const uid_t UID = 5001;
ckmc_raw_buffer_s* DEFAULT_IV = nullptr;
+ckmc_raw_buffer_s* AAD64 = nullptr;
+ckmc_raw_buffer_s* IV11 = nullptr;
+ckmc_raw_buffer_s* IV12 = nullptr;
+ckmc_raw_buffer_s* IV15 = nullptr;
+ckmc_raw_buffer_s* IV17 = nullptr;
+ckmc_raw_buffer_s* IV128 = nullptr;
+ckmc_raw_buffer_s* AAD32 = nullptr;
const Alias AES_KEY_128_ALIAS = "AES-gen-test-128";
const Alias AES_KEY_192_ALIAS = "AES-gen-test-192";
ckmc_algo_type_e type;
size_t initVector;
};
+
const Algo AES_CTR_ALGO = {CKMC_ALGO_AES_CTR, 16};
const Algo AES_CBC_ALGO = {CKMC_ALGO_AES_CBC, 16};
const Algo AES_GCM_ALGO = {CKMC_ALGO_AES_GCM, 16};
if (ret != CKMC_ERROR_NONE)
RUNNER_ERROR_MSG("DB unlock failed: " <<CKMCErrorToString(ret));
+ AAD64 = createRandomBufferCAPI(64);
+ IV11 = createRandomBufferCAPI(11);
+ IV12 = createRandomBufferCAPI(12);
+ IV15 = createRandomBufferCAPI(15);
+ IV17 = createRandomBufferCAPI(17);
+ IV128 = createRandomBufferCAPI(128);
+ AAD32 = createRandomBufferCAPI(32);
+
assert_positive(ckmc_create_key_pair_rsa,
1024,
RSA_KEY_1024_PRV_ALIAS.c_str(),
remove_user_data(UID);
ckmc_buffer_free(DEFAULT_IV);
+ ckmc_buffer_free(AAD64);
+ ckmc_buffer_free(AAD32);
+ ckmc_buffer_free(IV128);
+ ckmc_buffer_free(IV17);
+ ckmc_buffer_free(IV15);
+ ckmc_buffer_free(IV12);
+ ckmc_buffer_free(IV11);
ckmc_remove_key(RSA_KEY_1024_PRV_ALIAS.c_str());
ckmc_remove_key(RSA_KEY_1024_PUB_ALIAS.c_str());
}
void testImportValidArgs(const Algo &algo, int buffLen, const Alias &wrappingKeyAlias){
- ckmc_key_s *ppkey = nullptr;
+ ckmc_key_s *ppKey = nullptr;
ckmc_raw_buffer_s *finalData = nullptr;
ParamListPtr params = getDefaultParams(algo);
IMPORTED_ALIAS.c_str(),
EXPORTABLE);
- assert_positive(ckmc_get_key, IMPORTED_ALIAS.c_str(), nullptr, &ppkey);
- assert_positive(ckmc_buffer_new, ppkey->raw_key, ppkey->key_size, &finalData);
+ assert_positive(ckmc_get_key, IMPORTED_ALIAS.c_str(), nullptr, &ppKey);
+ assert_positive(ckmc_buffer_new, ppKey->raw_key, ppKey->key_size, &finalData);
assert_buffers_equal(plainData.get(), finalData);
ckmc_buffer_free(finalData);
- ckmc_key_free(ppkey);
+ ckmc_key_free(ppKey);
ckmc_remove_key(IMPORTED_ALIAS.c_str());
}
const char* wrappingKeyPass,
const ckmc_policy_s &importedKeyPolicy,
const char* importedKeyPass){
- ckmc_key_s *ppkey = nullptr;
+ ckmc_key_s *ppKey = nullptr;
ckmc_raw_buffer_s* finalData = nullptr;
ParamListPtr params = getDefaultParams(algo);
assert_positive(ckmc_get_key,
IMPORTED_ALIAS.c_str(),
importedKeyPass,
- &ppkey);
+ &ppKey);
assert_positive(ckmc_buffer_new,
- ppkey->raw_key,
- ppkey->key_size,
+ ppKey->raw_key,
+ ppKey->key_size,
&finalData);
assert_buffers_equal(plainData.get(), finalData);
ckmc_buffer_free(finalData);
- ckmc_key_free(ppkey);
- ckmc_remove_key(IMPORTED_ALIAS.c_str());
-}
-
-void testUnEXPORTABLEImported(const Algo &algo,
- int buffLen,
- const Alias &wrappingKeyAlias,
- const char* wrappingKeyPass,
- const ckmc_policy_s &importedKeyPolicy,
- const char* importedKeyPass){
- ckmc_key_s *ppkey = nullptr;
- ParamListPtr params = getDefaultParams(algo);
-
- RawBufferPtr plainData = encryptAndImport(params,
- buffLen,
- wrappingKeyAlias,
- wrappingKeyPass,
- IMPORTED_ALIAS.c_str(),
- importedKeyPolicy);
-
- assert_result(CKMC_ERROR_NOT_EXPORTABLE,
- ckmc_get_key,
