const size_t DBP_KEY_SIZE = 32;
const size_t AES_KEY_SIZE = 32;
const size_t BLOCK_SIZE = 16;
-const int32_t EVP_SUCCESS = 1;
+const int32_t OPENSSL_SUCCESS = 1;
#define FREE_OUT_CTX(ctx, buf, result) \
{ \
EVP_CIPHER_CTX_free(ctx); \
- if(buf) free(buf); \
+ if (buf) free(buf); \
return result; \
}
#define FREE_OUT(buf, result) \
{ \
- if(buf) free(buf); \
+ if (buf) free(buf); \
return result; \
}
//################################################################################
return KMSB_ERROR_INVALID_PARAMETER;
/* Use the NID_X9_62_prime256v1 named curve - defined in obj_mac.h */
- if(!EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid))
+ if (!EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, nid))
return KMSB_ERROR_OPERATION_FAILED;
- if(!EVP_PKEY_keygen_init(pctx))
+ if (!EVP_PKEY_keygen_init(pctx))
return KMSB_ERROR_OPERATION_FAILED;
/* Generate the key */
if (!EVP_PKEY_keygen(pctx, &pkey))
unsigned char* buf = NULL;
/* Initialise the encryption operation. */
- if(EVP_SUCCESS != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+ if (OPENSSL_SUCCESS != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
return KMSB_ERROR_OPERATION_FAILED;
/*
* Set IV length if default 12 bytes (96 bits) is not appropriate
*/
- if(EVP_SUCCESS != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, param->iv_len, NULL))
+ if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, param->iv_len, NULL))
return KMSB_ERROR_OPERATION_FAILED;
/* Initialise key and IV */
- if(EVP_SUCCESS != EVP_EncryptInit_ex(ctx, NULL, NULL, key, param->iv))
+ if (OPENSSL_SUCCESS != EVP_EncryptInit_ex(ctx, NULL, NULL, key, param->iv))
return KMSB_ERROR_OPERATION_FAILED;
clen = input_len + EVP_CIPHER_CTX_block_size(ctx);
* Set Padding zero forcely, with our concept, there should be no padding
* to increase buffer size.
*/
- if(EVP_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
+ if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
/*
* Provide any AAD data. This can be called zero or more times as
* required
*/
- if(EVP_SUCCESS != EVP_EncryptUpdate(ctx, NULL, &clen, param->aad, param->aad_len))
+ if (OPENSSL_SUCCESS != EVP_EncryptUpdate(ctx, NULL, &clen, param->aad, param->aad_len))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
/*
* Provide the message to be encrypted, and obtain the encrypted output.
* EVP_EncryptUpdate can be called multiple times if necessary
*/
- if(EVP_SUCCESS != EVP_EncryptUpdate(ctx, buf, &clen, input, input_len))
+ if (OPENSSL_SUCCESS != EVP_EncryptUpdate(ctx, buf, &clen, input, input_len))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
/*
* Finalise the encryption. Normally ciphertext bytes may be written at
* this stage, but this does not occur in GCM mode
*/
- if(EVP_SUCCESS != EVP_EncryptFinal_ex(ctx, buf + clen, &flen))
+ if (OPENSSL_SUCCESS != EVP_EncryptFinal_ex(ctx, buf + clen, &flen))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
*output_len = clen + flen;
/* Get the tag */
- if(EVP_SUCCESS != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, param->tag))
+ if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, param->tag))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
*output = calloc(*output_len, sizeof(unsigned char));
unsigned char* buf = NULL;
/* Initialise the decryption operation. */
- if(EVP_SUCCESS != EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+ if (OPENSSL_SUCCESS != EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
return KMSB_ERROR_OPERATION_FAILED;
/*
* Set IV length if default 12 bytes (96 bits) is not appropriate
*/
- if(EVP_SUCCESS != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, param->iv_len, NULL))
+ if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, param->iv_len, NULL))
return KMSB_ERROR_OPERATION_FAILED;
/* Initialise key and IV */
- if(EVP_SUCCESS != EVP_DecryptInit_ex(ctx, NULL, NULL, key, param->iv))
+ if (OPENSSL_SUCCESS != EVP_DecryptInit_ex(ctx, NULL, NULL, key, param->iv))
return KMSB_ERROR_OPERATION_FAILED;
clen = input_len + EVP_CIPHER_CTX_block_size(ctx);
buf = calloc(clen, sizeof(unsigned char));
* Set Padding zero forcely, with our concept, there should be no padding
* to increase buffer size.
