src/e2ee-adaptation-layer/tests.cpp

   1 /*
   2  *  Copyright (c) 2023 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  */
  16
  17 #include "e2ee-adaptation-layer.h"
  18
  19 #include <dpl/test/test_runner.h>
  20 #include <ckm-common.h>
  21 #include <ckmc/ckmc-manager.h>
  22 #include <ckmc/ckmc-control.h>
  23
  24 namespace {
  25
  26 const uid_t UID = 5001;
  27
  28 struct KeyAliasPair
  29 {
  30     std::string prv;
  31     std::string pub;
  32 };
  33
  34 const KeyAliasPair OURS = { "our_ec_private", "our_ec_public" };
  35 const KeyAliasPair PEERS = { "peer_ec_private", "peer_ec_public" };
  36 const KeyAliasPair PEERS2 = { "peer2_ec_private", "peer2_ec_public" };
  37 const KeyAliasPair WRONG = { "wrong_ec_private", "wrong_ec_public" };
  38 const KeyAliasPair RSA_KEYS = { "rsa_private", "rsa_public" };
  39
  40 const char* const DERIVED = "derived";
  41
  42 constexpr size_t SALT_LEN = 16;
  43 const unsigned char SALT[SALT_LEN] = {};
  44
  45 const ckmc_policy_s UNEXPORTABLE { nullptr, false };
  46 const ckmc_policy_s EXPORTABLE { nullptr, true };
  47
  48 class EALGroupFixture: public DPL::Test::TestGroup
  49 {
  50 private:
  51     void GenerateEC(ckmc_ec_type_e curve,
  52                     const KeyAliasPair& pair,
  53                     const ckmc_policy_s& policy_prv,
  54                     const ckmc_policy_s& policy_pub)
  55     {
  56         ckmc_remove_alias(pair.prv.c_str());
  57         ckmc_remove_alias(pair.pub.c_str());
  58         assert_positive(ckmc_create_key_pair_ecdsa,
  59                         curve,
  60                         pair.prv.c_str(),
  61                         pair.pub.c_str(),
  62                         policy_prv,
  63                         policy_pub);
  64     }
  65
  66 public:
  67     void Init() override
  68     {
  69         remove_user_data(UID);
  70         assert_positive(ckmc_unlock_user_key, UID, "db-pass");
  71
  72         GenerateEC(CKMC_EC_PRIME256V1, OURS, UNEXPORTABLE, EXPORTABLE);
  73         GenerateEC(CKMC_EC_PRIME256V1, PEERS, UNEXPORTABLE, EXPORTABLE);
  74         GenerateEC(CKMC_EC_PRIME256V1, PEERS2, EXPORTABLE, EXPORTABLE);
  75         GenerateEC(CKMC_EC_PRIME192V1, WRONG, UNEXPORTABLE, EXPORTABLE);
  76
  77         ckmc_remove_alias(RSA_KEYS.prv.c_str());
  78         ckmc_remove_alias(RSA_KEYS.pub.c_str());
  79         assert_positive(ckmc_create_key_pair_rsa,
  80                         1024,
  81                         RSA_KEYS.prv.c_str(),
  82                         RSA_KEYS.pub.c_str(),
  83                         UNEXPORTABLE,
  84                         EXPORTABLE);
  85     }
  86
  87     void Finish() override
  88     {
  89         int ret = ckmc_lock_user_key(UID);
  90         if (ret != CKMC_ERROR_NONE)
  91             RUNNER_ERROR_MSG("DB lock failed: " << CKMCErrorToString(ret));
  92         remove_user_data(UID);
  93     }
  94 };
  95 typedef std::unique_ptr<ckmc_key_s, decltype(&ckmc_key_free)> KeyPtr;
  96
  97 KeyPtr getKey(const std::string& alias)
  98 {
  99     ckmc_key_s* key = nullptr;
 100     assert_positive(ckmc_get_key, alias.c_str(), "", &key);
 101
 102     return KeyPtr(key, ckmc_key_free);
 103 }
 104
 105 AliasRemover keyAgreement(const std::string &prv, const std::string& pub, const char* derived)
 106 {
 107     auto pub_key = getKey(pub);
 108     assert_positive(ckmew_key_agreement, prv.c_str(), pub_key->raw_key, pub_key->key_size, derived);
 109
 110     return AliasRemover(derived);
 111 }
 112
 113 } // namespace anonymous
 114
 115 RUNNER_TEST_GROUP_INIT_ENV(E2EE_ADAPTATION_LAYER, EALGroupFixture);
 116
 117 RUNNER_TEST(TEAL_0010_key_agreement_positive)
 118 {
 119     const char* const OURS_DERIVED = "ours_derived";
 120     const char* const PEERS_DERIVED = "peers_derived";
 121     const char* const PEERS2_DERIVED = "peers2_derived";
 122
