2 * Copyright (c) 2023 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 #include "e2ee-adaptation-layer.h"
19 #include <dpl/test/test_runner.h>
20 #include <ckm-common.h>
21 #include <ckmc/ckmc-manager.h>
22 #include <ckmc/ckmc-control.h>
26 const uid_t UID = 5001;
34 const KeyAliasPair OURS = { "our_ec_private", "our_ec_public" };
35 const KeyAliasPair PEERS = { "peer_ec_private", "peer_ec_public" };
36 const KeyAliasPair PEERS2 = { "peer2_ec_private", "peer2_ec_public" };
37 const KeyAliasPair WRONG = { "wrong_ec_private", "wrong_ec_public" };
38 const KeyAliasPair RSA_KEYS = { "rsa_private", "rsa_public" };
40 const char* const DERIVED = "derived";
42 constexpr size_t SALT_LEN = 16;
43 const unsigned char SALT[SALT_LEN] = {};
45 const ckmc_policy_s UNEXPORTABLE { nullptr, false };
46 const ckmc_policy_s EXPORTABLE { nullptr, true };
48 class EALGroupFixture: public DPL::Test::TestGroup
51 void GenerateEC(ckmc_ec_type_e curve,
52 const KeyAliasPair& pair,
53 const ckmc_policy_s& policy_prv,
54 const ckmc_policy_s& policy_pub)
56 ckmc_remove_alias(pair.prv.c_str());
57 ckmc_remove_alias(pair.pub.c_str());
58 assert_positive(ckmc_create_key_pair_ecdsa,
69 remove_user_data(UID);
70 assert_positive(ckmc_unlock_user_key, UID, "db-pass");
72 GenerateEC(CKMC_EC_PRIME256V1, OURS, UNEXPORTABLE, EXPORTABLE);
73 GenerateEC(CKMC_EC_PRIME256V1, PEERS, UNEXPORTABLE, EXPORTABLE);
74 GenerateEC(CKMC_EC_PRIME256V1, PEERS2, EXPORTABLE, EXPORTABLE);
75 GenerateEC(CKMC_EC_PRIME192V1, WRONG, UNEXPORTABLE, EXPORTABLE);
77 ckmc_remove_alias(RSA_KEYS.prv.c_str());
78 ckmc_remove_alias(RSA_KEYS.pub.c_str());
79 assert_positive(ckmc_create_key_pair_rsa,
87 void Finish() override
89 int ret = ckmc_lock_user_key(UID);
90 if (ret != CKMC_ERROR_NONE)
91 RUNNER_ERROR_MSG("DB lock failed: " << CKMCErrorToString(ret));
92 remove_user_data(UID);
95 typedef std::unique_ptr<ckmc_key_s, decltype(&ckmc_key_free)> KeyPtr;
97 KeyPtr getKey(const std::string& alias)
99 ckmc_key_s* key = nullptr;
100 assert_positive(ckmc_get_key, alias.c_str(), "", &key);
102 return KeyPtr(key, ckmc_key_free);
105 AliasRemover keyAgreement(const std::string &prv, const std::string& pub, const char* derived)
107 auto pub_key = getKey(pub);
108 assert_positive(ckmew_key_agreement, prv.c_str(), pub_key->raw_key, pub_key->key_size, derived);
110 return AliasRemover(derived);
113 } // namespace anonymous
115 RUNNER_TEST_GROUP_INIT_ENV(E2EE_ADAPTATION_LAYER, EALGroupFixture);
117 RUNNER_TEST(TEAL_0010_key_agreement_positive)
119 const char* const OURS_DERIVED = "ours_derived";
120 const char* const PEERS_DERIVED = "peers_derived";
121 const char* const PEERS2_DERIVED = "peers2_derived";
123 auto our_remover = keyAgreement(OURS.prv, PEERS.pub, OURS_DERIVED);
124 auto peer_remover = keyAgreement(PEERS.prv, OURS.pub, PEERS_DERIVED);
125 auto peer2_remover = keyAgreement(PEERS2.prv, OURS.pub, PEERS2_DERIVED);
127 auto plain = create_raw_buffer(createRandomBufferCAPI(512));
128 auto iv = create_raw_buffer(createRandomBufferCAPI(16));
130 auto params = createParamListPtr();
131 setParam(params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_CTR);
132 setParam(params, CKMC_PARAM_ED_IV, iv.get());
134 ckmc_raw_buffer_s* encrypted = nullptr;
135 assert_positive(ckmc_encrypt_data, params.get(), OURS_DERIVED, "", *plain.get(), &encrypted);
136 auto encryptedPtr = create_raw_buffer(encrypted);
138 ckmc_raw_buffer_s* decrypted = nullptr;
139 assert_positive(ckmc_decrypt_data, params.get(), PEERS_DERIVED, "", *encrypted, &decrypted);
140 auto decryptedPtr = create_raw_buffer(decrypted);
142 assert_buffers_equal(plain.get(), decrypted);
144 decryptedPtr.reset();
146 assert_positive(ckmc_decrypt_data, params.get(), PEERS2_DERIVED, "", *encrypted, &decrypted);
147 decryptedPtr = create_raw_buffer(decrypted);
149 assert_buffers_equal(plain.get(), decrypted, false);
152 RUNNER_TEST(TEAL_0020_key_agreement_wrong_arguments)
154 auto pub_key = getKey(PEERS.pub);