*/
- if(EVP_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
+ if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
/*
* Provide any AAD data. This can be called zero or more times as
* required
*/
- if(EVP_SUCCESS != EVP_DecryptUpdate(ctx, NULL, &clen, param->aad, param->aad_len))
+ if (OPENSSL_SUCCESS != EVP_DecryptUpdate(ctx, NULL, &clen, param->aad, param->aad_len))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
/*
* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
- if(EVP_SUCCESS != EVP_DecryptUpdate(ctx, buf, &clen, input, input_len))
+ if (OPENSSL_SUCCESS != EVP_DecryptUpdate(ctx, buf, &clen, input, input_len))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
/* Set expected tag value. Works in OpenSSL 1.0.1d and later */
- if(EVP_SUCCESS != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, param->tag))
+ if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, param->tag))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
/*
* Finalise the decryption. A positive return value indicates success,
* anything else is a failure - the plaintext is not trustworthy.
*/
- if(EVP_SUCCESS != EVP_DecryptFinal_ex(ctx, buf + clen, &flen))
+ if (OPENSSL_SUCCESS != EVP_DecryptFinal_ex(ctx, buf + clen, &flen))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
*output_len = clen + flen;
const unsigned char *input, const unsigned int input_len,
unsigned char **output, unsigned int *output_len)
{
- // check the validate of key_idx
- if (key_idx != AES_KEY_IDX) return KMSB_ERROR_INVALID_PARAMETER;
- if (!KEY_ARRAY[key_idx]) {
- if (KMSB_ERROR_NONE != generate_aes_key(key_idx, false))
- return KMSB_ERROR_NO_KEY;
- }
// check the input parameters
if (input == NULL ||
input_len == 0 ||
+ output == NULL ||
+ output_len == NULL ||
param->iv == NULL ||
param->iv_len == 0)
return KMSB_ERROR_INVALID_PARAMETER;
+ // check the validate of key_idx
+ if (key_idx != AES_KEY_IDX) return KMSB_ERROR_INVALID_PARAMETER;
+ if (!KEY_ARRAY[key_idx]) {
+ if (KMSB_ERROR_NONE != generate_aes_key(key_idx, false))
+ return KMSB_ERROR_NO_KEY;
+ }
+
int ret = 0;
int clen = 0, flen = 0;
unsigned char* buf = NULL;
default:
return KMSB_ERROR_NOT_SUPPORTED;
}
- if(EVP_SUCCESS != ret) return KMSB_ERROR_OPERATION_FAILED;
+ if (OPENSSL_SUCCESS != ret) return KMSB_ERROR_OPERATION_FAILED;
clen = input_len + EVP_CIPHER_CTX_block_size(ctx);
buf = calloc(clen, sizeof(unsigned char));
* Set Padding zero forcely, with our concept, there should be no padding
* to increase buffer size.
*/
- if(EVP_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
+ if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
/*
* Provide the message to be encrypted, and obtain the encrypted output.
* EVP_EncryptUpdate can be called multiple times if necessary
*/
- if(EVP_SUCCESS != EVP_EncryptUpdate(ctx, buf, &clen, input, input_len))
+ if (OPENSSL_SUCCESS != EVP_EncryptUpdate(ctx, buf, &clen, input, input_len))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
- *output_len = clen;
-
/*
* Finalise the encryption. Further ciphertext bytes may be written at
* this stage.
