From 01e754106a0c5dd8aa7aca2e5560b0219a28d148 Mon Sep 17 00:00:00 2001 From: ravish-cts <54617660+ravish-cts@users.noreply.github.com> Date: Sat, 29 Aug 2020 03:00:37 +0530 Subject: [PATCH 1/4] BLDK-734: RDK License header changes-for Notice header update (#1) Reason for change: RDK License header changes-for Notice header update Test Procedure: Jenkins build should pass after License header changes for RDK for listed repos Risks: None --- NOTICE | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/NOTICE b/NOTICE index 644855c..ab71bf4 100644 --- a/NOTICE +++ b/NOTICE @@ -1,2 +1,8 @@ -Copyright 2019 RDK Management -Licensed under the Apache License, Version 2.0 +This component contains software that is Copyright (c) 2019 RDK Management. +The component is licensed to you under the Apache License, Version 2.0 (the "License"). +You may not use the component except in compliance with the License. + +The component may include material which is licensed under other licenses / copyrights as +listed below. Your use of this material within the component is also subject to the terms and +conditions of these licenses. The LICENSE file contains the text of all the licenses which apply +within this component. From c49d3fb718025dd645e60ef90c03ae4663168e86 Mon Sep 17 00:00:00 2001 From: Eric Berry Date: Thu, 24 Feb 2022 17:58:48 -0800 Subject: [PATCH 2/4] Add latest code to rdkcryptoapi and include tests --- .gitignore | 1 + CMakeLists.txt | 164 ++ Makefile.am | 2 - autogen.sh | 3 - cmake/FindYAJL.cmake | 36 + configure.ac | 10 - src/Makefile.am | 14 - src/headers/sec_security_comcastids.h | 1 + src/sec_pubops_openssl.c | 60 +- src/sec_security_asn1kc.c | 79 +- src/sec_security_asn1kc.h | 4 + src/sec_security_engine.c | 1 + src/sec_security_openssl.c | 10 +- src/sec_version.h | 2 +- test/main/cpp/bundle.cpp | 81 + test/main/cpp/bundle.h | 28 + test/main/cpp/cert.cpp | 143 ++ test/main/cpp/cert.h | 30 + test/main/cpp/cipher.cpp | 1204 +++++++++++++++ test/main/cpp/cipher.h | 80 + test/main/cpp/concurrent.cpp | 140 ++ test/main/cpp/concurrent.h | 29 + test/main/cpp/digest.cpp | 195 +++ test/main/cpp/digest.h | 38 + test/main/cpp/exchange.cpp | 505 +++++++ test/main/cpp/exchange.h | 37 + test/main/cpp/jtype.cpp | 468 ++++++ test/main/cpp/jtype.h | 37 + test/main/cpp/key.cpp | 1290 ++++++++++++++++ test/main/cpp/key.h | 45 + test/main/cpp/keyctrl.cpp | 1970 +++++++++++++++++++++++++ test/main/cpp/keyctrl.h | 83 ++ test/main/cpp/mac.cpp | 316 ++++ test/main/cpp/mac.h | 41 + test/main/cpp/processor.cpp | 115 ++ test/main/cpp/processor.h | 31 + test/main/cpp/random.cpp | 48 + test/main/cpp/random.h | 27 + test/main/cpp/sec_api_utest_main.cpp | 997 +++++++++++++ test/main/cpp/sec_api_utest_main.h | 32 + test/main/cpp/sign.cpp | 519 +++++++ test/main/cpp/sign.h | 35 + test/main/cpp/svp.cpp | 320 ++++ test/main/cpp/svp.h | 35 + test/main/cpp/test_creds_clear.cpp | 1386 +++++++++++++++++ test/main/cpp/test_ctx.cpp | 507 +++++++ test/main/cpp/wrapped.cpp | 1303 ++++++++++++++++ test/main/cpp/wrapped.h | 39 + test/main/headers/test_creds.h | 149 ++ test/main/headers/test_ctx.h | 171 +++ test/openssl/cpp/test_creds_soc.cpp | 249 ++++ 51 files changed, 13072 insertions(+), 38 deletions(-) create mode 100644 CMakeLists.txt delete mode 100644 Makefile.am delete mode 100755 autogen.sh create mode 100755 cmake/FindYAJL.cmake delete mode 100644 configure.ac delete mode 100644 src/Makefile.am create mode 100644 test/main/cpp/bundle.cpp create mode 100644 test/main/cpp/bundle.h create mode 100644 test/main/cpp/cert.cpp create mode 100644 test/main/cpp/cert.h create mode 100644 test/main/cpp/cipher.cpp create mode 100644 test/main/cpp/cipher.h create mode 100644 test/main/cpp/concurrent.cpp create mode 100644 test/main/cpp/concurrent.h create mode 100644 test/main/cpp/digest.cpp create mode 100644 test/main/cpp/digest.h create mode 100644 test/main/cpp/exchange.cpp create mode 100644 test/main/cpp/exchange.h create mode 100644 test/main/cpp/jtype.cpp create mode 100644 test/main/cpp/jtype.h create mode 100644 test/main/cpp/key.cpp create mode 100644 test/main/cpp/key.h create mode 100644 test/main/cpp/keyctrl.cpp create mode 100644 test/main/cpp/keyctrl.h create mode 100644 test/main/cpp/mac.cpp create mode 100644 test/main/cpp/mac.h create mode 100644 test/main/cpp/processor.cpp create mode 100644 test/main/cpp/processor.h create mode 100644 test/main/cpp/random.cpp create mode 100644 test/main/cpp/random.h create mode 100644 test/main/cpp/sec_api_utest_main.cpp create mode 100644 test/main/cpp/sec_api_utest_main.h create mode 100644 test/main/cpp/sign.cpp create mode 100644 test/main/cpp/sign.h create mode 100644 test/main/cpp/svp.cpp create mode 100644 test/main/cpp/svp.h create mode 100644 test/main/cpp/test_creds_clear.cpp create mode 100644 test/main/cpp/test_ctx.cpp create mode 100644 test/main/cpp/wrapped.cpp create mode 100644 test/main/cpp/wrapped.h create mode 100644 test/main/headers/test_creds.h create mode 100644 test/main/headers/test_ctx.h create mode 100644 test/openssl/cpp/test_creds_soc.cpp diff --git a/.gitignore b/.gitignore index a3db686..c0555ef 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ config.status configure Makefile Makefile.in +.idea diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..39cfc48 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,164 @@ +# If not stated otherwise in this file or this component's Licenses.txt file the +# following copyright and licenses apply: +# +# Copyright 2019 RDK Management +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +cmake_minimum_required(VERSION 3.16) +project(sec_api C CXX) + +set(CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH}) +set(CMAKE_C_STANDARD 99) +set(CMAKE_CXX_STANDARD 11) +set(CMAKE_CXX_STANDARD_REQUIRED ON) + +# Set OPENSSL_ROOT_DIR if not found +find_package(OpenSSL REQUIRED) +# Set YAJL_ROOT if not found +find_package(YAJL REQUIRED) + +enable_testing() + +include_directories( + ${OPENSSL_INCLUDE_DIR} + ${YAJL_INCLUDE_DIR} + src/headers + src +) + +add_compile_options(-DSEC_TARGET_LOCAL + -Wall + -Werror + -Wfatal-errors + -Wno-unused-result + -Wno-unused-but-set-variable + -Wno-unused-value + -fPIC + -fdata-sections + -ffunction-sections + -pthread + -Os + -DSEC_PLATFORM_OPENSSL + -DYAJL_V2) + +add_library(sec_api STATIC + src/headers/sec_security.h + src/headers/sec_security_comcastids.h + src/headers/sec_security_common.h + src/headers/sec_security_datatype.h + src/outprot.cpp + src/outprot.h + src/outprot_mock.cpp + src/sec_pubops.h + src/sec_pubops_openssl.c + src/sec_security_asn1kc.c + src/sec_security_asn1kc.h + src/sec_security_buffer.c + src/sec_security_common.c + src/sec_security_endian.c + src/sec_security_engine.c + src/sec_security_json.h + src/sec_security_json_yajl.c + src/sec_security_jtype.c + src/sec_security_jtype.h + src/sec_security_logger.c + src/sec_security_mutex.c + src/sec_security_mutex.h + src/sec_security_openssl.c + src/sec_security_openssl.h + src/sec_security_outprot.c + src/sec_security_outprot.h + src/sec_security_shm.c + src/sec_security_shm.h + src/sec_security_store.c + src/sec_security_store.h + src/sec_security_strptime.c + src/sec_security_utils.c + src/sec_security_utils.h + src/sec_security_utils_b64.c + src/sec_security_utils_time.c + src/sec_version.h + ) + +target_link_libraries(sec_api + PRIVATE + ${OPENSSL_CRYPTO_LIBRARY} + ) + +add_executable(sec_api_test + test/main/cpp/bundle.cpp + test/main/cpp/bundle.h + test/main/cpp/cert.cpp + test/main/cpp/cert.h + test/main/cpp/cipher.cpp + test/main/cpp/cipher.h + test/main/cpp/concurrent.cpp + test/main/cpp/concurrent.h + test/main/cpp/digest.cpp + test/main/cpp/digest.h + test/main/cpp/exchange.cpp + test/main/cpp/exchange.h + test/main/cpp/jtype.cpp + test/main/cpp/jtype.h + test/main/cpp/key.cpp + test/main/cpp/key.h + test/main/cpp/keyctrl.cpp + test/main/cpp/keyctrl.h + test/main/cpp/mac.cpp + test/main/cpp/mac.h + test/main/cpp/processor.cpp + test/main/cpp/processor.h + test/main/cpp/random.cpp + test/main/cpp/random.h + test/main/cpp/sec_api_utest_main.cpp + test/main/cpp/sec_api_utest_main.h + test/main/cpp/sign.cpp + test/main/cpp/sign.h + test/main/cpp/svp.cpp + test/main/cpp/svp.h + test/main/cpp/test_creds_clear.cpp + test/main/cpp/test_ctx.cpp + test/main/cpp/wrapped.cpp + test/main/cpp/wrapped.h + test/main/headers/test_creds.h + test/main/headers/test_ctx.h + test/openssl/cpp/test_creds_soc.cpp + ) + +target_include_directories(sec_api_test + PRIVATE + src + test/main/cpp + test/main/headers + ) + +target_link_libraries(sec_api_test + PRIVATE + pthread + sec_api + ${OPENSSL_CRYPTO_LIBRARY} + ${YAJL_LIBRARY} + ) + +add_test(sec_api_test sec_api_utest_main) + +# 'make install' to the correct locations (provided by GNUInstallDirs). +install(TARGETS sec_api + ARCHIVE DESTINATION lib + LIBRARY DESTINATION lib + RUNTIME DESTINATION bin + ) + +install(DIRECTORY headers/ DESTINATION include) diff --git a/Makefile.am b/Makefile.am deleted file mode 100644 index f268924..0000000 --- a/Makefile.am +++ /dev/null @@ -1,2 +0,0 @@ -SUBDIRS = src - diff --git a/autogen.sh b/autogen.sh deleted file mode 100755 index 122e1e1..0000000 --- a/autogen.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -mkdir config -autoreconf --force --install -I config diff --git a/cmake/FindYAJL.cmake b/cmake/FindYAJL.cmake new file mode 100755 index 0000000..0ce6d45 --- /dev/null +++ b/cmake/FindYAJL.cmake @@ -0,0 +1,36 @@ +# +# Copyright 2020-2021 Comcast Cable Communications Management, LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# Find libyajl + +FIND_PATH(YAJL_INCLUDE_DIR yajl/yajl_common.h) + +SET(YAJL_NAMES ${YAJL_NAMES} yajl libyajl) +FIND_LIBRARY(YAJL_LIBRARY NAMES ${YAJL_NAMES} PATH) + +IF(YAJL_INCLUDE_DIR AND YAJL_LIBRARY) + SET(YAJL_FOUND TRUE) +ENDIF(YAJL_INCLUDE_DIR AND YAJL_LIBRARY) + +IF(YAJL_FOUND) + IF(NOT Yajl_FIND_QUIETLY) + MESSAGE(STATUS "Found Yajl: ${YAJL_LIBRARY}") + ENDIF (NOT Yajl_FIND_QUIETLY) +ELSE(YAJL_FOUND) + IF(Yajl_FIND_REQUIRED) + MESSAGE(FATAL_ERROR "Could not find yajl") + ENDIF(Yajl_FIND_REQUIRED) +ENDIF(YAJL_FOUND) diff --git a/configure.ac b/configure.ac deleted file mode 100644 index 43c4075..0000000 --- a/configure.ac +++ /dev/null @@ -1,10 +0,0 @@ -AC_INIT([sec_api], [2.2.0], [davor_mrkoci@cable.comcast.com]) -AC_CONFIG_AUX_DIR(config) -AM_INIT_AUTOMAKE([foreign -Wall -Werror]) -AC_PROG_RANLIB -AC_PROG_CC -AC_PROG_CXX -AM_PROG_AR -AC_CONFIG_FILES([Makefile src/Makefile]) -AC_OUTPUT - diff --git a/src/Makefile.am b/src/Makefile.am deleted file mode 100644 index b168df7..0000000 --- a/src/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ -lib_LIBRARIES = libsec_api.a - -include_HEADERS = headers/sec_security_datatype.h -include_HEADERS += headers/sec_security.h -include_HEADERS += headers/sec_security_common.h -include_HEADERS += headers/sec_security_comcastids.h - -libsec_api_a_SOURCES = outprot_mock.cpp outprot.cpp sec_pubops_openssl.c sec_security_asn1kc.c sec_security_buffer.c sec_security_common.c sec_security_endian.c sec_security_engine.c sec_security_json_yajl.c sec_security_jtype.c sec_security_logger.c sec_security_mutex.c sec_security_openssl.c sec_security_outprot.c sec_security_shm.c sec_security_store.c sec_security_strptime.c sec_security_utils_b64.c sec_security_utils_time.c sec_security_utils.c - -AM_CFLAGS = -DSEC_TARGET_LOCAL -Wall -Werror -Wfatal-errors -Wno-unused-result -Wno-unused-but-set-variable -Wno-unused-value -fPIC -fdata-sections -ffunction-sections -pthread -Os -DSEC_PLATFORM_OPENSSL -DYAJL_V2 -AM_CFLAGS += -I./headers/ - -AM_CXXFLAGS = -DSEC_TARGET_LOCAL -Wall -Werror -Wfatal-errors -Wno-unused-result -Wno-unused-but-set-variable -Wno-unused-value -fPIC -fdata-sections -ffunction-sections -pthread -Os -DSEC_PLATFORM_OPENSSL -DYAJL_V2 -AM_CXXFLAGS += -I./headers/ diff --git a/src/headers/sec_security_comcastids.h b/src/headers/sec_security_comcastids.h index c3d7d2d..d18f1ff 100644 --- a/src/headers/sec_security_comcastids.h +++ b/src/headers/sec_security_comcastids.h @@ -98,6 +98,7 @@ extern "C" #define SEC_OBJECTID_PLAYREADY_MODELCERT 0x0631000006310001ULL #define SEC_OBJECTID_PLAYREADY_MODELKEY 0x0331000003310001ULL +#define SEC_OBJECTID_PLAYREADY_3K_MODELKEY 0x0331000003310003ULL #define SEC_OBJECTID_WV_KEY 0x0351000003510001ULL #define SEC_OBJECTID_WV_CERTBUNDLE 0x0651000006510001ULL diff --git a/src/sec_pubops_openssl.c b/src/sec_pubops_openssl.c index bc53fc0..0d6c77e 100644 --- a/src/sec_pubops_openssl.c +++ b/src/sec_pubops_openssl.c @@ -414,6 +414,11 @@ Sec_Result _Pubops_VerifyWithPubRsa(Sec_RSARawPublicKey *pub_key, Sec_SignatureA Sec_Result _Pubops_VerifyWithPubEcc(Sec_ECCRawPublicKey *pub_key, Sec_SignatureAlgorithm alg, SEC_BYTE *digest, SEC_SIZE digest_len, SEC_BYTE *sig, SEC_SIZE sig_len) { EC_KEY *ec_key = _SecUtils_ECCFromPubBinary(pub_key); Sec_Result res = SEC_RESULT_FAILURE; +#if OPENSSL_VERSION_NUMBER > 0x10100000L + ECDSA_SIG* esig = NULL; + BIGNUM* esigr = NULL; + BIGNUM* esigs = NULL; +#endif if (NULL == ec_key) { @@ -426,6 +431,37 @@ Sec_Result _Pubops_VerifyWithPubEcc(Sec_ECCRawPublicKey *pub_key, Sec_SignatureA goto done; } +#if OPENSSL_VERSION_NUMBER > 0x10100000L + esig = ECDSA_SIG_new(); + if (esig == NULL) { + SEC_LOG_ERROR("ECDSA_SIG_new failed"); + goto done; + } + + esigr = BN_new(); + if (esigr == NULL) { + SEC_LOG_ERROR("BN_new failed"); + goto done; + } + + esigs = BN_new(); + if (esigs == NULL) { + SEC_LOG_ERROR("BN_new failed"); + goto done; + } + + BN_bin2bn(&sig[0], SEC_ECC_NISTP256_KEY_LEN, esigr); + BN_bin2bn(&sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN, esigs); + + if (!ECDSA_SIG_set0(esig, esigr, esigs)) { + SEC_LOG_ERROR("ECDSA_SIG_set0 failed"); + goto done; + } + esigr = NULL; + esigs = NULL; + + int openssl_res = ECDSA_do_verify(digest, digest_len, esig, ec_key); +#else ECDSA_SIG esig; esig.r = BN_new(); esig.s = BN_new(); @@ -435,6 +471,7 @@ Sec_Result _Pubops_VerifyWithPubEcc(Sec_ECCRawPublicKey *pub_key, Sec_SignatureA int openssl_res = ECDSA_do_verify(digest, digest_len, &esig, ec_key); BN_free(esig.r); BN_free(esig.s); +#endif if (1 != openssl_res) { @@ -450,6 +487,11 @@ Sec_Result _Pubops_VerifyWithPubEcc(Sec_ECCRawPublicKey *pub_key, Sec_SignatureA res = SEC_RESULT_SUCCESS; done: +#if OPENSSL_VERSION_NUMBER > 0x10100000L + BN_free(esigr); + BN_free(esigs); + ECDSA_SIG_free(esig); +#endif SEC_ECC_FREE(ec_key); return res; @@ -636,8 +678,16 @@ Sec_Result _Pubops_ExtractRSAPubFromX509Der(SEC_BYTE *cert, SEC_SIZE cert_len, S } Sec_Uint32ToBEBytes(RSA_size(rsa), pub->modulus_len_be); +#if OPENSSL_VERSION_NUMBER > 0x10100000L + const BIGNUM* n; + const BIGNUM* e; + RSA_get0_key(rsa, &n, &e, NULL); + _SecUtils_BigNumToBuffer(n, pub->n, Sec_BEBytesToUint32(pub->modulus_len_be)); + _SecUtils_BigNumToBuffer(e, pub->e, 4); +#else _SecUtils_BigNumToBuffer(rsa->n, pub->n, Sec_BEBytesToUint32(pub->modulus_len_be)); _SecUtils_BigNumToBuffer(rsa->e, pub->e, 4); +#endif res = SEC_RESULT_SUCCESS; done: @@ -814,8 +864,16 @@ Sec_Result _Pubops_ExtractRSAPubFromPUBKEYDer(SEC_BYTE *cert, SEC_SIZE cert_len, } Sec_Uint32ToBEBytes(RSA_size(rsa), pub->modulus_len_be); +#if OPENSSL_VERSION_NUMBER > 0x10100000L + const BIGNUM* n; + const BIGNUM* e; + RSA_get0_key(rsa, &n, &e, NULL); + _SecUtils_BigNumToBuffer(n, pub->n, Sec_BEBytesToUint32(pub->modulus_len_be)); + _SecUtils_BigNumToBuffer(e, pub->e, 4); +#else _SecUtils_BigNumToBuffer(rsa->n, pub->n, Sec_BEBytesToUint32(pub->modulus_len_be)); _SecUtils_BigNumToBuffer(rsa->e, pub->e, 4); +#endif res = SEC_RESULT_SUCCESS; @@ -886,7 +944,7 @@ Sec_Result _Pubops_Random(SEC_BYTE* out, SEC_SIZE out_len) { } Sec_Result _Pubops_RandomPrng(SEC_BYTE* out, SEC_SIZE out_len) { - if (1 != RAND_pseudo_bytes(out, out_len)) { + if (1 != RAND_bytes(out, out_len)) { SEC_LOG_ERROR(); return SEC_RESULT_FAILURE; } diff --git a/src/sec_security_asn1kc.c b/src/sec_security_asn1kc.c index 2bb0ec5..e27aa4b 100644 --- a/src/sec_security_asn1kc.c +++ b/src/sec_security_asn1kc.c @@ -51,6 +51,7 @@ IMPLEMENT_ASN1_FUNCTIONS(Sec_Asn1KC) IMPLEMENT_ASN1_PRINT_FUNCTION(Sec_Asn1KC) //PRINTF //Implements Sec_Asn1KC_new, Sec_Asn1KC_free, d2i_Sec_Asn1KC i2d_Sec_Asn1KC +#if OPENSSL_VERSION_NUMBER < 0x10100000L static Sec_Result getBE_ASN1_INTEGER(SEC_BYTE* res, const ASN1_INTEGER *ai, SEC_SIZE size, SEC_BOOL signd) { BIGNUM *bn = NULL; @@ -93,6 +94,7 @@ static Sec_Result getBE_ASN1_INTEGER(SEC_BYTE* res, const ASN1_INTEGER *ai, SEC_ BN_free(bn); return SEC_RESULT_SUCCESS; } +#endif static Sec_Result setBE_ASN1_INTEGER(ASN1_INTEGER *st, SEC_BYTE* be_value, SEC_SIZE size) @@ -233,8 +235,13 @@ static Asn1KCAttribute_t *SecAsn1KC_GetAttr(Sec_Asn1KC *kc, const char *key) at = sk_Asn1KCAttribute_t_value(kc, i); if (at != NULL && strlen(key) == ASN1_STRING_length(at->name) && +#if OPENSSL_VERSION_NUMBER < 0x10100000L ASN1_STRING_data(at->name) != NULL && 0 == Sec_Memcmp(key, ASN1_STRING_data(at->name), ASN1_STRING_length(at->name))) +#else + ASN1_STRING_get0_data(at->name) != NULL && + 0 == Sec_Memcmp(key, ASN1_STRING_get0_data(at->name), ASN1_STRING_length(at->name))) +#endif { return at; } @@ -266,10 +273,18 @@ Sec_Result SecAsn1KC_GetAttrLong(Sec_Asn1KC *kc, const char *key, long *val) return SEC_RESULT_FAILURE; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L // Openssl 1.0.9 has support for signed long types // With Openssl 1.1.x new applications should use ASN1_INTEGER_get_int64() // instead *val = (long)ASN1_INTEGER_get(attr->value->c.integer); +#else + if(ASN1_INTEGER_get_int64((int64_t*)val, attr->value->c.integer) != 1) + { + SEC_LOG_ERROR("failed to get Long value from asn1 struct"); + return SEC_RESULT_FAILURE; + } +#endif return SEC_RESULT_SUCCESS; } @@ -277,7 +292,9 @@ Sec_Result SecAsn1KC_GetAttrLong(Sec_Asn1KC *kc, const char *key, long *val) Sec_Result SecAsn1KC_GetAttrInt64(Sec_Asn1KC *kc, const char *key, int64_t *val) { Asn1KCAttribute_t *attr = NULL; +#if OPENSSL_VERSION_NUMBER < 0x10100000L SEC_BYTE val_buf[sizeof(int64_t)]; +#endif attr = SecAsn1KC_GetAttr(kc, key); if (attr == NULL) @@ -293,6 +310,7 @@ Sec_Result SecAsn1KC_GetAttrInt64(Sec_Asn1KC *kc, const char *key, int64_t *val) return SEC_RESULT_FAILURE; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L //With openssl 1.1.x support you can use ASN1_INTEGER_get_int64() in place //of getBE_ASN1_INTEGER() if(getBE_ASN1_INTEGER(val_buf, attr->value->c.integer, sizeof(val), @@ -304,6 +322,13 @@ Sec_Result SecAsn1KC_GetAttrInt64(Sec_Asn1KC *kc, const char *key, int64_t *val) //val_buf is an 8 byte buffer that has sign bits extended if needed. *val = (int64_t)Sec_BEBytesToUint64(val_buf); +#else + if(ASN1_INTEGER_get_int64(val, attr->value->c.integer) != 1) + { + SEC_LOG_ERROR("failed to get Long value from asn1 struct"); + return SEC_RESULT_FAILURE; + } +#endif return SEC_RESULT_SUCCESS; } @@ -311,7 +336,9 @@ Sec_Result SecAsn1KC_GetAttrInt64(Sec_Asn1KC *kc, const char *key, int64_t *val) Sec_Result SecAsn1KC_GetAttrUlong(Sec_Asn1KC *kc, const char *key, unsigned long *val) { Asn1KCAttribute_t *attr = NULL; +#if OPENSSL_VERSION_NUMBER < 0x10100000L SEC_BYTE val_buf[sizeof(unsigned long)]; +#endif attr = SecAsn1KC_GetAttr(kc, key); if (attr == NULL) @@ -326,6 +353,7 @@ Sec_Result SecAsn1KC_GetAttrUlong(Sec_Asn1KC *kc, const char *key, unsigned long return SEC_RESULT_FAILURE; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L //With openssl 1.1.x support you can use ASN1_INTEGER_get_uint64() in place //of getBE_ASN1_INTEGER() if(getBE_ASN1_INTEGER(val_buf, attr->value->c.integer, sizeof(val), @@ -344,13 +372,22 @@ Sec_Result SecAsn1KC_GetAttrUlong(Sec_Asn1KC *kc, const char *key, unsigned long *val = (unsigned long)Sec_BEBytesToUint64(val_buf); } +#else + if(ASN1_INTEGER_get_uint64((uint64_t*)val, attr->value->c.integer) != 1) + { + SEC_LOG_ERROR("failed to get Long value from asn1 struct"); + return SEC_RESULT_FAILURE; + } +#endif return SEC_RESULT_SUCCESS; } Sec_Result SecAsn1KC_GetAttrUint64(Sec_Asn1KC *kc, const char *key, uint64_t *val) { Asn1KCAttribute_t *attr = NULL; +#if OPENSSL_VERSION_NUMBER < 0x10100000L SEC_BYTE val_buf[sizeof(uint64_t)]; +#endif attr = SecAsn1KC_GetAttr(kc, key); if (attr == NULL) @@ -365,6 +402,7 @@ Sec_Result SecAsn1KC_GetAttrUint64(Sec_Asn1KC *kc, const char *key, uint64_t *va return SEC_RESULT_FAILURE; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L //With openssl 1.1.x support you can use ASN1_INTEGER_get_uint64() in place //of getBE_ASN1_INTEGER() if(getBE_ASN1_INTEGER(val_buf, attr->value->c.integer, sizeof(uint64_t), @@ -375,6 +413,13 @@ Sec_Result SecAsn1KC_GetAttrUint64(Sec_Asn1KC *kc, const char *key, uint64_t *va } *val = Sec_BEBytesToUint64(val_buf); +#else + if(ASN1_INTEGER_get_uint64(val, attr->value->c.integer) != 1) + { + SEC_LOG_ERROR("failed to get Long value from asn1 struct"); + return SEC_RESULT_FAILURE; + } +#endif return SEC_RESULT_SUCCESS; } @@ -382,7 +427,7 @@ Sec_Result SecAsn1KC_GetAttrUint64(Sec_Asn1KC *kc, const char *key, uint64_t *va Sec_Result SecAsn1KC_GetAttrBuffer(Sec_Asn1KC *kc, const char *key, SEC_BYTE *buffer, SEC_SIZE buffer_len, SEC_SIZE *written) { Asn1KCAttribute_t *attr = NULL; - unsigned char *str_data = NULL; + const unsigned char *str_data = NULL; attr = SecAsn1KC_GetAttr(kc, key); if (attr == NULL) @@ -407,7 +452,11 @@ Sec_Result SecAsn1KC_GetAttrBuffer(Sec_Asn1KC *kc, const char *key, SEC_BYTE *bu return SEC_RESULT_FAILURE; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L str_data = ASN1_STRING_data(attr->value->c.octetstring); +#else + str_data = ASN1_STRING_get0_data(attr->value->c.octetstring); +#endif if(str_data == NULL) { SEC_LOG_ERROR("Call to ASN1_STRING_data failed"); @@ -423,7 +472,7 @@ Sec_Result SecAsn1KC_GetAttrBuffer(Sec_Asn1KC *kc, const char *key, SEC_BYTE *bu Sec_Result SecAsn1KC_GetAttrString(Sec_Asn1KC *kc, const char *key, char *buffer, SEC_SIZE buffer_len, SEC_SIZE *written) { Asn1KCAttribute_t *attr = NULL; - unsigned char *str_data = NULL; + const unsigned char *str_data = NULL; attr = SecAsn1KC_GetAttr(kc, key); if (attr == NULL) @@ -447,7 +496,11 @@ Sec_Result SecAsn1KC_GetAttrString(Sec_Asn1KC *kc, const char *key, char *buffer return SEC_RESULT_FAILURE; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L str_data = ASN1_STRING_data(attr->value->c.octetstring); +#else + str_data = ASN1_STRING_get0_data(attr->value->c.octetstring); +#endif if(str_data == NULL) { SEC_LOG_ERROR("Call to ASN1_STRING_data failed"); @@ -527,7 +580,9 @@ Sec_Result SecAsn1KC_AddAttrInt64(Sec_Asn1KC *kc, const char *key, int64_t val) { Sec_Result res = SEC_RESULT_FAILURE; Asn1KCAttribute_t *ptr = SecAsn1KC_AllocAttr(asn1_integer); +#if OPENSSL_VERSION_NUMBER < 0x10100000L SEC_BYTE be_val[sizeof(val)]; +#endif if (ptr == NULL) { @@ -541,6 +596,7 @@ Sec_Result SecAsn1KC_AddAttrInt64(Sec_Asn1KC *kc, const char *key, int64_t val) goto done; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L Sec_Uint64ToBEBytes((uint64_t)val, be_val); if(setBE_ASN1_INTEGER(ptr->value->c.integer, be_val, sizeof(val)) != SEC_RESULT_SUCCESS) @@ -548,6 +604,13 @@ Sec_Result SecAsn1KC_AddAttrInt64(Sec_Asn1KC *kc, const char *key, int64_t val) SEC_LOG_ERROR("setBE_ASN1_INTEGER failed"); goto done; } +#else + if (0 == ASN1_INTEGER_set_int64(ptr->value->c.integer, val)) + { + SEC_LOG_ERROR("ASN1_INTEGER_set_int64 failed"); + goto done; + } +#endif if (SEC_RESULT_SUCCESS != SecAsn1KC_AddAttr(kc, ptr)) { @@ -616,7 +679,9 @@ Sec_Result SecAsn1KC_AddAttrUint64(Sec_Asn1KC *kc, const char *key, uint64_t val { Sec_Result res = SEC_RESULT_FAILURE; Asn1KCAttribute_t *ptr = SecAsn1KC_AllocAttr(asn1_integer); +#if OPENSSL_VERSION_NUMBER < 0x10100000L SEC_BYTE be_val[sizeof(val)]; +#endif if (ptr == NULL) { @@ -630,6 +695,7 @@ Sec_Result SecAsn1KC_AddAttrUint64(Sec_Asn1KC *kc, const char *key, uint64_t val goto done; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L Sec_Uint64ToBEBytes(val, be_val); if(setBE_ASN1_INTEGER(ptr->value->c.integer, be_val, sizeof(val)) != SEC_RESULT_SUCCESS) @@ -637,6 +703,13 @@ Sec_Result SecAsn1KC_AddAttrUint64(Sec_Asn1KC *kc, const char *key, uint64_t val SEC_LOG_ERROR("setBE_ASN1_INTEGER failed"); goto done; } +#else + if (0 == ASN1_INTEGER_set_uint64(ptr->value->c.integer, val)) + { + SEC_LOG_ERROR("ASN1_INTEGER_set_uint64 failed"); + goto done; + } +#endif if (SEC_RESULT_SUCCESS != SecAsn1KC_AddAttr(kc, ptr)) { @@ -761,7 +834,7 @@ Sec_Asn1KC *SecAsn1KC_Decode(SEC_BYTE *buf, SEC_SIZE buf_len) const unsigned char *c_buf = buf; Sec_Asn1KC *ret = NULL; - if (buf_len > LONG_MAX) + if (buf_len > INT_MAX) { SEC_LOG_ERROR("buf length rollover"); return NULL; diff --git a/src/sec_security_asn1kc.h b/src/sec_security_asn1kc.h index c774332..066d2d4 100644 --- a/src/sec_security_asn1kc.h +++ b/src/sec_security_asn1kc.h @@ -62,9 +62,13 @@ typedef struct { typedef STACK_OF(Asn1KCAttribute_t) Sec_Asn1KC; +#if OPENSSL_VERSION_NUMBER < 0x10100000L #define sk_Asn1KCAttribute_t_num(st) sk_num(CHECKED_STACK_OF(Asn1KCAttribute_t, st)) #define sk_Asn1KCAttribute_t_value(st, i) ((Asn1KCAttribute_t *)sk_value(CHECKED_STACK_OF(Asn1KCAttribute_t, st), i)) #define sk_Asn1KCAttribute_t_push(st, val) sk_push(CHECKED_STACK_OF(Asn1KCAttribute_t, st), CHECKED_PTR_OF(Asn1KCAttribute_t, val)) +#else +DEFINE_STACK_OF(Asn1KCAttribute_t); +#endif Sec_Asn1KC *SecAsn1KC_Alloc(); void SecAsn1KC_Free(Sec_Asn1KC *kc); diff --git a/src/sec_security_engine.c b/src/sec_security_engine.c index 449a750..2b8b784 100644 --- a/src/sec_security_engine.c +++ b/src/sec_security_engine.c @@ -266,6 +266,7 @@ static void ENGINE_load_securityapi(void) #if OPENSSL_VERSION_NUMBER < 0x10100000L || !ENGINE_set_RSA(engine, &g_sec_openssl_rsamethod) #else + || !ENGINE_set_RSA(engine, _GetRSAMethod()) #endif ) { diff --git a/src/sec_security_openssl.c b/src/sec_security_openssl.c index 68f5ac0..bb7cece 100644 --- a/src/sec_security_openssl.c +++ b/src/sec_security_openssl.c @@ -36,6 +36,7 @@ #include "sec_security_outprot.h" #include #include "outprot.h" +#include #ifndef SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY #define SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY 0xffffffff00000001ULL @@ -165,6 +166,7 @@ static Sec_Result _store_exported(Sec_ProcessorHandle *proc, SEC_BYTE *derivatio *exported_written = 0; + Sec_Result export_res = SEC_RESULT_FAILURE; if (exported_len < SEC_AES_BLOCK_SIZE) { SEC_LOG_ERROR("Not enough room to write derivation input"); goto done_export; @@ -186,7 +188,6 @@ static Sec_Result _store_exported(Sec_ProcessorHandle *proc, SEC_BYTE *derivatio pthread_mutex_lock(&g_export_mutex); - Sec_Result export_res = SEC_RESULT_FAILURE; export_res = _provision_export_keys(proc, derivationInput); if (SEC_RESULT_SUCCESS != export_res) { SEC_LOG_ERROR("_provision_export_keys failed"); @@ -2640,7 +2641,7 @@ static size_t bytesToProcessToRollover(uint64_t ctr, size_t sub_block_offset, si maxBlocksToProcess -= 1; //add the rest up to rollover - uint64_t inputBlocks = inputLen/SEC_AES_BLOCK_SIZE + (inputLen%SEC_AES_BLOCK_SIZE > 0) ? 1 : 0; + uint64_t inputBlocks = inputLen/SEC_AES_BLOCK_SIZE + (inputLen%SEC_AES_BLOCK_SIZE > 0 ? 1 : 0); uint64_t blocksToProcess = SEC_MIN(inputBlocks, maxBlocksToProcess); bytesToProcess += SEC_MIN(inputLen, (size_t) blocksToProcess * SEC_AES_BLOCK_SIZE); @@ -5496,7 +5497,8 @@ Sec_Result SecCodeIntegrity_SecureBootEnabled(void) } Sec_Result SecSVP_SetTime(time_t time) { - if (0 != stime(&time)) { + struct timespec ts = {time, 0}; + if (0 != clock_settime(CLOCK_REALTIME, &ts)) { SEC_LOG_ERROR("stime failed"); return SEC_RESULT_FAILURE; } @@ -5679,7 +5681,7 @@ Sec_Result SecProcessor_GetInfo(Sec_ProcessorHandle* secProcHandle, return SEC_RESULT_INVALID_PARAMETERS; Sec_Memset(secProcInfo, 0x00, sizeof(Sec_ProcessorInfo)); - strncpy((char *)secProcInfo->version, SEC_API_VERSION, strlen(SEC_API_VERSION)); + strncpy((char *)secProcInfo->version, SEC_API_VERSION, strlen(SEC_API_VERSION) + 1); return SEC_RESULT_SUCCESS; } diff --git a/src/sec_version.h b/src/sec_version.h index 54aa661..05feba8 100644 --- a/src/sec_version.h +++ b/src/sec_version.h @@ -17,4 +17,4 @@ * limitations under the License. */ -#define SEC_API_VERSION "2.3.2.2" +#define SEC_API_VERSION "2.3.2.25" diff --git a/test/main/cpp/bundle.cpp b/test/main/cpp/bundle.cpp new file mode 100644 index 0000000..3bbba0e --- /dev/null +++ b/test/main/cpp/bundle.cpp @@ -0,0 +1,81 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "bundle.h" +#include "test_ctx.h" + +Sec_Result testBundleProvision(SEC_OBJECTID id, Sec_StorageLoc loc, SEC_SIZE size) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector bundle = TestCtx::random(size); + + Sec_BundleHandle *handle; + if (NULL == (handle = ctx.provisionBundle(id, loc, bundle))) { + SEC_LOG_ERROR("TestCtx.provisionBundle failed"); + return SEC_RESULT_FAILURE; + } + + //get bundle size + SEC_SIZE written; + if (SEC_RESULT_SUCCESS != SecBundle_Export(handle, NULL, 0, &written)) { + SEC_LOG_ERROR("SecBundle_Export failed"); + return SEC_RESULT_FAILURE; + } + + //export bundle + std::vector out; + out.resize(written); + if (SEC_RESULT_SUCCESS != SecBundle_Export(handle, + &out[0], size, &written)) { + SEC_LOG_ERROR("SecBundle_Export failed"); + return SEC_RESULT_FAILURE; + } + + out.resize(written); + + if (out != bundle) { + SEC_LOG_ERROR("Exported bundle does not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testBundleProvisionNoAppDir(SEC_OBJECTID id, SEC_SIZE size) { + TestCtx ctx; + if (ctx.init("/tmp", NULL) != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector bundle = TestCtx::random(size); + + + if (SEC_RESULT_SUCCESS == SecBundle_Provision( + ctx.proc(), id, SEC_STORAGELOC_FILE, (SEC_BYTE *) &bundle[0], bundle.size())) { + SEC_LOG_ERROR("SecBundle_Provision succeeded, but expected to fail"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/bundle.h b/test/main/cpp/bundle.h new file mode 100644 index 0000000..ee7d696 --- /dev/null +++ b/test/main/cpp/bundle.h @@ -0,0 +1,28 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_BUNDLE_H_ +#define TEST_BUNDLE_H_ + +#include "sec_security.h" + +Sec_Result testBundleProvision(SEC_OBJECTID id, Sec_StorageLoc loc, SEC_SIZE size); +Sec_Result testBundleProvisionNoAppDir(SEC_OBJECTID id, SEC_SIZE size); + +#endif diff --git a/test/main/cpp/cert.cpp b/test/main/cpp/cert.cpp new file mode 100644 index 0000000..7c929fe --- /dev/null +++ b/test/main/cpp/cert.cpp @@ -0,0 +1,143 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cert.h" +#include "test_ctx.h" +#include "test_creds.h" +#include "sec_security_utils.h" +#include + +X509 * _DerToX509(SEC_BYTE *der, SEC_SIZE der_len) { + BIO *bio = NULL; + X509 *x509 = NULL; + + bio = BIO_new_mem_buf(der, der_len); + x509 = d2i_X509_bio(bio, NULL ); + SEC_BIO_FREE(bio); + + if (x509 == NULL) { + SEC_LOG_ERROR("d2i_X509_bio failed"); + } + + return x509; +} + +Sec_Result testCertProvision(SEC_OBJECTID id, TestCert cert, Sec_StorageLoc loc) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_CertificateHandle *handle; + if (NULL == (handle = ctx.provisionCert(id, loc, cert))) { + SEC_LOG_ERROR("TestCtx.provisionCert failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testCertExport(SEC_OBJECTID id, TestCert cert, Sec_StorageLoc loc) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_CertificateHandle *handle; + if (NULL == (handle = ctx.provisionCert(id, loc, cert))) { + SEC_LOG_ERROR("TestCtx.provisionCert failed"); + return SEC_RESULT_FAILURE; + } + + SEC_SIZE written; + if (SEC_RESULT_SUCCESS != SecCertificate_Export(handle, NULL, 0, &written)) { + SEC_LOG_ERROR("SecBundle_Export failed"); + return SEC_RESULT_FAILURE; + } + + std::vector out; + out.resize(written); + if (SEC_RESULT_SUCCESS != SecCertificate_Export(handle, + &out[0], out.size(), &written)) { + SEC_LOG_ERROR("SecBundle_Export failed"); + return SEC_RESULT_FAILURE; + } + + X509 *x509 = _DerToX509(&out[0], out.size()); + if (x509 == NULL) { + SEC_LOG_ERROR("_DerToX509 failed"); + return SEC_RESULT_FAILURE; + } + SEC_X509_FREE(x509); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testCertVerify(SEC_OBJECTID id_cert, TestCert cert, SEC_OBJECTID id_key, TestKey key, Sec_StorageLoc loc) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_CertificateHandle *handle; + if (NULL == (handle = ctx.provisionCert(id_cert, SEC_STORAGELOC_RAM, cert))) { + SEC_LOG_ERROR("TestCtx.provisionCert failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *key_handle; + if (NULL == (key_handle = ctx.provisionKey(id_key, loc, key, TESTKC_RAW))) { + SEC_LOG_ERROR("TestCtx.provisionKey failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsEcc(TestCreds::getKeyType(key))) { + Sec_ECCRawPublicKey pub_key; + if (SEC_RESULT_SUCCESS != SecCertificate_ExtractECCPublicKey(handle, &pub_key)) { + SEC_LOG_ERROR("SecCertificate_ExtractECCPublicKey failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecCertificate_VerifyWithRawECCPublicKey(handle, &pub_key)) { + SEC_LOG_ERROR("SecCertificate_VerifyWithRawECCPublicKey failed"); + return SEC_RESULT_FAILURE; + } + } else { + Sec_RSARawPublicKey pub_key; + if (SEC_RESULT_SUCCESS != SecCertificate_ExtractRSAPublicKey(handle, &pub_key)) { + SEC_LOG_ERROR("SecCertificate_ExtractRSAPublicKey failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecCertificate_VerifyWithRawRSAPublicKey(handle, &pub_key)) { + SEC_LOG_ERROR("SecCertificate_VerifyWithRawRSAPublicKey failed"); + return SEC_RESULT_FAILURE; + } + } + + if (SEC_RESULT_SUCCESS != SecCertificate_Verify(handle, key_handle)) { + SEC_LOG_ERROR("SecCertificate_Verify failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/cert.h b/test/main/cpp/cert.h new file mode 100644 index 0000000..8d905cb --- /dev/null +++ b/test/main/cpp/cert.h @@ -0,0 +1,30 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_CERT_H_ +#define TEST_CERT_H_ + +#include "sec_security.h" +#include "test_creds.h" + +Sec_Result testCertProvision(SEC_OBJECTID id, TestCert cert, Sec_StorageLoc loc); +Sec_Result testCertExport(SEC_OBJECTID id, TestCert cert, Sec_StorageLoc loc); +Sec_Result testCertVerify(SEC_OBJECTID id_cert, TestCert cert, SEC_OBJECTID id_key, TestKey key, Sec_StorageLoc loc); + +#endif diff --git a/test/main/cpp/cipher.cpp b/test/main/cpp/cipher.cpp new file mode 100644 index 0000000..89739cb --- /dev/null +++ b/test/main/cpp/cipher.cpp @@ -0,0 +1,1204 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cipher.h" +#include "test_ctx.h" +#include +#include +#include +#include + +static std::vector opensslAesCbc( + TestKey key, Sec_CipherMode mode, SEC_BOOL padding, + SEC_BYTE *iv, const std::vector& input) { + + std::vector openssl_key = TestCreds::asOpenSslAes(key); + if (openssl_key.size() == 0) { + SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); + return std::vector(); + } + const EVP_CIPHER *evp_cipher = NULL; + if (openssl_key.size() == 16) { + evp_cipher = EVP_aes_128_cbc(); + } else { + evp_cipher = EVP_aes_256_cbc(); + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX evp_ctx; + EVP_CIPHER_CTX_init(&evp_ctx); + EVP_CIPHER_CTX *p_evp_ctx = &evp_ctx; +#else + EVP_CIPHER_CTX *p_evp_ctx = EVP_CIPHER_CTX_new(); +#endif + + if (1 != EVP_CipherInit_ex(p_evp_ctx, evp_cipher, NULL, + NULL, NULL, (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) + { + SEC_LOG_ERROR("EVP_CipherInit failed"); + return std::vector(); + } + + if (1 != EVP_CIPHER_CTX_set_padding(p_evp_ctx, padding)) + { + SEC_LOG_ERROR("EVP_CIPHER_CTX_set_padding failed"); + return std::vector(); + } + + if (1 != EVP_CipherInit_ex(p_evp_ctx, NULL, NULL, &openssl_key[0], iv, + (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) + { + SEC_LOG_ERROR("EVP_CipherInit failed"); + return std::vector(); + } + + std::vector output; + output.resize(input.size() + SEC_AES_BLOCK_SIZE); + + SEC_SIZE written = 0; + int outlen = 0; + + if (1 != EVP_CipherUpdate(p_evp_ctx, &output[0], &outlen, &input[0], input.size())) + { + SEC_LOG_ERROR("EVP_CipherUpdate failed"); + return std::vector(); + } + written += outlen; + outlen = 0; + + if (1 != EVP_CipherFinal_ex(p_evp_ctx, &output[written], &outlen)) + { + SEC_LOG_ERROR("EVP_CipherFinal failed"); + return std::vector(); + } + written += outlen; + + output.resize(written); + + return output; +} + +std::vector opensslAesEcb( + std::vector openssl_key, Sec_CipherMode mode, SEC_BOOL padding, + SEC_BYTE *iv, const std::vector& input) { + std::vector output; + const EVP_CIPHER *evp_cipher; + + if (openssl_key.size() == 16) { + evp_cipher = (EVP_CIPHER *) EVP_aes_128_ecb(); + } else { + evp_cipher = (EVP_CIPHER *) EVP_aes_256_ecb(); + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX evp_ctx; + EVP_CIPHER_CTX_init(&evp_ctx); + EVP_CIPHER_CTX *p_evp_ctx = &evp_ctx; +#else + EVP_CIPHER_CTX *p_evp_ctx = EVP_CIPHER_CTX_new(); +#endif + + if (1 != EVP_CipherInit_ex(p_evp_ctx, evp_cipher, NULL, + NULL, NULL, (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) + { + SEC_LOG_ERROR("EVP_CipherInit failed"); + return std::vector(); + } + + if (1 != EVP_CIPHER_CTX_set_padding(p_evp_ctx, padding)) + { + SEC_LOG_ERROR("EVP_CIPHER_CTX_set_padding failed"); + return std::vector(); + } + + if (1 != EVP_CipherInit_ex(p_evp_ctx, NULL, NULL, &openssl_key[0], iv, + (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) + { + SEC_LOG_ERROR("EVP_CipherInit failed"); + return std::vector(); + } + + output.resize(input.size() + SEC_AES_BLOCK_SIZE); + + SEC_SIZE written = 0; + int outlen = 0; + if (1 != EVP_CipherUpdate(p_evp_ctx, &output[0], &outlen, &input[0], input.size())) + { + SEC_LOG_ERROR("EVP_CipherUpdate failed"); + return std::vector(); + } + written += outlen; + outlen = 0; + + if (1 != EVP_CipherFinal_ex(p_evp_ctx, &output[written], &outlen)) + { + SEC_LOG_ERROR("EVP_CipherFinal failed"); + return std::vector(); + } + written += outlen; + + output.resize(written); + + return output; +} + +std::vector opensslAesEcb( + TestKey key, Sec_CipherMode mode, SEC_BOOL padding, + SEC_BYTE *iv, const std::vector& input) { + std::vector output; + std::vector openssl_key = TestCreds::asOpenSslAes(key); + const EVP_CIPHER *evp_cipher; + + if (openssl_key.size() == 16) { + evp_cipher = (EVP_CIPHER *) EVP_aes_128_ecb(); + } else { + evp_cipher = (EVP_CIPHER *) EVP_aes_256_ecb(); + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX evp_ctx; + EVP_CIPHER_CTX_init(&evp_ctx); + EVP_CIPHER_CTX *p_evp_ctx = &evp_ctx; +#else + EVP_CIPHER_CTX *p_evp_ctx = EVP_CIPHER_CTX_new(); +#endif + + if (1 != EVP_CipherInit_ex(p_evp_ctx, evp_cipher, NULL, + NULL, NULL, (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) + { + SEC_LOG_ERROR("EVP_CipherInit failed"); + return std::vector(); + } + + if (1 != EVP_CIPHER_CTX_set_padding(p_evp_ctx, padding)) + { + SEC_LOG_ERROR("EVP_CIPHER_CTX_set_padding failed"); + return std::vector(); + } + + if (1 != EVP_CipherInit_ex(p_evp_ctx, NULL, NULL, &openssl_key[0], iv, + (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) + { + SEC_LOG_ERROR("EVP_CipherInit failed"); + return std::vector(); + } + + output.resize(input.size() + SEC_AES_BLOCK_SIZE); + + SEC_SIZE written = 0; + int outlen = 0; + if (1 != EVP_CipherUpdate(p_evp_ctx, &output[0], &outlen, &input[0], input.size())) + { + SEC_LOG_ERROR("EVP_CipherUpdate failed"); + return std::vector(); + } + written += outlen; + outlen = 0; + + if (1 != EVP_CipherFinal_ex(p_evp_ctx, &output[written], &outlen)) + { + SEC_LOG_ERROR("EVP_CipherFinal failed"); + return std::vector(); + } + written += outlen; + + output.resize(written); + + return output; +} + +static size_t bytesToProcessToRollover(uint64_t ctr, size_t inputLen) { + uint64_t maxBlocksToProcess = (ctr == 0) ? UINT64_MAX : (UINT64_MAX - ctr + 1); + uint64_t inputBlocks = inputLen/SEC_AES_BLOCK_SIZE + (inputLen%SEC_AES_BLOCK_SIZE > 0) ? 1 : 0; + uint64_t blocksToProcess = SEC_MIN(inputBlocks, maxBlocksToProcess); + + return SEC_MIN(inputLen, (size_t) blocksToProcess * SEC_AES_BLOCK_SIZE); +} + +static std::vector opensslAesCtr( + TestKey key, Sec_CipherMode mode, + SEC_BYTE *iv, const std::vector& input) { + + //store nonce + SEC_BYTE nonce[8]; + memcpy(nonce, iv, 8); + + SEC_BYTE ivToUse[SEC_AES_BLOCK_SIZE]; + memcpy(ivToUse, iv, SEC_AES_BLOCK_SIZE); + + std::vector output; + output.resize(input.size()); + + std::vector openssl_key = TestCreds::asOpenSslAes(key); + + EVP_CIPHER_CTX *evp_ctx = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_init(evp_ctx); + + uint64_t ctr = Sec_BEBytesToUint64(&ivToUse[8]); + size_t idx = 0; + while (size_t bytesToProcess = bytesToProcessToRollover(ctr, input.size() - idx)) { + if (1 != EVP_CipherInit_ex(evp_ctx, (openssl_key.size() == 16) ? EVP_aes_128_ctr() : EVP_aes_256_ctr(), NULL, + &openssl_key[0], ivToUse, (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) { + SEC_LOG_ERROR("EVP_CipherInit_ex failed"); + return std::vector(); + } + + int out_len = bytesToProcess; + if (1 != EVP_CipherUpdate(evp_ctx, &output[idx], &out_len, &input[idx], bytesToProcess)) { + SEC_LOG_ERROR("EVP_CipherUpdate failed"); + return std::vector(); + } + + if (1 != EVP_CipherFinal_ex(evp_ctx, &output[output.size()], &out_len)) { + SEC_LOG_ERROR("EVP_CipherFinal failed"); + return std::vector(); + } + + //increment ctr + size_t blocksProcessed = bytesToProcess/SEC_AES_BLOCK_SIZE; + ctr += blocksProcessed; + idx += bytesToProcess; + + //set the new iv + memcpy(ivToUse, nonce, 8); + Sec_Uint64ToBEBytes(ctr, &ivToUse[8]); + + } + + return output; +} + +static std::vector opensslRsaCrypt( + TestKey key, Sec_CipherAlgorithm algorithm, Sec_CipherMode mode, + const std::vector& input) { + + RSA *rsa = TestCreds::asOpenSslRsa(key); + if (rsa == NULL) { + SEC_LOG_ERROR("TestCreds::asOpenSslRsa failed"); + return std::vector(); + } + + int padding; + if (algorithm == SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING) { + padding = RSA_PKCS1_PADDING; + } else { + padding = RSA_PKCS1_OAEP_PADDING; + } + + int openssl_res; + std::vector output; + output.resize(RSA_size(rsa)); + + if (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) { + openssl_res = RSA_public_encrypt(input.size(), &input[0], &output[0], + rsa, padding); + } else { + openssl_res = RSA_private_decrypt(input.size(), &input[0], &output[0], + rsa, padding); + } + + SEC_RSA_FREE(rsa); + + if (openssl_res < 0) + { + SEC_LOG_ERROR("%s", ERR_error_string(ERR_get_error(), NULL)); + return std::vector(); + } + + output.resize(openssl_res); + + return output; +} + +std::vector cipherOpenSSL( + TestKey key, Sec_CipherAlgorithm alg, Sec_CipherMode mode, + SEC_BYTE *iv, const std::vector& input) { + + switch (alg) { + case SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING: + case SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING: + return opensslAesCbc(key, mode, alg == SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, iv, input); + + case SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING: + case SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING: + return opensslAesEcb(key, mode, alg == SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, iv, input); + + case SEC_CIPHERALGORITHM_AES_CTR: + return opensslAesCtr(key, mode, iv, input); + + case SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING: + case SEC_CIPHERALGORITHM_RSA_OAEP_PADDING: + return opensslRsaCrypt(key, alg, mode, input); + + default: + break; + } + + SEC_LOG_ERROR("Unimplemented"); + return std::vector(); +} + +std::vector cipherSecApi(TestCtx *ctx, Sec_KeyHandle *key_handle, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, + const std::vector& iv, + const std::vector& input, + const std::vector& inputSizes, + SEC_BOOL inplace) { + + std::vector output = input; + output.resize(input.size() + 4096); + + SEC_SIZE inputProcessed = 0; + SEC_SIZE outputWritten = 0; + SEC_SIZE written = 0; + + Sec_CipherHandle *cipher = ctx->acquireCipher(alg, mode, key_handle, (SEC_BYTE *) &iv[0]); + if (cipher == NULL) { + SEC_LOG_ERROR("TestCtx::acquireCipher failed"); + return std::vector(); + } + + for (unsigned int i=0; i 0) { + if (SEC_RESULT_SUCCESS != SecCipher_Process(cipher, + inplace ? ((SEC_BYTE *) &output[inputProcessed]) : ((SEC_BYTE *) &input[inputProcessed]), + inputSizes[i], SEC_FALSE, (SEC_BYTE *) &output[outputWritten], output.size() - outputWritten, + &written)) { + SEC_LOG_ERROR("SecCipher_Process failed"); + return std::vector(); + } + + outputWritten += written; + } + + inputProcessed += inputSizes[i]; + } + + //last input + if (SEC_RESULT_SUCCESS != SecCipher_Process(cipher, + inplace ? (SEC_BYTE *) &output[inputProcessed] : (SEC_BYTE *) &input[inputProcessed], + input.size() - inputProcessed, SEC_TRUE, (SEC_BYTE *) &output[outputWritten], output.size() - outputWritten, + &written)) { + SEC_LOG_ERROR("SecCipher_Process failed"); + return std::vector(); + } + + outputWritten += written; + + output.resize(outputWritten); + + ctx->releaseCipher(cipher); + + return output; +} + +std::vector cipherSecApiSingle(TestCtx *ctx, Sec_KeyHandle *key_handle, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, + const std::vector& iv, + const std::vector& input, + SEC_BOOL inplace) { + + std::vector output = input; + output.resize(input.size() + 4096); + + SEC_SIZE written = 0; + + Sec_CipherHandle *cipher = ctx->acquireCipher(alg, mode, key_handle, (SEC_BYTE *) &iv[0]); + if (cipher == NULL) { + SEC_LOG_ERROR("TestCtx::acquireCipher failed"); + return std::vector(); + } + + if (SEC_RESULT_SUCCESS != SecCipher_Process(cipher, + inplace ? ((SEC_BYTE *) &output[0]) : ((SEC_BYTE *) &input[0]), + input.size(), SEC_TRUE, (SEC_BYTE *) &output[0], output.size(), + &written)) { + SEC_LOG_ERROR("SecCipher_Process failed"); + return std::vector(); + } + + output.resize(written); + + ctx->releaseCipher(cipher); + + return output; +} + +std::vector cipherSecApiSingle(TestCtx *ctx, Sec_CipherHandle *cipher_handle, const std::vector& iv, + const std::vector& input, SEC_BOOL inplace) { + + std::vector output = input; + output.resize(input.size() + 4096); + + SEC_SIZE written = 0; + + if (iv.size() > 0) { + if (SEC_RESULT_SUCCESS != SecCipher_UpdateIV(cipher_handle, (SEC_BYTE *) &iv[0])) { + SEC_LOG_ERROR("SecCipher_UpdateIV failed"); + return std::vector(); + } + } + + if (SEC_RESULT_SUCCESS != SecCipher_Process(cipher_handle, + inplace ? ((SEC_BYTE *) &output[0]) : ((SEC_BYTE *) &input[0]), + input.size(), SEC_FALSE, (SEC_BYTE *) &output[0], output.size(), + &written)) { + SEC_LOG_ERROR("SecCipher_Process failed"); + return std::vector(); + } + + output.resize(written); + + return output; +} + +Sec_Result testCipherSingle( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace) { + + std::vector inputSizes; + inputSizes.resize(1); + inputSizes[0] = inputSize; + + return testCipherMult(id, key, kc, loc, alg, mode, inputSizes, inplace); +} + +Sec_Result testCtrRollover( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace) { + + std::vector inputSizes; + inputSizes.resize(3); + inputSizes[0] = 16; + inputSize -= inputSizes[0]; + inputSizes[1] = 16; + inputSize -= inputSizes[1]; + inputSizes[2] = inputSize; + + return testCipherMult(id, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, mode, inputSizes, inplace, SEC_TRUE); +} + +Sec_Result testCipherSingle( + SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace) { + + std::vector inputSizes; + inputSizes.resize(1); + inputSizes[0] = inputSize; + + return testCipherMult(id, pub, priv, kc, loc, alg, mode, inputSizes, inplace); +} + +Sec_Result testCipherMult( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, const std::vector& inputSizes, SEC_BOOL inplace, SEC_BOOL testRolloverCtr) { + + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = NULL; + if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + std::vector openssl_key = TestCreds::asOpenSslAes(key); + TestCtx::printHex("key", openssl_key); + + //gen iv + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + if (alg == SEC_CIPHERALGORITHM_AES_CTR && testRolloverCtr) { + //set iv to rollover + memset(&iv[8], 0xff, 8); + } + + TestCtx::printHex("iv", iv); + + //mode + SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); + + //gen clear input + std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); + TestCtx::printHex("clear", clear); + + //encrypt + std::vector encrypted; + if (testEncrypt) { + encrypted = cipherSecApi(&ctx, handle, alg, SEC_CIPHERMODE_ENCRYPT, iv, clear, inputSizes, inplace); + } else { + //use openssl to encrypt + encrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_ENCRYPT, &iv[0], clear); + } + + TestCtx::printHex("encrypted", encrypted); + + //decrypt + std::vector decrypted; + if (testEncrypt) { + //use openssl to decrypt + decrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_DECRYPT, &iv[0], encrypted); + } else { + //use sec api to decrypt + decrypted = cipherSecApi(&ctx, handle, alg, SEC_CIPHERMODE_DECRYPT, iv, encrypted, inputSizes, inplace); + } + + TestCtx::printHex("decrypted", decrypted); + + //check if results match + if (clear != decrypted) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testCipherMult( + SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, const std::vector& inputSizes, SEC_BOOL inplace) { + + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + //mode + SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); + + Sec_KeyHandle *keyHandle = NULL; + if (testEncrypt) { + if (NULL == (keyHandle = ctx.provisionKey(id, loc, pub, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (NULL == (keyHandle = ctx.provisionKey(id, loc, priv, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + } + + //gen iv + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + TestCtx::printHex("iv", iv); + + //gen clear input + std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); + TestCtx::printHex("clear", clear); + + //encrypt + std::vector encrypted; + if (testEncrypt) { + encrypted = cipherSecApi(&ctx, keyHandle, alg, SEC_CIPHERMODE_ENCRYPT, iv, clear, inputSizes, inplace); + } else { + //use openssl to encrypt + encrypted = cipherOpenSSL(pub, alg, SEC_CIPHERMODE_ENCRYPT, &iv[0], clear); + } + + TestCtx::printHex("encrypted", encrypted); + + //decrypt + std::vector decrypted; + if (testEncrypt) { + //use openssl to decrypt + decrypted = cipherOpenSSL(priv, alg, SEC_CIPHERMODE_DECRYPT, &iv[0], encrypted); + } else { + //use sec api to decrypt + decrypted = cipherSecApi(&ctx, keyHandle, alg, SEC_CIPHERMODE_DECRYPT, iv, encrypted, inputSizes, inplace); + } + + TestCtx::printHex("decrypted", decrypted); + + //check if results match + if (clear != decrypted) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result cipherEncDecSingle(TestCtx *ctx, SEC_OBJECTID id, + Sec_CipherAlgorithm alg, SEC_SIZE inputSize, SEC_BOOL inplace) { + + std::vector inputSizes; + inputSizes.resize(1); + inputSizes[0] = inputSize; + + Sec_Result res = cipherEncDecMult(ctx, id, alg, inputSizes, inplace); + if (res != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("cipherEncDecMult failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result cipherEncDecSingle(TestCtx *ctx, SEC_OBJECTID id_pub, SEC_OBJECTID id_priv, + Sec_CipherAlgorithm alg, SEC_SIZE inputSize, SEC_BOOL inplace) { + + std::vector inputSizes; + inputSizes.resize(1); + inputSizes[0] = inputSize; + + Sec_Result res = cipherEncDecMult(ctx, id_pub, id_priv, alg, inputSizes, inplace); + if (res != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("cipherEncDecMult failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result cipherEncDecMult(TestCtx *ctx, + SEC_OBJECTID id, Sec_CipherAlgorithm alg, const std::vector& inputSizes, SEC_BOOL inplace) { + + //gen iv + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + TestCtx::printHex("iv", iv); + + //gen clear input + std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); + TestCtx::printHex("clear", clear); + + //encrypt + std::vector encrypted = cipherSecApi(ctx, ctx->getKey(id), alg, SEC_CIPHERMODE_ENCRYPT, iv, clear, inputSizes, inplace); + if (encrypted.size() == 0) { + SEC_LOG_ERROR("cipherSecApi failed"); + return SEC_RESULT_FAILURE; + } + TestCtx::printHex("encrypted", encrypted); + + //decrypt + std::vector decrypted = cipherSecApi(ctx, ctx->getKey(id), alg, SEC_CIPHERMODE_DECRYPT, iv, encrypted, inputSizes, inplace); + if (decrypted.size() == 0) { + SEC_LOG_ERROR("cipherSecApi failed"); + return SEC_RESULT_FAILURE; + } + + TestCtx::printHex("decrypted", decrypted); + + //check if results match + if (clear != decrypted) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result cipherEncDecMult(TestCtx *ctx, + SEC_OBJECTID id_pub, SEC_OBJECTID id_priv, Sec_CipherAlgorithm alg, const std::vector& inputSizes, SEC_BOOL inplace) { + + //gen clear input + std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); + TestCtx::printHex("clear", clear); + + //encrypt + std::vector encrypted = cipherSecApi(ctx, ctx->getKey(id_pub), alg, SEC_CIPHERMODE_ENCRYPT, std::vector(), clear, inputSizes, inplace); + if (encrypted.size() == 0) { + SEC_LOG_ERROR("cipherSecApi failed"); + return SEC_RESULT_FAILURE; + } + + TestCtx::printHex("encrypted", encrypted); + + //decrypt + std::vector decrypted = cipherSecApi(ctx, ctx->getKey(id_priv), alg, SEC_CIPHERMODE_DECRYPT, std::vector(), encrypted, inputSizes, inplace); + if (decrypted.size() == 0) { + SEC_LOG_ERROR("cipherSecApi failed"); + return SEC_RESULT_FAILURE; + } + + TestCtx::printHex("decrypted", decrypted); + + //check if results match + if (clear != decrypted) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testCipherBandwidth( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_SIZE intervalS) { + + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = NULL; + if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + //gen iv + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + TestCtx::printHex("iv", iv); + + //mode + SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); + + //gen clear input + std::vector clear = TestCtx::random(inputSize); + TestCtx::printHex("clear", clear); + + //encrypt + std::vector encrypted; + time_t start_t = 0; + time_t end_t = 0; + int loops = 0; + if (testEncrypt) { + start_t = time(NULL); + end_t = start_t; + + while ((end_t - start_t) < (int) intervalS) { + encrypted = cipherSecApiSingle(&ctx, handle, alg, SEC_CIPHERMODE_ENCRYPT, iv, clear, SEC_FALSE); + ++loops; + end_t = time(NULL); + } + } else { + //use openssl to encrypt + encrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_ENCRYPT, &iv[0], clear); + } + + TestCtx::printHex("encrypted", encrypted); + + //decrypt + std::vector decrypted; + if (testEncrypt) { + //use openssl to decrypt + decrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_DECRYPT, &iv[0], encrypted); + } else { + start_t = time(NULL); + end_t = start_t; + + while ((end_t - start_t) < (int) intervalS) { + decrypted = cipherSecApiSingle(&ctx, handle, alg, SEC_CIPHERMODE_DECRYPT, iv, encrypted, SEC_FALSE); + ++loops; + end_t = time(NULL); + } + } + + TestCtx::printHex("decrypted", decrypted); + + //check if results match + if (clear != decrypted) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + //print timing data + SEC_PRINT("Data processed: %d MB\n", (inputSize * loops) / (1024 * 1024)); + SEC_PRINT("Time elapsed: %d s\n", end_t - start_t); + if (end_t != start_t) { + SEC_PRINT("Bandwidth: %d MB/s\n", + ((inputSize * loops) / (1024 * 1024)) / (end_t - start_t)); + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testCipherBandwidthSingleCipher( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_SIZE intervalS) { + + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = NULL; + if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + //gen iv + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + TestCtx::printHex("iv", iv); + + //mode + SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); + + //gen clear input + std::vector clear = TestCtx::random(inputSize); + TestCtx::printHex("clear", clear); + + //encrypt + std::vector encrypted; + time_t start_t = 0; + time_t end_t = 0; + int loops = 0; + if (testEncrypt) { + start_t = time(NULL); + end_t = start_t; + + Sec_CipherHandle *cipher = ctx.acquireCipher(alg, mode, handle, (SEC_BYTE *) &iv[0]); + if (cipher == NULL) { + SEC_LOG_ERROR("TestCtx::acquireCipher failed"); + return SEC_RESULT_FAILURE; + } + + while ((end_t - start_t) < (int) intervalS) { + encrypted = cipherSecApiSingle(&ctx, cipher, iv, clear, SEC_FALSE); + ++loops; + end_t = time(NULL); + } + } else { + //use openssl to encrypt + encrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_ENCRYPT, &iv[0], clear); + } + + //decrypt + std::vector decrypted; + if (testEncrypt) { + //use openssl to decrypt + decrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_DECRYPT, &iv[0], encrypted); + } else { + start_t = time(NULL); + end_t = start_t; + + Sec_CipherHandle *cipher = ctx.acquireCipher(alg, mode, handle, (SEC_BYTE *) &iv[0]); + if (cipher == NULL) { + SEC_LOG_ERROR("TestCtx::acquireCipher failed"); + return SEC_RESULT_FAILURE; + } + + while ((end_t - start_t) < (int) intervalS) { + decrypted = cipherSecApiSingle(&ctx, cipher, iv, encrypted, SEC_FALSE); + ++loops; + end_t = time(NULL); + } + } + + //print timing data + SEC_PRINT("Data processed: %d MB\n", (inputSize * loops) / (1024 * 1024)); + SEC_PRINT("Time elapsed: %d s\n", end_t - start_t); + if (end_t != start_t) { + SEC_PRINT("Bandwidth: %d MB/s\n", + ((inputSize * loops) / (1024 * 1024)) / (end_t - start_t)); + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testCipherUpdateIV( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace) { + + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = NULL; + if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + //gen ivs + std::vector iv1 = TestCtx::random(SEC_AES_BLOCK_SIZE); + TestCtx::printHex("iv1", iv1); + std::vector iv2 = TestCtx::random(SEC_AES_BLOCK_SIZE); + TestCtx::printHex("iv2", iv2); + + //mode + SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); + + //gen clear input + std::vector clear = TestCtx::random(inputSize); + TestCtx::printHex("clear", clear); + + //encrypt + std::vector encrypted1; + std::vector encrypted2; + if (testEncrypt) { + Sec_CipherHandle *cipher = ctx.acquireCipher(alg, SEC_CIPHERMODE_ENCRYPT, handle, (SEC_BYTE *) &iv1[0]); + if (cipher == NULL) { + SEC_LOG_ERROR("TestCtx::acquireCipher failed"); + return SEC_RESULT_FAILURE; + } + + encrypted1 = cipherSecApiSingle(&ctx, cipher, iv1, clear, SEC_FALSE); + if (encrypted1.size() == 0) { + SEC_LOG_ERROR("cipherSecApiSingle failed"); + return SEC_RESULT_FAILURE; + } + encrypted2 = cipherSecApiSingle(&ctx, cipher, iv2, clear, SEC_FALSE); + if (encrypted2.size() == 0) { + SEC_LOG_ERROR("cipherSecApiSingle failed"); + return SEC_RESULT_FAILURE; + } + } else { + //use openssl to encrypt + encrypted1 = cipherOpenSSL(key, alg, SEC_CIPHERMODE_ENCRYPT, &iv1[0], clear); + if (encrypted1.size() == 0) { + SEC_LOG_ERROR("cipherOpenSSL failed"); + return SEC_RESULT_FAILURE; + } + encrypted2 = cipherOpenSSL(key, alg, SEC_CIPHERMODE_ENCRYPT, &iv2[0], clear); + if (encrypted2.size() == 0) { + SEC_LOG_ERROR("cipherOpenSSL failed"); + return SEC_RESULT_FAILURE; + } + } + + TestCtx::printHex("encrypted1", encrypted1); + TestCtx::printHex("encrypted2", encrypted2); + + //decrypt + std::vector decrypted1; + std::vector decrypted2; + if (testEncrypt) { + //use openssl to decrypt + decrypted1 = cipherOpenSSL(key, alg, SEC_CIPHERMODE_DECRYPT, &iv1[0], encrypted1); + if (decrypted1.size() == 0) { + SEC_LOG_ERROR("cipherOpenSSL failed"); + return SEC_RESULT_FAILURE; + } + decrypted2 = cipherOpenSSL(key, alg, SEC_CIPHERMODE_DECRYPT, &iv2[0], encrypted2); + if (decrypted2.size() == 0) { + SEC_LOG_ERROR("cipherOpenSSL failed"); + return SEC_RESULT_FAILURE; + } + } else { + //use sec api to decrypt + Sec_CipherHandle *cipher = ctx.acquireCipher(alg, SEC_CIPHERMODE_DECRYPT, handle, (SEC_BYTE *) &iv1[0]); + if (cipher == NULL) { + SEC_LOG_ERROR("TestCtx::acquireCipher failed"); + return SEC_RESULT_FAILURE; + } + + decrypted1 = cipherSecApiSingle(&ctx, cipher, iv1, encrypted1, SEC_FALSE); + if (decrypted1.size() == 0) { + SEC_LOG_ERROR("cipherSecApiSingle failed"); + return SEC_RESULT_FAILURE; + } + decrypted2 = cipherSecApiSingle(&ctx, cipher, iv2, encrypted2, SEC_FALSE); + if (decrypted2.size() == 0) { + SEC_LOG_ERROR("cipherSecApiSingle failed"); + return SEC_RESULT_FAILURE; + } + } + + TestCtx::printHex("decrypted1", decrypted1); + TestCtx::printHex("decrypted2", decrypted2); + + //check if results match + if (clear != decrypted1 || clear != decrypted2 || encrypted1 == encrypted2) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +std::vector cipherSecApiCtrSubBlock( + TestCtx *ctx, Sec_KeyHandle *key_handle, + Sec_CipherMode mode, + const std::vector& iv, + const std::vector& input, + SEC_BOOL inplace) { + + std::vector output = input; + output.resize(input.size() + 4096); + + SEC_SIZE inputProcessed = 0; + SEC_SIZE outputWritten = 0; + SEC_SIZE written = 0; + + Sec_CipherHandle *cipher = ctx->acquireCipher(SEC_CIPHERALGORITHM_AES_CTR, mode, key_handle, (SEC_BYTE *) &iv[0]); + if (cipher == NULL) { + SEC_LOG_ERROR("TestCtx::acquireCipher failed"); + return std::vector(); + } + + //calculate the offset and make sure it is not on the SEC_AES_BLOCK_SIZE boundary + SEC_SIZE split_offset = input.size() / 2; + if (split_offset % SEC_AES_BLOCK_SIZE == 0) { + split_offset -= 1; + } + + SEC_PRINT("init ctr: %d\n", Sec_BEBytesToUint64((SEC_BYTE*) &iv[8])); + uint64_t init_counter = Sec_BEBytesToUint64((SEC_BYTE*) &iv[8]); + + if (SEC_RESULT_SUCCESS != SecCipher_Process(cipher, + inplace ? ((SEC_BYTE *) &output[0]) : ((SEC_BYTE *) &input[0]), + split_offset, SEC_FALSE, (SEC_BYTE *) &output[0], output.size(), + &written)) { + SEC_LOG_ERROR("SecCipher_Process failed"); + return std::vector(); + } + + outputWritten += written; + inputProcessed += split_offset; + + //set the iv + uint64_t counter = Sec_BEBytesToUint64((SEC_BYTE*) &iv[8]); + counter = init_counter + split_offset/SEC_AES_BLOCK_SIZE; + Sec_Uint64ToBEBytes(counter, (SEC_BYTE*) &iv[8]); + + SEC_PRINT("updated ctr: %d\n", Sec_BEBytesToUint64((SEC_BYTE*) &iv[8])); + + /* TODO + if (SEC_RESULT_SUCCESS != SecCipher_UpdateIV(cipher, (SEC_BYTE*) &iv[0])) { + SEC_LOG_ERROR("SecCipher_UpdateIV failed"); + return std::vector(); + } + */ + + //last input + if (SEC_RESULT_SUCCESS != SecCipher_ProcessCtrWithDataShift(cipher, + inplace ? (SEC_BYTE *) &output[inputProcessed] : (SEC_BYTE *) &input[inputProcessed], + input.size() - inputProcessed, (SEC_BYTE *) &output[outputWritten], output.size() - outputWritten, + &written, split_offset % SEC_AES_BLOCK_SIZE)) { + SEC_LOG_ERROR("SecCipher_Process failed"); + return std::vector(); + } + + outputWritten += written; + + output.resize(outputWritten); + + ctx->releaseCipher(cipher); + + return output; +} + +Sec_Result testProcessCtrWithDataShift( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherMode mode, SEC_BOOL inplace) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = NULL; + if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + //gen iv + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + TestCtx::printHex("iv", iv); + + /* TODO + //set the counter to ff to test rollover + memset(&iv[8], 0xff, 8); + */ + + //mode + SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); + + //gen clear input + std::vector clear = TestCtx::random(SEC_AES_BLOCK_SIZE * 3); + TestCtx::printHex("clear", clear); + + //encrypt + std::vector encrypted; + std::vector ivCopy = iv; + if (testEncrypt) { + encrypted = cipherSecApiCtrSubBlock(&ctx, handle, SEC_CIPHERMODE_ENCRYPT, ivCopy, clear, inplace); + } else { + //use openssl to encrypt + encrypted = cipherOpenSSL(key, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, &ivCopy[0], clear); + } + + TestCtx::printHex("encrypted", encrypted); + TestCtx::printHex("iv", iv); + + //decrypt + std::vector decrypted; + if (testEncrypt) { + //use openssl to decrypt + decrypted = cipherOpenSSL(key, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, &iv[0], encrypted); + } else { + //use sec api to decrypt + decrypted = cipherSecApiCtrSubBlock(&ctx, handle, SEC_CIPHERMODE_DECRYPT, iv, encrypted, inplace); + } + + TestCtx::printHex("decrypted", decrypted); + + //check if results match + if (clear != decrypted) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result aesKeyCheck(Sec_ProcessorHandle *proc, SEC_OBJECTID id, SEC_BYTE *key, SEC_SIZE key_len) { + SEC_PRINT("--- aes key check ---\n"); + + std::vector clear = TestCtx::random(SEC_AES_BLOCK_SIZE); + TestCtx::printHex("clear", clear); + + std::vector cipher_secapi; + cipher_secapi.resize(SEC_AES_BLOCK_SIZE); + SEC_SIZE cipher_secapi_len; + + if (SEC_RESULT_SUCCESS != SecCipher_SingleInputId(proc, + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, id, + NULL, &clear[0], clear.size(), &cipher_secapi[0], + cipher_secapi.size(), &cipher_secapi_len)) { + SEC_LOG_ERROR("SecCipher_SingleInputId failed"); + return SEC_RESULT_FAILURE; + } + cipher_secapi.resize(cipher_secapi_len); + TestCtx::printHex("cipher_secapi", cipher_secapi); + + std::vector openssl_key = std::vector (key, key + key_len); + + std::vector cipher_ssl = opensslAesEcb( + openssl_key, SEC_CIPHERMODE_ENCRYPT, SEC_FALSE, + NULL, clear); + + TestCtx::printHex("cipher_ssl", cipher_ssl); + + SEC_PRINT("---------------------\n"); + + //check if results match + if (cipher_secapi != cipher_ssl) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/cipher.h b/test/main/cpp/cipher.h new file mode 100644 index 0000000..567d7bf --- /dev/null +++ b/test/main/cpp/cipher.h @@ -0,0 +1,80 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_CIPHER_H_ +#define TEST_CIPHER_H_ + +#include "sec_security.h" +#include "test_creds.h" + +Sec_Result testCipherSingle( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace = SEC_FALSE); + +Sec_Result testCipherSingle( + SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace = SEC_FALSE); + +Sec_Result testCipherMult( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, const std::vector& inputSizes, SEC_BOOL inplace = SEC_FALSE, SEC_BOOL testCtrRollover = SEC_FALSE); + +Sec_Result testCipherMult( + SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, const std::vector& inputSizes, SEC_BOOL inplace = SEC_FALSE); + +Sec_Result testCipherBandwidth( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_SIZE intervalS); + +Sec_Result testCipherBandwidthSingleCipher( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_SIZE intervalS); + +Sec_Result cipherEncDecSingle(TestCtx *ctx, SEC_OBJECTID id, + Sec_CipherAlgorithm alg, SEC_SIZE inputSize, SEC_BOOL inplace = SEC_FALSE); + +Sec_Result cipherEncDecMult(TestCtx *ctx, + SEC_OBJECTID id, Sec_CipherAlgorithm alg, const std::vector& inputSizes, SEC_BOOL inplace = SEC_FALSE); + +Sec_Result cipherEncDecSingle(TestCtx *ctx, SEC_OBJECTID id_pub, SEC_OBJECTID id_priv, + Sec_CipherAlgorithm alg, SEC_SIZE inputSize, SEC_BOOL inplace = SEC_FALSE); + +Sec_Result cipherEncDecMult(TestCtx *ctx, + SEC_OBJECTID id_pub, SEC_OBJECTID id_priv, + Sec_CipherAlgorithm alg, const std::vector& inputSizes, SEC_BOOL inplace = SEC_FALSE); + +Sec_Result testCipherUpdateIV( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace); + +Sec_Result testProcessCtrWithDataShift( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_CipherMode mode, SEC_BOOL inplace); + +std::vector opensslAesEcb( + TestKey key, Sec_CipherMode mode, SEC_BOOL padding, + SEC_BYTE *iv, const std::vector& input); + +Sec_Result aesKeyCheck(Sec_ProcessorHandle *proc, SEC_OBJECTID id, SEC_BYTE *key, SEC_SIZE key_len); + +Sec_Result testCtrRollover( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace); + +#endif diff --git a/test/main/cpp/concurrent.cpp b/test/main/cpp/concurrent.cpp new file mode 100644 index 0000000..6137886 --- /dev/null +++ b/test/main/cpp/concurrent.cpp @@ -0,0 +1,140 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "concurrent.h" +#include "key.h" +#include "cipher.h" +#include "pthread.h" + +struct Vendor128Args { + SEC_OBJECTID id; + + Sec_Result res; +}; + +void *concurrent_vendor128(void *arg) +{ + Vendor128Args *args = (Vendor128Args *) arg; + + args->res = testKeyDeriveKeyLadderAes128( + args->id, + SEC_KEYTYPE_AES_128, + SEC_STORAGELOC_RAM, + SEC_KEYLADDERROOT_UNIQUE, + SEC_TRUE); + + return NULL; +} + +Sec_Result testConcurrentVendor128(SEC_SIZE numThreads) { + + std::vector threads; + std::vector args; + threads.resize(numThreads); + args.resize(numThreads); + + SEC_PRINT("Spawning %d threads\n", numThreads); + for (unsigned int i=0; ires = testCipherSingle( + args->id, + args->pub, + args->priv, + args->kc, + SEC_STORAGELOC_RAM, + SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING, + SEC_CIPHERMODE_DECRYPT, + SEC_AES_BLOCK_SIZE); + + return NULL; +} + +Sec_Result testConcurrentRsa(TestKey pub, TestKey priv, TestKc kc, SEC_SIZE numThreads) { + + std::vector threads; + std::vector args; + threads.resize(numThreads); + args.resize(numThreads); + + SEC_PRINT("Spawning %d threads\n", numThreads); + for (unsigned int i=0; i + +std::vector digestOpenSSL( + Sec_DigestAlgorithm alg, const std::vector& input) { + std::vector digest; + + switch (alg) { + case SEC_DIGESTALGORITHM_SHA1: + digest.resize(20); + SHA1(&input[0], input.size(), &digest[0]); + return digest; + + case SEC_DIGESTALGORITHM_SHA256: + digest.resize(32); + SHA256(&input[0], input.size(), &digest[0]); + return digest; + + default: + break; + } + + SEC_LOG_ERROR("Unimplemented"); + return std::vector(); +} + +std::vector digestSecApi(TestCtx *ctx, + Sec_DigestAlgorithm alg, + const std::vector& input, + const std::vector& inputSizes) { + + std::vector output; + output.resize(SEC_DIGEST_MAX_LEN);; + + SEC_SIZE inputProcessed = 0; + SEC_SIZE written = 0; + + Sec_DigestHandle *digest = ctx->acquireDigest(alg); + if (digest == NULL) { + SEC_LOG_ERROR("TestCtx::acquireDigest failed"); + return std::vector(); + } + + for (unsigned int i=0; i 0) { + if (SEC_RESULT_SUCCESS != SecDigest_Update(digest, (SEC_BYTE *) &input[inputProcessed], + inputSizes[i])) { + SEC_LOG_ERROR("SecDigest_Update failed"); + return std::vector(); + } + } + + inputProcessed += inputSizes[i]; + } + + //last input + if (SEC_RESULT_SUCCESS != ctx->releaseDigest(digest, &output[0], &written)) { + SEC_LOG_ERROR("SecCipher_Process failed"); + return std::vector(); + } + + output.resize(written); + + return output; +} + +std::vector digestSecApi(TestCtx *ctx, + Sec_DigestAlgorithm alg, Sec_KeyHandle *key) { + + std::vector output; + output.resize(SEC_DIGEST_MAX_LEN);; + + SEC_SIZE written = 0; + + Sec_DigestHandle *digest = ctx->acquireDigest(alg); + if (digest == NULL) { + SEC_LOG_ERROR("TestCtx::acquireDigest failed"); + return std::vector(); + } + + if (SEC_RESULT_SUCCESS != SecDigest_UpdateWithKey(digest, key)) { + SEC_LOG_ERROR("SecDigest_Update failed"); + return std::vector(); + } + + if (SEC_RESULT_SUCCESS != ctx->releaseDigest(digest, &output[0], &written)) { + SEC_LOG_ERROR("SecCipher_Process failed"); + return std::vector(); + } + + output.resize(written); + + return output; +} + +Sec_Result testDigestOverKey(Sec_DigestAlgorithm alg, SEC_OBJECTID id, TestKey key, Sec_StorageLoc loc) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *keyHandle = NULL; + + if (TestCreds::supports(CAPABILITY_DIGEST_OVER_HWKEY)) { + if (NULL == (keyHandle = ctx.provisionKey(id, loc, key, TESTKC_RAW))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (NULL == (keyHandle = ctx.provisionKey(id, loc, key, TESTKC_RAW, SEC_TRUE))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + } + + //gen clear input + std::vector clear = TestCreds::asOpenSslAes(key); + TestCtx::printHex("key", clear); + + //digest + std::vector digestSA = digestSecApi(&ctx, alg, keyHandle); + TestCtx::printHex("digestSecApi", digestSA); + + std::vector digestOS = digestOpenSSL(alg, clear); + TestCtx::printHex("digestOpenssl", digestOS); + + //check if results match + if (digestSA != digestOS) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testDigestSingle( + Sec_DigestAlgorithm alg, SEC_SIZE inputSize) { + std::vector inputSizes; + inputSizes.resize(1); + inputSizes[0] = inputSize; + + return testDigestMult(alg, inputSizes); +} + +Sec_Result testDigestMult( + Sec_DigestAlgorithm alg, const std::vector& inputSizes) { + + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + //gen clear input + std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); + TestCtx::printHex("clear", clear); + + //digest + std::vector digestSA = digestSecApi(&ctx, alg, clear, inputSizes); + TestCtx::printHex("digestSecApi", digestSA); + + std::vector digestOS = digestOpenSSL(alg, clear); + TestCtx::printHex("digestOpenssl", digestOS); + + //check if results match + if (digestSA != digestOS) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/digest.h b/test/main/cpp/digest.h new file mode 100644 index 0000000..76a2ebb --- /dev/null +++ b/test/main/cpp/digest.h @@ -0,0 +1,38 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_DIGEST_H_ +#define TEST_DIGEST_H_ + +#include "sec_security.h" +#include "test_creds.h" +#include + +Sec_Result testDigestSingle( + Sec_DigestAlgorithm alg, SEC_SIZE inputSize); + +Sec_Result testDigestMult( + Sec_DigestAlgorithm alg, const std::vector& inputSizes); + +Sec_Result testDigestOverKey(Sec_DigestAlgorithm alg, SEC_OBJECTID id, TestKey key, Sec_StorageLoc loc); + +std::vector digestOpenSSL( + Sec_DigestAlgorithm alg, const std::vector& input); + +#endif diff --git a/test/main/cpp/exchange.cpp b/test/main/cpp/exchange.cpp new file mode 100644 index 0000000..72e4dbc --- /dev/null +++ b/test/main/cpp/exchange.cpp @@ -0,0 +1,505 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "exchange.h" +#include "test_ctx.h" +#include "sec_security_utils.h" +#include "cipher.h" +#include "mac.h" +#include +#include +#include +#include + +static SEC_BYTE g_dh_p[] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc9, 0x0f, 0xda, 0xa2, + 0x21, 0x68, 0xc2, 0x34, 0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1, + 0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74, 0x02, 0x0b, 0xbe, 0xa6, + 0x3b, 0x13, 0x9b, 0x22, 0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd, + 0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b, 0x30, 0x2b, 0x0a, 0x6d, + 0xf2, 0x5f, 0x14, 0x37, 0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45, + 0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6, 0xf4, 0x4c, 0x42, 0xe9, + 0xa6, 0x37, 0xed, 0x6b, 0x0b, 0xff, 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed, + 0xee, 0x38, 0x6b, 0xfb, 0x5a, 0x89, 0x9f, 0xa5, 0xae, 0x9f, 0x24, 0x11, + 0x7c, 0x4b, 0x1f, 0xe6, 0x49, 0x28, 0x66, 0x51, 0xec, 0xe4, 0x5b, 0x3d, + 0xc2, 0x00, 0x7c, 0xb8, 0xa1, 0x63, 0xbf, 0x05, 0x98, 0xda, 0x48, 0x36, + 0x1c, 0x55, 0xd3, 0x9a, 0x69, 0x16, 0x3f, 0xa8, 0xfd, 0x24, 0xcf, 0x5f, + 0x83, 0x65, 0x5d, 0x23, 0xdc, 0xa3, 0xad, 0x96, 0x1c, 0x62, 0xf3, 0x56, + 0x20, 0x85, 0x52, 0xbb, 0x9e, 0xd5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6d, + 0x67, 0x0c, 0x35, 0x4e, 0x4a, 0xbc, 0x98, 0x04, 0xf1, 0x74, 0x6c, 0x08, + 0xca, 0x18, 0x21, 0x7c, 0x32, 0x90, 0x5e, 0x46, 0x2e, 0x36, 0xce, 0x3b, + 0xe3, 0x9e, 0x77, 0x2c, 0x18, 0x0e, 0x86, 0x03, 0x9b, 0x27, 0x83, 0xa2, + 0xec, 0x07, 0xa2, 0x8f, 0xb5, 0xc5, 0x5d, 0xf0, 0x6f, 0x4c, 0x52, 0xc9, + 0xde, 0x2b, 0xcb, 0xf6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7c, + 0xea, 0x95, 0x6a, 0xe5, 0x15, 0xd2, 0x26, 0x18, 0x98, 0xfa, 0x05, 0x10, + 0x15, 0x72, 0x8e, 0x5a, 0x8a, 0xaa, 0xc4, 0x2d, 0xad, 0x33, 0x17, 0x0d, + 0x04, 0x50, 0x7a, 0x33, 0xa8, 0x55, 0x21, 0xab, 0xdf, 0x1c, 0xba, 0x64, + 0xec, 0xfb, 0x85, 0x04, 0x58, 0xdb, 0xef, 0x0a, 0x8a, 0xea, 0x71, 0x57, + 0x5d, 0x06, 0x0c, 0x7d, 0xb3, 0x97, 0x0f, 0x85, 0xa6, 0xe1, 0xe4, 0xc7, + 0xab, 0xf5, 0xae, 0x8c, 0xdb, 0x09, 0x33, 0xd7, 0x1e, 0x8c, 0x94, 0xe0, + 0x4a, 0x25, 0x61, 0x9d, 0xce, 0xe3, 0xd2, 0x26, 0x1a, 0xd2, 0xee, 0x6b, + 0xf1, 0x2f, 0xfa, 0x06, 0xd9, 0x8a, 0x08, 0x64, 0xd8, 0x76, 0x02, 0x73, + 0x3e, 0xc8, 0x6a, 0x64, 0x52, 0x1f, 0x2b, 0x18, 0x17, 0x7b, 0x20, 0x0c, + 0xbb, 0xe1, 0x17, 0x57, 0x7a, 0x61, 0x5d, 0x6c, 0x77, 0x09, 0x88, 0xc0, + 0xba, 0xd9, 0x46, 0xe2, 0x08, 0xe2, 0x4f, 0xa0, 0x74, 0xe5, 0xab, 0x31, + 0x43, 0xdb, 0x5b, 0xfc, 0xe0, 0xfd, 0x10, 0x8e, 0x4b, 0x82, 0xd1, 0x20, + 0xa9, 0x3a, 0xd2, 0xca, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff +}; + +static SEC_BYTE g_dh_g[] = { + 0x02, +}; + +static EC_KEY *_ECCFromPubBinary(Sec_ECCRawPublicKey *binary) +{ + BN_CTX *ctx = BN_CTX_new(); + + if ( binary->type != SEC_KEYTYPE_ECC_NISTP256_PUBLIC + && binary->type != SEC_KEYTYPE_ECC_NISTP256) + return NULL; + + EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); //create ec_key structure with NIST p256 curve; + const EC_GROUP *group = EC_KEY_get0_group(ec_key); + EC_POINT *ec_point = EC_POINT_new(group); + BN_CTX_start(ctx); + BIGNUM *xp, *yp; + + if (((xp = BN_CTX_get(ctx)) == NULL) || ((yp = BN_CTX_get(ctx)) == NULL)) + goto done; + + EC_POINT_set_affine_coordinates_GFp(group, ec_point, + BN_bin2bn(binary->x, Sec_BEBytesToUint32(binary->key_len), xp), + BN_bin2bn(binary->y, Sec_BEBytesToUint32(binary->key_len), yp), ctx); + EC_KEY_set_public_key(ec_key, ec_point); + +done: + EC_POINT_free(ec_point); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return ec_key; +} + +static Sec_KeyType _GroupToKeyType(const EC_GROUP *group) +{ + if (NULL == group) + return SEC_KEYTYPE_NUM; + switch (EC_GROUP_get_curve_name(group)) + { + case NID_X9_62_prime256v1: + return SEC_KEYTYPE_ECC_NISTP256_PUBLIC; + case 0: + default: + return SEC_KEYTYPE_NUM; + } +} + +static Sec_Result _BigNumToBuffer(const BIGNUM *bignum, SEC_BYTE *buffer, SEC_SIZE buffer_len) +{ + SEC_SIZE num_bytes; + + memset(buffer, 0, buffer_len); + num_bytes = BN_num_bytes(bignum); + + if (num_bytes > buffer_len) { + SEC_LOG_ERROR("buffer not large enough. needed: %d, actual: %d", num_bytes, buffer_len); + return SEC_RESULT_FAILURE; + } + + BN_bn2bin(bignum, buffer + buffer_len - num_bytes); + + return SEC_RESULT_SUCCESS; +} + +static Sec_Result _Extract_EC_KEY_X_Y(const EC_KEY *ec_key, BIGNUM **xp, BIGNUM **yp, Sec_KeyType *keyTypep) +{ + const EC_GROUP *group = NULL; + const EC_POINT *ec_point = NULL; + BN_CTX *ctx = NULL; + Sec_Result res = SEC_RESULT_FAILURE; + + if (NULL == xp) + { + SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: X cannot be NULL"); + goto error; + } + + group = EC_KEY_get0_group(ec_key); + if (NULL == group) + { + SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_KEY_get0_group: %s", ERR_error_string(ERR_get_error(), NULL)); + goto error; + } + + ec_point = EC_KEY_get0_public_key(ec_key); + if (NULL == ec_point) + { + SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_KEY_get0_public_key: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto error; + } + + ctx = BN_CTX_new(); + if (NULL == ctx) + { + SEC_LOG_ERROR("BN_CTX_new() failed"); + goto error; + } + + *xp = BN_new(); + if (NULL == *xp) + { + SEC_LOG_ERROR("BN_new() failed"); + goto error; + } + + if (NULL != yp) { // if caller wants y coordinate returned + *yp = BN_new(); + if (NULL == *yp) + { + SEC_LOG_ERROR("BN_new() failed"); + goto error; + } + } + + if (NULL != keyTypep) // if caller wants key type returned + { + *keyTypep = _GroupToKeyType(group); + } + + // Get the X coordinate and optionally the Y coordinate + if (EC_POINT_get_affine_coordinates_GFp(group, ec_point, + *xp, + yp != NULL ? *yp : NULL, + ctx) != 1) + { + BN_clear_free(*xp); + if (NULL != yp) + BN_clear_free(*yp); + SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_POINT_get_affine_coordinates_GFp: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto error; + } + + res = SEC_RESULT_SUCCESS; + // continue into "error" + +error: + if (NULL != ctx) + BN_CTX_free(ctx); + + return res; +} + +static Sec_Result _ECCToPubBinary(EC_KEY *ec_key, Sec_ECCRawPublicKey *binary) +{ + BIGNUM *x = NULL; + BIGNUM *y = NULL; + Sec_KeyType keyType; + + if (_Extract_EC_KEY_X_Y(ec_key, &x, &y, &keyType) != SEC_RESULT_SUCCESS) + { + + SEC_LOG_ERROR("_Extract_EC_KEY_X_Y failed"); + return SEC_RESULT_FAILURE; + } + else + { + binary->type = keyType; + Sec_Uint32ToBEBytes(SecKey_GetKeyLenForKeyType(keyType), binary->key_len); + _BigNumToBuffer(x, binary->x, Sec_BEBytesToUint32(binary->key_len)); + _BigNumToBuffer(y, binary->y, Sec_BEBytesToUint32(binary->key_len)); + + BN_free(y); + BN_free(x); + return SEC_RESULT_SUCCESS; + } +} + +static DH* _DH_create(SEC_BYTE *p, SEC_SIZE p_len, SEC_BYTE *g, SEC_SIZE g_len) +{ + DH *dh = NULL; + + if ((dh=DH_new()) == NULL) { + SEC_LOG_ERROR("DH_new failed"); + return NULL; + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + dh->p = BN_bin2bn(p, p_len, NULL); + dh->g = BN_bin2bn(g, g_len, NULL); + + if ((dh->p == NULL) || (dh->g == NULL)) { + SEC_LOG_ERROR("BN_bin2bn failed"); + DH_free(dh); + return NULL; + } + + dh->length = p_len * 8; +#else + BIGNUM *bnp = BN_bin2bn(p, p_len, NULL); + BIGNUM *bng = BN_bin2bn(g, g_len, NULL); + DH_set0_pqg(dh, bnp, NULL, bng); +#endif + + return dh; +} + +static Sec_Result _DH_generate_key(DH* dh, SEC_BYTE* publicKey, SEC_SIZE pubKeySize) { + if (!DH_generate_key(dh)) { + SEC_LOG_ERROR("DH_generate_key failed"); + DH_free(dh); + return SEC_RESULT_FAILURE; + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pubKeySize < (SEC_SIZE) BN_num_bytes(dh->pub_key)) { + SEC_LOG_ERROR("buffer to small"); + return SEC_RESULT_FAILURE; + } + + SEC_SIZE len = BN_bn2bin(dh->pub_key, publicKey); + if (len < pubKeySize) { + memmove(publicKey + pubKeySize - len, publicKey, len); + memset(publicKey, 0, pubKeySize - len); + } +#else + const BIGNUM *pub_key = NULL; + DH_get0_key(dh, &pub_key, NULL); + + if ((int)pubKeySize < BN_num_bytes(pub_key)) { + SEC_LOG_ERROR("buffer to small"); + return SEC_RESULT_FAILURE; + } + + SEC_SIZE len = BN_bn2bin(pub_key, publicKey); + if (len < pubKeySize) { + memmove(publicKey + pubKeySize - len, publicKey, len); + memset(publicKey, 0, pubKeySize - len); + } +#endif + + return SEC_RESULT_SUCCESS; +} + +static Sec_Result _DH_compute(DH* dh, SEC_BYTE* pub_key, SEC_SIZE pub_key_len, SEC_BYTE* key, SEC_SIZE key_len, SEC_SIZE* written) { + if (key_len < (SEC_SIZE) DH_size(dh)) { + SEC_LOG_ERROR("key_len is not large enough to hold the computed DH key: %d", DH_size(dh)); + return SEC_RESULT_FAILURE; + } + + BIGNUM * pub_key_bn = BN_bin2bn(pub_key, pub_key_len, NULL); + if (pub_key_bn == NULL) { + SEC_LOG_ERROR("BN_bin2bn failed"); + return SEC_RESULT_FAILURE; + } + + *written = DH_compute_key(key, pub_key_bn, dh); + BN_free(pub_key_bn); + pub_key_bn = NULL; + if (*written <= 0) { + SEC_LOG_ERROR("DH_compute_key failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyExchangeDH( + SEC_OBJECTID idComputed, + Sec_StorageLoc loc, + Sec_KeyType typeComputed) { + + TestCtx ctx; + Sec_KeyExchangeHandle *key_ex_handle = NULL; + DH* dh = NULL; + Sec_Result res = SEC_RESULT_FAILURE; + + Sec_DHParameters dh_params; + memcpy(dh_params.p, g_dh_p, sizeof(g_dh_p)); + dh_params.pLen = sizeof(g_dh_p); + memcpy(dh_params.g, g_dh_g, sizeof(g_dh_g)); + dh_params.gLen = sizeof(g_dh_g); + + SEC_BYTE pub_secapi[512]; + SEC_BYTE pub_test[512]; + SEC_BYTE ss_test[512]; + SEC_SIZE ss_len; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKeyExchange_GetInstance(ctx.proc(), SEC_KEYEXCHANGE_DH, &dh_params, &key_ex_handle)) { + SEC_LOG_ERROR("SecKeyExchange_GetInstance failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKeyExchange_GenerateKeys(key_ex_handle, pub_secapi, sizeof(pub_secapi))) { + SEC_LOG_ERROR("SecKeyExchange_GenerateKeys failed"); + goto done; + } + + //create other side info + dh = _DH_create(g_dh_p, sizeof(g_dh_p), g_dh_g, sizeof(g_dh_g)); + if (dh == NULL) { + SEC_LOG_ERROR("_DH_create failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != _DH_generate_key(dh, pub_test, sizeof(pub_test))) { + SEC_LOG_ERROR("_DH_generate_key failed"); + goto done; + } + + //compute shared secret + if (SEC_RESULT_SUCCESS != SecKeyExchange_ComputeSecret(key_ex_handle, pub_test, sizeof(pub_test), typeComputed, idComputed, loc)) { + SEC_LOG_ERROR("SecKeyExchange_ComputeSecret failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != _DH_compute(dh, pub_secapi, sizeof(pub_secapi), ss_test, sizeof(ss_test), &ss_len)) { + SEC_LOG_ERROR("_DH_compute failed"); + goto done; + } + + //test enc/dec or mac + if (SecKey_IsAES(typeComputed)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idComputed, ss_test, SecKey_GetKeyLenForKeyType(typeComputed))) { + SEC_LOG_ERROR("aesKeyCheck failed"); + goto done; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idComputed, ss_test, SecKey_GetKeyLenForKeyType(typeComputed))) { + SEC_LOG_ERROR("macCheck failed"); + goto done; + } + } + + res = SEC_RESULT_SUCCESS; + +done: + if (key_ex_handle != NULL) { + SecKeyExchange_Release(key_ex_handle); + } + + if (dh != NULL) { + DH_free(dh); + } + + return res; +} + +Sec_Result testKeyExchangeECDH( + SEC_OBJECTID idComputed, + Sec_StorageLoc loc, + Sec_KeyType typeComputed) { + + TestCtx ctx; + Sec_KeyExchangeHandle *key_ex_handle = NULL; + EC_KEY *priv_test = NULL; + EC_KEY *pub_secapi_key = NULL; + Sec_Result res = SEC_RESULT_FAILURE; + + Sec_ECCRawPublicKey pub_secapi; + Sec_ECCRawPublicKey pub_test; + SEC_BYTE ss_test[32]; + SEC_SIZE ss_len; + + Sec_ECDHParameters ecdh_params; + ecdh_params.curve = NISTP256; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKeyExchange_GetInstance(ctx.proc(), SEC_KEYEXCHANGE_ECDH, &ecdh_params, &key_ex_handle)) { + SEC_LOG_ERROR("SecKeyExchange_GetInstance failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKeyExchange_GenerateKeys(key_ex_handle, (SEC_BYTE *) &pub_secapi, sizeof(pub_secapi))) { + SEC_LOG_ERROR("SecKeyExchange_GenerateKeys failed"); + goto done; + } + + //create other side info + if(NULL == (priv_test = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1))) { + SEC_LOG_ERROR("EC_KEY_new_by_curve_name failed"); + goto done; + } + + if (1 != EC_KEY_generate_key(priv_test)) { + SEC_LOG_ERROR("EC_KEY_generate_key failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != _ECCToPubBinary(priv_test, &pub_test)) + { + SEC_LOG_ERROR("_ECCToPubBinary failed"); + goto done; + } + + + //compute shared secret + if (SEC_RESULT_SUCCESS != SecKeyExchange_ComputeSecret(key_ex_handle, (SEC_BYTE*) &pub_test, sizeof(pub_test), typeComputed, idComputed, loc)) { + SEC_LOG_ERROR("SecKeyExchange_ComputeSecret failed"); + goto done; + } + + pub_secapi_key = _ECCFromPubBinary(&pub_secapi); + if (pub_secapi_key == NULL) { + SEC_LOG_ERROR("SecUtils_ECCFromPubBinary failed"); + goto done; + } + + /* Derive the shared secret */ + ss_len = ECDH_compute_key(ss_test, sizeof(ss_test), EC_KEY_get0_public_key(pub_secapi_key), priv_test, NULL); + if (ss_len <= 0) { + SEC_LOG_ERROR("ECDH_compute_key failed"); + goto done; + } + + //test enc/dec or mac + if (SecKey_IsAES(typeComputed)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idComputed, ss_test, SecKey_GetKeyLenForKeyType(typeComputed))) { + SEC_LOG_ERROR("aesKeyCheck failed"); + goto done; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idComputed, ss_test, SecKey_GetKeyLenForKeyType(typeComputed))) { + SEC_LOG_ERROR("macCheck failed"); + goto done; + } + } + + res = SEC_RESULT_SUCCESS; + +done: + if (key_ex_handle != NULL) { + SecKeyExchange_Release(key_ex_handle); + } + + SEC_ECC_FREE(priv_test); + SEC_ECC_FREE(pub_secapi_key); + + return res; +} diff --git a/test/main/cpp/exchange.h b/test/main/cpp/exchange.h new file mode 100644 index 0000000..71a13b2 --- /dev/null +++ b/test/main/cpp/exchange.h @@ -0,0 +1,37 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_EXCHANGE_H_ +#define TEST_EXCHANGE_H_ + +#include "sec_security.h" +#include "test_creds.h" +#include + +Sec_Result testKeyExchangeDH( + SEC_OBJECTID idComputed, + Sec_StorageLoc loc, + Sec_KeyType typeComputed); + +Sec_Result testKeyExchangeECDH( + SEC_OBJECTID idComputed, + Sec_StorageLoc loc, + Sec_KeyType typeComputed); + +#endif diff --git a/test/main/cpp/jtype.cpp b/test/main/cpp/jtype.cpp new file mode 100644 index 0000000..ce47d9f --- /dev/null +++ b/test/main/cpp/jtype.cpp @@ -0,0 +1,468 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "jtype.h" +#include "mac.h" +#include "test_ctx.h" +#include "sec_security_comcastids.h" +#include "cipher.h" +#include "sec_security_utils.h" +#include +#include +#include +#include +#include + +std::string toB64(SEC_BYTE *data, SEC_SIZE len) { + std::string res; + SEC_SIZE res_len; + res.resize(SEC_KEYCONTAINER_MAX_LEN); + + if (SEC_RESULT_SUCCESS != SecUtils_Base64Encode((const SEC_BYTE*) data, len, (SEC_BYTE *) res.data(), res.size(), &res_len)) { + SEC_LOG_ERROR("SecSrv_B64Encode failed"); + return ""; + } + + res.resize(res_len); + + return res; +} + +std::string createJTypeHeader(const char *kid, const char *alg) { + std::string res; + + res += "{\"kid\":\""; + res += kid; + res += "\",\"alg\":\""; + res += alg; + res += "\"}"; + + return toB64((SEC_BYTE*) res.c_str(), res.size()); +} + +std::string createJTypeBodyV1(const char *contentKey, const char *contentKeyId, const char *contentKeyRights, SEC_BOOL cachable, int contentKeyUsage, const char* contentKeyNotBefore, const char* contentKeyNotOnOrAfter) { + std::string res; + char tmp[4096]; + + res += "{\"contentKeyNotOnOrAfter\":\""; + res += contentKeyNotOnOrAfter; + + res += "\",\"contentKey\":\""; + res += contentKey; + + res += "\",\"contentKeyId\":\""; + res += contentKeyId; + + res += "\",\"contentKeyRights\":\""; + res += contentKeyRights; + + res += "\",\"contentKeyCacheable\":"; + res += (cachable ? "true" : "false"); + + sprintf(tmp, "%d", contentKeyUsage); + + res += ",\"contentKeyUsage\":"; + res += tmp; + + res += ",\"contentKeyNotBefore\":\""; + res += contentKeyNotBefore; + + res += "\"}"; + + return toB64((SEC_BYTE*) res.c_str(), res.size()); +} + +std::string createJTypeBodyV2(const char *contentKey, const char *contentKeyId, const char *contentKeyRights, SEC_BOOL cachable, int contentKeyUsage, const char* contentKeyNotBefore, const char* contentKeyNotOnOrAfter, int cklen, const char *alg, const char *iv) { + std::string res; + char tmp[4096]; + + res += "{"; + + res += "\"contentKeyContainerVersion\":2"; + + res += ",\"contentKeyNotOnOrAfter\":\""; + res += contentKeyNotOnOrAfter; + + res += "\",\"contentKey\":\""; + res += contentKey; + + res += "\",\"contentKeyId\":\""; + res += contentKeyId; + + res += "\",\"contentKeyRights\":\""; + res += contentKeyRights; + + res += "\",\"contentKeyCacheable\":"; + res += (cachable ? "true" : "false"); + + sprintf(tmp, "%d", contentKeyUsage); + + res += ",\"contentKeyUsage\":"; + res += tmp; + + res += ",\"contentKeyNotBefore\":\""; + res += contentKeyNotBefore; + + res += "\",\"contentKeyLength\":"; + sprintf(tmp, "%d", cklen); + res += tmp; + res += ""; + + res += ",\"contentKeyTransportAlgorithm\":\""; + res += alg; + + if (iv != NULL) { + res += "\",\"contentKeyTransportIv\":\""; + res += iv; + } + + res += "\"}"; + + return toB64((SEC_BYTE*) res.c_str(), res.size()); +} + +std::string createContentKeyV1(TestKey contentKey, TestKey encryptionKey) { + std::vector conK = TestCreds::asOpenSslAes(contentKey); + if (conK.size() == 0) { + SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); + return std::string(); + } + + if (conK.size() != 16) { + SEC_LOG_ERROR("V1 Jtype cannot support keys that are not 128 bits"); + return std::string(); + } + + std::vector encK = TestCreds::asOpenSslAes(encryptionKey); + if (encK.size() == 0) { + SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); + return std::string(); + } + + std::vector encConK = opensslAesEcb(encryptionKey, SEC_CIPHERMODE_ENCRYPT, SEC_FALSE, NULL, conK); + if (encConK.empty()) { + SEC_LOG_ERROR("opensslAesEcb failed"); + return std::string(); + } + + return toB64(encConK.data(), encConK.size()); +} + +std::string createContentKeyV2(TestKey contentKey, TestKey encryptionKey, Sec_CipherAlgorithm alg, SEC_BYTE *iv) { + std::vector conK = TestCreds::asOpenSslAes(contentKey); + if (conK.size() == 0) { + SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); + return std::string(); + } + + std::vector encK = TestCreds::asOpenSslAes(encryptionKey); + if (encK.size() == 0) { + SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); + return std::string(); + } + + std::vector encConK; + + if (alg == SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING) { + encConK = opensslAesEcb(encryptionKey, SEC_CIPHERMODE_ENCRYPT, SEC_FALSE, iv, conK); + if (encConK.empty()) { + SEC_LOG_ERROR("opensslAesEcb failed"); + return std::string(); + } + } else if (alg == SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING) { + encConK = opensslAesEcb(encryptionKey, SEC_CIPHERMODE_ENCRYPT, SEC_TRUE, iv, conK); + if (encConK.empty()) { + SEC_LOG_ERROR("opensslAesEcb failed"); + return std::string(); + } + } else { + SEC_LOG_ERROR("Unexpected algorithm encountered: %d", alg); + } + + return toB64(encConK.data(), encConK.size()); +} + +std::string createJTypeMac(const std::string& header, const std::string& body, TestKey macKey) { + std::string data = header + "." + body; + std::vector input((SEC_BYTE *) data.data(), (SEC_BYTE *) (data.data()+data.size())); + std::vector mac = macOpenSSL(SEC_MACALGORITHM_HMAC_SHA256, macKey, input); + return toB64(mac.data(), mac.size()); +} + +std::string createJTypeContainer(const char *kid, const char *macalg, + TestKey contentKey, TestKey encryptionKey, const char *contentKeyId, const char *contentKeyRights, SEC_BOOL cachable, int contentKeyUsage, const char* contentKeyNotBefore, const char* contentKeyNotOnOrAfter, + TestKey macKey, int version, const char *alg) { + + std::string header_b64 = createJTypeHeader(kid, macalg); + if (header_b64.size() == 0) { + SEC_LOG_ERROR("createJTypeHeader failed"); + return std::string(); + } + + std::string body_b64; + if (version == 1) { + std::string encConK = createContentKeyV1(contentKey, encryptionKey); + if (encConK.empty()) { + SEC_LOG_ERROR("createContentKeyV1 failed"); + return std::string(); + } + + body_b64 = createJTypeBodyV1(encConK.c_str(), contentKeyId, contentKeyRights, cachable, contentKeyUsage, contentKeyNotBefore, contentKeyNotOnOrAfter); + if (body_b64.size() == 0) { + SEC_LOG_ERROR("createJTypeBody failed"); + return std::string(); + } + } else if (version == 2) { + Sec_CipherAlgorithm salg = SEC_CIPHERALGORITHM_NUM; + if (strcmp(alg, "aesEcbNone") == 0) { + salg = SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING; + } else if (strcmp(alg, "aesEcbPkcs5") == 0) { + salg = SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING; + } else { + SEC_LOG_ERROR("Unknown algorithm encountered: %s", alg); + return std::string(); + } + + std::string encConK = createContentKeyV2(contentKey, encryptionKey, salg, NULL); + if (encConK.empty()) { + SEC_LOG_ERROR("createContentKeyV2 failed"); + return std::string(); + } + + std::vector conK = TestCreds::asOpenSslAes(contentKey); + if (conK.size() == 0) { + SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); + return std::string(); + } + + body_b64 = createJTypeBodyV2(encConK.c_str(), contentKeyId, contentKeyRights, cachable, contentKeyUsage, contentKeyNotBefore, contentKeyNotOnOrAfter, conK.size(), alg, NULL); + if (body_b64.size() == 0) { + SEC_LOG_ERROR("createJTypeBody failed"); + return std::string(); + } + } else { + SEC_LOG_ERROR("Unknown version encountered: %d", version); + return std::string(); + } + + std::string mac_b64 = createJTypeMac(header_b64, body_b64, macKey); + if (mac_b64.size() == 0) { + SEC_LOG_ERROR("createJTypeMac failed"); + return std::string(); + } + + return header_b64 + "." + body_b64 + "." + mac_b64; +} + +Sec_Result testProvisionJType(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, int version, const char *alg) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + contentKey, encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + createDefaultRights(TestCreds::getKeyType(contentKey)).c_str(), + SEC_FALSE, 1, + "2010-12-09T19:53:06Z", "2037-12-09T19:53:06Z", + macKey, version, alg); + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + //provision encryption key + if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY, SEC_STORAGELOC_RAM, encryptionKey, encKc)) { + SEC_LOG_ERROR("provisionKey failed"); + return SEC_RESULT_FAILURE; + } + + //provision maccing key + if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY, SEC_STORAGELOC_RAM, macKey, macKc)) { + SEC_LOG_ERROR("provisionKey failed"); + return SEC_RESULT_FAILURE; + } + + //provsion j-type key + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_JTYPE, + (SEC_BYTE *) &jtype[0], jtype.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testExportKey(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, Sec_CipherAlgorithm alg, SEC_SIZE input_len, int version, const char *calg) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + contentKey, encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + createDefaultRights(TestCreds::getKeyType(contentKey)).c_str(), + SEC_TRUE, 1, + "2010-12-09T19:53:06Z", "2037-12-09T19:53:06Z", + macKey, version, calg); + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + //provision encryption key + if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY, SEC_STORAGELOC_RAM, encryptionKey, encKc)) { + SEC_LOG_ERROR("provisionKey failed"); + return SEC_RESULT_FAILURE; + } + + //provision maccing key + if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY, SEC_STORAGELOC_RAM, macKey, macKc)) { + SEC_LOG_ERROR("provisionKey failed"); + return SEC_RESULT_FAILURE; + } + + //provsion j-type key + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_JTYPE, + (SEC_BYTE *) &jtype[0], jtype.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *key_handle; + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &key_handle)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + //get properties from j-type + Sec_KeyProperties jtype_props; + if (SEC_RESULT_SUCCESS != SecKey_GetProperties(key_handle, &jtype_props)) { + SEC_LOG_ERROR("SecKey_GetProperties failed"); + return SEC_RESULT_FAILURE; + } + + //export j-type key + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key; + exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE exported_len; + + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(key_handle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("SecKey_ExportKey failed"); + return SEC_RESULT_FAILURE; + } + exported_key.resize(exported_len); + + //provision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *key_handle_exported; + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &key_handle_exported)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + //grab properties from exported + Sec_KeyProperties exported_props; + if (SEC_RESULT_SUCCESS != SecKey_GetProperties(key_handle_exported, &exported_props)) { + SEC_LOG_ERROR("SecKey_GetProperties failed"); + return SEC_RESULT_FAILURE; + } + + if (memcmp(&jtype_props, &exported_props, sizeof(Sec_KeyProperties)) != 0) { + SEC_LOG_ERROR("Key properties on jtype and exported container do not match"); + return SEC_RESULT_FAILURE; + } + + //test exported encryption + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, SEC_OBJECTID_USER_BASE, alg, input_len)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +std::string createDefaultRights(Sec_KeyType kt) { + Sec_KeyProperties props; + SecKeyProperties_SetDefault(&props, kt); + + return toB64(props.rights, sizeof(props.rights)); +} + +Sec_Result testDecryptJType(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, Sec_CipherAlgorithm alg, SEC_SIZE input_len, int version, const char *salg) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + contentKey, encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + createDefaultRights(TestCreds::getKeyType(contentKey)).c_str(), + SEC_FALSE, 1, + "2010-12-09T19:53:06Z", "2037-12-09T19:53:06Z", + macKey, version, salg); + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + Sec_StorageLoc loc = SEC_STORAGELOC_RAM; + + //provision encryption key + if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY, loc, encryptionKey, encKc)) { + SEC_LOG_ERROR("provisionKey failed"); + return SEC_RESULT_FAILURE; + } + + //provision maccing key + if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY, loc, macKey, macKc)) { + SEC_LOG_ERROR("provisionKey failed"); + return SEC_RESULT_FAILURE; + } + + //provision jtype key + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_JTYPE, + (SEC_BYTE *) &jtype[0], jtype.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + //test encryption + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, SEC_OBJECTID_USER_BASE, alg, input_len)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/jtype.h b/test/main/cpp/jtype.h new file mode 100644 index 0000000..cea3afa --- /dev/null +++ b/test/main/cpp/jtype.h @@ -0,0 +1,37 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_JTYPE_H_ +#define TEST_JTYPE_H_ + +#include "sec_security.h" +#include "test_creds.h" +#include + +Sec_Result testProvisionJType(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, int version, const char *valg); +Sec_Result testDecryptJType(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, Sec_CipherAlgorithm alg, SEC_SIZE input_len, int version, const char *calg); +Sec_Result testExportKey(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, Sec_CipherAlgorithm alg, SEC_SIZE input_len, int version, const char *calg); + +std::string createJTypeContainer(const char *kid, const char *macalg, + TestKey contentKey, TestKey encryptionKey, const char *contentKeyId, const char *contentKeyRights, SEC_BOOL cachable, int contentKeyUsage, const char* contentKeyNotBefore, const char* contentKeyNotOnOrAfter, + TestKey macKey, int version, const char *alg); + +std::string createDefaultRights(Sec_KeyType kt); + +#endif diff --git a/test/main/cpp/key.cpp b/test/main/cpp/key.cpp new file mode 100644 index 0000000..53401b1 --- /dev/null +++ b/test/main/cpp/key.cpp @@ -0,0 +1,1290 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "key.h" +#include "cipher.h" +#include "test_ctx.h" +#include "sec_security_utils.h" +#include +#include +#include "sec_security_store.h" +#include +#include + +static int _Sec_DisablePassphrasePrompt(char *buf, int size, int rwflag, void *u) +{ + return 0; +} + +static Sec_Result _BigNumToBuffer(const BIGNUM *bignum, SEC_BYTE *buffer, SEC_SIZE buffer_len) +{ + SEC_SIZE num_bytes; + + memset(buffer, 0, buffer_len); + num_bytes = BN_num_bytes(bignum); + + if (num_bytes > buffer_len) { + SEC_LOG_ERROR("buffer not large enough. needed: %d, actual: %d", num_bytes, buffer_len); + return SEC_RESULT_FAILURE; + } + + BN_bn2bin(bignum, buffer + buffer_len - num_bytes); + + return SEC_RESULT_SUCCESS; +} + +static void _RSAToPubBinary(RSA *rsa, Sec_RSARawPublicKey *binary) +{ + Sec_Uint32ToBEBytes(RSA_size(rsa), binary->modulus_len_be); + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + _BigNumToBuffer(rsa->n, binary->n, Sec_BEBytesToUint32(binary->modulus_len_be)); + _BigNumToBuffer(rsa->e, binary->e, 4); +#else + const BIGNUM *n = NULL; + const BIGNUM *e = NULL; + RSA_get0_key(rsa, &n, &e, NULL); + _BigNumToBuffer((BIGNUM *) n, binary->n, Sec_BEBytesToUint32(binary->modulus_len_be)); + _BigNumToBuffer((BIGNUM *) e, binary->e, 4); +#endif +} + + +static Sec_Result aesKeyCheck(Sec_ProcessorHandle *proc, SEC_OBJECTID id_first, SEC_OBJECTID id_second) { + SEC_PRINT("--- aes key check ---\n"); + + std::vector clear = TestCtx::random(SEC_AES_BLOCK_SIZE); + TestCtx::printHex("clear", clear); + + std::vector cipher_first; + cipher_first.resize(SEC_AES_BLOCK_SIZE); + SEC_SIZE cipher_first_len; + + if (SEC_RESULT_SUCCESS != SecCipher_SingleInputId(proc, + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, id_first, + NULL, &clear[0], clear.size(), &cipher_first[0], + cipher_first.size(), &cipher_first_len)) { + SEC_LOG_ERROR("SecCipher_SingleInputId failed"); + return SEC_RESULT_FAILURE; + } + cipher_first.resize(cipher_first_len); + TestCtx::printHex("cipher_first", cipher_first); + + std::vector cipher_second; + cipher_second.resize(SEC_AES_BLOCK_SIZE); + SEC_SIZE cipher_second_len; + + if (SEC_RESULT_SUCCESS != SecCipher_SingleInputId(proc, + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, id_second, + NULL, &clear[0], clear.size(), &cipher_second[0], + cipher_second.size(), &cipher_second_len)) { + SEC_LOG_ERROR("SecCipher_SingleInputId failed"); + return SEC_RESULT_FAILURE; + } + cipher_second.resize(cipher_second_len); + TestCtx::printHex("cipher_second", cipher_second); + + SEC_PRINT("---------------------\n"); + + //check if results match + if (cipher_first != cipher_second) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +static Sec_Result macCheck(Sec_ProcessorHandle *proc, Sec_MacAlgorithm alg, SEC_OBJECTID id_first, SEC_OBJECTID id_second) { + std::vector clear = TestCtx::random(256); + TestCtx::printHex("clear", clear); + + std::vector mac_first; + mac_first.resize(SEC_MAC_MAX_LEN); + SEC_SIZE mac_first_len; + if (SEC_RESULT_SUCCESS != SecMac_SingleInputId(proc, alg, id_first, &clear[0], clear.size(), &mac_first[0], &mac_first_len)) { + SEC_LOG_ERROR("SecMac_SingleInputId failed"); + return SEC_RESULT_FAILURE; + } + + mac_first.resize(mac_first_len); + TestCtx::printHex("mac_first", mac_first); + + std::vector mac_second; + mac_second.resize(SEC_MAC_MAX_LEN); + SEC_SIZE mac_second_len; + if (SEC_RESULT_SUCCESS != SecMac_SingleInputId(proc, alg, id_first, &clear[0], clear.size(), &mac_second[0], &mac_second_len)) { + SEC_LOG_ERROR("SecMac_SingleInputId failed"); + return SEC_RESULT_FAILURE; + } + + mac_second.resize(mac_second_len); + TestCtx::printHex("macSecApi", mac_second); + + //check if results match + if (mac_first != mac_second) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testStore(SEC_BOOL encrypt, SEC_BOOL mac) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector data = ctx.random(20); + TestCtx::printHex("data: ", data); + + //fill header + SecUtils_KeyStoreHeader keystore_header; + if (SEC_RESULT_SUCCESS != SecUtils_FillKeyStoreUserHeader(ctx.proc(), &keystore_header, SEC_KEYCONTAINER_RAW_HMAC_160)) + { + SEC_LOG_ERROR("SecUtils_FillKeyStoreUserHeader failed"); + return SEC_RESULT_FAILURE; + } + + //write store + std::vector store; + store.resize(SEC_KEYCONTAINER_MAX_LEN); + if (SEC_RESULT_SUCCESS != SecStore_StoreData(ctx.proc(), encrypt, mac, + (SEC_BYTE *) SEC_UTILS_KEYSTORE_MAGIC, &keystore_header, sizeof(keystore_header), + &data[0], data.size(), &store[0], store.size())) + { + SEC_LOG_ERROR("SecStore_StoreData failed"); + return SEC_RESULT_FAILURE; + } + store.resize(SecStore_GetStoreLen(&store[0])); + TestCtx::printHex("store: ", store); + + //read from store + SecUtils_KeyStoreHeader keystore_header2; + std::vector extracted_data; + extracted_data.resize(SEC_KEYCONTAINER_MAX_LEN); + if (SEC_RESULT_SUCCESS != SecStore_RetrieveData(ctx.proc(), mac, &keystore_header2, sizeof(keystore_header2), &extracted_data[0], extracted_data.size(), &store[0], store.size())) { + SEC_LOG_ERROR("SecStore_RetrieveData failed"); + return SEC_RESULT_FAILURE; + } + extracted_data.resize(SecStore_GetDataLen(&store[0])); + TestCtx::printHex("extracted_data: ", extracted_data); + + if (data != extracted_data) { + SEC_LOG_ERROR("Extracted data does not match what was put into the store"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testStoreProvision(SEC_OBJECTID id, SEC_BOOL encrypt, SEC_BOOL mac) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector data = ctx.random(20); + TestCtx::printHex("data: ", data); + + //fill header + SecUtils_KeyStoreHeader keystore_header; + if (SEC_RESULT_SUCCESS != SecUtils_FillKeyStoreUserHeader(ctx.proc(), &keystore_header, SEC_KEYCONTAINER_RAW_HMAC_160)) + { + SEC_LOG_ERROR("SecUtils_FillKeyStoreUserHeader failed"); + return SEC_RESULT_FAILURE; + } + + //write store + std::vector store; + store.resize(SEC_KEYCONTAINER_MAX_LEN); + if (SEC_RESULT_SUCCESS != SecStore_StoreData(ctx.proc(), encrypt, mac, + (SEC_BYTE *) SEC_UTILS_KEYSTORE_MAGIC, &keystore_header, sizeof(keystore_header), + &data[0], data.size(), &store[0], store.size())) + { + SEC_LOG_ERROR("SecStore_StoreData failed"); + return SEC_RESULT_FAILURE; + } + store.resize(SecStore_GetStoreLen(&store[0])); + TestCtx::printHex("store: ", store); + + //provision store + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), id, + SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_KEYCONTAINER_STORE, &store[0], + store.