- IMPORTED_ALIAS.c_str(),
- importedKeyPass,
- &ppkey);
- ckmc_key_free(ppkey);
+ ckmc_key_free(ppKey);
ckmc_remove_key(IMPORTED_ALIAS.c_str());
}
ckmc_key_free(aesKey);
}
+void testDiffKeysAndAlgorithms(const Algo &unwrapAlgo,
+ const Alias &unwrappingKeyAlias,
+ const char* unwrappingKeyPass,
+ const Algo &wrapAlgo,
+ const Alias &wrappingKeyAlias,
+ const char* wrappingKeyPass){
+ const int buffLen = 32;
+ ckmc_key_s *ppKey = nullptr;
+ ckmc_raw_buffer_s* finalData = nullptr;
+ ckmc_raw_buffer_s* decrypted = nullptr;
+
+ ParamListPtr wrapParams = getDefaultParams(wrapAlgo);
+ ParamListPtr unwrapParams = getDefaultParams(unwrapAlgo);
+
+ RawBufferPtr plainData = encryptAndImport(unwrapParams,
+ buffLen,
+ unwrappingKeyAlias.c_str(),
+ unwrappingKeyPass,
+ IMPORTED_ALIAS,
+ EXPORTABLE);
+
+ assert_positive(ckmc_export_wrapped_key,
+ wrapParams.get(),
+ wrappingKeyAlias.c_str(),
+ wrappingKeyPass,
+ IMPORTED_ALIAS.c_str(),
+ nullptr,
+ &ppKey);
+
+ assert_positive(ckmc_buffer_new,
+ ppKey->raw_key,
+ ppKey->key_size,
+ &finalData);
+
+ assert_positive(ckmc_decrypt_data,
+ wrapParams.get(),
+ wrappingKeyAlias.c_str(),
+ wrappingKeyPass,
+ *finalData,
+ &decrypted);
+
+ assert_buffers_equal(plainData.get(), decrypted);
+
+ ckmc_buffer_free(finalData);
+ ckmc_buffer_free(decrypted);
+ ckmc_key_free(ppKey);
+ ckmc_remove_key(IMPORTED_ALIAS.c_str());
+}
+
+template <typename T>
+void testImportExportCustomParameters(const Algo &algo,
+ const Alias &wrappingKeyAlias,
+ const char* wrappingKeyPass,
+ ckmc_raw_buffer_s* initVec,
+ ckmc_param_name_e name,
+ const T& parameter){
+ ckmc_key_s *ppKey = nullptr;
+ ckmc_raw_buffer_s* finalData = nullptr;
+ ckmc_raw_buffer_s* decrypted = nullptr;
+
+ ckmc_param_list_h handle = nullptr;
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
+ ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
+ setParam(params, CKMC_PARAM_ED_IV, initVec);
+ setParam(params, name, parameter);
+
+ RawBufferPtr plainData = encryptAndImport(params,
+ 32,
+ wrappingKeyAlias.c_str(),
+ wrappingKeyPass,
+ IMPORTED_ALIAS,
+ EXPORTABLE);
+
+ assert_positive(ckmc_export_wrapped_key,
+ params.get(),
+ wrappingKeyAlias.c_str(),
+ wrappingKeyPass,
+ IMPORTED_ALIAS.c_str(),
+ nullptr,
+ &ppKey);
+
+ assert_positive(ckmc_buffer_new,
+ ppKey->raw_key,
+ ppKey->key_size,
+ &finalData);
+
+ assert_positive(ckmc_decrypt_data,
+ params.get(),
+ wrappingKeyAlias.c_str(),
+ wrappingKeyPass,
+ *finalData,
+ &decrypted);
+
+ assert_buffers_equal(plainData.get(), decrypted);
+
+ ckmc_buffer_free(finalData);
+ ckmc_buffer_free(decrypted);
+ ckmc_key_free(ppKey);
+ ckmc_remove_key(IMPORTED_ALIAS.c_str());
+}
+
void testImportExportValidArgs(const Algo &algo,
int buffLen,
const Alias &wrappingKeyAlias,
const char* wrappingKeyPass,
const ckmc_policy_s &importedKeyPolicy,
const char* importedKeyPass){
- ckmc_key_s *ppkey = nullptr;
+ ckmc_key_s *ppKey = nullptr;
ckmc_raw_buffer_s* finalData = nullptr;
ckmc_raw_buffer_s* decrypted = nullptr;
wrappingKeyPass,
IMPORTED_ALIAS.c_str(),
importedKeyPass,
- &ppkey);
+ &ppKey);
assert_positive(ckmc_buffer_new,
- ppkey->raw_key,
- ppkey->key_size,
+ ppKey->raw_key,
+ ppKey->key_size,
&finalData);
assert_positive(ckmc_decrypt_data,
ckmc_buffer_free(finalData);
