From: Daniel Kita Date: Thu, 16 Mar 2023 12:14:30 +0000 (+0100) Subject: CKM: Add key-wrapping tests X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F81%2F289981%2F16;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git CKM: Add key-wrapping tests Change-Id: I99fce2906c245d0b8174e1b3b15f990535b39caf --- diff --git a/src/ckm/unprivileged/CMakeLists.txt b/src/ckm/unprivileged/CMakeLists.txt index 256b96e..03837f8 100644 --- a/src/ckm/unprivileged/CMakeLists.txt +++ b/src/ckm/unprivileged/CMakeLists.txt @@ -24,6 +24,7 @@ SET(CKM_SOURCES encryption-decryption-env.cpp encryption-decryption.cpp sign-verify.cpp + key-wrapping.cpp key-derivation.cpp main.cpp ) diff --git a/src/ckm/unprivileged/key-wrapping.cpp b/src/ckm/unprivileged/key-wrapping.cpp new file mode 100644 index 0000000..cfb88a0 --- /dev/null +++ b/src/ckm/unprivileged/key-wrapping.cpp @@ -0,0 +1,1138 @@ +/* + * Copyright (c) 2023 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include + +#include +#include +#include +#include + +using namespace CKM; +namespace { + +const uid_t UID = 5001; +ckmc_raw_buffer_s* DEFAULT_IV = nullptr; + +const Alias AES_KEY_128_ALIAS = "AES-gen-test-128"; +const Alias AES_KEY_192_ALIAS = "AES-gen-test-192"; +const Alias AES_KEY_256_ALIAS = "AES-gen-test-256"; +const Alias AES_KEY_128_PASS_ALIAS = "AES-gen-test-128-pass"; +const Alias AES_KEY_UNEXP_PASS_ALIAS = "AES-gen-test-128-unexp-pass"; +const Alias AES_KEY_UNEXP_ALIAS = "AES-gen-test-128-unexp"; +const Alias RSA_KEY_1024_PRV_ALIAS = "RSA-gen-test-1024-prv"; +const Alias RSA_KEY_1024_PUB_ALIAS = "RSA-gen-test-1024-pub"; +const Alias RSA_KEY_2048_PRV_ALIAS = "RSA-gen-test-2048-prv"; +const Alias RSA_KEY_2048_PUB_ALIAS = "RSA-gen-test-2048-pub"; +const Alias RSA_KEY_4096_PRV_ALIAS = "RSA-gen-test-4096-prv"; +const Alias RSA_KEY_4096_PUB_ALIAS = "RSA-gen-test-4096-pub"; + +const Alias IMP_AES_CTR = "imp-AES-CTR"; +const Alias IMP_AES_CTR_PASS = "imp-AES-CTR-p"; +const Alias IMPORTED_ALIAS = "imported-key-1"; + +const char* KEY_PASSWORD = "test-pass-1"; +const ckmc_policy_s EXPORTABLE = {nullptr, 1}; +const ckmc_policy_s EXPORTABLE_PASS = {const_cast(KEY_PASSWORD), 1}; +const ckmc_policy_s UNEXPORTABLE = {nullptr, 0}; +const ckmc_policy_s UNEXPORTABLE_PASS = {const_cast(KEY_PASSWORD), 0}; + +struct Algo { + ckmc_algo_type_e type; + size_t initVector; +}; +const Algo AES_CTR_ALGO = {CKMC_ALGO_AES_CTR, 16}; +const Algo AES_CBC_ALGO = {CKMC_ALGO_AES_CBC, 16}; +const Algo AES_GCM_ALGO = {CKMC_ALGO_AES_GCM, 16}; +const Algo AES_CFB_ALGO = {CKMC_ALGO_AES_CFB, 16}; +const Algo RSA_OAEP_ALGO = {CKMC_ALGO_RSA_OAEP, 0}; + +void importKey(const Algo &algo, + int buffLen, + const Alias &wrappingKeyAlias, + const char* wrappingKeyPass, + const Alias &importedKeyAlias, + const ckmc_policy_s &importedKeyPolicy); + +class GroupFixture: public DPL::Test::TestGroup{ +public: + void Init() override { + remove_user_data(UID); + int ret = ckmc_unlock_user_key(UID,"db-pass"); + if (ret != CKMC_ERROR_NONE) + RUNNER_ERROR_MSG("DB unlock failed: " <data, + encrypted->size, + CKMC_KEY_AES, + nullptr, + &aesKey); + + assert_positive(ckmc_import_wrapped_key, + params.get(), + wrappingKeyAlias.c_str(), + wrappingKeyPass, + importedKeyAlias.c_str(), + aesKey, + importedKeyPolicy); + + ckmc_buffer_free(encrypted); + ckmc_key_free(aesKey); + return plainData; +} +void testInvalidAlgoParameters(const ParamListPtr &invalidParams, const Algo &algo){ + ParamListPtr params = getDefaultParams(algo); + RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(32)); + + ckmc_raw_buffer_s *encrypted = nullptr; + ckmc_key_s *aesKey = nullptr; + + assert_positive(ckmc_encrypt_data, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + *plainData.get(), + &encrypted); + + assert_positive(ckmc_key_new, + encrypted->data, + encrypted->size, + CKMC_KEY_AES, + nullptr, + &aesKey); + + assert_invalid_param(ckmc_import_wrapped_key, + invalidParams.