const KeyAliasPair WRONG = { "wrong_ec_private", "wrong_ec_public" };
const KeyAliasPair RSA = { "rsa_private", "rsa_public" };
+const char* const DERIVED = "derived";
+
+constexpr size_t SALT_LEN = 16;
+const unsigned char SALT[SALT_LEN] = {};
+
const ckmc_policy_s UNEXPORTABLE { nullptr, false };
const ckmc_policy_s EXPORTABLE { nullptr, true };
RUNNER_TEST(TEAL_0020_key_agreement_wrong_arguments)
{
- const char* const DERIVED = "derived";
-
auto pub_key = getKey(PEERS.pub);
auto invalid = [](const char* prv,
DERIVED);
}
+RUNNER_TEST(TEAL_1000_pbkdf_positive)
+{
+ constexpr size_t KEY_LEN = 32;
+
+ auto plain = create_raw_buffer(createRandomBufferCAPI(512));
+ auto iv = create_raw_buffer(createRandomBufferCAPI(16));
+ auto salt = create_raw_buffer(createRandomBufferCAPI(SALT_LEN));
+
+ auto params = createParamListPtr();
+ setParam(params, CKMC_PARAM_ALGO_TYPE, CKMC_ALGO_AES_CTR);
+ setParam(params, CKMC_PARAM_ED_IV, iv.get());
+
+ assert_positive(ckmew_key_derive_pbkdf2, "password", salt->data, salt->size, KEY_LEN, DERIVED);
+ auto remover1 = AliasRemover(DERIVED);
+
+ ckmc_raw_buffer_s* encrypted = nullptr;
+ assert_positive(ckmc_encrypt_data, params.get(), DERIVED, "", *plain.get(), &encrypted);
+ auto encryptedPtr = create_raw_buffer(encrypted);
+
+ auto deriveAndDecrypt = [&encryptedPtr, ¶ms](const char* password,
+ const unsigned char* salt,
+ size_t salt_len,
+ size_t key_len)
+ {
+ const char* const DERIVED2 = "derived2";
+ assert_positive(ckmew_key_derive_pbkdf2, password, salt, salt_len, key_len, DERIVED2);
+ auto remover = AliasRemover(DERIVED2);
+
+ ckmc_raw_buffer_s* decrypted = nullptr;
+ assert_positive(ckmc_decrypt_data,
+ params.get(),
+ DERIVED2,
+ "",
+ *encryptedPtr.get(),
+ &decrypted);
+
+ return create_raw_buffer(decrypted);
+ };
+
+ RawBufferPtr decrypted;
+ decrypted = deriveAndDecrypt("password", salt->data, salt->size, KEY_LEN);
+ assert_buffers_equal(plain.get(), decrypted.get());
+
+ decrypted = deriveAndDecrypt("wrong", salt->data, salt->size, KEY_LEN);
+ assert_buffers_equal(plain.get(), decrypted.get(), false);
+
+ decrypted = deriveAndDecrypt("password", salt->data, salt->size, KEY_LEN - 8);
+ assert_buffers_equal(plain.get(), decrypted.get(), false);
+
+ decrypted = deriveAndDecrypt("password", salt->data, salt->size - 1, KEY_LEN);
+ assert_buffers_equal(plain.get(), decrypted.get(), false);
+
+ decrypted = deriveAndDecrypt("password", plain->data, salt->size, KEY_LEN);
+ assert_buffers_equal(plain.get(), decrypted.get(), false);
+}
+
+RUNNER_TEST(TEAL_1010_pbkdf_invalid_arguments)
+{
+ assert_invalid_param(ckmew_key_derive_pbkdf2, nullptr, SALT, SALT_LEN, 32, DERIVED);
+ assert_invalid_param(ckmew_key_derive_pbkdf2, "password", nullptr, SALT_LEN, 32, DERIVED);
+ assert_invalid_param(ckmew_key_derive_pbkdf2, "password", SALT, SALT_LEN, 32, nullptr);
+ assert_invalid_param(ckmew_key_derive_pbkdf2, "password", SALT, SALT_LEN, 0, DERIVED);
+
+ auto invalidFormat = [&](size_t key_len) {
+ assert_result(CKMC_ERROR_INVALID_FORMAT,
+ ckmew_key_derive_pbkdf2,
+ "password",
+ SALT,
+ SALT_LEN,
+ key_len,
+ DERIVED);
+ };
+ invalidFormat(64);
+ invalidFormat(31);
+ invalidFormat(8);
+ invalidFormat(1);
+}
+
+RUNNER_TEST(TEAL_1020_pbkdf_wrong_alias)
+{
+ assert_positive(ckmew_key_derive_pbkdf2, "password", SALT, SALT_LEN, 32, DERIVED);
+
+ auto remover = AliasRemover(DERIVED);
+
+ assert_result(CKMC_ERROR_DB_ALIAS_EXISTS,
+ ckmew_key_derive_pbkdf2,
+ "password",
+ SALT,
+ SALT_LEN,
+ 32,
+ DERIVED);
+}
+
int main(int argc, char *argv[])
{
return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
projects / platform / core / test / security-tests.git / blobdiff