ckmc_buffer_free(decrypted);
- ckmc_key_free(ppkey);
+ ckmc_key_free(ppKey);
ckmc_remove_key(IMPORTED_ALIAS.c_str());
}
setParam(invalidParams, CKMC_PARAM_ED_IV, initVec);
testInvalidAlgoParameters(invalidParams, AES_CTR_ALGO);
-
ckmc_buffer_free(initVec);
invalidParams.reset();
+
assert_positive(ckmc_generate_new_params, AES_GCM_ALGO.type, &handle);
invalidParams = ParamListPtr(handle, ckmc_param_list_free);
initVec = createRandomBufferCAPI(16);
setParam(invalidParams, CKMC_PARAM_ED_TAG_LEN, 130);
testInvalidAlgoParameters(invalidParams, AES_GCM_ALGO);
+ invalidParams.reset();
+ assert_positive(ckmc_generate_new_params, AES_GCM_ALGO.type, &handle);
+ invalidParams = ParamListPtr(handle, ckmc_param_list_free);
+ setParam(invalidParams, CKMC_PARAM_ED_IV, initVec);
+ setParam(invalidParams, CKMC_PARAM_ED_AAD, IV11);
+
+ testInvalidAlgoParameters(invalidParams, AES_GCM_ALGO);
ckmc_buffer_free(initVec);
}
testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD);
}
-RUNNER_TEST(TKW_DIF_POLICIES_UNEXPORTABLE_IMPORTED){
- testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, UNEXPORTABLE, nullptr);
- testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE, nullptr);
- testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, UNEXPORTABLE, nullptr);
- testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE, nullptr);
+RUNNER_TEST(TKW_UNEXPORTABLE_IMPORTED){
+ ckmc_key_s *ppKey = nullptr;
+ ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
+
+ RawBufferPtr plainData = encryptAndImport(params,
+ 32,
+ AES_KEY_128_ALIAS,
+ nullptr,
+ IMPORTED_ALIAS.c_str(),
+ UNEXPORTABLE);
+
+ assert_result(CKMC_ERROR_NOT_EXPORTABLE,
+ ckmc_get_key,
+ IMPORTED_ALIAS.c_str(),
+ nullptr,
+ &ppKey);
+ ckmc_key_free(ppKey);
+ ckmc_remove_key(IMPORTED_ALIAS.c_str());
+}
+
+RUNNER_TEST(TKW_EXPORT_WRONG_TYPE_WRAPPING_KEY){
+ ckmc_key_s *ppKey = nullptr;
+ ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
+
+ RawBufferPtr plainData = encryptAndImport(params,
+ 32,
+ AES_KEY_128_ALIAS,
+ nullptr,
+ IMPORTED_ALIAS.c_str(),
+ EXPORTABLE);
+
+ assert_invalid_param(ckmc_export_wrapped_key,
+ params.get(),
+ RSA_KEY_2048_PUB_ALIAS.c_str(),
+ nullptr,
+ IMPORTED_ALIAS.c_str(),
+ nullptr,
+ &ppKey);
+
+ assert_positive(ckmc_create_key_pair_ecdsa,
+ CKMC_EC_PRIME256V1,
+ "ECDSA-prv",
+ "ECDSA-pub",
+ EXPORTABLE,
+ EXPORTABLE);
+
+ assert_invalid_param(ckmc_export_wrapped_key,
+ params.get(),
+ "ECDSA-prv",
+ nullptr,
+ IMPORTED_ALIAS.c_str(),
+ nullptr,
+ &ppKey);
+
+ assert_invalid_param(ckmc_export_wrapped_key,
+ params.get(),
+ "ECDSA-pub",
+ nullptr,
+ IMPORTED_ALIAS.c_str(),
+ nullptr,
+ &ppKey);
- testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD);
- testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE_PASS, KEY_PASSWORD);
- testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD);
- testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE_PASS, KEY_PASSWORD);
+ ckmc_key_free(ppKey);
+ ckmc_remove_key("ECDSA-prv");
+ ckmc_remove_key("ECDSA-pub");
+ ckmc_remove_key(IMPORTED_ALIAS.c_str());
}
RUNNER_TEST(TKW_EXPORT_IMPORTED_KEY){
- ckmc_key_s *ppkey = nullptr;
+ ckmc_key_s *ppKey = nullptr;
ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
assert_positive(ckmc_export_wrapped_key,
