key-manager-core_tv.h
@@ -52,6 +52,12 @@ extern int utc_ckmc_decrypt_data_p_3(void);
 extern int utc_ckmc_decrypt_data_p_4(void);
 extern int utc_ckmc_decrypt_data_p_5(void);
 extern int utc_ckmc_decrypt_data_n(void);
+extern int utc_ckmc_import_wrapped_key_p(void);
+extern int utc_ckmc_import_wrapped_key_n(void);
+extern int utc_ckmc_export_wrapped_key_p(void);
+extern int utc_ckmc_export_wrapped_key_n(void);
+extern int utc_ckmc_key_derive_p(void);
+extern int utc_ckmc_key_derive_n(void);
 extern int utc_ckmc_save_key_p(void);
 extern int utc_ckmc_save_key_n(void);
 extern int utc_ckmc_remove_key_p(void);
@@ -195,6 +201,12 @@ testcase tc_array[] = {
 	{"utc_ckmc_decrypt_data_p_4",utc_ckmc_decrypt_data_p_4,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_decrypt_data_p_5",utc_ckmc_decrypt_data_p_5,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_decrypt_data_n",utc_ckmc_decrypt_data_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_import_wrapped_key_p",utc_ckmc_import_wrapped_key_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_import_wrapped_key_n",utc_ckmc_import_wrapped_key_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_export_wrapped_key_p",utc_ckmc_export_wrapped_key_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_export_wrapped_key_n",utc_ckmc_export_wrapped_key_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_key_derive_p",utc_ckmc_key_derive_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_key_derive_n",utc_ckmc_key_derive_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_save_key_p",utc_ckmc_save_key_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_save_key_n",utc_ckmc_save_key_n,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_remove_key_p",utc_ckmc_remove_key_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
@@ -238,7 +250,7 @@ testcase tc_array[] = {
 	{"utc_ckmc_allow_access_n2",utc_ckmc_allow_access_n2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_deny_access_p",utc_ckmc_deny_access_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_deny_access_p2",utc_ckmc_deny_access_p2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
-        {"utc_ckmc_deny_access_p3",utc_ckmc_deny_access_p3,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
+	{"utc_ckmc_deny_access_p3",utc_ckmc_deny_access_p3,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_allow_deny_n",utc_ckmc_allow_deny_n,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_allow_deny_n2",utc_ckmc_allow_deny_n2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_alias_new_p",utc_ckmc_alias_new_p,utc_key_manager_type_startup,utc_key_manager_type_cleanup},
diff --git a/src/utc/key-manager/tct-key-manager-core_wearable.h b/src/utc/key-manager/tct-key-manager-core_wearable.h
index ba220b98d..33d5cc7b6 100755
--- a/src/utc/key-manager/tct-key-manager-core_wearable.h
+++ b/src/utc/key-manager/tct-key-manager-core_wearable.h
@@ -52,6 +52,12 @@ extern int utc_ckmc_decrypt_data_p_3(void);
 extern int utc_ckmc_decrypt_data_p_4(void);
 extern int utc_ckmc_decrypt_data_p_5(void);
 extern int utc_ckmc_decrypt_data_n(void);
+extern int utc_ckmc_import_wrapped_key_p(void);
+extern int utc_ckmc_import_wrapped_key_n(void);
+extern int utc_ckmc_export_wrapped_key_p(void);
+extern int utc_ckmc_export_wrapped_key_n(void);
+extern int utc_ckmc_key_derive_p(void);
+extern int utc_ckmc_key_derive_n(void);
 extern int utc_ckmc_save_key_p(void);
 extern int utc_ckmc_save_key_n(void);
 extern int utc_ckmc_remove_key_p(void);
@@ -195,6 +201,12 @@ testcase tc_array[] = {
 	{"utc_ckmc_decrypt_data_p_4",utc_ckmc_decrypt_data_p_4,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_decrypt_data_p_5",utc_ckmc_decrypt_data_p_5,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_decrypt_data_n",utc_ckmc_decrypt_data_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_import_wrapped_key_p",utc_ckmc_import_wrapped_key_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_import_wrapped_key_n",utc_ckmc_import_wrapped_key_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_export_wrapped_key_p",utc_ckmc_export_wrapped_key_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_export_wrapped_key_n",utc_ckmc_export_wrapped_key_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_key_derive_p",utc_ckmc_key_derive_p,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
+	{"utc_ckmc_key_derive_n",utc_ckmc_key_derive_n,utc_key_manager_crypto_startup,utc_key_manager_crypto_cleanup},
 	{"utc_ckmc_save_key_p",utc_ckmc_save_key_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_save_key_n",utc_ckmc_save_key_n,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_remove_key_p",utc_ckmc_remove_key_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
@@ -238,7 +250,7 @@ testcase tc_array[] = {
 	{"utc_ckmc_allow_access_n2",utc_ckmc_allow_access_n2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_deny_access_p",utc_ckmc_deny_access_p,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_deny_access_p2",utc_ckmc_deny_access_p2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