*/
- if(EVP_SUCCESS != EVP_EncryptFinal_ex(ctx, buf + clen, &flen))
+ if (OPENSSL_SUCCESS != EVP_EncryptFinal_ex(ctx, buf + clen, &flen))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
- *output_len += flen;
+ *output_len = clen + flen;
*output = calloc(*output_len, sizeof(unsigned char));
if (output == NULL)
const unsigned char *input, const unsigned int input_len,
unsigned char **output, unsigned int *output_len)
{
- // check the validate of key_idx
- if (key_idx != AES_KEY_IDX) return KMSB_ERROR_INVALID_PARAMETER;
- if (!KEY_ARRAY[key_idx]) {
- if (KMSB_ERROR_NONE != generate_aes_key(key_idx, false))
- return KMSB_ERROR_NO_KEY;
- }
// check the input parameters
if (input == NULL ||
input_len == 0 ||
param->iv_len == 0)
return KMSB_ERROR_INVALID_PARAMETER;
+ // check the validate of key_idx
+ if (key_idx != AES_KEY_IDX) return KMSB_ERROR_INVALID_PARAMETER;
+ if (!KEY_ARRAY[key_idx]) {
+ if (KMSB_ERROR_NONE != generate_aes_key(key_idx, false))
+ return KMSB_ERROR_NO_KEY;
+ }
+
int ret = 0;
int clen = 0, flen = 0;
unsigned char* buf = NULL;
default:
return KMSB_ERROR_NOT_SUPPORTED;
}
- if(EVP_SUCCESS != ret) return KMSB_ERROR_OPERATION_FAILED;
+ if (OPENSSL_SUCCESS != ret) return KMSB_ERROR_OPERATION_FAILED;
clen = input_len + EVP_CIPHER_CTX_block_size(ctx);
buf = calloc(clen, sizeof(unsigned char));
* Set Padding zero forcely, with our concept, there should be no padding
* to increase buffer size.
*/
- if(EVP_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
+ if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
/*
* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
- if(EVP_SUCCESS != EVP_DecryptUpdate(ctx, buf, &clen, input, input_len))
+ if (OPENSSL_SUCCESS != EVP_DecryptUpdate(ctx, buf, &clen, input, input_len))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
/*
* Finalise the decryption. Further plaintext bytes may be written at
* this stage.
*/
- if(EVP_SUCCESS != EVP_DecryptFinal_ex(ctx, buf + clen, &flen))
+ if (OPENSSL_SUCCESS != EVP_DecryptFinal_ex(ctx, buf + clen, &flen))
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_OPERATION_FAILED)
*output_len = clen + flen;
FREE_OUT_CTX(ctx, buf, KMSB_ERROR_NONE)
}
+const EVP_MD *getMdAlgo(kmsb_hash_algo_e hash)
+{
+ switch (hash) {
+ case KMSB_HASH_SHA1:
+ return EVP_sha1();
+ case KMSB_HASH_SHA256:
+ return EVP_sha256();
+ case KMSB_HASH_SHA384:
+ return EVP_sha384();
+ case KMSB_HASH_SHA512:
+ return EVP_sha512();
+ default:
+ return NULL;
+ }
+}
+
kmsb_error_e kmsb_create_signature(const unsigned int key_idx,
const kmsb_sign_param_s *param,
const unsigned char *msg, const unsigned int msg_len,
unsigned char **sig, unsigned int *sig_len)
{
+ // check the input parameters
+ if (msg == NULL ||
+ msg_len == 0 ||
+ sig == NULL ||
+ sig_len == NULL)
+ return KMSB_ERROR_INVALID_PARAMETER;
+
kmsb_error_e ret = KMSB_ERROR_NONE;
if (!KEY_ARRAY[key_idx]) {
ret = generate_ecdsa_key(key_idx, param->ec_type, false);
EVP_PKEY *pkey = (EVP_PKEY *)KEY_ARRAY[key_idx];
EVP_MD_CTX *mdctx = NULL;
/* Create the Message Digest Context */
- if(!(mdctx = EVP_MD_CTX_create()))
+ if (!(mdctx = EVP_MD_CTX_create()))
return KMSB_ERROR_OPERATION_FAILED;
- switch (param->hash_algo) {
- case KMSB_HASH_SHA1:
- if(EVP_SUCCESS != EVP_DigestSignInit(mdctx, NULL, EVP_sha1(), NULL, pkey))
- return KMSB_ERROR_OPERATION_FAILED;
- break;
- case KMSB_HASH_SHA256:
- if(EVP_SUCCESS != EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey))
- return KMSB_ERROR_OPERATION_FAILED;
- break;
- case KMSB_HASH_SHA384:
- if(EVP_SUCCESS != EVP_DigestSignInit(mdctx, NULL, EVP_sha384(), NULL, pkey))