 123     auto our_remover = keyAgreement(OURS.prv, PEERS.pub, OURS_DERIVED);
 124     auto peer_remover = keyAgreement(PEERS.prv, OURS.pub, PEERS_DERIVED);
 125     auto peer2_remover = keyAgreement(PEERS2.prv, OURS.pub, PEERS2_DERIVED);
 126
 127     auto plain = create_raw_buffer(createRandomBufferCAPI(512));
 128     auto iv = create_raw_buffer(createRandomBufferCAPI(16));
 129
 130     auto params = createParamListPtr();
 131     setParam(params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_CTR);
 132     setParam(params, CKMC_PARAM_ED_IV, iv.get());
 133
 134     ckmc_raw_buffer_s* encrypted = nullptr;
 135     assert_positive(ckmc_encrypt_data, params.get(), OURS_DERIVED, "", *plain.get(), &encrypted);
 136     auto encryptedPtr = create_raw_buffer(encrypted);
 137
 138     ckmc_raw_buffer_s* decrypted = nullptr;
 139     assert_positive(ckmc_decrypt_data, params.get(), PEERS_DERIVED, "", *encrypted, &decrypted);
 140     auto decryptedPtr = create_raw_buffer(decrypted);
 141
 142     assert_buffers_equal(plain.get(), decrypted);
 143
 144     decryptedPtr.reset();
 145     decrypted = nullptr;
 146     assert_positive(ckmc_decrypt_data, params.get(), PEERS2_DERIVED, "", *encrypted, &decrypted);
 147     decryptedPtr = create_raw_buffer(decrypted);
 148
 149     assert_buffers_equal(plain.get(), decrypted, false);
 150 }
 151
 152 RUNNER_TEST(TEAL_0020_key_agreement_wrong_arguments)
 153 {
 154     auto pub_key = getKey(PEERS.pub);
 155
 156     auto invalid = [](const char* prv,
 157                       const unsigned char* pub,
 158                       size_t pub_size,
 159                       const char* derived)
 160     {
 161         assert_invalid_param(ckmew_key_agreement, prv, pub, pub_size, derived);
 162     };
 163
 164     auto garbage = create_raw_buffer(createRandomBufferCAPI(pub_key->key_size));
 165
 166     invalid(nullptr,          pub_key->raw_key, pub_key->key_size, DERIVED);
 167     invalid(OURS.pub.c_str(), pub_key->raw_key, pub_key->key_size, DERIVED);
 168     invalid(OURS.prv.c_str(), nullptr,          pub_key->key_size, DERIVED);
 169     invalid(OURS.prv.c_str(), pub_key->raw_key, 6, DERIVED);
 170     invalid(OURS.prv.c_str(), garbage->data,    garbage->size,     DERIVED);
 171     invalid(OURS.prv.c_str(), pub_key->raw_key, 0,                 DERIVED);
 172     invalid(OURS.prv.c_str(), pub_key->raw_key, pub_key->key_size, nullptr);
 173 }
 174
 175 RUNNER_TEST(TEAL_0030_key_agreement_wrong_aliases)
 176 {
 177     const char* const DERIVED = "derived";
 178
 179     auto pub_key = getKey(PEERS.pub);
 180
 181     assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
 182                   ckmew_key_agreement,
 183                   "",
 184                   pub_key->raw_key,
 185                   pub_key->key_size,
 186                   DERIVED);
 187
 188     assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
 189                   ckmew_key_agreement,
 190                   "nonexistent-alias",
 191                   pub_key->raw_key,
 192                   pub_key->key_size,
 193                   DERIVED);
 194
 195     assert_positive(ckmew_key_agreement,
 196                     OURS.prv.c_str(),
 197                     pub_key->raw_key,
 198                     pub_key->key_size,
 199                     DERIVED);
 200
 201     AliasRemover remover(DERIVED);
 202
 203     assert_result(CKMC_ERROR_DB_ALIAS_EXISTS,
 204                   ckmew_key_agreement,
 205                   OURS.prv.c_str(),
 206                   pub_key->raw_key,
 207                   pub_key->key_size,
 208                   DERIVED);
 209 }
 210
 211 RUNNER_TEST(TEAL_1000_pbkdf_positive)
 212 {
 213     constexpr size_t KEY_LEN = 32;
 214
 215     auto plain = create_raw_buffer(createRandomBufferCAPI(512));
 216     auto iv = create_raw_buffer(createRandomBufferCAPI(16));
 217     auto salt = create_raw_buffer(createRandomBufferCAPI(SALT_LEN));