-        {"utc_ckmc_deny_access_p3",utc_ckmc_deny_access_p3,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
+	{"utc_ckmc_deny_access_p3",utc_ckmc_deny_access_p3,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_allow_deny_n",utc_ckmc_allow_deny_n,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_allow_deny_n2",utc_ckmc_allow_deny_n2,utc_key_manager_store_startup,utc_key_manager_store_cleanup},
 	{"utc_ckmc_alias_new_p",utc_ckmc_alias_new_p,utc_key_manager_type_startup,utc_key_manager_type_cleanup},
diff --git a/src/utc/key-manager/utc-key-manager-crypto.c b/src/utc/key-manager/utc-key-manager-crypto.c
index c3e188c7b..c26025c12 100755
--- a/src/utc/key-manager/utc-key-manager-crypto.c
+++ b/src/utc/key-manager/utc-key-manager-crypto.c
@@ -1329,3 +1329,388 @@ int utc_ckmc_decrypt_data_n(void)
 
     return 0;
 }
+
+/**
+ * @testcase        utc_ckmc_import_wrapped_key_p
+ * @since_tizen     6.5
+ * @description     Import wrapped key with AES CTR algorithm
+ * @scenario        Create AES key, wrap it and import. Get imported key.
+ */
+int utc_ckmc_import_wrapped_key_p(void)
+{
+    int ret;
+    ckmc_key_s *aes_key = NULL;
+    ckmc_key_s *pp_key = NULL;
+    ckmc_raw_buffer_s* encrypted = NULL;
+
+    ckmc_param_list_h params = NULL;
+    ckmc_raw_buffer_s plain_text;
+    ckmc_raw_buffer_s iv_buffer;
+
+    size_t size = 128;
+    const char *aes_key_alias = "wrapping_key_alias";
+    const char *imported_alias = "imported_key_alias";
+    const ckmc_policy_s exportable = {"", true};
+
+    unsigned char data[32] = {0, };
+    unsigned char iv[16] = {0, };
+
+    plain_text.data = data;
+    plain_text.size = sizeof(data);
+    iv_buffer.data = iv;
+    iv_buffer.size = sizeof(iv);
+
+    ret = ckmc_create_key_aes(size, aes_key_alias, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_generate_new_params(CKMC_ALGO_AES_CTR, &params);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_param_list_set_buffer(params, CKMC_PARAM_ED_IV, &iv_buffer);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_encrypt_data(params, aes_key_alias, "", plain_text, &encrypted);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_key_new(encrypted->data, encrypted->size, CKMC_KEY_AES, "", &aes_key);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_import_wrapped_key(params, aes_key_alias, "", imported_alias, aes_key, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_get_key(imported_alias, "", &pp_key);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    assert_eq(memcmp(plain_text.data, pp_key->raw_key, plain_text.size), 0);
+
+    ckmc_param_list_free(params);
+    ckmc_remove_alias(imported_alias);
+    ckmc_remove_alias(aes_key_alias);
+    ckmc_buffer_free(encrypted);
+    ckmc_key_free(pp_key);
+    ckmc_key_free(aes_key);
+
+    return 0;
+}
+
+/**
+ * @testcase        utc_ckmc_import_wrapped_key_n
+ * @since_tizen     6.5
+ * @description     Import key with invalid paramters.
+ * @scenario        Import key with invalid paramters.
+ */
+int utc_ckmc_import_wrapped_key_n(void)
+{
+    int ret;
+
+    ckmc_key_s *aes_key = NULL;
+    ckmc_raw_buffer_s* encrypted = NULL;
+    ckmc_param_list_h params = NULL;
+    ckmc_raw_buffer_s plain_text;
+    ckmc_raw_buffer_s iv_buffer;
+
+    size_t size = 128;
+    const char *aes_key_alias = "wrapping_key_alias";
+
+    const char *imported_alias = "imported_key_alias";
+    const ckmc_policy_s exportable = {"", true};
+
+    unsigned char data[32] = {0, };
+    unsigned char iv[16] = {0, };
+
+    plain_text.data = data;
+    plain_text.size = sizeof(data);
+    iv_buffer.data = iv;
+    iv_buffer.size = sizeof(iv);
+
+    ret = ckmc_create_key_aes(size, aes_key_alias, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_generate_new_params(CKMC_ALGO_AES_CTR, &params);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_param_list_set_buffer(params, CKMC_PARAM_ED_IV, &iv_buffer);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_encrypt_data(params, aes_key_alias, "", plain_text, &encrypted);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_key_new(encrypted->data, encrypted->size, CKMC_KEY_AES, "", &aes_key);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_import_wrapped_key(NULL, aes_key_alias, "", imported_alias, aes_key, exportable);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ret = ckmc_import_wrapped_key(params, NULL, "", imported_alias, aes_key, exportable);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ret = ckmc_import_wrapped_key(params, aes_key_alias, "", NULL, aes_key, exportable);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ret = ckmc_import_wrapped_key(params, aes_key_alias, "", imported_alias, NULL, exportable);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ckmc_param_list_free(params);
+    ckmc_remove_alias(aes_key_alias);
+    ckmc_buffer_free(encrypted);
+    ckmc_key_free(aes_key);
+
+    return 0;
+}
+
+/**
+ * @testcase        utc_ckmc_export_wrapped_key_p
+ * @since_tizen     6.5
+ * @description     Export key with AES GCM algorithm.