- return KMSB_ERROR_OPERATION_FAILED;
- break;
- case KMSB_HASH_SHA512:
- if(EVP_SUCCESS != EVP_DigestSignInit(mdctx, NULL, EVP_sha512(), NULL, pkey))
- return KMSB_ERROR_OPERATION_FAILED;
- break;
- default:
- return KMSB_ERROR_NOT_SUPPORTED;
- }
+ const EVP_MD* hash = getMdAlgo(param->hash_algo);
+ if (hash == NULL) return KMSB_ERROR_NOT_SUPPORTED;
+
/* Initialise the DigestSign operation - SHA-256 has been selected as the message digest function in this example */
+ if (OPENSSL_SUCCESS != EVP_DigestSignInit(mdctx, NULL, hash, NULL, pkey))
+ return KMSB_ERROR_OPERATION_FAILED;
/* Call update with the message */
- if(EVP_SUCCESS != EVP_DigestSignUpdate(mdctx, msg, msg_len))
+ if (OPENSSL_SUCCESS != EVP_DigestSignUpdate(mdctx, msg, msg_len))
return KMSB_ERROR_OPERATION_FAILED;
/* Finalise the DigestSign operation */
/* First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the
- * signature. Length is returned in slen */
- if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx, NULL, sig_len))
+ * signature. Length is returned in slen */
+ if (OPENSSL_SUCCESS != EVP_DigestSignFinal(mdctx, NULL, sig_len))
return KMSB_ERROR_OPERATION_FAILED;
/* Allocate memory for the signature based on size in slen */
- if(!(*sig = OPENSSL_malloc(sizeof(unsigned char) * (*sig_len))))
+ if (!(*sig = OPENSSL_malloc(sizeof(unsigned char) * (*sig_len))))
return KMSB_ERROR_OUT_OF_MEMORY;
/* Obtain the signature */
- if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx, *sig, sig_len))
+ if (OPENSSL_SUCCESS != EVP_DigestSignFinal(mdctx, *sig, sig_len))
return KMSB_ERROR_OPERATION_FAILED;
/* Clean up */
- if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if (mdctx) EVP_MD_CTX_destroy(mdctx);
return KMSB_ERROR_NONE;
}
const unsigned char *msg, const unsigned int msg_len,
unsigned char *sig, unsigned int sig_len)
{
+ // check the input parameters
+ if (msg == NULL ||
+ msg_len == 0 ||
+ sig == NULL ||
+ sig_len == 0)
+ return KMSB_ERROR_INVALID_PARAMETER;
+
kmsb_error_e ret = KMSB_ERROR_NONE;
if (!KEY_ARRAY[key_idx]) {
ret = generate_ecdsa_key(key_idx, param->ec_type, false);
EVP_PKEY *pkey = (EVP_PKEY *)KEY_ARRAY[key_idx];
EVP_MD_CTX *mdctx = NULL;
/* Create the Message Digest Context */
- if(!(mdctx = EVP_MD_CTX_create()))
+ if (!(mdctx = EVP_MD_CTX_create()))
+ return KMSB_ERROR_OPERATION_FAILED;
+
+ const EVP_MD* hash = getMdAlgo(param->hash_algo);
+ if (hash == NULL) return KMSB_ERROR_NOT_SUPPORTED;
+
+ if (OPENSSL_SUCCESS != EVP_DigestVerifyInit(mdctx, NULL, hash, NULL, pkey))
return KMSB_ERROR_OPERATION_FAILED;
- switch (param->hash_algo) {
- case KMSB_HASH_SHA1:
- if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx, NULL, EVP_sha1(), NULL, pkey))
- return KMSB_ERROR_OPERATION_FAILED;
- break;
- case KMSB_HASH_SHA256:
- if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pkey))
- return KMSB_ERROR_OPERATION_FAILED;
- break;
- case KMSB_HASH_SHA384:
- if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx, NULL, EVP_sha384(), NULL, pkey))
- return KMSB_ERROR_OPERATION_FAILED;
- break;
- case KMSB_HASH_SHA512:
- if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx, NULL, EVP_sha512(), NULL, pkey))
- return KMSB_ERROR_OPERATION_FAILED;
- break;
- default:
- return KMSB_ERROR_NOT_SUPPORTED;
- }
/* Initialize `key` with a public key */
- if(EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx, msg, msg_len))
+ if (OPENSSL_SUCCESS != EVP_DigestVerifyUpdate(mdctx, msg, msg_len))
return KMSB_ERROR_OPERATION_FAILED;
- if(EVP_SUCCESS != EVP_DigestVerifyFinal(mdctx, sig, sig_len))
+ if (OPENSSL_SUCCESS != EVP_DigestVerifyFinal(mdctx, sig, sig_len))