 218
 219     auto params = createParamListPtr();
 220     setParam(params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_CTR);
 221     setParam(params, CKMC_PARAM_ED_IV, iv.get());
 222
 223     assert_positive(ckmew_key_derive_pbkdf2, "password", salt->data, salt->size, KEY_LEN, DERIVED);
 224     auto remover1 = AliasRemover(DERIVED);
 225
 226     ckmc_raw_buffer_s* encrypted = nullptr;
 227     assert_positive(ckmc_encrypt_data, params.get(), DERIVED, "", *plain.get(), &encrypted);
 228     auto encryptedPtr = create_raw_buffer(encrypted);
 229
 230     auto deriveAndDecrypt = [&encryptedPtr, &params](const char* password,
 231                                                      const unsigned char* salt,
 232                                                      size_t salt_len,
 233                                                      size_t key_len)
 234     {
 235         const char* const DERIVED2 = "derived2";
 236         assert_positive(ckmew_key_derive_pbkdf2, password, salt, salt_len, key_len, DERIVED2);
 237         auto remover = AliasRemover(DERIVED2);
 238
 239         ckmc_raw_buffer_s* decrypted = nullptr;
 240         assert_positive(ckmc_decrypt_data,
 241                         params.get(),
 242                         DERIVED2,
 243                         "",
 244                         *encryptedPtr.get(),
 245                         &decrypted);
 246
 247         return create_raw_buffer(decrypted);
 248     };
 249
 250     RawBufferPtr decrypted;
 251     decrypted = deriveAndDecrypt("password", salt->data, salt->size, KEY_LEN);
 252     assert_buffers_equal(plain.get(), decrypted.get());
 253
 254     decrypted = deriveAndDecrypt("wrong", salt->data, salt->size, KEY_LEN);
 255     assert_buffers_equal(plain.get(), decrypted.get(), false);
 256
 257     decrypted = deriveAndDecrypt("password", salt->data, salt->size, KEY_LEN - 8);
 258     assert_buffers_equal(plain.get(), decrypted.get(), false);
 259
 260     decrypted = deriveAndDecrypt("password", salt->data, salt->size - 1, KEY_LEN);
 261     assert_buffers_equal(plain.get(), decrypted.get(), false);
 262
 263     decrypted = deriveAndDecrypt("password", plain->data, salt->size, KEY_LEN);
 264     assert_buffers_equal(plain.get(), decrypted.get(), false);
 265 }
 266
 267 RUNNER_TEST(TEAL_1010_pbkdf_invalid_arguments)
 268 {
 269     assert_invalid_param(ckmew_key_derive_pbkdf2, nullptr,    SALT,    SALT_LEN, 32, DERIVED);
 270     assert_invalid_param(ckmew_key_derive_pbkdf2, "password", nullptr, SALT_LEN, 32, DERIVED);
 271     assert_invalid_param(ckmew_key_derive_pbkdf2, "password", SALT,    SALT_LEN, 32, nullptr);
 272     assert_invalid_param(ckmew_key_derive_pbkdf2, "password", SALT,    SALT_LEN, 0,  DERIVED);
 273
 274     auto invalidFormat = [&](size_t key_len) {
 275         assert_result(CKMC_ERROR_INVALID_FORMAT,
 276                       ckmew_key_derive_pbkdf2,
 277                       "password",
 278                       SALT,
 279                       SALT_LEN,
 280                       key_len,
 281                       DERIVED);
 282     };
 283     invalidFormat(64);
 284     invalidFormat(31);
 285     invalidFormat(8);
 286     invalidFormat(1);
 287 }
 288
 289 RUNNER_TEST(TEAL_1020_pbkdf_wrong_alias)
 290 {
 291     assert_positive(ckmew_key_derive_pbkdf2, "password", SALT, SALT_LEN, 32, DERIVED);
 292
 293     auto remover = AliasRemover(DERIVED);
 294
 295     assert_result(CKMC_ERROR_DB_ALIAS_EXISTS,
 296                   ckmew_key_derive_pbkdf2,
 297                   "password",
 298                   SALT,
 299                   SALT_LEN,
 300                   32,
 301                   DERIVED);
 302 }
 303
 304 int main(int argc, char *argv[])
 305 {
 306     require_default_user(argv);
 307
 308     return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
 309 }