2 * Copyright (c) 2023 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
19 #include <unordered_map>
21 #include <dpl/test/test_runner.h>
22 #include <ckm-common.h>
23 #include <ckmc/ckmc-manager.h>
24 #include <ckmc/ckmc-control.h>
28 const char* PASSWORD = "test-password";
29 const uid_t UID = 5001;
37 const KeyAliasPair OURS = { "our_ec_private", "our_ec_public" };
38 const KeyAliasPair PEERS = { "peer_ec_private", "peer_ec_public" };
39 const KeyAliasPair PEERS2 = { "peer2_ec_private", "peer2_ec_public" };
40 const KeyAliasPair WRONG = { "wrong_ec_private", "wrong_ec_public" };
41 const KeyAliasPair RSA = { "rsa_private", "rsa_public" };
42 const std::string DERIVED = "derived";
44 const ckmc_policy_s UNEXPORTABLE { nullptr, false };
45 const ckmc_policy_s EXPORTABLE { nullptr, true };
46 const ckmc_policy_s UNEXPORTABLE_PW { const_cast<char*>(PASSWORD), false };
47 const ckmc_policy_s EXPORTABLE_PW { const_cast<char*>(PASSWORD), true };
49 class EcdhGroupFixture: public DPL::Test::TestGroup
52 void GenerateEC(ckmc_ec_type_e curve,
53 const KeyAliasPair& pair,
54 const ckmc_policy_s& policy_prv,
55 const ckmc_policy_s& policy_pub)
57 assert_positive(ckmc_create_key_pair_ecdsa,
68 remove_user_data(UID);
69 assert_positive(ckmc_unlock_user_key, UID, "db-pass");
71 GenerateEC(CKMC_EC_PRIME256V1, OURS, UNEXPORTABLE, EXPORTABLE);
72 GenerateEC(CKMC_EC_PRIME256V1, PEERS, UNEXPORTABLE_PW, EXPORTABLE);
73 GenerateEC(CKMC_EC_PRIME256V1, PEERS2, EXPORTABLE, EXPORTABLE);
74 GenerateEC(CKMC_EC_PRIME192V1, WRONG, UNEXPORTABLE, EXPORTABLE);
76 assert_positive(ckmc_create_key_pair_rsa,
84 void Finish() override
86 int ret = ckmc_lock_user_key(UID);
87 if (ret != CKMC_ERROR_NONE)
88 RUNNER_ERROR_MSG("DB lock failed: " << CKMCErrorToString(ret));
89 remove_user_data(UID);
95 void init(const std::string&)
101 ckmc_remove_alias(DERIVED.c_str());
105 RawBufferPtr getPublicKey(const std::string& pub_alias)
107 ckmc_key_s *pubKey = nullptr;
108 assert_positive(ckmc_get_key, pub_alias.c_str(), "", &pubKey);
110 ckmc_raw_buffer_s* pubBuffer = nullptr;
111 assert_positive(ckmc_buffer_new, pubKey->raw_key, pubKey->key_size, &pubBuffer);
112 ckmc_key_free(pubKey);
114 return create_raw_buffer(pubBuffer);
117 ParamListPtr getDefaultECDHParams(const std::string& pubAlias)
119 auto ecdhParams = createParamListPtr();
120 setParam(ecdhParams, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_ECDH);
121 auto pubKey = getPublicKey(pubAlias);
122 setParam(ecdhParams, CKMC_PARAM_ECDH_PUBKEY, pubKey.get());
126 void deriveEcdh(const std::string& prvAlias,
127 const std::string& prvPass,
128 const std::string& pubAlias,
129 const std::string& derivedAlias,
130 const ckmc_policy_s& derivedPolicy,
133 auto ecdhParams = getDefaultECDHParams(pubAlias);
135 assert_result(expected,
140 derivedAlias.c_str(),
144 RawBufferPtr deriveEcdhAndGet(const std::string& prvAlias,
145 const std::string& prvPass,
146 const std::string& pubAlias,
147 const std::string& derivedAlias,
148 const ckmc_policy_s& derivedPolicy)
150 deriveEcdh(prvAlias, prvPass, pubAlias, derivedAlias, derivedPolicy, CKMC_ERROR_NONE);
152 ckmc_raw_buffer_s *derivedBuffer = nullptr;
153 assert_positive(ckmc_get_data, derivedAlias.c_str(), derivedPolicy.password, &derivedBuffer);
155 ckmc_remove_alias(derivedAlias.c_str());
157 return create_raw_buffer(derivedBuffer);
160 void invalidDerive(const ParamListPtr& params)
162 assert_invalid_param(ckmc_key_derive,
170 } // namespace anonymous
172 RUNNER_TEST_GROUP_INIT_ENV(CKM_DERIVE_ECDH, EcdhGroupFixture);
174 RUNNER_TEST(TECDH_0010_positive, DerivedFixture)
176 auto ourDerived = deriveEcdhAndGet(OURS.prv, "", PEERS.pub, DERIVED, EXPORTABLE);
177 auto peerDerived = deriveEcdhAndGet(PEERS.prv, PASSWORD, OURS.pub, DERIVED, EXPORTABLE_PW);