- params.get(),
- AES_KEY_128_ALIAS.c_str(),
- nullptr,
- IMP_AES_CTR.c_str(),
- nullptr,
- &ppkey);
+ params.get(),
+ AES_KEY_128_ALIAS.c_str(),
+ nullptr,
+ IMP_AES_CTR.c_str(),
+ nullptr,
+ &ppKey);
- ckmc_key_free(ppkey);
+ ckmc_key_free(ppKey);
}
RUNNER_TEST(TKW_NO_ADDED_ALGO_EXPORT){
- ckmc_key_s *ppkey = nullptr;
+ ckmc_key_s *ppKey = nullptr;
ckmc_param_list_h handle = nullptr;
assert_invalid_param(ckmc_export_wrapped_key,
nullptr,
IMP_AES_CTR.c_str(),
nullptr,
- &ppkey);
+ &ppKey);
- ckmc_key_free(ppkey);
+ ckmc_key_free(ppKey);
}
RUNNER_TEST(TKW_EXPORT_UNKNOWN_WRAPPING_KEY_ALIAS){
- ckmc_key_s *ppkey = nullptr;
+ ckmc_key_s *ppKey = nullptr;
ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
nullptr,
IMP_AES_CTR.c_str(),
nullptr,
- &ppkey);
+ &ppKey);
- ckmc_key_free(ppkey);
+ ckmc_key_free(ppKey);
}
RUNNER_TEST(TKW_EXPORT_UNKNOWN_IMPORTED_KEY_ALIAS){
- ckmc_key_s *ppkey = nullptr;
+ ckmc_key_s *ppKey = nullptr;
ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
Alias alias = "non_existing_alias";
nullptr,
alias.c_str(),
nullptr,
- &ppkey);
+ &ppKey);
- ckmc_key_free(ppkey);
+ ckmc_key_free(ppKey);
}
RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){
- ckmc_key_s *ppkey = nullptr;
+ ckmc_key_s *ppKey = nullptr;
ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
nullptr,
IMP_AES_CTR.c_str(),
nullptr,
- &ppkey);
+ &ppKey);
assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
ckmc_export_wrapped_key,
"wrong_password",
IMP_AES_CTR.c_str(),
nullptr,
- &ppkey);
+ &ppKey);
assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
ckmc_export_wrapped_key,
nullptr,
IMP_AES_CTR_PASS.c_str(),
nullptr,
- &ppkey);
+ &ppKey);
assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
ckmc_export_wrapped_key,
nullptr,
IMP_AES_CTR_PASS.c_str(),
"wrong_password",
- &ppkey);
+ &ppKey);
- ckmc_key_free(ppkey);
+ ckmc_key_free(ppKey);
}
RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){
- ckmc_key_s *ppkey = nullptr;
+ ckmc_key_s *ppKey = nullptr;
ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
assert_invalid_param(ckmc_export_wrapped_key,
nullptr,
IMP_AES_CTR.c_str(),
nullptr,
- &ppkey);
+ &ppKey);
assert_invalid_param(ckmc_export_wrapped_key,
params.get(),
nullptr,
IMP_AES_CTR.c_str(),
nullptr,
- &ppkey);
+ &ppKey);
assert_invalid_param(ckmc_export_wrapped_key,
params.get(),
nullptr,
nullptr,
nullptr,
- &ppkey);
+ &ppKey);
assert_invalid_param(ckmc_export_wrapped_key,
params.get(),
nullptr,
nullptr);
- ckmc_key_free(ppkey);
+ ckmc_key_free(ppKey);
+}
+
+RUNNER_TEST(TKW_EXPORT_UNEXPORTABLE_WRAPPED_FORM){
+ ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
+ ckmc_key_s *ppKey = nullptr;
+
+ assert_positive(ckmc_create_key_aes, 128, "UNEXPORTABLE_AES", UNEXPORTABLE);
+
+ assert_positive(ckmc_export_wrapped_key,
+ params.get(),
+ AES_KEY_128_ALIAS.c_str(),
+ nullptr,
+ "UNEXPORTABLE_AES",
+ nullptr,
+ &ppKey);
+ ckmc_key_free(ppKey);
+ ckmc_remove_alias("UNEXPORTABLE_AES");
+}
+
+RUNNER_TEST(TKW_IMPORT_EXPORT_WITH_DIF_KEYS_AND_ALGORITHMS){
+ testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, AES_CTR_ALGO, AES_KEY_128_ALIAS, nullptr);
+ testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr);
+ testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, RSA_OAEP_ALGO, RSA_KEY_1024_PRV_ALIAS, nullptr);