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMPORTED_ALIAS.c_str(), + aesKey, + EXPORTABLE); + + ckmc_buffer_free(encrypted); + ckmc_key_free(aesKey); +} +void testImportInvalidBuffLen(const Algo &algo, + int buffLen, + const Alias &wrappingKeyAlias){ + RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(buffLen)); + + ckmc_raw_buffer_s *encrypted = nullptr; + ckmc_key_s *aesKey = nullptr; + + ParamListPtr params = getDefaultParams(algo); + + assert_positive(ckmc_encrypt_data, + params.get(), + wrappingKeyAlias.c_str(), + nullptr, + *plainData.get(), + &encrypted); + + assert_positive(ckmc_key_new, + encrypted->data, + encrypted->size, + CKMC_KEY_AES, + nullptr, + &aesKey); + + assert_invalid_param(ckmc_import_wrapped_key, + params.get(), + wrappingKeyAlias.c_str(), + nullptr, + IMPORTED_ALIAS.c_str(), + aesKey, + EXPORTABLE); + ckmc_buffer_free(encrypted); + ckmc_key_free(aesKey); +} + +void testImportValidArgs(const Algo &algo, int buffLen, const Alias &wrappingKeyAlias){ + ckmc_key_s *ppkey = nullptr; + ckmc_raw_buffer_s *finalData = nullptr; + + ParamListPtr params = getDefaultParams(algo); + + RawBufferPtr plainData = encryptAndImport(params, + buffLen, + wrappingKeyAlias, + nullptr, + IMPORTED_ALIAS.c_str(), + EXPORTABLE); + + assert_positive(ckmc_get_key, IMPORTED_ALIAS.c_str(), nullptr, &ppkey); + assert_positive(ckmc_buffer_new, ppkey->raw_key, ppkey->key_size, &finalData); + assert_buffers_equal(plainData.get(), finalData); + + ckmc_buffer_free(finalData); + ckmc_key_free(ppkey); + ckmc_remove_key(IMPORTED_ALIAS.c_str()); +} + +void testBadWrappedKey(const Algo &algo){ + ParamListPtr params = getDefaultParams(algo); + ckmc_key_s *wrongKey = generate_AES_key(128, nullptr); + + assert_invalid_param(ckmc_import_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMPORTED_ALIAS.c_str(), + wrongKey, + EXPORTABLE); + + ckmc_key_free(wrongKey); +} + +void testExportableImported(const Algo &algo, + int buffLen, + const Alias &wrappingKeyAlias, + const char* wrappingKeyPass, + const ckmc_policy_s &importedKeyPolicy, + const char* importedKeyPass){ + ckmc_key_s *ppkey = nullptr; + ckmc_raw_buffer_s* finalData = nullptr; + + ParamListPtr params = getDefaultParams(algo); + + RawBufferPtr plainData = encryptAndImport(params, + buffLen, + wrappingKeyAlias, + wrappingKeyPass, + IMPORTED_ALIAS.c_str(), + importedKeyPolicy); + + assert_positive(ckmc_get_key, + IMPORTED_ALIAS.c_str(), + importedKeyPass, + &ppkey); + + assert_positive(ckmc_buffer_new, + ppkey->raw_key, + ppkey->key_size, + &finalData); + + assert_buffers_equal(plainData.get(), finalData); + + ckmc_buffer_free(finalData); + ckmc_key_free(ppkey); + ckmc_remove_key(IMPORTED_ALIAS.c_str()); +} + +void testUnEXPORTABLEImported(const Algo &algo, + int buffLen, + const Alias &wrappingKeyAlias, + const char* wrappingKeyPass, + const ckmc_policy_s &importedKeyPolicy, + const char* importedKeyPass){ + ckmc_key_s *ppkey = nullptr; + ParamListPtr params = getDefaultParams(algo); + + RawBufferPtr plainData = encryptAndImport(params, + buffLen, + wrappingKeyAlias, + wrappingKeyPass, + IMPORTED_ALIAS.c_str(), + importedKeyPolicy); + + assert_result(CKMC_ERROR_NOT_EXPORTABLE, + ckmc_get_key, + IMPORTED_ALIAS.c_str(), + importedKeyPass, + &ppkey); + ckmc_key_free(ppkey); + ckmc_remove_key(IMPORTED_ALIAS.c_str()); +} + +void importKey(const Algo &algo, + int buffLen, + const Alias &wrappingKeyAlias, + const char* wrappingKeyPass, + const Alias &importedKeyAlias, + const ckmc_policy_s &importedKeyPolicy){ + RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(buffLen)); + + ckmc_key_s *aesKey = nullptr; + ckmc_raw_buffer_s* encrypted = nullptr; + + ParamListPtr params = getDefaultParams(algo); + + assert_positive(ckmc_encrypt_data, + params.get(), + wrappingKeyAlias.c_str(), + wrappingKeyPass, + *plainData.get(), + &encrypted); + + assert_positive(ckmc_key_new, + encrypted->data, + encrypted->size, + CKMC_KEY_AES, + nullptr, + &aesKey); + + assert_positive(ckmc_import_wrapped_key, + params.get(), + wrappingKeyAlias.c_str(), + wrappingKeyPass, + importedKeyAlias.c_str(), + aesKey, + importedKeyPolicy); + + ckmc_buffer_free(encrypted); + ckmc_key_free(aesKey); +} + +void