From: Bartlomiej Grzelewski <b.grzelewski@samsung.com>
Date: Wed, 10 Oct 2018 13:02:46 +0000 (+0200)
Subject: Encrypted initial values test
X-Git-Tag: security-manager_5.5_testing~7^2~5
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Ftest%2Fsecurity-tests.git;a=commitdiff_plain;h=8f865bcc1e73919cd8e9e43abfacaab696317811

Encrypted initial values test

To use this test you must:
 * turn on tz_backend_enabled value in key-manager spec file
 * turn on attach_test_key value in key-manager-ta spec file
 * restart central-key-manager after security-tests installation

Change-Id: I2238bbc886fa33d6cad2f155f122a30cf35404b5
---

diff --git a/packaging/security-tests.spec b/packaging/security-tests.spec
index 66680e6..66e47ac 100644
--- a/packaging/security-tests.spec
+++ b/packaging/security-tests.spec
@@ -114,6 +114,7 @@ echo "security-tests postinst done ..."
 %{_prefix}/share/yaca-test
 %dir %{_prefix}/share/security-tests-cleanup-test
 %{_prefix}/share/security-tests-cleanup-test/*
+/opt/data/ckm/initial_values/test.xml
 
 %postun
 id -u security_test_user 1>/dev/null 2>&1 && gum-utils -o -d --uid=`id -u security_test_user`
diff --git a/src/ckm/CMakeLists.txt b/src/ckm/CMakeLists.txt
index fea09d3..024e0e5 100644
--- a/src/ckm/CMakeLists.txt
+++ b/src/ckm/CMakeLists.txt
@@ -63,6 +63,7 @@ ADD_EXECUTABLE(${TARGET_C_COMPILATION_TEST} ${C_COMPILATION_SOURCES})
 TARGET_LINK_LIBRARIES(${TARGET_C_COMPILATION_TEST} ${CKM_C_COMPILATION_DEP_LIBRARIES})
 
 INSTALL(DIRECTORY resource/ DESTINATION ${CKM_TEST_DIR})
+INSTALL(FILES resource/test.xml DESTINATION /opt/data/ckm/initial_values)
 
 ADD_SUBDIRECTORY(privileged)
 ADD_SUBDIRECTORY(unprivileged)
diff --git a/src/ckm/privileged/initial-values.cpp b/src/ckm/privileged/initial-values.cpp
index 34638fc..168d5ca 100644
--- a/src/ckm/privileged/initial-values.cpp
+++ b/src/ckm/privileged/initial-values.cpp
@@ -23,6 +23,7 @@
 #include <ckm-common.h>
 #include <ckm-privileged-common.h>
 #include <ckm/ckm-control.h>
+#include <ckm/ckm-manager.h>
 #include <ckmc/ckmc-manager.h>
 #include <access_provider2.h>
 #include <fstream>
@@ -107,6 +108,25 @@ void test_exists(const std::string& name, bool expected) {
 
 }
 
+int hexToBin(char h) {
+    if (h >= '0' && h <= '9')
+        return h - '0';
+    if (h >= 'a' && h <= 'f')
+        return h - 'a' + 10;
+    if (h >= 'A' && h <= 'F')
+        return h - 'A' + 10;
+    RUNNER_ASSERT_MSG(false, "Input out of scope");
+}
+
+CKM::RawBuffer hexToBin(std::string &hex) {
+    CKM::RawBuffer output;
+    output.resize(hex.size()/2);
+    for (size_t i=0; i<output.size(); ++i) {
+        output[i] = hexToBin(hex[i*2])*16 +
+                    hexToBin(hex[i*2 + 1]);
+    }
+    return output;
+}
 
 RUNNER_TEST_GROUP_INIT(T60_INITIAL_VALUES);
 
@@ -342,3 +362,25 @@ RUNNER_TEST(T6999_deinit)
 {
     remove_user_data(0);
 }
+
+RUNNER_TEST(T7000_Encrypted_initial_values)
+{
+    int temp;
+    std::string message  = "16c9efbc342777c0e36d59019582d59be8385bdea5497cf092f99ce5430498e9";
+    std::string iv       = "6162636465666768696a6b6c6d6e6f70";
+
+    std::string expected = "ShortTestMessage";
+
+    CKM::CryptoAlgorithm algo;
+    CKM::RawBuffer messageBin = hexToBin(message);
+    CKM::RawBuffer ivBin = hexToBin(iv);
+    CKM::RawBuffer decrypted;
+
+    algo.setParam(CKM::ParamName::ALGO_TYPE, CKM::AlgoType::AES_CBC);
+    algo.setParam(CKM::ParamName::ED_IV, ivBin);
+
+    auto mgr = CKM::Manager::create();
+    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == (temp = mgr->decrypt(algo, "/System TEI_0", CKM::Password(), messageBin, decrypted)), "Failed to decrypt " << CKMErrorToString(temp));
+    RUNNER_ASSERT_MSG(std::string(decrypted.begin(), decrypted.end()) == expected, "Data does not match");
+}
+
diff --git a/src/ckm/resource/test.xml b/src/ckm/resource/test.xml
new file mode 100644
index 0000000..9e3f372
--- /dev/null
+++ b/src/ckm/resource/test.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<InitialValues version="2">
+  <Key name="TEI_0" type="AES" backend="hardware">
+    <EncryptedDER IV="lkg/sHBpeffisZYTPl5lSw==" tag="MhNOhfE5bkJgMd6HHINkDg==">gxBVNTTk1tGUgnqw9PKO/w==</EncryptedDER>
+  </Key>
+</InitialValues>