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyProvision(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == ctx.provisionKey(id, loc, key, kc)) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyProvisionDouble(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, TestKey key2, TestKc kc2, Sec_StorageLoc loc2) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = ctx.provisionKey(id, loc, key, kc); + if (NULL == handle) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + ctx.releaseKey(handle); + + handle = ctx.provisionKey(SEC_OBJECTID_USER_BASE, loc2, key2, kc2); + if (NULL == handle) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyGetKeyInfo(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = ctx.provisionKey(id, loc, key, kc); + if (NULL == handle) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyType kt = SecKey_GetKeyType(handle); + if (kt < 0 || kt >= SEC_KEYTYPE_NUM) { + SEC_LOG_ERROR("Invalid key type"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_GetKeyLen(handle) == 0) { + SEC_LOG_ERROR("Invalid key length"); + return SEC_RESULT_FAILURE; + } + + if (ctx.proc() != SecKey_GetProcessor(handle)) { + SEC_LOG_ERROR("SecKey_GetProcessor failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +static Sec_KeyType _GroupToKeyType(const EC_GROUP *group) +{ + if (NULL == group) + return SEC_KEYTYPE_NUM; + switch (EC_GROUP_get_curve_name(group)) + { + case NID_X9_62_prime256v1: + return SEC_KEYTYPE_ECC_NISTP256_PUBLIC; + case 0: + default: + return SEC_KEYTYPE_NUM; + } +} + +static Sec_Result _Extract_EC_KEY_X_Y(const EC_KEY *ec_key, BIGNUM **xp, BIGNUM **yp, Sec_KeyType *keyTypep) +{ + const EC_GROUP *group = NULL; + const EC_POINT *ec_point = NULL; + BN_CTX *ctx = NULL; + Sec_Result res = SEC_RESULT_FAILURE; + + if (NULL == xp) + { + SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: X cannot be NULL"); + goto error; + } + + group = EC_KEY_get0_group(ec_key); + if (NULL == group) + { + SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_KEY_get0_group: %s", ERR_error_string(ERR_get_error(), NULL)); + goto error; + } + + ec_point = EC_KEY_get0_public_key(ec_key); + if (NULL == ec_point) + { + SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_KEY_get0_public_key: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto error; + } + + ctx = BN_CTX_new(); + if (NULL == ctx) + { + SEC_LOG_ERROR("BN_CTX_new() failed"); + goto error; + } + + *xp = BN_new(); + if (NULL == *xp) + { + SEC_LOG_ERROR("BN_new() failed"); + goto error; + } + + if (NULL != yp) { // if caller wants y coordinate returned + *yp = BN_new(); + if (NULL == *yp) + { + SEC_LOG_ERROR("BN_new() failed"); + goto error; + } + } + + if (NULL != keyTypep) // if caller wants key type returned + { + *keyTypep = _GroupToKeyType(group); + } + + // Get the X coordinate and optionally the Y coordinate + if (EC_POINT_get_affine_coordinates_GFp(group, ec_point, + *xp, + yp != NULL ? *yp : NULL, + ctx) != 1) + { + BN_clear_free(*xp); + if (NULL != yp) + BN_clear_free(*yp); + SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_POINT_get_affine_coordinates_GFp: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto error; + } + + res = SEC_RESULT_SUCCESS; + // continue into "error" + +error: + if (NULL != ctx) + BN_CTX_free(ctx); + + return res; +} + +static Sec_Result _ECCToPubBinary(EC_KEY *ec_key, Sec_ECCRawPublicKey *binary) +{ + BIGNUM *x = NULL; + BIGNUM *y = NULL; + Sec_KeyType keyType; + + if (_Extract_EC_KEY_X_Y(ec_key, &x, &y, &keyType) != SEC_RESULT_SUCCESS) + { + + SEC_LOG_ERROR("_Extract_EC_KEY_X_Y failed"); + return SEC_RESULT_FAILURE; + } + else + { + binary->type = keyType; + Sec_Uint32ToBEBytes(SecKey_GetKeyLenForKeyType(keyType), binary->key_len); + _BigNumToBuffer(x, binary->x, Sec_BEBytesToUint32(binary->key_len)); + _BigNumToBuffer(y, binary->y, Sec_BEBytesToUint32(binary->key_len)); + + BN_free(y); + BN_free(x); + return SEC_RESULT_SUCCESS; + } +} + +Sec_Result testKeyExtractPublicKey(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = ctx.provisionKey(id, loc, key, kc); + if (NULL == handle) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsEcc(TestCreds::getKeyType(key))) { + Sec_ECCRawPublicKey public_key; + memset(&public_key, 0, sizeof(public_key)); + if (SEC_RESULT_SUCCESS != SecKey_ExtractECCPublicKey(handle, &public_key)) { + SEC_LOG_ERROR("SecKey_ExtractECCPublicKey failed"); + return SEC_RESULT_FAILURE; + } + + std::vector secapi((SEC_BYTE *) &public_key, ((SEC_BYTE *) &public_key) + sizeof(Sec_ECCRawPublicKey)); + + TestCtx::printHex("secapi", secapi); + + if (kc != TESTKC_GENERATED) { + EC_KEY *ec = TestCreds::asOpenSslEcKey(key); + if (ec == NULL) { + SEC_LOG_ERROR("TestCreds::asOpenSslEc failed"); + return SEC_RESULT_FAILURE; + } + + memset(&public_key, 0, sizeof(public_key)); + _ECCToPubBinary(ec, &public_key); + SEC_ECC_FREE(ec); + + std::vector openssl((SEC_BYTE *) &public_key, ((SEC_BYTE *) &public_key) + sizeof(Sec_ECCRawPublicKey)); + TestCtx::printHex("openssl", openssl); + + if (secapi != openssl) { + return SEC_RESULT_FAILURE; + } + } + } else { + Sec_RSARawPublicKey public_key; + memset(&public_key, 0, sizeof(public_key)); + if (SEC_RESULT_SUCCESS != SecKey_ExtractRSAPublicKey(handle, &public_key)) { + SEC_LOG_ERROR("SecKey_ExtractRSAPublicKey failed"); + return SEC_RESULT_FAILURE; + } + + std::vector secapi((SEC_BYTE *) &public_key, ((SEC_BYTE *) &public_key) + sizeof(Sec_RSARawPublicKey)); + + TestCtx::printHex("secapi", secapi); + + RSA *rsa = TestCreds::asOpenSslRsa(key); + if (rsa == NULL) { + SEC_LOG_ERROR("TestCreds::asOpenSslRsa failed"); + return SEC_RESULT_FAILURE; + } + + memset(&public_key, 0, sizeof(public_key)); + _RSAToPubBinary(rsa, &public_key); + SEC_RSA_FREE(rsa); + + std::vector openssl((SEC_BYTE *) &public_key, ((SEC_BYTE *) &public_key) + sizeof(Sec_RSARawPublicKey)); + TestCtx::printHex("openssl", openssl); + + if (secapi != openssl) { + return SEC_RESULT_FAILURE; + } + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyGenerate(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, SEC_BOOL testEncDec) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_Generate(ctx.proc(), id, keyType, loc)) { + SEC_LOG_ERROR("SecKey_Generate failed"); + return SEC_RESULT_FAILURE; + } + + if (testEncDec) { + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + } + + if (keyType == SEC_KEYTYPE_ECC_NISTP256) { + Sec_KeyHandle *keyHandle; + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, &keyHandle)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + SecKey_Delete(ctx.proc(), id); + return SEC_RESULT_FAILURE; + } + + Sec_ECCRawPublicKey public_key; + if (SEC_RESULT_SUCCESS != SecKey_ExtractECCPublicKey(keyHandle, &public_key)) { + SEC_LOG_ERROR("SecKey_ExtractECCPublicKey failed"); + SecKey_Release(keyHandle); + SecKey_Delete(ctx.proc(), id); + return SEC_RESULT_FAILURE; + } + + SecKey_Release(keyHandle); + } + + SecKey_Delete(ctx.proc(), id); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyDeriveHKDF(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm, SEC_BOOL testEncDec) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector nonce = TestCtx::random(SEC_NONCE_LEN); + TestCtx::printHex("nonce", nonce); + std::vector salt = TestCtx::random(25); + TestCtx::printHex("salt", salt); + std::vector info = TestCtx::random(17); + TestCtx::printHex("info", info); + + if (SEC_RESULT_SUCCESS != SecKey_Derive_HKDF(ctx.proc(), + id, keyType, loc, macAlgorithm, + &nonce[0], &salt[0], salt.size(), &info[0], info.size())) { + SEC_LOG_ERROR("SecKey_Derive_HKDF failed"); + return SEC_RESULT_FAILURE; + } + + if (testEncDec) { + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + } + + SecKey_Delete(ctx.proc(), id); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyDeriveConcatKDF(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm, SEC_BOOL testEncDec) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector nonce = TestCtx::random(SEC_NONCE_LEN); + TestCtx::printHex("nonce", nonce); + std::vector otherInfo = TestCtx::random(17); + TestCtx::printHex("otherInfo", otherInfo); + + if (SEC_RESULT_SUCCESS != SecKey_Derive_ConcatKDF(ctx.proc(), + id, keyType,loc, digestAlgorithm, + &nonce[0], &otherInfo[0], otherInfo.size())) { + SEC_LOG_ERROR("SecKey_Derive_ConcatKDF failed"); + return SEC_RESULT_FAILURE; + } + + if (testEncDec) { + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + } + + SecKey_Delete(ctx.proc(), id); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyDeriveVendorAes128(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm, SEC_BOOL testEncDec) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector input = TestCtx::random(25); + TestCtx::printHex("input", input); + + if (SEC_RESULT_SUCCESS != SecKey_Derive_VendorAes128(ctx.proc(), + id, loc, &input[0], input.size())) { + SEC_LOG_ERROR("SecKey_Derive_VendorAes128 failed"); + return SEC_RESULT_FAILURE; + } + + if (testEncDec) { + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + } + + SecKey_Delete(ctx.proc(), id); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyDeriveKeyLadderAes128(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_KeyLadderRoot root, SEC_BOOL testEncDec) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector > inputs; + inputs.resize(SecProcessor_GetKeyLadderMaxDepth(ctx.proc(), root)); + + if (inputs.size() == 0) { + SEC_LOG_ERROR("Key ladder not available"); + return SEC_RESULT_FAILURE; + } + + for (unsigned int i=0; i 0 ? &(inputs[0])[0] : NULL, + inputs.size() > 1 ? &(inputs[1])[0] : NULL, + inputs.size() > 2 ? &(inputs[2])[0] : NULL, + inputs.size() > 3 ? &(inputs[3])[0] : NULL)) { + SEC_LOG_ERROR("SecKey_Derive_KeyLadderAes128 failed"); + return SEC_RESULT_FAILURE; + } + + if (testEncDec) { + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + } + + SecKey_Delete(ctx.proc(), id); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyComputeBaseKeyDigest(SEC_OBJECTID id, Sec_DigestAlgorithm alg) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector nonce = TestCtx::random(SEC_NONCE_LEN); + TestCtx::printHex("nonce", nonce); + + std::vector digest; + digest.resize(SEC_DIGEST_MAX_LEN); + SEC_SIZE digestLen; + + if (SEC_RESULT_SUCCESS != SecKey_ComputeBaseKeyDigest(ctx.proc(), &nonce[0], + alg, &digest[0], &digestLen)) { + SEC_LOG_ERROR("SecKey_ComputeBaseKeyDigest failed"); + return SEC_RESULT_FAILURE; + } + + digest.resize(digestLen); + TestCtx::printHex("digest", digest); + + return SEC_RESULT_SUCCESS; +} + +static EC_KEY *_ECCFromDERPriv(SEC_BYTE *der, SEC_SIZE der_len) +{ + const unsigned char *p = (const unsigned char *) der; + PKCS8_PRIV_KEY_INFO *p8 = NULL; + EVP_PKEY *evp_key = NULL; + EC_KEY *ecc = NULL; + + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, der_len); + if (p8 != NULL) + { + evp_key = EVP_PKCS82PKEY(p8); + if (evp_key == NULL) + { + SEC_LOG_ERROR("EVP_PKCS82PKEY failed"); + goto done; + } + } + else + { + evp_key = d2i_AutoPrivateKey(NULL, &p, der_len); + if (evp_key == NULL) + { + SEC_LOG_ERROR("d2i_AutoPrivateKey failed"); + goto done; + } + } + + ecc = EVP_PKEY_get1_EC_KEY(evp_key); + if (ecc == NULL) + { + SEC_LOG_ERROR("EVP_PKEY_get1_EC_KEY failed"); + goto done; + } + +done: + SEC_EVPPKEY_FREE(evp_key); + + if (p8 != NULL) + { + PKCS8_PRIV_KEY_INFO_free(p8); + } + + return ecc; +} + +static EC_KEY *_ECCFromPEMPub(SEC_BYTE *pem, SEC_SIZE pem_len) +{ + BIO *bio = NULL; + EC_KEY *ec_key = NULL; + + bio = BIO_new_mem_buf(pem, pem_len); + ec_key = PEM_read_bio_EC_PUBKEY(bio, &ec_key, _Sec_DisablePassphrasePrompt, NULL); + + if (ec_key == NULL) + { + SEC_LOG_ERROR("Invalid ECC key container"); + goto done; + } + +done: + SEC_BIO_FREE(bio); + + return ec_key; +} + +static EC_KEY *_ECCFromDERPub(SEC_BYTE *der, SEC_SIZE der_len) +{ + const unsigned char *p = (const unsigned char *) der; + EC_KEY *ec_key = NULL; + + ec_key = d2i_EC_PUBKEY(&ec_key, &p, der_len); + + if (ec_key == NULL) + { + SEC_LOG_ERROR("Invalid ECC key container"); + goto done; + } + +done: + return ec_key; +} + +static EC_KEY *_ECCFromPrivBinary(Sec_ECCRawPrivateKey *binary) +{ + BN_CTX *ctx = BN_CTX_new(); + + // Note that SEC_KEYTYPE_ECC_NISTP256_PUBLIC is not acceptable, + // because it won't have a private key value + if (binary->type != SEC_KEYTYPE_ECC_NISTP256) + return NULL; + + EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); //create ec_key structure with NIST p256 curve; + const EC_GROUP *group = EC_KEY_get0_group(ec_key); + EC_POINT *ec_point = EC_POINT_new(group); + BN_CTX_start(ctx); + BIGNUM *xp, *yp, *prvp; + if (((xp = BN_CTX_get(ctx)) == NULL) || ((yp = BN_CTX_get(ctx)) == NULL) + || ((prvp = BN_CTX_get(ctx)) == NULL)) + goto done; + + EC_POINT_set_affine_coordinates_GFp(group, ec_point, + BN_bin2bn(binary->x, Sec_BEBytesToUint32(binary->key_len), xp), + BN_bin2bn(binary->y, Sec_BEBytesToUint32(binary->key_len), yp), ctx); + EC_KEY_set_public_key(ec_key, ec_point); + + EC_KEY_set_private_key(ec_key, + BN_bin2bn(binary->prv, Sec_BEBytesToUint32(binary->key_len), prvp)); + +done: + EC_POINT_free(ec_point); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return ec_key; +} + +static EC_KEY *_ECCFromPubBinary(Sec_ECCRawPublicKey *binary) +{ + BN_CTX *ctx = BN_CTX_new(); + + if ( binary->type != SEC_KEYTYPE_ECC_NISTP256_PUBLIC + && binary->type != SEC_KEYTYPE_ECC_NISTP256) + return NULL; + + EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); //create ec_key structure with NIST p256 curve; + const EC_GROUP *group = EC_KEY_get0_group(ec_key); + EC_POINT *ec_point = EC_POINT_new(group); + BN_CTX_start(ctx); + BIGNUM *xp, *yp; + + if (((xp = BN_CTX_get(ctx)) == NULL) || ((yp = BN_CTX_get(ctx)) == NULL)) + goto done; + + EC_POINT_set_affine_coordinates_GFp(group, ec_point, + BN_bin2bn(binary->x, Sec_BEBytesToUint32(binary->key_len), xp), + BN_bin2bn(binary->y, Sec_BEBytesToUint32(binary->key_len), yp), ctx); + EC_KEY_set_public_key(ec_key, ec_point); + +done: + EC_POINT_free(ec_point); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return ec_key; +} + +static EC_KEY *_ECCFromPEMPriv(SEC_BYTE *pem, SEC_SIZE pem_len) +{ + BIO *bio = NULL; + EC_KEY *ec_key = NULL; + + bio = BIO_new_mem_buf(pem, pem_len); + ec_key = PEM_read_bio_ECPrivateKey(bio, &ec_key, _Sec_DisablePassphrasePrompt, NULL); + + if (ec_key == NULL) + { + SEC_LOG_ERROR("Invalid ECC key container"); + goto done; + } + +done: + SEC_BIO_FREE(bio); + + return ec_key; +} + +static EC_KEY* _ECCFromClearKC(Sec_ProcessorHandle *proc, Sec_KeyContainer kc, + SEC_BYTE *data, SEC_SIZE data_len) +{ //$$$ could add SEC_KEYCONTAINER_RAW_ECC_PRIVONLY_NISTP256 + EC_KEY *ec_key = NULL; + SecUtils_KeyStoreHeader store_header; + SEC_BYTE store_data[SEC_KEYCONTAINER_MAX_LEN]; + + if (kc == SEC_KEYCONTAINER_DER_ECC_NISTP256) + { + ec_key = _ECCFromDERPriv(data, data_len); + if (ec_key == NULL) + { + SEC_LOG_ERROR("SecUtils_ECCFromDERPriv failed"); + goto done; + } + } + else if (kc == SEC_KEYCONTAINER_DER_ECC_NISTP256_PUBLIC) + { + ec_key = _ECCFromDERPub(data, data_len); + if (ec_key == NULL) + { + SEC_LOG_ERROR("SecUtils_ECCFromDERPub failed"); + goto done; + } + } + else if (kc == SEC_KEYCONTAINER_RAW_ECC_NISTP256) + { + if (data_len == sizeof(Sec_ECCRawPrivateKey)) + { + ec_key = _ECCFromPrivBinary((Sec_ECCRawPrivateKey *) data); + if (ec_key == NULL) + { + SEC_LOG_ERROR("SecUtils_ECCFromPrivBinary failed"); + goto done; + } + } + else + { + SEC_LOG_ERROR("Invalid priv key structure size: %d", data_len); + goto done; + } + } + else if (kc == SEC_KEYCONTAINER_RAW_ECC_NISTP256_PUBLIC) + { + if (data_len != sizeof(Sec_ECCRawPublicKey)) + { + SEC_LOG_ERROR("Invalid pub key structure size: %d", data_len); + goto done; + } + + ec_key = _ECCFromPubBinary((Sec_ECCRawPublicKey *) data); + if (ec_key == NULL) + { + SEC_LOG_ERROR("SecUtils_ECCFromPubBinary failed"); + goto done; + } + } + else if (kc == SEC_KEYCONTAINER_PEM_ECC_NISTP256) + { + ec_key = _ECCFromPEMPriv(data, data_len); + if (ec_key == NULL) + { + SEC_LOG_ERROR("SecUtils_ECCFromPEMPriv failed"); + goto done; + } + } + else if (kc == SEC_KEYCONTAINER_PEM_ECC_NISTP256_PUBLIC) + { + ec_key = _ECCFromPEMPub(data, data_len); + if (ec_key == NULL) + { + SEC_LOG_ERROR("SecUtils_ECCFromPEMPub failed"); + goto done; + } + } + else if (kc == SEC_KEYCONTAINER_STORE) + { + if (SEC_RESULT_SUCCESS + != SecStore_RetrieveData(proc, SEC_FALSE, &store_header, + sizeof(store_header), store_data, sizeof(store_data), + data, data_len)) + { + SEC_LOG_ERROR("SecStore_RetrieveData failed"); + goto done; + } + + ec_key = _ECCFromClearKC(proc, (Sec_KeyContainer) store_header.inner_kc_type, + store_data, SecStore_GetDataLen(data)); + if (ec_key == NULL) + { + SEC_LOG_ERROR("_ECCFromClearKC failed"); + goto done; + } + } + else + { + SEC_LOG_ERROR("Unknown container type"); + goto done; + } + +done: return ec_key; +} + +Sec_Result testKeyECDHKeyAgreementWithKDF( + SEC_OBJECTID id_derived, + SEC_OBJECTID id_priv, TestKey priv, TestKc priv_kc, TestKey pub, + Sec_KeyType keyType, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm, + SEC_BOOL testEncDec) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *priv_handle = NULL; + if (NULL == (priv_handle = ctx.provisionKey(id_priv, loc, priv, priv_kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + ProvKey* keyPubRaw = TestCreds::getKey(pub, TESTKC_RAW, SEC_OBJECTID_INVALID); + EC_KEY* ec_key_pub = _ECCFromClearKC(ctx.proc(), keyPubRaw->kc, &(keyPubRaw->key[0]), keyPubRaw->key.size()); + if (ec_key_pub == NULL) { + SEC_ECC_FREE(ec_key_pub); + SEC_LOG_ERROR("_ECCFromClearKC failed"); + return SEC_RESULT_FAILURE; + } + + Sec_ECCRawPublicKey pub_other; + if (SEC_RESULT_SUCCESS != _ECCToPubBinary(ec_key_pub, &pub_other)) { + SEC_ECC_FREE(ec_key_pub); + SEC_LOG_ERROR("_ECCToPubBinary failed"); + return SEC_RESULT_FAILURE; + } + + std::vector other_info = TestCtx::random(52); + TestCtx::printHex("other_info: ", other_info); + + if (SEC_RESULT_SUCCESS != SecKey_ECDHKeyAgreementWithKDF(priv_handle, + &pub_other, keyType, id_derived, loc, + SEC_KDF_CONCAT, + digestAlgorithm, &other_info[0], other_info.size())) { + SEC_LOG_ERROR("SecKey_ECDHKeyAgreementWithKDF failed"); + return SEC_RESULT_FAILURE; + } + + if (testEncDec) { + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id_derived, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + } + + SecKey_Delete(ctx.proc(), id_derived); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyDeriveCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, TestKc baseKc, Sec_KeyType keyType, Sec_StorageLoc loc, SEC_BOOL testEncDec, SEC_BYTE counter, uint32_t L) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == ctx.provisionKey(idBase, loc, TESTKEY_AES128, baseKc)) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + //base key + TestCtx::printHex("baseKey", TestCreds::asOpenSslAes(TESTKEY_AES128)); + + //label + std::vector otherData = TestCtx::random(10); + //separator + otherData.push_back(0); + //ctx + std::vector ctx2 = TestCtx::random(32); + otherData.insert(otherData.end(), ctx2.begin(), ctx2.end()); + + otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); + Sec_Uint32ToBEBytes(L, &otherData[otherData.size() - 4]); + + TestCtx::printHex("otherData", otherData); + + if (SEC_RESULT_SUCCESS != SecKey_Derive_CMAC_AES128(ctx.proc(), + idDerived, keyType,loc, + idBase, + &otherData[0], otherData.size(), + &counter, 1)) { + SEC_LOG_ERROR("SecKey_Derive_CMAC_AES128 failed"); + return SEC_RESULT_FAILURE; + } + + if (testEncDec) { + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idDerived, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + } + } + + SecKey_Delete(ctx.proc(), idDerived); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyDeriveBaseKey(SEC_OBJECTID idDerived, Sec_StorageLoc loc) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector nonce = TestCtx::random(SEC_NONCE_LEN); + TestCtx::printHex("nonce", nonce); + + if (SEC_RESULT_SUCCESS != SecKey_Derive_BaseKey(ctx.proc(), idDerived, SEC_KEYTYPE_HMAC_128, loc, &nonce[0])) { + SEC_LOG_ERROR("SecKey_Derive_BaseKey failed"); + return SEC_RESULT_FAILURE; + } + + SecKey_Delete(ctx.proc(), idDerived); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyDeriveHKDFBaseKey(Sec_KeyType typeDerived, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm) { + Sec_Result res = SEC_RESULT_FAILURE; + SEC_OBJECTID baseKeyId = SEC_OBJECTID_USER_BASE; + SEC_OBJECTID idDerived = baseKeyId + 1; + SEC_OBJECTID idDerivedSecond = idDerived + 1; + + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector nonce = TestCtx::random(SEC_NONCE_LEN); + TestCtx::printHex("nonce", nonce); + + std::vector salt = TestCtx::random(20); + TestCtx::printHex("salt", salt); + + std::vector info = TestCtx::random(40); + TestCtx::printHex("info", info); + + if (SEC_RESULT_SUCCESS != SecKey_Derive_BaseKey(ctx.proc(), baseKeyId, SEC_KEYTYPE_HMAC_128, loc, &nonce[0])) { + SEC_LOG_ERROR("SecKey_Derive_BaseKey failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKey_Derive_HKDF_BaseKey(ctx.proc(), idDerived, typeDerived, loc, macAlgorithm, &salt[0], salt.size(), &info[0], info.size(), baseKeyId)) { + SEC_LOG_ERROR("SecKey_Derive_HKDF_BaseKey failed"); + goto done; + } + + //repeat derivation + if (SEC_RESULT_SUCCESS != SecKey_Derive_BaseKey(ctx.proc(), baseKeyId, SEC_KEYTYPE_HMAC_128, loc, &nonce[0])) { + SEC_LOG_ERROR("SecKey_Derive_BaseKey failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKey_Derive_HKDF_BaseKey(ctx.proc(), idDerivedSecond, typeDerived, loc, macAlgorithm, &salt[0], salt.size(), &info[0], info.size(), baseKeyId)) { + SEC_LOG_ERROR("SecKey_Derive_HKDF_BaseKey failed"); + goto done; + } + + //test enc/dec or mac + if (SecKey_IsAES(typeDerived)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idDerived, idDerivedSecond)) { + SEC_LOG_ERROR("aesKeyCheck failed"); + goto done; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idDerived, idDerivedSecond)) { + SEC_LOG_ERROR("macCheck failed"); + goto done; + } + } + + res = SEC_RESULT_SUCCESS; + +done: + SecKey_Delete(ctx.proc(), baseKeyId); + SecKey_Delete(ctx.proc(), idDerived); + SecKey_Delete(ctx.proc(), idDerivedSecond); + + return res; +} + +Sec_Result testKeyDeriveConcatKDFBaseKey(Sec_KeyType typeDerived, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm) { + SEC_OBJECTID baseKeyId = SEC_OBJECTID_USER_BASE; + SEC_OBJECTID idDerived = baseKeyId + 1; + SEC_OBJECTID idDerivedSecond = idDerived + 1; + Sec_Result res = SEC_RESULT_FAILURE; + + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector nonce = TestCtx::random(SEC_NONCE_LEN); + TestCtx::printHex("nonce", nonce); + + std::vector info = TestCtx::random(40); + TestCtx::printHex("info", info); + + if (SEC_RESULT_SUCCESS != SecKey_Derive_BaseKey(ctx.proc(), baseKeyId, SEC_KEYTYPE_AES_128, loc, &nonce[0])) { + SEC_LOG_ERROR("SecKey_Derive_BaseKey failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKey_Derive_ConcatKDF_BaseKey(ctx.proc(), idDerived, typeDerived, loc, digestAlgorithm, &info[0], info.size(), baseKeyId)) { + SEC_LOG_ERROR("SecKey_Derive_ConcatKDF_BaseKey failed"); + SecKey_Delete(ctx.proc(), baseKeyId); + goto done; + } + + //repeat derivation + if (SEC_RESULT_SUCCESS != SecKey_Derive_BaseKey(ctx.proc(), baseKeyId, SEC_KEYTYPE_AES_128, loc, &nonce[0])) { + SEC_LOG_ERROR("SecKey_Derive_BaseKey failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKey_Derive_ConcatKDF_BaseKey(ctx.proc(), idDerivedSecond, typeDerived, loc, digestAlgorithm, &info[0], info.size(), baseKeyId)) { + SEC_LOG_ERROR("SecKey_Derive_ConcatKDF_BaseKey failed"); + SecKey_Delete(ctx.proc(), baseKeyId); + goto done; + } + + //test enc/dec or mac + if (SecKey_IsAES(typeDerived)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idDerived, idDerivedSecond)) { + SEC_LOG_ERROR("aesKeyCheck failed"); + goto done; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idDerived, idDerivedSecond)) { + SEC_LOG_ERROR("macCheck failed"); + goto done; + } + } + + res = SEC_RESULT_SUCCESS; + +done: + SecKey_Delete(ctx.proc(), baseKeyId); + SecKey_Delete(ctx.proc(), idDerived); + SecKey_Delete(ctx.proc(), idDerivedSecond); + + return res; +} + +Sec_Result testExportProvisionedKey(TestKey key, TestKc kc) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + //provision encryption key + Sec_KeyHandle *key_handle = ctx.provisionKey(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, key, kc); + if (NULL == key_handle) { + SEC_LOG_ERROR("provisionKey failed"); + return SEC_RESULT_FAILURE; + } + + //export j-type key + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key; + exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE exported_len; + + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(key_handle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("SecKey_ExportKey failed"); + return SEC_RESULT_FAILURE; + } + exported_key.resize(exported_len); + + //provision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *key_handle_exported; + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &key_handle_exported)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + //grab properties from exported + Sec_KeyProperties exported_props; + if (SEC_RESULT_SUCCESS != SecKey_GetProperties(key_handle_exported, &exported_props)) { + SEC_LOG_ERROR("SecKey_GetProperties failed"); + return SEC_RESULT_FAILURE; + } + + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/key.h b/test/main/cpp/key.h new file mode 100644 index 0000000..5bd965a --- /dev/null +++ b/test/main/cpp/key.h @@ -0,0 +1,45 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_KEY_H_ +#define TEST_KEY_H_ + +#include "sec_security.h" +#include "test_creds.h" + +Sec_Result testStore(SEC_BOOL encrypt, SEC_BOOL mac); +Sec_Result testStoreProvision(SEC_OBJECTID id, SEC_BOOL encrypt, SEC_BOOL mac); +Sec_Result testKeyProvision(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); +Sec_Result testKeyProvisionDouble(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, TestKey key2, TestKc kc2, Sec_StorageLoc loc2); +Sec_Result testKeyGetKeyInfo(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); +Sec_Result testKeyExtractPublicKey(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); +Sec_Result testKeyGenerate(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, SEC_BOOL testEncDec); +Sec_Result testKeyDeriveHKDF(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm, SEC_BOOL testEncDec); +Sec_Result testKeyDeriveConcatKDF(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm, SEC_BOOL testEncDec); +Sec_Result testKeyDeriveVendorAes128(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm, SEC_BOOL testEncDec); +Sec_Result testKeyDeriveKeyLadderAes128(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_KeyLadderRoot root, SEC_BOOL testEncDec); +Sec_Result testKeyComputeBaseKeyDigest(SEC_OBJECTID id, Sec_DigestAlgorithm alg); +Sec_Result testKeyECDHKeyAgreementWithKDF(SEC_OBJECTID id_derived, SEC_OBJECTID id_priv, TestKey priv, TestKc priv_kc, TestKey pub, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm, SEC_BOOL testEncDec); +Sec_Result testKeyDeriveCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, TestKc baseKc, Sec_KeyType keyType, Sec_StorageLoc loc, SEC_BOOL testEncDec, SEC_BYTE counter, uint32_t L); +Sec_Result testKeyDeriveBaseKey(SEC_OBJECTID idDerived, Sec_StorageLoc loc); +Sec_Result testKeyDeriveHKDFBaseKey(Sec_KeyType typeDerived, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm); +Sec_Result testKeyDeriveConcatKDFBaseKey(Sec_KeyType typeDerived, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm); +Sec_Result testExportProvisionedKey(TestKey key, TestKc kc); + +#endif diff --git a/test/main/cpp/keyctrl.cpp b/test/main/cpp/keyctrl.cpp new file mode 100644 index 0000000..630648e --- /dev/null +++ b/test/main/cpp/keyctrl.cpp @@ -0,0 +1,1970 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "keyctrl.h" +#include "jtype.h" +#include "mac.h" +#include "test_ctx.h" +#include "sec_security_comcastids.h" +#include "sec_security_utils.h" +#include "cipher.h" +#include "sign.h" +#include "jtype.h" +#include +#include +#include +#include + +// default params for jtype key container +struct default_jtype_data_st +{ + TestKey contentKey; + TestKey encryptionKey; + TestKc encKc; + TestKey macKey; + TestKc macKc; + SEC_OBJECTID provisionId; +}g_default_jtype_data = { + .contentKey = TESTKEY_AES128, + .encryptionKey = TESTKEY_AES128, + .encKc = TESTKC_SOC, + .macKey = TESTKEY_HMAC160, + .macKc = TESTKC_RAW, + .provisionId = SEC_OBJECTID_USER_BASE +}; + +#define RIGHTS_INIT(x) memset(x,0,SEC_KEYOUTPUTRIGHT_NUM) + +std::string toB64(SEC_BYTE *data, SEC_SIZE len); + +/* Convenience function to provision the jtype key and session keys using the default + * settings. Since the jtype is a wrapped key, a check is performed to test if the + * platform supports wrapped keys in the clear. if it doesn't, SOC key container + * needs to be used. + */ +static Sec_KeyHandle* _provisionJTypeAndSession(TestCtx &ctx, std::string &jtypeKey) +{ + Sec_KeyHandle *keyHandle = NULL; + + if (SecKey_IsProvisioned(ctx.proc(), SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY) + && SecKey_IsProvisioned(ctx.proc(), SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY)) { + SEC_PRINT("Session ENC and MAC keys are already provisioned. Not provisioning again.\n"); + } else { + SEC_PRINT("Provisioning session ENC and MAC.\n"); + + //provision encryption key + if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY, SEC_STORAGELOC_RAM, + g_default_jtype_data.encryptionKey, g_default_jtype_data.encKc)) { + SEC_LOG_ERROR("provisionKey failed"); + goto done; + } + + //provision maccing key + if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY, SEC_STORAGELOC_RAM, + g_default_jtype_data.macKey, g_default_jtype_data.macKc)) { + SEC_LOG_ERROR("provisionKey failed"); + goto done; + } + } + + //provision jtype key + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), g_default_jtype_data.provisionId, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_JTYPE, + (SEC_BYTE *)&jtypeKey[0], jtypeKey.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), g_default_jtype_data.provisionId, &keyHandle)) + { + SEC_LOG_ERROR("SecKey_GetInstance failed for jtype key"); + goto done; + } + +done: + + return keyHandle; +} + +/* SecCipher_GetInstance should fail with notBefore date in the future */ +Sec_Result testKeyCtrlKeyNotYetAvail(int version, const char *alg) +{ + Sec_Result result = SEC_RESULT_FAILURE; + TestCtx ctx; + Sec_CipherHandle *cipherHandle = NULL; + Sec_KeyHandle *keyHandle = NULL; + SEC_BYTE iv[16] = {0x01}; + const char *notBeforeTimeStr = "2022-12-09T19:53:06Z"; + + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + /* key avail in one hour */ + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + g_default_jtype_data.contentKey, + g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), + SEC_FALSE, 1, + notBeforeTimeStr, + "2030-12-09T19:53:06Z", + g_default_jtype_data.macKey, + version, alg); + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + goto done; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + goto done; + } + + if (SEC_RESULT_FAILURE + != SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, + keyHandle, iv, &cipherHandle)) + { + SEC_LOG_ERROR( + "expected SeCcipher_GetInstance to fail for jtype key with notBefore [%s]", notBeforeTimeStr); + + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (cipherHandle) + SecCipher_Release(cipherHandle); + + if (keyHandle) + SecKey_Release(keyHandle); + + return result; +} + +/* Generate a jtype key with usage of key only. SecCipher_GetInstance should fail. */ +Sec_Result testKeyCtrlKeyOnlyUsage(int version, const char *alg) +{ + Sec_Result result = SEC_RESULT_FAILURE; + TestCtx ctx; + Sec_CipherHandle *cipherHandle = NULL; + Sec_KeyHandle *keyHandle = NULL; + SEC_BYTE iv[16] = {0x01}; + + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + + /* expired key */ + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + g_default_jtype_data.contentKey, g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), + SEC_FALSE, SEC_KEYUSAGE_KEY, + "2010-12-09T19:53:06Z", "2025-12-09T01:02:03Z", + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + goto done; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + goto done; + } + + if (SEC_RESULT_SUCCESS == SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, + keyHandle, iv, &cipherHandle)) + { + SEC_LOG_ERROR( + "expected Seccipher_GetInstance to fail for key with usage flag for 'key' only"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (keyHandle) + SecKey_Release(keyHandle); + + if (cipherHandle) + SecCipher_Release(cipherHandle); + + return result; +} + +/* Generate a jtype key with usage of data only. */ +Sec_Result testKeyCtrlUnwrapWithKeyUsage(int version, const char *alg, TestKey contentKey) +{ + Sec_Result result = SEC_RESULT_FAILURE; + TestCtx ctx; + Sec_KeyHandle *keyHandle = NULL; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + contentKey, g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + createDefaultRights(TestCreds::getKeyType(contentKey)).c_str(), + SEC_FALSE, SEC_KEYUSAGE_KEY, + "2010-12-09T19:53:06Z", "2025-12-09T01:02:03Z", + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + /* FIXME: actually encrypt the key bytes first */ + + //create wrapped asn1 key + std::vector wrapped = TestCtx::random(16); + std::vector asn1; + asn1.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE asn1_len; + SEC_BYTE input[SEC_AES_BLOCK_SIZE]; + SEC_BYTE output[SEC_AES_BLOCK_SIZE]; + SEC_SIZE output_len; + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1(&wrapped[0], wrapped.size(), + SEC_KEYTYPE_AES_128, + g_default_jtype_data.provisionId, NULL, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, + &asn1[0], asn1.size(), &asn1_len)) { + SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); + goto done; + } + asn1.resize(asn1_len); + + //provision wrapped + SEC_PRINT("Provisioning wrapped\n"); + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE+1, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_ASN1, + (SEC_BYTE *) &asn1[0], asn1.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + goto done; + } + + SEC_PRINT("Wielding wrapped\n"); + if (SEC_RESULT_SUCCESS != SecCipher_SingleInputId(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_OBJECTID_USER_BASE+1, + NULL, input, sizeof(input), output, + sizeof(output), &output_len)) { + SEC_LOG_ERROR("SecCipher_SingleInputId failed"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (keyHandle) + SecKey_Release(keyHandle); + + return result; +} + +Sec_Result testKeyCtrlUnwrapWithDataUsage(int version, const char *alg) +{ + Sec_Result result = SEC_RESULT_FAILURE; + TestCtx ctx; + Sec_KeyHandle *keyHandle = NULL; + //create wrapped asn1 key + std::vector wrapped = TestCtx::random(16); + std::vector asn1; + asn1.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE asn1_len; + SEC_BYTE input[SEC_AES_BLOCK_SIZE]; + SEC_BYTE output[SEC_AES_BLOCK_SIZE]; + SEC_SIZE output_len; + std::string jtype; + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key(SEC_KEYCONTAINER_MAX_LEN,0); + SEC_SIZE exported_len = 0; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + goto done; + } + + jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + g_default_jtype_data.contentKey, g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), + SEC_TRUE, SEC_KEYUSAGE_DATA, + "2010-12-09T19:53:06Z", "2025-12-09T01:02:03Z", + g_default_jtype_data.macKey, + version, alg); + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1(&wrapped[0], wrapped.size(), + SEC_KEYTYPE_AES_128, + SEC_OBJECTID_USER_BASE, NULL, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, + &asn1[0], asn1.size(), &asn1_len)) { + SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); + goto done; + } + asn1.resize(asn1_len); + + //provision wrapped + SEC_PRINT("Provisioning wrapped\n"); + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE+1, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_ASN1, + (SEC_BYTE *) &asn1[0], asn1.size())) + { + //this will fail on some platforms, others will fail when wielding cipher + result = SEC_RESULT_SUCCESS; + goto done; + } + + + SEC_PRINT("Wielding wrapped\n"); + if (SEC_RESULT_SUCCESS == SecCipher_SingleInputId(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_OBJECTID_USER_BASE+1, + NULL, input, sizeof(input), output, + sizeof(output), &output_len)) + { + SEC_LOG_ERROR("Expected provisioning or wielding cipher to fail"); + goto done; + } + + /* export the jtype and re-provision as exported to test exported logic as well */ + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("SecKey_Export failed"); + goto done; + } + SecKey_Release(keyHandle); + keyHandle = NULL; + SecKey_Delete(ctx.proc(), g_default_jtype_data.provisionId); + + /* provision exported */ + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), g_default_jtype_data.provisionId, SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, + &exported_key[0], exported_len)) + { + SEC_LOG_ERROR("SecKey_Provision failed for exported key"); + goto done; + } + + if (SEC_RESULT_SUCCESS == SecCipher_SingleInputId(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_OBJECTID_USER_BASE+1, + NULL, input, sizeof(input), output, + sizeof(output), &output_len)) + { + SEC_LOG_ERROR("Expected provisioning or wielding cipher to fail"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (keyHandle) + SecKey_Release(keyHandle); + + return result; +} + +/* SecCipher_Getinstance should fail with notOnOrAfter date < now */ +Sec_Result testKeyCtrlKeyExpired(int version, const char *alg) +{ + TestCtx ctx; + + Sec_CipherHandle *cipherHandle = NULL; + Sec_KeyHandle *keyHandle = NULL; + SEC_BYTE iv[16] = {0x01}; + const char *notOnOrAfter = "2015-12-09T19:53:06Z"; + Sec_Result result = SEC_RESULT_FAILURE; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + /* expired key */ + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + g_default_jtype_data.contentKey, g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), + SEC_FALSE, 1, + "2010-12-09T19:53:06Z", notOnOrAfter, + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + goto done; + } + + if (SEC_RESULT_SUCCESS + == SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, + keyHandle, iv, &cipherHandle)) + { + SEC_LOG_ERROR( + "expected Seccipher_GetInstance to fail for jtype key with expired notOnOrAfter [%s]", + notOnOrAfter); + goto done; + } + + result = SEC_RESULT_SUCCESS; +done: + if (cipherHandle) + SecCipher_Release(cipherHandle); + + if (keyHandle) + SecKey_Release(keyHandle); + + + return result; +} + +/* test that export fails with a jtype key where is_cacheable is false */ +Sec_Result testKeyCtrlExportUnCachable(int version, const char *alg) +{ + + Sec_Result result = SEC_RESULT_FAILURE; + TestCtx ctx; + Sec_KeyHandle *keyHandle = NULL; + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key(SEC_KEYCONTAINER_MAX_LEN,0); + SEC_SIZE exported_len = 0; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + g_default_jtype_data.contentKey, g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), + SEC_FALSE, 1, + "2010-12-09T19:53:06Z", "2037-12-09T19:53:06Z", + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + return SEC_RESULT_FAILURE; + } + + //get properties from j-type + Sec_KeyProperties jtype_props; + if (SEC_RESULT_SUCCESS != SecKey_GetProperties(keyHandle, &jtype_props)) { + SEC_LOG_ERROR("SecKey_GetProperties failed"); + goto done; + } + + //export j-type key + if (SEC_RESULT_SUCCESS == SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("expected SecKey_ExportKey to fail with cachable flag set to false"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (keyHandle) + SecKey_Release(keyHandle); + + return result; +} + +Sec_Result testKeyCtrlExpectedJTypeProperties(int version, const char *alg, TestKey contentKey) +{ + TestCtx ctx; + Sec_KeyHandle *keyHandle = NULL; + const char* notOnOrAfter = "2025-12-09T19:53:06Z"; + const char* notBefore = "2010-12-09T19:53:06Z"; + const char* keyId = "9c621060-3a17-4813-8dcb-2e9187aaa903"; + Sec_KeyProperties keyProps; + SEC_BOOL cacheable = SEC_FALSE; + Sec_KeyUsage keyUsage = SEC_KEYUSAGE_KEY; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + /* expired key */ + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + contentKey, g_default_jtype_data.encryptionKey, keyId, + createDefaultRights(TestCreds::getKeyType(contentKey)).c_str(), + cacheable, keyUsage, + notBefore, notOnOrAfter, + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + return SEC_RESULT_FAILURE; + } + + SecKey_GetProperties(keyHandle, &keyProps); + SecKey_Release(keyHandle); + + if (0!=strcmp(keyId,keyProps.keyId)) + { + SEC_LOG_ERROR("keyid mismatch expecting '%s', received '%s'", keyId, keyProps.keyId); + return SEC_RESULT_FAILURE; + } + if (0!=strcmp(notOnOrAfter,keyProps.notOnOrAfter)) + { + SEC_LOG_ERROR("notOnOrAfter mismatch expecting '%s', received '%s'", notOnOrAfter, keyProps.notOnOrAfter); + return SEC_RESULT_FAILURE; + } + if (0!=strcmp(notBefore,keyProps.notBefore)) + { + SEC_LOG_ERROR("notBefore mismatch expecting '%s', received '%s'", notBefore, keyProps.notBefore); + return SEC_RESULT_FAILURE; + } + if (TestCreds::getKeyType(contentKey) != keyProps.keyType) + { + SEC_LOG_ERROR("keyType mismatch. got %d, expected %d", keyProps.keyType, TestCreds::getKeyType(contentKey)); + return SEC_RESULT_FAILURE; + } + if (SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)) != keyProps.keyLength) + { + SEC_LOG_ERROR("keyLength mismatch expecting %d, received %d", SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)), keyProps.keyLength); + return SEC_RESULT_FAILURE; + } + if (cacheable != keyProps.cacheable) + { + SEC_LOG_ERROR("cacheable mismatch, expecting %d", cacheable); + return SEC_RESULT_FAILURE; + } + if (keyUsage != keyProps.usage) + { + SEC_LOG_ERROR("usage mismatch, expecting %d, received %d", keyUsage, keyProps.usage); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyCtrlBadB64Jtype(int version, const char *alg) +{ + TestCtx ctx; + TestKey contentKey = TESTKEY_AES128; + TestKey encryptionKey = TESTKEY_AES128; + TestKey macKey = TESTKEY_HMAC160; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::string jtype = "B" + createJTypeContainer("1WXQ46EYW65SENER", "HS256", + contentKey, encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), + SEC_FALSE, 1, + "2010-12-09T19:53:06Z", "2037-12-09T19:53:06Z", + macKey, + version, alg); + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + //provision jtype key + if (SEC_RESULT_FAILURE != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_JTYPE, + (SEC_BYTE *) &jtype[0], jtype.size())) { + SEC_LOG_ERROR("expected provisionKey to failed with bad base64"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyCtrlExportEcc(TestKc kc) +{ + Sec_Result result = SEC_RESULT_FAILURE; + TestCtx ctx; + SEC_OBJECTID priv_id = SEC_OBJECTID_USER_BASE +1; + Sec_KeyHandle *priv_key_handle = NULL; + TestKey pub = TESTKEY_EC_PUB; + TestKey priv = TESTKEY_EC_PRIV; + std::vector clear = TestCtx::random(32); + std::vector derivation_input = TestCtx::random(16); + SEC_BYTE exported_buffer[1024]; + std::vector signature; + signature.resize(512); + SEC_SIZE exported_size = 0, signature_size = 0; + + if (ctx.init() != SEC_RESULT_SUCCESS) + { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == (priv_key_handle = ctx.provisionKey(priv_id, SEC_STORAGELOC_RAM, priv, kc))) + { + SEC_LOG_ERROR("provision priv key failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS + != SecSignature_SingleInputId(ctx.proc(), + SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, + SEC_SIGNATUREMODE_SIGN, priv_id, &clear[0], clear.size(), + &signature[0], &signature_size)) + { + + SEC_LOG_ERROR("SecSignature_SingleInputId failed on signing with priv ecc key"); + return SEC_RESULT_FAILURE; + } + signature.resize(signature_size); + + //verify + if (!verifyOpenSSL(SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, pub, clear, signature)) { + SEC_LOG_ERROR("verifyOpenSSL failed"); + return SEC_RESULT_FAILURE; + } + + /* export priv key */ + if ( SEC_RESULT_SUCCESS != SecKey_ExportKey(priv_key_handle, + &derivation_input[0], exported_buffer, sizeof(exported_buffer), &exported_size)) + { + SEC_LOG_ERROR("SecKey_Export failed for private ecc"); + return SEC_RESULT_FAILURE; + } + SecKey_Delete(ctx.proc(), priv_id); + + if (SEC_RESULT_SUCCESS + != SecKey_Provision(ctx.proc(), priv_id, SEC_STORAGELOC_RAM, + SEC_KEYCONTAINER_EXPORTED, exported_buffer, exported_size)) + { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + signature.resize(512); + if (SEC_RESULT_SUCCESS + != SecSignature_SingleInputId(ctx.proc(), + SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, + SEC_SIGNATUREMODE_VERIFY, priv_id, &clear[0], clear.size(), + &signature[0], &signature_size)) + { + + SEC_LOG_ERROR("SecSignature_SingleInputId failed on verification with priv ecc key"); + return SEC_RESULT_FAILURE; + } + signature.resize(signature_size); + + //verify + if (!verifyOpenSSL(SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, pub, clear, signature)) { + SEC_LOG_ERROR("verifyOpenSSL failed"); + return SEC_RESULT_FAILURE; + } + + result = SEC_RESULT_SUCCESS; + + return result; +} + +Sec_Result testKeyCtrlExportAes(TestKey aesKey, Sec_StorageLoc location) +{ + Sec_Result result = SEC_RESULT_FAILURE; + Sec_KeyHandle *key_handle = NULL; + + TestCtx ctx; + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + SEC_BYTE exported_key[4096]; + SEC_SIZE exported_key_len = 0; + SEC_SIZE exported_key_len2 = 0; + Sec_CipherAlgorithm alg = SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING; + Sec_KeyProperties keyProps; + std::vector encrypted(16); + std::vector decrypted(16); + SEC_SIZE enc_len = 0; + + memset(&keyProps,0, sizeof(Sec_KeyProperties)); + + if (key_handle != NULL) { + SecKey_Release(key_handle); + } + key_handle = NULL; + + // input to export function + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + + //gen iv + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + + //gen clear input + std::vector clear = TestCtx::random(SEC_AES_BLOCK_SIZE); + + if (ctx.init() != SEC_RESULT_SUCCESS) + { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_PRINT("SEC_KEYCONTAINER_RAW_AES_128\n"); + ProvKey *p = TestCreds::getKey(aesKey, TESTKC_RAW, id); + SEC_PRINT("provisioning " SEC_OBJECTID_PATTERN "\n", id); + + if (SEC_RESULT_SUCCESS + != SecKey_Provision(ctx.proc(), id, location, + aesKey == TESTKEY_AES128 ? SEC_KEYCONTAINER_RAW_AES_128 : SEC_KEYCONTAINER_RAW_AES_256, + &p->key[0], + p->key.size())) + { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + //encrypt + if (SEC_RESULT_SUCCESS + != SecCipher_SingleInputId(ctx.proc(), alg, + SEC_CIPHERMODE_ENCRYPT, id, + NULL, &clear[0], clear.size(), &encrypted[0], + encrypted.size(), &enc_len)) + { + + SEC_LOG_ERROR("Encrypt failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS + != SecKey_GetInstance(ctx.proc(), id, &key_handle)) + { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + goto done; + } + // get size + if (SEC_RESULT_SUCCESS + != SecKey_ExportKey(key_handle, &derivation_input[0], + NULL, 0, &exported_key_len2)) + { + SEC_LOG_ERROR("SecKey_ExportKey failed for key size"); + goto done; + } + if (SEC_RESULT_SUCCESS + != SecKey_ExportKey(key_handle, &derivation_input[0], + exported_key, sizeof(exported_key), &exported_key_len)) + { + SEC_LOG_ERROR("SecKey_ExportKey failed"); + goto done; + } + SecKey_Release(key_handle); + key_handle = NULL; + + if (exported_key_len2 != exported_key_len) + { + SEC_LOG_ERROR("exported key length mismatch, expected %d, received %d", + exported_key_len2, exported_key_len); + goto done; + } + + // NOTE: on intel, exported keys MUST be provisioned with the same object_id as when + // they were originally provisioned. + SEC_PRINT("provisioning exported " SEC_OBJECTID_PATTERN "\n", id); + if (SEC_RESULT_SUCCESS + != SecKey_Provision(ctx.proc(), id, SEC_STORAGELOC_RAM, + SEC_KEYCONTAINER_EXPORTED, exported_key, + exported_key_len)) + { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + // test decrypt with exported key + if (SEC_RESULT_SUCCESS + != SecCipher_SingleInputId(ctx.proc(), alg, + SEC_CIPHERMODE_DECRYPT, id, + NULL, &encrypted[0], encrypted.size(), &decrypted[0], + decrypted.size(), &enc_len)) + { + + SEC_LOG_ERROR("Decrypt failed"); + goto done; + } + TestCtx::printHex("derivation input", derivation_input); + TestCtx::printHex(" encrypted", encrypted); + TestCtx::printHex(" decrypted", decrypted); + TestCtx::printHex(" clear", clear); + if (clear != decrypted) + { + SEC_LOG_ERROR("decrypted vector mismatch"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (key_handle != NULL) + SecKey_Release(key_handle); + + return result; +} + +Sec_Result testKeyCtrlExportDerived() +{ + Sec_Result result = SEC_RESULT_FAILURE; + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + SEC_BYTE exported_key[4096]; + SEC_SIZE exported_key_len = 0; + Sec_KeyHandle *key_handle = NULL; + TestCtx ctx; + SEC_BYTE enc_output[256]; + SEC_SIZE enc_output_len = 0; + SEC_BYTE enc_output2[256]; + SEC_SIZE enc_output_len2 = 0; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + + std::vector input = TestCtx::random(25); + TestCtx::printHex("input", input); + + if (SEC_RESULT_SUCCESS != SecKey_Derive_VendorAes128(ctx.proc(), + id, SEC_STORAGELOC_RAM, &input[0], input.size())) { + SEC_LOG_ERROR("SecKey_Derive_VendorAes128 failed"); + return SEC_RESULT_FAILURE; + } + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, &key_handle)) + { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS + != SecCipher_SingleInputId(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, + SEC_CIPHERMODE_ENCRYPT, id, + NULL, &derivation_input[0], derivation_input.size(), + enc_output, sizeof(enc_output), &enc_output_len)) + { + + SEC_LOG_ERROR("Encrypt failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(key_handle, &derivation_input[0], exported_key, sizeof(exported_key), &exported_key_len)) + { + SEC_LOG_ERROR("SecKey_ExportKey failed for derived key type"); + goto done; + } + SecKey_Release(key_handle); + key_handle = NULL; + SecKey_Delete(ctx.proc(),id); + + /* import exported derived key */ + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), id, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, + exported_key, exported_key_len)) { + SEC_LOG_ERROR("SecKey_Provision failed for exported key"); + return SEC_RESULT_FAILURE; + } + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, &key_handle)) + { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + goto done; + } + if (SEC_RESULT_SUCCESS + != SecCipher_SingleInputId(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, + SEC_CIPHERMODE_DECRYPT, id, + NULL, enc_output, enc_output_len, + enc_output2, sizeof(enc_output2), &enc_output_len2)) + { + + SEC_LOG_ERROR("Decrypt failed"); + goto done; + } + if (derivation_input.size() != enc_output_len2) + { + SEC_LOG_ERROR("enc output size mismatch, expected %d, %d", derivation_input.size(), + enc_output_len2); + goto done; + } + Sec_PrintHex(&derivation_input[0], derivation_input.size()); + SEC_PRINT("\n"); + Sec_PrintHex(enc_output2, enc_output_len2); + SEC_PRINT("\n"); + if (0!=memcmp(&derivation_input[0], enc_output2, enc_output_len2)) + { + SEC_LOG_ERROR("enc output mismatch"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (key_handle) + SecKey_Release(key_handle); + + return result; +} + +Sec_Result testKeyCtrlExpectedExportedProperties(int version, const char *alg, TestKey contentKey) +{ + TestCtx ctx; + + SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; + std::string b64rights; + Sec_KeyHandle *keyHandle = NULL; + const char* notOnOrAfter = "2025-12-09T19:53:06Z"; + const char* notBefore = "2010-12-09T19:53:06Z"; + const char* keyId = "9c621060-3a17-4813-8dcb-2e9187aaa903"; + Sec_KeyProperties keyProps; + SEC_BOOL cacheable = SEC_TRUE; + Sec_KeyUsage keyUsage = SEC_KEYUSAGE_KEY; + SEC_BYTE exported_key[4096]; + SEC_SIZE exported_key_len = 0; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + RIGHTS_INIT(jtypeRights); + jtypeRights[0]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; + jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; + jtypeRights[2]= SEC_KEYOUTPUTRIGHT_ANALOG_OUTPUT_ALLOWED; + b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); + + /* expired key */ + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + contentKey, g_default_jtype_data.encryptionKey, keyId, + b64rights.c_str(), cacheable, keyUsage, + notBefore, notOnOrAfter, + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + return SEC_RESULT_FAILURE; + } + + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + + if (SEC_RESULT_SUCCESS + != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, + sizeof(exported_key), &exported_key_len)) + { + SecKey_Release(keyHandle); + SEC_LOG_ERROR("SecKey_ExportKey failed"); + return SEC_RESULT_FAILURE; + } + + SecKey_Release(keyHandle); + keyHandle = NULL; + SecKey_Delete(ctx.proc(),SEC_OBJECTID_USER_BASE); + + // reprovision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, + exported_key, exported_key_len)) { + SEC_LOG_ERROR("SecKey_Provision failed for exported key"); + return SEC_RESULT_FAILURE; + } + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &keyHandle)) + { + SEC_LOG_ERROR("SecKey_GetInstance failed for exported key"); + return SEC_RESULT_FAILURE; + } + + SecKey_GetProperties(keyHandle, &keyProps); + SecKey_Release(keyHandle); + keyHandle = NULL; + + if (0!=strcmp(keyId,keyProps.keyId)) + { + SEC_LOG_ERROR("keyid mismatch expecting '%s', received '%s'", keyId, keyProps.keyId); + return SEC_RESULT_FAILURE; + } + if (0!=strcmp(notOnOrAfter,keyProps.notOnOrAfter)) + { + SEC_LOG_ERROR("notOnOrAfter mismatch expecting '%s', received '%s'", notOnOrAfter, keyProps.notOnOrAfter); + return SEC_RESULT_FAILURE; + } + if (0!=strcmp(notBefore,keyProps.notBefore)) + { + SEC_LOG_ERROR("notBefore mismatch expecting '%s', received '%s'", notBefore, keyProps.notBefore); + return SEC_RESULT_FAILURE; + } + if (TestCreds::getKeyType(contentKey) != keyProps.keyType) + { + SEC_LOG_ERROR("keyType mismatch. got %d, expected %d", keyProps.keyType, TestCreds::getKeyType(contentKey)); + return SEC_RESULT_FAILURE; + } + if (SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)) != keyProps.keyLength) + { + SEC_LOG_ERROR("keyLength mismatch expecting %d, received %d", SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)), keyProps.keyLength); + return SEC_RESULT_FAILURE; + } + if (cacheable != keyProps.cacheable) + { + SEC_LOG_ERROR("cacheable mismatch, expecting %d", cacheable); + return SEC_RESULT_FAILURE; + } + if (keyUsage != keyProps.usage) + { + SEC_LOG_ERROR("usage mismatch, expecting %d, received %d", keyUsage, keyProps.usage); + return SEC_RESULT_FAILURE; + } + + if (0!= memcmp(keyProps.rights, jtypeRights, 8)) + { + SEC_LOG_ERROR("keyrights mismatch"); + return SEC_RESULT_FAILURE; + } + + + return SEC_RESULT_SUCCESS; +} + +/* export a key, re-provision it, then export it again + */ +Sec_Result testKeyCtrlExportProvisionExport(int version, const char *alg, TestKey contentKey) +{ + TestCtx ctx; + + SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; + std::string b64rights; + Sec_KeyHandle *keyHandle = NULL; + const char* notOnOrAfter = "2025-12-09T19:53:06Z"; + const char* notBefore = "2010-12-09T19:53:06Z"; + const char* keyId = "9c621060-3a17-4813-8dcb-2e9187aaa903"; + Sec_KeyProperties keyProps; + SEC_BOOL cacheable = SEC_TRUE; + Sec_KeyUsage keyUsage = SEC_KEYUSAGE_KEY; + SEC_BYTE exported_key[4096]; + SEC_SIZE exported_key_len = 0; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + RIGHTS_INIT(jtypeRights); + jtypeRights[0]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; + jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; + jtypeRights[2]= SEC_KEYOUTPUTRIGHT_ANALOG_OUTPUT_ALLOWED; + b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); + + /* expired key */ + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + contentKey, g_default_jtype_data.encryptionKey, keyId, + b64rights.c_str(), cacheable, keyUsage, + notBefore, notOnOrAfter, + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + return SEC_RESULT_FAILURE; + } + + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + + if (SEC_RESULT_SUCCESS + != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, + sizeof(exported_key), &exported_key_len)) + { + SecKey_Release(keyHandle); + SEC_LOG_ERROR("SecKey_ExportKey failed"); + return SEC_RESULT_FAILURE; + } + + SecKey_Release(keyHandle); + keyHandle = NULL; + SecKey_Delete(ctx.proc(),SEC_OBJECTID_USER_BASE); + + // reprovision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, + exported_key, exported_key_len)) { + SEC_LOG_ERROR("SecKey_Provision failed for exported key"); + return SEC_RESULT_FAILURE; + } + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &keyHandle)) + { + SEC_LOG_ERROR("SecKey_GetInstance failed for exported key"); + return SEC_RESULT_FAILURE; + } + + // export it again + derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + if (SEC_RESULT_SUCCESS + != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, + sizeof(exported_key), &exported_key_len)) + { + SecKey_Release(keyHandle); + SEC_LOG_ERROR("SecKey_ExportKey failed"); + return SEC_RESULT_FAILURE; + } + SecKey_Release(keyHandle); + keyHandle = NULL; + SecKey_Delete(ctx.proc(),SEC_OBJECTID_USER_BASE); + + // reprovision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, + exported_key, exported_key_len)) { + SEC_LOG_ERROR("SecKey_Provision failed for exported key"); + return SEC_RESULT_FAILURE; + } + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &keyHandle)) + { + SEC_LOG_ERROR("SecKey_GetInstance failed for exported key"); + return SEC_RESULT_FAILURE; + } + + SecKey_GetProperties(keyHandle, &keyProps); + SecKey_Release(keyHandle); + keyHandle = NULL; + + if (0!=strcmp(keyId,keyProps.keyId)) + { + SEC_LOG_ERROR("keyid mismatch expecting '%s', received '%s'", keyId, keyProps.keyId); + return SEC_RESULT_FAILURE; + } + if (0!=strcmp(notOnOrAfter,keyProps.notOnOrAfter)) + { + SEC_LOG_ERROR("notOnOrAfter mismatch expecting '%s', received '%s'", notOnOrAfter, keyProps.notOnOrAfter); + return SEC_RESULT_FAILURE; + } + if (0!=strcmp(notBefore,keyProps.notBefore)) + { + SEC_LOG_ERROR("notBefore mismatch expecting '%s', received '%s'", notBefore, keyProps.notBefore); + return SEC_RESULT_FAILURE; + } + if (TestCreds::getKeyType(contentKey) != keyProps.keyType) + { + SEC_LOG_ERROR("keyType mismatch. got %d, expected %d", keyProps.keyType, TestCreds::getKeyType(contentKey)); + return SEC_RESULT_FAILURE; + } + if (SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)) != keyProps.keyLength) + { + SEC_LOG_ERROR("keyLength mismatch expecting %d, received %d", SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)), keyProps.keyLength); + return SEC_RESULT_FAILURE; + } + if (cacheable != keyProps.cacheable) + { + SEC_LOG_ERROR("cacheable mismatch, expecting %d", cacheable); + return SEC_RESULT_FAILURE; + } + if (keyUsage != keyProps.usage) + { + SEC_LOG_ERROR("usage mismatch, expecting %d, received %d", keyUsage, keyProps.usage); + return SEC_RESULT_FAILURE; + } + + if (0!= memcmp(keyProps.rights, jtypeRights, 8)) + { + SEC_LOG_ERROR("keyrights mismatch"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +// get just size needed for key by passing NULL out buffer to KeyExport call +Sec_Result testKeyCtrlKeyExportGetSize(int version, const char *alg) +{ + TestCtx ctx; + + SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; + std::string b64rights; + Sec_KeyHandle *keyHandle = NULL; + const char* notOnOrAfter = "2025-12-09T19:53:06Z"; + const char* notBefore = "2010-12-09T19:53:06Z"; + const char* keyId = "9c621060-3a17-4813-8dcb-2e9187aaa903"; + SEC_BOOL cacheable = SEC_TRUE; + Sec_KeyUsage keyUsage = SEC_KEYUSAGE_KEY; + SEC_BYTE exported_key[4096]; + SEC_SIZE exported_key_len = 0; + SEC_SIZE exported_key_len2 = 0; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + RIGHTS_INIT(jtypeRights); + jtypeRights[0]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; + jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; + jtypeRights[2]= SEC_KEYOUTPUTRIGHT_ANALOG_OUTPUT_ALLOWED; + b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); + + /* expired key */ + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", + g_default_jtype_data.contentKey, g_default_jtype_data.encryptionKey, keyId, + b64rights.c_str(), cacheable, keyUsage, + notBefore, notOnOrAfter, + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + return SEC_RESULT_FAILURE; + } + + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + + // get size + if (SEC_RESULT_SUCCESS + != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], NULL, 0, &exported_key_len2)) + { + SecKey_Release(keyHandle); + SEC_LOG_ERROR("SecKey_ExportKey failed while getting key length"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS + != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, + sizeof(exported_key), &exported_key_len)) + { + SecKey_Release(keyHandle); + SEC_LOG_ERROR("SecKey_ExportKey failed"); + return SEC_RESULT_FAILURE; + } + SecKey_Release(keyHandle); + keyHandle = NULL; + + if (exported_key_len != exported_key_len2) + { + SEC_LOG_ERROR("exported key length mismatch, expected %d, received %d", + exported_key_len2, exported_key_len); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeyCtrlKeyExportHmac(TestKey macKey, Sec_StorageLoc location) +{ + TestCtx ctx; + Sec_Result result = SEC_RESULT_FAILURE; + + Sec_KeyHandle *keyHandle = NULL; + TestKc macKc = TESTKC_RAW; + SEC_BYTE exported_key[4096]; + SEC_SIZE exported_key_len = 0; + SEC_SIZE exported_key_len2 = 0; + Sec_MacHandle *macHandle = NULL; + SEC_BYTE mac_output[256]; + SEC_SIZE mac_output_len = 0; + SEC_BYTE mac_output2[256]; + SEC_SIZE mac_output_len2 = 0; + SEC_OBJECTID id = SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY ; + + memset(mac_output, 0, sizeof(mac_output)); + memset(mac_output2, 0, sizeof(mac_output2)); + + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + goto done; + } + + //provision maccing key + if (NULL == ctx.provisionKey(id, location, macKey, macKc)) { + SEC_LOG_ERROR("provisionKey failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, + &keyHandle)) + { + SEC_LOG_ERROR("SecKey_GetInstance failed for session mac key"); + goto done; + } + + if(SEC_RESULT_SUCCESS != SecMac_GetInstance(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA1, + keyHandle, &macHandle)) + { + SEC_LOG_ERROR("SecMac_GetInstance failed for hmac key"); + goto done; + } + if (SEC_RESULT_SUCCESS != SecMac_Update(macHandle, (SEC_BYTE*)&derivation_input[0], derivation_input.size())) + { + SEC_LOG_ERROR("SecMac_GetInstance failed for hmac key"); + goto done; + } + + SecMac_Release(macHandle, mac_output, &mac_output_len); + macHandle = NULL; + + // get size + if (SEC_RESULT_SUCCESS + != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], NULL, 0, &exported_key_len2)) + { + SEC_LOG_ERROR("SecKey_ExportKey failed while getting key length"); + goto done; + } + + if (SEC_RESULT_SUCCESS + != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, + sizeof(exported_key), &exported_key_len)) + { + SEC_LOG_ERROR("SecKey_ExportKey failedi for mac key"); + goto done; + } + SecKey_Release(keyHandle); + keyHandle = NULL; + + SecKey_Delete(ctx.proc(),id); + + if (exported_key_len != exported_key_len2) + { + SEC_LOG_ERROR("exported key length mismatch, expected %d, received %d", + exported_key_len2, exported_key_len); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), id, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, + exported_key, exported_key_len)) { + SEC_LOG_ERROR("SecKey_Provision failed for exported hmac key"); + return SEC_RESULT_FAILURE; + } + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, + &keyHandle)) + { + SEC_LOG_ERROR("SecKey_GetInstance failed for session mac key"); + goto done; + } + if(SEC_RESULT_SUCCESS != SecMac_GetInstance(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA1, + keyHandle, &macHandle)) + { + SEC_LOG_ERROR("SecMac_GetInstance failed for hmac key"); + goto done; + } + if (SEC_RESULT_SUCCESS != SecMac_Update(macHandle, (SEC_BYTE*)&derivation_input[0], derivation_input.size())) + { + SEC_LOG_ERROR("SecMac_GetInstance failed for hmac key"); + goto done; + } + + SecMac_Release(macHandle, mac_output2, &mac_output_len2); + macHandle = NULL; + + if (mac_output_len != mac_output_len2) + { + SEC_LOG_ERROR("mac output size mismatch, %d, %d", mac_output_len, mac_output_len2); + goto done; + } + Sec_PrintHex(mac_output, mac_output_len); + SEC_PRINT("\n"); + Sec_PrintHex(mac_output2, mac_output_len2); + SEC_PRINT("\n"); + if (0!=memcmp(mac_output, mac_output2, mac_output_len2)) + { + SEC_LOG_ERROR("mac output mismatch"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (macHandle) + SecMac_Release(macHandle,mac_output, &mac_output_len); + if (keyHandle) + SecKey_Release(keyHandle); + + + return result; +} + +/* Only Opaque buffers can be used when SVP is required */ +Sec_Result testKeyCtrlCipherFailsSvpNonOpaque(int version, const char *alg) +{ + Sec_Result result = SEC_RESULT_FAILURE; + TestCtx ctx; + Sec_CipherHandle *cipherHandle = NULL; + Sec_KeyHandle *keyHandle = NULL; + SEC_BYTE iv[16] = {0x01}; + SEC_BYTE clear_text[16] = {0x01}; + SEC_BYTE cipher_text[16]; + SEC_SIZE bytesWritten = 0; + const char *notBeforeTimeStr = "2010-12-09T19:53:06Z"; + const char *notOnOrAfterTimeStr = "2022-12-09T19:53:06Z"; + SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; + std::string b64rights; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + RIGHTS_INIT(jtypeRights); + jtypeRights[0]= SEC_KEYOUTPUTRIGHT_SVP_REQUIRED; + jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; + jtypeRights[2]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; + b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); + + /* key avail in one hour */ + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", + "HS256", + g_default_jtype_data.contentKey, + g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + b64rights.c_str(), SEC_TRUE, 1, + notBeforeTimeStr, + notOnOrAfterTimeStr, + g_default_jtype_data.macKey, + version, alg); + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + goto done; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + goto done; + } + + if (SEC_RESULT_SUCCESS + != SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, + keyHandle, iv, &cipherHandle)) + { + SEC_LOG_ERROR( "SeCcipher_GetInstance failed" ); + goto done; + } + + if (SEC_RESULT_SUCCESS == + SecCipher_Process(cipherHandle, clear_text, sizeof(clear_text), SEC_TRUE, cipher_text, sizeof(cipher_text), &bytesWritten)) + { + SEC_LOG_ERROR( + "expected SeCcipher_Process to fail when processing non-opaque buffer with SVP required"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (cipherHandle) + SecCipher_Release(cipherHandle); + + if (keyHandle) + SecKey_Release(keyHandle); + + return result; +} + +/* cipher process succeeds with svp required and opaque buffer */ +Sec_Result testKeyCtrlCipherSvpOpaque(int version, const char *alg, TestKey contentKey) +{ + Sec_Result result = SEC_RESULT_FAILURE; + TestCtx ctx; + Sec_CipherHandle *cipherHandle = NULL; + Sec_KeyHandle *keyHandle = NULL; + SEC_BYTE iv[16] = {0x01}; + Sec_OpaqueBufferHandle *opaque_clear_text = NULL; + Sec_OpaqueBufferHandle *opaque_cipher_text = NULL; + SEC_SIZE bytesWritten = 0; + const char *notBeforeTimeStr = "2010-12-09T19:53:06Z"; + const char *notOnOrAfterTimeStr = "2022-12-09T19:53:06Z"; + SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; + std::string b64rights; + SEC_BYTE clear_data[16] = { 0x01 }; + + RIGHTS_INIT(jtypeRights); + jtypeRights[0]= SEC_KEYOUTPUTRIGHT_SVP_REQUIRED; + jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; + jtypeRights[2]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; + b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); + + + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", + "HS256", + contentKey, + g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + b64rights.c_str(), SEC_TRUE, 1, + notBeforeTimeStr, + notOnOrAfterTimeStr, + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + goto done; + } + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + goto done; + } + + /* init opaque buffers */ + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(16, &opaque_clear_text)) + { + SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); + goto done; + } + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(16, &opaque_cipher_text)) + { + SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); + goto done; + } + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Write(opaque_clear_text,0, clear_data, 16)) + { + SEC_LOG_ERROR("SecOpaqueBuffer_Write failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS + != SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, + keyHandle, iv, &cipherHandle)) + { + SEC_LOG_ERROR( "SeCcipher_GetInstance failed" ); + goto done; + } + + if (SEC_RESULT_SUCCESS != + SecCipher_ProcessOpaque(cipherHandle, opaque_clear_text, opaque_cipher_text, 16, SEC_TRUE, &bytesWritten)) + { + SEC_LOG_ERROR( + "SeCcipher_ProcessOpaque failed"); + goto done; + } + if (bytesWritten != 16) + { + SEC_LOG_ERROR("expected output size to be 16, received %d", (int)bytesWritten); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (cipherHandle) + SecCipher_Release(cipherHandle); + + if (keyHandle) + SecKey_Release(keyHandle); + + if (opaque_clear_text) + SecOpaqueBuffer_Free(opaque_clear_text); + + if (opaque_cipher_text) + SecOpaqueBuffer_Free(opaque_cipher_text); + + return result; +} + +Sec_Result testKeyCtrlCipherSvpDataShiftOpaque(int version, const char *alg) +{ + Sec_Result result = SEC_RESULT_FAILURE; + SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; + std::string b64rights; + const char *notBeforeTimeStr = "2010-12-09T19:53:06Z"; + const char *notOnOrAfterTimeStr = "2022-12-09T19:53:06Z"; + TestCtx ctx; + Sec_OpaqueBufferHandle *inputHandle1 = NULL; + Sec_OpaqueBufferHandle *inputHandle2 = NULL; + Sec_OpaqueBufferHandle *outputHandle = NULL; + SEC_SIZE written = 0; + Sec_CipherHandle* cipherHandle = NULL; + Sec_KeyHandle *handle = NULL; + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + + RIGHTS_INIT(jtypeRights); + jtypeRights[0]= SEC_KEYOUTPUTRIGHT_SVP_REQUIRED; + jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; + jtypeRights[2]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; + b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); + + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", + "HS256", + g_default_jtype_data.contentKey, + g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + b64rights.c_str(), SEC_TRUE, 1, + notBeforeTimeStr, + notOnOrAfterTimeStr, + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + goto done; + } + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == (handle = _provisionJTypeAndSession(ctx, jtype))) + { + goto done; + } + + if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, handle, + &iv[0], &cipherHandle)) { + SEC_LOG_ERROR("SecCipher_GetInstance failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(8, &inputHandle1)) { + SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256-8, &inputHandle2)) { + SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &outputHandle)) { + SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecCipher_ProcessOpaque(cipherHandle, + inputHandle1, outputHandle, 8, SEC_FALSE, + &written)) { + SEC_LOG_ERROR("SecCipher_ProcessOpaque failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecCipher_ProcessCtrWithOpaqueDataShift(cipherHandle, inputHandle2, outputHandle, 256-8, &written, 8)) { + SEC_LOG_ERROR("SecCipher_ProcessCtrWithOpaqueDataShift failed"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (cipherHandle) + SecCipher_Release(cipherHandle); + if (handle) + SecKey_Release(handle); + if (outputHandle) + SecOpaqueBuffer_Free(outputHandle); + if (inputHandle1) + SecOpaqueBuffer_Free(inputHandle1); + if (inputHandle2) + SecOpaqueBuffer_Free(inputHandle2); + + return result; +} + +Sec_Result testKeyCtrlSvpCheckOpaque(int version, const char *alg, TestKey contentKey) +{ + TestCtx ctx; + Sec_Result result = SEC_RESULT_FAILURE; + SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; + std::string b64rights; + const char *notBeforeTimeStr = "2010-12-09T19:53:06Z"; + const char *notOnOrAfterTimeStr = "2022-12-09T19:53:06Z"; + Sec_CipherHandle* cipherHandle = NULL; + Sec_KeyHandle *handle = NULL, *handle2 = NULL; + std::vector input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector expected(SEC_AES_BLOCK_SIZE,0); + SEC_SIZE bytesWritten = 0; + Sec_OpaqueBufferHandle *inputHandle = NULL; + + RIGHTS_INIT(jtypeRights); + jtypeRights[0]= SEC_KEYOUTPUTRIGHT_SVP_REQUIRED; + jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; + jtypeRights[2]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; + b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); + + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", + "HS256", + contentKey, + g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + b64rights.c_str(), SEC_TRUE, 1, + notBeforeTimeStr, + notOnOrAfterTimeStr, + g_default_jtype_data.macKey, + version, alg); + + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + goto done; + } + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + if (NULL == (handle = _provisionJTypeAndSession(ctx, jtype))) + { + goto done; + } + + /* provision key setup expected test data */ + handle2=ctx.provisionKey(SEC_OBJECTID_USER_BASE +1, SEC_STORAGELOC_RAM, contentKey, TESTKC_RAW, SEC_FALSE); + if( handle2 == NULL ) + { + SEC_LOG_ERROR("provision failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecCipher_SingleInput(ctx.proc(), SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, + handle2, NULL, &input[0], input.size(), &expected[0], expected.size(), + &bytesWritten)) + { + SEC_LOG_ERROR("SecCipher_SingleInputId failed"); + goto done; + } + + /* cipher handle using jtype key */ + if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, handle, + NULL, &cipherHandle)) { + SEC_LOG_ERROR("SecCipher_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + TestCtx::printHex(" input", input); + TestCtx::printHex("expected", expected); + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(input.size(), &inputHandle)) { + SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Write(inputHandle, 0, &input[0], input.size())) { + SEC_LOG_ERROR("SecOpaqueBuffer_Write failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecCipher_KeyCheckOpaque(cipherHandle, inputHandle, SEC_AES_BLOCK_SIZE, &expected[0])) { + SEC_LOG_ERROR("SecCipher_KeyCheckOpaque failed"); + return SEC_RESULT_FAILURE; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (cipherHandle) + SecCipher_Release(cipherHandle); + if (inputHandle) + SecOpaqueBuffer_Free(inputHandle); + if (handle) + SecKey_Release(handle); + + return result; +} + + + +/* Only Opaque buffers can be used when SVP is required */ +Sec_Result testKeyCtrlProcessCtrDataShiftFailsSvpNonOpaque(int version, const char *alg) +{ + Sec_Result result = SEC_RESULT_FAILURE; + TestCtx ctx; + Sec_CipherHandle *cipherHandle = NULL; + Sec_KeyHandle *keyHandle = NULL; + SEC_BYTE iv[16] = {0x01}; + SEC_BYTE clear_text[16] = {0x01}; + SEC_BYTE cipher_text[16]; + SEC_SIZE bytesWritten = 0; + const char *notBeforeTimeStr = "2010-12-09T19:53:06Z"; + const char *notOnOrAfterTimeStr = "2022-12-09T19:53:06Z"; + SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; + std::string b64rights; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + RIGHTS_INIT(jtypeRights); + jtypeRights[0]= SEC_KEYOUTPUTRIGHT_SVP_REQUIRED; + jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; + jtypeRights[2]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; + b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); + + /* key avail in one hour */ + std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", + "HS256", + g_default_jtype_data.contentKey, + g_default_jtype_data.encryptionKey, + "9c621060-3a17-4813-8dcb-2e9187aaa903", + b64rights.c_str(), SEC_TRUE, 1, + notBeforeTimeStr, + notOnOrAfterTimeStr, + g_default_jtype_data.macKey, + version, alg); + if (jtype.size() == 0) { + SEC_LOG_ERROR("createJTypeContainer failed"); + goto done; + } + + if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) + { + goto done; + } + + if (SEC_RESULT_SUCCESS + != SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, + keyHandle, iv, &cipherHandle)) + { + SEC_LOG_ERROR( "SeCcipher_GetInstance failed" ); + goto done; + } + + if (SEC_RESULT_SUCCESS == + SecCipher_ProcessCtrWithDataShift(cipherHandle, clear_text, sizeof(clear_text), cipher_text, sizeof(cipher_text), &bytesWritten, 8)) + { + SEC_LOG_ERROR( + "expected SeCcipher_ProcessCtrWithDataShift to fail when processing non-opaque buffer with SVP required"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (cipherHandle) + SecCipher_Release(cipherHandle); + + if (keyHandle) + SecKey_Release(keyHandle); + + return result; +} + +Sec_Result testKeyCtrlKeyExportSmallBuffer() +{ + Sec_Result result = SEC_RESULT_FAILURE; + + Sec_KeyHandle *keyHandle = NULL; + SEC_BYTE exported_key[8]; + SEC_SIZE exported_key_len = 0; + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE + 50; + Sec_StorageLoc location = SEC_STORAGELOC_RAM; + TestCtx ctx; + + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector aesKey = TestCtx::random(SEC_AES_BLOCK_SIZE); + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), id, location, SEC_KEYCONTAINER_RAW_AES_128, + (SEC_BYTE*)&aesKey[0], aesKey.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, &keyHandle)) + { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS == SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, + sizeof(exported_key), &exported_key_len)) + { + SEC_LOG_ERROR("Expected SecKey_ExportKey to fail with under-sized output buffer"); + goto done; + } + + result = SEC_RESULT_SUCCESS; + + done: + + if (keyHandle) + SecKey_Release(keyHandle); + + return result; +} diff --git a/test/main/cpp/keyctrl.h b/test/main/cpp/keyctrl.h new file mode 100644 index 0000000..f827771 --- /dev/null +++ b/test/main/cpp/keyctrl.h @@ -0,0 +1,83 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_KEYCTRL_H_ +#define TEST_KEYCTRL_H_ + +#include "sec_security.h" +#include "test_creds.h" +#include + +Sec_Result testKeyCtrlDefaultProperties(int version, const char *alg); + +Sec_Result testKeyCtrlFalseDefaultProperties(int version, const char *alg); + +/* test expected platform default rights */ +Sec_Result testKeyCtrlRightsFromPlatformDefault(int version, const char *alg); + +/* gets output rights from either default (hard-coded) values or devicesettings + * depending on compile directive -DSEC_KEYCTRL_ENABLE_DEVICE_SETTINGS + */ +Sec_Result testKeyCtrlGetOutputRights(int version, const char *alg); + +/* Sec_GetCipherInstance fails with request right that is not allowed on device */ +Sec_Result testKeyCtrlUnSupportedOutputRight(int version, const char *alg); + +/* En/Decrypt successful with key requesting a right that is allowed on the device */ +Sec_Result testKeyCtrlDecryptSupportedOutputRight(int version, const char *alg); + +/* SecKey_Export fails if cacheable flag == 0 */ +Sec_Result testKeyCtrlExportUnCachable(int version, const char *alg); + +/* general rights combinations */ +Sec_Result testKeyCtrlAllowedRights(int version, const char *alg); + +/* SecCipher_GetInstance fails for key with usage for 'key' only */ +Sec_Result testKeyCtrlKeyOnlyUsage(int version, const char *alg); + +/* SecCipher_Getinstance should fail with notOnOrAfter date < now */ +Sec_Result testKeyCtrlKeyExpired(int version, const char *alg); + +/* SecCipher_GetInstance should fail with notBefore date in the future */ +Sec_Result testKeyCtrlKeyNotYetAvail(int version, const char *alg); + +/* key properties vaidation */ +Sec_Result testKeyCtrlValidatePropertiesBadNotBefore(int version, const char *alg); +Sec_Result testKeyCtrlValidatePropertiesBadNotOnOrAfter(int version, const char *alg); +Sec_Result testKeyCtrlValidatePropertiesDefaults(int version, const char *alg); +Sec_Result testKeyCtrlUtilsTime(int version, const char *alg); +Sec_Result testKeyCtrlUnwrapWithKeyUsage(int version, const char *alg, TestKey key); +Sec_Result testKeyCtrlUnwrapWithDataUsage(int version, const char *alg); +Sec_Result testKeyCtrlBadB64Jtype(int version, const char *alg); +Sec_Result testKeyCtrlExportDerived(); +Sec_Result testKeyCtrlExpectedJTypeProperties(int version, const char *alg, TestKey key); +Sec_Result testKeyCtrlExpectedExportedProperties(int version, const char *alg, TestKey key); +Sec_Result testKeyCtrlExportProvisionExport(int version, const char *alg, TestKey contentKey); +Sec_Result testKeyCtrlKeyExportGetSize(int version, const char *alg); +Sec_Result testKeyCtrlExportAes(TestKey aesKey, Sec_StorageLoc location); +Sec_Result testKeyCtrlKeyExportHmac(TestKey macKey, Sec_StorageLoc location); +Sec_Result testKeyCtrlCipherFailsSvpNonOpaque(int version, const char *alg); +Sec_Result testKeyCtrlCipherSvpOpaque(int version, const char *alg, TestKey contentKey); +Sec_Result testKeyCtrlCipherSvpDataShiftOpaque(int version, const char *alg); +Sec_Result testKeyCtrlSvpCheckOpaque(int version, const char *alg, TestKey contentKey); +Sec_Result testKeyCtrlProcessCtrDataShiftFailsSvpNonOpaque(int version, const char *alg); +Sec_Result testKeyCtrlExportEcc(TestKc kc); +Sec_Result testKeyCtrlKeyExportSmallBuffer(); + +#endif diff --git a/test/main/cpp/mac.cpp b/test/main/cpp/mac.cpp new file mode 100644 index 0000000..3e13aa1 --- /dev/null +++ b/test/main/cpp/mac.cpp @@ -0,0 +1,316 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "mac.h" +#include "test_ctx.h" +#include +#include + +std::vector macOpenSSL( + Sec_MacAlgorithm alg, const std::vector& openssl_key, const std::vector& input) { + std::vector mac; + SEC_SIZE mac_len; + CMAC_CTX *cmac_ctx; + + switch (alg) { + case SEC_MACALGORITHM_HMAC_SHA1: + mac.resize(20); + HMAC(EVP_sha1(), + &openssl_key[0], openssl_key.size(), + &input[0], input.size(), + &mac[0], &mac_len); + return mac; + + case SEC_MACALGORITHM_HMAC_SHA256: + mac.resize(32); + HMAC(EVP_sha256(), + &openssl_key[0], openssl_key.size(), + &input[0], input.size(), + &mac[0], &mac_len); + return mac; + + case SEC_MACALGORITHM_CMAC_AES_128: + { + mac.resize(16); + cmac_ctx = CMAC_CTX_new(); + if (1 != CMAC_Init(cmac_ctx, &openssl_key[0], openssl_key.size(), openssl_key.size() == 16 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), NULL )) { + SEC_LOG_ERROR("Comcast_CMAC_Init failed"); + return std::vector(); + } + CMAC_Update(cmac_ctx, &input[0], input.size()); + size_t outl; + CMAC_Final(cmac_ctx, &mac[0], &outl); + mac_len = outl; + CMAC_CTX_free(cmac_ctx); + return mac; + } + default: + break; + } + + SEC_LOG_ERROR("Unimplemented"); + return std::vector(); +} + +std::vector macOpenSSL( + Sec_MacAlgorithm alg, TestKey key, const std::vector& input) { + std::vector mac; + SEC_SIZE mac_len; + CMAC_CTX *cmac_ctx; + + std::vector openssl_key = TestCreds::asOpenSslAes(key); + if (openssl_key.size() == 0) { + SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); + return std::vector(); + } + + switch (alg) { + case SEC_MACALGORITHM_HMAC_SHA1: + mac.resize(20); + HMAC(EVP_sha1(), + &openssl_key[0], openssl_key.size(), + &input[0], input.size(), + &mac[0], &mac_len); + return mac; + + case SEC_MACALGORITHM_HMAC_SHA256: + mac.resize(32); + HMAC(EVP_sha256(), + &openssl_key[0], openssl_key.size(), + &input[0], input.size(), + &mac[0], &mac_len); + return mac; + + case SEC_MACALGORITHM_CMAC_AES_128: + { + mac.resize(16); + cmac_ctx = CMAC_CTX_new(); + if (1 != CMAC_Init(cmac_ctx, &openssl_key[0], openssl_key.size(), openssl_key.size() == 16 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), NULL )) { + SEC_LOG_ERROR("Comcast_CMAC_Init failed"); + return std::vector(); + } + CMAC_Update(cmac_ctx, &input[0], input.size()); + size_t outl; + CMAC_Final(cmac_ctx, &mac[0], &outl); + mac_len = outl; + CMAC_CTX_free(cmac_ctx); + return mac; + } + default: + break; + } + + SEC_LOG_ERROR("Unimplemented"); + return std::vector(); +} + +std::vector macSecApi(TestCtx *ctx, + Sec_MacAlgorithm alg, + Sec_KeyHandle *key, + const std::vector& input, + const std::vector& inputSizes) { + + std::vector output; + output.resize(SEC_MAC_MAX_LEN); + + SEC_SIZE inputProcessed = 0; + SEC_SIZE written = 0; + + Sec_MacHandle *mac = ctx->acquireMac(alg, key); + if (mac == NULL) { + SEC_LOG_ERROR("TestCtx::acquireMac failed"); + return std::vector(); + } + + for (unsigned int i=0; i 0) { + if (SEC_RESULT_SUCCESS != SecMac_Update(mac, (SEC_BYTE *) &input[inputProcessed], + inputSizes[i])) { + SEC_LOG_ERROR("SecMac_Update failed"); + return std::vector(); + } + } + + inputProcessed += inputSizes[i]; + } + + if (SEC_RESULT_SUCCESS != ctx->releaseMac(mac, &output[0], &written)) { + SEC_LOG_ERROR("SecCipher_Process failed"); + return std::vector(); + } + + output.resize(written); + + return output; +} + +std::vector macSecApi(TestCtx *ctx, + Sec_MacAlgorithm alg, Sec_KeyHandle *key, Sec_KeyHandle *payloadKey) { + + std::vector output; + output.resize(SEC_MAC_MAX_LEN);; + + SEC_SIZE written = 0; + + Sec_MacHandle *mac = ctx->acquireMac(alg, key); + if (mac == NULL) { + SEC_LOG_ERROR("TestCtx::acquireMac failed"); + return std::vector(); + } + + if (SEC_RESULT_SUCCESS != SecMac_UpdateWithKey(mac, payloadKey)) { + SEC_LOG_ERROR("SecDigest_Update failed"); + return std::vector(); + } + + if (SEC_RESULT_SUCCESS != ctx->releaseMac(mac, &output[0], &written)) { + SEC_LOG_ERROR("SecCipher_Process failed"); + return std::vector(); + } + + output.resize(written); + + return output; +} + +Sec_Result testMacOverKey(Sec_MacAlgorithm alg, SEC_OBJECTID id_mac, TestKey keyMac, TestKc kc, SEC_OBJECTID id_payload, TestKey keyPayload, Sec_StorageLoc loc) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *keyHandleMac = NULL; + if (NULL == (keyHandleMac = ctx.provisionKey(id_mac, loc, keyMac, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *keyHandlePayload = NULL; + + if ((TestCreds::supports(CAPABILITY_HMAC_OVER_HWKEY) && alg != SEC_MACALGORITHM_CMAC_AES_128) + || (TestCreds::supports(CAPABILITY_CMAC_OVER_HWKEY) && alg == SEC_MACALGORITHM_CMAC_AES_128)) { + if (NULL == (keyHandlePayload = ctx.provisionKey(id_payload, loc, keyPayload, TESTKC_RAW))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (NULL == (keyHandlePayload = ctx.provisionKey(id_payload, loc, keyPayload, TESTKC_RAW, SEC_TRUE))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + } + + //gen clear input + std::vector clear = TestCreds::asOpenSslAes(keyPayload); + TestCtx::printHex("key", clear); + + //mac + std::vector macSA = macSecApi(&ctx, alg, keyHandleMac, keyHandlePayload); + TestCtx::printHex("macSecApi", macSA); + + std::vector macOS = macOpenSSL(alg, keyMac, clear); + TestCtx::printHex("macOpenssl", macOS); + + //check if results match + if (macSA != macOS || macSA.size() == 0) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testMacSingle( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_MacAlgorithm alg, SEC_SIZE inputSize) { + std::vector inputSizes; + inputSizes.resize(1); + inputSizes[0] = inputSize; + + return testMacMult(id, key, kc, loc, alg, inputSizes); +} + +Sec_Result testMacMult( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_MacAlgorithm alg, const std::vector& inputSizes) { + + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *keyHandle = NULL; + if (NULL == (keyHandle = ctx.provisionKey(id, loc, key, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + //gen clear input + std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); + TestCtx::printHex("clear", clear); + + //mac + std::vector macSA = macSecApi(&ctx, alg, keyHandle, clear, inputSizes); + TestCtx::printHex("macSecApi", macSA); + + std::vector macOS = macOpenSSL(alg, key, clear); + TestCtx::printHex("macOpenssl", macOS); + + //check if results match + if (macSA != macOS) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result macCheck(Sec_ProcessorHandle *proc, Sec_MacAlgorithm alg, SEC_OBJECTID id, SEC_BYTE *key, SEC_SIZE key_len) { + std::vector mac_secapi; + mac_secapi.resize(SEC_MAC_MAX_LEN); + SEC_SIZE mac_len; + + std::vector clear = TestCtx::random(256); + TestCtx::printHex("clear", clear); + + if (SEC_RESULT_SUCCESS != SecMac_SingleInputId(proc, alg, id, &clear[0], clear.size(), &mac_secapi[0], &mac_len)) { + SEC_LOG_ERROR("SecMac_SingleInputId failed"); + return SEC_RESULT_FAILURE; + } + + mac_secapi.resize(mac_len); + TestCtx::printHex("macSecApi", mac_secapi); + + std::vector openssl_key = std::vector (key, key + key_len); + + std::vector macOS = macOpenSSL(alg, openssl_key, clear); + TestCtx::printHex("macOpenssl", macOS); + + //check if results match + if (mac_secapi != macOS) { + SEC_LOG_ERROR("Results do not match"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/mac.h b/test/main/cpp/mac.h new file mode 100644 index 0000000..4759d0f --- /dev/null +++ b/test/main/cpp/mac.h @@ -0,0 +1,41 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_MAC_H_ +#define TEST_MAC_H_ + +#include "sec_security.h" +#include +#include "test_creds.h" + +Sec_Result testMacOverKey(Sec_MacAlgorithm alg, SEC_OBJECTID id_mac, TestKey keyMac, TestKc kc, SEC_OBJECTID id_payload, TestKey keyPayload, Sec_StorageLoc loc); + +Sec_Result testMacSingle( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_MacAlgorithm alg, SEC_SIZE inputSize); + +Sec_Result testMacMult( + SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, + Sec_MacAlgorithm alg, const std::vector& inputSizes); + +std::vector macOpenSSL(Sec_MacAlgorithm alg, TestKey key, const std::vector& input); + +Sec_Result macCheck(Sec_ProcessorHandle *proc, Sec_MacAlgorithm alg, SEC_OBJECTID id, SEC_BYTE *key, SEC_SIZE key_len); + +#endif diff --git a/test/main/cpp/processor.cpp b/test/main/cpp/processor.cpp new file mode 100644 index 0000000..36ccb98 --- /dev/null +++ b/test/main/cpp/processor.cpp @@ -0,0 +1,115 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "processor.h" +#include "test_ctx.h" + +Sec_Result testProcessorPrintInfo() { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecProcessor_PrintInfo(ctx.proc())) { + SEC_LOG_ERROR("SecProcessor_PrintInfo failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testProcessorGetInfo() { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_ProcessorInfo info; + + if (SEC_RESULT_SUCCESS != SecProcessor_GetInfo(ctx.proc(), &info)) { + SEC_LOG_ERROR("SecProcessor_GetInfo failed"); + return SEC_RESULT_FAILURE; + } + + SEC_PRINT("version: %s\n", (const char *) info.version); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testProcessorGetDeviceId() { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + std::vector deviceId(SEC_DEVICEID_LEN); + std::vector zeros(SEC_DEVICEID_LEN); + + if (SEC_RESULT_SUCCESS != SecProcessor_GetDeviceId(ctx.proc(), &deviceId[0])) { + SEC_LOG_ERROR("SecProcessor_GetDeviceId failed"); + return SEC_RESULT_FAILURE; + } + + TestCtx::printHex("deviceid", deviceId); + + if (deviceId == zeros) { + SEC_LOG_ERROR("deviceId is all zeros"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testProcessorGetKeyLadderMinMaxDepth(Sec_KeyLadderRoot root) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_SIZE depthMin = SecProcessor_GetKeyLadderMinDepth(ctx.proc(), root); + SEC_SIZE depthMax = SecProcessor_GetKeyLadderMaxDepth(ctx.proc(), root); + + SEC_PRINT("min:%d\nmax:%d\n", depthMin, depthMax); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testProcessorNativeMallocFree() { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + void *mem = Sec_NativeMalloc(ctx.proc(), 256); + memset(mem, 0, 256); + + if (mem == NULL) { + SEC_LOG_ERROR("Sec_NativeMalloc failed"); + return SEC_RESULT_FAILURE; + } + + Sec_NativeFree(ctx.proc(), mem); + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/processor.h b/test/main/cpp/processor.h new file mode 100644 index 0000000..c0d0f60 --- /dev/null +++ b/test/main/cpp/processor.h @@ -0,0 +1,31 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_PROCESSOR_H_ +#define TEST_PROCESSOR_H_ + +#include "sec_security.h" + +Sec_Result testProcessorPrintInfo(); +Sec_Result testProcessorGetDeviceId(); +Sec_Result testProcessorGetKeyLadderMinMaxDepth(Sec_KeyLadderRoot root); +Sec_Result testProcessorNativeMallocFree(); +Sec_Result testProcessorGetInfo(); + +#endif diff --git a/test/main/cpp/random.cpp b/test/main/cpp/random.cpp new file mode 100644 index 0000000..191c8b4 --- /dev/null +++ b/test/main/cpp/random.cpp @@ -0,0 +1,48 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "random.h" +#include "test_ctx.h" + +Sec_Result testRandom(Sec_RandomAlgorithm alg, SEC_SIZE size) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_RandomHandle *handle = NULL; + if (NULL == (handle = ctx.acquireRandom(alg))) { + SEC_LOG_ERROR("TestCtx::acquireRandom failed"); + return SEC_RESULT_FAILURE; + } + + std::vector out; + out.resize(size); + + if (SEC_RESULT_SUCCESS != SecRandom_Process(handle, &out[0], out.size())) { + SEC_LOG_ERROR("SecRandom_Process failed"); + return SEC_RESULT_FAILURE; + } + + TestCtx::printHex("out", out); + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/random.h b/test/main/cpp/random.h new file mode 100644 index 0000000..3ccd16e --- /dev/null +++ b/test/main/cpp/random.h @@ -0,0 +1,27 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_RANDOM_H_ +#define TEST_RANDOM_H_ + +#include "sec_security.h" + +Sec_Result testRandom(Sec_RandomAlgorithm alg, SEC_SIZE size); + +#endif diff --git a/test/main/cpp/sec_api_utest_main.cpp b/test/main/cpp/sec_api_utest_main.cpp new file mode 100644 index 0000000..476fafa --- /dev/null +++ b/test/main/cpp/sec_api_utest_main.cpp @@ -0,0 +1,997 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sec_api_utest_main.h" +#include +#include "sec_security.h" +#include "test_ctx.h" +#include "processor.h" +#include "key.h" +#include "cert.h" +#include "cipher.h" +#include "digest.h" +#include "mac.h" +#include "sign.h" +#include "bundle.h" +#include "random.h" +#include "wrapped.h" +#include "concurrent.h" +#include "jtype.h" +#include "svp.h" +#include "exchange.h" +#include "keyctrl.h" +#include "test_creds.h" +#include + +#ifdef SEC_PLATFORM_OPENSSL +#include "sec_security_openssl.h" +#endif + +void runProcessorTests(SuiteCtx *suite) { + RUN_TEST(suite, testProcessorPrintInfo()); + RUN_TEST(suite, testProcessorGetInfo()); + RUN_TEST(suite, testProcessorGetDeviceId()); + RUN_TEST(suite, testProcessorGetKeyLadderMinMaxDepth(SEC_KEYLADDERROOT_UNIQUE)); + RUN_TEST(suite, testProcessorGetKeyLadderMinMaxDepth(SEC_KEYLADDERROOT_SHARED)); + RUN_TEST(suite, testProcessorNativeMallocFree()); +} + +void runBundleTests(SuiteCtx *suite) { + RUN_TEST(suite, testBundleProvision(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, 256)); + RUN_TEST(suite, testBundleProvision(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_FILE, 256)); + RUN_TEST(suite, testBundleProvisionNoAppDir(SEC_OBJECTID_USER_BASE, 256)); +} + +#define CERT_TESTS_LOC(suite, cert, loc) do { \ + RUN_TEST(suite, testCertProvision(SEC_OBJECTID_USER_BASE, cert, loc)); \ + RUN_TEST(suite, testCertExport(SEC_OBJECTID_USER_BASE, cert, loc)); \ +} while (0) + +#define CERT_TESTS(suite, cert, pub_key) do { \ + CERT_TESTS_LOC(suite, cert, SEC_STORAGELOC_RAM); \ + CERT_TESTS_LOC(suite, cert, SEC_STORAGELOC_FILE); \ + RUN_TEST(suite, testCertVerify(SEC_OBJECTID_USER_BASE, cert, SEC_OBJECTID_USER_BASE+1, pub_key, SEC_STORAGELOC_RAM)); \ + RUN_TEST(suite, testCertVerify(SEC_OBJECTID_USER_BASE, cert, SEC_OBJECTID_USER_BASE+1, pub_key, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); \ +} while (0) + +void runCertTests(SuiteCtx *suite) { + if (TestCreds::supports(CAPABILITY_RSA_1024)) { + CERT_TESTS(suite, TESTCERT_RSA1024, TESTKEY_RSA1024_SGN_PUB); + } + CERT_TESTS(suite, TESTCERT_RSA2048, TESTKEY_RSA2048_SGN_PUB); + CERT_TESTS(suite, TESTCERT_EC, TESTKEY_EC_PUB); +} + +#define KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, encKc, macKey, version, alg) do { \ + RUN_TEST(suite, testExportKey(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_CTR, 20, version, alg)); \ + RUN_TEST(suite, testExportKey(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, 32, version, alg)); \ + RUN_TEST(suite, testExportKey(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, 20, version, alg)); \ + RUN_TEST(suite, testExportKey(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 32, version, alg)); \ + RUN_TEST(suite, testExportKey(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, 20, version, alg)); \ +} while (0) + +#define JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, encKc, macKey, version, alg) do { \ + RUN_TEST(suite, testDecryptJType(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, 256, version, alg)); \ + RUN_TEST(suite, testDecryptJType(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_CTR, 256, version, alg)); \ + RUN_TEST(suite, testDecryptJType(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256, version, alg)); \ +} while (0) + +#define JTYPE_TESTS(suite, contentKey, encryptionKey, macKey, version) do { \ + if (version == 1) { \ + if (TestCreds::supports(CAPABILITY_LOAD_SYM_SOC_KC)) { \ + RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_SOC, macKey, TESTKC_RAW, 1, "aesEcbNone")); \ + KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 1, "aesEcbNone"); \ + JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 1, "aesEcbNone"); \ + } \ + if (TestCreds::supports(CAPABILITY_CLEAR_JTYPE_WRAPPING)) { \ + RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_RAW, macKey, TESTKC_RAW, 1, "aesEcbNone")); \ + KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 1, "aesEcbNone"); \ + JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 1, "aesEcbNone"); \ + } \ + } else if (version == 2) { \ + if (TestCreds::supports(CAPABILITY_LOAD_SYM_SOC_KC)) { \ + RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_SOC, macKey, TESTKC_RAW, 2, "aesEcbNone")); \ + RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_SOC, macKey, TESTKC_RAW, 2, "aesEcbPkcs5")); \ + KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 2, "aesEcbNone"); \ + KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 2, "aesEcbPkcs5"); \ + JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 2, "aesEcbNone"); \ + JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 2, "aesEcbPkcs5"); \ + } \ + if (TestCreds::supports(CAPABILITY_CLEAR_JTYPE_WRAPPING)) { \ + RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_RAW, macKey, TESTKC_RAW, 2, "aesEcbNone")); \ + RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_RAW, macKey, TESTKC_RAW, 2, "aesEcbPkcs5")); \ + KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 2, "aesEcbNone"); \ + KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 2, "aesEcbPkcs5"); \ + JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 2, "aesEcbNone"); \ + JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 2, "aesEcbPkcs5"); \ + } \ + } \ +} while (0) + +void runProvisionedKeyExportTest(SuiteCtx *suite) { + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES128, TESTKC_RAW)); + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES256, TESTKC_RAW)); + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC128, TESTKC_RAW)); + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC160, TESTKC_RAW)); + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC256, TESTKC_RAW)); + + if (TestCreds::supports(CAPABILITY_LOAD_SYM_SOC_KC)) { + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES128, TESTKC_SOC)); + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES256, TESTKC_SOC)); + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC128, TESTKC_SOC)); + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC160, TESTKC_SOC)); + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC256, TESTKC_SOC)); + + if (TestCreds::supports(CAPABILITY_EXPORT_RSA) && TestCreds::supports(CAPABILITY_RSA_1024)) { + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_RSA1024_SGN_PRIV, TESTKC_SOC)); + } + if (TestCreds::supports(CAPABILITY_EXPORT_RSA)) { + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_RSA2048_SGN_PRIV, TESTKC_SOC)); + } + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_EC_PRIV, TESTKC_SOC)); + } + + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES128, TESTKC_GENERATED)); + RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES256, TESTKC_GENERATED)); +} + +void runKeyTests(SuiteCtx *suite) { + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_FILE)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_FILE_SOFT_WRAPPED)); + + RUN_TEST(suite, testKeyProvisionDouble(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM)); + + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + + JTYPE_TESTS(suite, TESTKEY_AES128, TESTKEY_AES128, TESTKEY_HMAC160, 1); + JTYPE_TESTS(suite, TESTKEY_AES128, TESTKEY_AES128, TESTKEY_HMAC160, 2); + JTYPE_TESTS(suite, TESTKEY_AES256, TESTKEY_AES128, TESTKEY_HMAC160, 2); + + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM)); + + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + + RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE)); + RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_FALSE)); + RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_HMAC_160, SEC_STORAGELOC_RAM, SEC_FALSE)); + RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_FALSE)); + RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_ECC_NISTP256, SEC_STORAGELOC_RAM, SEC_FALSE)); + + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_GENERATED, SEC_STORAGELOC_RAM)); + + RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA1, SEC_TRUE)); + RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA256, SEC_TRUE)); + if (TestCreds::supports(CAPABILITY_HKDF_CMAC)) { + RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_CMAC_AES_128, SEC_TRUE)); + } + RUN_TEST(suite, testKeyDeriveConcatKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_DIGESTALGORITHM_SHA1, SEC_TRUE)); + RUN_TEST(suite, testKeyDeriveConcatKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_DIGESTALGORITHM_SHA256, SEC_TRUE)); + + RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1, SEC_TRUE)); + RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256, SEC_TRUE)); + if (TestCreds::supports(CAPABILITY_HKDF_CMAC)) { + RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_CMAC_AES_128, SEC_TRUE)); + } + RUN_TEST(suite, testKeyDeriveConcatKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1, SEC_TRUE)); + RUN_TEST(suite, testKeyDeriveConcatKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256, SEC_TRUE)); + + RUN_TEST(suite, testKeyDeriveVendorAes128(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1, SEC_TRUE)); + RUN_TEST(suite, testKeyDeriveVendorAes128(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256, SEC_TRUE)); + RUN_TEST(suite, testKeyDeriveKeyLadderAes128(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_KEYLADDERROOT_UNIQUE, SEC_TRUE)); + + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 1, 256)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 2, 256)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 3, 512)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 4, 512)); + + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_GENERATED, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 1, 256)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_GENERATED, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 2, 256)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_GENERATED, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 3, 512)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_GENERATED, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 4, 512)); + + if (TestCreds::supports(CAPABILITY_AES256)) { + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_TRUE, 1, 256)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_TRUE, 2, 512)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_TRUE, 3, 512)); + } + + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_FALSE, 1, 256)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_FALSE, 2, 256)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_FALSE, 3, 512)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_FALSE, 4, 512)); + + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_FALSE, 1, 512)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_FALSE, 2, 512)); + RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_FALSE, 3, 512)); + + RUN_TEST(suite, testKeyDeriveBaseKey(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM)); + + RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1)); + if (TestCreds::supports(CAPABILITY_AES256)) { + RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1)); + } + RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1)); + RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_160, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1)); + RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1)); + + RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256)); + if (TestCreds::supports(CAPABILITY_AES256)) { + RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256)); + } + RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256)); + RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_160, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256)); + RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256)); + + RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1)); + if (TestCreds::supports(CAPABILITY_AES256)) { + RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1)); + } + RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1)); + RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_160, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1)); + RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1)); + + RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256)); + if (TestCreds::supports(CAPABILITY_AES256)) { + RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256)); + } + RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256)); + RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_160, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256)); + RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256)); + + if (TestCreds::supports(CAPABILITY_AES256)) { + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_TRUE)); + + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_TRUE)); + } + + if (TestCreds::supports(CAPABILITY_RSA_1024)) { + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); + } + + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); + + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); + + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); + + RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_GENERATED, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_GENERATED, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_GENERATED, SEC_STORAGELOC_RAM)); + + RUN_TEST(suite, testKeyComputeBaseKeyDigest(SEC_OBJECTID_USER_BASE, SEC_DIGESTALGORITHM_SHA1)); + RUN_TEST(suite, testKeyComputeBaseKeyDigest(SEC_OBJECTID_USER_BASE, SEC_DIGESTALGORITHM_SHA256)); + + RUN_TEST(suite, testKeyECDHKeyAgreementWithKDF(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKEY_EC_PRIV, TESTKC_SOC, TESTKEY_EC_PUB, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1, SEC_TRUE)); + RUN_TEST(suite, testKeyECDHKeyAgreementWithKDF(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKEY_EC_PRIV, TESTKC_SOC, TESTKEY_EC_PUB, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256, SEC_TRUE)); + + RUN_TEST(suite, testKeyECDHKeyAgreementWithKDF(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKEY_EC_PRIV, TESTKC_GENERATED, TESTKEY_EC_PUB, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1, SEC_TRUE)); + RUN_TEST(suite, testKeyECDHKeyAgreementWithKDF(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKEY_EC_PRIV, TESTKC_GENERATED, TESTKEY_EC_PUB, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256, SEC_TRUE)); + + runProvisionedKeyExportTest(suite); +} + +void runKeyCtrlTests(SuiteCtx *suite) +{ + RUN_TEST(suite, testKeyCtrlExportUnCachable(1, "aesEcbNone")); + RUN_TEST(suite, testKeyCtrlKeyOnlyUsage(1, "aesEcbNone")); + RUN_TEST(suite, testKeyCtrlKeyExpired(1, "aesEcbNone")); + RUN_TEST(suite, testKeyCtrlKeyNotYetAvail(1, "aesEcbNone")); + RUN_TEST(suite, testKeyCtrlExpectedJTypeProperties(1, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlExpectedJTypeProperties(2, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlExpectedJTypeProperties(2, "aesEcbNone", TESTKEY_AES256)); + RUN_TEST(suite, testKeyCtrlExpectedExportedProperties(1, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlExpectedExportedProperties(2, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlExpectedExportedProperties(2, "aesEcbNone", TESTKEY_AES256)); + RUN_TEST(suite, testKeyCtrlUnwrapWithKeyUsage(1, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlUnwrapWithKeyUsage(2, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlUnwrapWithKeyUsage(2, "aesEcbNone", TESTKEY_AES256)); + RUN_TEST(suite, testKeyCtrlUnwrapWithDataUsage(1, "aesEcbNone")); + RUN_TEST(suite, testKeyCtrlBadB64Jtype(1, "aesEcbNone")); + RUN_TEST(suite, testKeyCtrlExportDerived()); + RUN_TEST(suite, testKeyCtrlExportProvisionExport(1, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlExportProvisionExport(2, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlExportProvisionExport(2, "aesEcbNone", TESTKEY_AES256)); + RUN_TEST(suite, testKeyCtrlKeyExportGetSize(1, "aesEcbNone")); + RUN_TEST(suite, testKeyCtrlKeyExportGetSize(2, "aesEcbNone")); + RUN_TEST(suite, testKeyCtrlExportAes(TESTKEY_AES128, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyCtrlExportAes(TESTKEY_AES256, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyCtrlExportAes(TESTKEY_AES128, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyCtrlExportAes(TESTKEY_AES256, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyCtrlKeyExportHmac(TESTKEY_HMAC128, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyCtrlKeyExportHmac(TESTKEY_HMAC160, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); + RUN_TEST(suite, testKeyCtrlKeyExportHmac(TESTKEY_HMAC128, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testKeyCtrlKeyExportHmac(TESTKEY_HMAC160, SEC_STORAGELOC_RAM)); + if (TestCreds::supports(CAPABILITY_SVP)) { + RUN_TEST(suite, testKeyCtrlCipherFailsSvpNonOpaque(1, "aesEcbNone")); + RUN_TEST(suite, testKeyCtrlCipherSvpOpaque(1, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlCipherSvpOpaque(2, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlCipherSvpOpaque(2, "aesEcbNone", TESTKEY_AES256)); + RUN_TEST(suite, testKeyCtrlCipherSvpDataShiftOpaque(1, "aesEcbNone")); + RUN_TEST(suite, testKeyCtrlSvpCheckOpaque(1, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlSvpCheckOpaque(2, "aesEcbNone", TESTKEY_AES128)); + RUN_TEST(suite, testKeyCtrlSvpCheckOpaque(2, "aesEcbNone", TESTKEY_AES256)); + RUN_TEST(suite, testKeyCtrlProcessCtrDataShiftFailsSvpNonOpaque(1, "aesEcbNone")); + } + RUN_TEST(suite, testKeyCtrlExportEcc(TESTKC_SOC)); + RUN_TEST(suite, testKeyCtrlKeyExportSmallBuffer()); +} + +#define DIGEST_TESTS(suite, alg) do { \ + RUN_TEST(suite, testDigestSingle(alg, 0)); \ + RUN_TEST(suite, testDigestSingle(alg, 256)); \ + RUN_TEST(suite, testDigestSingle(alg, 259)); \ + \ + SEC_SIZE inputSizes[] = { 16, 16, 8, 0, 3, 16 }; \ + RUN_TEST(suite, testDigestMult(alg, std::vector(inputSizes, inputSizes+sizeof(inputSizes)/sizeof(SEC_SIZE)))); \ + \ + RUN_TEST(suite, testDigestOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, SEC_STORAGELOC_RAM)); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RUN_TEST(suite, testDigestOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, SEC_STORAGELOC_RAM)); \ + } \ + RUN_TEST(suite, testDigestOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, SEC_STORAGELOC_RAM)); \ + RUN_TEST(suite, testDigestOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, SEC_STORAGELOC_RAM)); \ + RUN_TEST(suite, testDigestOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, SEC_STORAGELOC_RAM)); \ +} while (0) + +#define MAC_TESTS(suite, key, kc, loc, alg) do { \ + RUN_TEST(suite, testMacSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, alg, 256)); \ + RUN_TEST(suite, testMacSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, alg, 259)); \ + \ + SEC_SIZE inputSizes[] = { 16, 16, 8, 0, 3, 16 }; \ + RUN_TEST(suite, testMacMult(SEC_OBJECTID_USER_BASE, key, kc, loc, alg, std::vector(inputSizes, inputSizes+sizeof(inputSizes)/sizeof(SEC_SIZE)))); \ + \ + if (alg != SEC_MACALGORITHM_CMAC_AES_128) { \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES128, loc)); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES256, loc)); \ + } \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC128, loc)); \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC160, loc)); \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC256, loc)); \ + \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES128, loc)); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES256, loc)); \ + } \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC128, loc)); \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC160, loc)); \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC256, loc)); \ + \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES128, loc)); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES256, loc)); \ + } \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC128, loc)); \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC160, loc)); \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC256, loc)); \ + } else { \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES128, loc)); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES256, loc)); \ + } \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC128, loc)); \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC160, loc)); \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC256, loc)); \ + \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES128, loc)); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES256, loc)); \ + } \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC128, loc)); \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC160, loc)); \ + RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC256, loc)); \ + } \ + } \ +} while (0); + +#define AESCTR_SPECIFIC_TESTS(suite, key, kc, loc, mode, inplace) do { \ + if (kc != TESTKC_GENERATED) { \ + RUN_TEST(suite, testProcessCtrWithDataShift(SEC_OBJECTID_USER_BASE, key, kc, loc, mode, inplace)); \ + RUN_TEST(suite, testCtrRollover(SEC_OBJECTID_USER_BASE, key, kc, loc, mode, 256, inplace)); \ + } \ +} while (0) + +#define AESCTR_INPLACE_TESTS(suite, key, kc, loc, mode) do { \ + AESCTR_SPECIFIC_TESTS(suite, key, kc, loc, mode, SEC_TRUE); \ + AESCTR_SPECIFIC_TESTS(suite, key, kc, loc, mode, SEC_FALSE); \ +} while (0) + +#define AESCTR_MODE_TESTS(suite, key, kc, loc) do { \ + AESCTR_INPLACE_TESTS(suite, key, kc, loc, SEC_CIPHERMODE_ENCRYPT); \ + AESCTR_INPLACE_TESTS(suite, key, kc, loc, SEC_CIPHERMODE_DECRYPT); \ +} while (0) + +#define AESCTR_LOC_TESTS(suite, key, kc) do { \ + AESCTR_MODE_TESTS(suite, key, kc, SEC_STORAGELOC_RAM); \ + if (kc == TESTKC_RAW) { \ + AESCTR_MODE_TESTS(suite, key, kc, SEC_STORAGELOC_RAM_SOFT_WRAPPED); \ + } \ +} while (0) + +#define AESCTR_KC_TESTS(suite, key) do { \ + AESCTR_LOC_TESTS(suite, key, TESTKC_RAW); \ + if (TestCreds::supports(CAPABILITY_LOAD_SYM_SOC_KC)) { \ + AESCTR_LOC_TESTS(suite, key, TESTKC_SOC); \ + } \ + AESCTR_LOC_TESTS(suite, key, TESTKC_GENERATED); \ +} while (0) + +#define AESCTR_TESTS(suite) do { \ + AESCTR_KC_TESTS(suite, TESTKEY_AES128); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + AESCTR_KC_TESTS(suite, TESTKEY_AES256); \ + } \ +} while (0) + +#define AES_TESTS(suite, key, kc, loc) do { \ + SEC_SIZE inputSizesBlock[] = { 0, 16, 32, 64, 128 }; \ + SEC_SIZE inputSizes[] = { 0, 16, 32, 64, 128, 5 }; \ + std::vector blocked(inputSizesBlock, inputSizesBlock + sizeof(inputSizesBlock)/sizeof(SEC_SIZE)); \ + std::vector unaligned(inputSizes, inputSizes + sizeof(inputSizes)/sizeof(SEC_SIZE)); \ + \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, blocked)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, blocked)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, blocked, SEC_TRUE)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, blocked, SEC_TRUE)); \ + RUN_TEST(suite, testCipherUpdateIV(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2, SEC_FALSE)); \ + RUN_TEST(suite, testCipherUpdateIV(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2, SEC_FALSE)); \ + \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2+8)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2+8)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, unaligned)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, unaligned)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, unaligned, SEC_TRUE)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, unaligned, SEC_TRUE)); \ + \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, blocked)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, blocked)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, blocked, SEC_TRUE)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, blocked, SEC_TRUE)); \ + \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2+8)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2+8)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, unaligned)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, unaligned)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, unaligned, SEC_TRUE)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, unaligned, SEC_TRUE)); \ + \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE+1)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE+1, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE+1)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE+1, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, blocked)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, unaligned)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, blocked)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, unaligned)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, blocked, SEC_TRUE)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, unaligned, SEC_TRUE)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, blocked, SEC_TRUE)); \ + RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, unaligned, SEC_TRUE)); \ + RUN_TEST(suite, testCipherUpdateIV(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2, SEC_FALSE)); \ + RUN_TEST(suite, testCipherUpdateIV(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2, SEC_FALSE)); \ +} while(0) + +#define RSA_ENCRYPT_TESTS(suite, pub, priv, kc) do { \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ +} while(0) + +#define RSA_DECRYPT_TESTS(suite, pub, priv, kc) do { \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ + RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ +} while(0) + +void runRandomTests(SuiteCtx *suite) { + RUN_TEST(suite, testRandom(SEC_RANDOMALGORITHM_TRUE, 17)); + RUN_TEST(suite, testRandom(SEC_RANDOMALGORITHM_PRNG, 17)); +} + +void runSVPTests(SuiteCtx* suite) { + if (TestCreds::supports(CAPABILITY_SVP)) { + RUN_TEST(suite, testOpaqueMalloc()); + RUN_TEST(suite, testCopyOpaque()); + RUN_TEST(suite, testSecureBootEnabled()); + RUN_TEST(suite, testSetTime()); + RUN_TEST(suite, testKeycheckOpaque(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testProcessOpaque(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)); + RUN_TEST(suite, testProcessDataShiftOpaque(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)); + } +} + +#define RSAAESRSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, ck_sym_alg, wkfv) do { \ + TestKey key = sym_type == SEC_KEYTYPE_AES_128 ? TESTKEY_AES128 : TESTKEY_AES256; \ + RUN_TEST(suite, testWrappedCipherSingleRsaAesRsaAesAes(key, TESTKC_SOC, rsa_type, rsa_alg, sym_type, sym_alg, ck_sym_alg, wkfv)); \ +} while (0) + +#define RSAAESRSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, ck_sym_alg) do { \ + RSAAESRSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, ck_sym_alg, WKFV_V2); \ + if (TestCreds::supports(CAPABILITY_WRAPPED_KEY_FORMAT_V3)) { \ + RSAAESRSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, ck_sym_alg, WKFV_V3); \ + } \ +} while (0) + +#define RSAAESRSAAESAES_CKSYMALG_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg) do { \ + if (TestCreds::supports(CAPABILITY_RSA_AESCBC_AES)) { \ + RSAAESRSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING); \ + RSAAESRSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING); \ + } \ + RSAAESRSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING); \ + if (TestCreds::supports(CAPABILITY_RSA_AESCTR_AES)) { \ + RSAAESRSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, SEC_CIPHERALGORITHM_AES_CTR); \ + } \ +} while (0) + +#define RSAAESRSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, sym_type) do { \ + RSAAESRSAAESAES_CKSYMALG_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING); \ + if (TestCreds::supports(CAPABILITY_RSA_AESCTR_RSA)) { \ + RSAAESRSAAESAES_CKSYMALG_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_CTR); \ + } \ +} while (0) + +#define RSAAESRSAAESAES_SYMTYPE_TESTS(suite, rsa_type, rsa_alg) do { \ + RSAAESRSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, SEC_KEYTYPE_AES_128); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RSAAESRSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, SEC_KEYTYPE_AES_256); \ + } \ +} while (0) + +#define RSAAESRSAAESAES_ASYMALG_TESTS(suite, rsa_type) do { \ + RSAAESRSAAESAES_SYMTYPE_TESTS(suite, rsa_type, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING); \ + RSAAESRSAAESAES_SYMTYPE_TESTS(suite, rsa_type, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING); \ +} while (0) + +#define RSAAESRSAAESAES_ASYMTYPE_TESTS(suite) do { \ + if (TestCreds::supports(CAPABILITY_RSA_1024)) { \ + RSAAESRSAAESAES_ASYMALG_TESTS(suite, SEC_KEYTYPE_RSA_1024); \ + } \ + RSAAESRSAAESAES_ASYMALG_TESTS(suite, SEC_KEYTYPE_RSA_2048); \ +} while (0) + +#define RSAAES_SPECIFIC_TESTS(suite, con_key, rsa_type, rsa_alg, wkfv) do { \ + RUN_TEST(suite, testWrappedCipherSingleRsaAes(con_key, TESTKC_SOC, rsa_type, rsa_alg, wkfv)); \ +} while (0) + +#define RSAAES_WKFV_TESTS(suite, con_key, rsa_type, rsa_alg) do { \ + RSAAES_SPECIFIC_TESTS(suite, con_key, rsa_type, rsa_alg, WKFV_V2); \ + if (TestCreds::supports(CAPABILITY_WRAPPED_KEY_FORMAT_V3)) { \ + RSAAES_SPECIFIC_TESTS(suite, con_key, rsa_type, rsa_alg, WKFV_V3); \ + } \ +} while (0) + +#define RSAAES_ASYMALG_TESTS(suite, con_key, rsa_type) do { \ + RSAAES_WKFV_TESTS(suite, con_key, rsa_type, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING); \ + RSAAES_WKFV_TESTS(suite, con_key, rsa_type, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING); \ +} while (0) + +#define RSAAES_ASYTYPE_TESTS(suite, con_key) do { \ + if (TestCreds::supports(CAPABILITY_RSA_1024)) { \ + RSAAES_ASYMALG_TESTS(suite, con_key, SEC_KEYTYPE_RSA_1024); \ + } \ + RSAAES_ASYMALG_TESTS(suite, con_key, SEC_KEYTYPE_RSA_2048); \ +} while (0) + +#define RSAAES_TESTS(suite) do { \ + if (TestCreds::supports(CAPABILITY_RSA_AES_M2M)) { \ + RSAAES_ASYTYPE_TESTS(suite, TESTKEY_AES128); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RSAAES_ASYTYPE_TESTS(suite, TESTKEY_AES256); \ + } \ + } \ +} while (0) + +#define RSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, wkfv) do { \ + TestKey key = sym_type == SEC_KEYTYPE_AES_128 ? TESTKEY_AES128 : TESTKEY_AES256; \ + RUN_TEST(suite, testWrappedCipherSingleRsaAesAes(key, TESTKC_SOC, rsa_type, rsa_alg, sym_type, sym_alg, wkfv)); \ + RUN_TEST(suite, testExportWrappedRsaAesAes(key, TESTKC_SOC, rsa_type, rsa_alg, sym_type, sym_alg, wkfv)); \ +} while (0) + +#define RSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg) do { \ + RSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, WKFV_V2); \ + if (TestCreds::supports(CAPABILITY_WRAPPED_KEY_FORMAT_V3)) { \ + RSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, WKFV_V3); \ + } \ +} while (0) + +#define RSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, sym_type) do { \ + RSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING); \ + if (TestCreds::supports(CAPABILITY_RSA_AESCBC_AES)) { \ + RSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING); \ + RSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING); \ + } \ + if (TestCreds::supports(CAPABILITY_RSA_AESCTR_AES)) { \ + RSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_CTR); \ + } \ +} while (0) + +#define RSAAESAES_SYMTYPE_TESTS(suite, rsa_type, rsa_alg) do { \ + RSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, SEC_KEYTYPE_AES_128); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, SEC_KEYTYPE_AES_256); \ + } \ +} while (0) + +#define RSAAESAES_ASYMALG_TESTS(suite, rsa_type) do { \ + RSAAESAES_SYMTYPE_TESTS(suite, rsa_type, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING); \ + RSAAESAES_SYMTYPE_TESTS(suite, rsa_type, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING); \ +} while (0) + +#define RSAAESAES_TESTS(suite) do { \ + if (TestCreds::supports(CAPABILITY_RSA_1024)) { \ + RSAAESAES_ASYMALG_TESTS(suite, SEC_KEYTYPE_RSA_1024); \ + } \ + RSAAESAES_ASYMALG_TESTS(suite, SEC_KEYTYPE_RSA_2048); \ +} while (0) + +#define ECAESAES_SPECIFIC_TESTS(suite, con_key, asym_alg, sym_alg, wkfv) do { \ + RUN_TEST(suite, testWrappedCipherSingleEcAesAes(con_key, TESTKC_SOC, SEC_KEYTYPE_AES_128, asym_alg, sym_alg, wkfv)); \ + RUN_TEST(suite, testExportWrappedEccAesAes(con_key, TESTKC_SOC, asym_alg, SEC_KEYTYPE_AES_128, sym_alg, wkfv)); \ + RUN_TEST(suite, testExportWrappedGeneratedEccAesAes(con_key, asym_alg, SEC_KEYTYPE_AES_128, sym_alg, wkfv)); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + RUN_TEST(suite, testWrappedCipherSingleEcAesAes(con_key, TESTKC_SOC, SEC_KEYTYPE_AES_256, asym_alg, sym_alg, wkfv)); \ + RUN_TEST(suite, testExportWrappedEccAesAes(con_key, TESTKC_SOC, asym_alg, SEC_KEYTYPE_AES_256, sym_alg, wkfv)); \ + RUN_TEST(suite, testExportWrappedGeneratedEccAesAes(con_key, asym_alg, SEC_KEYTYPE_AES_256, sym_alg, wkfv)); \ + } \ +} while (0) + +#define ECAES_SPECIFIC_TESTS(suite, con_key, asym_alg, wkfv) do { \ + RUN_TEST(suite, testWrappedCipherSingleEcAes(con_key, TESTKC_SOC, asym_alg, wkfv)); \ + RUN_TEST(suite, testExportWrappedEccAes(con_key, TESTKC_SOC, asym_alg, wkfv)); \ + RUN_TEST(suite, testExportWrappedGeneratedEccAes(con_key, asym_alg, wkfv)); \ +} while (0) + +#define ECAES_WKFV_TESTS(suite, con_key, asym_alg) do { \ + ECAES_SPECIFIC_TESTS(suite, con_key, asym_alg, WKFV_V2); \ + ECAESAES_SPECIFIC_TESTS(suite, con_key, asym_alg, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, WKFV_V2); \ + ECAESAES_SPECIFIC_TESTS(suite, con_key, asym_alg, SEC_CIPHERALGORITHM_AES_CTR, WKFV_V2); \ + if (TestCreds::supports(CAPABILITY_WRAPPED_KEY_FORMAT_V3)) { \ + ECAES_SPECIFIC_TESTS(suite, con_key, asym_alg, WKFV_V3); \ + ECAESAES_SPECIFIC_TESTS(suite, con_key, asym_alg, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, WKFV_V3); \ + ECAESAES_SPECIFIC_TESTS(suite, con_key, asym_alg, SEC_CIPHERALGORITHM_AES_CTR, WKFV_V3); \ + } \ +} while (0) + +#define ECAES_ASYMALG_TESTS(suite, con_key) do { \ + ECAES_WKFV_TESTS(suite, con_key, SEC_CIPHERALGORITHM_ECC_ELGAMAL); \ +} while (0) + +#define ECAES_TESTS(suite) do { \ + ECAES_ASYMALG_TESTS(suite, TESTKEY_AES128); \ + if (TestCreds::supports(CAPABILITY_AES256)) { \ + ECAES_ASYMALG_TESTS(suite, TESTKEY_AES256); \ + } \ +} while (0) + +void runWrappedTests(SuiteCtx *suite) { + RSAAESRSAAESAES_ASYMTYPE_TESTS(suite); + RSAAESAES_TESTS(suite); + RSAAES_TESTS(suite); + ECAES_TESTS(suite); + + RUN_TEST(suite, testWrappedKDFCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, SEC_OBJECTID_USER_BASE+2, SEC_KEYTYPE_AES_128, 1, 256)); + RUN_TEST(suite, testWrappedKDFCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, SEC_OBJECTID_USER_BASE+2, SEC_KEYTYPE_HMAC_128, 1, 256)); + RUN_TEST(suite, testExportedKDFCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, SEC_OBJECTID_USER_BASE+2, SEC_KEYTYPE_AES_128, 1, 256)); + RUN_TEST(suite, testExportedKDFCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, SEC_OBJECTID_USER_BASE+2, SEC_KEYTYPE_HMAC_128, 1, 256)); +} + +void runConcurrentTests(SuiteCtx *suite) { + RUN_TEST(suite, testConcurrentVendor128(40)); + + if (TestCreds::supports(CAPABILITY_RSA_1024)) { \ + RUN_TEST(suite, testConcurrentRsa(TESTKEY_RSA1024_ENC_PUB, TESTKEY_RSA1024_ENC_PRIV, TESTKC_SOC, 10)); \ + } \ + RUN_TEST(suite, testConcurrentRsa(TESTKEY_RSA2048_ENC_PUB, TESTKEY_RSA2048_ENC_PRIV, TESTKC_SOC, 10)); +} + +void runExchangeTests(SuiteCtx *suite) { + RUN_TEST(suite, testKeyExchangeDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_AES_128)); + if (TestCreds::supports(CAPABILITY_AES256)) { + RUN_TEST(suite, testKeyExchangeDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_AES_256)); + } + RUN_TEST(suite, testKeyExchangeDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_HMAC_128)); + RUN_TEST(suite, testKeyExchangeDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_HMAC_160)); + + RUN_TEST(suite, testKeyExchangeECDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_AES_128)); + if (TestCreds::supports(CAPABILITY_AES256)) { + RUN_TEST(suite, testKeyExchangeECDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_AES_256)); + } + RUN_TEST(suite, testKeyExchangeECDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_HMAC_128)); + RUN_TEST(suite, testKeyExchangeECDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_HMAC_160)); +} + +#define RSA_SIGNATURE_TESTS(suite, pub, priv, kc, keySize) do { \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS_DIGEST, SEC_SIGNATUREMODE_SIGN, 20)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS_DIGEST, SEC_SIGNATUREMODE_VERIFY, 20)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS, SEC_SIGNATUREMODE_SIGN, 2049)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS, SEC_SIGNATUREMODE_VERIFY, 2049)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS_DIGEST, SEC_SIGNATUREMODE_SIGN, 32)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS_DIGEST, SEC_SIGNATUREMODE_VERIFY, 32)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS, SEC_SIGNATUREMODE_SIGN, 2049)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS, SEC_SIGNATUREMODE_VERIFY, 2049)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST, SEC_SIGNATUREMODE_SIGN, 20)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST, SEC_SIGNATUREMODE_VERIFY, 20)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS, SEC_SIGNATUREMODE_SIGN, 2049)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS, SEC_SIGNATUREMODE_VERIFY, 2049)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST, SEC_SIGNATUREMODE_SIGN, 32)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST, SEC_SIGNATUREMODE_VERIFY, 32)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS, SEC_SIGNATUREMODE_SIGN, 2049)); \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS, SEC_SIGNATUREMODE_VERIFY, 2049)); \ +} while(0) + +#define EC_SIGNATURE_TESTS(suite, pub, priv, kc, keySize) do { \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_ECDSA_NISTP256_DIGEST, SEC_SIGNATUREMODE_SIGN, 32)); \ + if (kc != TESTKC_GENERATED) { \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_ECDSA_NISTP256_DIGEST, SEC_SIGNATUREMODE_VERIFY, 32)); \ + } \ + \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, SEC_SIGNATUREMODE_SIGN, 2049)); \ + if (kc != TESTKC_GENERATED) { \ + RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ + SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, SEC_SIGNATUREMODE_VERIFY, 2049)); \ + } \ +} while (0) + +int testIt(int argc, char *argv[]) { + int nParams = argc-1; + std::vector runParams; + SEC_PRINT("Number of runParams: %d\n", nParams); + for (int i=1; i<(nParams+1); ++i) { + runParams.push_back(atoi(argv[i])); + } + + SEC_PRINT("==============================================\n"); + + //print SecApi info + { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return 1; + } + + if (SEC_RESULT_SUCCESS != SecProcessor_PrintInfo(ctx.proc())) { + SEC_LOG_ERROR("SecProcessor_PrintInfo failed"); + return 1; + } + } + + TestCreds::init(); + SuiteCtx suite; + suite.setRunParams(runParams); + + SEC_PRINT("\n"); + SEC_PRINT("CAPABILITY_AES256: %d\n", TestCreds::supports(CAPABILITY_AES256)); + SEC_PRINT("CAPABILITY_HMAC_IN_HW: %d\n", TestCreds::supports(CAPABILITY_HMAC_IN_HW)); + SEC_PRINT("CAPABILITY_CMAC_IN_HW: %d\n", TestCreds::supports(CAPABILITY_CMAC_IN_HW)); + SEC_PRINT("CAPABILITY_DIGEST_OVER_HWKEY: %d\n", TestCreds::supports(CAPABILITY_DIGEST_OVER_HWKEY)); + SEC_PRINT("CAPABILITY_HMAC_OVER_HWKEY: %d\n", TestCreds::supports(CAPABILITY_HMAC_OVER_HWKEY)); + SEC_PRINT("CAPABILITY_CMAC_OVER_HWKEY: %d\n", TestCreds::supports(CAPABILITY_CMAC_OVER_HWKEY)); + SEC_PRINT("CAPABILITY_HKDF_CMAC: %d\n", TestCreds::supports(CAPABILITY_HKDF_CMAC)); + SEC_PRINT("CAPABILITY_EXTRACT_RSA_PUB: %d\n", TestCreds::supports(CAPABILITY_EXTRACT_RSA_PUB)); + SEC_PRINT("CAPABILITY_WRAPPED_KEY_FORMAT_V3: %d\n", TestCreds::supports(CAPABILITY_WRAPPED_KEY_FORMAT_V3)); + SEC_PRINT("CAPABILITY_RSA_AES_M2M: %d\n", TestCreds::supports(CAPABILITY_RSA_AES_M2M)); + SEC_PRINT("CAPABILITY_CLEAR_JTYPE_WRAPPING: %d\n", TestCreds::supports(CAPABILITY_CLEAR_JTYPE_WRAPPING)); + SEC_PRINT("CAPABILITY_SVP: %d\n", TestCreds::supports(CAPABILITY_SVP)); + SEC_PRINT("CAPABILITY_LOAD_SYM_SOC_KC: %d\n", TestCreds::supports(CAPABILITY_LOAD_SYM_SOC_KC)); + SEC_PRINT("CAPABILITY_EXPORT_RSA: %d\n", TestCreds::supports(CAPABILITY_EXPORT_RSA)); + SEC_PRINT("CAPABILITY_RSA_1024: %d\n", TestCreds::supports(CAPABILITY_RSA_1024)); + SEC_PRINT("CAPABILITY_RSA_AESCBC_AES: %d\n", TestCreds::supports(CAPABILITY_RSA_AESCBC_AES)); + SEC_PRINT("CAPABILITY_RSA_AESCTR_AES: %d\n", TestCreds::supports(CAPABILITY_RSA_AESCTR_AES)); + SEC_PRINT("CAPABILITY_RSA_AESCTR_RSA: %d\n", TestCreds::supports(CAPABILITY_RSA_AESCTR_RSA)); + SEC_PRINT("\n"); + + runProcessorTests(&suite); + + runRandomTests(&suite); + + runBundleTests(&suite); + + runCertTests(&suite); + + runKeyTests(&suite); + + DIGEST_TESTS(&suite, SEC_DIGESTALGORITHM_SHA1); + DIGEST_TESTS(&suite, SEC_DIGESTALGORITHM_SHA256); + + if (TestCreds::supports(CAPABILITY_HMAC_IN_HW)) { + MAC_TESTS(&suite, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1); + MAC_TESTS(&suite, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1); + MAC_TESTS(&suite, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1); + MAC_TESTS(&suite, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256); + MAC_TESTS(&suite, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256); + MAC_TESTS(&suite, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256); + } else { + MAC_TESTS(&suite, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA1); + MAC_TESTS(&suite, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA1); + MAC_TESTS(&suite, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA1); + MAC_TESTS(&suite, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA256); + MAC_TESTS(&suite, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA256); + MAC_TESTS(&suite, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA256); + } + + if (TestCreds::supports(CAPABILITY_CMAC_IN_HW)) { + MAC_TESTS(&suite, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_CMAC_AES_128); + if (TestCreds::supports(CAPABILITY_AES256)) { + MAC_TESTS(&suite, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_CMAC_AES_128); + } + } else { + MAC_TESTS(&suite, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_CMAC_AES_128); + if (TestCreds::supports(CAPABILITY_AES256)) { + MAC_TESTS(&suite, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_CMAC_AES_128); + } + } + + //aes + AES_TESTS(&suite, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM); + AES_TESTS(&suite, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED); + + if (TestCreds::supports(CAPABILITY_AES256)) { + AES_TESTS(&suite, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM); + AES_TESTS(&suite, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED); + } + + AESCTR_TESTS(&suite); + + //rsa + if (TestCreds::supports(CAPABILITY_RSA_1024)) { + RSA_ENCRYPT_TESTS(&suite, TESTKEY_RSA1024_ENC_PUB, TESTKEY_RSA1024_ENC_PRIV, TESTKC_RAW); + RSA_DECRYPT_TESTS(&suite, TESTKEY_RSA1024_ENC_PUB, TESTKEY_RSA1024_ENC_PRIV, TESTKC_SOC); + } + + RSA_ENCRYPT_TESTS(&suite, TESTKEY_RSA2048_ENC_PUB, TESTKEY_RSA2048_ENC_PRIV, TESTKC_RAW); + RSA_DECRYPT_TESTS(&suite, TESTKEY_RSA2048_ENC_PUB, TESTKEY_RSA2048_ENC_PRIV, TESTKC_SOC); + + //sign + if (TestCreds::supports(CAPABILITY_RSA_1024)) { + RSA_SIGNATURE_TESTS(&suite, TESTKEY_RSA1024_SGN_PUB, TESTKEY_RSA1024_SGN_PRIV, TESTKC_SOC, 128); + } + RSA_SIGNATURE_TESTS(&suite, TESTKEY_RSA2048_SGN_PUB, TESTKEY_RSA2048_SGN_PRIV, TESTKC_SOC, 256); + + EC_SIGNATURE_TESTS(&suite, TESTKEY_EC_PUB, TESTKEY_EC_PRIV, TESTKC_SOC, 128); + EC_SIGNATURE_TESTS(&suite, TESTKEY_EC_PUB, TESTKEY_EC_PRIV, TESTKC_GENERATED, 128); + EC_SIGNATURE_TESTS(&suite, TESTKEY_EC_PUB, TESTKEY_EC_PRIV, TESTKC_EXPORTED, 128); + + runWrappedTests(&suite); + + runKeyCtrlTests(&suite); + + runSVPTests(&suite); + + runConcurrentTests(&suite); + + runExchangeTests(&suite); + + //todo: fragmented processing + //todo: add pem containers, raw formats for keys, certs + + SEC_PRINT("==============================================\n"); + SEC_PRINT("Test summary: %d/%d succeeded, %d skipped\n", suite.getSucceeded().size(), suite.getAttempted().size(), suite.getSkipped().size()); + + std::vector failed = suite.getFailed(); + if (failed.size() > 0) { + SEC_PRINT("\nFailed Tests: [%d]\n", failed.size()); + for (unsigned int i=0; i +#include + +static Sec_Result _BigNumToBuffer(const BIGNUM *bignum, SEC_BYTE *buffer, SEC_SIZE buffer_len) +{ + SEC_SIZE num_bytes; + + memset(buffer, 0, buffer_len); + num_bytes = BN_num_bytes(bignum); + + if (num_bytes > buffer_len) { + SEC_LOG_ERROR("buffer not large enough. needed: %d, actual: %d", num_bytes, buffer_len); + return SEC_RESULT_FAILURE; + } + + BN_bn2bin(bignum, buffer + buffer_len - num_bytes); + + return SEC_RESULT_SUCCESS; +} + +std::vector signOpenSSL( + Sec_SignatureAlgorithm alg, + TestKey key, + const std::vector& input) { + + std::vector digest; + const EVP_MD * evp_md = NULL; + + SEC_BOOL pss = (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS); + + if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS_DIGEST + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST) { + digest = input; + evp_md = EVP_sha1(); + } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS_DIGEST + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST) { + digest = input; + evp_md = EVP_sha256(); + } else if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256_DIGEST) { + digest = input; + evp_md = EVP_sha256(); + } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS) { + digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA1, input); + evp_md = EVP_sha1(); + } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS) { + digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, input); + evp_md = EVP_sha256(); + } else if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256) { + digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, input); + evp_md = EVP_sha256(); + } else { + SEC_LOG_ERROR("Unknown signature algorithm"); + return std::vector(); + } + + TestCtx::printHex("digest to sign", digest); + + if (SecKey_IsEcc(TestCreds::getKeyType(key))) { + ECDSA_SIG *esig = NULL; + + EC_KEY *ec_key = TestCreds::asOpenSslEcKey(key); + if (NULL == ec_key) + { + SEC_LOG_ERROR("TestCreds::asOpenSslEcKey failed"); + return std::vector(); + } + + esig = ECDSA_do_sign(&digest[0], digest.size(), ec_key); + SEC_ECC_FREE(ec_key); + + if (NULL == esig) + { + SEC_LOG_ERROR("ECDSA_do_sign failed"); + return std::vector(); + } + + std::vector sig; + sig.resize(256); + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + _BigNumToBuffer(esig->r, &sig[0], SEC_ECC_NISTP256_KEY_LEN); + _BigNumToBuffer(esig->s, &sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN); +#else + const BIGNUM *esigr = NULL; + const BIGNUM *esigs = NULL; + ECDSA_SIG_get0(esig, &esigr, &esigs); + _BigNumToBuffer((BIGNUM *) esigr, &sig[0], SEC_ECC_NISTP256_KEY_LEN); + _BigNumToBuffer((BIGNUM *) esigs, &sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN); +#endif + + sig.resize(SecSignature_GetEccSignatureSize(alg)); + + return sig; + } else { + EVP_PKEY *evp_pkey = TestCreds::asOpenSslEvpPkey(key); + if (evp_pkey == NULL) { + SEC_LOG_ERROR("TestCreds::asOpenSslEvpPkey failed"); + return std::vector(); + } + + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(evp_pkey, NULL); + if (ctx == NULL) { + EVP_PKEY_free(evp_pkey); + SEC_LOG_ERROR("EVP_PKEY_CTX_new failed"); + return std::vector(); + } + + if (EVP_PKEY_sign_init(ctx) <= 0 + || EVP_PKEY_CTX_set_rsa_padding(ctx, pss ? RSA_PKCS1_PSS_PADDING : RSA_PKCS1_PADDING) <= 0 + || EVP_PKEY_CTX_set_signature_md(ctx, evp_md) <= 0) { + EVP_PKEY_free(evp_pkey); + EVP_PKEY_CTX_free(ctx); + SEC_LOG_ERROR("Could not setup EVP_PKEY_CTX"); + return std::vector(); + } + + if (pss && EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, evp_md == EVP_sha1() ? 20 : 32) <= 0) { + EVP_PKEY_free(evp_pkey); + EVP_PKEY_CTX_free(ctx); + SEC_LOG_ERROR("Could not setup EVP_PKEY_CTX"); + return std::vector(); + } + + std::vector sig; + sig.resize(256); + size_t siglen = 256; + + if (EVP_PKEY_sign(ctx, NULL, &siglen, &digest[0], digest.size()) <= 0 || + EVP_PKEY_sign(ctx, &sig[0], &siglen, &digest[0], digest.size()) <= 0) { + EVP_PKEY_free(evp_pkey); + EVP_PKEY_CTX_free(ctx); + SEC_LOG_ERROR("EVP_PKEY_sign failed"); + return std::vector(); + } + + EVP_PKEY_free(evp_pkey); + EVP_PKEY_CTX_free(ctx); + + sig.resize(siglen); + + return sig; + } +} + +static EC_KEY *_ECCFromPubBinary(Sec_ECCRawPublicKey *binary) +{ + BN_CTX *ctx = BN_CTX_new(); + + if ( binary->type != SEC_KEYTYPE_ECC_NISTP256_PUBLIC + && binary->type != SEC_KEYTYPE_ECC_NISTP256) + return NULL; + + EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); //create ec_key structure with NIST p256 curve; + const EC_GROUP *group = EC_KEY_get0_group(ec_key); + EC_POINT *ec_point = EC_POINT_new(group); + BN_CTX_start(ctx); + BIGNUM *xp, *yp; + + if (((xp = BN_CTX_get(ctx)) == NULL) || ((yp = BN_CTX_get(ctx)) == NULL)) + goto done; + + EC_POINT_set_affine_coordinates_GFp(group, ec_point, + BN_bin2bn(binary->x, Sec_BEBytesToUint32(binary->key_len), xp), + BN_bin2bn(binary->y, Sec_BEBytesToUint32(binary->key_len), yp), ctx); + EC_KEY_set_public_key(ec_key, ec_point); + +done: + EC_POINT_free(ec_point); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return ec_key; +} + +static SEC_BOOL verifyOpenSSLEccPub( + Sec_SignatureAlgorithm alg, + Sec_ECCRawPublicKey *eccPub, + const std::vector& input, + const std::vector& sig) { + + std::vector digest; + const EVP_MD * evp_md = NULL; + + if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256_DIGEST) { + digest = input; + evp_md = EVP_sha256(); + } else if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256) { + digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, input); + evp_md = EVP_sha256(); + } else { + SEC_LOG_ERROR("Unknown signature algorithm"); + return SEC_FALSE; + } + + TestCtx::printHex("digest to verify", digest); + + if (sig.size() != SecSignature_GetEccSignatureSize(alg)) + { + SEC_LOG_ERROR("Incorrect ECC signature size"); + return SEC_FALSE; + } + + EC_KEY *ec_key = _ECCFromPubBinary(eccPub); + if (NULL == ec_key) + { + SEC_LOG_ERROR("TestCreds::_ECCFromPubBinary failed"); + return SEC_FALSE; + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + ECDSA_SIG esig; + esig.r = BN_new(); + esig.s = BN_new(); + BN_bin2bn(&sig[0], SEC_ECC_NISTP256_KEY_LEN, esig.r); + BN_bin2bn(&sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN, esig.s); + int openssl_res = ECDSA_do_verify(&digest[0], digest.size(), &esig, ec_key); + BN_free(esig.r); + BN_free(esig.s); +#else + ECDSA_SIG *esig = ECDSA_SIG_new(); + BIGNUM *r = BN_new(); + BIGNUM *s = BN_new(); + BN_bin2bn(&sig[0], SEC_ECC_NISTP256_KEY_LEN, r); + BN_bin2bn(&sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN, s); + ECDSA_SIG_set0(esig, r, s); + int openssl_res = ECDSA_do_verify(&digest[0], digest.size(), esig, ec_key); + ECDSA_SIG_free(esig); +#endif + SEC_ECC_FREE(ec_key); + + if (1 != openssl_res) + { + SEC_LOG_ERROR("ECDSA_do_verify failed"); + return SEC_FALSE; + } + + return SEC_TRUE; +} + +SEC_BOOL verifyOpenSSL( + Sec_SignatureAlgorithm alg, + TestKey key, + const std::vector& input, + const std::vector& sig) { + + std::vector digest; + const EVP_MD * evp_md = NULL; + + SEC_BOOL pss = (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS); + + if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS_DIGEST + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST) { + digest = input; + evp_md = EVP_sha1(); + } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS_DIGEST + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST) { + digest = input; + evp_md = EVP_sha256(); + } else if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256_DIGEST) { + digest = input; + evp_md = EVP_sha256(); + } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS) { + digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA1, input); + evp_md = EVP_sha1(); + } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS + || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS) { + digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, input); + evp_md = EVP_sha256(); + } else if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256) { + digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, input); + evp_md = EVP_sha256(); + } else { + SEC_LOG_ERROR("Unknown signature algorithm"); + return SEC_FALSE; + } + + TestCtx::printHex("digest to verify", digest); + + if (SecKey_IsEcc(TestCreds::getKeyType(key))) { + if (sig.size() != SecSignature_GetEccSignatureSize(alg)) + { + SEC_LOG_ERROR("Incorrect ECC signature size"); + return SEC_FALSE; + } + + EC_KEY *ec_key = TestCreds::asOpenSslEcKey(key); + if (NULL == ec_key) + { + SEC_LOG_ERROR("TestCreds::asOpenSslEcKey failed"); + return SEC_FALSE; + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + ECDSA_SIG esig; + esig.r = BN_new(); + esig.s = BN_new(); + BN_bin2bn(&sig[0], SEC_ECC_NISTP256_KEY_LEN, esig.r); + BN_bin2bn(&sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN, esig.s); + int openssl_res = ECDSA_do_verify(&digest[0], digest.size(), &esig, ec_key); + BN_free(esig.r); + BN_free(esig.s); +#else + ECDSA_SIG *esig = ECDSA_SIG_new(); + BIGNUM *r = BN_new(); + BIGNUM *s = BN_new(); + BN_bin2bn(&sig[0], SEC_ECC_NISTP256_KEY_LEN, r); + BN_bin2bn(&sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN, s); + ECDSA_SIG_set0(esig, r, s); + int openssl_res = ECDSA_do_verify(&digest[0], digest.size(), esig, ec_key); + ECDSA_SIG_free(esig); +#endif + SEC_ECC_FREE(ec_key); + + if (1 != openssl_res) + { + SEC_LOG_ERROR("ECDSA_do_verify failed"); + return SEC_FALSE; + } + + return SEC_TRUE; + } else { + EVP_PKEY *evp_pkey = TestCreds::asOpenSslEvpPkey(key); + if (evp_pkey == NULL) { + SEC_LOG_ERROR("TestCreds::asOpenSslEvpPkey failed"); + return SEC_FALSE; + } + + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(evp_pkey, NULL); + if (ctx == NULL) { + EVP_PKEY_free(evp_pkey); + SEC_LOG_ERROR("EVP_PKEY_CTX_new failed"); + return SEC_FALSE; + } + + if (EVP_PKEY_verify_init(ctx) <= 0 + || EVP_PKEY_CTX_set_rsa_padding(ctx, pss ? RSA_PKCS1_PSS_PADDING : RSA_PKCS1_PADDING) <= 0 + || EVP_PKEY_CTX_set_signature_md(ctx, evp_md) <= 0) { + EVP_PKEY_free(evp_pkey); + EVP_PKEY_CTX_free(ctx); + SEC_LOG_ERROR("Could not setup EVP_PKEY_CTX"); + return SEC_FALSE; + } + + if (pss && EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, evp_md == EVP_sha1() ? 20 : 32) <= 0) { + EVP_PKEY_free(evp_pkey); + EVP_PKEY_CTX_free(ctx); + SEC_LOG_ERROR("Could not setup EVP_PKEY_CTX"); + return SEC_FALSE; + } + + if (EVP_PKEY_verify(ctx, &sig[0], sig.size(), &digest[0], digest.size()) <= 0) { + EVP_PKEY_free(evp_pkey); + EVP_PKEY_CTX_free(ctx); + SEC_LOG_ERROR("EVP_PKEY_verify failed"); + return SEC_FALSE; + } + + EVP_PKEY_free(evp_pkey); + EVP_PKEY_CTX_free(ctx); + + return SEC_TRUE; + } + + return SEC_FALSE; +} + +std::vector signSecApi(TestCtx *ctx, + Sec_SignatureAlgorithm alg, + Sec_KeyHandle *key, + const std::vector& input) { + + Sec_SignatureHandle *handle = ctx->acquireSignature(alg, SEC_SIGNATUREMODE_SIGN, key); + if (handle == NULL) { + SEC_LOG_ERROR("TestCtx::acquireSignature failed"); + return std::vector(); + } + + std::vector sig; + sig.resize(256); + SEC_SIZE sig_len; + + if (SEC_RESULT_SUCCESS != SecSignature_Process(handle, + (SEC_BYTE *) &input[0], input.size(), + &sig[0], &sig_len)) { + SEC_LOG_ERROR("SecSignature_Process failed"); + return std::vector(); + } + + sig.resize(sig_len); + + return sig; +} + +SEC_BOOL verifySecApi(TestCtx *ctx, + Sec_SignatureAlgorithm alg, + Sec_KeyHandle *key, + const std::vector& input, + const std::vector& sig) { + + Sec_SignatureHandle *handle = ctx->acquireSignature(alg, SEC_SIGNATUREMODE_VERIFY, key); + if (handle == NULL) { + SEC_LOG_ERROR("TestCtx::acquireSignature failed"); + return SEC_FALSE; + } + + SEC_SIZE sig_len = sig.size(); + + if (SEC_RESULT_SUCCESS != SecSignature_Process(handle, + (SEC_BYTE *) &input[0], input.size(), + (SEC_BYTE *) &sig[0], &sig_len)) { + SEC_LOG_ERROR("SecSignature_Process failed"); + return SEC_FALSE; + } + + return SEC_TRUE; +} + +Sec_Result testSignature( + SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, + Sec_SignatureAlgorithm alg, Sec_SignatureMode mode, SEC_SIZE inputSize) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + //mode + SEC_BOOL testSign = (mode == SEC_SIGNATUREMODE_SIGN); + + Sec_KeyHandle *keyHandle = NULL; + if (testSign) { + if (NULL == (keyHandle = ctx.provisionKey(id, loc, priv, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (NULL == (keyHandle = ctx.provisionKey(id, loc, pub, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + } + + //gen clear input + std::vector clear = TestCtx::random(inputSize); + TestCtx::printHex("clear", clear); + + //sign + std::vector sig; + if (testSign) { + sig = signSecApi(&ctx, alg, keyHandle, clear); + } else { + //use openssl to sign + sig = signOpenSSL(alg, priv, clear); + } + + TestCtx::printHex("sig", sig); + + //verify + SEC_BOOL ver_res; + if (testSign) { + //use openssl to verify + if (kc == TESTKC_GENERATED) { + //extract pub from the generated key + Sec_ECCRawPublicKey eccPub; + if (SEC_RESULT_SUCCESS != SecKey_ExtractECCPublicKey(keyHandle, &eccPub)) { + SEC_LOG_ERROR("SecKey_ExtractECCPublicKey failed"); + return SEC_RESULT_FAILURE; + } + + ver_res = verifyOpenSSLEccPub(alg, &eccPub, clear, sig); + } else { + ver_res = verifyOpenSSL(alg, pub, clear, sig); + } + } else { + //use sec api to verify + ver_res = verifySecApi(&ctx, alg, keyHandle, clear, sig); + } + + //check if results match + if (!ver_res) { + SEC_LOG_ERROR("Verification failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/sign.h b/test/main/cpp/sign.h new file mode 100644 index 0000000..83b0a9b --- /dev/null +++ b/test/main/cpp/sign.h @@ -0,0 +1,35 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_SIGN_H_ +#define TEST_SIGN_H_ + +#include "sec_security.h" +#include +#include "test_creds.h" + +std::vector signOpenSSL(Sec_SignatureAlgorithm alg, TestKey key, const std::vector& input); + +SEC_BOOL verifyOpenSSL(Sec_SignatureAlgorithm alg, TestKey key, const std::vector& input, const std::vector& sig); + +Sec_Result testSignature( + SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, + Sec_SignatureAlgorithm alg, Sec_SignatureMode mode, SEC_SIZE inputSize); + +#endif diff --git a/test/main/cpp/svp.cpp b/test/main/cpp/svp.cpp new file mode 100644 index 0000000..9ffd962 --- /dev/null +++ b/test/main/cpp/svp.cpp @@ -0,0 +1,320 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "svp.h" +#include "cipher.h" +#include "test_ctx.h" + +Sec_Result testOpaqueMalloc() { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_OpaqueBufferHandle* handle = NULL; + SEC_BYTE input[64*1024]; + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(sizeof(input), &handle)) { + SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Write(handle, 0, input, sizeof(input))) { + SEC_LOG_ERROR("Sec_OpaqueBufferWrite failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Free(handle)) { + SEC_LOG_ERROR("Sec_OpaqueBufferFree failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testSecureBootEnabled() { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecCodeIntegrity_SecureBootEnabled()) { + SEC_LOG_ERROR("SecCodeIntegrity_SecureBootEnabled failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testSetTime() { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecSVP_SetTime(time(NULL))) { + SEC_LOG_ERROR("SecSVP_SetTime failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testKeycheckOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = NULL; + if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_CipherHandle* cipherHandle = NULL; + if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, handle, + NULL, &cipherHandle)) { + SEC_LOG_ERROR("SecCipher_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + std::vector input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector expected = opensslAesEcb(key, SEC_CIPHERMODE_ENCRYPT, SEC_FALSE, NULL, input); + + TestCtx::printHex("input", input); + TestCtx::printHex("expected", expected); + + Sec_OpaqueBufferHandle *inputHandle = NULL; + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &inputHandle)) { + SecCipher_Release(cipherHandle); + SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Write(inputHandle, 0, &input[0], input.size())) { + SecOpaqueBuffer_Free(inputHandle); + SecCipher_Release(cipherHandle); + SEC_LOG_ERROR("Sec_OpaqueBufferWrite failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecCipher_KeyCheckOpaque(cipherHandle, inputHandle, SEC_AES_BLOCK_SIZE, &expected[0])) { + SecOpaqueBuffer_Free(inputHandle); + SecCipher_Release(cipherHandle); + SEC_LOG_ERROR("SecCipher_KeyCheckOpaque failed"); + return SEC_RESULT_FAILURE; + } + + /* 2.2 checks for 'checkLength' arg */ + if (SEC_RESULT_SUCCESS != SecCipher_KeyCheckOpaque(cipherHandle, inputHandle, 8, &expected[0])) { + SecOpaqueBuffer_Free(inputHandle); + SecCipher_Release(cipherHandle); + SEC_LOG_ERROR("SecCipher_KeyCheckOpaque failed"); + return SEC_RESULT_FAILURE; + } + if (SEC_RESULT_SUCCESS == SecCipher_KeyCheckOpaque(cipherHandle, inputHandle, 7, &expected[0])) { + SecOpaqueBuffer_Free(inputHandle); + SecCipher_Release(cipherHandle); + SEC_LOG_ERROR("expected SecCipher_KeyCheckOpaque to fail with checkLength < 8"); + return SEC_RESULT_FAILURE; + } + if (SEC_RESULT_SUCCESS == SecCipher_KeyCheckOpaque(cipherHandle, inputHandle, 17, &expected[0])) { + SecOpaqueBuffer_Free(inputHandle); + SecCipher_Release(cipherHandle); + SEC_LOG_ERROR("expected SecCipher_KeyCheckOpaque to fail with checkLength > 16"); + return SEC_RESULT_FAILURE; + } + + SecOpaqueBuffer_Free(inputHandle); + SecCipher_Release(cipherHandle); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testProcessOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = NULL; + if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_CipherHandle* cipherHandle = NULL; + if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, handle, + NULL, &cipherHandle)) { + SEC_LOG_ERROR("SecCipher_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + Sec_OpaqueBufferHandle *inputHandle = NULL; + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &inputHandle)) { + SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); + SecCipher_Release(cipherHandle); + return SEC_RESULT_FAILURE; + } + + Sec_OpaqueBufferHandle *outputHandle = NULL; + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &outputHandle)) { + SecOpaqueBuffer_Free(inputHandle); + SecCipher_Release(cipherHandle); + SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); + return SEC_RESULT_FAILURE; + } + + SEC_SIZE written = 0; + + if (SEC_RESULT_SUCCESS != SecCipher_ProcessOpaque(cipherHandle, + inputHandle, outputHandle, 256, SEC_TRUE, &written)) { + SecOpaqueBuffer_Free(inputHandle); + SecOpaqueBuffer_Free(outputHandle); + SecCipher_Release(cipherHandle); + SEC_LOG_ERROR("SecCipher_ProcessOpaque failed"); + return SEC_RESULT_FAILURE; + } + + SecOpaqueBuffer_Free(inputHandle); + SecOpaqueBuffer_Free(outputHandle); + SecCipher_Release(cipherHandle); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testCopyOpaque() { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_OpaqueBufferHandle *inputHandle = NULL; + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &inputHandle)) { + SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); + return SEC_RESULT_FAILURE; + } + + Sec_OpaqueBufferHandle *outputHandle = NULL; + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &outputHandle)) { + SecOpaqueBuffer_Free(inputHandle); + SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); + return SEC_RESULT_FAILURE; + } + + SEC_BYTE tmp[128]; + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Write(inputHandle, 128, tmp, 128)) { + SEC_LOG_ERROR("SecOpaqueBuffer_Write failed"); + SecOpaqueBuffer_Free(inputHandle); + SecOpaqueBuffer_Free(outputHandle); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Copy(outputHandle, 0, inputHandle, 128, 128)) { + SEC_LOG_ERROR("SecOpaqueBuffer_Copy failed"); + SecOpaqueBuffer_Free(inputHandle); + SecOpaqueBuffer_Free(outputHandle); + return SEC_RESULT_FAILURE; + } + + SecOpaqueBuffer_Free(inputHandle); + SecOpaqueBuffer_Free(outputHandle); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testProcessDataShiftOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { + TestCtx ctx; + Sec_Result result = SEC_RESULT_FAILURE; + Sec_OpaqueBufferHandle *inputHandle1 = NULL; + Sec_OpaqueBufferHandle *inputHandle2 = NULL; + Sec_OpaqueBufferHandle *outputHandle = NULL; + SEC_SIZE written = 0; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyHandle *handle = NULL; + if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + Sec_CipherHandle* cipherHandle = NULL; + if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(ctx.proc(), + SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, handle, + &iv[0], &cipherHandle)) { + SEC_LOG_ERROR("SecCipher_GetInstance failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(8, &inputHandle1)) { + SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256-8, &inputHandle2)) { + SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &outputHandle)) { + SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecCipher_ProcessOpaque(cipherHandle, + inputHandle1, outputHandle, 8, SEC_FALSE, &written)) { + SEC_LOG_ERROR("SecCipher_ProcessOpaque failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != SecCipher_ProcessCtrWithOpaqueDataShift(cipherHandle, inputHandle2, outputHandle, 256-8, &written, 8)) { + SEC_LOG_ERROR("SecCipher_ProcessCtrWithOpaqueDataShift failed"); + goto done; + } + + + result = SEC_RESULT_SUCCESS; + + done: + + if (inputHandle1) + SecOpaqueBuffer_Free(inputHandle1); + if (inputHandle2) + SecOpaqueBuffer_Free(inputHandle2); + if (outputHandle) + SecOpaqueBuffer_Free(outputHandle); + if (cipherHandle) + SecCipher_Release(cipherHandle); + + return result; +} diff --git a/test/main/cpp/svp.h b/test/main/cpp/svp.h new file mode 100644 index 0000000..1ca05e2 --- /dev/null +++ b/test/main/cpp/svp.h @@ -0,0 +1,35 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_SVP_H_ +#define TEST_SVP_H_ + +#include "sec_security.h" +#include +#include "test_creds.h" + +Sec_Result testOpaqueMalloc(); +Sec_Result testCopyOpaque(); +Sec_Result testSecureBootEnabled(); +Sec_Result testSetTime(); +Sec_Result testKeycheckOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); +Sec_Result testProcessOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); +Sec_Result testProcessDataShiftOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); + +#endif diff --git a/test/main/cpp/test_creds_clear.cpp b/test/main/cpp/test_creds_clear.cpp new file mode 100644 index 0000000..e4bbb00 --- /dev/null +++ b/test/main/cpp/test_creds_clear.cpp @@ -0,0 +1,1386 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "test_creds.h" +#include "test_ctx.h" +#include "sec_security_utils.h" +#include +#include +#include + +unsigned char sym128_a_bin[] = { 0x05, 0xe8, 0x38, 0x84, 0xc4, 0x0c, 0x0a, 0xd8, + 0x20, 0x79, 0x9e, 0xb5, 0x81, 0xf8, 0x74, 0x28 }; +unsigned int sym128_a_bin_len = 16; + +unsigned char sym160_a_bin[] = { 0xaa, 0xbe, 0xf6, 0x0b, 0x97, 0x3a, 0x55, 0xc0, + 0x3d, 0xa0, 0xdd, 0x85, 0xef, 0xb3, 0xbd, 0xc0, 0x2f, 0x09, 0x32, 0x88 }; +unsigned int sym160_a_bin_len = 20; + +unsigned char sym256_a_bin[] = { 0x6f, 0x08, 0x2b, 0xb5, 0xa9, 0xb9, 0x27, 0x3b, + 0xd5, 0x4b, 0xaf, 0xfb, 0xe9, 0x63, 0xc7, 0xd2, 0xad, 0xde, 0xf1, 0x68, + 0x87, 0x07, 0xdb, 0xc5, 0xbf, 0x7c, 0x2b, 0x33, 0x5f, 0x29, 0x99, 0x44 }; +unsigned int sym256_a_bin_len = 32; + +unsigned char rsa1024_der[] = { 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, + 0x81, 0x81, 0x00, 0xc4, 0x32, 0x70, 0x15, 0xb3, 0x53, 0xd5, 0xaf, 0x26, + 0xc2, 0xcd, 0x6e, 0x87, 0x9f, 0x13, 0x10, 0x9e, 0x3d, 0x8d, 0x6c, 0xb4, + 0x1e, 0xc8, 0xbb, 0xf1, 0xbf, 0x7a, 0xc0, 0xce, 0xbf, 0x5c, 0x00, 0x1f, + 0x83, 0xd8, 0xe3, 0xf7, 0xe8, 0xa3, 0x79, 0x61, 0xd4, 0x3a, 0xae, 0x49, + 0x6d, 0x38, 0x1d, 0x12, 0x74, 0xba, 0x9c, 0xb4, 0x38, 0x61, 0x6b, 0x44, + 0x1d, 0xac, 0xf7, 0xa7, 0x7d, 0x8a, 0x80, 0x9f, 0x56, 0x67, 0xb2, 0xe5, + 0x45, 0xbc, 0x0d, 0xde, 0xde, 0x63, 0x06, 0x13, 0x4d, 0x06, 0x2e, 0xe2, + 0xf9, 0xfa, 0xe4, 0x3b, 0xa6, 0xa0, 0x49, 0xbb, 0x11, 0x23, 0xf8, 0x68, + 0x85, 0x3c, 0x1b, 0x92, 0xe1, 0x6c, 0x42, 0x37, 0xe3, 0x1b, 0x7c, 0x7a, + 0x25, 0x91, 0x30, 0xd5, 0xa5, 0xf3, 0xbb, 0x91, 0x23, 0xdf, 0x23, 0x94, + 0xb8, 0xf2, 0x61, 0x4f, 0xba, 0x73, 0xd1, 0x4b, 0x2b, 0x89, 0x8f, 0x02, + 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x81, 0x00, 0x8c, 0x8d, 0xad, 0xaa, + 0x7e, 0x2b, 0xe2, 0xfb, 0x75, 0x83, 0x3c, 0xf4, 0xa0, 0x08, 0x1f, 0xfa, + 0x59, 0xc2, 0xb2, 0xdc, 0x5b, 0x35, 0x6a, 0x8c, 0xea, 0x25, 0x48, 0xe5, + 0x73, 0xb7, 0xb7, 0x4b, 0x07, 0x48, 0xc7, 0x4a, 0x99, 0xc1, 0x79, 0xcb, + 0x6d, 0x80, 0x43, 0x01, 0xb4, 0xec, 0x9f, 0xb4, 0x84, 0x12, 0x47, 0xd6, + 0x17, 0x6e, 0x04, 0xac, 0x79, 0xc1, 0xe0, 0xb6, 0x12, 0xb1, 0x67, 0x54, + 0x77, 0xa2, 0xd4, 0x80, 0xf2, 0x87, 0xb9, 0x56, 0xcc, 0xde, 0xc2, 0x52, + 0x09, 0x2d, 0x5b, 0x7b, 0x0e, 0xfa, 0xe2, 0xd8, 0x9e, 0x41, 0xaf, 0xfc, + 0x42, 0x0d, 0x24, 0x6c, 0xe2, 0x8b, 0x3a, 0xae, 0x5c, 0x17, 0x11, 0xbb, + 0x33, 0x13, 0xb8, 0x66, 0xd6, 0xc6, 0xb1, 0x2f, 0xef, 0xf0, 0x68, 0x0e, + 0x2c, 0xf9, 0x41, 0xd2, 0x7f, 0xe0, 0x15, 0xe2, 0x33, 0xf5, 0xd8, 0xb6, + 0x01, 0xb0, 0x64, 0x91, 0x02, 0x41, 0x00, 0xf3, 0x37, 0x23, 0xf9, 0xff, + 0x24, 0x37, 0x63, 0x10, 0x19, 0x6f, 0x6c, 0x35, 0xa0, 0x41, 0x3c, 0x2c, + 0x00, 0xa8, 0x71, 0xa9, 0x09, 0x0e, 0x1f, 0xc7, 0x87, 0x6e, 0x67, 0xf3, + 0x8a, 0x76, 0x5f, 0xfb, 0x69, 0x44, 0x22, 0x88, 0x36, 0x1d, 0x31, 0xb9, + 0x79, 0xd3, 0x8c, 0x92, 0xb4, 0x0c, 0x0b, 0x72, 0xdd, 0x62, 0x47, 0x86, + 0xd7, 0x7d, 0x63, 0xb1, 0xe3, 0x30, 0xb4, 0x8f, 0x89, 0x63, 0x3b, 0x02, + 0x41, 0x00, 0xce, 0x82, 0x96, 0xa8, 0x5c, 0x6a, 0x8a, 0x50, 0x31, 0xf1, + 0x9c, 0xe3, 0xaa, 0x0d, 0x89, 0xe4, 0xe2, 0x68, 0xe2, 0x25, 0xf7, 0xec, + 0x5e, 0xe8, 0xde, 0x68, 0x29, 0x84, 0xf2, 0x58, 0x68, 0xa8, 0xb3, 0x1b, + 0x36, 0x68, 0x7c, 0x2d, 0x21, 0xea, 0x92, 0xb5, 0x3a, 0x80, 0xc2, 0x45, + 0xbb, 0xc4, 0xfc, 0x38, 0xb0, 0x33, 0xe2, 0xf1, 0x93, 0x83, 0x48, 0x5d, + 0x91, 0x31, 0xc4, 0x55, 0x65, 0xbd, 0x02, 0x40, 0x0e, 0x66, 0x2d, 0x53, + 0x17, 0xaf, 0xe5, 0x37, 0x90, 0x34, 0x71, 0x4c, 0x4e, 0xc0, 0x76, 0x1c, + 0x41, 0xde, 0xa8, 0x1a, 0x52, 0x8f, 0x9e, 0xae, 0x72, 0xf9, 0xa9, 0xa7, + 0xad, 0xdb, 0x7c, 0xb6, 0xa2, 0x03, 0xd1, 0x6c, 0xd9, 0xf3, 0x9a, 0x36, + 0xdf, 0x6c, 0x3f, 0x02, 0x0b, 0x8d, 0x6d, 0x49, 0x20, 0x3b, 0xcb, 0x1d, + 0xc0, 0xf5, 0xf1, 0x0e, 0x7d, 0xf1, 0x9d, 0x68, 0x93, 0x36, 0xe7, 0x11, + 0x02, 0x40, 0x4c, 0x12, 0x93, 0x09, 0x26, 0x32, 0x21, 0x0d, 0x75, 0xb8, + 0x79, 0x80, 0xec, 0x4d, 0xdc, 0x74, 0x32, 0x6b, 0x4c, 0x93, 0x8c, 0x06, + 0xc8, 0xd7, 0xa3, 0xc6, 0x5f, 0x35, 0x18, 0x49, 0x35, 0x14, 0xa0, 0x15, + 0xf0, 0x2f, 0x01, 0x3f, 0x66, 0xf5, 0x10, 0x62, 0x2e, 0x50, 0xec, 0x3f, + 0xdf, 0xf1, 0xaa, 0xaf, 0xff, 0x48, 0xbd, 0xdb, 0x1b, 0xea, 0x0a, 0xa8, + 0x5d, 0x2a, 0x26, 0x17, 0x07, 0x49, 0x02, 0x41, 0x00, 0xb6, 0xc4, 0x4b, + 0x68, 0x82, 0xe8, 0x40, 0xc0, 0x70, 0x58, 0xdb, 0x68, 0x49, 0x30, 0x7d, + 0x6a, 0xf1, 0xfc, 0x9d, 0x66, 0x33, 0x10, 0x28, 0x1b, 0x54, 0x1d, 0x81, + 0xf1, 0x88, 0x9a, 0x6b, 0xb7, 0x1b, 0x7f, 0x36, 0x79, 0xce, 0x02, 0xec, + 0x7c, 0x7e, 0x71, 0x37, 0x05, 0x46, 0x33, 0xee, 0x3d, 0x71, 0x8f, 0xb6, + 0x16, 0x6c, 0xa6, 0x64, 0xa9, 0xe4, 0x04, 0xc8, 0x12, 0xd7, 0x14, 0xcf, + 0xed }; +unsigned int rsa1024_der_len = 609; + +unsigned char rsa1024_pub_der[] = { 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc4, 0x32, + 0x70, 0x15, 0xb3, 0x53, 0xd5, 0xaf, 0x26, 0xc2, 0xcd, 0x6e, 0x87, 0x9f, + 0x13, 0x10, 0x9e, 0x3d, 0x8d, 0x6c, 0xb4, 0x1e, 0xc8, 0xbb, 0xf1, 0xbf, + 0x7a, 0xc0, 0xce, 0xbf, 0x5c, 0x00, 0x1f, 0x83, 0xd8, 0xe3, 0xf7, 0xe8, + 0xa3, 0x79, 0x61, 0xd4, 0x3a, 0xae, 0x49, 0x6d, 0x38, 0x1d, 0x12, 0x74, + 0xba, 0x9c, 0xb4, 0x38, 0x61, 0x6b, 0x44, 0x1d, 0xac, 0xf7, 0xa7, 0x7d, + 0x8a, 0x80, 0x9f, 0x56, 0x67, 0xb2, 0xe5, 0x45, 0xbc, 0x0d, 0xde, 0xde, + 0x63, 0x06, 0x13, 0x4d, 0x06, 0x2e, 0xe2, 0xf9, 0xfa, 0xe4, 0x3b, 0xa6, + 0xa0, 0x49, 0xbb, 0x11, 0x23, 0xf8, 0x68, 0x85, 0x3c, 0x1b, 0x92, 0xe1, + 0x6c, 0x42, 0x37, 0xe3, 0x1b, 0x7c, 0x7a, 0x25, 0x91, 0x30, 0xd5, 0xa5, + 0xf3, 0xbb, 0x91, 0x23, 0xdf, 0x23, 0x94, 0xb8, 0xf2, 0x61, 0x4f, 0xba, + 0x73, 0xd1, 0x4b, 0x2b, 0x89, 0x8f, 0x02, 0x03, 0x01, 0x00, 0x01 }; +unsigned int rsa1024_pub_der_len = 162; + +unsigned char rsa2048_der[] = { + 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xf2, 0x6a, 0x52, 0xa0, 0x96, 0xc5, 0xb7, 0x86, 0x6f, 0xc4, 0x35, 0x39, + 0x5e, 0x28, 0xd3, 0xa6, 0xab, 0x80, 0x6a, 0xbb, 0x07, 0x10, 0x74, 0xea, + 0xe0, 0xfc, 0xef, 0x54, 0xb0, 0x5e, 0x66, 0x34, 0x21, 0x89, 0x35, 0x09, + 0xb7, 0x46, 0xf8, 0xb6, 0xf8, 0x86, 0xc0, 0x55, 0xc6, 0xc5, 0x2e, 0x36, + 0xcc, 0xb7, 0x24, 0x5e, 0x56, 0xba, 0x2b, 0x8d, 0xfb, 0x8d, 0x7b, 0xe1, + 0x4b, 0x9e, 0xdf, 0x08, 0x5c, 0xb2, 0x28, 0xc0, 0x79, 0x45, 0xd1, 0xf3, + 0x9c, 0x70, 0xd8, 0xaf, 0x50, 0x1c, 0xc3, 0x10, 0x24, 0x84, 0xc1, 0xb1, + 0x36, 0x3f, 0xd4, 0xbf, 0x10, 0x18, 0xf9, 0xd0, 0x72, 0xea, 0xce, 0xbf, + 0x34, 0x8e, 0xb5, 0x97, 0xcb, 0x8a, 0x5e, 0x8e, 0x7d, 0xed, 0x1f, 0xe3, + 0xa9, 0xde, 0x5b, 0x3f, 0xc9, 0x33, 0x4c, 0x9b, 0x3e, 0xd8, 0x29, 0x61, + 0x6b, 0x30, 0xba, 0xa1, 0x36, 0xbd, 0x22, 0x33, 0xa1, 0x25, 0x73, 0xab, + 0x5f, 0x6f, 0x35, 0x48, 0xf1, 0xad, 0x96, 0x5f, 0x0d, 0x0c, 0xe5, 0xe9, + 0x8d, 0xf9, 0xed, 0x0c, 0xcf, 0x50, 0x3c, 0x24, 0x34, 0x9b, 0x9e, 0xbc, + 0xf9, 0xfa, 0x19, 0x51, 0x37, 0x03, 0x5c, 0xd0, 0x25, 0x1f, 0xe6, 0xb2, + 0xf7, 0xff, 0x96, 0xb0, 0x61, 0x42, 0xbb, 0xc5, 0x64, 0x5f, 0x3d, 0xaf, + 0x6f, 0x14, 0xcc, 0x92, 0x74, 0x6a, 0x06, 0xfa, 0xb2, 0xd9, 0xe1, 0x4d, + 0x42, 0x76, 0xab, 0x88, 0xe3, 0x08, 0xa2, 0xad, 0x00, 0xb6, 0xf7, 0x78, + 0x0c, 0xba, 0x08, 0x71, 0xbc, 0x8d, 0x98, 0x43, 0x12, 0x63, 0x8d, 0x5e, + 0x1f, 0x49, 0xb9, 0x5f, 0x0d, 0x55, 0x1a, 0x90, 0x63, 0x4c, 0xd8, 0xe8, + 0x0b, 0x9f, 0x3d, 0x10, 0xb4, 0xf9, 0x1b, 0x44, 0x3f, 0x43, 0xad, 0x35, + 0x42, 0x3d, 0x3d, 0x21, 0x8e, 0xa8, 0x08, 0x28, 0x47, 0x19, 0x14, 0x28, + 0x1c, 0x95, 0xb7, 0x5d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, + 0x00, 0x17, 0xd3, 0x1d, 0x45, 0xcd, 0x2b, 0xa7, 0x6a, 0xde, 0x07, 0x31, + 0x97, 0xee, 0xca, 0x22, 0x6b, 0x0a, 0x05, 0xf7, 0xf7, 0x63, 0xad, 0x59, + 0x60, 0x50, 0x36, 0x6b, 0xab, 0x2e, 0x1e, 0x48, 0xfb, 0x2c, 0xa4, 0x98, + 0x82, 0xd8, 0xf1, 0x6f, 0xb6, 0x43, 0xdc, 0xb2, 0x80, 0x7b, 0xa5, 0x9b, + 0x72, 0x25, 0x52, 0x86, 0x8f, 0x83, 0x04, 0x8f, 0x0d, 0x48, 0x40, 0xd2, + 0x81, 0x04, 0xf6, 0x9b, 0x42, 0xee, 0x21, 0x50, 0x62, 0x02, 0x49, 0x3b, + 0x66, 0x2e, 0xe4, 0xe4, 0x56, 0xee, 0x8f, 0xb5, 0x18, 0x1c, 0x0e, 0xb4, + 0x1e, 0x9f, 0x8f, 0x4c, 0x70, 0x6e, 0xbb, 0x95, 0xa9, 0xc7, 0xf1, 0x8d, + 0xda, 0x3a, 0xe7, 0x1f, 0xaf, 0xc8, 0x80, 0x53, 0xe4, 0xbb, 0x39, 0x97, + 0xdd, 0xbf, 0x2f, 0x2c, 0x56, 0xab, 0x86, 0x90, 0x2b, 0xdd, 0xd4, 0x4e, + 0xd4, 0xd5, 0x3d, 0x17, 0xca, 0x8a, 0x5f, 0xb2, 0x41, 0xa1, 0xc6, 0x52, + 0x80, 0xe5, 0xf0, 0x7a, 0xda, 0x35, 0xa5, 0x36, 0xb9, 0x61, 0x15, 0x60, + 0x39, 0x2f, 0x04, 0x1f, 0x6e, 0xee, 0x99, 0xee, 0xa5, 0x21, 0xcc, 0x4f, + 0xa3, 0x4e, 0x06, 0xc5, 0xbc, 0xa5, 0x34, 0xd6, 0x10, 0x57, 0x36, 0x85, + 0xf7, 0x0a, 0x34, 0xfb, 0xa5, 0x6b, 0x71, 0x9c, 0x4a, 0x43, 0x4a, 0xd0, + 0xcb, 0xb4, 0x9a, 0xac, 0x4f, 0x9a, 0x29, 0xe8, 0x68, 0x15, 0x00, 0xe4, + 0x6c, 0x34, 0xc3, 0x73, 0x7e, 0xb5, 0x16, 0x2a, 0x17, 0x37, 0xc0, 0xb6, + 0xaf, 0x81, 0xb4, 0x73, 0xf2, 0xd3, 0x9f, 0xaa, 0x40, 0x73, 0x28, 0x0d, + 0xfd, 0xb4, 0x67, 0x6e, 0x82, 0xa8, 0x13, 0x34, 0xc0, 0x54, 0x88, 0xaf, + 0x85, 0x6f, 0xd8, 0x33, 0x84, 0x82, 0xb5, 0xd0, 0x5f, 0x7f, 0x21, 0xca, + 0x6d, 0x86, 0x74, 0xb3, 0x89, 0x81, 0x19, 0x45, 0x47, 0x38, 0x41, 0x53, + 0x47, 0x86, 0xc6, 0xcd, 0x9d, 0x02, 0x81, 0x81, 0x00, 0xfd, 0x90, 0x23, + 0xf9, 0xba, 0xc5, 0x69, 0x7d, 0x11, 0xed, 0x69, 0x57, 0x73, 0x1d, 0x06, + 0xe8, 0x1b, 0x37, 0x00, 0x69, 0x95, 0xc5, 0x63, 0x86, 0x3f, 0xda, 0xb4, + 0x11, 0xad, 0x69, 0x55, 0xf4, 0x76, 0x3c, 0xa0, 0x95, 0x65, 0x60, 0x29, + 0xb9, 0x69, 0x79, 0xca, 0x74, 0x50, 0xe3, 0x98, 0xc7, 0x90, 0xd7, 0xb8, + 0xd4, 0xc5, 0x51, 0x10, 0xa3, 0x10, 0x72, 0xf3, 0xdc, 0x91, 0xb4, 0xee, + 0xdd, 0x9a, 0x57, 0xf1, 0x1b, 0x0e, 0xba, 0x0f, 0x67, 0x1a, 0x94, 0x86, + 0x36, 0x69, 0x20, 0xd5, 0x6b, 0x80, 0x50, 0x7d, 0x20, 0x53, 0xeb, 0xed, + 0x8a, 0xc5, 0xbc, 0xcb, 0x13, 0xb9, 0x0d, 0x49, 0x22, 0x7c, 0xeb, 0xa6, + 0x97, 0x5a, 0x5b, 0x92, 0x3a, 0x3d, 0x93, 0x5b, 0x86, 0x2c, 0x75, 0x0b, + 0xfa, 0x68, 0xa6, 0xc1, 0x68, 0x07, 0x37, 0x01, 0x9b, 0xd1, 0x51, 0xfe, + 0xc0, 0x4c, 0x2d, 0x15, 0x9f, 0x02, 0x81, 0x81, 0x00, 0xf4, 0xbe, 0xc1, + 0x32, 0xad, 0xca, 0x28, 0x37, 0x7c, 0x17, 0x99, 0xde, 0x64, 0x9b, 0xc1, + 0xf8, 0x23, 0x6a, 0xde, 0xd8, 0x01, 0x59, 0x09, 0x10, 0x67, 0xb8, 0x27, + 0xc5, 0xe6, 0xee, 0xf8, 0x16, 0x7c, 0x46, 0xa0, 0x0b, 0x00, 0xf9, 0xff, + 0x72, 0x4b, 0xde, 0x65, 0x65, 0xb6, 0xaa, 0x44, 0x1a, 0xbc, 0xdf, 0x13, + 0x15, 0x08, 0x80, 0xa5, 0xb4, 0xdd, 0xcd, 0xe0, 0x34, 0x4a, 0x85, 0x31, + 0x82, 0x17, 0x57, 0x5a, 0xea, 0x21, 0x38, 0x26, 0xdf, 0x48, 0x59, 0x1d, + 0x58, 0x5b, 0x9f, 0x04, 0x12, 0xee, 0x5b, 0xa2, 0xa9, 0xb3, 0xfe, 0x83, + 0xa7, 0xda, 0x47, 0xc6, 0xfb, 0x89, 0x77, 0x1f, 0x3a, 0xbc, 0x7c, 0xc7, + 0x13, 0xc9, 0xb8, 0xdc, 0xb0, 0x9e, 0xa7, 0x2a, 0xa5, 0x2c, 0x3b, 0x96, + 0xe2, 0x2e, 0xc0, 0xcf, 0xfa, 0x0c, 0xe0, 0x2d, 0xad, 0xaa, 0x7f, 0x85, + 0x4b, 0x6f, 0x04, 0xf9, 0x83, 0x02, 0x81, 0x81, 0x00, 0xca, 0x8f, 0xd2, + 0xdd, 0x96, 0xc2, 0x4c, 0x52, 0x58, 0xf7, 0x03, 0x77, 0x94, 0x03, 0x75, + 0x58, 0x09, 0x1d, 0xb8, 0x5b, 0xa1, 0x05, 0x4e, 0x4b, 0x9a, 0x49, 0x5a, + 0x1e, 0xe1, 0x1c, 0xcc, 0x48, 0xfe, 0x07, 0xd2, 0xf5, 0x66, 0x46, 0x1b, + 0x2e, 0xfe, 0xbf, 0x07, 0xe8, 0x42, 0x12, 0x80, 0x23, 0xb5, 0x67, 0x50, + 0x45, 0xd1, 0xd7, 0xbf, 0xe5, 0xb4, 0xa7, 0x50, 0x7f, 0x3d, 0x7b, 0x80, + 0x73, 0x51, 0xf0, 0xbd, 0x31, 0x33, 0x63, 0x9a, 0x18, 0x70, 0xd8, 0x84, + 0x1b, 0x85, 0x82, 0x70, 0x5c, 0x6f, 0xe6, 0x5c, 0xff, 0x6d, 0x6b, 0x85, + 0x99, 0x9d, 0xfc, 0x03, 0x73, 0x9f, 0x1a, 0xa8, 0xf9, 0x3f, 0x38, 0x76, + 0x1e, 0x65, 0x55, 0xd0, 0x0c, 0x6c, 0xd2, 0x82, 0x84, 0x3e, 0x91, 0xc6, + 0xde, 0xe5, 0xa9, 0x89, 0xca, 0x54, 0x31, 0x32, 0x3c, 0xcb, 0x4c, 0xa8, + 0xa9, 0xf0, 0x70, 0xf7, 0xdb, 0x02, 0x81, 0x80, 0x62, 0x16, 0xd9, 0xa3, + 0x90, 0x17, 0x87, 0x8a, 0xc5, 0x47, 0x48, 0x39, 0xe3, 0xa4, 0xb1, 0x56, + 0xdc, 0x0b, 0x07, 0x09, 0x17, 0x71, 0x31, 0xba, 0xcb, 0x76, 0xf9, 0x29, + 0xcd, 0xe6, 0x54, 0xb3, 0xde, 0x57, 0x07, 0xe9, 0xa1, 0x18, 0x91, 0x12, + 0xa3, 0xe9, 0x9c, 0x45, 0xe9, 0xb1, 0xcf, 0xdd, 0xcf, 0x78, 0xb0, 0x53, + 0x2b, 0xb7, 0x33, 0xb2, 0x8b, 0x7a, 0xe9, 0xb2, 0xcb, 0x73, 0x1a, 0x66, + 0x83, 0x28, 0x55, 0x9d, 0xa4, 0x76, 0xb6, 0xcd, 0xa2, 0x57, 0x64, 0xf5, + 0x76, 0xb3, 0x02, 0x94, 0xfb, 0xc6, 0xea, 0x28, 0x8d, 0xa5, 0x21, 0xea, + 0xf2, 0x06, 0xf6, 0x6e, 0xf5, 0xa7, 0x32, 0x72, 0xfd, 0xfc, 0x1c, 0x65, + 0x87, 0xe1, 0x79, 0x41, 0xa8, 0x34, 0x63, 0x59, 0x13, 0xa3, 0x46, 0x53, + 0x9c, 0x5d, 0x56, 0x7d, 0x67, 0x0f, 0xa9, 0xff, 0x02, 0x68, 0x5d, 0x69, + 0xe0, 0x32, 0xe4, 0x35, 0x02, 0x81, 0x80, 0x55, 0xf8, 0x25, 0x84, 0x94, + 0xad, 0x50, 0xab, 0x49, 0x38, 0x30, 0xaf, 0xde, 0x53, 0xdc, 0x27, 0x08, + 0x25, 0x27, 0x5a, 0xd2, 0xe5, 0x21, 0x50, 0xde, 0x6d, 0x6b, 0xc7, 0x17, + 0xae, 0x21, 0xb6, 0xcb, 0xe9, 0x24, 0x7c, 0x76, 0x32, 0xe3, 0xcb, 0xba, + 0xee, 0x61, 0xd2, 0x79, 