return KMSB_ERROR_VERIFICATION_FAILED;
return KMSB_ERROR_NONE;
if (signature) free(signature);
}
+
+BOOST_AUTO_TEST_CASE(kmsb_aes_decrypt_fail_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+
+ unsigned char input[32] = {0x01};
+ unsigned char iv[16] = {0x02};
+ unsigned char *output1 = NULL;
+ unsigned char *output2 = NULL;
+ unsigned int output_len = 0;
+
+ kmsb_aes_param_s param;
+ param.mode = KMSB_ALGO_AES_CBC;
+ param.iv = iv;
+ param.iv_len = 16;
+
+ ret = kmsb_aes_encrypt(TEST_AES_KEY_IDX, ¶m,
+ input, sizeof(input),
+ &output1, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+ output_len--;
+ ret = kmsb_aes_decrypt(TEST_AES_KEY_IDX, ¶m,
+ output1, output_len,
+ &output2, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_OPERATION_FAILED);
+
+ if (output1) free(output1);
+ if (output2) free(output2);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_aes_encrypt_invalid_parameters_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+
+ unsigned char input[32] = {0x01};
+ unsigned char iv[16] = {0x02};
+ unsigned char *output = NULL;
+ unsigned int output_len = 0;
+ unsigned int key_idx = TEST_AES_KEY_IDX;
+
+ kmsb_aes_param_s param;
+ param.mode = KMSB_ALGO_AES_CBC;
+ param.iv = iv;
+ param.iv_len = 16;
+
+ ret = kmsb_aes_encrypt(key_idx, ¶m,
+ NULL, sizeof(input),
+ &output, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_aes_encrypt(key_idx, ¶m,
+ input, 0,
+ &output, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ param.iv = NULL;
+ ret = kmsb_aes_encrypt(key_idx, ¶m,
+ input, sizeof(input),
+ &output, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ param.iv = iv;
+ param.iv_len = 0;
+ ret = kmsb_aes_encrypt(key_idx, ¶m,
+ input, sizeof(input),
+ &output, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_aes_decrypt_invalid_parameters_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+
+ unsigned char input[32] = {0x01};
+ unsigned char iv[16] = {0x02};
+ unsigned char *output = NULL;
+ unsigned int output_len = 0;
+ unsigned int key_idx = TEST_AES_KEY_IDX;
+
+ kmsb_aes_param_s param;
+ param.mode = KMSB_ALGO_AES_CBC;
+ param.iv = iv;
+ param.iv_len = 16;
+
+ ret = kmsb_aes_encrypt(key_idx, ¶m,
+ input, sizeof(input),
+ &output, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+ ret = kmsb_aes_decrypt(key_idx, ¶m,
+ NULL, sizeof(input),
+ &output, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_aes_decrypt(key_idx, ¶m,
+ input, 0,
+ &output, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_aes_decrypt(key_idx, ¶m,
+ input, sizeof(input),
+ NULL, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_aes_decrypt(key_idx, ¶m,
+ input, sizeof(input),
+ &output, NULL);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ param.iv = NULL;
+ ret = kmsb_aes_decrypt(key_idx, ¶m,
+ input, sizeof(input),
+ &output, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ param.iv = iv;
+ param.iv_len = 0;
+ ret = kmsb_aes_encrypt(key_idx, ¶m,
+ input, sizeof(input),
+ &output, &output_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ if (output) free(output);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_verify_signature_fail_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char input[32] = {0x01};
+ unsigned char *signature = NULL;
+ unsigned int signature_len = 0;
+
+ kmsb_sign_param_s param;
+ param.ec_type = KMSB_EC_PRIME256V1;
+ param.hash_algo = KMSB_HASH_SHA256;
+
+ ret = kmsb_create_signature(TEST_ECDSA_P256_KEY_IDX, ¶m,
+ input, sizeof(input),
+ &signature, &signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+ signature_len--;