+}
+
+RUNNER_TEST(TKW_AES_GCM_WITH_ADD_IV_PARAM){
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64);
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64);
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64);
+
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32);
+
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV128, CKMC_PARAM_ED_AAD, AAD64);
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV12, CKMC_PARAM_ED_AAD, AAD64);
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV15, CKMC_PARAM_ED_AAD, AAD64);
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV17, CKMC_PARAM_ED_AAD, AAD64);
+}
+
+RUNNER_TEST(TKW_AES_GCM_WITH_TAG_LEN){
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 96);
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 104 );
+ testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 128);
+}
+
+RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_LABEL){
+ RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
+ testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_1024_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64);
+ testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_2048_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64);
+ testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_4096_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64);
+}
+
+RUNNER_TEST(TKW_RSA_WRAPPED_KEY){
+ ckmc_raw_buffer_s *encrypted = nullptr;
+ ckmc_raw_buffer_s *rsaKeyData = nullptr;
+ ckmc_raw_buffer_s *decrypted = nullptr;
+ ckmc_raw_buffer_s *finalData = nullptr;
+
+ ckmc_key_s *ppKey = nullptr;
+ ckmc_key_s *rsaKey = nullptr;
+ ckmc_key_s *wrappedRsaKey = nullptr;
+
+ ParamListPtr params = getDefaultParams(AES_CTR_ALGO);
+
+ assert_positive(ckmc_create_key_pair_rsa, 1024, "RPV", "RPB", EXPORTABLE, EXPORTABLE);
+ assert_positive(ckmc_get_key, "RPV", nullptr, &rsaKey);
+ assert_positive(ckmc_buffer_new, rsaKey->raw_key, rsaKey->key_size, &rsaKeyData);
+
+ assert_positive(ckmc_encrypt_data,
+ params.get(),
+ AES_KEY_256_ALIAS.c_str(),
+ nullptr,
+ *rsaKeyData,
+ &encrypted);
+
+ assert_positive(ckmc_key_new,
+ encrypted->data,
+ encrypted->size,
+ CKMC_KEY_RSA_PRIVATE,
+ nullptr,
+ &wrappedRsaKey);
+
+ assert_positive(ckmc_import_wrapped_key,
+ params.get(),
+ AES_KEY_256_ALIAS.c_str(),
+ nullptr,
+ IMPORTED_ALIAS.c_str(),
+ wrappedRsaKey,
+ EXPORTABLE);
+
+ assert_positive(ckmc_export_wrapped_key,
+ params.get(),
+ AES_KEY_256_ALIAS.c_str(),
+ nullptr,
+ IMPORTED_ALIAS.c_str(),
+ nullptr,
+ &ppKey);
+
+ assert_positive(ckmc_buffer_new,
+ ppKey->raw_key,
+ ppKey->key_size,
+ &finalData);
+
+ assert_positive(ckmc_decrypt_data,
+ params.get(),
+ AES_KEY_256_ALIAS.c_str(),
+ nullptr,
+ *finalData,
+ &decrypted);
+
+ assert_buffers_equal(rsaKeyData, decrypted);
+
+ ckmc_buffer_free(rsaKeyData);
+ ckmc_buffer_free(finalData);
+ ckmc_buffer_free(decrypted);
+ ckmc_buffer_free(encrypted);
+ ckmc_key_free(wrappedRsaKey);
+ ckmc_key_free(rsaKey);
+ ckmc_key_free(ppKey);
+ ckmc_remove_key(IMPORTED_ALIAS.c_str());
+ ckmc_remove_key("RPB");
+ ckmc_remove_key("RPV");
}
RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CTR){
projects / platform / core / test / security-tests.git / commitdiff