0xf2, 0x88, 0x12, 0x1c, 0x9f, 0x29, 0xb3, 0x6a, + 0x73, 0x16, 0xfc, 0x35, 0xcf, 0xe7, 0x68, 0xec, 0x47, 0xf7, 0xfb, 0x2d, + 0x18, 0xff, 0xa8, 0xbf, 0xe1, 0xe8, 0x64, 0xa0, 0x98, 0x4a, 0x70, 0x07, + 0x5d, 0xb1, 0x8e, 0x6e, 0x15, 0x4e, 0x0d, 0x28, 0x61, 0xb1, 0x37, 0x21, + 0xcb, 0xba, 0x1d, 0x1b, 0xff, 0x06, 0x9f, 0xbe, 0xbc, 0xa9, 0x93, 0x77, + 0x07, 0xc1, 0xc0, 0x1a, 0x4b, 0x13, 0xee, 0xa3, 0xdb, 0x7e, 0x99, 0x94, + 0xcc, 0x5b, 0x88, 0xfb, 0xb9, 0x77, 0x3c, 0x81, 0x80, 0x5d, 0xef, 0x3e, + 0xf8, 0x6e, 0xfa +}; +unsigned int rsa2048_der_len = 1191; + +unsigned char rsa2048_pub_der[] = { + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf2, 0x6a, 0x52, + 0xa0, 0x96, 0xc5, 0xb7, 0x86, 0x6f, 0xc4, 0x35, 0x39, 0x5e, 0x28, 0xd3, + 0xa6, 0xab, 0x80, 0x6a, 0xbb, 0x07, 0x10, 0x74, 0xea, 0xe0, 0xfc, 0xef, + 0x54, 0xb0, 0x5e, 0x66, 0x34, 0x21, 0x89, 0x35, 0x09, 0xb7, 0x46, 0xf8, + 0xb6, 0xf8, 0x86, 0xc0, 0x55, 0xc6, 0xc5, 0x2e, 0x36, 0xcc, 0xb7, 0x24, + 0x5e, 0x56, 0xba, 0x2b, 0x8d, 0xfb, 0x8d, 0x7b, 0xe1, 0x4b, 0x9e, 0xdf, + 0x08, 0x5c, 0xb2, 0x28, 0xc0, 0x79, 0x45, 0xd1, 0xf3, 0x9c, 0x70, 0xd8, + 0xaf, 0x50, 0x1c, 0xc3, 0x10, 0x24, 0x84, 0xc1, 0xb1, 0x36, 0x3f, 0xd4, + 0xbf, 0x10, 0x18, 0xf9, 0xd0, 0x72, 0xea, 0xce, 0xbf, 0x34, 0x8e, 0xb5, + 0x97, 0xcb, 0x8a, 0x5e, 0x8e, 0x7d, 0xed, 0x1f, 0xe3, 0xa9, 0xde, 0x5b, + 0x3f, 0xc9, 0x33, 0x4c, 0x9b, 0x3e, 0xd8, 0x29, 0x61, 0x6b, 0x30, 0xba, + 0xa1, 0x36, 0xbd, 0x22, 0x33, 0xa1, 0x25, 0x73, 0xab, 0x5f, 0x6f, 0x35, + 0x48, 0xf1, 0xad, 0x96, 0x5f, 0x0d, 0x0c, 0xe5, 0xe9, 0x8d, 0xf9, 0xed, + 0x0c, 0xcf, 0x50, 0x3c, 0x24, 0x34, 0x9b, 0x9e, 0xbc, 0xf9, 0xfa, 0x19, + 0x51, 0x37, 0x03, 0x5c, 0xd0, 0x25, 0x1f, 0xe6, 0xb2, 0xf7, 0xff, 0x96, + 0xb0, 0x61, 0x42, 0xbb, 0xc5, 0x64, 0x5f, 0x3d, 0xaf, 0x6f, 0x14, 0xcc, + 0x92, 0x74, 0x6a, 0x06, 0xfa, 0xb2, 0xd9, 0xe1, 0x4d, 0x42, 0x76, 0xab, + 0x88, 0xe3, 0x08, 0xa2, 0xad, 0x00, 0xb6, 0xf7, 0x78, 0x0c, 0xba, 0x08, + 0x71, 0xbc, 0x8d, 0x98, 0x43, 0x12, 0x63, 0x8d, 0x5e, 0x1f, 0x49, 0xb9, + 0x5f, 0x0d, 0x55, 0x1a, 0x90, 0x63, 0x4c, 0xd8, 0xe8, 0x0b, 0x9f, 0x3d, + 0x10, 0xb4, 0xf9, 0x1b, 0x44, 0x3f, 0x43, 0xad, 0x35, 0x42, 0x3d, 0x3d, + 0x21, 0x8e, 0xa8, 0x08, 0x28, 0x47, 0x19, 0x14, 0x28, 0x1c, 0x95, 0xb7, + 0x5d, 0x02, 0x03, 0x01, 0x00, 0x01 +}; +unsigned int rsa2048_pub_der_len = 294; + +unsigned char rsa1024_cert_der[] = { + 0x30, 0x82, 0x02, 0xb4, 0x30, 0x82, 0x02, 0x1d, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x09, 0x00, 0xc4, 0x52, 0xc1, 0x4a, 0x9e, 0x74, 0xe8, 0xa8, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x05, 0x05, 0x00, 0x30, 0x73, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x08, 0x4d, 0x61, 0x72, 0x79, 0x6c, 0x61, 0x6e, + 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08, + 0x43, 0x6f, 0x6c, 0x75, 0x6d, 0x62, 0x69, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x43, 0x6f, 0x6d, 0x63, 0x61, + 0x73, 0x74, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x31, 0x1b, 0x30, 0x19, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, + 0x2e, 0x63, 0x6f, 0x6d, 0x63, 0x61, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x36, 0x32, 0x33, 0x30, 0x33, + 0x30, 0x35, 0x31, 0x36, 0x5a, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x37, 0x32, + 0x33, 0x30, 0x33, 0x30, 0x35, 0x31, 0x36, 0x5a, 0x30, 0x73, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x08, 0x4d, 0x61, + 0x72, 0x79, 0x6c, 0x61, 0x6e, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x08, 0x43, 0x6f, 0x6c, 0x75, 0x6d, 0x62, 0x69, + 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, + 0x43, 0x6f, 0x6d, 0x63, 0x61, 0x73, 0x74, 0x31, 0x0f, 0x30, 0x0d, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, + 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x63, + 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x2e, 0x63, 0x6f, 0x6d, 0x63, 0x61, 0x73, + 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc4, 0x32, + 0x70, 0x15, 0xb3, 0x53, 0xd5, 0xaf, 0x26, 0xc2, 0xcd, 0x6e, 0x87, 0x9f, + 0x13, 0x10, 0x9e, 0x3d, 0x8d, 0x6c, 0xb4, 0x1e, 0xc8, 0xbb, 0xf1, 0xbf, + 0x7a, 0xc0, 0xce, 0xbf, 0x5c, 0x00, 0x1f, 0x83, 0xd8, 0xe3, 0xf7, 0xe8, + 0xa3, 0x79, 0x61, 0xd4, 0x3a, 0xae, 0x49, 0x6d, 0x38, 0x1d, 0x12, 0x74, + 0xba, 0x9c, 0xb4, 0x38, 0x61, 0x6b, 0x44, 0x1d, 0xac, 0xf7, 0xa7, 0x7d, + 0x8a, 0x80, 0x9f, 0x56, 0x67, 0xb2, 0xe5, 0x45, 0xbc, 0x0d, 0xde, 0xde, + 0x63, 0x06, 0x13, 0x4d, 0x06, 0x2e, 0xe2, 0xf9, 0xfa, 0xe4, 0x3b, 0xa6, + 0xa0, 0x49, 0xbb, 0x11, 0x23, 0xf8, 0x68, 0x85, 0x3c, 0x1b, 0x92, 0xe1, + 0x6c, 0x42, 0x37, 0xe3, 0x1b, 0x7c, 0x7a, 0x25, 0x91, 0x30, 0xd5, 0xa5, + 0xf3, 0xbb, 0x91, 0x23, 0xdf, 0x23, 0x94, 0xb8, 0xf2, 0x61, 0x4f, 0xba, + 0x73, 0xd1, 0x4b, 0x2b, 0x89, 0x8f, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, + 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0x76, 0x63, 0x9b, 0x06, 0xa5, 0x12, 0x26, 0xa5, 0x89, 0xc6, + 0x6c, 0x57, 0x5b, 0x4a, 0x3e, 0x47, 0xb0, 0xa4, 0x0b, 0x1a, 0x30, 0x1f, + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x76, + 0x63, 0x9b, 0x06, 0xa5, 0x12, 0x26, 0xa5, 0x89, 0xc6, 0x6c, 0x57, 0x5b, + 0x4a, 0x3e, 0x47, 0xb0, 0xa4, 0x0b, 0x1a, 0x30, 0x0c, 0x06, 0x03, 0x55, + 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, + 0x03, 0x81, 0x81, 0x00, 0x33, 0xbe, 0xfe, 0x79, 0xdb, 0x9b, 0xc2, 0x09, + 0xb8, 0x9c, 0x51, 0x6a, 0x2b, 0x5f, 0xe5, 0xc6, 0xc6, 0xd2, 0x72, 0x5d, + 0x56, 0x24, 0xa1, 0xa5, 0xac, 0x28, 0xbc, 0xba, 0x60, 0xb9, 0xd6, 0x30, + 0x39, 0x4e, 0x89, 0xc9, 0x41, 0x89, 0x37, 0xf0, 0xeb, 0xee, 0x09, 0x31, + 0xb0, 0x34, 0xed, 0xf6, 0x8f, 0x70, 0xd3, 0x65, 0x81, 0x18, 0x1c, 0xbe, + 0xd0, 0x08, 0x94, 0x1d, 0x80, 0x92, 0x72, 0x8f, 0x16, 0xa4, 0xac, 0xf4, + 0x7d, 0x1e, 0xe1, 0x8b, 0xe7, 0x79, 0x26, 0x4b, 0xc8, 0x17, 0x3e, 0x19, + 0xf5, 0x50, 0x07, 0xd0, 0x85, 0xb6, 0xeb, 0x56, 0xff, 0xdb, 0xe2, 0x28, + 0x42, 0x58, 0x52, 0xf3, 0xef, 0x6a, 0xf8, 0x86, 0xae, 0x9e, 0xa2, 0x7c, + 0xa2, 0xb7, 0x87, 0x90, 0x1b, 0x48, 0xdc, 0x7d, 0x2a, 0xf2, 0x0c, 0x55, + 0xf3, 0x34, 0x79, 0xb3, 0x87, 0x67, 0x18, 0x29, 0xc8, 0x3a, 0xc9, 0xe3 +}; +unsigned int rsa1024_cert_der_len = 696; + +unsigned char rsa2048_cert_der[] = { + 0x30, 0x82, 0x03, 0xb9, 0x30, 0x82, 0x02, 0xa1, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x09, 0x00, 0xee, 0x91, 0x7a, 0x08, 0x9a, 0x55, 0x9f, 0x5f, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x05, 0x05, 0x00, 0x30, 0x73, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x08, 0x4d, 0x61, 0x72, 0x79, 0x6c, 0x61, 0x6e, + 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08, + 0x43, 0x6f, 0x6c, 0x75, 0x6d, 0x62, 0x69, 0x61, 0x31, 0x0f, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x65, + 0x63, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, + 0x43, 0x6f, 0x6d, 0x63, 0x61, 0x73, 0x74, 0x31, 0x1b, 0x30, 0x19, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, + 0x2e, 0x63, 0x6f, 0x6d, 0x63, 0x61, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x36, 0x32, 0x33, 0x30, 0x33, + 0x30, 0x36, 0x30, 0x37, 0x5a, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x37, 0x32, + 0x33, 0x30, 0x33, 0x30, 0x36, 0x30, 0x37, 0x5a, 0x30, 0x73, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x08, 0x4d, 0x61, + 0x72, 0x79, 0x6c, 0x61, 0x6e, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x08, 0x43, 0x6f, 0x6c, 0x75, 0x6d, 0x62, 0x69, + 0x61, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, + 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x43, 0x6f, 0x6d, 0x63, 0x61, 0x73, 0x74, + 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x63, + 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x2e, 0x63, 0x6f, 0x6d, 0x63, 0x61, 0x73, + 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xf2, 0x6a, 0x52, 0xa0, 0x96, 0xc5, 0xb7, 0x86, 0x6f, 0xc4, + 0x35, 0x39, 0x5e, 0x28, 0xd3, 0xa6, 0xab, 0x80, 0x6a, 0xbb, 0x07, 0x10, + 0x74, 0xea, 0xe0, 0xfc, 0xef, 0x54, 0xb0, 0x5e, 0x66, 0x34, 0x21, 0x89, + 0x35, 0x09, 0xb7, 0x46, 0xf8, 0xb6, 0xf8, 0x86, 0xc0, 0x55, 0xc6, 0xc5, + 0x2e, 0x36, 0xcc, 0xb7, 0x24, 0x5e, 0x56, 0xba, 0x2b, 0x8d, 0xfb, 0x8d, + 0x7b, 0xe1, 0x4b, 0x9e, 0xdf, 0x08, 0x5c, 0xb2, 0x28, 0xc0, 0x79, 0x45, + 0xd1, 0xf3, 0x9c, 0x70, 0xd8, 0xaf, 0x50, 0x1c, 0xc3, 0x10, 0x24, 0x84, + 0xc1, 0xb1, 0x36, 0x3f, 0xd4, 0xbf, 0x10, 0x18, 0xf9, 0xd0, 0x72, 0xea, + 0xce, 0xbf, 0x34, 0x8e, 0xb5, 0x97, 0xcb, 0x8a, 0x5e, 0x8e, 0x7d, 0xed, + 0x1f, 0xe3, 0xa9, 0xde, 0x5b, 0x3f, 0xc9, 0x33, 0x4c, 0x9b, 0x3e, 0xd8, + 0x29, 0x61, 0x6b, 0x30, 0xba, 0xa1, 0x36, 0xbd, 0x22, 0x33, 0xa1, 0x25, + 0x73, 0xab, 0x5f, 0x6f, 0x35, 0x48, 0xf1, 0xad, 0x96, 0x5f, 0x0d, 0x0c, + 0xe5, 0xe9, 0x8d, 0xf9, 0xed, 0x0c, 0xcf, 0x50, 0x3c, 0x24, 0x34, 0x9b, + 0x9e, 0xbc, 0xf9, 0xfa, 0x19, 0x51, 0x37, 0x03, 0x5c, 0xd0, 0x25, 0x1f, + 0xe6, 0xb2, 0xf7, 0xff, 0x96, 0xb0, 0x61, 0x42, 0xbb, 0xc5, 0x64, 0x5f, + 0x3d, 0xaf, 0x6f, 0x14, 0xcc, 0x92, 0x74, 0x6a, 0x06, 0xfa, 0xb2, 0xd9, + 0xe1, 0x4d, 0x42, 0x76, 0xab, 0x88, 0xe3, 0x08, 0xa2, 0xad, 0x00, 0xb6, + 0xf7, 0x78, 0x0c, 0xba, 0x08, 0x71, 0xbc, 0x8d, 0x98, 0x43, 0x12, 0x63, + 0x8d, 0x5e, 0x1f, 0x49, 0xb9, 0x5f, 0x0d, 0x55, 0x1a, 0x90, 0x63, 0x4c, + 0xd8, 0xe8, 0x0b, 0x9f, 0x3d, 0x10, 0xb4, 0xf9, 0x1b, 0x44, 0x3f, 0x43, + 0xad, 0x35, 0x42, 0x3d, 0x3d, 0x21, 0x8e, 0xa8, 0x08, 0x28, 0x47, 0x19, + 0x14, 0x28, 0x1c, 0x95, 0xb7, 0x5d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, + 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0xf0, 0xe1, 0x4e, 0x26, 0x9b, 0xa4, 0xc8, 0x7c, 0x24, 0x2d, + 0xa2, 0xdc, 0x5e, 0x3e, 0xb8, 0x64, 0xb0, 0xb7, 0x3e, 0x96, 0x30, 0x1f, + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xf0, + 0xe1, 0x4e, 0x26, 0x9b, 0xa4, 0xc8, 0x7c, 0x24, 0x2d, 0xa2, 0xdc, 0x5e, + 0x3e, 0xb8, 0x64, 0xb0, 0xb7, 0x3e, 0x96, 0x30, 0x0c, 0x06, 0x03, 0x55, + 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x68, 0x60, 0x3a, 0x9a, 0xcf, 0x75, 0x6c, + 0x09, 0xab, 0x9a, 0x4a, 0x0d, 0x9b, 0xe4, 0x7f, 0xdc, 0x7a, 0xa9, 0xfa, + 0x06, 0xb4, 0xc4, 0xca, 0xcf, 0xa0, 0x38, 0x7f, 0xdf, 0xc2, 0x4d, 0x4a, + 0x94, 0x82, 0x33, 0x83, 0x9a, 0x7b, 0x9b, 0x84, 0xf7, 0xfd, 0xb3, 0x93, + 0x22, 0xd0, 0xb2, 0x73, 0xa8, 0x54, 0x45, 0xb0, 0x05, 0xac, 0x1a, 0xff, + 0x60, 0x03, 0x54, 0xa7, 0x0d, 0xcb, 0x8d, 0xeb, 0x62, 0x59, 0xcb, 0x8b, + 0xfa, 0x7f, 0x8d, 0xd8, 0xa4, 0x64, 0x3a, 0x3e, 0xdc, 0x5d, 0xb9, 0xc0, + 0x27, 0x50, 0xd0, 0x54, 0x62, 0x1e, 0xe7, 0x7f, 0x66, 0xa8, 0xdf, 0xbc, + 0x6a, 0x17, 0xf1, 0xcd, 0x45, 0x76, 0x34, 0xc3, 0x6c, 0x6f, 0xac, 0x85, + 0x50, 0xdc, 0xd4, 0xf0, 0xdd, 0x85, 0xfa, 0x75, 0x23, 0x45, 0x12, 0x90, + 0x0d, 0xf2, 0xc9, 0x43, 0x83, 0x4c, 0x97, 0xfd, 0x76, 0x64, 0xa8, 0x80, + 0x15, 0x45, 0x4a, 0xa4, 0x36, 0xc7, 0xa5, 0x12, 0x09, 0x4d, 0xc1, 0xdb, + 0xc0, 0xbe, 0x58, 0x9b, 0x16, 0xe6, 0x6f, 0x63, 0xed, 0x5c, 0x62, 0xd6, + 0x23, 0xb0, 0x26, 0x46, 0xb1, 0x98, 0x5c, 0x94, 0x72, 0x86, 0x2f, 0x26, + 0xa1, 0x91, 0x68, 0x4a, 0x5c, 0x01, 0x8b, 0x44, 0x00, 0xea, 0xa4, 0x61, + 0x85, 0x4b, 0xd4, 0xc3, 0x50, 0x16, 0x97, 0xa4, 0x6f, 0x56, 0x2f, 0x2a, + 0xf0, 0x6e, 0x3f, 0x35, 0x6e, 0xe5, 0x27, 0x3c, 0x76, 0xa9, 0x91, 0x6b, + 0x1f, 0x1e, 0x73, 0x82, 0x61, 0xcc, 0x06, 0x2d, 0xae, 0x12, 0x49, 0x66, + 0xa6, 0x86, 0x39, 0x65, 0x00, 0x77, 0x22, 0x92, 0x64, 0x9c, 0x12, 0x30, + 0x24, 0x75, 0x8b, 0xd7, 0x02, 0x7a, 0x5b, 0xbe, 0x15, 0xda, 0x0e, 0xac, + 0x9c, 0xfe, 0xb1, 0xc8, 0x6c, 0x25, 0xf8, 0xea, 0x0a, 0x69, 0x64, 0xb7, + 0x5e, 0x60, 0x65, 0xba, 0x02, 0xe4, 0xf5, 0x66, 0x07 +}; +unsigned int rsa2048_cert_der_len = 957; + +unsigned char ecc_der[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x4d, 0xef, 0x8c, 0x19, 0x60, + 0xf5, 0xd6, 0x78, 0x18, 0x84, 0x4d, 0xe6, 0xe3, 0x2f, 0x19, 0x4f, 0xcd, + 0x10, 0xc5, 0xfd, 0x55, 0x54, 0xc1, 0x7e, 0x95, 0x4e, 0xbc, 0xe1, 0xba, + 0xba, 0x56, 0xc6, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x7f, 0xd8, 0x8a, + 0x21, 0x09, 0x41, 0xb2, 0x02, 0x5b, 0x1d, 0xb0, 0x2e, 0xa5, 0x04, 0x6e, + 0xae, 0xae, 0x21, 0xd8, 0x02, 0x8e, 0xaa, 0x3b, 0x68, 0x03, 0x6e, 0x25, + 0xd6, 0x2c, 0x08, 0xff, 0xa6, 0x13, 0x5a, 0x8c, 0x14, 0xe0, 0x93, 0x66, + 0xa2, 0x25, 0x46, 0x75, 0x8f, 0xd6, 0x87, 0x79, 0xb4, 0xc2, 0x62, 0x7e, + 0xa8, 0xed, 0x45, 0xb1, 0xe5, 0x91, 0xb6, 0x2b, 0xd4, 0x2a, 0xbb, 0x2d, + 0x94 +}; +unsigned int ecc_der_len = 121; + +unsigned char ecc_pub_der[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0x7f, 0xd8, 0x8a, 0x21, 0x09, 0x41, 0xb2, 0x02, 0x5b, + 0x1d, 0xb0, 0x2e, 0xa5, 0x04, 0x6e, 0xae, 0xae, 0x21, 0xd8, 0x02, 0x8e, + 0xaa, 0x3b, 0x68, 0x03, 0x6e, 0x25, 0xd6, 0x2c, 0x08, 0xff, 0xa6, 0x13, + 0x5a, 0x8c, 0x14, 0xe0, 0x93, 0x66, 0xa2, 0x25, 0x46, 0x75, 0x8f, 0xd6, + 0x87, 0x79, 0xb4, 0xc2, 0x62, 0x7e, 0xa8, 0xed, 0x45, 0xb1, 0xe5, 0x91, + 0xb6, 0x2b, 0xd4, 0x2a, 0xbb, 0x2d, 0x94 +}; +unsigned int ecc_pub_der_len = 91; + + + +unsigned char ecc_cert_der[] = { + 0x30, 0x82, 0x01, 0x7a, 0x30, 0x82, 0x01, 0x20, 0x02, 0x09, 0x00, 0xa6, + 0x4e, 0x60, 0x8c, 0xa5, 0xe7, 0x04, 0x98, 0x30, 0x0a, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x45, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, + 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, + 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, + 0x31, 0x30, 0x30, 0x39, 0x31, 0x38, 0x31, 0x35, 0x33, 0x31, 0x5a, 0x17, + 0x0d, 0x31, 0x38, 0x31, 0x31, 0x30, 0x38, 0x31, 0x38, 0x31, 0x35, 0x33, + 0x31, 0x5a, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, + 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, + 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, + 0x64, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + 0x03, 0x42, 0x00, 0x04, 0x7f, 0xd8, 0x8a, 0x21, 0x09, 0x41, 0xb2, 0x02, + 0x5b, 0x1d, 0xb0, 0x2e, 0xa5, 0x04, 0x6e, 0xae, 0xae, 0x21, 0xd8, 0x02, + 0x8e, 0xaa, 0x3b, 0x68, 0x03, 0x6e, 0x25, 0xd6, 0x2c, 0x08, 0xff, 0xa6, + 0x13, 0x5a, 0x8c, 0x14, 0xe0, 0x93, 0x66, 0xa2, 0x25, 0x46, 0x75, 0x8f, + 0xd6, 0x87, 0x79, 0xb4, 0xc2, 0x62, 0x7e, 0xa8, 0xed, 0x45, 0xb1, 0xe5, + 0x91, 0xb6, 0x2b, 0xd4, 0x2a, 0xbb, 0x2d, 0x94, 0x30, 0x0a, 0x06, 0x08, + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, + 0x45, 0x02, 0x21, 0x00, 0xad, 0xfc, 0x19, 0xb8, 0xc3, 0x87, 0x8d, 0x52, + 0x3a, 0xf5, 0x83, 0xc6, 0x58, 0xc5, 0x86, 0x3b, 0xd5, 0xce, 0x74, 0x85, + 0x66, 0xd5, 0xbc, 0xfe, 0x5f, 0xd1, 0x75, 0xe3, 0x42, 0xe1, 0x5a, 0x00, + 0x02, 0x20, 0x7c, 0x9c, 0xb8, 0x45, 0x9e, 0xe7, 0x3a, 0x52, 0x9b, 0x2c, + 0x92, 0xf3, 0x1b, 0x93, 0x65, 0x47, 0xb3, 0xf1, 0x1b, 0xf4, 0xf6, 0x50, + 0xd2, 0xf4, 0xcb, 0x25, 0x38, 0x21, 0xcb, 0x43, 0xae, 0x7a +}; +unsigned int ecc_cert_der_len = 382; + +struct TestKeyData { + Sec_KeyType type; + Sec_KeyContainer kc; + SEC_BYTE *buffer; + SEC_SIZE buffer_len; +}; + +static TestKeyData g_keyData[TESTKEY_NUM] = { + { SEC_KEYTYPE_AES_128, SEC_KEYCONTAINER_RAW_AES_128, sym128_a_bin, sym128_a_bin_len }, //TESTKEY_AES128_A + { SEC_KEYTYPE_AES_256, SEC_KEYCONTAINER_RAW_AES_256, sym256_a_bin, sym256_a_bin_len }, //TESTKEY_AES256_A + { SEC_KEYTYPE_HMAC_128, SEC_KEYCONTAINER_RAW_HMAC_128, sym128_a_bin, sym128_a_bin_len }, //TESTKEY_HMAC128_A + { SEC_KEYTYPE_HMAC_160, SEC_KEYCONTAINER_RAW_HMAC_160, sym160_a_bin, sym160_a_bin_len }, //TESTKEY_HMAC160_A + { SEC_KEYTYPE_HMAC_256, SEC_KEYCONTAINER_RAW_HMAC_256, sym256_a_bin, sym256_a_bin_len }, //TESTKEY_HMAC256_A + { SEC_KEYTYPE_RSA_1024, SEC_KEYCONTAINER_DER_RSA_1024, rsa1024_der, rsa1024_der_len }, //TESTKEY_RSA1024_SGN_PRIV + { SEC_KEYTYPE_RSA_1024_PUBLIC, SEC_KEYCONTAINER_DER_RSA_1024_PUBLIC, rsa1024_pub_der, rsa1024_pub_der_len }, //TESTKEY_RSA1024_SGN_PUB + { SEC_KEYTYPE_RSA_1024, SEC_KEYCONTAINER_DER_RSA_1024, rsa1024_der, rsa1024_der_len }, //TESTKEY_RSA1024_ENC_PRIV + { SEC_KEYTYPE_RSA_1024_PUBLIC, SEC_KEYCONTAINER_DER_RSA_1024_PUBLIC, rsa1024_pub_der, rsa1024_pub_der_len }, //TESTKEY_RSA1024_ENC_PUB + { SEC_KEYTYPE_RSA_1024, SEC_KEYCONTAINER_DER_RSA_1024, rsa1024_der, rsa1024_der_len }, //TESTKEY_RSA1024_KEK_PRIV + { SEC_KEYTYPE_RSA_1024_PUBLIC, SEC_KEYCONTAINER_DER_RSA_1024_PUBLIC, rsa1024_pub_der, rsa1024_pub_der_len }, //TESTKEY_RSA1024_KEK_PUB + { SEC_KEYTYPE_RSA_2048, SEC_KEYCONTAINER_DER_RSA_2048, rsa2048_der, rsa2048_der_len }, //TESTKEY_RSA2048_SGN_PRIV + { SEC_KEYTYPE_RSA_2048_PUBLIC, SEC_KEYCONTAINER_DER_RSA_2048_PUBLIC, rsa2048_pub_der, rsa2048_pub_der_len }, //TESTKEY_RSA2048_SGN_PUB + { SEC_KEYTYPE_RSA_2048, SEC_KEYCONTAINER_DER_RSA_2048, rsa2048_der, rsa2048_der_len }, //TESTKEY_RSA2048_ENC_PRIV + { SEC_KEYTYPE_RSA_2048_PUBLIC, SEC_KEYCONTAINER_DER_RSA_2048_PUBLIC, rsa2048_pub_der, rsa2048_pub_der_len }, //TESTKEY_RSA2048_ENC_PUB + { SEC_KEYTYPE_RSA_2048, SEC_KEYCONTAINER_DER_RSA_2048, rsa2048_der, rsa2048_der_len }, //TESTKEY_RSA2048_KEK_PRIV + { SEC_KEYTYPE_RSA_2048_PUBLIC, SEC_KEYCONTAINER_DER_RSA_2048_PUBLIC, rsa2048_pub_der, rsa2048_pub_der_len }, //TESTKEY_RSA2048_KEK_PUB + { SEC_KEYTYPE_ECC_NISTP256, SEC_KEYCONTAINER_DER_ECC_NISTP256, ecc_der, ecc_der_len }, //TESTKEY_ECC + { SEC_KEYTYPE_ECC_NISTP256_PUBLIC, SEC_KEYCONTAINER_DER_ECC_NISTP256_PUBLIC, ecc_pub_der, ecc_pub_der_len }, //TESTKEY_ECC_PUB + }; + +struct TestCertData { + Sec_CertificateContainer cc; + SEC_BYTE *buffer; + SEC_SIZE buffer_len; +}; + +static TestCertData g_certData[TESTKEY_NUM] = { + { SEC_CERTIFICATECONTAINER_X509_DER, rsa1024_cert_der, rsa1024_cert_der_len }, //TESTCERT_RSA1024 + { SEC_CERTIFICATECONTAINER_X509_DER, rsa2048_cert_der, rsa2048_cert_der_len }, //TESTCERT_RSA2048 + { SEC_CERTIFICATECONTAINER_X509_DER, ecc_cert_der, ecc_cert_der_len }, //TESTCERT_EC + }; + +static Sec_Result _BigNumToBuffer(const BIGNUM *bignum, SEC_BYTE *buffer, SEC_SIZE buffer_len) +{ + SEC_SIZE num_bytes; + + memset(buffer, 0, buffer_len); + num_bytes = BN_num_bytes(bignum); + + if (num_bytes > buffer_len) { + SEC_LOG_ERROR("buffer not large enough. needed: %d, actual: %d", num_bytes, buffer_len); + return SEC_RESULT_FAILURE; + } + + BN_bn2bin(bignum, buffer + buffer_len - num_bytes); + + return SEC_RESULT_SUCCESS; +} + +ProvKey* TestCreds::getKey(TestKey key, TestKc kc, SEC_OBJECTID id) { + if (key >= TESTKEY_NUM) { + SEC_LOG_ERROR("Invalid key: %d", key); + return NULL; + } + + switch (kc) { + case TESTKC_RAW: + return new ProvKey(std::vector (g_keyData[key].buffer, + g_keyData[key].buffer + g_keyData[key].buffer_len), g_keyData[key].kc); + break; + + case TESTKC_SOC: + return TestCreds::getSocKey(key, id); + break; + + case TESTKC_GENERATED: + case TESTKC_STORE: + default: + break; + } + + SEC_LOG_ERROR("Unimplemented"); + return NULL; +} + +Sec_KeyType TestCreds::getKeyType(TestKey key) { + if (key >= TESTKEY_NUM) { + SEC_LOG_ERROR("Invalid key: %d", key); + return SEC_KEYTYPE_NUM; + } + + return g_keyData[key].type; +} + +ProvCert *TestCreds::getCert(TestCert cert) { + if (cert >= TESTCERT_NUM) { + SEC_LOG_ERROR("Invalid cert: %d", cert); + return NULL; + } + + return new ProvCert(std::vector (g_certData[cert].buffer, + g_certData[cert].buffer + g_certData[cert].buffer_len), g_certData[cert].cc); +} + +std::vector TestCreds::asOpenSslAes(TestKey key) { + return std::vector (g_keyData[key].buffer, g_keyData[key].buffer + g_keyData[key].buffer_len); +} + +static RSA *_RSAFromDERPub(SEC_BYTE *der, SEC_SIZE der_len) +{ + const unsigned char *p = (const unsigned char *) der; + RSA *rsa = NULL; + + rsa = d2i_RSAPublicKey(&rsa, &p, der_len); + + if (!rsa) + { + p = (const unsigned char *) der; + rsa = d2i_RSA_PUBKEY(&rsa, &p, der_len); + } + + if (!rsa) + { + SEC_LOG_ERROR("Invalid RSA key container"); + goto done; + } + +done: + return rsa; +} + +static RSA *_RSAFromDERPriv(SEC_BYTE *der, SEC_SIZE der_len) +{ + const unsigned char *p = (const unsigned char *) der; + PKCS8_PRIV_KEY_INFO *p8 = NULL; + EVP_PKEY *evp_key = NULL; + RSA *rsa = NULL; + + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, der_len); + if (p8 != NULL) + { + evp_key = EVP_PKCS82PKEY(p8); + if (evp_key == NULL) + { + SEC_LOG_ERROR("EVP_PKCS82PKEY failed"); + goto done; + } + } + else + { + evp_key = d2i_AutoPrivateKey(NULL, &p, der_len); + if (evp_key == NULL) + { + SEC_LOG_ERROR("d2i_AutoPrivateKey failed"); + goto done; + } + } + + rsa = EVP_PKEY_get1_RSA(evp_key); + if (rsa == NULL) + { + SEC_LOG_ERROR("EVP_PKEY_get1_RSA failed"); + goto done; + } + +done: + SEC_EVPPKEY_FREE(evp_key); + + if (p8 != NULL) + { + PKCS8_PRIV_KEY_INFO_free(p8); + } + + return rsa; +} + +RSA* TestCreds::asOpenSslRsa(TestKey key) { + RSA *rsa = NULL; + if (g_keyData[key].kc == SEC_KEYCONTAINER_DER_RSA_1024_PUBLIC + || g_keyData[key].kc == SEC_KEYCONTAINER_DER_RSA_2048_PUBLIC) { + rsa = _RSAFromDERPub(g_keyData[key].buffer, g_keyData[key].buffer_len); + if (rsa == NULL) { + SEC_LOG_ERROR("SecUtils_RSAFromDERPub failed"); + } + } else { + rsa = _RSAFromDERPriv(g_keyData[key].buffer, g_keyData[key].buffer_len); + if (rsa == NULL) { + SEC_LOG_ERROR("SecUtils_RSAFromDERPriv failed"); + } + } + + return rsa; +} + +static EC_KEY *_ECCFromDERPub(SEC_BYTE *der, SEC_SIZE der_len) +{ + const unsigned char *p = (const unsigned char *) der; + EC_KEY *ec_key = NULL; + + ec_key = d2i_EC_PUBKEY(&ec_key, &p, der_len); + + if (ec_key == NULL) + { + SEC_LOG_ERROR("Invalid ECC key container"); + goto done; + } + +done: + return ec_key; +} + +static EC_KEY *_ECCFromDERPriv(SEC_BYTE *der, SEC_SIZE der_len) +{ + const unsigned char *p = (const unsigned char *) der; + PKCS8_PRIV_KEY_INFO *p8 = NULL; + EVP_PKEY *evp_key = NULL; + EC_KEY *ecc = NULL; + + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, der_len); + if (p8 != NULL) + { + evp_key = EVP_PKCS82PKEY(p8); + if (evp_key == NULL) + { + SEC_LOG_ERROR("EVP_PKCS82PKEY failed"); + goto done; + } + } + else + { + evp_key = d2i_AutoPrivateKey(NULL, &p, der_len); + if (evp_key == NULL) + { + SEC_LOG_ERROR("d2i_AutoPrivateKey failed"); + goto done; + } + } + + ecc = EVP_PKEY_get1_EC_KEY(evp_key); + if (ecc == NULL) + { + SEC_LOG_ERROR("EVP_PKEY_get1_EC_KEY failed"); + goto done; + } + +done: + SEC_EVPPKEY_FREE(evp_key); + + if (p8 != NULL) + { + PKCS8_PRIV_KEY_INFO_free(p8); + } + + return ecc; +} + +EC_KEY *TestCreds::asOpenSslEcKey(TestKey key) { + EC_KEY *ec = NULL; + if (g_keyData[key].kc == SEC_KEYCONTAINER_DER_ECC_NISTP256_PUBLIC) { + ec = _ECCFromDERPub(g_keyData[key].buffer, g_keyData[key].buffer_len); + if (ec == NULL) { + SEC_LOG_ERROR("SecUtils_ECCFromDERPub failed"); + } + } else { + ec = _ECCFromDERPriv(g_keyData[key].buffer, g_keyData[key].buffer_len); + if (ec == NULL) { + SEC_LOG_ERROR("SecUtils_ECCFromDERPriv failed"); + } + } + + return ec; +} + +EVP_PKEY *TestCreds::asOpenSslEvpPkey(TestKey key) { + EVP_PKEY *evp_key = NULL; + + if (SecKey_IsEcc(g_keyData[key].type)) { + EC_KEY *ec = TestCreds::asOpenSslEcKey(key); + if (ec == NULL) { + SEC_LOG_ERROR("TestCreds::asOpenSslEcKey failed"); + return NULL; + } + + evp_key = EVP_PKEY_new(); + if (evp_key == NULL) { + SEC_LOG_ERROR("EVP_PKEY_new failed"); + return NULL; + } + + if (0 == EVP_PKEY_set1_EC_KEY(evp_key, ec)) + { + SEC_EVPPKEY_FREE(evp_key); + SEC_ECC_FREE(ec); + SEC_LOG_ERROR("EVP_PKEY_set1_EC failed"); + return NULL; + } + } else if (SecKey_IsRsa(g_keyData[key].type)) { + RSA *rsa = TestCreds::asOpenSslRsa(key); + if (rsa == NULL) { + SEC_LOG_ERROR("TestCreds::asOpenSslRsa failed"); + return NULL; + } + + evp_key = EVP_PKEY_new(); + if (evp_key == NULL) { + SEC_LOG_ERROR("EVP_PKEY_new failed"); + return NULL; + } + + if (0 == EVP_PKEY_set1_RSA(evp_key, rsa)) + { + SEC_EVPPKEY_FREE(evp_key); + SEC_RSA_FREE(rsa); + SEC_LOG_ERROR("EVP_PKEY_set1_RSA failed"); + return NULL; + } + } else { + SEC_LOG_ERROR("Not an asymetric key type"); + return NULL; + } + + return evp_key; +} + +static bool _Is_Valid_Point(EC_KEY* ec_key, const std::vector data) +{ + if (data.size() != SEC_ECC_NISTP256_KEY_LEN) { + SEC_LOG_ERROR("Input size needed != One BIGNUM"); + return false; + } + + // Convert the input buffer to be encrypted to a BIGNUM + std::shared_ptr inputAsBN(BN_new(), BN_free); + if (inputAsBN.get() == NULL) { + SEC_LOG_ERROR("BN_new failed"); + return false; + } + + if (BN_bin2bn(&data[0], data.size(), inputAsBN.get()) == NULL) { + SEC_LOG_ERROR("BN_bin2bn failed. Error: %s", ERR_error_string(ERR_get_error(), NULL)); + return false; + } + + const EC_GROUP *group = EC_KEY_get0_group(ec_key); + if (NULL == group) { + SEC_LOG_ERROR("EC_KEY_get0_group failed"); + return false; + } + + std::shared_ptr ctx(BN_CTX_new(), BN_CTX_free); + if (ctx.get() == NULL) { + SEC_LOG_ERROR("BN_CTX_new failed"); + return false; + } + + std::shared_ptr pt(EC_POINT_new(group), EC_POINT_free); + if (pt.get() == NULL) { + SEC_LOG_ERROR("EC_POINT_new failed"); + return false; + } + + if (!EC_POINT_set_compressed_coordinates_GFp(group, pt.get(), inputAsBN.get(), 0, ctx.get())) { + SEC_LOG_ERROR("EC_POINT_set_compressed_coordinates_GFp failed"); + return false; + } + + return true; +} + +static int _ElGamal_Encrypt_Rand(EC_KEY *ec_key, + SEC_BYTE* input, SEC_SIZE inputSize, + SEC_BYTE* output, SEC_SIZE outputSize, + BIGNUM *sender_rand) +{ + int res = -1; + BIGNUM *inputAsBN = NULL; + const EC_GROUP *group = NULL; + const EC_POINT *P = NULL; + const EC_POINT *PK_recipient = NULL; + EC_POINT *shared_secret = NULL; + EC_POINT *key_2_wrap_point = NULL; + EC_POINT *sender_share = NULL; + EC_POINT *wrapped_key = NULL; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + BN_CTX *ctx = NULL; + + if (inputSize != SEC_ECC_NISTP256_KEY_LEN) + { + SEC_LOG_ERROR("Input size needed != One BIGNUM"); + goto done; + } + + if (outputSize < 4 * SEC_ECC_NISTP256_KEY_LEN) + { + SEC_LOG_ERROR("Output size needed < Four BIGNUMs"); + goto done; + } + + // Convert the input buffer to be encrypted to a BIGNUM + inputAsBN = BN_new(); + if (inputAsBN == NULL) + { + SEC_LOG_ERROR("BN_new failed"); + goto done; + } + if (BN_bin2bn(input, inputSize, inputAsBN) == NULL) + { + SEC_LOG_ERROR("BN_bin2bn failed. Error: %s", + ERR_error_string(ERR_get_error(), NULL)); + goto done; + } + + group = EC_KEY_get0_group(ec_key); + if (NULL == group) + { + SEC_LOG_ERROR("EC_KEY_get0_group failed"); + goto done; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) + { + SEC_LOG_ERROR("BN_CTX_new failed"); + goto done; + } + + // Convert the X coordinate to an EC Point. This takes the desired Y value in 1 bit (to choose + // which of the two possible Y values to use). This *calculates* an actual Y value for the point. + key_2_wrap_point = EC_POINT_new(group); + if (key_2_wrap_point == NULL) + { + SEC_LOG_ERROR("EC_POINT_new failed"); + goto done; + } + + if (!EC_POINT_set_compressed_coordinates_GFp(group, key_2_wrap_point, inputAsBN, 0, ctx)) //$$$ 1=>0 on 7/8/15 + { + // Don't print an error message if the error is "point not on curve" 100A906E, but still fail + if (ERR_get_error() != 0x100A906E) // i.e. error:100A906E:lib(16):func(169):reason(110) + { + SEC_LOG_ERROR("Set EC_POINT_set_compressed_coordinates_GFp failed. Error: %s", + ERR_error_string(ERR_get_error(), NULL)); + } + goto done; + } + + // Calc sender's shared point 'wP' => this gets sent back to receiver + sender_share = EC_POINT_new(group); + if (sender_share == NULL) + { + SEC_LOG_ERROR("EC_POINT_new failed"); + goto done; + } + + P = EC_GROUP_get0_generator(group); + if (P == NULL) + { + SEC_LOG_ERROR("EC_GROUP_get0_generator failed"); + goto done; + } + EC_POINT_mul(group, sender_share, NULL, P, sender_rand, ctx); + + // Calc sender's Shared Secret 'wRr' => this hides the key I want to send + shared_secret = EC_POINT_new(group); + if (shared_secret == NULL) + { + SEC_LOG_ERROR("EC_POINT_new failed"); + goto done; + } + + PK_recipient = EC_KEY_get0_public_key(ec_key); + if (PK_recipient == NULL) + { + SEC_LOG_ERROR("EC_KEY_get0_public_key failed"); + goto done; + } + EC_POINT_mul(group, shared_secret, NULL, PK_recipient, sender_rand, ctx); + + // key_2_wrap_point is a point on the curve, we add the shared_secret + // to it and send the result, the wrapped_key, to the receiver. + wrapped_key = EC_POINT_new(group); + if (wrapped_key == NULL) + { + SEC_LOG_ERROR("EC_POINT_new failed"); + goto done; + } + EC_POINT_add(group, wrapped_key, key_2_wrap_point, shared_secret, ctx); + + // Dissect the wrapped point to get its coordinates + x = BN_new(); + if (x == NULL) + { + SEC_LOG_ERROR("BN_new failed"); + goto done; + } + y = BN_new(); + if (y == NULL) + { + SEC_LOG_ERROR("BN_new failed"); + goto done; + } + + // Dissect shared_secret to get its coordinates and output them + EC_POINT_get_affine_coordinates_GFp(group, sender_share, x, y, ctx); + + if (SEC_RESULT_SUCCESS != _BigNumToBuffer(x, (unsigned char *) &output[0 * SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN)) { + SEC_LOG_ERROR("SecUtils_BigNumToBuffer failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != _BigNumToBuffer(y, (unsigned char *) &output[1 * SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN)) { + SEC_LOG_ERROR("SecUtils_BigNumToBuffer failed"); + goto done; + } + + // Dissect wrapped_key to get its coordinates and output them + EC_POINT_get_affine_coordinates_GFp(group, wrapped_key, x, y, ctx); + + if (SEC_RESULT_SUCCESS != _BigNumToBuffer(x, (unsigned char *) &output[2 * SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN)) { + SEC_LOG_ERROR("SecUtils_BigNumToBuffer failed"); + goto done; + } + + if (SEC_RESULT_SUCCESS != _BigNumToBuffer(y, (unsigned char *) &output[3 * SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN)) { + SEC_LOG_ERROR("SecUtils_BigNumToBuffer failed"); + goto done; + } + + res = 4 * SEC_ECC_NISTP256_KEY_LEN; + +done: + if (NULL != x) + BN_free(x); + if (NULL != y) + BN_free(y); + if (NULL != inputAsBN) + BN_free(inputAsBN); + if (NULL != sender_rand) + BN_free(sender_rand); + if (NULL != shared_secret) + EC_POINT_free(shared_secret); + if (NULL != sender_share) + EC_POINT_free(sender_share); + if (NULL != key_2_wrap_point) + EC_POINT_free(key_2_wrap_point); + if (NULL != wrapped_key) + EC_POINT_free(wrapped_key); + BN_CTX_free(ctx); + + return res; +} + +static int _ElGamal_Encrypt(EC_KEY *ec_key, + SEC_BYTE* input, SEC_SIZE inputSize, + SEC_BYTE* output, SEC_SIZE outputSize) +{ + // Generate random number 'w' (multiplier) for the sender + BIGNUM *sender_rand = BN_new(); + + if (sender_rand == NULL) + { + SEC_LOG_ERROR("BN_new failed"); + return -1; + } + if (0 == BN_rand(sender_rand, 256, -1, 0)) + { + SEC_LOG_ERROR("BN_rand failed"); + if (NULL != sender_rand) + BN_free(sender_rand); + return -1; + } + + return _ElGamal_Encrypt_Rand(ec_key, + input, inputSize, + output, outputSize, + sender_rand); +} + +static std::vector opensslRsaCrypt(RSA *rsa, Sec_CipherAlgorithm algorithm, Sec_CipherMode mode, const std::vector& input) { + int padding; + if (algorithm == SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING) { + padding = RSA_PKCS1_PADDING; + } else { + padding = RSA_PKCS1_OAEP_PADDING; + } + + int openssl_res; + std::vector output; + output.resize(RSA_size(rsa)); + + if (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) { + openssl_res = RSA_public_encrypt(input.size(), &input[0], &output[0], rsa, padding); + } else { + openssl_res = RSA_private_decrypt(input.size(), &input[0], &output[0], rsa, padding); + } + + if (openssl_res < 0) + { + SEC_LOG_ERROR("%s", ERR_error_string(ERR_get_error(), NULL)); + return std::vector(); + } + + output.resize(openssl_res); + + return output; +} + +static Sec_Result _RSAToDERPrivKeyInfo(RSA *rsa, SEC_BYTE *output, SEC_SIZE out_len, SEC_SIZE *written) +{ + BIO *bio = NULL; + EVP_PKEY *evp_key = NULL; + BUF_MEM *bptr = NULL; + Sec_Result res = SEC_RESULT_FAILURE; + + evp_key = EVP_PKEY_new(); + if (0 == EVP_PKEY_set1_RSA(evp_key, rsa)) + { + SEC_LOG_ERROR("EVP_PKEY_set1_RSA failed"); + goto done; + } + + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + { + SEC_LOG_ERROR("BIO_new(BIO_s_mem()) failed"); + goto done; + } + + if (!i2d_PKCS8PrivateKeyInfo_bio(bio, evp_key)) + { + SEC_LOG_ERROR("i2d_PKCS8_PRIV_KEY_INFO_bio failed"); + goto done; + } + + BIO_flush(bio); + BIO_get_mem_ptr(bio, &bptr); + + *written = bptr->length; + + if (output != NULL) + { + if (out_len < bptr->length) + { + SEC_LOG_ERROR("output buffer is not large enough"); + goto done; + } + memcpy(output, bptr->data, bptr->length); + } + + res = SEC_RESULT_SUCCESS; + +done: + SEC_EVPPKEY_FREE(evp_key); + SEC_BIO_FREE(bio); + + return res; +} + +static std::vector toPkcs8(RSA* rsa) { + std::vector pkcs8; + pkcs8.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE pkcs8_len; + + if (SEC_RESULT_SUCCESS != _RSAToDERPrivKeyInfo(rsa, &pkcs8[0], pkcs8.size(), &pkcs8_len)) { + SEC_LOG_ERROR("SecUtils_RSAToDERPriv failed"); + return std::vector(); + } + + pkcs8.resize(pkcs8_len); + + return pkcs8; +} + +template std::vector concat(std::vector &a, std::vector &b) { + std::vector ret = std::vector(); + std::copy(a.begin(), a.end(), std::back_inserter(ret)); + std::copy(b.begin(), b.end(), std::back_inserter(ret)); + return ret; +} + +ProvKey* TestCreds::wrapAesWithEc(const SEC_BYTE* clear, Sec_KeyType type, EC_KEY *ec_key, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm asymAlg) { + std::vector payload; + payload.resize(32); + + if (type == SEC_KEYTYPE_AES_128) { + memcpy(&payload[0], clear, 16); + memcpy(&payload[16], clear, 16); + } else { + memcpy(&payload[0], clear, 32); + } + + std::vector encrypted; + encrypted.resize(SEC_ECC_NISTP256_KEY_LEN*4); + + int encrypted_len = _ElGamal_Encrypt(ec_key, + &payload[0], payload.size(), + &encrypted[0], encrypted.size()); + + if (encrypted_len <= 0) { + SEC_LOG_ERROR("_ElGamal_Encrypt failed"); + return NULL; + } + + encrypted.resize(encrypted_len); + + std::vector res; + res.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE res_len; + if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1Off(&encrypted[0], encrypted.size(), + type, wrappingId, NULL, asymAlg, + &res[0], res.size(), &res_len, 32 - SecKey_GetKeyLenForKeyType(type))) { + SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); + return NULL; + } + res.resize(res_len); + + return new ProvKey(res, SEC_KEYCONTAINER_ASN1); +} + +ProvKey* TestCreds::wrapAesWithRsa(const SEC_BYTE* data, Sec_KeyType type, RSA *rsa_key, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm asymAlg) { + std::vector clear(data, data+SecKey_GetKeyLenForKeyType(type)); + std::vector wrapped = opensslRsaCrypt(rsa_key, asymAlg, SEC_CIPHERMODE_ENCRYPT, clear); + + if (wrapped.size() == 0) { + SEC_LOG_ERROR("opensslRsaCrypt failed"); + return NULL; + } + + std::vector res; + res.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE res_len; + + if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1(&wrapped[0], wrapped.size(), type, wrappingId, NULL, asymAlg, &res[0], res.size(), &res_len)) { + SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); + return NULL; + } + + return new ProvKey(res, SEC_KEYCONTAINER_ASN1); +} + +ProvKey* TestCreds::wrapAesWithAes(const SEC_BYTE* clear, Sec_KeyType type, const SEC_BYTE* wrapping, Sec_KeyType wrappingType, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm symAlg) { + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + + TestCtx ctx; + ctx.init(); + + if (NULL == ctx.provisionKey(wrappingId, SEC_STORAGELOC_RAM, wrapping, SecKey_GetKeyLenForKeyType(wrappingType), + wrappingType == SEC_KEYTYPE_AES_128 ? SEC_KEYCONTAINER_RAW_AES_128 : SEC_KEYCONTAINER_RAW_AES_256)) { + SEC_LOG_ERROR("TestCtx::provisionKey failed"); + return NULL; + } + + std::vector wrapped; + wrapped.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE wrapped_len; + if (SEC_RESULT_SUCCESS != SecUtils_WrapSymetric(ctx.proc(), wrappingId, + symAlg, &iv[0], + (SEC_BYTE*) clear, SecKey_GetKeyLenForKeyType(type), + &wrapped[0], wrapped.size(), &wrapped_len)) { + SEC_LOG_ERROR("SecUtils_WrapSymetric failed"); + return NULL; + } + wrapped.resize(wrapped_len); + + std::vector asn1; + asn1.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE asn1_len; + + if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1(&wrapped[0], wrapped.size(), type, + wrappingId, &iv[0], symAlg, + &asn1[0], asn1.size(), &asn1_len)) { + SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); + return NULL; + } + asn1.resize(asn1_len); + + return new ProvKey(asn1, SEC_KEYCONTAINER_ASN1); +} + +ProvKey* TestCreds::wrapRsaWithAes(RSA* rsa, const SEC_BYTE* wrapping, Sec_KeyType wrappingType, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm symAlg) { + std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); + + TestCtx ctx; + ctx.init(); + + if (NULL == ctx.provisionKey(wrappingId, SEC_STORAGELOC_RAM, wrapping, SecKey_GetKeyLenForKeyType(wrappingType), + wrappingType == SEC_KEYTYPE_AES_128 ? SEC_KEYCONTAINER_RAW_AES_128 : SEC_KEYCONTAINER_RAW_AES_256)) { + SEC_LOG_ERROR("TestCtx::provisionKey failed"); + return NULL; + } + + std::vector pkcs8 = toPkcs8(rsa); + if (pkcs8.size() == 0) { + SEC_LOG_ERROR("toPkcs8 failed"); + return NULL; + } + Sec_KeyType type = (RSA_size(rsa) == 128) ? SEC_KEYTYPE_RSA_1024 : SEC_KEYTYPE_RSA_2048; + + std::vector wrapped; + wrapped.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE wrapped_len; + if (SEC_RESULT_SUCCESS != SecUtils_WrapSymetric(ctx.proc(), wrappingId, + symAlg, &iv[0], + &pkcs8[0], pkcs8.size(), + &wrapped[0], wrapped.size(), &wrapped_len)) { + SEC_LOG_ERROR("SecUtils_WrapSymetric failed"); + return NULL; + } + wrapped.resize(wrapped_len); + + std::vector asn1; + asn1.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE asn1_len; + + if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1(&wrapped[0], wrapped.size(), type, + wrappingId, &iv[0], symAlg, + &asn1[0], asn1.size(), &asn1_len)) { + SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); + return NULL; + } + asn1.resize(asn1_len); + + return new ProvKey(asn1, SEC_KEYCONTAINER_ASN1); +} + +std::vector TestCreds::getWrappedContentKeyChainEcAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_CipherAlgorithm asymAlg) { + std::vector res; + + //generate key0 + std::shared_ptr provKey(TestCreds::getKey(TESTKEY_EC_PRIV, kc, base_id)); + res.push_back(*provKey); + + //generate key1 + std::shared_ptr ec_key(TestCreds::asOpenSslEcKey(TESTKEY_EC_PRIV), EC_KEY_free); + std::shared_ptr wrappedKey1(wrapAesWithEc(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), ec_key.get(), base_id, asymAlg)); + res.push_back(*wrappedKey1); + + return res; +} + +std::vector TestCreds::getWrappedContentKeyChainEcAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_KeyType aesType, Sec_CipherAlgorithm asymAlg, Sec_CipherAlgorithm symAlg) { + std::vector res; + + //generate key0 + std::shared_ptr provKey(TestCreds::getKey(TESTKEY_EC_PRIV, kc, base_id)); + + res.push_back(*provKey); + + //generate key1 + std::shared_ptr ec_key(TestCreds::asOpenSslEcKey(TESTKEY_EC_PRIV), EC_KEY_free); + std::vector key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); + while (!_Is_Valid_Point(ec_key.get(), (SecKey_GetKeyLenForKeyType(aesType) == 16) ? concat(key1, key1) : key1)) { + SEC_PRINT("Not a valid point. Regenerating.\n"); + key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); + } + + std::shared_ptr wrappedKey1(wrapAesWithEc(&key1[0], aesType, ec_key.get(), base_id, asymAlg)); + res.push_back(*wrappedKey1); + + //generate key2 + std::shared_ptr wrappedKey2(wrapAesWithAes(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), &key1[0], aesType, base_id+1, symAlg)); + res.push_back(*wrappedKey2); + + return res; +} + +std::vector TestCreds::getWrappedContentKeyChainRsaAesRsaAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, Sec_CipherAlgorithm ckSymAlg) { + std::vector res; + + //generate key0 + TestKey rsaPrivKey = (rsaType == SEC_KEYTYPE_RSA_1024) ? TESTKEY_RSA1024_KEK_PRIV : TESTKEY_RSA2048_KEK_PRIV; + std::shared_ptr provKey(TestCreds::getKey(rsaPrivKey, kc, base_id)); + res.push_back(*provKey); + + //generate key1 + std::vector key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); + std::shared_ptr rsa_key(TestCreds::asOpenSslRsa(rsaPrivKey), RSA_free); + std::shared_ptr wrappedKey1(wrapAesWithRsa(&key1[0], aesType, rsa_key.get(), base_id, asymAlg)); + res.push_back(*wrappedKey1); + + //generate key2 + std::shared_ptr wrappedKey2(wrapRsaWithAes(rsa_key.get(), &key1[0], aesType, base_id+1, symAlg)); + res.push_back(*wrappedKey2); + + //generate key3 + std::vector key3 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); + std::shared_ptr wrappedKey3(wrapAesWithRsa(&key3[0], aesType, rsa_key.get(), base_id+2, asymAlg)); + res.push_back(*wrappedKey3); + + //generate key4 + std::shared_ptr wrappedKey4(wrapAesWithAes(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), &key3[0], aesType, base_id+3, ckSymAlg)); + res.push_back(*wrappedKey4); + + return res; +} + +std::vector TestCreds::getWrappedContentKeyChainRsaAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg) { + std::vector res; + + //generate key0 + TestKey rsaKey = (rsaType == SEC_KEYTYPE_RSA_1024) ? TESTKEY_RSA1024_KEK_PRIV : TESTKEY_RSA2048_KEK_PRIV; + std::shared_ptr provKey(TestCreds::getKey(rsaKey, kc, base_id)); + res.push_back(*provKey); + + //generate key1 + std::shared_ptr rsa(TestCreds::asOpenSslRsa(rsaKey), RSA_free); + std::shared_ptr wrappedKey1(wrapAesWithRsa(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), rsa.get(), base_id, asymAlg)); + res.push_back(*wrappedKey1); + + return res; +} + +std::vector TestCreds::getWrappedContentKeyChainRsaAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg) { + std::vector res; + + //generate key0 + TestKey rsaPrivKey = (rsaType == SEC_KEYTYPE_RSA_1024) ? TESTKEY_RSA1024_KEK_PRIV : TESTKEY_RSA2048_KEK_PRIV; + std::shared_ptr provKey(TestCreds::getKey(rsaPrivKey, kc, base_id)); + res.push_back(*provKey); + + //generate key1 + std::vector key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); + + std::shared_ptr rsa_key(TestCreds::asOpenSslRsa(rsaPrivKey), RSA_free); + std::shared_ptr wrappedKey1(wrapAesWithRsa(&key1[0], aesType, rsa_key.get(), base_id, asymAlg)); + res.push_back(*wrappedKey1); + + //generate key2 + std::shared_ptr wrappedKey2(wrapAesWithAes(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), &key1[0], aesType, base_id+1, symAlg)); + res.push_back(*wrappedKey2); + + return res; +} diff --git a/test/main/cpp/test_ctx.cpp b/test/main/cpp/test_ctx.cpp new file mode 100644 index 0000000..a562b88 --- /dev/null +++ b/test/main/cpp/test_ctx.cpp @@ -0,0 +1,507 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "test_ctx.h" + +#include +#include +#include + +std::string g_log_output; + +static void _variable_logger(const char *fmt, ...) +{ + static pthread_mutex_t _log_mutex = PTHREAD_MUTEX_INITIALIZER; + + pthread_mutex_lock(&_log_mutex); + + va_list args; + va_start(args, fmt); + + char tmp[65536]; + memset(tmp, 0, sizeof(tmp)); + vsnprintf(tmp, sizeof(tmp)-1, fmt, args); + + va_end(args); + + g_log_output += std::string(tmp); + + pthread_mutex_unlock(&_log_mutex); +} + +void Logger::init() { + g_log_output.clear(); + Sec_SetLogger(_variable_logger); +} + +void Logger::shutdown() { + Sec_SetLogger(Sec_DefaultLoggerCb); +} + +const char *Logger::output() { + return g_log_output.c_str(); +} + +std::vector SuiteCtx::getFailed() const { + std::vector res; + + for (unsigned int i=0; i SuiteCtx::getSucceeded() const { + std::vector res; + + for (unsigned int i=0; i SuiteCtx::getSkipped() const { + std::vector res; + + for (unsigned int i=0; i SuiteCtx::getAttempted() const { + std::vector res; + + for (unsigned int i=0; i SuiteCtx::getAll() const { + std::vector res; + + for (unsigned int i=0; i prov(TestCreds::getKey(key, TESTKC_SOC, id)); + if (!prov.get()) { + SEC_LOG_ERROR("TestCreds::getKey failed"); + return NULL; + } + + Sec_KeyHandle* handle = provisionKey(id, loc, &prov->key[0], prov->key.size(), prov->kc, softWrap); + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key; + exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE exported_len; + + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(handle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("SecKey_ExportKey failed"); + return NULL; + } + exported_key.resize(exported_len); + + return provisionKey(id, loc, &exported_key[0], exported_key.size(), SEC_KEYCONTAINER_EXPORTED, SEC_FALSE); + } + + std::shared_ptr prov(TestCreds::getKey(key, kc, id)); + if (!prov.get()) { + SEC_LOG_ERROR("TestCreds::getKey failed"); + return NULL; + } + + return provisionKey(id, loc, &prov->key[0], prov->key.size(), prov->kc, softWrap); +} + +Sec_KeyHandle * TestCtx::getKey(SEC_OBJECTID id) { + Sec_KeyHandle *handle = NULL; + + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(proc_, id, &handle)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + return NULL; + } + + keys_.push_back(handle); + + return handle; +} + +void TestCtx::releaseKey(Sec_KeyHandle *key) { + keys_.remove(key); + SecKey_Release(key); +} + +void TestCtx::deleteKey(SEC_OBJECTID id) { + provisionedKeys_.remove(id); + SecKey_Delete(proc_, id); +} + +void TestCtx::releaseCert(Sec_CertificateHandle *cert) { + certs_.remove(cert); + SecCertificate_Release(cert); +} + +Sec_CertificateHandle* TestCtx::provisionCert(SEC_OBJECTID id, Sec_StorageLoc loc, TestCert cert) { + std::shared_ptr prov(TestCreds::getCert(cert)); + if (!prov.get()) { + SEC_LOG_ERROR("TestCreds::getCert failed"); + return NULL; + } + + if (SEC_RESULT_SUCCESS != SecCertificate_Provision( + proc_, id, loc, prov->cc, &prov->cert[0], prov->cert.size())) { + SEC_LOG_ERROR("SecCertificate_Provision failed"); + return NULL; + } + + provisionedCerts_.push_back(id); + + return getCert(id); +} + +Sec_CertificateHandle* TestCtx::getCert(SEC_OBJECTID id) { + Sec_CertificateHandle *handle = NULL; + + if (SEC_RESULT_SUCCESS != SecCertificate_GetInstance(proc_, id, &handle)) { + SEC_LOG_ERROR("SecCertificate_GetInstance failed"); + return NULL; + } + + certs_.push_back(handle); + + return handle; +} + +void TestCtx::deleteCert(SEC_OBJECTID id) { + provisionedCerts_.remove(id); + SecCertificate_Delete(proc_, id); +} + +Sec_BundleHandle * TestCtx::provisionBundle(SEC_OBJECTID id, Sec_StorageLoc location, const std::vector& bundle) { + if (SEC_RESULT_SUCCESS != SecBundle_Provision( + proc_, id, location, (SEC_BYTE *) &bundle[0], bundle.size())) { + SEC_LOG_ERROR("SecBundle_Provision failed"); + return NULL; + } + + provisionedBundles_.push_back(id); + + return getBundle(id); +} + +Sec_BundleHandle* TestCtx::getBundle(SEC_OBJECTID id) { + Sec_BundleHandle *handle = NULL; + + if (SEC_RESULT_SUCCESS != SecBundle_GetInstance(proc_, id, &handle)) { + SEC_LOG_ERROR("SecBundle_GetInstance failed"); + return NULL; + } + + bundles_.push_back(handle); + + return handle; +} + +void TestCtx::releaseBundle(Sec_BundleHandle *bundle) { + bundles_.remove(bundle); + SecBundle_Release(bundle); +} + +void TestCtx::deleteBundle(SEC_OBJECTID id) { + provisionedBundles_.remove(id); + SecBundle_Delete(proc_, id); +} + +Sec_CipherHandle *TestCtx::acquireCipher(Sec_CipherAlgorithm algorithm, Sec_CipherMode mode, Sec_KeyHandle* key, SEC_BYTE* iv) { + Sec_CipherHandle *handle = NULL; + + if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(proc_, + algorithm, mode, key, + iv, &handle)) { + SEC_LOG_ERROR("SecCipher_GetInstance failed"); + return NULL; + } + + ciphers_.push_back(handle); + + return handle; +} + +void TestCtx::releaseCipher(Sec_CipherHandle *cipher) { + ciphers_.remove(cipher); + SecCipher_Release(cipher); +} + +Sec_RandomHandle *TestCtx::acquireRandom(Sec_RandomAlgorithm algorithm) { + Sec_RandomHandle *handle = NULL; + + if (SEC_RESULT_SUCCESS != SecRandom_GetInstance(proc_, + algorithm, &handle)) { + SEC_LOG_ERROR("SecRandom_GetInstance failed"); + return NULL; + } + + randoms_.push_back(handle); + + return handle; +} + +void TestCtx::releaseRandom(Sec_RandomHandle* randomHandle) { + randoms_.remove(randomHandle); + SecRandom_Release(randomHandle); +} + +Sec_SignatureHandle *TestCtx::acquireSignature(Sec_SignatureAlgorithm algorithm, Sec_SignatureMode mode, Sec_KeyHandle* key) { + Sec_SignatureHandle *handle = NULL; + + if (SEC_RESULT_SUCCESS != SecSignature_GetInstance(proc_, + algorithm, mode, key, &handle)) { + SEC_LOG_ERROR("SecSignature_GetInstance failed"); + return NULL; + } + + sigs_.push_back(handle); + + return handle; +} + +void TestCtx::releaseSignature(Sec_SignatureHandle *sig) { + sigs_.remove(sig); + SecSignature_Release(sig); +} + +Sec_MacHandle *TestCtx::acquireMac(Sec_MacAlgorithm algorithm, Sec_KeyHandle *key) { + Sec_MacHandle *handle = NULL; + + if (SEC_RESULT_SUCCESS != SecMac_GetInstance(proc_, algorithm, key, &handle)) { + SEC_LOG_ERROR("SecMac_GetInstance failed"); + return NULL; + } + + macs_.push_back(handle); + + return handle; +} + +Sec_Result TestCtx::releaseMac(Sec_MacHandle* macHandle, SEC_BYTE* macBuffer, SEC_SIZE* macSize) { + macs_.remove(macHandle); + return SecMac_Release(macHandle, macBuffer, macSize); +} + +void TestCtx::releaseMac(Sec_MacHandle* macHandle) { + SEC_BYTE macBuffer[SEC_DIGEST_MAX_LEN]; + SEC_SIZE macSize; + + releaseMac(macHandle, macBuffer, &macSize); +} + +Sec_DigestHandle *TestCtx::acquireDigest(Sec_DigestAlgorithm algorithm) { + Sec_DigestHandle *handle = NULL; + + if (SEC_RESULT_SUCCESS != SecDigest_GetInstance(proc_, algorithm, &handle)) { + SEC_LOG_ERROR("SecDigest_GetInstance failed"); + return NULL; + } + + digests_.push_back(handle); + + return handle; +} + +Sec_Result TestCtx::releaseDigest(Sec_DigestHandle* digestHandle, SEC_BYTE* digestOutput, SEC_SIZE* digestSize) { + digests_.remove(digestHandle); + return SecDigest_Release(digestHandle, digestOutput, digestSize); +} + +void TestCtx::releaseDigest(Sec_DigestHandle* digestHandle) { + SEC_BYTE digestOutput[SEC_DIGEST_MAX_LEN]; + SEC_SIZE digestSize; + + releaseDigest(digestHandle, digestOutput, &digestSize); +} + +void TestCtx::printHex(const char *label, const std::vector& data) { + SEC_PRINT("%s[%d]: ", label, data.size()); + Sec_PrintHex((void *) &data[0], data.size()); + SEC_PRINT("\n"); +} + +std::vector TestCtx::random(SEC_SIZE len) { + std::vector output; + + output.resize(len); + + RAND_bytes(&output[0], output.size()); + + return output; +} + +std::vector TestCtx::coalesceInputs(const std::vector >& inputs) { + std::vector input; + + for (unsigned int i=0; i& inputSizes) { + SEC_SIZE out = 0; + + for (unsigned int i=0; i + +static ProvKey convertV2ToV3(const std::vector& v2) { + ProvKey lastKey; + + for (unsigned int i=0; i v3Key; + v3Key.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE v3KeyLen; + + if (i == 0) { + lastKey = key; + } else { + if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1V3( + payload, payloadLen, wrappedKeyType, + &lastKey.key[0], lastKey.key.size(), + wrappingIv, wrappingAlg, + &v3Key[0], v3Key.size(), &v3KeyLen, key_offset)) { + + SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1V3 failed"); + return ProvKey(); + } + + v3Key.resize(v3KeyLen); + + lastKey = ProvKey(v3Key, SEC_KEYCONTAINER_ASN1); + } + } else { + lastKey = key; + } + } + + return lastKey; +} + +Sec_Result testWrappedCipherSingleRsaAesRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, Sec_CipherAlgorithm ckSymAlg, WrappedKeyFormatVersion wkfv) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + + std::vector keys = TestCreds::getWrappedContentKeyChainRsaAesRsaAesAes(key, kc, id, rsaType, asymAlg, aesType, symAlg, ckSymAlg); + if (keys.size() == 0) { + SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); + return SEC_RESULT_FAILURE; + } + + switch (wkfv) { + case WKFV_V2: { + for (unsigned int i=0; i clear = TestCreds::asOpenSslAes(key); + + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id-1, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), id-1, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, id-1, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testWrappedCipherSingleRsaAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + + std::vector keys = TestCreds::getWrappedContentKeyChainRsaAes(key, kc, id, rsaType, asymAlg); + if (keys.size() == 0) { + SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); + return SEC_RESULT_FAILURE; + } + + switch (wkfv) { + case WKFV_V2: { + for (unsigned int i=0; i clear = TestCreds::asOpenSslAes(key); + + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id-1, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), id-1, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, id-1, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testWrappedCipherSingleEcAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + + std::vector keys = TestCreds::getWrappedContentKeyChainEcAes(key, kc, id, asymAlg); + if (keys.size() == 0) { + SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); + return SEC_RESULT_FAILURE; + } + + switch (wkfv) { + case WKFV_V2: { + for (unsigned int i=0; i clear = TestCreds::asOpenSslAes(key); + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), id - 1, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, id - 1, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + //check enc/dec + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id-1, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testWrappedCipherSingleEcAesAes(TestKey key, TestKc kc, Sec_KeyType aesType, Sec_CipherAlgorithm asymAlg, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + + std::vector keys = TestCreds::getWrappedContentKeyChainEcAesAes(key, kc, id, aesType, asymAlg, symAlg); + if (keys.size() == 0) { + SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); + return SEC_RESULT_FAILURE; + } + + switch (wkfv) { + case WKFV_V2: { + for (unsigned int i=0; i clear = TestCreds::asOpenSslAes(key); + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), id - 1, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, id - 1, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + //check enc/dec + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id-1, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testExportWrappedRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + + std::vector keys = TestCreds::getWrappedContentKeyChainRsaAesAes(key, kc, id, rsaType, asymAlg, aesType, symAlg); + if (keys.size() == 0) { + SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); + return SEC_RESULT_FAILURE; + } + + switch (wkfv) { + case WKFV_V2: { + for (unsigned int i=0; i derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key; + exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE exported_len; + + Sec_KeyHandle *keyHandle; + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idContentKey, &keyHandle)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("SecKey_ExportKey failed"); + SecKey_Release(keyHandle); + return SEC_RESULT_FAILURE; + } + exported_key.resize(exported_len); + SecKey_Release(keyHandle); + + //provision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idContentKey, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyType keyType = TestCreds::getKeyType(key); + std::vector clear = TestCreds::asOpenSslAes(key); + + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idContentKey, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idContentKey, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idContentKey, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testWrappedCipherSingleRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + + std::vector keys = TestCreds::getWrappedContentKeyChainRsaAesAes(key, kc, id, rsaType, asymAlg, aesType, symAlg); + if (keys.size() == 0) { + SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); + return SEC_RESULT_FAILURE; + } + + switch (wkfv) { + case WKFV_V2: { + for (unsigned int i=0; i clear = TestCreds::asOpenSslAes(key); + + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id-1, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), id-1, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, id-1, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + return SEC_RESULT_SUCCESS; +} + +static std::vector asn1(Sec_ProcessorHandle *proc, const std::vector& clear, Sec_KeyType type, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm algorithm) { + std::vector wrapped; + wrapped.