+ ret = kmsb_verify_signature(TEST_ECDSA_P256_KEY_IDX, ¶m,
+ input, sizeof(input),
+ signature, signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_VERIFICATION_FAILED);
+
+ if (signature) free(signature);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_create_signature_wrong_key_idx_n)
+{
+ unsigned char input[32] = {0x01};
+ unsigned char *signature = NULL;
+ unsigned int signature_len = 0;
+
+ kmsb_hash_algo_e alg = KMSB_HASH_SHA256;
+ kmsb_ec_type_e ec = KMSB_EC_SECP384R1;
+ test_kmsb_create_signature(TEST_ECDSA_P256_KEY_IDX, alg, ec,
+ input, sizeof(input),
+ &signature, &signature_len);
+
+ if (signature) free(signature);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_verify_signature_wrong_key_idx_n)
+{
+ unsigned char input[32] = {0x01};
+ unsigned char *signature = NULL;
+ unsigned int signature_len = 0;
+
+ kmsb_hash_algo_e alg = KMSB_HASH_SHA256;
+ kmsb_ec_type_e ec = KMSB_EC_SECP384R1;
+ test_kmsb_verify_signature(TEST_ECDSA_P256_KEY_IDX, alg, ec,
+ input, sizeof(input),
+ &signature, &signature_len);
+
+ if (signature) free(signature);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_create_signature_invalid_parameters_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char input[32] = {0x01};
+ unsigned char *signature = NULL;
+ unsigned int signature_len = 0;
+ unsigned int key_idx = TEST_ECDSA_P256_KEY_IDX;
+
+ kmsb_sign_param_s param;
+ param.ec_type = KMSB_EC_PRIME256V1;
+ param.hash_algo = KMSB_HASH_NONE;
+ ret = kmsb_create_signature(key_idx, ¶m,
+ input, sizeof(input),
+ &signature, &signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NOT_SUPPORTED);
+
+ param.hash_algo = KMSB_HASH_SHA256;
+ ret = kmsb_create_signature(key_idx, ¶m,
+ NULL, sizeof(input),
+ &signature, &signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_create_signature(key_idx, ¶m,
+ input, 0,
+ &signature, &signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_create_signature(key_idx, ¶m,
+ input, sizeof(input),
+ NULL, &signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_create_signature(key_idx, ¶m,
+ input, sizeof(input),
+ &signature, NULL);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_verify_signature_invalid_parameters_n)
+{
+ kmsb_error_e ret = KMSB_ERROR_NONE;
+ unsigned char input[32] = {0x01};
+ unsigned char *signature = NULL;
+ unsigned int signature_len = 0;
+ unsigned int key_idx = TEST_ECDSA_P256_KEY_IDX;
+
+ kmsb_sign_param_s param;
+ param.ec_type = KMSB_EC_PRIME256V1;
+ param.hash_algo = KMSB_HASH_SHA256;
+
+ ret = kmsb_create_signature(key_idx, ¶m,
+ input, sizeof(input),
+ &signature, &signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+ param.hash_algo = KMSB_HASH_NONE;
+ ret = kmsb_verify_signature(key_idx, ¶m,
+ input, sizeof(input),
+ signature, signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_NOT_SUPPORTED);
+
+ param.hash_algo = KMSB_HASH_SHA256;
+ ret = kmsb_verify_signature(key_idx, ¶m,
+ NULL, sizeof(input),
+ signature, signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_verify_signature(key_idx, ¶m,
+ input, 0,
+ signature, signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_verify_signature(key_idx, ¶m,
+ input, sizeof(input),
+ NULL, signature_len);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ ret = kmsb_verify_signature(key_idx, ¶m,
+ input, sizeof(input),
+ signature, 0);
+ BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+ if (signature) free(signature);
+}
+
BOOST_AUTO_TEST_SUITE_END() // SE_EMUL
BOOST_AUTO_TEST_SUITE_END() // USER
projects / platform / core / security / key-manager-se-backend.git / commitdiff