156 auto invalid = [](const char* prv,
157 const unsigned char* pub,
161 assert_invalid_param(ckmew_key_agreement, prv, pub, pub_size, derived);
164 auto garbage = create_raw_buffer(createRandomBufferCAPI(pub_key->key_size));
166 invalid(nullptr, pub_key->raw_key, pub_key->key_size, DERIVED);
167 invalid(OURS.pub.c_str(), pub_key->raw_key, pub_key->key_size, DERIVED);
168 invalid(OURS.prv.c_str(), nullptr, pub_key->key_size, DERIVED);
169 invalid(OURS.prv.c_str(), pub_key->raw_key, 6, DERIVED);
170 invalid(OURS.prv.c_str(), garbage->data, garbage->size, DERIVED);
171 invalid(OURS.prv.c_str(), pub_key->raw_key, 0, DERIVED);
172 invalid(OURS.prv.c_str(), pub_key->raw_key, pub_key->key_size, nullptr);
175 RUNNER_TEST(TEAL_0030_key_agreement_wrong_aliases)
177 const char* const DERIVED = "derived";
179 auto pub_key = getKey(PEERS.pub);
181 assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
188 assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
195 assert_positive(ckmew_key_agreement,
201 AliasRemover remover(DERIVED);
203 assert_result(CKMC_ERROR_DB_ALIAS_EXISTS,
211 RUNNER_TEST(TEAL_1000_pbkdf_positive)
213 constexpr size_t KEY_LEN = 32;
215 auto plain = create_raw_buffer(createRandomBufferCAPI(512));
216 auto iv = create_raw_buffer(createRandomBufferCAPI(16));
217 auto salt = create_raw_buffer(createRandomBufferCAPI(SALT_LEN));
219 auto params = createParamListPtr();
220 setParam(params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_CTR);
221 setParam(params, CKMC_PARAM_ED_IV, iv.get());
223 assert_positive(ckmew_key_derive_pbkdf2, "password", salt->data, salt->size, KEY_LEN, DERIVED);
224 auto remover1 = AliasRemover(DERIVED);
226 ckmc_raw_buffer_s* encrypted = nullptr;
227 assert_positive(ckmc_encrypt_data, params.get(), DERIVED, "", *plain.get(), &encrypted);
228 auto encryptedPtr = create_raw_buffer(encrypted);
230 auto deriveAndDecrypt = [&encryptedPtr, ¶ms](const char* password,
231 const unsigned char* salt,
235 const char* const DERIVED2 = "derived2";
236 assert_positive(ckmew_key_derive_pbkdf2, password, salt, salt_len, key_len, DERIVED2);
237 auto remover = AliasRemover(DERIVED2);
239 ckmc_raw_buffer_s* decrypted = nullptr;
240 assert_positive(ckmc_decrypt_data,
247 return create_raw_buffer(decrypted);
250 RawBufferPtr decrypted;
251 decrypted = deriveAndDecrypt("password", salt->data, salt->size, KEY_LEN);
252 assert_buffers_equal(plain.get(), decrypted.get());
254 decrypted = deriveAndDecrypt("wrong", salt->data, salt->size, KEY_LEN);
255 assert_buffers_equal(plain.get(), decrypted.get(), false);
257 decrypted = deriveAndDecrypt("password", salt->data, salt->size, KEY_LEN - 8);
258 assert_buffers_equal(plain.get(), decrypted.get(), false);
260 decrypted = deriveAndDecrypt("password", salt->data, salt->size - 1, KEY_LEN);
261 assert_buffers_equal(plain.get(), decrypted.get(), false);
263 decrypted = deriveAndDecrypt("password", plain->data, salt->size, KEY_LEN);
264 assert_buffers_equal(plain.get(), decrypted.get(), false);
267 RUNNER_TEST(TEAL_1010_pbkdf_invalid_arguments)
269 assert_invalid_param(ckmew_key_derive_pbkdf2, nullptr, SALT, SALT_LEN, 32, DERIVED);
270 assert_invalid_param(ckmew_key_derive_pbkdf2, "password", nullptr, SALT_LEN, 32, DERIVED);
271 assert_invalid_param(ckmew_key_derive_pbkdf2, "password", SALT, SALT_LEN, 32, nullptr);
272 assert_invalid_param(ckmew_key_derive_pbkdf2, "password", SALT, SALT_LEN, 0, DERIVED);
274 auto invalidFormat = [&](size_t key_len) {
275 assert_result(CKMC_ERROR_INVALID_FORMAT,
276 ckmew_key_derive_pbkdf2,
289 RUNNER_TEST(TEAL_1020_pbkdf_wrong_alias)
291 assert_positive(ckmew_key_derive_pbkdf2, "password", SALT, SALT_LEN, 32, DERIVED);
293 auto remover = AliasRemover(DERIVED);
295 assert_result(CKMC_ERROR_DB_ALIAS_EXISTS,
296 ckmew_key_derive_pbkdf2,
304 int main(int argc, char *argv[])
306 require_default_user(argv);
308 return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);