From 3bd20a136dc5d763ec18823597c78fb54eae0b65 Mon Sep 17 00:00:00 2001 From: Daniel Kita Date: Fri, 14 Apr 2023 10:47:59 +0200 Subject: [PATCH] CKM: Add extra key-wrapping tests Change-Id: Ibe366afd9a5f1b007e2a1e5bad9fddb4eff32397 --- src/ckm/unprivileged/key-wrapping.cpp | 439 ++++++++++++++++++++++++++++------ 1 file changed, 362 insertions(+), 77 deletions(-) diff --git a/src/ckm/unprivileged/key-wrapping.cpp b/src/ckm/unprivileged/key-wrapping.cpp index cfb88a0..dd0f5cd 100644 --- a/src/ckm/unprivileged/key-wrapping.cpp +++ b/src/ckm/unprivileged/key-wrapping.cpp @@ -26,6 +26,13 @@ namespace { const uid_t UID = 5001; ckmc_raw_buffer_s* DEFAULT_IV = nullptr; +ckmc_raw_buffer_s* AAD64 = nullptr; +ckmc_raw_buffer_s* IV11 = nullptr; +ckmc_raw_buffer_s* IV12 = nullptr; +ckmc_raw_buffer_s* IV15 = nullptr; +ckmc_raw_buffer_s* IV17 = nullptr; +ckmc_raw_buffer_s* IV128 = nullptr; +ckmc_raw_buffer_s* AAD32 = nullptr; const Alias AES_KEY_128_ALIAS = "AES-gen-test-128"; const Alias AES_KEY_192_ALIAS = "AES-gen-test-192"; @@ -54,6 +61,7 @@ struct Algo { ckmc_algo_type_e type; size_t initVector; }; + const Algo AES_CTR_ALGO = {CKMC_ALGO_AES_CTR, 16}; const Algo AES_CBC_ALGO = {CKMC_ALGO_AES_CBC, 16}; const Algo AES_GCM_ALGO = {CKMC_ALGO_AES_GCM, 16}; @@ -75,6 +83,14 @@ public: if (ret != CKMC_ERROR_NONE) RUNNER_ERROR_MSG("DB unlock failed: " <raw_key, ppkey->key_size, &finalData); + assert_positive(ckmc_get_key, IMPORTED_ALIAS.c_str(), nullptr, &ppKey); + assert_positive(ckmc_buffer_new, ppKey->raw_key, ppKey->key_size, &finalData); assert_buffers_equal(plainData.get(), finalData); ckmc_buffer_free(finalData); - ckmc_key_free(ppkey); + ckmc_key_free(ppKey); ckmc_remove_key(IMPORTED_ALIAS.c_str()); } @@ -292,7 +315,7 @@ void testExportableImported(const Algo &algo, const char* wrappingKeyPass, const ckmc_policy_s &importedKeyPolicy, const char* importedKeyPass){ - ckmc_key_s *ppkey = nullptr; + ckmc_key_s *ppKey = nullptr; ckmc_raw_buffer_s* finalData = nullptr; ParamListPtr params = getDefaultParams(algo); @@ -307,42 +330,17 @@ void testExportableImported(const Algo &algo, assert_positive(ckmc_get_key, IMPORTED_ALIAS.c_str(), importedKeyPass, - &ppkey); + &ppKey); assert_positive(ckmc_buffer_new, - ppkey->raw_key, - ppkey->key_size, + ppKey->raw_key, + ppKey->key_size, &finalData); assert_buffers_equal(plainData.get(), finalData); ckmc_buffer_free(finalData); - ckmc_key_free(ppkey); - ckmc_remove_key(IMPORTED_ALIAS.c_str()); -} - -void testUnEXPORTABLEImported(const Algo &algo, - int buffLen, - const Alias &wrappingKeyAlias, - const char* wrappingKeyPass, - const ckmc_policy_s &importedKeyPolicy, - const char* importedKeyPass){ - ckmc_key_s *ppkey = nullptr; - ParamListPtr params = getDefaultParams(algo); - - RawBufferPtr plainData = encryptAndImport(params, - buffLen, - wrappingKeyAlias, - wrappingKeyPass, - IMPORTED_ALIAS.c_str(), - importedKeyPolicy); - - assert_result(CKMC_ERROR_NOT_EXPORTABLE, - ckmc_get_key, - IMPORTED_ALIAS.c_str(), - importedKeyPass, - &ppkey); - ckmc_key_free(ppkey); + ckmc_key_free(ppKey); ckmc_remove_key(IMPORTED_ALIAS.c_str()); } @@ -385,13 +383,114 @@ void importKey(const Algo &algo, ckmc_key_free(aesKey); } +void testDiffKeysAndAlgorithms(const Algo &unwrapAlgo, + const Alias &unwrappingKeyAlias, + const char* unwrappingKeyPass, + const Algo &wrapAlgo, + const Alias &wrappingKeyAlias, + const char* wrappingKeyPass){ + const int buffLen = 32; + ckmc_key_s *ppKey = nullptr; + ckmc_raw_buffer_s* finalData = nullptr; + ckmc_raw_buffer_s* decrypted = nullptr; + + ParamListPtr wrapParams = getDefaultParams(wrapAlgo); + ParamListPtr unwrapParams = getDefaultParams(unwrapAlgo); + + RawBufferPtr plainData = encryptAndImport(unwrapParams, + buffLen, + unwrappingKeyAlias.c_str(), + unwrappingKeyPass, + IMPORTED_ALIAS, + EXPORTABLE); + + assert_positive(ckmc_export_wrapped_key, + wrapParams.get(), + wrappingKeyAlias.c_str(), + wrappingKeyPass, + IMPORTED_ALIAS.c_str(), + nullptr, + &ppKey); + + assert_positive(ckmc_buffer_new, + ppKey->raw_key, + ppKey->key_size, + &finalData); + + assert_positive(ckmc_decrypt_data, + wrapParams.get(), + wrappingKeyAlias.c_str(), + wrappingKeyPass, + *finalData, + &decrypted); + + assert_buffers_equal(plainData.get(), decrypted); + + ckmc_buffer_free(finalData); + ckmc_buffer_free(decrypted); + ckmc_key_free(ppKey); + ckmc_remove_key(IMPORTED_ALIAS.c_str()); +} + +template +void testImportExportCustomParameters(const Algo &algo, + const Alias &wrappingKeyAlias, + const char* wrappingKeyPass, + ckmc_raw_buffer_s* initVec, + ckmc_param_name_e name, + const T& parameter){ + ckmc_key_s *ppKey = nullptr; + ckmc_raw_buffer_s* finalData = nullptr; + ckmc_raw_buffer_s* decrypted = nullptr; + + ckmc_param_list_h handle = nullptr; + assert_positive(ckmc_generate_new_params, algo.type, &handle); + ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); + setParam(params, CKMC_PARAM_ED_IV, initVec); + setParam(params, name, parameter); + + RawBufferPtr plainData = encryptAndImport(params, + 32, + wrappingKeyAlias.c_str(), + wrappingKeyPass, + IMPORTED_ALIAS, + EXPORTABLE); + + assert_positive(ckmc_export_wrapped_key, + params.get(), + wrappingKeyAlias.c_str(), + wrappingKeyPass, + IMPORTED_ALIAS.c_str(), + nullptr, + &ppKey); + + assert_positive(ckmc_buffer_new, + ppKey->raw_key, + ppKey->key_size, + &finalData); + + assert_positive(ckmc_decrypt_data, + params.get(), + wrappingKeyAlias.c_str(), + wrappingKeyPass, + *finalData, + &decrypted); + + assert_buffers_equal(plainData.get(), decrypted); + + ckmc_buffer_free(finalData); + ckmc_buffer_free(decrypted); + ckmc_key_free(ppKey); + ckmc_remove_key(IMPORTED_ALIAS.c_str()); +} + void testImportExportValidArgs(const Algo &algo, int buffLen, const Alias &wrappingKeyAlias, const char* wrappingKeyPass, const ckmc_policy_s &importedKeyPolicy, const char* importedKeyPass){ - ckmc_key_s *ppkey = nullptr; + ckmc_key_s *ppKey = nullptr; ckmc_raw_buffer_s* finalData = nullptr; ckmc_raw_buffer_s* decrypted = nullptr; @@ -410,11 +509,11 @@ void testImportExportValidArgs(const Algo &algo, wrappingKeyPass, IMPORTED_ALIAS.c_str(), importedKeyPass, - &ppkey); + &ppKey); assert_positive(ckmc_buffer_new, - ppkey->raw_key, - ppkey->key_size, + ppKey->raw_key, + ppKey->key_size, &finalData); assert_positive(ckmc_decrypt_data, @@ -428,7 +527,7 @@ void testImportExportValidArgs(const Algo &algo, ckmc_buffer_free(finalData); ckmc_buffer_free(decrypted); - ckmc_key_free(ppkey); + ckmc_key_free(ppKey); ckmc_remove_key(IMPORTED_ALIAS.c_str()); } @@ -479,9 +578,9 @@ RUNNER_TEST(TKW_WRONG_ALGO_PARAMS){ setParam(invalidParams, CKMC_PARAM_ED_IV, initVec); testInvalidAlgoParameters(invalidParams, AES_CTR_ALGO); - ckmc_buffer_free(initVec); invalidParams.reset(); + assert_positive(ckmc_generate_new_params, AES_GCM_ALGO.type, &handle); invalidParams = ParamListPtr(handle, ckmc_param_list_free); initVec = createRandomBufferCAPI(16); @@ -489,7 +588,14 @@ RUNNER_TEST(TKW_WRONG_ALGO_PARAMS){ setParam(invalidParams, CKMC_PARAM_ED_TAG_LEN, 