testImportExportValidArgs(const Algo &algo, + int buffLen, + const Alias &wrappingKeyAlias, + const char* wrappingKeyPass, + const ckmc_policy_s &importedKeyPolicy, + const char* importedKeyPass){ + ckmc_key_s *ppkey = nullptr; + ckmc_raw_buffer_s* finalData = nullptr; + ckmc_raw_buffer_s* decrypted = nullptr; + + ParamListPtr params = getDefaultParams(algo); + + RawBufferPtr plainData = encryptAndImport(params, + buffLen, + wrappingKeyAlias.c_str(), + wrappingKeyPass, + IMPORTED_ALIAS, + importedKeyPolicy); + + assert_positive(ckmc_export_wrapped_key, + params.get(), + wrappingKeyAlias.c_str(), + wrappingKeyPass, + IMPORTED_ALIAS.c_str(), + importedKeyPass, + &ppkey); + + assert_positive(ckmc_buffer_new, + ppkey->raw_key, + ppkey->key_size, + &finalData); + + assert_positive(ckmc_decrypt_data, + params.get(), + wrappingKeyAlias.c_str(), + wrappingKeyPass, + *finalData, + &decrypted); + + assert_buffers_equal(plainData.get(), decrypted); + + ckmc_buffer_free(finalData); + ckmc_buffer_free(decrypted); + ckmc_key_free(ppkey); + ckmc_remove_key(IMPORTED_ALIAS.c_str()); +} + +} //END OF THE NAMESPACE + +RUNNER_TEST_GROUP_INIT_ENV(CKM_KEY_WRAPPING, GroupFixture); + +RUNNER_TEST(TKW_NO_ADDED_ALGO){ + RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(32)); + + ckmc_key_s *aesKey = nullptr; + ckmc_raw_buffer_s* encrypted = nullptr; + + ParamListPtr params = getDefaultParams(AES_CBC_ALGO); + + ckmc_param_list_h handle = nullptr; + + assert_positive(ckmc_encrypt_data, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + *plainData.get(), + &encrypted); + + assert_positive(ckmc_key_new, + encrypted->data, + encrypted->size, + CKMC_KEY_AES, + nullptr, + &aesKey); + + assert_invalid_param(ckmc_import_wrapped_key, + handle, + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMPORTED_ALIAS.c_str(), + aesKey, + EXPORTABLE); + ckmc_buffer_free(encrypted); + ckmc_key_free(aesKey); +} + +RUNNER_TEST(TKW_WRONG_ALGO_PARAMS){ + ckmc_param_list_h handle = nullptr; + assert_positive(ckmc_generate_new_params, AES_CTR_ALGO.type, &handle); + ParamListPtr invalidParams = ParamListPtr(handle, ckmc_param_list_free); + ckmc_raw_buffer_s *initVec = createRandomBufferCAPI(8); + setParam(invalidParams, CKMC_PARAM_ED_IV, initVec); + + testInvalidAlgoParameters(invalidParams, AES_CTR_ALGO); + + ckmc_buffer_free(initVec); + invalidParams.reset(); + assert_positive(ckmc_generate_new_params, AES_GCM_ALGO.type, &handle); + invalidParams = ParamListPtr(handle, ckmc_param_list_free); + initVec = createRandomBufferCAPI(16); + setParam(invalidParams, CKMC_PARAM_ED_IV, initVec); + setParam(invalidParams, CKMC_PARAM_ED_TAG_LEN, 130); + + testInvalidAlgoParameters(invalidParams, AES_GCM_ALGO); + + ckmc_buffer_free(initVec); +} + +RUNNER_TEST(TKW_WRONG_PASS_WRAPPING_KEY){ + int buffLen = 32; + RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(buffLen)); + + ckmc_key_s *aesKey = nullptr; + ckmc_raw_buffer_s* encrypted = nullptr; + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + + assert_positive(ckmc_encrypt_data, + params.get(), + AES_KEY_128_PASS_ALIAS.c_str(), + KEY_PASSWORD, + *plainData.get(), + &encrypted); + + assert_positive(ckmc_key_new, + encrypted->data, + encrypted->size, + CKMC_KEY_AES, + nullptr, + &aesKey); + + assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, + ckmc_import_wrapped_key, + params.get(), + AES_KEY_128_PASS_ALIAS.c_str(), + "wrong_password", + IMPORTED_ALIAS.c_str(), + aesKey, + UNEXPORTABLE); + + assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, + ckmc_import_wrapped_key, + params.get(), + AES_KEY_128_PASS_ALIAS.c_str(), + "", + IMPORTED_ALIAS.c_str(), + aesKey, + UNEXPORTABLE); + + assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, + ckmc_import_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + "non_empty_password", + IMPORTED_ALIAS.c_str(), + aesKey, + UNEXPORTABLE); + + ckmc_buffer_free(encrypted); + ckmc_key_free(aesKey); +} + +RUNNER_TEST(TKW_UNKNOWN_ALIAS_WRAPPING_KEY){ + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + ckmc_key_s *key = generate_AES_key(128, nullptr); + + assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN, + ckmc_import_wrapped_key, + params.get(), + "unknown_alias", + nullptr, + IMPORTED_ALIAS.c_str(), + key, + EXPORTABLE); + + ckmc_key_free(key); +} + +RUNNER_TEST(TKW_EXISTING_ALIAS_WRAPPING_KEY){ + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + ckmc_key_s *key = generate_AES_key(128, nullptr); + + assert_result(CKMC_ERROR_DB_ALIAS_EXISTS, + ckmc_import_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMP_AES_CTR.c_str(), + key, + EXPORTABLE); + + ckmc_key_free(key); +} + +RUNNER_TEST(TKW_INVALID_ALIAS_IMPORT){ + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + ckmc_key_s *key = generate_AES_key(128, nullptr); + Alias invalidAlias = "invalid alias"; + + assert_result(CKMC_ERROR_PERMISSION_DENIED, + ckmc_import_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + invalidAlias.c_str(), + key, + EXPORTABLE); + + ckmc_key_free(key); +} + +RUNNER_TEST(TKW_BAD_WRAPPED_KEY){ + testBadWrappedKey(AES_CBC_ALGO); + testBadWrappedKey(AES_GCM_ALGO); + testBadWrappedKey(RSA_OAEP_ALGO); +} + +RUNNER_TEST(TKW_NULL_PARAMETER){ + RawBufferPtr plainData = create_raw_buffer(createRandomBufferCAPI(16)); + + ckmc_key_s *aesKey = nullptr; + ckmc_raw_buffer_s* encrypted = nullptr; + + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + + assert_positive(ckmc_encrypt_data, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + *plainData.get(), + &encrypted); + + assert_positive(ckmc_key_new, + encrypted->data, + encrypted->size, + CKMC_KEY_AES, + nullptr, + &aesKey); + + assert_invalid_param(ckmc_import_wrapped_key, + nullptr, + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMPORTED_ALIAS.c_str(), + aesKey, + EXPORTABLE); + + assert_invalid_param(ckmc_import_wrapped_key, + params.get(), + nullptr, + nullptr, + IMPORTED_ALIAS.c_str(), + aesKey, + EXPORTABLE); + + assert_invalid_param(ckmc_import_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + nullptr, + aesKey, + EXPORTABLE); + + assert_invalid_param(ckmc_import_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMPORTED_ALIAS.c_str(), + nullptr, + EXPORTABLE); + ckmc_buffer_free(encrypted); + ckmc_key_free(aesKey); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_CTR_128){ + testImportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS); + testImportValidArgs(AES_CTR_ALGO, 24, AES_KEY_128_ALIAS); + testImportValidArgs(AES_CTR_ALGO, 32, AES_KEY_128_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_CBC_128){ + testImportValidArgs(AES_CBC_ALGO, 16, AES_KEY_128_ALIAS); + testImportValidArgs(AES_CBC_ALGO, 24, AES_KEY_128_ALIAS); + testImportValidArgs(AES_CBC_ALGO, 32, AES_KEY_128_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_GCM_128){ + testImportValidArgs(AES_GCM_ALGO, 16, AES_KEY_128_ALIAS); + testImportValidArgs(AES_GCM_ALGO, 24, AES_KEY_128_ALIAS); + testImportValidArgs(AES_GCM_ALGO, 32, AES_KEY_128_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_CFB_128){ + testImportValidArgs(AES_CFB_ALGO, 16, AES_KEY_128_ALIAS); + testImportValidArgs(AES_CFB_ALGO, 24, AES_KEY_128_ALIAS); + testImportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_CTR_192){ + testImportValidArgs(AES_CTR_ALGO, 16, AES_KEY_192_ALIAS); + testImportValidArgs(AES_CTR_ALGO, 24, AES_KEY_192_ALIAS); + testImportValidArgs(AES_CTR_ALGO, 32, AES_KEY_192_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_CBC_192){ + testImportValidArgs(AES_CBC_ALGO, 16, AES_KEY_192_ALIAS); + testImportValidArgs(AES_CBC_ALGO, 24, AES_KEY_192_ALIAS); + testImportValidArgs(AES_CBC_ALGO, 32, AES_KEY_192_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_GCM_192){ + testImportValidArgs(AES_GCM_ALGO, 16, AES_KEY_192_ALIAS); + testImportValidArgs(AES_GCM_ALGO, 24, AES_KEY_192_ALIAS); + testImportValidArgs(AES_GCM_ALGO, 