179 assert_buffers_equal(ourDerived.get(), peerDerived.get());
181 auto wrongDerived = deriveEcdhAndGet(OURS.prv, "", PEERS2.pub, DERIVED, EXPORTABLE);
183 assert_buffers_equal(ourDerived.get(), wrongDerived.get(), false);
186 RUNNER_TEST(TECDH_0020_missing_arguments, DerivedFixture)
188 auto ecdhParams = getDefaultECDHParams(PEERS.pub);
190 assert_invalid_param(ckmc_key_derive,
197 assert_invalid_param(ckmc_key_derive,
204 assert_invalid_param(ckmc_key_derive,
212 RUNNER_TEST(TECDH_0030_unknown_alias, DerivedFixture)
214 auto ecdhParams = getDefaultECDHParams(PEERS.pub);
216 assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
225 RUNNER_TEST(TECDH_0040_alias_exists, DerivedFixture)
227 auto ecdhParams = getDefaultECDHParams(PEERS.pub);
229 assert_positive(ckmc_key_derive,
236 assert_result(CKMC_ERROR_DB_ALIAS_EXISTS,
245 RUNNER_TEST(TECDH_0050_derived_password, DerivedFixture)
247 auto ecdhParams = getDefaultECDHParams(PEERS.pub);
249 assert_positive(ckmc_key_derive,
256 ckmc_raw_buffer_s *derived = nullptr;
257 assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_get_data, DERIVED.c_str(), "", &derived);
258 assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_get_data, DERIVED.c_str(), "pw", &derived);
260 assert_positive(ckmc_remove_alias, DERIVED.c_str());
262 assert_positive(ckmc_key_derive,
269 assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_get_data, DERIVED.c_str(), "pw", &derived);
271 CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_get_data, DERIVED.c_str(), PASSWORD, &derived);
274 RUNNER_TEST(TECDH_0050_derived_unexportable, DerivedFixture)
276 auto ecdhParams = getDefaultECDHParams(PEERS.pub);
278 assert_positive(ckmc_key_derive,
285 ckmc_raw_buffer_s *derived = nullptr;
286 assert_result(CKMC_ERROR_NOT_EXPORTABLE, ckmc_get_data, DERIVED.c_str(), "", &derived);
289 RUNNER_TEST(TECDH_0100_wrong_parameters, DerivedFixture)
291 auto ecdhParams = createParamListPtr();
294 invalidDerive(ecdhParams);
297 setParam(ecdhParams, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_ECDH);
298 invalidDerive(ecdhParams);
301 ckmc_raw_buffer_s* garbage = createRandomBufferCAPI(1);
302 auto buffer = create_raw_buffer(garbage);
303 setParam(ecdhParams, CKMC_PARAM_ECDH_PUBKEY, buffer.get());
304 invalidDerive(ecdhParams);
306 // private key instead of pubkey
307 buffer = getPublicKey(PEERS2.prv);
308 setParam(ecdhParams, CKMC_PARAM_ECDH_PUBKEY, buffer.get());
309 invalidDerive(ecdhParams);
312 buffer = getPublicKey(OURS.pub);
313 setParam(ecdhParams, CKMC_PARAM_ECDH_PUBKEY, buffer.get());
314 setParam(ecdhParams, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_KBKDF);
315 invalidDerive(ecdhParams);
318 RUNNER_TEST(TECDH_0200_wrong_password, DerivedFixture)
320 deriveEcdh(PEERS.prv, "", OURS.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_AUTHENTICATION_FAILED);
322 UNEXPORTABLE_PW.password,
326 CKMC_ERROR_AUTHENTICATION_FAILED);
329 RUNNER_TEST(TECDH_0210_different_curves, DerivedFixture)
331 deriveEcdh(OURS.prv, "", WRONG.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
332 deriveEcdh(WRONG.prv, "", OURS.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
335 RUNNER_TEST(TECDH_0220_different_key_types, DerivedFixture)
337 deriveEcdh(OURS.prv, "", RSA.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
338 deriveEcdh(RSA.prv, "", OURS.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
341 RUNNER_TEST(TECDH_0230_public_instead_of_private, DerivedFixture)
343 deriveEcdh(OURS.pub, "", OURS.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
346 RUNNER_TEST(TECDH_0230_wrong_key_types, DerivedFixture)
348 deriveEcdh(RSA.prv, "", RSA.pub, DERIVED, UNEXPORTABLE, CKMC_ERROR_INVALID_PARAMETER);
projects / platform / core / test / security-tests.git / blob