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE wrapped_len; + + std::vector iv = TestCtx::random(16); + + if (SEC_RESULT_SUCCESS != SecCipher_SingleInputId(proc, algorithm, SEC_CIPHERMODE_ENCRYPT, wrappingId, &iv[0], (SEC_BYTE *) &clear[0], clear.size(), &wrapped[0], wrapped.size(), &wrapped_len)) { + SEC_LOG_ERROR("SecCipher_SingleInputId failed"); + return std::vector(); + } + wrapped.resize(wrapped_len); + + std::vector res; + SEC_SIZE written; + res.resize(SEC_KEYCONTAINER_MAX_LEN); + + if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1Off( + (SEC_BYTE *) &wrapped[0], + wrapped.size(), + type, + wrappingId, + (SEC_BYTE *) &iv[0], + algorithm, + &res[0], + res.size(), + &written, + 0)) { + SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1Off failed"); + return std::vector(); + } + + res.resize(written); + + return res; +} + +Sec_Result testWrappedKDFCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, SEC_OBJECTID idWrapped, Sec_KeyType keyType, SEC_BYTE counter, uint32_t L) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == ctx.provisionKey(idBase, SEC_STORAGELOC_RAM, TESTKEY_AES128, TESTKC_SOC)) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + //base key + TestCtx::printHex("baseKey", TestCreds::asOpenSslAes(TESTKEY_AES128)); + + //label + std::vector otherData = TestCtx::random(10); + //separator + otherData.push_back(0); + //ctx + std::vector ctx2 = TestCtx::random(32); + otherData.insert(otherData.end(), ctx2.begin(), ctx2.end()); + + otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); + Sec_Uint32ToBEBytes(L, &otherData[otherData.size() - 4]); + + TestCtx::printHex("otherData", otherData); + + if (SEC_RESULT_SUCCESS != SecKey_Derive_CMAC_AES128(ctx.proc(), + idDerived, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, + idBase, + &otherData[0], otherData.size(), + &counter, 1)) { + SEC_LOG_ERROR("SecKey_Derive_CMAC_AES128 failed"); + return SEC_RESULT_FAILURE; + } + + //create wrapped key protected by CMAC_AES128 derived key + std::vector clear = TestCtx::random(SecKey_GetKeyLenForKeyType(keyType)); + TestCtx::printHex("key", clear); + + std::vector wrapped = asn1(ctx.proc(), clear, keyType, idDerived, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING); + if (wrapped.size() == 0) { + SEC_LOG_ERROR("asn1 failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idWrapped, SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_ASN1, &wrapped[0], wrapped.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idWrapped, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idWrapped, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + + SecKey_Delete(ctx.proc(), idDerived); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testExportedKDFCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, SEC_OBJECTID idWrapped, Sec_KeyType keyType, SEC_BYTE counter, uint32_t L) { + TestCtx ctx; + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + if (NULL == ctx.provisionKey(idBase, SEC_STORAGELOC_RAM, TESTKEY_AES128, TESTKC_SOC)) { + SEC_LOG_ERROR("TestCtx.provision failed"); + return SEC_RESULT_FAILURE; + } + + //export content key + std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key; + exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE exported_len; + + Sec_KeyHandle *keyHandle; + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idBase, &keyHandle)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("SecKey_ExportKey failed"); + SecKey_Release(keyHandle); + return SEC_RESULT_FAILURE; + } + exported_key.resize(exported_len); + SecKey_Release(keyHandle); + + //provision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idBase, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + //base key + TestCtx::printHex("baseKey", TestCreds::asOpenSslAes(TESTKEY_AES128)); + + //label + std::vector otherData = TestCtx::random(10); + //separator + otherData.push_back(0); + //ctx + std::vector ctx2 = TestCtx::random(32); + otherData.insert(otherData.end(), ctx2.begin(), ctx2.end()); + + otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); + Sec_Uint32ToBEBytes(L, &otherData[otherData.size() - 4]); + + TestCtx::printHex("otherData", otherData); + + if (SEC_RESULT_SUCCESS != SecKey_Derive_CMAC_AES128(ctx.proc(), + idDerived, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, + idBase, + &otherData[0], otherData.size(), + &counter, 1)) { + SEC_LOG_ERROR("SecKey_Derive_CMAC_AES128 failed"); + return SEC_RESULT_FAILURE; + } + + //create wrapped key protected by CMAC_AES128 derived key + std::vector clear = TestCtx::random(SecKey_GetKeyLenForKeyType(keyType)); + TestCtx::printHex("key", clear); + + std::vector wrapped = asn1(ctx.proc(), clear, keyType, idDerived, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING); + if (wrapped.size() == 0) { + SEC_LOG_ERROR("asn1 failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idWrapped, SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_ASN1, &wrapped[0], wrapped.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idWrapped, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idWrapped, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + + SecKey_Delete(ctx.proc(), idDerived); + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testExportWrappedEccAesAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + + std::vector keys = TestCreds::getWrappedContentKeyChainEcAesAes(key, kc, id, aesType, asymAlg, symAlg); + if (keys.size() == 0) { + SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); + return SEC_RESULT_FAILURE; + } + + switch (wkfv) { + case WKFV_V2: { + for (unsigned int i=0; i derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key; + exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE exported_len; + + Sec_KeyHandle *keyHandle; + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idContentKey, &keyHandle)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("SecKey_ExportKey failed"); + SecKey_Release(keyHandle); + return SEC_RESULT_FAILURE; + } + exported_key.resize(exported_len); + SecKey_Release(keyHandle); + + //provision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idContentKey, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyType keyType = TestCreds::getKeyType(key); + std::vector clear = TestCreds::asOpenSslAes(key); + + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idContentKey, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idContentKey, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idContentKey, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testExportWrappedEccAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + + std::vector keys = TestCreds::getWrappedContentKeyChainEcAes(key, kc, id, asymAlg); + if (keys.size() == 0) { + SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); + return SEC_RESULT_FAILURE; + } + + switch (wkfv) { + case WKFV_V2: { + for (unsigned int i=0; i derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key; + exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE exported_len; + + Sec_KeyHandle *keyHandle; + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idContentKey, &keyHandle)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("SecKey_ExportKey failed"); + SecKey_Release(keyHandle); + return SEC_RESULT_FAILURE; + } + exported_key.resize(exported_len); + SecKey_Release(keyHandle); + + //provision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idContentKey, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyType keyType = TestCreds::getKeyType(key); + std::vector clear = TestCreds::asOpenSslAes(key); + + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idContentKey, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idContentKey, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idContentKey, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + return SEC_RESULT_SUCCESS; +} + +static std::vector getWrappedContentKeyChainGeneratedEcAes(TestKey contentKey, EC_KEY* ec_key, SEC_OBJECTID base_id, Sec_CipherAlgorithm asymAlg) { + std::vector res; + + //generate key1 + std::shared_ptr wrappedKey1(TestCreds::wrapAesWithEc(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), ec_key, base_id, asymAlg)); + res.push_back(*wrappedKey1); + + return res; +} + +static bool _Is_Valid_Point(EC_KEY* ec_key, const std::vector data) +{ + if (data.size() != SEC_ECC_NISTP256_KEY_LEN) { + SEC_LOG_ERROR("Input size needed != One BIGNUM"); + return false; + } + + // Convert the input buffer to be encrypted to a BIGNUM + std::shared_ptr inputAsBN(BN_new(), BN_free); + if (inputAsBN.get() == NULL) { + SEC_LOG_ERROR("BN_new failed"); + return false; + } + + if (BN_bin2bn(&data[0], data.size(), inputAsBN.get()) == NULL) { + SEC_LOG_ERROR("BN_bin2bn failed."); + return false; + } + + const EC_GROUP *group = EC_KEY_get0_group(ec_key); + if (NULL == group) { + SEC_LOG_ERROR("EC_KEY_get0_group failed"); + return false; + } + + std::shared_ptr ctx(BN_CTX_new(), BN_CTX_free); + if (ctx.get() == NULL) { + SEC_LOG_ERROR("BN_CTX_new failed"); + return false; + } + + std::shared_ptr pt(EC_POINT_new(group), EC_POINT_free); + if (pt.get() == NULL) { + SEC_LOG_ERROR("EC_POINT_new failed"); + return false; + } + + if (!EC_POINT_set_compressed_coordinates_GFp(group, pt.get(), inputAsBN.get(), 0, ctx.get())) { + SEC_LOG_ERROR("EC_POINT_set_compressed_coordinates_GFp failed"); + return false; + } + + return true; +} + +template std::vector concat(std::vector &a, std::vector &b) { + std::vector ret = std::vector(); + std::copy(a.begin(), a.end(), std::back_inserter(ret)); + std::copy(b.begin(), b.end(), std::back_inserter(ret)); + return ret; +} + +static std::vector getWrappedContentKeyChainGeneratedEcAesAes(TestKey contentKey, EC_KEY* ec_key, SEC_OBJECTID base_id, Sec_KeyType aesType, Sec_CipherAlgorithm asymAlg, Sec_CipherAlgorithm symAlg) { + std::vector res; + + //generate key1 + std::vector key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); + while (!_Is_Valid_Point(ec_key, (SecKey_GetKeyLenForKeyType(aesType) == 16) ? concat(key1, key1) : key1)) { + SEC_PRINT("Not a valid point. Regenerating.\n"); + key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); + } + + std::shared_ptr wrappedKey1(TestCreds::wrapAesWithEc(&key1[0], aesType, ec_key, base_id, asymAlg)); + res.push_back(*wrappedKey1); + + //generate key2 + std::shared_ptr wrappedKey2(TestCreds::wrapAesWithAes(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), &key1[0], aesType, base_id+1, symAlg)); + res.push_back(*wrappedKey2); + + return res; +} + +static EC_KEY *_ECCFromPubBinary(Sec_ECCRawPublicKey *binary) +{ + BN_CTX *ctx = BN_CTX_new(); + + if ( binary->type != SEC_KEYTYPE_ECC_NISTP256_PUBLIC + && binary->type != SEC_KEYTYPE_ECC_NISTP256) + return NULL; + + EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); //create ec_key structure with NIST p256 curve; + const EC_GROUP *group = EC_KEY_get0_group(ec_key); + EC_POINT *ec_point = EC_POINT_new(group); + BN_CTX_start(ctx); + BIGNUM *xp, *yp; + + if (((xp = BN_CTX_get(ctx)) == NULL) || ((yp = BN_CTX_get(ctx)) == NULL)) + goto done; + + EC_POINT_set_affine_coordinates_GFp(group, ec_point, + BN_bin2bn(binary->x, Sec_BEBytesToUint32(binary->key_len), xp), + BN_bin2bn(binary->y, Sec_BEBytesToUint32(binary->key_len), yp), ctx); + EC_KEY_set_public_key(ec_key, ec_point); + +done: + EC_POINT_free(ec_point); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return ec_key; +} + +static EC_KEY* generateEcAndGetPublic(TestCtx& ctx, SEC_OBJECTID id) { + Sec_KeyHandle *ecKey = ctx.provisionKey(id, SEC_STORAGELOC_RAM, TESTKEY_EC_PRIV, TESTKC_GENERATED, SEC_FALSE); + if (ecKey == NULL) { + SEC_LOG_ERROR("provisionKey failed"); + return NULL; + } + + Sec_ECCRawPublicKey public_key; + memset(&public_key, 0, sizeof(public_key)); + if (SEC_RESULT_SUCCESS != SecKey_ExtractECCPublicKey(ecKey, &public_key)) { + SEC_LOG_ERROR("SecKey_ExtractECCPublicKey failed"); + return NULL; + } + + EC_KEY* openssl_key = _ECCFromPubBinary(&public_key); + if (openssl_key == NULL) { + SEC_LOG_ERROR("_ECCFromPubBinary failed"); + return NULL; + } + + return openssl_key; +} + +Sec_Result testExportWrappedGeneratedEccAesAes(TestKey key, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + + EC_KEY* pub_ec = generateEcAndGetPublic(ctx, id); + std::vector keys = getWrappedContentKeyChainGeneratedEcAesAes(key, pub_ec, id, aesType, asymAlg, symAlg); + + if (keys.size() == 0) { + SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); + return SEC_RESULT_FAILURE; + } + + //generated key is alreay provisioned + id++; + + switch (wkfv) { + case WKFV_V2: { + for (unsigned int i=0; i derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key; + exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE exported_len; + + Sec_KeyHandle *keyHandle; + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idContentKey, &keyHandle)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("SecKey_ExportKey failed"); + SecKey_Release(keyHandle); + return SEC_RESULT_FAILURE; + } + exported_key.resize(exported_len); + SecKey_Release(keyHandle); + + //provision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idContentKey, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyType keyType = TestCreds::getKeyType(key); + std::vector clear = TestCreds::asOpenSslAes(key); + + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idContentKey, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idContentKey, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idContentKey, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + return SEC_RESULT_SUCCESS; +} + +Sec_Result testExportWrappedGeneratedEccAes(TestKey key, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv) { + TestCtx ctx; + + if (ctx.init() != SEC_RESULT_SUCCESS) { + SEC_LOG_ERROR("TestCtx.init failed"); + return SEC_RESULT_FAILURE; + } + + SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; + + EC_KEY* pub_ec = generateEcAndGetPublic(ctx, id); + std::vector keys = getWrappedContentKeyChainGeneratedEcAes(key, pub_ec, id, asymAlg); + + if (keys.size() == 0) { + SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); + return SEC_RESULT_FAILURE; + } + + //generated key is alreay provisioned + id++; + + switch (wkfv) { + case WKFV_V2: { + for (unsigned int i=0; i derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); + std::vector exported_key; + exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); + SEC_SIZE exported_len; + + Sec_KeyHandle *keyHandle; + if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idContentKey, &keyHandle)) { + SEC_LOG_ERROR("SecKey_GetInstance failed"); + return SEC_RESULT_FAILURE; + } + + if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { + SEC_LOG_ERROR("SecKey_ExportKey failed"); + SecKey_Release(keyHandle); + return SEC_RESULT_FAILURE; + } + exported_key.resize(exported_len); + SecKey_Release(keyHandle); + + //provision exported + if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idContentKey, + SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { + SEC_LOG_ERROR("SecKey_Provision failed"); + return SEC_RESULT_FAILURE; + } + + Sec_KeyType keyType = TestCreds::getKeyType(key); + std::vector clear = TestCreds::asOpenSslAes(key); + + if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idContentKey, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { + SEC_LOG_ERROR("cipherEncDecSingle failed"); + return SEC_RESULT_FAILURE; + } + + if (SecKey_IsAES(keyType)) { + if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idContentKey, &clear[0], clear.size())) { + SEC_LOG_ERROR("aesKeyCheck failed"); + return SEC_RESULT_FAILURE; + } + } else { + if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idContentKey, &clear[0], clear.size())) { + SEC_LOG_ERROR("macCheck failed"); + return SEC_RESULT_FAILURE; + } + } + + return SEC_RESULT_SUCCESS; +} diff --git a/test/main/cpp/wrapped.h b/test/main/cpp/wrapped.h new file mode 100644 index 0000000..5377cc0 --- /dev/null +++ b/test/main/cpp/wrapped.h @@ -0,0 +1,39 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_WRAPPED_H_ +#define TEST_WRAPPED_H_ + +#include "sec_security.h" +#include "test_creds.h" + +Sec_Result testWrappedCipherSingleRsaAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv); +Sec_Result testWrappedCipherSingleRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv); +Sec_Result testWrappedCipherSingleRsaAesRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, Sec_CipherAlgorithm ckSymAlg, WrappedKeyFormatVersion wkfv); +Sec_Result testWrappedCipherSingleEcAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv); +Sec_Result testWrappedCipherSingleEcAesAes(TestKey key, TestKc kc, Sec_KeyType aesType, Sec_CipherAlgorithm asymAlg, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv); +Sec_Result testExportWrappedRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv); +Sec_Result testWrappedKDFCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, SEC_OBJECTID idWrapped, Sec_KeyType keyType, SEC_BYTE counter, uint32_t L); +Sec_Result testExportedKDFCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, SEC_OBJECTID idWrapped, Sec_KeyType keyType, SEC_BYTE counter, uint32_t L); +Sec_Result testExportWrappedEccAesAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv); +Sec_Result testExportWrappedEccAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv); +Sec_Result testExportWrappedGeneratedEccAesAes(TestKey key, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv); +Sec_Result testExportWrappedGeneratedEccAes(TestKey key, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv); + +#endif diff --git a/test/main/headers/test_creds.h b/test/main/headers/test_creds.h new file mode 100644 index 0000000..b79fda4 --- /dev/null +++ b/test/main/headers/test_creds.h @@ -0,0 +1,149 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_CREDS_H_ +#define TEST_CREDS_H_ + +#include +#include +#include +#include +#include "sec_security.h" + +enum TestKey { + TESTKEY_AES128 = 0, + TESTKEY_AES256, + TESTKEY_HMAC128, + TESTKEY_HMAC160, + TESTKEY_HMAC256, + TESTKEY_RSA1024_SGN_PRIV, + TESTKEY_RSA1024_SGN_PUB, + TESTKEY_RSA1024_ENC_PRIV, + TESTKEY_RSA1024_ENC_PUB, + TESTKEY_RSA1024_KEK_PRIV, + TESTKEY_RSA1024_KEK_PUB, + TESTKEY_RSA2048_SGN_PRIV, + TESTKEY_RSA2048_SGN_PUB, + TESTKEY_RSA2048_ENC_PRIV, + TESTKEY_RSA2048_ENC_PUB, + TESTKEY_RSA2048_KEK_PRIV, + TESTKEY_RSA2048_KEK_PUB, + TESTKEY_EC_PRIV, + TESTKEY_EC_PUB, + TESTKEY_NUM +}; + +enum TestKc { + TESTKC_RAW, + TESTKC_STORE, + TESTKC_SOC, + TESTKC_GENERATED, + TESTKC_EXPORTED, + TESTKC_NUM +}; + +enum TestCert { + TESTCERT_RSA1024 = 0, + TESTCERT_RSA2048, + TESTCERT_EC, + TESTCERT_NUM +}; + +enum WrappedKeyFormatVersion { + WKFV_V2 = 2, //with offset field + WKFV_V3 //with embedded wrappedKey +}; + +enum Capability { + CAPABILITY_AES256 = 0, + CAPABILITY_HMAC_IN_HW, + CAPABILITY_CMAC_IN_HW, + CAPABILITY_DIGEST_OVER_HWKEY, + CAPABILITY_HMAC_OVER_HWKEY, + CAPABILITY_CMAC_OVER_HWKEY, + CAPABILITY_HKDF_CMAC, + CAPABILITY_EXTRACT_RSA_PUB, + CAPABILITY_WRAPPED_KEY_FORMAT_V3, //nested key containers + CAPABILITY_RSA_AES_M2M, + CAPABILITY_CLEAR_JTYPE_WRAPPING, // SOC only + CAPABILITY_SVP, + CAPABILITY_LOAD_SYM_SOC_KC, + CAPABILITY_EXPORT_RSA, + CAPABILITY_RSA_1024, + CAPABILITY_RSA_AESCBC_AES, + CAPABILITY_RSA_AESCTR_AES, + CAPABILITY_RSA_AESCTR_RSA, + CAPABILITY_NUM +}; + +class TestCtx; + +class ProvKey { +public: + ProvKey() {} + + ProvKey(std::vector _key, Sec_KeyContainer _kc) { + key = _key; + kc = _kc; + } + std::vector key; + Sec_KeyContainer kc; +}; + +class ProvCert { +public: + ProvCert(std::vector _cert, Sec_CertificateContainer _cc) { + cert = _cert; + cc = _cc; + } + std::vector cert; + Sec_CertificateContainer cc; +}; + +class TestCreds { +public: + static ProvKey* getKey(TestKey key, TestKc kc, SEC_OBJECTID id); + static Sec_KeyType getKeyType(TestKey key); + static ProvCert* getCert(TestCert cert); + + static std::vector asOpenSslAes(TestKey key); + static RSA* asOpenSslRsa(TestKey key); + static EC_KEY *asOpenSslEcKey(TestKey key); + static EVP_PKEY *asOpenSslEvpPkey(TestKey key); + + //following stubs should be implemented by the SOC vendors in test_creds_soc.cpp + static ProvKey* getSocKey(TestKey key, SEC_OBJECTID id); + static Sec_Result preprovisionSoc(TestCtx *testCtx); + static SEC_BOOL supports(Capability cap); + static void init(); + static void shutdown(); + + static std::vector getWrappedContentKeyChainRsaAes(TestKey contentKey, TestKc kc, SEC_OBJECTID id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg); + static std::vector getWrappedContentKeyChainRsaAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg); + static std::vector getWrappedContentKeyChainRsaAesRsaAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, Sec_CipherAlgorithm ckSymAlg); + static std::vector getWrappedContentKeyChainEcAes(TestKey contentKey, TestKc kc, SEC_OBJECTID id, Sec_CipherAlgorithm asymAlg); + static std::vector getWrappedContentKeyChainEcAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_KeyType aesType, Sec_CipherAlgorithm asymAlg, Sec_CipherAlgorithm symAlg); + + static ProvKey* wrapAesWithAes(const SEC_BYTE* clear, Sec_KeyType type, const SEC_BYTE* wrapping, Sec_KeyType wrappingType, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm symAlg); + static ProvKey* wrapAesWithEc(const SEC_BYTE* clear, Sec_KeyType type, EC_KEY *ec_key, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm asymAlg); + static ProvKey* wrapAesWithRsa(const SEC_BYTE* data, Sec_KeyType type, RSA *rsa_key, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm asymAlg); + static ProvKey* wrapRsaWithAes(RSA* rsa, const SEC_BYTE* wrapping, Sec_KeyType wrappingType, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm symAlg); +}; + +#endif diff --git a/test/main/headers/test_ctx.h b/test/main/headers/test_ctx.h new file mode 100644 index 0000000..3ab691d --- /dev/null +++ b/test/main/headers/test_ctx.h @@ -0,0 +1,171 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_CTX_H_ +#define TEST_CTX_H_ + +#include +#include +#include +#include +#include +#include "sec_security.h" +#include "test_creds.h" + +//#define ENABLE_FULL_LOGS + +#ifdef ENABLE_FULL_LOGS + #define DELAYED_LOG 0 +#else + #define DELAYED_LOG 1 +#endif + +enum TestState { + TESTRESULT_SUCCEEDED = 0, + TESTRESULT_FAILED, + TESTRESULT_SKIPPED, + TESTRESULT_NUM +}; + +#define SEC_PRINT_HEX(name, ptr, size) \ + SEC_PRINT("%s[%d]: ", name, size); Sec_PrintHex(ptr, size); SEC_PRINT("\n"); +#define RUN_TEST(suite, function) \ + { \ + int testIdx = (suite)->addTest(#function); \ + \ + if ((suite)->shouldRun(testIdx)) { \ + if (DELAYED_LOG) { Logger::init(); } \ + SEC_PRINT("\n"); \ + SEC_PRINT("%d: " #function " STARTING\n", testIdx); \ + Sec_Result res = function; \ + std::string output = DELAYED_LOG ? Logger::output() : std::string(); \ + if (DELAYED_LOG) { Logger::shutdown(); } \ + if (SEC_RESULT_SUCCESS == res) { \ + SEC_PRINT("%d: " #function " SUCCEEDED\n", testIdx); \ + (suite)->setTestState(testIdx, TESTRESULT_SUCCEEDED); \ + } else { \ + SEC_PRINT(output.c_str()); \ + SEC_PRINT("%d: " #function " FAILED\n\n", testIdx); \ + (suite)->setTestState(testIdx, TESTRESULT_FAILED); \ + } \ + } else { \ + (suite)->setTestState(testIdx, TESTRESULT_SKIPPED); \ + if ((suite)->shouldPrint(testIdx)) { \ + SEC_PRINT("%d: " #function "\n", testIdx); \ + } \ + } \ + } + +class SuiteCtx { + typedef std::pair TestEntry; +public: + SuiteCtx() {} + ~SuiteCtx() {} + + void setRunParams(const std::vector& runParams) { runParams_ = runParams; } + SEC_BOOL shouldRun(int id) const { return runParams_.size() == 0 || std::find(runParams_.begin(), runParams_.end(), id) != runParams_.end(); } + SEC_BOOL shouldPrint(int id) const { return shouldRun(id) || (runParams_.size() == 1 && runParams_[0] <= 0); } + int addTest(const char *name) { tests_.push_back(std::make_pair(name, TESTRESULT_NUM)); return tests_.size(); } + void setTestState(int id, TestState state) { tests_[id-1].second = state; } + TestEntry getTestEntry(int id) const { return tests_[id-1]; } + std::vector getFailed() const; + std::vector getSucceeded() const; + std::vector getSkipped() const; + std::vector getAttempted() const; + std::vector getAll() const; + +private: + std::vector tests_; + std::vector runParams_; +}; + +class TestCtx { +public: + TestCtx(); + ~TestCtx(); + + Sec_Result init(const char *global_dir = "/tmp/sec_api_test_global", const char *app_dir = "/tmp/sec_api_test_app"); + + Sec_KeyHandle *provisionKey(SEC_OBJECTID id, Sec_StorageLoc location, TestKey key, TestKc, SEC_BOOL softWrap = SEC_FALSE); + Sec_KeyHandle *provisionKey(SEC_OBJECTID id, Sec_StorageLoc location, const SEC_BYTE *data, SEC_SIZE len, Sec_KeyContainer kc, SEC_BOOL softWrap = SEC_FALSE); + Sec_KeyHandle *getKey(SEC_OBJECTID id); + void releaseKey(Sec_KeyHandle *key); + void deleteKey(SEC_OBJECTID id); + + Sec_CertificateHandle * provisionCert(SEC_OBJECTID id, Sec_StorageLoc location, TestCert cert); + Sec_CertificateHandle *getCert(SEC_OBJECTID id); + void releaseCert(Sec_CertificateHandle* certHandle); + void deleteCert(SEC_OBJECTID id); + + Sec_BundleHandle * provisionBundle(SEC_OBJECTID id, Sec_StorageLoc location, const std::vector& bundle); + Sec_BundleHandle *getBundle(SEC_OBJECTID id); + void releaseBundle(Sec_BundleHandle* bundleHandle); + void deleteBundle(SEC_OBJECTID id); + + Sec_MacHandle *acquireMac(Sec_MacAlgorithm algorithm, Sec_KeyHandle *key); + Sec_Result releaseMac(Sec_MacHandle* macHandle, SEC_BYTE* macBuffer, SEC_SIZE* macSize); + void releaseMac(Sec_MacHandle* macHandle); + + Sec_CipherHandle *acquireCipher(Sec_CipherAlgorithm algorithm, Sec_CipherMode mode, Sec_KeyHandle* key, SEC_BYTE* iv); + void releaseCipher(Sec_CipherHandle *cipher); + + Sec_SignatureHandle *acquireSignature(Sec_SignatureAlgorithm algorithm, Sec_SignatureMode mode, Sec_KeyHandle* key); + void releaseSignature(Sec_SignatureHandle *sig); + + Sec_DigestHandle *acquireDigest(Sec_DigestAlgorithm algorithm); + Sec_Result releaseDigest(Sec_DigestHandle* digestHandle, SEC_BYTE* digestOutput, SEC_SIZE* digestSize); + void releaseDigest(Sec_DigestHandle* digestHandle); + + Sec_RandomHandle *acquireRandom(Sec_RandomAlgorithm algorithm); + void releaseRandom(Sec_RandomHandle* randomHandle); + + SEC_BYTE* Sec_NativeMalloc(Sec_ProcessorHandle* handle, SEC_SIZE length); + void Sec_NativeFree(Sec_ProcessorHandle* handle, void *ptr); + + Sec_ProcessorHandle *proc() { return proc_; } + + //utils + static void printHex(const char *label, const std::vector& data); + static std::vector random(SEC_SIZE len); + static std::vector coalesceInputs(const std::vector >& inputs); + static SEC_SIZE coalesceInputSizes(const std::vector& inputSizes); + +private: + Sec_ProcessorHandle *proc_; + std::list provisionedKeys_; + std::list keys_; + std::list provisionedCerts_; + std::list certs_; + std::list provisionedBundles_; + std::list bundles_; + std::list macs_; + std::list ciphers_; + std::list sigs_; + std::list digests_; + std::list randoms_; +}; + +class Logger { +public: + static void init(); + static void shutdown(); + static const char *output(); +}; + +#endif /* TEST_CTX_H_ */ diff --git a/test/openssl/cpp/test_creds_soc.cpp b/test/openssl/cpp/test_creds_soc.cpp new file mode 100644 index 0000000..1b7be41 --- /dev/null +++ b/test/openssl/cpp/test_creds_soc.cpp @@ -0,0 +1,249 @@ +/** + * If not stated otherwise in this file or this component's Licenses.txt file the + * following copyright and licenses apply: + * + * Copyright 2019 RDK Management + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "test_creds.h" +#include "test_ctx.h" +#include "sec_security_utils.h" +#include "openssl/rand.h" +#include + +#define SEC_OBJECTID_OPENSSL_KPK SEC_OBJECTID_RESERVEDPLATFORM_7 + +static std::vector random(SEC_SIZE len) { + std::vector res; + res.resize(len); + + if (1 != RAND_bytes(&res[0], len)) + { + SEC_LOG_ERROR("RAND_bytes failed"); + return std::vector(); + } + + return res; +} + +static std::vector asn1(const std::vector& wrapped, const std::vector& iv, Sec_KeyType type) { + std::vector res; + SEC_SIZE written; + + res.resize(SEC_KEYCONTAINER_MAX_LEN); + + if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1Off( + (SEC_BYTE *) &wrapped[0], + wrapped.size(), + type, + SEC_OBJECTID_OPENSSL_KPK, + (SEC_BYTE *) &iv[0], + SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, + &res[0], + res.size(), + &written, + 0)) { + SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1Off failed"); + return std::vector(); + } + + res.resize(written); + + return res; +} + +static std::vector wrap(const std::vector& input, const std::vector& iv) { + std::vector output; + std::vector openssl_key = TestCreds::asOpenSslAes(TESTKEY_AES128); + + const EVP_CIPHER *evp_cipher; + + if (openssl_key.size() == 16) { + evp_cipher = (EVP_CIPHER *) EVP_aes_128_cbc(); + } else { + evp_cipher = (EVP_CIPHER *) EVP_aes_256_cbc(); + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX evp_ctx; + EVP_CIPHER_CTX_init(&evp_ctx); + EVP_CIPHER_CTX *p_evp_ctx = &evp_ctx; +#else + EVP_CIPHER_CTX *p_evp_ctx = EVP_CIPHER_CTX_new(); +#endif + + if (1 != EVP_CipherInit_ex(p_evp_ctx, evp_cipher, NULL, NULL, NULL, 1)) + { + SEC_LOG_ERROR("EVP_CipherInit failed"); + return std::vector(); + } + + if (1 != EVP_CIPHER_CTX_set_padding(p_evp_ctx, 1)) + { + SEC_LOG_ERROR("EVP_CIPHER_CTX_set_padding failed"); + return std::vector(); + } + + if (1 != EVP_CipherInit_ex(p_evp_ctx, NULL, NULL, &openssl_key[0], &iv[0], 1)) + { + SEC_LOG_ERROR("EVP_CipherInit failed"); + return std::vector(); + } + + output.resize(input.size() + SEC_AES_BLOCK_SIZE); + + SEC_SIZE written = 0; + int outlen = 0; + if (1 != EVP_CipherUpdate(p_evp_ctx, &output[0], &outlen, &input[0], input.size())) + { + SEC_LOG_ERROR("EVP_CipherUpdate failed"); + return std::vector(); + } + written += outlen; + outlen = 0; + + if (1 != EVP_CipherFinal_ex(p_evp_ctx, &output[written], &outlen)) + { + SEC_LOG_ERROR("EVP_CipherFinal failed"); + return std::vector(); + } + written += outlen; + + output.resize(written); + + return output; +} + +ProvKey* TestCreds::getSocKey(TestKey key, SEC_OBJECTID id) { + //Here the soc vendors should add code that returns the same key material as + //getClearKey(key), but packaged in the secure format that is specific to the + //chipset. + // + //This result can either be computed live or be pre-generated. + // + //The kc_type field should be set to the SEC_KEYCONTAINER_SOC. + + ProvKey *pk = TestCreds::getKey(key, TESTKC_RAW, id); + if (pk == NULL) { + return NULL; + } + + std::vector toWrap; + + switch (pk->kc) { + case SEC_KEYCONTAINER_DER_RSA_1024: + case SEC_KEYCONTAINER_DER_RSA_2048: { + RSA *rsa = SecUtils_RSAFromDERPriv(&pk->key[0], pk->key.size()); + if (rsa == NULL) { + SEC_LOG_ERROR("SecUtils_RSAFromDERPriv failed "); + delete pk; + return NULL; + } + + SEC_SIZE written; + toWrap.resize(SEC_KEYCONTAINER_MAX_LEN); + if (SEC_RESULT_SUCCESS + != SecUtils_RSAToDERPrivKeyInfo(rsa, &toWrap[0], toWrap.size(), + &written)) { + SEC_LOG_ERROR("SecUtils_RSAToDERPrivKeyInfo failed"); + SEC_RSA_FREE(rsa); + return NULL; + } + + toWrap.resize(written); + SEC_RSA_FREE(rsa); + } + break; + + case SEC_KEYCONTAINER_DER_ECC_NISTP256: { + EC_KEY *ec_key = SecUtils_ECCFromDERPriv(&pk->key[0], pk->key.size()); + if (ec_key == NULL) { + SEC_LOG_ERROR("SecUtils_ECCFromDERPriv failed "); + delete pk; + return NULL; + } + + Sec_ECCRawPrivateKey ec_bin; + if (SEC_RESULT_SUCCESS != SecUtils_ECCToPrivBinary(ec_key, &ec_bin)) { + SEC_LOG_ERROR("SecUtils_ECCToPrivBinary failed"); + SEC_ECC_FREE(ec_key); + delete pk; + return NULL; + } + + SEC_ECC_FREE(ec_key); + + toWrap.resize(32); + memcpy(&toWrap[0], &ec_bin.prv[0], 32); + } + break; + + case SEC_KEYCONTAINER_RAW_AES_128: + case SEC_KEYCONTAINER_RAW_AES_256: + case SEC_KEYCONTAINER_RAW_HMAC_128: + case SEC_KEYCONTAINER_RAW_HMAC_160: + case SEC_KEYCONTAINER_RAW_HMAC_256: { + toWrap.resize(pk->key.size()); + memcpy(&toWrap[0], &pk->key[0], pk->key.size()); + } + break; + + default: + SEC_LOG_ERROR("Unexpected kc encountered"); + return NULL; + } + + std::vector iv = random(SEC_AES_BLOCK_SIZE); + std::vector wrapped = wrap(toWrap, iv); + if (wrapped.empty()) { + SEC_LOG_ERROR("wrap failed"); + delete pk; + return NULL; + } + + std::vector a1 = asn1(wrapped, iv, TestCreds::getKeyType(key)); + if (a1.empty()) { + SEC_LOG_ERROR("ans1 failed"); + return NULL; + } + + delete pk; + + return new ProvKey(a1, SEC_KEYCONTAINER_SOC); +} + +Sec_Result TestCreds::preprovisionSoc(TestCtx *ctx) { + //Here the soc vendors should add code to preprovision any credentials that + //are required for the rest of the system to operate properly. + + //For most platforms this can stay a NOP + + //provision kpk + ctx->provisionKey(SEC_OBJECTID_OPENSSL_KPK, SEC_STORAGELOC_RAM, TESTKEY_AES128, TESTKC_RAW, SEC_TRUE); + + return SEC_RESULT_SUCCESS; +} + +SEC_BOOL TestCreds::supports(Capability cap) { + //return whether a specific capability is supported in the target soc + return cap != CAPABILITY_HKDF_CMAC + && cap != CAPABILITY_SVP; +} + +void TestCreds::init() { +} + +void TestCreds::shutdown() { +} From b2b2aa5cb4ae8f65a27458b09e9e8d4c2eac61c4 Mon Sep 17 00:00:00 2001 From: Eric Berry Date: Fri, 25 Feb 2022 10:00:18 -0800 Subject: [PATCH 3/4] Added README.md file --- README.md | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..e1297c5 --- /dev/null +++ b/README.md @@ -0,0 +1,55 @@ +# RDKCryptoAPI + +## Summary + +RDKCryptoAPI Contains cryptographic APIs used in the RDK Software Stack and an OpenSSL reference implementation. + + +## Building + +### Generate Build Files + +To build RDKCryptoAPI, first run cmake to generate build files. + +The build assumes that the following packages have already been installed: +YAJL - include -DYAJL_ROOT= if not found +OPENSSL - include -DOPENSSL_ROOT_DIR= if not found +Add -DCMAKE_INSTALL_PREFIX= to install to a non-standard install directory. + + +``` +cmake -S . -B cmake-build +``` + + +### Build + +To build RDKCryptoAPI, run a cmake build + +``` +cmake --build cmake-build +``` + +This creates a library, libsec_api.(so/dll/dylib) containing the RDKCryptoAPI code (the extension .so/.dll/.dylib +created depends on which platform you are building on). It also creates a test application, sec_api_test, to +test the library. + +Run unit test suite + +``` +cmake-build/sec_api_test +``` + + + +### Install + +To install RDKCryptoAPI, run a cmake install + +``` +cmake --install cmake-build +``` + +This copies the include files, the library, libsec_api.(so/dll/dylib) containing the RDKCryptoAPI reference code (the +extension .so/.dll/.dylib created depends on which platform you are building on), and the test application, +sec_api_test, to their appropriate locations on the system. From 2ac0717cdd0939964668d39d3fc467e1b979ed6c Mon Sep 17 00:00:00 2001 From: Eric Berry Date: Tue, 22 Mar 2022 15:02:02 -0700 Subject: [PATCH 4/4] Updated to SecApi version 2.3.2.25 --- CMakeLists.txt | 59 +- README.md | 11 +- cmake/FindYAJL.cmake | 2 +- test/main/cpp/bundle.cpp | 81 -- test/main/cpp/bundle.h | 28 - test/main/cpp/cert.cpp | 143 -- test/main/cpp/cert.h | 30 - test/main/cpp/cipher.cpp | 1204 ---------------- test/main/cpp/cipher.h | 80 -- test/main/cpp/concurrent.cpp | 140 -- test/main/cpp/concurrent.h | 29 - test/main/cpp/digest.cpp | 195 --- test/main/cpp/digest.h | 38 - test/main/cpp/exchange.cpp | 505 ------- test/main/cpp/exchange.h | 37 - test/main/cpp/jtype.cpp | 468 ------ test/main/cpp/jtype.h | 37 - test/main/cpp/key.cpp | 1290 ----------------- test/main/cpp/key.h | 45 - test/main/cpp/keyctrl.cpp | 1970 -------------------------- test/main/cpp/keyctrl.h | 83 -- test/main/cpp/mac.cpp | 316 ----- test/main/cpp/mac.h | 41 - test/main/cpp/processor.cpp | 115 -- test/main/cpp/processor.h | 31 - test/main/cpp/random.cpp | 48 - test/main/cpp/random.h | 27 - test/main/cpp/sec_api_utest_main.cpp | 997 ------------- test/main/cpp/sec_api_utest_main.h | 32 - test/main/cpp/sign.cpp | 519 ------- test/main/cpp/sign.h | 35 - test/main/cpp/svp.cpp | 320 ----- test/main/cpp/svp.h | 35 - test/main/cpp/test_creds_clear.cpp | 1386 ------------------ test/main/cpp/test_ctx.cpp | 507 ------- test/main/cpp/wrapped.cpp | 1303 ----------------- test/main/cpp/wrapped.h | 39 - test/main/headers/test_creds.h | 149 -- test/main/headers/test_ctx.h | 171 --- test/openssl/cpp/test_creds_soc.cpp | 249 ---- 40 files changed, 7 insertions(+), 12788 deletions(-) delete mode 100644 test/main/cpp/bundle.cpp delete mode 100644 test/main/cpp/bundle.h delete mode 100644 test/main/cpp/cert.cpp delete mode 100644 test/main/cpp/cert.h delete mode 100644 test/main/cpp/cipher.cpp delete mode 100644 test/main/cpp/cipher.h delete mode 100644 test/main/cpp/concurrent.cpp delete mode 100644 test/main/cpp/concurrent.h delete mode 100644 test/main/cpp/digest.cpp delete mode 100644 test/main/cpp/digest.h delete mode 100644 test/main/cpp/exchange.cpp delete mode 100644 test/main/cpp/exchange.h delete mode 100644 test/main/cpp/jtype.cpp delete mode 100644 test/main/cpp/jtype.h delete mode 100644 test/main/cpp/key.cpp delete mode 100644 test/main/cpp/key.h delete mode 100644 test/main/cpp/keyctrl.cpp delete mode 100644 test/main/cpp/keyctrl.h delete mode 100644 test/main/cpp/mac.cpp delete mode 100644 test/main/cpp/mac.h delete mode 100644 test/main/cpp/processor.cpp delete mode 100644 test/main/cpp/processor.h delete mode 100644 test/main/cpp/random.cpp delete mode 100644 test/main/cpp/random.h delete mode 100644 test/main/cpp/sec_api_utest_main.cpp delete mode 100644 test/main/cpp/sec_api_utest_main.h delete mode 100644 test/main/cpp/sign.cpp delete mode 100644 test/main/cpp/sign.h delete mode 100644 test/main/cpp/svp.cpp delete mode 100644 test/main/cpp/svp.h delete mode 100644 test/main/cpp/test_creds_clear.cpp delete mode 100644 test/main/cpp/test_ctx.cpp delete mode 100644 test/main/cpp/wrapped.cpp delete mode 100644 test/main/cpp/wrapped.h delete mode 100644 test/main/headers/test_creds.h delete mode 100644 test/main/headers/test_ctx.h delete mode 100644 test/openssl/cpp/test_creds_soc.cpp diff --git a/CMakeLists.txt b/CMakeLists.txt index 39cfc48..3042ef9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,7 @@ # If not stated otherwise in this file or this component's Licenses.txt file the # following copyright and licenses apply: # -# Copyright 2019 RDK Management +# Copyright 2022 RDK Management # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -97,63 +97,6 @@ target_link_libraries(sec_api ${OPENSSL_CRYPTO_LIBRARY} ) -add_executable(sec_api_test - test/main/cpp/bundle.cpp - test/main/cpp/bundle.h - test/main/cpp/cert.cpp - test/main/cpp/cert.h - test/main/cpp/cipher.cpp - test/main/cpp/cipher.h - test/main/cpp/concurrent.cpp - test/main/cpp/concurrent.h - test/main/cpp/digest.cpp - test/main/cpp/digest.h - test/main/cpp/exchange.cpp - test/main/cpp/exchange.h - test/main/cpp/jtype.cpp - test/main/cpp/jtype.h - test/main/cpp/key.cpp - test/main/cpp/key.h - test/main/cpp/keyctrl.cpp - test/main/cpp/keyctrl.h - test/main/cpp/mac.cpp - test/main/cpp/mac.h - test/main/cpp/processor.cpp - test/main/cpp/processor.h - test/main/cpp/random.cpp - test/main/cpp/random.h - test/main/cpp/sec_api_utest_main.cpp - test/main/cpp/sec_api_utest_main.h - test/main/cpp/sign.cpp - test/main/cpp/sign.h - test/main/cpp/svp.cpp - test/main/cpp/svp.h - test/main/cpp/test_creds_clear.cpp - test/main/cpp/test_ctx.cpp - test/main/cpp/wrapped.cpp - test/main/cpp/wrapped.h - test/main/headers/test_creds.h - test/main/headers/test_ctx.h - test/openssl/cpp/test_creds_soc.cpp - ) - -target_include_directories(sec_api_test - PRIVATE - src - test/main/cpp - test/main/headers - ) - -target_link_libraries(sec_api_test - PRIVATE - pthread - sec_api - ${OPENSSL_CRYPTO_LIBRARY} - ${YAJL_LIBRARY} - ) - -add_test(sec_api_test sec_api_utest_main) - # 'make install' to the correct locations (provided by GNUInstallDirs). install(TARGETS sec_api ARCHIVE DESTINATION lib diff --git a/README.md b/README.md index e1297c5..5999783 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,7 @@ ## Summary -RDKCryptoAPI Contains cryptographic APIs used in the RDK Software Stack and an OpenSSL reference implementation. - +RDKCryptoAPI contains cryptographic APIs used in the RDK Software Stack and an OpenSSL reference implementation. ## Building @@ -16,12 +15,10 @@ YAJL - include -DYAJL_ROOT= if not found OPENSSL - include -DOPENSSL_ROOT_DIR= if not found Add -DCMAKE_INSTALL_PREFIX= to install to a non-standard install directory. - ``` cmake -S . -B cmake-build ``` - ### Build To build RDKCryptoAPI, run a cmake build @@ -40,8 +37,6 @@ Run unit test suite cmake-build/sec_api_test ``` - - ### Install To install RDKCryptoAPI, run a cmake install @@ -53,3 +48,7 @@ cmake --install cmake-build This copies the include files, the library, libsec_api.(so/dll/dylib) containing the RDKCryptoAPI reference code (the extension .so/.dll/.dylib created depends on which platform you are building on), and the test application, sec_api_test, to their appropriate locations on the system. + +## Dependencies + +RDKCryptoAPI depends on OpenSSL 1.0.2 or 1.1.1 and YAJL version 1 or 2. diff --git a/cmake/FindYAJL.cmake b/cmake/FindYAJL.cmake index 0ce6d45..3ec7604 100755 --- a/cmake/FindYAJL.cmake +++ b/cmake/FindYAJL.cmake @@ -1,5 +1,5 @@ # -# Copyright 2020-2021 Comcast Cable Communications Management, LLC +# Copyright 2020-2022 Comcast Cable Communications Management, LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/main/cpp/bundle.cpp b/test/main/cpp/bundle.cpp deleted file mode 100644 index 3bbba0e..0000000 --- a/test/main/cpp/bundle.cpp +++ /dev/null @@ -1,81 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "bundle.h" -#include "test_ctx.h" - -Sec_Result testBundleProvision(SEC_OBJECTID id, Sec_StorageLoc loc, SEC_SIZE size) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector bundle = TestCtx::random(size); - - Sec_BundleHandle *handle; - if (NULL == (handle = ctx.provisionBundle(id, loc, bundle))) { - SEC_LOG_ERROR("TestCtx.provisionBundle failed"); - return SEC_RESULT_FAILURE; - } - - //get bundle size - SEC_SIZE written; - if (SEC_RESULT_SUCCESS != SecBundle_Export(handle, NULL, 0, &written)) { - SEC_LOG_ERROR("SecBundle_Export failed"); - return SEC_RESULT_FAILURE; - } - - //export bundle - std::vector out; - out.resize(written); - if (SEC_RESULT_SUCCESS != SecBundle_Export(handle, - &out[0], size, &written)) { - SEC_LOG_ERROR("SecBundle_Export failed"); - return SEC_RESULT_FAILURE; - } - - out.resize(written); - - if (out != bundle) { - SEC_LOG_ERROR("Exported bundle does not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testBundleProvisionNoAppDir(SEC_OBJECTID id, SEC_SIZE size) { - TestCtx ctx; - if (ctx.init("/tmp", NULL) != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector bundle = TestCtx::random(size); - - - if (SEC_RESULT_SUCCESS == SecBundle_Provision( - ctx.proc(), id, SEC_STORAGELOC_FILE, (SEC_BYTE *) &bundle[0], bundle.size())) { - SEC_LOG_ERROR("SecBundle_Provision succeeded, but expected to fail"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/bundle.h b/test/main/cpp/bundle.h deleted file mode 100644 index ee7d696..0000000 --- a/test/main/cpp/bundle.h +++ /dev/null @@ -1,28 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_BUNDLE_H_ -#define TEST_BUNDLE_H_ - -#include "sec_security.h" - -Sec_Result testBundleProvision(SEC_OBJECTID id, Sec_StorageLoc loc, SEC_SIZE size); -Sec_Result testBundleProvisionNoAppDir(SEC_OBJECTID id, SEC_SIZE size); - -#endif diff --git a/test/main/cpp/cert.cpp b/test/main/cpp/cert.cpp deleted file mode 100644 index 7c929fe..0000000 --- a/test/main/cpp/cert.cpp +++ /dev/null @@ -1,143 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "cert.h" -#include "test_ctx.h" -#include "test_creds.h" -#include "sec_security_utils.h" -#include - -X509 * _DerToX509(SEC_BYTE *der, SEC_SIZE der_len) { - BIO *bio = NULL; - X509 *x509 = NULL; - - bio = BIO_new_mem_buf(der, der_len); - x509 = d2i_X509_bio(bio, NULL ); - SEC_BIO_FREE(bio); - - if (x509 == NULL) { - SEC_LOG_ERROR("d2i_X509_bio failed"); - } - - return x509; -} - -Sec_Result testCertProvision(SEC_OBJECTID id, TestCert cert, Sec_StorageLoc loc) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_CertificateHandle *handle; - if (NULL == (handle = ctx.provisionCert(id, loc, cert))) { - SEC_LOG_ERROR("TestCtx.provisionCert failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testCertExport(SEC_OBJECTID id, TestCert cert, Sec_StorageLoc loc) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_CertificateHandle *handle; - if (NULL == (handle = ctx.provisionCert(id, loc, cert))) { - SEC_LOG_ERROR("TestCtx.provisionCert failed"); - return SEC_RESULT_FAILURE; - } - - SEC_SIZE written; - if (SEC_RESULT_SUCCESS != SecCertificate_Export(handle, NULL, 0, &written)) { - SEC_LOG_ERROR("SecBundle_Export failed"); - return SEC_RESULT_FAILURE; - } - - std::vector out; - out.resize(written); - if (SEC_RESULT_SUCCESS != SecCertificate_Export(handle, - &out[0], out.size(), &written)) { - SEC_LOG_ERROR("SecBundle_Export failed"); - return SEC_RESULT_FAILURE; - } - - X509 *x509 = _DerToX509(&out[0], out.size()); - if (x509 == NULL) { - SEC_LOG_ERROR("_DerToX509 failed"); - return SEC_RESULT_FAILURE; - } - SEC_X509_FREE(x509); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testCertVerify(SEC_OBJECTID id_cert, TestCert cert, SEC_OBJECTID id_key, TestKey key, Sec_StorageLoc loc) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_CertificateHandle *handle; - if (NULL == (handle = ctx.provisionCert(id_cert, SEC_STORAGELOC_RAM, cert))) { - SEC_LOG_ERROR("TestCtx.provisionCert failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *key_handle; - if (NULL == (key_handle = ctx.provisionKey(id_key, loc, key, TESTKC_RAW))) { - SEC_LOG_ERROR("TestCtx.provisionKey failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsEcc(TestCreds::getKeyType(key))) { - Sec_ECCRawPublicKey pub_key; - if (SEC_RESULT_SUCCESS != SecCertificate_ExtractECCPublicKey(handle, &pub_key)) { - SEC_LOG_ERROR("SecCertificate_ExtractECCPublicKey failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecCertificate_VerifyWithRawECCPublicKey(handle, &pub_key)) { - SEC_LOG_ERROR("SecCertificate_VerifyWithRawECCPublicKey failed"); - return SEC_RESULT_FAILURE; - } - } else { - Sec_RSARawPublicKey pub_key; - if (SEC_RESULT_SUCCESS != SecCertificate_ExtractRSAPublicKey(handle, &pub_key)) { - SEC_LOG_ERROR("SecCertificate_ExtractRSAPublicKey failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecCertificate_VerifyWithRawRSAPublicKey(handle, &pub_key)) { - SEC_LOG_ERROR("SecCertificate_VerifyWithRawRSAPublicKey failed"); - return SEC_RESULT_FAILURE; - } - } - - if (SEC_RESULT_SUCCESS != SecCertificate_Verify(handle, key_handle)) { - SEC_LOG_ERROR("SecCertificate_Verify failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/cert.h b/test/main/cpp/cert.h deleted file mode 100644 index 8d905cb..0000000 --- a/test/main/cpp/cert.h +++ /dev/null @@ -1,30 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_CERT_H_ -#define TEST_CERT_H_ - -#include "sec_security.h" -#include "test_creds.h" - -Sec_Result testCertProvision(SEC_OBJECTID id, TestCert cert, Sec_StorageLoc loc); -Sec_Result testCertExport(SEC_OBJECTID id, TestCert cert, Sec_StorageLoc loc); -Sec_Result testCertVerify(SEC_OBJECTID id_cert, TestCert cert, SEC_OBJECTID id_key, TestKey key, Sec_StorageLoc loc); - -#endif diff --git a/test/main/cpp/cipher.cpp b/test/main/cpp/cipher.cpp deleted file mode 100644 index 89739cb..0000000 --- a/test/main/cpp/cipher.cpp +++ /dev/null @@ -1,1204 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "cipher.h" -#include "test_ctx.h" -#include -#include -#include -#include - -static std::vector opensslAesCbc( - TestKey key, Sec_CipherMode mode, SEC_BOOL padding, - SEC_BYTE *iv, const std::vector& input) { - - std::vector openssl_key = TestCreds::asOpenSslAes(key); - if (openssl_key.size() == 0) { - SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); - return std::vector(); - } - const EVP_CIPHER *evp_cipher = NULL; - if (openssl_key.size() == 16) { - evp_cipher = EVP_aes_128_cbc(); - } else { - evp_cipher = EVP_aes_256_cbc(); - } - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX evp_ctx; - EVP_CIPHER_CTX_init(&evp_ctx); - EVP_CIPHER_CTX *p_evp_ctx = &evp_ctx; -#else - EVP_CIPHER_CTX *p_evp_ctx = EVP_CIPHER_CTX_new(); -#endif - - if (1 != EVP_CipherInit_ex(p_evp_ctx, evp_cipher, NULL, - NULL, NULL, (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) - { - SEC_LOG_ERROR("EVP_CipherInit failed"); - return std::vector(); - } - - if (1 != EVP_CIPHER_CTX_set_padding(p_evp_ctx, padding)) - { - SEC_LOG_ERROR("EVP_CIPHER_CTX_set_padding failed"); - return std::vector(); - } - - if (1 != EVP_CipherInit_ex(p_evp_ctx, NULL, NULL, &openssl_key[0], iv, - (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) - { - SEC_LOG_ERROR("EVP_CipherInit failed"); - return std::vector(); - } - - std::vector output; - output.resize(input.size() + SEC_AES_BLOCK_SIZE); - - SEC_SIZE written = 0; - int outlen = 0; - - if (1 != EVP_CipherUpdate(p_evp_ctx, &output[0], &outlen, &input[0], input.size())) - { - SEC_LOG_ERROR("EVP_CipherUpdate failed"); - return std::vector(); - } - written += outlen; - outlen = 0; - - if (1 != EVP_CipherFinal_ex(p_evp_ctx, &output[written], &outlen)) - { - SEC_LOG_ERROR("EVP_CipherFinal failed"); - return std::vector(); - } - written += outlen; - - output.resize(written); - - return output; -} - -std::vector opensslAesEcb( - std::vector openssl_key, Sec_CipherMode mode, SEC_BOOL padding, - SEC_BYTE *iv, const std::vector& input) { - std::vector output; - const EVP_CIPHER *evp_cipher; - - if (openssl_key.size() == 16) { - evp_cipher = (EVP_CIPHER *) EVP_aes_128_ecb(); - } else { - evp_cipher = (EVP_CIPHER *) EVP_aes_256_ecb(); - } - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX evp_ctx; - EVP_CIPHER_CTX_init(&evp_ctx); - EVP_CIPHER_CTX *p_evp_ctx = &evp_ctx; -#else - EVP_CIPHER_CTX *p_evp_ctx = EVP_CIPHER_CTX_new(); -#endif - - if (1 != EVP_CipherInit_ex(p_evp_ctx, evp_cipher, NULL, - NULL, NULL, (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) - { - SEC_LOG_ERROR("EVP_CipherInit failed"); - return std::vector(); - } - - if (1 != EVP_CIPHER_CTX_set_padding(p_evp_ctx, padding)) - { - SEC_LOG_ERROR("EVP_CIPHER_CTX_set_padding failed"); - return std::vector(); - } - - if (1 != EVP_CipherInit_ex(p_evp_ctx, NULL, NULL, &openssl_key[0], iv, - (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) - { - SEC_LOG_ERROR("EVP_CipherInit failed"); - return std::vector(); - } - - output.resize(input.size() + SEC_AES_BLOCK_SIZE); - - SEC_SIZE written = 0; - int outlen = 0; - if (1 != EVP_CipherUpdate(p_evp_ctx, &output[0], &outlen, &input[0], input.size())) - { - SEC_LOG_ERROR("EVP_CipherUpdate failed"); - return std::vector(); - } - written += outlen; - outlen = 0; - - if (1 != EVP_CipherFinal_ex(p_evp_ctx, &output[written], &outlen)) - { - SEC_LOG_ERROR("EVP_CipherFinal failed"); - return std::vector(); - } - written += outlen; - - output.resize(written); - - return output; -} - -std::vector opensslAesEcb( - TestKey key, Sec_CipherMode mode, SEC_BOOL padding, - SEC_BYTE *iv, const std::vector& input) { - std::vector output; - std::vector openssl_key = TestCreds::asOpenSslAes(key); - const EVP_CIPHER *evp_cipher; - - if (openssl_key.size() == 16) { - evp_cipher = (EVP_CIPHER *) EVP_aes_128_ecb(); - } else { - evp_cipher = (EVP_CIPHER *) EVP_aes_256_ecb(); - } - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX evp_ctx; - EVP_CIPHER_CTX_init(&evp_ctx); - EVP_CIPHER_CTX *p_evp_ctx = &evp_ctx; -#else - EVP_CIPHER_CTX *p_evp_ctx = EVP_CIPHER_CTX_new(); -#endif - - if (1 != EVP_CipherInit_ex(p_evp_ctx, evp_cipher, NULL, - NULL, NULL, (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) - { - SEC_LOG_ERROR("EVP_CipherInit failed"); - return std::vector(); - } - - if (1 != EVP_CIPHER_CTX_set_padding(p_evp_ctx, padding)) - { - SEC_LOG_ERROR("EVP_CIPHER_CTX_set_padding failed"); - return std::vector(); - } - - if (1 != EVP_CipherInit_ex(p_evp_ctx, NULL, NULL, &openssl_key[0], iv, - (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) - { - SEC_LOG_ERROR("EVP_CipherInit failed"); - return std::vector(); - } - - output.resize(input.size() + SEC_AES_BLOCK_SIZE); - - SEC_SIZE written = 0; - int outlen = 0; - if (1 != EVP_CipherUpdate(p_evp_ctx, &output[0], &outlen, &input[0], input.size())) - { - SEC_LOG_ERROR("EVP_CipherUpdate failed"); - return std::vector(); - } - written += outlen; - outlen = 0; - - if (1 != EVP_CipherFinal_ex(p_evp_ctx, &output[written], &outlen)) - { - SEC_LOG_ERROR("EVP_CipherFinal failed"); - return std::vector(); - } - written += outlen; - - output.resize(written); - - return output; -} - -static size_t bytesToProcessToRollover(uint64_t ctr, size_t inputLen) { - uint64_t maxBlocksToProcess = (ctr == 0) ? UINT64_MAX : (UINT64_MAX - ctr + 1); - uint64_t inputBlocks = inputLen/SEC_AES_BLOCK_SIZE + (inputLen%SEC_AES_BLOCK_SIZE > 0) ? 1 : 0; - uint64_t blocksToProcess = SEC_MIN(inputBlocks, maxBlocksToProcess); - - return SEC_MIN(inputLen, (size_t) blocksToProcess * SEC_AES_BLOCK_SIZE); -} - -static std::vector opensslAesCtr( - TestKey key, Sec_CipherMode mode, - SEC_BYTE *iv, const std::vector& input) { - - //store nonce - SEC_BYTE nonce[8]; - memcpy(nonce, iv, 8); - - SEC_BYTE ivToUse[SEC_AES_BLOCK_SIZE]; - memcpy(ivToUse, iv, SEC_AES_BLOCK_SIZE); - - std::vector output; - output.resize(input.size()); - - std::vector openssl_key = TestCreds::asOpenSslAes(key); - - EVP_CIPHER_CTX *evp_ctx = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX_init(evp_ctx); - - uint64_t ctr = Sec_BEBytesToUint64(&ivToUse[8]); - size_t idx = 0; - while (size_t bytesToProcess = bytesToProcessToRollover(ctr, input.size() - idx)) { - if (1 != EVP_CipherInit_ex(evp_ctx, (openssl_key.size() == 16) ? EVP_aes_128_ctr() : EVP_aes_256_ctr(), NULL, - &openssl_key[0], ivToUse, (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) ? 