+ * @scenario        Create AES key, wrap it with AES GCM, import and export.
+ */
+int utc_ckmc_export_wrapped_key_p(void)
+{
+    int ret;
+    ckmc_key_s *aes_key = NULL;
+    ckmc_key_s *imported_key = NULL;
+    ckmc_raw_buffer_s* encrypted = NULL;
+    ckmc_raw_buffer_s* decrypted = NULL;
+    ckmc_raw_buffer_s* imported_data = NULL;
+
+    ckmc_param_list_h params = NULL;
+    ckmc_raw_buffer_s plain_text;
+
+    size_t size = 1024;
+    const char *rsa_prv = "rsa-prv";
+    const char *rsa_pub = "rsa-pub";
+    const char *imported_alias = "imported_key_alias";
+    const ckmc_policy_s exportable = {"", true};
+
+    unsigned char data[32] = {0, };
+
+    plain_text.data = data;
+    plain_text.size = sizeof(data);
+
+    ret = ckmc_create_key_pair_rsa(size, rsa_prv, "rsa-pub", exportable, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_generate_new_params(CKMC_ALGO_RSA_OAEP, &params);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_encrypt_data(params, rsa_prv, "", plain_text, &encrypted);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_key_new(encrypted->data, encrypted->size, CKMC_KEY_AES, "", &aes_key);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_import_wrapped_key(params, rsa_prv, "", imported_alias, aes_key, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_export_wrapped_key(params, rsa_prv, "", imported_alias, "", &imported_key);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_buffer_new(imported_key->raw_key, imported_key->key_size, &imported_data);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_decrypt_data(params, rsa_prv, "", *imported_data, &decrypted);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    assert_eq(memcmp(plain_text.data, decrypted->data, plain_text.size), 0);
+
+    ckmc_param_list_free(params);
+    ckmc_remove_alias(rsa_prv);
+    ckmc_remove_alias(rsa_pub);
+    ckmc_remove_alias(imported_alias);
+    ckmc_buffer_free(decrypted);
+    ckmc_buffer_free(encrypted);
+    ckmc_buffer_free(imported_data);
+    ckmc_key_free(aes_key);
+    ckmc_key_free(imported_key);
+
+    return 0;
+}
+
+/**
+ * @testcase        utc_ckmc_import_wrapped_key_n
+ * @since_tizen     6.5
+ * @description     Export key with invalid paramters.
+ * @scenario        Export key with invalid paramters.
+ */
+int utc_ckmc_export_wrapped_key_n(void)
+{
+    int ret;
+
+    ckmc_key_s* imported_key = NULL;
+
+    ckmc_param_list_h params = NULL;
+    ckmc_raw_buffer_s iv_buffer;
+
+    const char *aes_key_alias = "wrapping_key_alias";
+    const char *imported_alias = "imported_key_alias";
+    const ckmc_policy_s exportable = {"", true};
+
+    unsigned char iv[16] = {0, };
+
+    iv_buffer.data = iv;
+    iv_buffer.size = sizeof(iv);
+
+    ret = ckmc_create_key_aes(128, imported_alias, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_create_key_aes(256, aes_key_alias, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_generate_new_params(CKMC_ALGO_AES_CTR, &params);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_param_list_set_buffer(params, CKMC_PARAM_ED_IV, &iv_buffer);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_export_wrapped_key(NULL, aes_key_alias, "", imported_alias, "", &imported_key);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ret = ckmc_export_wrapped_key(params, NULL, "", imported_alias, "", &imported_key);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ret = ckmc_export_wrapped_key(params, aes_key_alias, "", NULL, "", &imported_key);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ret = ckmc_export_wrapped_key(params, aes_key_alias, "", imported_alias, "", NULL);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ckmc_param_list_free(params);
+    ckmc_remove_alias(imported_alias);
+    ckmc_remove_alias(aes_key_alias);
+    ckmc_key_free(imported_key);
+
+    return 0;
+}
+
+/**
+ * @testcase        utc_ckmc_key_derive_p
+ * @since_tizen     6.5
+ * @description     Derives two secrets from 2 EC key pairs.