32, AES_KEY_192_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_CFB_192){ + testImportValidArgs(AES_CFB_ALGO, 16, AES_KEY_192_ALIAS); + testImportValidArgs(AES_CFB_ALGO, 24, AES_KEY_192_ALIAS); + testImportValidArgs(AES_CFB_ALGO, 32, AES_KEY_192_ALIAS); +} +RUNNER_TEST(TKW_VALID_ARGS_AES_CTR_256){ + testImportValidArgs(AES_CTR_ALGO, 16, AES_KEY_256_ALIAS); + testImportValidArgs(AES_CTR_ALGO, 24, AES_KEY_256_ALIAS); + testImportValidArgs(AES_CTR_ALGO, 32, AES_KEY_256_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_CBC_256){ + testImportValidArgs(AES_CBC_ALGO, 16, AES_KEY_256_ALIAS); + testImportValidArgs(AES_CBC_ALGO, 24, AES_KEY_256_ALIAS); + testImportValidArgs(AES_CBC_ALGO, 32, AES_KEY_256_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_GCM_256){ + testImportValidArgs(AES_GCM_ALGO, 16, AES_KEY_256_ALIAS); + testImportValidArgs(AES_GCM_ALGO, 24, AES_KEY_256_ALIAS); + testImportValidArgs(AES_GCM_ALGO, 32, AES_KEY_256_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_AES_CFB_256){ + testImportValidArgs(AES_CFB_ALGO, 16, AES_KEY_256_ALIAS); + testImportValidArgs(AES_CFB_ALGO, 24, AES_KEY_256_ALIAS); + testImportValidArgs(AES_CFB_ALGO, 32, AES_KEY_256_ALIAS); +} + +RUNNER_TEST(TKW_AES_CTR_INVALID_BUFF_LENGTH){ + testImportInvalidBuffLen(AES_CTR_ALGO, 8, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_CTR_ALGO, 12, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_CTR_ALGO, 128, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_CTR_ALGO, 8, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_CTR_ALGO, 12, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_CTR_ALGO, 128, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_CTR_ALGO, 8, AES_KEY_256_ALIAS); + testImportInvalidBuffLen(AES_CTR_ALGO, 12, AES_KEY_256_ALIAS); + testImportInvalidBuffLen(AES_CTR_ALGO, 128, AES_KEY_256_ALIAS); +} + +RUNNER_TEST(TKW_AES_CBC_INVALID_BUFF_LENGTH){ + testImportInvalidBuffLen(AES_CBC_ALGO, 8, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_CBC_ALGO, 12, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_CBC_ALGO, 128, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_CBC_ALGO, 8, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_CBC_ALGO, 12, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_CBC_ALGO, 128, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_CBC_ALGO, 8, AES_KEY_256_ALIAS); + testImportInvalidBuffLen(AES_CBC_ALGO, 12, AES_KEY_256_ALIAS); + testImportInvalidBuffLen(AES_CBC_ALGO, 128, AES_KEY_256_ALIAS); +} +RUNNER_TEST(TKW_AES_GCM_INVALID_BUFF_LENGTH){ + testImportInvalidBuffLen(AES_GCM_ALGO, 8, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_GCM_ALGO, 12, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_GCM_ALGO, 128, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_GCM_ALGO, 8, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_GCM_ALGO, 12, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_GCM_ALGO, 128, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_GCM_ALGO, 8, AES_KEY_256_ALIAS); + testImportInvalidBuffLen(AES_GCM_ALGO, 12, AES_KEY_256_ALIAS); + testImportInvalidBuffLen(AES_GCM_ALGO, 128, AES_KEY_256_ALIAS); +} + +RUNNER_TEST(TKW_AES_CFB_INVALID_BUFF_LENGTH){ + testImportInvalidBuffLen(AES_CFB_ALGO, 8, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_CFB_ALGO, 12, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_CFB_ALGO, 128, AES_KEY_128_ALIAS); + testImportInvalidBuffLen(AES_CFB_ALGO, 8, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_CFB_ALGO, 12, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_CFB_ALGO, 128, AES_KEY_192_ALIAS); + testImportInvalidBuffLen(AES_CFB_ALGO, 8, AES_KEY_256_ALIAS); + testImportInvalidBuffLen(AES_CFB_ALGO, 12, AES_KEY_256_ALIAS); + testImportInvalidBuffLen(AES_CFB_ALGO, 128, AES_KEY_256_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_1024){ + testImportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PRV_ALIAS); + testImportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PRV_ALIAS); + testImportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_1024_PRV_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_2048){ + testImportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PRV_ALIAS); + testImportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PRV_ALIAS); + testImportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PRV_ALIAS); +} + +RUNNER_TEST(TKW_VALID_ARGS_RSA_OAEP_4096){ + testImportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PRV_ALIAS); + testImportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PRV_ALIAS); + testImportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PRV_ALIAS); +} + +RUNNER_TEST(TKW_RSAOAEP_INVALID_BUFF_LENGTH){ + testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_1024_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_1024_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 82, RSA_KEY_1024_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_2048_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_2048_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 82, RSA_KEY_2048_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 8, RSA_KEY_4096_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 12, RSA_KEY_4096_PRV_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 82, RSA_KEY_4096_PRV_ALIAS); +} + +RUNNER_TEST(TKW_WRONG_TYPE_WRAPPING_KEY){ + testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 32, RSA_KEY_1024_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PUB_ALIAS); + testImportInvalidBuffLen(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PUB_ALIAS); +} + +RUNNER_TEST(TKW_DIF_POLICIES_EXPORTABLE_IMPORTED){ + testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, EXPORTABLE, nullptr); + testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + + testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testExportableImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); + testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); +} + +RUNNER_TEST(TKW_DIF_POLICIES_UNEXPORTABLE_IMPORTED){ + testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, UNEXPORTABLE, nullptr); + testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE, nullptr); + testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, UNEXPORTABLE, nullptr); + testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE, nullptr); + + testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); + testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE_PASS, KEY_PASSWORD); + testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); + testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE_PASS, KEY_PASSWORD); +} + +RUNNER_TEST(TKW_EXPORT_IMPORTED_KEY){ + ckmc_key_s *ppkey = nullptr; + + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + assert_positive(ckmc_export_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMP_AES_CTR.c_str(), + nullptr, + &ppkey); + + ckmc_key_free(ppkey); +} + +RUNNER_TEST(TKW_NO_ADDED_ALGO_EXPORT){ + ckmc_key_s *ppkey = nullptr; + ckmc_param_list_h handle = nullptr; + + assert_invalid_param(ckmc_export_wrapped_key, + handle, + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMP_AES_CTR.c_str(), + nullptr, + &ppkey); + + ckmc_key_free(ppkey); +} + +RUNNER_TEST(TKW_EXPORT_UNKNOWN_WRAPPING_KEY_ALIAS){ + ckmc_key_s *ppkey = nullptr; + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + + assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN, + ckmc_export_wrapped_key, + params.get(), + "unknown_alias", + nullptr, + IMP_AES_CTR.c_str(), + nullptr, + &ppkey); + + ckmc_key_free(ppkey); +} + +RUNNER_TEST(TKW_EXPORT_UNKNOWN_IMPORTED_KEY_ALIAS){ + ckmc_key_s *ppkey = nullptr; + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + Alias alias = "non_existing_alias"; + + assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN, + ckmc_export_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + alias.c_str(), + nullptr, + &ppkey); + + ckmc_key_free(ppkey); +} + +RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){ + ckmc_key_s *ppkey = nullptr; + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + + assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, + ckmc_export_wrapped_key, + params.get(), + AES_KEY_128_PASS_ALIAS.c_str(), + nullptr, + IMP_AES_CTR.c_str(), + nullptr, + &ppkey); + + assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, + ckmc_export_wrapped_key, + params.get(), + AES_KEY_128_PASS_ALIAS.c_str(), + "wrong_password", + IMP_AES_CTR.c_str(), + nullptr, + &ppkey); + + assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, + ckmc_export_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMP_AES_CTR_PASS.c_str(), + nullptr, + &ppkey); + + assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, + ckmc_export_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMP_AES_CTR_PASS.c_str(), + "wrong_password", + &ppkey); + + ckmc_key_free(ppkey); +} + +RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){ + ckmc_key_s *ppkey = nullptr; + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + + assert_invalid_param(ckmc_export_wrapped_key, + nullptr, + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMP_AES_CTR.c_str(), + nullptr, + &ppkey); + + assert_invalid_param(ckmc_export_wrapped_key, + params.get(), + nullptr, + nullptr, + IMP_AES_CTR.c_str(), + nullptr, + &ppkey); + + assert_invalid_param(ckmc_export_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + nullptr, + nullptr, + &ppkey); + + assert_invalid_param(ckmc_export_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMP_AES_CTR.c_str(), + nullptr, + nullptr); + + ckmc_key_free(ppkey); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CTR){ + testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + + testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CTR_PASS){ + testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + + testImportExportValidArgs(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CTR_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CTR_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CBC){ + testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + + testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CBC_PASS){ + testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + + testImportExportValidArgs(AES_CBC_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CBC_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CBC_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_AES_GCM){ + testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + + testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_AES_GCM_PASS){ + testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + + testImportExportValidArgs(AES_GCM_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_GCM_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_GCM_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CFB){ + testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE, nullptr); + + testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_192_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_256_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CFB_PASS){ + testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE, nullptr); + + testImportExportValidArgs(AES_CFB_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CFB_ALGO, 24, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(AES_CFB_ALGO, 32, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_OAEP){ + testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE, nullptr); + testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE, nullptr); + + testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_1024_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_2048_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 16, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 24, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); + testImportExportValidArgs(RSA_OAEP_ALGO, 32, RSA_KEY_4096_PRV_ALIAS, nullptr, EXPORTABLE_PASS, KEY_PASSWORD); +}