130); testInvalidAlgoParameters(invalidParams, AES_GCM_ALGO); + invalidParams.reset(); + assert_positive(ckmc_generate_new_params, AES_GCM_ALGO.type, &handle); + invalidParams = ParamListPtr(handle, ckmc_param_list_free); + setParam(invalidParams, CKMC_PARAM_ED_IV, initVec); + setParam(invalidParams, CKMC_PARAM_ED_AAD, IV11); + + testInvalidAlgoParameters(invalidParams, AES_GCM_ALGO); ckmc_buffer_free(initVec); } @@ -830,35 +936,91 @@ RUNNER_TEST(TKW_DIF_POLICIES_EXPORTABLE_IMPORTED){ testExportableImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, EXPORTABLE_PASS, KEY_PASSWORD); } -RUNNER_TEST(TKW_DIF_POLICIES_UNEXPORTABLE_IMPORTED){ - testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, UNEXPORTABLE, nullptr); - testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE, nullptr); - testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, UNEXPORTABLE, nullptr); - testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE, nullptr); +RUNNER_TEST(TKW_UNEXPORTABLE_IMPORTED){ + ckmc_key_s *ppKey = nullptr; + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + + RawBufferPtr plainData = encryptAndImport(params, + 32, + AES_KEY_128_ALIAS, + nullptr, + IMPORTED_ALIAS.c_str(), + UNEXPORTABLE); + + assert_result(CKMC_ERROR_NOT_EXPORTABLE, + ckmc_get_key, + IMPORTED_ALIAS.c_str(), + nullptr, + &ppKey); + ckmc_key_free(ppKey); + ckmc_remove_key(IMPORTED_ALIAS.c_str()); +} + +RUNNER_TEST(TKW_EXPORT_WRONG_TYPE_WRAPPING_KEY){ + ckmc_key_s *ppKey = nullptr; + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + + RawBufferPtr plainData = encryptAndImport(params, + 32, + AES_KEY_128_ALIAS, + nullptr, + IMPORTED_ALIAS.c_str(), + EXPORTABLE); + + assert_invalid_param(ckmc_export_wrapped_key, + params.get(), + RSA_KEY_2048_PUB_ALIAS.c_str(), + nullptr, + IMPORTED_ALIAS.c_str(), + nullptr, + &ppKey); + + assert_positive(ckmc_create_key_pair_ecdsa, + CKMC_EC_PRIME256V1, + "ECDSA-prv", + "ECDSA-pub", + EXPORTABLE, + EXPORTABLE); + + assert_invalid_param(ckmc_export_wrapped_key, + params.get(), + "ECDSA-prv", + nullptr, + IMPORTED_ALIAS.c_str(), + nullptr, + &ppKey); + + assert_invalid_param(ckmc_export_wrapped_key, + params.get(), + "ECDSA-pub", + nullptr, + IMPORTED_ALIAS.c_str(), + nullptr, + &ppKey); - testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); - testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_128_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE_PASS, KEY_PASSWORD); - testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_ALIAS, nullptr, UNEXPORTABLE_PASS, KEY_PASSWORD); - testUnEXPORTABLEImported(AES_CTR_ALGO, 16, AES_KEY_UNEXP_PASS_ALIAS, KEY_PASSWORD, UNEXPORTABLE_PASS, KEY_PASSWORD); + ckmc_key_free(ppKey); + ckmc_remove_key("ECDSA-prv"); + ckmc_remove_key("ECDSA-pub"); + ckmc_remove_key(IMPORTED_ALIAS.c_str()); } RUNNER_TEST(TKW_EXPORT_IMPORTED_KEY){ - ckmc_key_s *ppkey = nullptr; + ckmc_key_s *ppKey = nullptr; ParamListPtr params = getDefaultParams(AES_CTR_ALGO); assert_positive(ckmc_export_wrapped_key, - params.get(), - AES_KEY_128_ALIAS.c_str(), - nullptr, - IMP_AES_CTR.c_str(), - nullptr, - &ppkey); + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + IMP_AES_CTR.c_str(), + nullptr, + &ppKey); - ckmc_key_free(ppkey); + ckmc_key_free(ppKey); } RUNNER_TEST(TKW_NO_ADDED_ALGO_EXPORT){ - ckmc_key_s *ppkey = nullptr; + ckmc_key_s *ppKey = nullptr; ckmc_param_list_h handle = nullptr; assert_invalid_param(ckmc_export_wrapped_key, @@ -867,13 +1029,13 @@ RUNNER_TEST(TKW_NO_ADDED_ALGO_EXPORT){ nullptr, IMP_AES_CTR.c_str(), nullptr, - &ppkey); + &ppKey); - ckmc_key_free(ppkey); + ckmc_key_free(ppKey); } RUNNER_TEST(TKW_EXPORT_UNKNOWN_WRAPPING_KEY_ALIAS){ - ckmc_key_s *ppkey = nullptr; + ckmc_key_s *ppKey = nullptr; ParamListPtr params = getDefaultParams(AES_CTR_ALGO); assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN, @@ -883,13 +1045,13 @@ RUNNER_TEST(TKW_EXPORT_UNKNOWN_WRAPPING_KEY_ALIAS){ nullptr, IMP_AES_CTR.c_str(), nullptr, - &ppkey); + &ppKey); - ckmc_key_free(ppkey); + ckmc_key_free(ppKey); } RUNNER_TEST(TKW_EXPORT_UNKNOWN_IMPORTED_KEY_ALIAS){ - ckmc_key_s *ppkey = nullptr; + ckmc_key_s *ppKey = nullptr; ParamListPtr params = getDefaultParams(AES_CTR_ALGO); Alias alias = "non_existing_alias"; @@ -900,13 +1062,13 @@ RUNNER_TEST(TKW_EXPORT_UNKNOWN_IMPORTED_KEY_ALIAS){ nullptr, alias.c_str(), nullptr, - &ppkey); + &ppKey); - ckmc_key_free(ppkey); + ckmc_key_free(ppKey); } RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){ - ckmc_key_s *ppkey = nullptr; + ckmc_key_s *ppKey = nullptr; ParamListPtr params = getDefaultParams(AES_CTR_ALGO); assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, @@ -916,7 +1078,7 @@ RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){ nullptr, IMP_AES_CTR.c_str(), nullptr, - &ppkey); + &ppKey); assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_export_wrapped_key, @@ -925,7 +1087,7 @@ RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){ "wrong_password", IMP_AES_CTR.c_str(), nullptr, - &ppkey); + &ppKey); assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_export_wrapped_key, @@ -934,7 +1096,7 @@ RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){ nullptr, IMP_AES_CTR_PASS.c_str(), nullptr, - &ppkey); + &ppKey); assert_result(CKMC_ERROR_AUTHENTICATION_FAILED, ckmc_export_wrapped_key, @@ -943,13 +1105,13 @@ RUNNER_TEST(TKW_EXPORT_AUTHENTICATION_FAILED){ nullptr, IMP_AES_CTR_PASS.c_str(), "wrong_password", - &ppkey); + &ppKey); - ckmc_key_free(ppkey); + ckmc_key_free(ppKey); } RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){ - ckmc_key_s *ppkey = nullptr; + ckmc_key_s *ppKey = nullptr; ParamListPtr params = getDefaultParams(AES_CTR_ALGO); assert_invalid_param(ckmc_export_wrapped_key, @@ -958,7 +1120,7 @@ RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){ nullptr, IMP_AES_CTR.c_str(), nullptr, - &ppkey); + &ppKey); assert_invalid_param(ckmc_export_wrapped_key, params.get(), @@ -966,7 +1128,7 @@ RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){ nullptr, IMP_AES_CTR.c_str(), nullptr, - &ppkey); + &ppKey); assert_invalid_param(ckmc_export_wrapped_key, params.get(), @@ -974,7 +1136,7 @@ RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){ nullptr, nullptr, nullptr, - &ppkey); + &ppKey); assert_invalid_param(ckmc_export_wrapped_key, params.get(), @@ -984,7 +1146,130 @@ RUNNER_TEST(TKW_EXPORT_NULL_PARAMETER){ nullptr, nullptr); - ckmc_key_free(ppkey); + ckmc_key_free(ppKey); +} + +RUNNER_TEST(TKW_EXPORT_UNEXPORTABLE_WRAPPED_FORM){ + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + ckmc_key_s *ppKey = nullptr; + + assert_positive(ckmc_create_key_aes, 128, "UNEXPORTABLE_AES", UNEXPORTABLE); + + assert_positive(ckmc_export_wrapped_key, + params.get(), + AES_KEY_128_ALIAS.c_str(), + nullptr, + "UNEXPORTABLE_AES", + nullptr, + &ppKey); + ckmc_key_free(ppKey); + ckmc_remove_alias("UNEXPORTABLE_AES"); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_WITH_DIF_KEYS_AND_ALGORITHMS){ + testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, AES_CTR_ALGO, AES_KEY_128_ALIAS, nullptr); + testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr); + testDiffKeysAndAlgorithms(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, RSA_OAEP_ALGO, RSA_KEY_1024_PRV_ALIAS, nullptr); +} + +RUNNER_TEST(TKW_AES_GCM_WITH_ADD_IV_PARAM){ + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64); + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64); + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD64); + + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32); + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32); + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_AAD, AAD32); + + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV128, CKMC_PARAM_ED_AAD, AAD64); + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV12, CKMC_PARAM_ED_AAD, AAD64); + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV15, CKMC_PARAM_ED_AAD, AAD64); + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, IV17, CKMC_PARAM_ED_AAD, AAD64); +} + +RUNNER_TEST(TKW_AES_GCM_WITH_TAG_LEN){ + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_128_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 96); + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_192_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 104 ); + testImportExportCustomParameters(AES_GCM_ALGO, AES_KEY_256_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_TAG_LEN, 128); +} + +RUNNER_TEST(TKW_IMPORT_EXPORT_RSA_LABEL){ + RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl"); + testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_1024_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64); + testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_2048_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64); + testImportExportCustomParameters(RSA_OAEP_ALGO, RSA_KEY_4096_PRV_ALIAS, nullptr, DEFAULT_IV, CKMC_PARAM_ED_LABEL, AAD64); +} + +RUNNER_TEST(TKW_RSA_WRAPPED_KEY){ + ckmc_raw_buffer_s *encrypted = nullptr; + ckmc_raw_buffer_s *rsaKeyData = nullptr; + ckmc_raw_buffer_s *decrypted = nullptr; + ckmc_raw_buffer_s *finalData = nullptr; + + ckmc_key_s *ppKey = nullptr; + ckmc_key_s *rsaKey = nullptr; + ckmc_key_s *wrappedRsaKey = nullptr; + + ParamListPtr params = getDefaultParams(AES_CTR_ALGO); + + assert_positive(ckmc_create_key_pair_rsa, 1024, "RPV", "RPB", EXPORTABLE, EXPORTABLE); + assert_positive(ckmc_get_key, "RPV", nullptr, &rsaKey); + assert_positive(ckmc_buffer_new, rsaKey->raw_key, rsaKey->key_size, &rsaKeyData); + + assert_positive(ckmc_encrypt_data, + params.get(), + AES_KEY_256_ALIAS.c_str(), + nullptr, + *rsaKeyData, + &encrypted); + + assert_positive(ckmc_key_new, + encrypted->data, + encrypted->size, + CKMC_KEY_RSA_PRIVATE, + nullptr, + &wrappedRsaKey); + + assert_positive(ckmc_import_wrapped_key, + params.get(), + AES_KEY_256_ALIAS.c_str(), + nullptr, + IMPORTED_ALIAS.c_str(), + wrappedRsaKey, + EXPORTABLE); + + assert_positive(ckmc_export_wrapped_key, + params.get(), + AES_KEY_256_ALIAS.c_str(), + nullptr, + IMPORTED_ALIAS.c_str(), + nullptr, + &ppKey); + + assert_positive(ckmc_buffer_new, + ppKey->raw_key, + ppKey->key_size, + &finalData); + + assert_positive(ckmc_decrypt_data, + params.get(), + AES_KEY_256_ALIAS.c_str(), + nullptr, + *finalData, + &decrypted); + + assert_buffers_equal(rsaKeyData, decrypted); + + ckmc_buffer_free(rsaKeyData); + ckmc_buffer_free(finalData); + ckmc_buffer_free(decrypted); + ckmc_buffer_free(encrypted); + ckmc_key_free(wrappedRsaKey); + ckmc_key_free(rsaKey); + ckmc_key_free(ppKey); + ckmc_remove_key(IMPORTED_ALIAS.c_str()); + ckmc_remove_key("RPB"); + ckmc_remove_key("RPV"); } RUNNER_TEST(TKW_IMPORT_EXPORT_AES_CTR){ -- 2.7.4