+ * @scenario        Creates 2 pairs of EC keys, derives secrets from each other and compares whether they are equal
+ */
+int derive_and_get(ckmc_raw_buffer_s **der_buff, const char *prv_alias, const char *ppas, const char *pub_alias)
+{
+    const ckmc_policy_s exportable = {"", true};
+
+    ckmc_param_list_h params = NULL;
+    ckmc_key_s *ecdsa_key = NULL;
+    ckmc_raw_buffer_s *pub_buff = NULL;
+
+    int ret = ckmc_get_key(pub_alias, "", &ecdsa_key);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_buffer_new(ecdsa_key->raw_key, ecdsa_key->key_size, &pub_buff);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_param_list_new(&params);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_param_list_set_integer(params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_ECDH);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_param_list_set_buffer(params, CKMC_PARAM_ECDH_PUBKEY, pub_buff);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_key_derive(params, prv_alias, ppas, "derived", exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_get_data("derived", "", der_buff);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ckmc_buffer_free(pub_buff);
+    ckmc_remove_alias("derived");
+    ckmc_key_free(ecdsa_key);
+    ckmc_param_list_free(params);
+    ckmc_remove_alias(pub_alias);
+    ckmc_remove_alias(prv_alias);
+
+    return 0;
+}
+
+int utc_ckmc_key_derive_p(void)
+{
+    int ret;
+    const ckmc_policy_s exportable = {"", true};
+    const ckmc_policy_s unexportable = {"", false};
+    const ckmc_policy_s unexportable_p = {"password", false};
+
+    ckmc_raw_buffer_s *derived_buff = NULL;
+    ckmc_raw_buffer_s *derived_buff2 = NULL;
+
+    ret = ckmc_create_key_pair_ecdsa(CKMC_EC_PRIME256V1, "EC-1-prv", "EC-1-pub", unexportable, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_create_key_pair_ecdsa(CKMC_EC_PRIME256V1, "EC-2-prv", "EC-2-pub", unexportable_p, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    if(derive_and_get(&derived_buff, "EC-1-prv", "", "EC-2-pub") != 0)
+        return 1;
+
+    if(derive_and_get(&derived_buff2, "EC-2-prv", "password", "EC-1-pub") != 0)
+        return 1;
+
+    assert_eq(memcmp(derived_buff->data, derived_buff2->data, derived_buff->size), 0);
+
+    ckmc_buffer_free(derived_buff);
+    ckmc_buffer_free(derived_buff2);
+
+    return 0;
+}
+
+/**
+ * @testcase        utc_ckmc_key_derive_n
+ * @since_tizen     6.5
+ * @description     Derive key with invalid paramters.
+ * @scenario        Derive key with invalid paramters.
+ */
+int utc_ckmc_key_derive_n(void)
+{
+    int ret;
+    const ckmc_policy_s exportable = {"", true};
+    const ckmc_policy_s unexportable = {"", false};
+    const ckmc_policy_s unexportable_p = {"password", false};
+
+    ckmc_param_list_h params = NULL;
+    ckmc_key_s *ecdsa_key = NULL;
+    ckmc_raw_buffer_s *pub_buff = NULL;
+
+    ret = ckmc_create_key_pair_ecdsa(CKMC_EC_PRIME256V1, "EC-1-prv", "EC-1-pub", unexportable, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_create_key_pair_ecdsa(CKMC_EC_PRIME256V1, "EC-2-prv", "EC-2-pub", unexportable_p, exportable);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_get_key("EC-1-pub", "", &ecdsa_key);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_buffer_new(ecdsa_key->raw_key, ecdsa_key->key_size, &pub_buff);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_param_list_new(&params);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_param_list_set_integer(params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_ECDH);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_param_list_set_buffer(params, CKMC_PARAM_ECDH_PUBKEY, pub_buff);
+    assert_eq(ret, CKMC_ERROR_NONE);
+
+    ret = ckmc_key_derive(NULL, "EC-2-prv", "password", "derived", exportable);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ret = ckmc_key_derive(params, NULL, "password", "derived", exportable);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ret = ckmc_key_derive(params, "EC-2-prv", "password", NULL, exportable);
+    assert_eq(ret, CKMC_ERROR_INVALID_PARAMETER);
+
+    ckmc_buffer_free(pub_buff);
+    ckmc_key_free(ecdsa_key);
+    ckmc_param_list_free(params);
+    ckmc_remove_alias("EC-1-prv");
+    ckmc_remove_alias("EC-1-pub");
+    ckmc_remove_alias("EC-2-prv");
+    ckmc_remove_alias("EC-2-pub");
+
+    return 0;
+}