1 : 0)) { - SEC_LOG_ERROR("EVP_CipherInit_ex failed"); - return std::vector(); - } - - int out_len = bytesToProcess; - if (1 != EVP_CipherUpdate(evp_ctx, &output[idx], &out_len, &input[idx], bytesToProcess)) { - SEC_LOG_ERROR("EVP_CipherUpdate failed"); - return std::vector(); - } - - if (1 != EVP_CipherFinal_ex(evp_ctx, &output[output.size()], &out_len)) { - SEC_LOG_ERROR("EVP_CipherFinal failed"); - return std::vector(); - } - - //increment ctr - size_t blocksProcessed = bytesToProcess/SEC_AES_BLOCK_SIZE; - ctr += blocksProcessed; - idx += bytesToProcess; - - //set the new iv - memcpy(ivToUse, nonce, 8); - Sec_Uint64ToBEBytes(ctr, &ivToUse[8]); - - } - - return output; -} - -static std::vector opensslRsaCrypt( - TestKey key, Sec_CipherAlgorithm algorithm, Sec_CipherMode mode, - const std::vector& input) { - - RSA *rsa = TestCreds::asOpenSslRsa(key); - if (rsa == NULL) { - SEC_LOG_ERROR("TestCreds::asOpenSslRsa failed"); - return std::vector(); - } - - int padding; - if (algorithm == SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING) { - padding = RSA_PKCS1_PADDING; - } else { - padding = RSA_PKCS1_OAEP_PADDING; - } - - int openssl_res; - std::vector output; - output.resize(RSA_size(rsa)); - - if (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) { - openssl_res = RSA_public_encrypt(input.size(), &input[0], &output[0], - rsa, padding); - } else { - openssl_res = RSA_private_decrypt(input.size(), &input[0], &output[0], - rsa, padding); - } - - SEC_RSA_FREE(rsa); - - if (openssl_res < 0) - { - SEC_LOG_ERROR("%s", ERR_error_string(ERR_get_error(), NULL)); - return std::vector(); - } - - output.resize(openssl_res); - - return output; -} - -std::vector cipherOpenSSL( - TestKey key, Sec_CipherAlgorithm alg, Sec_CipherMode mode, - SEC_BYTE *iv, const std::vector& input) { - - switch (alg) { - case SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING: - case SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING: - return opensslAesCbc(key, mode, alg == SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, iv, input); - - case SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING: - case SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING: - return opensslAesEcb(key, mode, alg == SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, iv, input); - - case SEC_CIPHERALGORITHM_AES_CTR: - return opensslAesCtr(key, mode, iv, input); - - case SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING: - case SEC_CIPHERALGORITHM_RSA_OAEP_PADDING: - return opensslRsaCrypt(key, alg, mode, input); - - default: - break; - } - - SEC_LOG_ERROR("Unimplemented"); - return std::vector(); -} - -std::vector cipherSecApi(TestCtx *ctx, Sec_KeyHandle *key_handle, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, - const std::vector& iv, - const std::vector& input, - const std::vector& inputSizes, - SEC_BOOL inplace) { - - std::vector output = input; - output.resize(input.size() + 4096); - - SEC_SIZE inputProcessed = 0; - SEC_SIZE outputWritten = 0; - SEC_SIZE written = 0; - - Sec_CipherHandle *cipher = ctx->acquireCipher(alg, mode, key_handle, (SEC_BYTE *) &iv[0]); - if (cipher == NULL) { - SEC_LOG_ERROR("TestCtx::acquireCipher failed"); - return std::vector(); - } - - for (unsigned int i=0; i 0) { - if (SEC_RESULT_SUCCESS != SecCipher_Process(cipher, - inplace ? ((SEC_BYTE *) &output[inputProcessed]) : ((SEC_BYTE *) &input[inputProcessed]), - inputSizes[i], SEC_FALSE, (SEC_BYTE *) &output[outputWritten], output.size() - outputWritten, - &written)) { - SEC_LOG_ERROR("SecCipher_Process failed"); - return std::vector(); - } - - outputWritten += written; - } - - inputProcessed += inputSizes[i]; - } - - //last input - if (SEC_RESULT_SUCCESS != SecCipher_Process(cipher, - inplace ? (SEC_BYTE *) &output[inputProcessed] : (SEC_BYTE *) &input[inputProcessed], - input.size() - inputProcessed, SEC_TRUE, (SEC_BYTE *) &output[outputWritten], output.size() - outputWritten, - &written)) { - SEC_LOG_ERROR("SecCipher_Process failed"); - return std::vector(); - } - - outputWritten += written; - - output.resize(outputWritten); - - ctx->releaseCipher(cipher); - - return output; -} - -std::vector cipherSecApiSingle(TestCtx *ctx, Sec_KeyHandle *key_handle, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, - const std::vector& iv, - const std::vector& input, - SEC_BOOL inplace) { - - std::vector output = input; - output.resize(input.size() + 4096); - - SEC_SIZE written = 0; - - Sec_CipherHandle *cipher = ctx->acquireCipher(alg, mode, key_handle, (SEC_BYTE *) &iv[0]); - if (cipher == NULL) { - SEC_LOG_ERROR("TestCtx::acquireCipher failed"); - return std::vector(); - } - - if (SEC_RESULT_SUCCESS != SecCipher_Process(cipher, - inplace ? ((SEC_BYTE *) &output[0]) : ((SEC_BYTE *) &input[0]), - input.size(), SEC_TRUE, (SEC_BYTE *) &output[0], output.size(), - &written)) { - SEC_LOG_ERROR("SecCipher_Process failed"); - return std::vector(); - } - - output.resize(written); - - ctx->releaseCipher(cipher); - - return output; -} - -std::vector cipherSecApiSingle(TestCtx *ctx, Sec_CipherHandle *cipher_handle, const std::vector& iv, - const std::vector& input, SEC_BOOL inplace) { - - std::vector output = input; - output.resize(input.size() + 4096); - - SEC_SIZE written = 0; - - if (iv.size() > 0) { - if (SEC_RESULT_SUCCESS != SecCipher_UpdateIV(cipher_handle, (SEC_BYTE *) &iv[0])) { - SEC_LOG_ERROR("SecCipher_UpdateIV failed"); - return std::vector(); - } - } - - if (SEC_RESULT_SUCCESS != SecCipher_Process(cipher_handle, - inplace ? ((SEC_BYTE *) &output[0]) : ((SEC_BYTE *) &input[0]), - input.size(), SEC_FALSE, (SEC_BYTE *) &output[0], output.size(), - &written)) { - SEC_LOG_ERROR("SecCipher_Process failed"); - return std::vector(); - } - - output.resize(written); - - return output; -} - -Sec_Result testCipherSingle( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace) { - - std::vector inputSizes; - inputSizes.resize(1); - inputSizes[0] = inputSize; - - return testCipherMult(id, key, kc, loc, alg, mode, inputSizes, inplace); -} - -Sec_Result testCtrRollover( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace) { - - std::vector inputSizes; - inputSizes.resize(3); - inputSizes[0] = 16; - inputSize -= inputSizes[0]; - inputSizes[1] = 16; - inputSize -= inputSizes[1]; - inputSizes[2] = inputSize; - - return testCipherMult(id, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, mode, inputSizes, inplace, SEC_TRUE); -} - -Sec_Result testCipherSingle( - SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace) { - - std::vector inputSizes; - inputSizes.resize(1); - inputSizes[0] = inputSize; - - return testCipherMult(id, pub, priv, kc, loc, alg, mode, inputSizes, inplace); -} - -Sec_Result testCipherMult( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, const std::vector& inputSizes, SEC_BOOL inplace, SEC_BOOL testRolloverCtr) { - - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = NULL; - if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - std::vector openssl_key = TestCreds::asOpenSslAes(key); - TestCtx::printHex("key", openssl_key); - - //gen iv - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - if (alg == SEC_CIPHERALGORITHM_AES_CTR && testRolloverCtr) { - //set iv to rollover - memset(&iv[8], 0xff, 8); - } - - TestCtx::printHex("iv", iv); - - //mode - SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); - - //gen clear input - std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); - TestCtx::printHex("clear", clear); - - //encrypt - std::vector encrypted; - if (testEncrypt) { - encrypted = cipherSecApi(&ctx, handle, alg, SEC_CIPHERMODE_ENCRYPT, iv, clear, inputSizes, inplace); - } else { - //use openssl to encrypt - encrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_ENCRYPT, &iv[0], clear); - } - - TestCtx::printHex("encrypted", encrypted); - - //decrypt - std::vector decrypted; - if (testEncrypt) { - //use openssl to decrypt - decrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_DECRYPT, &iv[0], encrypted); - } else { - //use sec api to decrypt - decrypted = cipherSecApi(&ctx, handle, alg, SEC_CIPHERMODE_DECRYPT, iv, encrypted, inputSizes, inplace); - } - - TestCtx::printHex("decrypted", decrypted); - - //check if results match - if (clear != decrypted) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testCipherMult( - SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, const std::vector& inputSizes, SEC_BOOL inplace) { - - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - //mode - SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); - - Sec_KeyHandle *keyHandle = NULL; - if (testEncrypt) { - if (NULL == (keyHandle = ctx.provisionKey(id, loc, pub, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (NULL == (keyHandle = ctx.provisionKey(id, loc, priv, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - } - - //gen iv - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - TestCtx::printHex("iv", iv); - - //gen clear input - std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); - TestCtx::printHex("clear", clear); - - //encrypt - std::vector encrypted; - if (testEncrypt) { - encrypted = cipherSecApi(&ctx, keyHandle, alg, SEC_CIPHERMODE_ENCRYPT, iv, clear, inputSizes, inplace); - } else { - //use openssl to encrypt - encrypted = cipherOpenSSL(pub, alg, SEC_CIPHERMODE_ENCRYPT, &iv[0], clear); - } - - TestCtx::printHex("encrypted", encrypted); - - //decrypt - std::vector decrypted; - if (testEncrypt) { - //use openssl to decrypt - decrypted = cipherOpenSSL(priv, alg, SEC_CIPHERMODE_DECRYPT, &iv[0], encrypted); - } else { - //use sec api to decrypt - decrypted = cipherSecApi(&ctx, keyHandle, alg, SEC_CIPHERMODE_DECRYPT, iv, encrypted, inputSizes, inplace); - } - - TestCtx::printHex("decrypted", decrypted); - - //check if results match - if (clear != decrypted) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result cipherEncDecSingle(TestCtx *ctx, SEC_OBJECTID id, - Sec_CipherAlgorithm alg, SEC_SIZE inputSize, SEC_BOOL inplace) { - - std::vector inputSizes; - inputSizes.resize(1); - inputSizes[0] = inputSize; - - Sec_Result res = cipherEncDecMult(ctx, id, alg, inputSizes, inplace); - if (res != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("cipherEncDecMult failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result cipherEncDecSingle(TestCtx *ctx, SEC_OBJECTID id_pub, SEC_OBJECTID id_priv, - Sec_CipherAlgorithm alg, SEC_SIZE inputSize, SEC_BOOL inplace) { - - std::vector inputSizes; - inputSizes.resize(1); - inputSizes[0] = inputSize; - - Sec_Result res = cipherEncDecMult(ctx, id_pub, id_priv, alg, inputSizes, inplace); - if (res != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("cipherEncDecMult failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result cipherEncDecMult(TestCtx *ctx, - SEC_OBJECTID id, Sec_CipherAlgorithm alg, const std::vector& inputSizes, SEC_BOOL inplace) { - - //gen iv - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - TestCtx::printHex("iv", iv); - - //gen clear input - std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); - TestCtx::printHex("clear", clear); - - //encrypt - std::vector encrypted = cipherSecApi(ctx, ctx->getKey(id), alg, SEC_CIPHERMODE_ENCRYPT, iv, clear, inputSizes, inplace); - if (encrypted.size() == 0) { - SEC_LOG_ERROR("cipherSecApi failed"); - return SEC_RESULT_FAILURE; - } - TestCtx::printHex("encrypted", encrypted); - - //decrypt - std::vector decrypted = cipherSecApi(ctx, ctx->getKey(id), alg, SEC_CIPHERMODE_DECRYPT, iv, encrypted, inputSizes, inplace); - if (decrypted.size() == 0) { - SEC_LOG_ERROR("cipherSecApi failed"); - return SEC_RESULT_FAILURE; - } - - TestCtx::printHex("decrypted", decrypted); - - //check if results match - if (clear != decrypted) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result cipherEncDecMult(TestCtx *ctx, - SEC_OBJECTID id_pub, SEC_OBJECTID id_priv, Sec_CipherAlgorithm alg, const std::vector& inputSizes, SEC_BOOL inplace) { - - //gen clear input - std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); - TestCtx::printHex("clear", clear); - - //encrypt - std::vector encrypted = cipherSecApi(ctx, ctx->getKey(id_pub), alg, SEC_CIPHERMODE_ENCRYPT, std::vector(), clear, inputSizes, inplace); - if (encrypted.size() == 0) { - SEC_LOG_ERROR("cipherSecApi failed"); - return SEC_RESULT_FAILURE; - } - - TestCtx::printHex("encrypted", encrypted); - - //decrypt - std::vector decrypted = cipherSecApi(ctx, ctx->getKey(id_priv), alg, SEC_CIPHERMODE_DECRYPT, std::vector(), encrypted, inputSizes, inplace); - if (decrypted.size() == 0) { - SEC_LOG_ERROR("cipherSecApi failed"); - return SEC_RESULT_FAILURE; - } - - TestCtx::printHex("decrypted", decrypted); - - //check if results match - if (clear != decrypted) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testCipherBandwidth( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_SIZE intervalS) { - - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = NULL; - if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - //gen iv - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - TestCtx::printHex("iv", iv); - - //mode - SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); - - //gen clear input - std::vector clear = TestCtx::random(inputSize); - TestCtx::printHex("clear", clear); - - //encrypt - std::vector encrypted; - time_t start_t = 0; - time_t end_t = 0; - int loops = 0; - if (testEncrypt) { - start_t = time(NULL); - end_t = start_t; - - while ((end_t - start_t) < (int) intervalS) { - encrypted = cipherSecApiSingle(&ctx, handle, alg, SEC_CIPHERMODE_ENCRYPT, iv, clear, SEC_FALSE); - ++loops; - end_t = time(NULL); - } - } else { - //use openssl to encrypt - encrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_ENCRYPT, &iv[0], clear); - } - - TestCtx::printHex("encrypted", encrypted); - - //decrypt - std::vector decrypted; - if (testEncrypt) { - //use openssl to decrypt - decrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_DECRYPT, &iv[0], encrypted); - } else { - start_t = time(NULL); - end_t = start_t; - - while ((end_t - start_t) < (int) intervalS) { - decrypted = cipherSecApiSingle(&ctx, handle, alg, SEC_CIPHERMODE_DECRYPT, iv, encrypted, SEC_FALSE); - ++loops; - end_t = time(NULL); - } - } - - TestCtx::printHex("decrypted", decrypted); - - //check if results match - if (clear != decrypted) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - //print timing data - SEC_PRINT("Data processed: %d MB\n", (inputSize * loops) / (1024 * 1024)); - SEC_PRINT("Time elapsed: %d s\n", end_t - start_t); - if (end_t != start_t) { - SEC_PRINT("Bandwidth: %d MB/s\n", - ((inputSize * loops) / (1024 * 1024)) / (end_t - start_t)); - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testCipherBandwidthSingleCipher( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_SIZE intervalS) { - - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = NULL; - if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - //gen iv - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - TestCtx::printHex("iv", iv); - - //mode - SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); - - //gen clear input - std::vector clear = TestCtx::random(inputSize); - TestCtx::printHex("clear", clear); - - //encrypt - std::vector encrypted; - time_t start_t = 0; - time_t end_t = 0; - int loops = 0; - if (testEncrypt) { - start_t = time(NULL); - end_t = start_t; - - Sec_CipherHandle *cipher = ctx.acquireCipher(alg, mode, handle, (SEC_BYTE *) &iv[0]); - if (cipher == NULL) { - SEC_LOG_ERROR("TestCtx::acquireCipher failed"); - return SEC_RESULT_FAILURE; - } - - while ((end_t - start_t) < (int) intervalS) { - encrypted = cipherSecApiSingle(&ctx, cipher, iv, clear, SEC_FALSE); - ++loops; - end_t = time(NULL); - } - } else { - //use openssl to encrypt - encrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_ENCRYPT, &iv[0], clear); - } - - //decrypt - std::vector decrypted; - if (testEncrypt) { - //use openssl to decrypt - decrypted = cipherOpenSSL(key, alg, SEC_CIPHERMODE_DECRYPT, &iv[0], encrypted); - } else { - start_t = time(NULL); - end_t = start_t; - - Sec_CipherHandle *cipher = ctx.acquireCipher(alg, mode, handle, (SEC_BYTE *) &iv[0]); - if (cipher == NULL) { - SEC_LOG_ERROR("TestCtx::acquireCipher failed"); - return SEC_RESULT_FAILURE; - } - - while ((end_t - start_t) < (int) intervalS) { - decrypted = cipherSecApiSingle(&ctx, cipher, iv, encrypted, SEC_FALSE); - ++loops; - end_t = time(NULL); - } - } - - //print timing data - SEC_PRINT("Data processed: %d MB\n", (inputSize * loops) / (1024 * 1024)); - SEC_PRINT("Time elapsed: %d s\n", end_t - start_t); - if (end_t != start_t) { - SEC_PRINT("Bandwidth: %d MB/s\n", - ((inputSize * loops) / (1024 * 1024)) / (end_t - start_t)); - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testCipherUpdateIV( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace) { - - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = NULL; - if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - //gen ivs - std::vector iv1 = TestCtx::random(SEC_AES_BLOCK_SIZE); - TestCtx::printHex("iv1", iv1); - std::vector iv2 = TestCtx::random(SEC_AES_BLOCK_SIZE); - TestCtx::printHex("iv2", iv2); - - //mode - SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); - - //gen clear input - std::vector clear = TestCtx::random(inputSize); - TestCtx::printHex("clear", clear); - - //encrypt - std::vector encrypted1; - std::vector encrypted2; - if (testEncrypt) { - Sec_CipherHandle *cipher = ctx.acquireCipher(alg, SEC_CIPHERMODE_ENCRYPT, handle, (SEC_BYTE *) &iv1[0]); - if (cipher == NULL) { - SEC_LOG_ERROR("TestCtx::acquireCipher failed"); - return SEC_RESULT_FAILURE; - } - - encrypted1 = cipherSecApiSingle(&ctx, cipher, iv1, clear, SEC_FALSE); - if (encrypted1.size() == 0) { - SEC_LOG_ERROR("cipherSecApiSingle failed"); - return SEC_RESULT_FAILURE; - } - encrypted2 = cipherSecApiSingle(&ctx, cipher, iv2, clear, SEC_FALSE); - if (encrypted2.size() == 0) { - SEC_LOG_ERROR("cipherSecApiSingle failed"); - return SEC_RESULT_FAILURE; - } - } else { - //use openssl to encrypt - encrypted1 = cipherOpenSSL(key, alg, SEC_CIPHERMODE_ENCRYPT, &iv1[0], clear); - if (encrypted1.size() == 0) { - SEC_LOG_ERROR("cipherOpenSSL failed"); - return SEC_RESULT_FAILURE; - } - encrypted2 = cipherOpenSSL(key, alg, SEC_CIPHERMODE_ENCRYPT, &iv2[0], clear); - if (encrypted2.size() == 0) { - SEC_LOG_ERROR("cipherOpenSSL failed"); - return SEC_RESULT_FAILURE; - } - } - - TestCtx::printHex("encrypted1", encrypted1); - TestCtx::printHex("encrypted2", encrypted2); - - //decrypt - std::vector decrypted1; - std::vector decrypted2; - if (testEncrypt) { - //use openssl to decrypt - decrypted1 = cipherOpenSSL(key, alg, SEC_CIPHERMODE_DECRYPT, &iv1[0], encrypted1); - if (decrypted1.size() == 0) { - SEC_LOG_ERROR("cipherOpenSSL failed"); - return SEC_RESULT_FAILURE; - } - decrypted2 = cipherOpenSSL(key, alg, SEC_CIPHERMODE_DECRYPT, &iv2[0], encrypted2); - if (decrypted2.size() == 0) { - SEC_LOG_ERROR("cipherOpenSSL failed"); - return SEC_RESULT_FAILURE; - } - } else { - //use sec api to decrypt - Sec_CipherHandle *cipher = ctx.acquireCipher(alg, SEC_CIPHERMODE_DECRYPT, handle, (SEC_BYTE *) &iv1[0]); - if (cipher == NULL) { - SEC_LOG_ERROR("TestCtx::acquireCipher failed"); - return SEC_RESULT_FAILURE; - } - - decrypted1 = cipherSecApiSingle(&ctx, cipher, iv1, encrypted1, SEC_FALSE); - if (decrypted1.size() == 0) { - SEC_LOG_ERROR("cipherSecApiSingle failed"); - return SEC_RESULT_FAILURE; - } - decrypted2 = cipherSecApiSingle(&ctx, cipher, iv2, encrypted2, SEC_FALSE); - if (decrypted2.size() == 0) { - SEC_LOG_ERROR("cipherSecApiSingle failed"); - return SEC_RESULT_FAILURE; - } - } - - TestCtx::printHex("decrypted1", decrypted1); - TestCtx::printHex("decrypted2", decrypted2); - - //check if results match - if (clear != decrypted1 || clear != decrypted2 || encrypted1 == encrypted2) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -std::vector cipherSecApiCtrSubBlock( - TestCtx *ctx, Sec_KeyHandle *key_handle, - Sec_CipherMode mode, - const std::vector& iv, - const std::vector& input, - SEC_BOOL inplace) { - - std::vector output = input; - output.resize(input.size() + 4096); - - SEC_SIZE inputProcessed = 0; - SEC_SIZE outputWritten = 0; - SEC_SIZE written = 0; - - Sec_CipherHandle *cipher = ctx->acquireCipher(SEC_CIPHERALGORITHM_AES_CTR, mode, key_handle, (SEC_BYTE *) &iv[0]); - if (cipher == NULL) { - SEC_LOG_ERROR("TestCtx::acquireCipher failed"); - return std::vector(); - } - - //calculate the offset and make sure it is not on the SEC_AES_BLOCK_SIZE boundary - SEC_SIZE split_offset = input.size() / 2; - if (split_offset % SEC_AES_BLOCK_SIZE == 0) { - split_offset -= 1; - } - - SEC_PRINT("init ctr: %d\n", Sec_BEBytesToUint64((SEC_BYTE*) &iv[8])); - uint64_t init_counter = Sec_BEBytesToUint64((SEC_BYTE*) &iv[8]); - - if (SEC_RESULT_SUCCESS != SecCipher_Process(cipher, - inplace ? ((SEC_BYTE *) &output[0]) : ((SEC_BYTE *) &input[0]), - split_offset, SEC_FALSE, (SEC_BYTE *) &output[0], output.size(), - &written)) { - SEC_LOG_ERROR("SecCipher_Process failed"); - return std::vector(); - } - - outputWritten += written; - inputProcessed += split_offset; - - //set the iv - uint64_t counter = Sec_BEBytesToUint64((SEC_BYTE*) &iv[8]); - counter = init_counter + split_offset/SEC_AES_BLOCK_SIZE; - Sec_Uint64ToBEBytes(counter, (SEC_BYTE*) &iv[8]); - - SEC_PRINT("updated ctr: %d\n", Sec_BEBytesToUint64((SEC_BYTE*) &iv[8])); - - /* TODO - if (SEC_RESULT_SUCCESS != SecCipher_UpdateIV(cipher, (SEC_BYTE*) &iv[0])) { - SEC_LOG_ERROR("SecCipher_UpdateIV failed"); - return std::vector(); - } - */ - - //last input - if (SEC_RESULT_SUCCESS != SecCipher_ProcessCtrWithDataShift(cipher, - inplace ? (SEC_BYTE *) &output[inputProcessed] : (SEC_BYTE *) &input[inputProcessed], - input.size() - inputProcessed, (SEC_BYTE *) &output[outputWritten], output.size() - outputWritten, - &written, split_offset % SEC_AES_BLOCK_SIZE)) { - SEC_LOG_ERROR("SecCipher_Process failed"); - return std::vector(); - } - - outputWritten += written; - - output.resize(outputWritten); - - ctx->releaseCipher(cipher); - - return output; -} - -Sec_Result testProcessCtrWithDataShift( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherMode mode, SEC_BOOL inplace) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = NULL; - if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - //gen iv - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - TestCtx::printHex("iv", iv); - - /* TODO - //set the counter to ff to test rollover - memset(&iv[8], 0xff, 8); - */ - - //mode - SEC_BOOL testEncrypt = (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM); - - //gen clear input - std::vector clear = TestCtx::random(SEC_AES_BLOCK_SIZE * 3); - TestCtx::printHex("clear", clear); - - //encrypt - std::vector encrypted; - std::vector ivCopy = iv; - if (testEncrypt) { - encrypted = cipherSecApiCtrSubBlock(&ctx, handle, SEC_CIPHERMODE_ENCRYPT, ivCopy, clear, inplace); - } else { - //use openssl to encrypt - encrypted = cipherOpenSSL(key, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, &ivCopy[0], clear); - } - - TestCtx::printHex("encrypted", encrypted); - TestCtx::printHex("iv", iv); - - //decrypt - std::vector decrypted; - if (testEncrypt) { - //use openssl to decrypt - decrypted = cipherOpenSSL(key, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, &iv[0], encrypted); - } else { - //use sec api to decrypt - decrypted = cipherSecApiCtrSubBlock(&ctx, handle, SEC_CIPHERMODE_DECRYPT, iv, encrypted, inplace); - } - - TestCtx::printHex("decrypted", decrypted); - - //check if results match - if (clear != decrypted) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result aesKeyCheck(Sec_ProcessorHandle *proc, SEC_OBJECTID id, SEC_BYTE *key, SEC_SIZE key_len) { - SEC_PRINT("--- aes key check ---\n"); - - std::vector clear = TestCtx::random(SEC_AES_BLOCK_SIZE); - TestCtx::printHex("clear", clear); - - std::vector cipher_secapi; - cipher_secapi.resize(SEC_AES_BLOCK_SIZE); - SEC_SIZE cipher_secapi_len; - - if (SEC_RESULT_SUCCESS != SecCipher_SingleInputId(proc, - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, id, - NULL, &clear[0], clear.size(), &cipher_secapi[0], - cipher_secapi.size(), &cipher_secapi_len)) { - SEC_LOG_ERROR("SecCipher_SingleInputId failed"); - return SEC_RESULT_FAILURE; - } - cipher_secapi.resize(cipher_secapi_len); - TestCtx::printHex("cipher_secapi", cipher_secapi); - - std::vector openssl_key = std::vector (key, key + key_len); - - std::vector cipher_ssl = opensslAesEcb( - openssl_key, SEC_CIPHERMODE_ENCRYPT, SEC_FALSE, - NULL, clear); - - TestCtx::printHex("cipher_ssl", cipher_ssl); - - SEC_PRINT("---------------------\n"); - - //check if results match - if (cipher_secapi != cipher_ssl) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/cipher.h b/test/main/cpp/cipher.h deleted file mode 100644 index 567d7bf..0000000 --- a/test/main/cpp/cipher.h +++ /dev/null @@ -1,80 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_CIPHER_H_ -#define TEST_CIPHER_H_ - -#include "sec_security.h" -#include "test_creds.h" - -Sec_Result testCipherSingle( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace = SEC_FALSE); - -Sec_Result testCipherSingle( - SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace = SEC_FALSE); - -Sec_Result testCipherMult( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, const std::vector& inputSizes, SEC_BOOL inplace = SEC_FALSE, SEC_BOOL testCtrRollover = SEC_FALSE); - -Sec_Result testCipherMult( - SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, const std::vector& inputSizes, SEC_BOOL inplace = SEC_FALSE); - -Sec_Result testCipherBandwidth( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_SIZE intervalS); - -Sec_Result testCipherBandwidthSingleCipher( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_SIZE intervalS); - -Sec_Result cipherEncDecSingle(TestCtx *ctx, SEC_OBJECTID id, - Sec_CipherAlgorithm alg, SEC_SIZE inputSize, SEC_BOOL inplace = SEC_FALSE); - -Sec_Result cipherEncDecMult(TestCtx *ctx, - SEC_OBJECTID id, Sec_CipherAlgorithm alg, const std::vector& inputSizes, SEC_BOOL inplace = SEC_FALSE); - -Sec_Result cipherEncDecSingle(TestCtx *ctx, SEC_OBJECTID id_pub, SEC_OBJECTID id_priv, - Sec_CipherAlgorithm alg, SEC_SIZE inputSize, SEC_BOOL inplace = SEC_FALSE); - -Sec_Result cipherEncDecMult(TestCtx *ctx, - SEC_OBJECTID id_pub, SEC_OBJECTID id_priv, - Sec_CipherAlgorithm alg, const std::vector& inputSizes, SEC_BOOL inplace = SEC_FALSE); - -Sec_Result testCipherUpdateIV( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherAlgorithm alg, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace); - -Sec_Result testProcessCtrWithDataShift( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_CipherMode mode, SEC_BOOL inplace); - -std::vector opensslAesEcb( - TestKey key, Sec_CipherMode mode, SEC_BOOL padding, - SEC_BYTE *iv, const std::vector& input); - -Sec_Result aesKeyCheck(Sec_ProcessorHandle *proc, SEC_OBJECTID id, SEC_BYTE *key, SEC_SIZE key_len); - -Sec_Result testCtrRollover( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, Sec_CipherMode mode, SEC_SIZE inputSize, SEC_BOOL inplace); - -#endif diff --git a/test/main/cpp/concurrent.cpp b/test/main/cpp/concurrent.cpp deleted file mode 100644 index 6137886..0000000 --- a/test/main/cpp/concurrent.cpp +++ /dev/null @@ -1,140 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "concurrent.h" -#include "key.h" -#include "cipher.h" -#include "pthread.h" - -struct Vendor128Args { - SEC_OBJECTID id; - - Sec_Result res; -}; - -void *concurrent_vendor128(void *arg) -{ - Vendor128Args *args = (Vendor128Args *) arg; - - args->res = testKeyDeriveKeyLadderAes128( - args->id, - SEC_KEYTYPE_AES_128, - SEC_STORAGELOC_RAM, - SEC_KEYLADDERROOT_UNIQUE, - SEC_TRUE); - - return NULL; -} - -Sec_Result testConcurrentVendor128(SEC_SIZE numThreads) { - - std::vector threads; - std::vector args; - threads.resize(numThreads); - args.resize(numThreads); - - SEC_PRINT("Spawning %d threads\n", numThreads); - for (unsigned int i=0; ires = testCipherSingle( - args->id, - args->pub, - args->priv, - args->kc, - SEC_STORAGELOC_RAM, - SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING, - SEC_CIPHERMODE_DECRYPT, - SEC_AES_BLOCK_SIZE); - - return NULL; -} - -Sec_Result testConcurrentRsa(TestKey pub, TestKey priv, TestKc kc, SEC_SIZE numThreads) { - - std::vector threads; - std::vector args; - threads.resize(numThreads); - args.resize(numThreads); - - SEC_PRINT("Spawning %d threads\n", numThreads); - for (unsigned int i=0; i - -std::vector digestOpenSSL( - Sec_DigestAlgorithm alg, const std::vector& input) { - std::vector digest; - - switch (alg) { - case SEC_DIGESTALGORITHM_SHA1: - digest.resize(20); - SHA1(&input[0], input.size(), &digest[0]); - return digest; - - case SEC_DIGESTALGORITHM_SHA256: - digest.resize(32); - SHA256(&input[0], input.size(), &digest[0]); - return digest; - - default: - break; - } - - SEC_LOG_ERROR("Unimplemented"); - return std::vector(); -} - -std::vector digestSecApi(TestCtx *ctx, - Sec_DigestAlgorithm alg, - const std::vector& input, - const std::vector& inputSizes) { - - std::vector output; - output.resize(SEC_DIGEST_MAX_LEN);; - - SEC_SIZE inputProcessed = 0; - SEC_SIZE written = 0; - - Sec_DigestHandle *digest = ctx->acquireDigest(alg); - if (digest == NULL) { - SEC_LOG_ERROR("TestCtx::acquireDigest failed"); - return std::vector(); - } - - for (unsigned int i=0; i 0) { - if (SEC_RESULT_SUCCESS != SecDigest_Update(digest, (SEC_BYTE *) &input[inputProcessed], - inputSizes[i])) { - SEC_LOG_ERROR("SecDigest_Update failed"); - return std::vector(); - } - } - - inputProcessed += inputSizes[i]; - } - - //last input - if (SEC_RESULT_SUCCESS != ctx->releaseDigest(digest, &output[0], &written)) { - SEC_LOG_ERROR("SecCipher_Process failed"); - return std::vector(); - } - - output.resize(written); - - return output; -} - -std::vector digestSecApi(TestCtx *ctx, - Sec_DigestAlgorithm alg, Sec_KeyHandle *key) { - - std::vector output; - output.resize(SEC_DIGEST_MAX_LEN);; - - SEC_SIZE written = 0; - - Sec_DigestHandle *digest = ctx->acquireDigest(alg); - if (digest == NULL) { - SEC_LOG_ERROR("TestCtx::acquireDigest failed"); - return std::vector(); - } - - if (SEC_RESULT_SUCCESS != SecDigest_UpdateWithKey(digest, key)) { - SEC_LOG_ERROR("SecDigest_Update failed"); - return std::vector(); - } - - if (SEC_RESULT_SUCCESS != ctx->releaseDigest(digest, &output[0], &written)) { - SEC_LOG_ERROR("SecCipher_Process failed"); - return std::vector(); - } - - output.resize(written); - - return output; -} - -Sec_Result testDigestOverKey(Sec_DigestAlgorithm alg, SEC_OBJECTID id, TestKey key, Sec_StorageLoc loc) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *keyHandle = NULL; - - if (TestCreds::supports(CAPABILITY_DIGEST_OVER_HWKEY)) { - if (NULL == (keyHandle = ctx.provisionKey(id, loc, key, TESTKC_RAW))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (NULL == (keyHandle = ctx.provisionKey(id, loc, key, TESTKC_RAW, SEC_TRUE))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - } - - //gen clear input - std::vector clear = TestCreds::asOpenSslAes(key); - TestCtx::printHex("key", clear); - - //digest - std::vector digestSA = digestSecApi(&ctx, alg, keyHandle); - TestCtx::printHex("digestSecApi", digestSA); - - std::vector digestOS = digestOpenSSL(alg, clear); - TestCtx::printHex("digestOpenssl", digestOS); - - //check if results match - if (digestSA != digestOS) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testDigestSingle( - Sec_DigestAlgorithm alg, SEC_SIZE inputSize) { - std::vector inputSizes; - inputSizes.resize(1); - inputSizes[0] = inputSize; - - return testDigestMult(alg, inputSizes); -} - -Sec_Result testDigestMult( - Sec_DigestAlgorithm alg, const std::vector& inputSizes) { - - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - //gen clear input - std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); - TestCtx::printHex("clear", clear); - - //digest - std::vector digestSA = digestSecApi(&ctx, alg, clear, inputSizes); - TestCtx::printHex("digestSecApi", digestSA); - - std::vector digestOS = digestOpenSSL(alg, clear); - TestCtx::printHex("digestOpenssl", digestOS); - - //check if results match - if (digestSA != digestOS) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/digest.h b/test/main/cpp/digest.h deleted file mode 100644 index 76a2ebb..0000000 --- a/test/main/cpp/digest.h +++ /dev/null @@ -1,38 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_DIGEST_H_ -#define TEST_DIGEST_H_ - -#include "sec_security.h" -#include "test_creds.h" -#include - -Sec_Result testDigestSingle( - Sec_DigestAlgorithm alg, SEC_SIZE inputSize); - -Sec_Result testDigestMult( - Sec_DigestAlgorithm alg, const std::vector& inputSizes); - -Sec_Result testDigestOverKey(Sec_DigestAlgorithm alg, SEC_OBJECTID id, TestKey key, Sec_StorageLoc loc); - -std::vector digestOpenSSL( - Sec_DigestAlgorithm alg, const std::vector& input); - -#endif diff --git a/test/main/cpp/exchange.cpp b/test/main/cpp/exchange.cpp deleted file mode 100644 index 72e4dbc..0000000 --- a/test/main/cpp/exchange.cpp +++ /dev/null @@ -1,505 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "exchange.h" -#include "test_ctx.h" -#include "sec_security_utils.h" -#include "cipher.h" -#include "mac.h" -#include -#include -#include -#include - -static SEC_BYTE g_dh_p[] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc9, 0x0f, 0xda, 0xa2, - 0x21, 0x68, 0xc2, 0x34, 0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1, - 0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74, 0x02, 0x0b, 0xbe, 0xa6, - 0x3b, 0x13, 0x9b, 0x22, 0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd, - 0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b, 0x30, 0x2b, 0x0a, 0x6d, - 0xf2, 0x5f, 0x14, 0x37, 0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45, - 0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6, 0xf4, 0x4c, 0x42, 0xe9, - 0xa6, 0x37, 0xed, 0x6b, 0x0b, 0xff, 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed, - 0xee, 0x38, 0x6b, 0xfb, 0x5a, 0x89, 0x9f, 0xa5, 0xae, 0x9f, 0x24, 0x11, - 0x7c, 0x4b, 0x1f, 0xe6, 0x49, 0x28, 0x66, 0x51, 0xec, 0xe4, 0x5b, 0x3d, - 0xc2, 0x00, 0x7c, 0xb8, 0xa1, 0x63, 0xbf, 0x05, 0x98, 0xda, 0x48, 0x36, - 0x1c, 0x55, 0xd3, 0x9a, 0x69, 0x16, 0x3f, 0xa8, 0xfd, 0x24, 0xcf, 0x5f, - 0x83, 0x65, 0x5d, 0x23, 0xdc, 0xa3, 0xad, 0x96, 0x1c, 0x62, 0xf3, 0x56, - 0x20, 0x85, 0x52, 0xbb, 0x9e, 0xd5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6d, - 0x67, 0x0c, 0x35, 0x4e, 0x4a, 0xbc, 0x98, 0x04, 0xf1, 0x74, 0x6c, 0x08, - 0xca, 0x18, 0x21, 0x7c, 0x32, 0x90, 0x5e, 0x46, 0x2e, 0x36, 0xce, 0x3b, - 0xe3, 0x9e, 0x77, 0x2c, 0x18, 0x0e, 0x86, 0x03, 0x9b, 0x27, 0x83, 0xa2, - 0xec, 0x07, 0xa2, 0x8f, 0xb5, 0xc5, 0x5d, 0xf0, 0x6f, 0x4c, 0x52, 0xc9, - 0xde, 0x2b, 0xcb, 0xf6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7c, - 0xea, 0x95, 0x6a, 0xe5, 0x15, 0xd2, 0x26, 0x18, 0x98, 0xfa, 0x05, 0x10, - 0x15, 0x72, 0x8e, 0x5a, 0x8a, 0xaa, 0xc4, 0x2d, 0xad, 0x33, 0x17, 0x0d, - 0x04, 0x50, 0x7a, 0x33, 0xa8, 0x55, 0x21, 0xab, 0xdf, 0x1c, 0xba, 0x64, - 0xec, 0xfb, 0x85, 0x04, 0x58, 0xdb, 0xef, 0x0a, 0x8a, 0xea, 0x71, 0x57, - 0x5d, 0x06, 0x0c, 0x7d, 0xb3, 0x97, 0x0f, 0x85, 0xa6, 0xe1, 0xe4, 0xc7, - 0xab, 0xf5, 0xae, 0x8c, 0xdb, 0x09, 0x33, 0xd7, 0x1e, 0x8c, 0x94, 0xe0, - 0x4a, 0x25, 0x61, 0x9d, 0xce, 0xe3, 0xd2, 0x26, 0x1a, 0xd2, 0xee, 0x6b, - 0xf1, 0x2f, 0xfa, 0x06, 0xd9, 0x8a, 0x08, 0x64, 0xd8, 0x76, 0x02, 0x73, - 0x3e, 0xc8, 0x6a, 0x64, 0x52, 0x1f, 0x2b, 0x18, 0x17, 0x7b, 0x20, 0x0c, - 0xbb, 0xe1, 0x17, 0x57, 0x7a, 0x61, 0x5d, 0x6c, 0x77, 0x09, 0x88, 0xc0, - 0xba, 0xd9, 0x46, 0xe2, 0x08, 0xe2, 0x4f, 0xa0, 0x74, 0xe5, 0xab, 0x31, - 0x43, 0xdb, 0x5b, 0xfc, 0xe0, 0xfd, 0x10, 0x8e, 0x4b, 0x82, 0xd1, 0x20, - 0xa9, 0x3a, 0xd2, 0xca, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff -}; - -static SEC_BYTE g_dh_g[] = { - 0x02, -}; - -static EC_KEY *_ECCFromPubBinary(Sec_ECCRawPublicKey *binary) -{ - BN_CTX *ctx = BN_CTX_new(); - - if ( binary->type != SEC_KEYTYPE_ECC_NISTP256_PUBLIC - && binary->type != SEC_KEYTYPE_ECC_NISTP256) - return NULL; - - EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); //create ec_key structure with NIST p256 curve; - const EC_GROUP *group = EC_KEY_get0_group(ec_key); - EC_POINT *ec_point = EC_POINT_new(group); - BN_CTX_start(ctx); - BIGNUM *xp, *yp; - - if (((xp = BN_CTX_get(ctx)) == NULL) || ((yp = BN_CTX_get(ctx)) == NULL)) - goto done; - - EC_POINT_set_affine_coordinates_GFp(group, ec_point, - BN_bin2bn(binary->x, Sec_BEBytesToUint32(binary->key_len), xp), - BN_bin2bn(binary->y, Sec_BEBytesToUint32(binary->key_len), yp), ctx); - EC_KEY_set_public_key(ec_key, ec_point); - -done: - EC_POINT_free(ec_point); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - - return ec_key; -} - -static Sec_KeyType _GroupToKeyType(const EC_GROUP *group) -{ - if (NULL == group) - return SEC_KEYTYPE_NUM; - switch (EC_GROUP_get_curve_name(group)) - { - case NID_X9_62_prime256v1: - return SEC_KEYTYPE_ECC_NISTP256_PUBLIC; - case 0: - default: - return SEC_KEYTYPE_NUM; - } -} - -static Sec_Result _BigNumToBuffer(const BIGNUM *bignum, SEC_BYTE *buffer, SEC_SIZE buffer_len) -{ - SEC_SIZE num_bytes; - - memset(buffer, 0, buffer_len); - num_bytes = BN_num_bytes(bignum); - - if (num_bytes > buffer_len) { - SEC_LOG_ERROR("buffer not large enough. needed: %d, actual: %d", num_bytes, buffer_len); - return SEC_RESULT_FAILURE; - } - - BN_bn2bin(bignum, buffer + buffer_len - num_bytes); - - return SEC_RESULT_SUCCESS; -} - -static Sec_Result _Extract_EC_KEY_X_Y(const EC_KEY *ec_key, BIGNUM **xp, BIGNUM **yp, Sec_KeyType *keyTypep) -{ - const EC_GROUP *group = NULL; - const EC_POINT *ec_point = NULL; - BN_CTX *ctx = NULL; - Sec_Result res = SEC_RESULT_FAILURE; - - if (NULL == xp) - { - SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: X cannot be NULL"); - goto error; - } - - group = EC_KEY_get0_group(ec_key); - if (NULL == group) - { - SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_KEY_get0_group: %s", ERR_error_string(ERR_get_error(), NULL)); - goto error; - } - - ec_point = EC_KEY_get0_public_key(ec_key); - if (NULL == ec_point) - { - SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_KEY_get0_public_key: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto error; - } - - ctx = BN_CTX_new(); - if (NULL == ctx) - { - SEC_LOG_ERROR("BN_CTX_new() failed"); - goto error; - } - - *xp = BN_new(); - if (NULL == *xp) - { - SEC_LOG_ERROR("BN_new() failed"); - goto error; - } - - if (NULL != yp) { // if caller wants y coordinate returned - *yp = BN_new(); - if (NULL == *yp) - { - SEC_LOG_ERROR("BN_new() failed"); - goto error; - } - } - - if (NULL != keyTypep) // if caller wants key type returned - { - *keyTypep = _GroupToKeyType(group); - } - - // Get the X coordinate and optionally the Y coordinate - if (EC_POINT_get_affine_coordinates_GFp(group, ec_point, - *xp, - yp != NULL ? *yp : NULL, - ctx) != 1) - { - BN_clear_free(*xp); - if (NULL != yp) - BN_clear_free(*yp); - SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_POINT_get_affine_coordinates_GFp: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto error; - } - - res = SEC_RESULT_SUCCESS; - // continue into "error" - -error: - if (NULL != ctx) - BN_CTX_free(ctx); - - return res; -} - -static Sec_Result _ECCToPubBinary(EC_KEY *ec_key, Sec_ECCRawPublicKey *binary) -{ - BIGNUM *x = NULL; - BIGNUM *y = NULL; - Sec_KeyType keyType; - - if (_Extract_EC_KEY_X_Y(ec_key, &x, &y, &keyType) != SEC_RESULT_SUCCESS) - { - - SEC_LOG_ERROR("_Extract_EC_KEY_X_Y failed"); - return SEC_RESULT_FAILURE; - } - else - { - binary->type = keyType; - Sec_Uint32ToBEBytes(SecKey_GetKeyLenForKeyType(keyType), binary->key_len); - _BigNumToBuffer(x, binary->x, Sec_BEBytesToUint32(binary->key_len)); - _BigNumToBuffer(y, binary->y, Sec_BEBytesToUint32(binary->key_len)); - - BN_free(y); - BN_free(x); - return SEC_RESULT_SUCCESS; - } -} - -static DH* _DH_create(SEC_BYTE *p, SEC_SIZE p_len, SEC_BYTE *g, SEC_SIZE g_len) -{ - DH *dh = NULL; - - if ((dh=DH_new()) == NULL) { - SEC_LOG_ERROR("DH_new failed"); - return NULL; - } - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - dh->p = BN_bin2bn(p, p_len, NULL); - dh->g = BN_bin2bn(g, g_len, NULL); - - if ((dh->p == NULL) || (dh->g == NULL)) { - SEC_LOG_ERROR("BN_bin2bn failed"); - DH_free(dh); - return NULL; - } - - dh->length = p_len * 8; -#else - BIGNUM *bnp = BN_bin2bn(p, p_len, NULL); - BIGNUM *bng = BN_bin2bn(g, g_len, NULL); - DH_set0_pqg(dh, bnp, NULL, bng); -#endif - - return dh; -} - -static Sec_Result _DH_generate_key(DH* dh, SEC_BYTE* publicKey, SEC_SIZE pubKeySize) { - if (!DH_generate_key(dh)) { - SEC_LOG_ERROR("DH_generate_key failed"); - DH_free(dh); - return SEC_RESULT_FAILURE; - } - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (pubKeySize < (SEC_SIZE) BN_num_bytes(dh->pub_key)) { - SEC_LOG_ERROR("buffer to small"); - return SEC_RESULT_FAILURE; - } - - SEC_SIZE len = BN_bn2bin(dh->pub_key, publicKey); - if (len < pubKeySize) { - memmove(publicKey + pubKeySize - len, publicKey, len); - memset(publicKey, 0, pubKeySize - len); - } -#else - const BIGNUM *pub_key = NULL; - DH_get0_key(dh, &pub_key, NULL); - - if ((int)pubKeySize < BN_num_bytes(pub_key)) { - SEC_LOG_ERROR("buffer to small"); - return SEC_RESULT_FAILURE; - } - - SEC_SIZE len = BN_bn2bin(pub_key, publicKey); - if (len < pubKeySize) { - memmove(publicKey + pubKeySize - len, publicKey, len); - memset(publicKey, 0, pubKeySize - len); - } -#endif - - return SEC_RESULT_SUCCESS; -} - -static Sec_Result _DH_compute(DH* dh, SEC_BYTE* pub_key, SEC_SIZE pub_key_len, SEC_BYTE* key, SEC_SIZE key_len, SEC_SIZE* written) { - if (key_len < (SEC_SIZE) DH_size(dh)) { - SEC_LOG_ERROR("key_len is not large enough to hold the computed DH key: %d", DH_size(dh)); - return SEC_RESULT_FAILURE; - } - - BIGNUM * pub_key_bn = BN_bin2bn(pub_key, pub_key_len, NULL); - if (pub_key_bn == NULL) { - SEC_LOG_ERROR("BN_bin2bn failed"); - return SEC_RESULT_FAILURE; - } - - *written = DH_compute_key(key, pub_key_bn, dh); - BN_free(pub_key_bn); - pub_key_bn = NULL; - if (*written <= 0) { - SEC_LOG_ERROR("DH_compute_key failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyExchangeDH( - SEC_OBJECTID idComputed, - Sec_StorageLoc loc, - Sec_KeyType typeComputed) { - - TestCtx ctx; - Sec_KeyExchangeHandle *key_ex_handle = NULL; - DH* dh = NULL; - Sec_Result res = SEC_RESULT_FAILURE; - - Sec_DHParameters dh_params; - memcpy(dh_params.p, g_dh_p, sizeof(g_dh_p)); - dh_params.pLen = sizeof(g_dh_p); - memcpy(dh_params.g, g_dh_g, sizeof(g_dh_g)); - dh_params.gLen = sizeof(g_dh_g); - - SEC_BYTE pub_secapi[512]; - SEC_BYTE pub_test[512]; - SEC_BYTE ss_test[512]; - SEC_SIZE ss_len; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKeyExchange_GetInstance(ctx.proc(), SEC_KEYEXCHANGE_DH, &dh_params, &key_ex_handle)) { - SEC_LOG_ERROR("SecKeyExchange_GetInstance failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKeyExchange_GenerateKeys(key_ex_handle, pub_secapi, sizeof(pub_secapi))) { - SEC_LOG_ERROR("SecKeyExchange_GenerateKeys failed"); - goto done; - } - - //create other side info - dh = _DH_create(g_dh_p, sizeof(g_dh_p), g_dh_g, sizeof(g_dh_g)); - if (dh == NULL) { - SEC_LOG_ERROR("_DH_create failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != _DH_generate_key(dh, pub_test, sizeof(pub_test))) { - SEC_LOG_ERROR("_DH_generate_key failed"); - goto done; - } - - //compute shared secret - if (SEC_RESULT_SUCCESS != SecKeyExchange_ComputeSecret(key_ex_handle, pub_test, sizeof(pub_test), typeComputed, idComputed, loc)) { - SEC_LOG_ERROR("SecKeyExchange_ComputeSecret failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != _DH_compute(dh, pub_secapi, sizeof(pub_secapi), ss_test, sizeof(ss_test), &ss_len)) { - SEC_LOG_ERROR("_DH_compute failed"); - goto done; - } - - //test enc/dec or mac - if (SecKey_IsAES(typeComputed)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idComputed, ss_test, SecKey_GetKeyLenForKeyType(typeComputed))) { - SEC_LOG_ERROR("aesKeyCheck failed"); - goto done; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idComputed, ss_test, SecKey_GetKeyLenForKeyType(typeComputed))) { - SEC_LOG_ERROR("macCheck failed"); - goto done; - } - } - - res = SEC_RESULT_SUCCESS; - -done: - if (key_ex_handle != NULL) { - SecKeyExchange_Release(key_ex_handle); - } - - if (dh != NULL) { - DH_free(dh); - } - - return res; -} - -Sec_Result testKeyExchangeECDH( - SEC_OBJECTID idComputed, - Sec_StorageLoc loc, - Sec_KeyType typeComputed) { - - TestCtx ctx; - Sec_KeyExchangeHandle *key_ex_handle = NULL; - EC_KEY *priv_test = NULL; - EC_KEY *pub_secapi_key = NULL; - Sec_Result res = SEC_RESULT_FAILURE; - - Sec_ECCRawPublicKey pub_secapi; - Sec_ECCRawPublicKey pub_test; - SEC_BYTE ss_test[32]; - SEC_SIZE ss_len; - - Sec_ECDHParameters ecdh_params; - ecdh_params.curve = NISTP256; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKeyExchange_GetInstance(ctx.proc(), SEC_KEYEXCHANGE_ECDH, &ecdh_params, &key_ex_handle)) { - SEC_LOG_ERROR("SecKeyExchange_GetInstance failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKeyExchange_GenerateKeys(key_ex_handle, (SEC_BYTE *) &pub_secapi, sizeof(pub_secapi))) { - SEC_LOG_ERROR("SecKeyExchange_GenerateKeys failed"); - goto done; - } - - //create other side info - if(NULL == (priv_test = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1))) { - SEC_LOG_ERROR("EC_KEY_new_by_curve_name failed"); - goto done; - } - - if (1 != EC_KEY_generate_key(priv_test)) { - SEC_LOG_ERROR("EC_KEY_generate_key failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != _ECCToPubBinary(priv_test, &pub_test)) - { - SEC_LOG_ERROR("_ECCToPubBinary failed"); - goto done; - } - - - //compute shared secret - if (SEC_RESULT_SUCCESS != SecKeyExchange_ComputeSecret(key_ex_handle, (SEC_BYTE*) &pub_test, sizeof(pub_test), typeComputed, idComputed, loc)) { - SEC_LOG_ERROR("SecKeyExchange_ComputeSecret failed"); - goto done; - } - - pub_secapi_key = _ECCFromPubBinary(&pub_secapi); - if (pub_secapi_key == NULL) { - SEC_LOG_ERROR("SecUtils_ECCFromPubBinary failed"); - goto done; - } - - /* Derive the shared secret */ - ss_len = ECDH_compute_key(ss_test, sizeof(ss_test), EC_KEY_get0_public_key(pub_secapi_key), priv_test, NULL); - if (ss_len <= 0) { - SEC_LOG_ERROR("ECDH_compute_key failed"); - goto done; - } - - //test enc/dec or mac - if (SecKey_IsAES(typeComputed)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idComputed, ss_test, SecKey_GetKeyLenForKeyType(typeComputed))) { - SEC_LOG_ERROR("aesKeyCheck failed"); - goto done; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idComputed, ss_test, SecKey_GetKeyLenForKeyType(typeComputed))) { - SEC_LOG_ERROR("macCheck failed"); - goto done; - } - } - - res = SEC_RESULT_SUCCESS; - -done: - if (key_ex_handle != NULL) { - SecKeyExchange_Release(key_ex_handle); - } - - SEC_ECC_FREE(priv_test); - SEC_ECC_FREE(pub_secapi_key); - - return res; -} diff --git a/test/main/cpp/exchange.h b/test/main/cpp/exchange.h deleted file mode 100644 index 71a13b2..0000000 --- a/test/main/cpp/exchange.h +++ /dev/null @@ -1,37 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_EXCHANGE_H_ -#define TEST_EXCHANGE_H_ - -#include "sec_security.h" -#include "test_creds.h" -#include - -Sec_Result testKeyExchangeDH( - SEC_OBJECTID idComputed, - Sec_StorageLoc loc, - Sec_KeyType typeComputed); - -Sec_Result testKeyExchangeECDH( - SEC_OBJECTID idComputed, - Sec_StorageLoc loc, - Sec_KeyType typeComputed); - -#endif diff --git a/test/main/cpp/jtype.cpp b/test/main/cpp/jtype.cpp deleted file mode 100644 index ce47d9f..0000000 --- a/test/main/cpp/jtype.cpp +++ /dev/null @@ -1,468 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "jtype.h" -#include "mac.h" -#include "test_ctx.h" -#include "sec_security_comcastids.h" -#include "cipher.h" -#include "sec_security_utils.h" -#include -#include -#include -#include -#include - -std::string toB64(SEC_BYTE *data, SEC_SIZE len) { - std::string res; - SEC_SIZE res_len; - res.resize(SEC_KEYCONTAINER_MAX_LEN); - - if (SEC_RESULT_SUCCESS != SecUtils_Base64Encode((const SEC_BYTE*) data, len, (SEC_BYTE *) res.data(), res.size(), &res_len)) { - SEC_LOG_ERROR("SecSrv_B64Encode failed"); - return ""; - } - - res.resize(res_len); - - return res; -} - -std::string createJTypeHeader(const char *kid, const char *alg) { - std::string res; - - res += "{\"kid\":\""; - res += kid; - res += "\",\"alg\":\""; - res += alg; - res += "\"}"; - - return toB64((SEC_BYTE*) res.c_str(), res.size()); -} - -std::string createJTypeBodyV1(const char *contentKey, const char *contentKeyId, const char *contentKeyRights, SEC_BOOL cachable, int contentKeyUsage, const char* contentKeyNotBefore, const char* contentKeyNotOnOrAfter) { - std::string res; - char tmp[4096]; - - res += "{\"contentKeyNotOnOrAfter\":\""; - res += contentKeyNotOnOrAfter; - - res += "\",\"contentKey\":\""; - res += contentKey; - - res += "\",\"contentKeyId\":\""; - res += contentKeyId; - - res += "\",\"contentKeyRights\":\""; - res += contentKeyRights; - - res += "\",\"contentKeyCacheable\":"; - res += (cachable ? "true" : "false"); - - sprintf(tmp, "%d", contentKeyUsage); - - res += ",\"contentKeyUsage\":"; - res += tmp; - - res += ",\"contentKeyNotBefore\":\""; - res += contentKeyNotBefore; - - res += "\"}"; - - return toB64((SEC_BYTE*) res.c_str(), res.size()); -} - -std::string createJTypeBodyV2(const char *contentKey, const char *contentKeyId, const char *contentKeyRights, SEC_BOOL cachable, int contentKeyUsage, const char* contentKeyNotBefore, const char* contentKeyNotOnOrAfter, int cklen, const char *alg, const char *iv) { - std::string res; - char tmp[4096]; - - res += "{"; - - res += "\"contentKeyContainerVersion\":2"; - - res += ",\"contentKeyNotOnOrAfter\":\""; - res += contentKeyNotOnOrAfter; - - res += "\",\"contentKey\":\""; - res += contentKey; - - res += "\",\"contentKeyId\":\""; - res += contentKeyId; - - res += "\",\"contentKeyRights\":\""; - res += contentKeyRights; - - res += "\",\"contentKeyCacheable\":"; - res += (cachable ? "true" : "false"); - - sprintf(tmp, "%d", contentKeyUsage); - - res += ",\"contentKeyUsage\":"; - res += tmp; - - res += ",\"contentKeyNotBefore\":\""; - res += contentKeyNotBefore; - - res += "\",\"contentKeyLength\":"; - sprintf(tmp, "%d", cklen); - res += tmp; - res += ""; - - res += ",\"contentKeyTransportAlgorithm\":\""; - res += alg; - - if (iv != NULL) { - res += "\",\"contentKeyTransportIv\":\""; - res += iv; - } - - res += "\"}"; - - return toB64((SEC_BYTE*) res.c_str(), res.size()); -} - -std::string createContentKeyV1(TestKey contentKey, TestKey encryptionKey) { - std::vector conK = TestCreds::asOpenSslAes(contentKey); - if (conK.size() == 0) { - SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); - return std::string(); - } - - if (conK.size() != 16) { - SEC_LOG_ERROR("V1 Jtype cannot support keys that are not 128 bits"); - return std::string(); - } - - std::vector encK = TestCreds::asOpenSslAes(encryptionKey); - if (encK.size() == 0) { - SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); - return std::string(); - } - - std::vector encConK = opensslAesEcb(encryptionKey, SEC_CIPHERMODE_ENCRYPT, SEC_FALSE, NULL, conK); - if (encConK.empty()) { - SEC_LOG_ERROR("opensslAesEcb failed"); - return std::string(); - } - - return toB64(encConK.data(), encConK.size()); -} - -std::string createContentKeyV2(TestKey contentKey, TestKey encryptionKey, Sec_CipherAlgorithm alg, SEC_BYTE *iv) { - std::vector conK = TestCreds::asOpenSslAes(contentKey); - if (conK.size() == 0) { - SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); - return std::string(); - } - - std::vector encK = TestCreds::asOpenSslAes(encryptionKey); - if (encK.size() == 0) { - SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); - return std::string(); - } - - std::vector encConK; - - if (alg == SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING) { - encConK = opensslAesEcb(encryptionKey, SEC_CIPHERMODE_ENCRYPT, SEC_FALSE, iv, conK); - if (encConK.empty()) { - SEC_LOG_ERROR("opensslAesEcb failed"); - return std::string(); - } - } else if (alg == SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING) { - encConK = opensslAesEcb(encryptionKey, SEC_CIPHERMODE_ENCRYPT, SEC_TRUE, iv, conK); - if (encConK.empty()) { - SEC_LOG_ERROR("opensslAesEcb failed"); - return std::string(); - } - } else { - SEC_LOG_ERROR("Unexpected algorithm encountered: %d", alg); - } - - return toB64(encConK.data(), encConK.size()); -} - -std::string createJTypeMac(const std::string& header, const std::string& body, TestKey macKey) { - std::string data = header + "." + body; - std::vector input((SEC_BYTE *) data.data(), (SEC_BYTE *) (data.data()+data.size())); - std::vector mac = macOpenSSL(SEC_MACALGORITHM_HMAC_SHA256, macKey, input); - return toB64(mac.data(), mac.size()); -} - -std::string createJTypeContainer(const char *kid, const char *macalg, - TestKey contentKey, TestKey encryptionKey, const char *contentKeyId, const char *contentKeyRights, SEC_BOOL cachable, int contentKeyUsage, const char* contentKeyNotBefore, const char* contentKeyNotOnOrAfter, - TestKey macKey, int version, const char *alg) { - - std::string header_b64 = createJTypeHeader(kid, macalg); - if (header_b64.size() == 0) { - SEC_LOG_ERROR("createJTypeHeader failed"); - return std::string(); - } - - std::string body_b64; - if (version == 1) { - std::string encConK = createContentKeyV1(contentKey, encryptionKey); - if (encConK.empty()) { - SEC_LOG_ERROR("createContentKeyV1 failed"); - return std::string(); - } - - body_b64 = createJTypeBodyV1(encConK.c_str(), contentKeyId, contentKeyRights, cachable, contentKeyUsage, contentKeyNotBefore, contentKeyNotOnOrAfter); - if (body_b64.size() == 0) { - SEC_LOG_ERROR("createJTypeBody failed"); - return std::string(); - } - } else if (version == 2) { - Sec_CipherAlgorithm salg = SEC_CIPHERALGORITHM_NUM; - if (strcmp(alg, "aesEcbNone") == 0) { - salg = SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING; - } else if (strcmp(alg, "aesEcbPkcs5") == 0) { - salg = SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING; - } else { - SEC_LOG_ERROR("Unknown algorithm encountered: %s", alg); - return std::string(); - } - - std::string encConK = createContentKeyV2(contentKey, encryptionKey, salg, NULL); - if (encConK.empty()) { - SEC_LOG_ERROR("createContentKeyV2 failed"); - return std::string(); - } - - std::vector conK = TestCreds::asOpenSslAes(contentKey); - if (conK.size() == 0) { - SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); - return std::string(); - } - - body_b64 = createJTypeBodyV2(encConK.c_str(), contentKeyId, contentKeyRights, cachable, contentKeyUsage, contentKeyNotBefore, contentKeyNotOnOrAfter, conK.size(), alg, NULL); - if (body_b64.size() == 0) { - SEC_LOG_ERROR("createJTypeBody failed"); - return std::string(); - } - } else { - SEC_LOG_ERROR("Unknown version encountered: %d", version); - return std::string(); - } - - std::string mac_b64 = createJTypeMac(header_b64, body_b64, macKey); - if (mac_b64.size() == 0) { - SEC_LOG_ERROR("createJTypeMac failed"); - return std::string(); - } - - return header_b64 + "." + body_b64 + "." + mac_b64; -} - -Sec_Result testProvisionJType(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, int version, const char *alg) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - contentKey, encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - createDefaultRights(TestCreds::getKeyType(contentKey)).c_str(), - SEC_FALSE, 1, - "2010-12-09T19:53:06Z", "2037-12-09T19:53:06Z", - macKey, version, alg); - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - //provision encryption key - if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY, SEC_STORAGELOC_RAM, encryptionKey, encKc)) { - SEC_LOG_ERROR("provisionKey failed"); - return SEC_RESULT_FAILURE; - } - - //provision maccing key - if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY, SEC_STORAGELOC_RAM, macKey, macKc)) { - SEC_LOG_ERROR("provisionKey failed"); - return SEC_RESULT_FAILURE; - } - - //provsion j-type key - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_JTYPE, - (SEC_BYTE *) &jtype[0], jtype.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testExportKey(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, Sec_CipherAlgorithm alg, SEC_SIZE input_len, int version, const char *calg) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - contentKey, encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - createDefaultRights(TestCreds::getKeyType(contentKey)).c_str(), - SEC_TRUE, 1, - "2010-12-09T19:53:06Z", "2037-12-09T19:53:06Z", - macKey, version, calg); - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - //provision encryption key - if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY, SEC_STORAGELOC_RAM, encryptionKey, encKc)) { - SEC_LOG_ERROR("provisionKey failed"); - return SEC_RESULT_FAILURE; - } - - //provision maccing key - if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY, SEC_STORAGELOC_RAM, macKey, macKc)) { - SEC_LOG_ERROR("provisionKey failed"); - return SEC_RESULT_FAILURE; - } - - //provsion j-type key - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_JTYPE, - (SEC_BYTE *) &jtype[0], jtype.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *key_handle; - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &key_handle)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - //get properties from j-type - Sec_KeyProperties jtype_props; - if (SEC_RESULT_SUCCESS != SecKey_GetProperties(key_handle, &jtype_props)) { - SEC_LOG_ERROR("SecKey_GetProperties failed"); - return SEC_RESULT_FAILURE; - } - - //export j-type key - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key; - exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE exported_len; - - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(key_handle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("SecKey_ExportKey failed"); - return SEC_RESULT_FAILURE; - } - exported_key.resize(exported_len); - - //provision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *key_handle_exported; - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &key_handle_exported)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - //grab properties from exported - Sec_KeyProperties exported_props; - if (SEC_RESULT_SUCCESS != SecKey_GetProperties(key_handle_exported, &exported_props)) { - SEC_LOG_ERROR("SecKey_GetProperties failed"); - return SEC_RESULT_FAILURE; - } - - if (memcmp(&jtype_props, &exported_props, sizeof(Sec_KeyProperties)) != 0) { - SEC_LOG_ERROR("Key properties on jtype and exported container do not match"); - return SEC_RESULT_FAILURE; - } - - //test exported encryption - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, SEC_OBJECTID_USER_BASE, alg, input_len)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -std::string createDefaultRights(Sec_KeyType kt) { - Sec_KeyProperties props; - SecKeyProperties_SetDefault(&props, kt); - - return toB64(props.rights, sizeof(props.rights)); -} - -Sec_Result testDecryptJType(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, Sec_CipherAlgorithm alg, SEC_SIZE input_len, int version, const char *salg) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - contentKey, encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - createDefaultRights(TestCreds::getKeyType(contentKey)).c_str(), - SEC_FALSE, 1, - "2010-12-09T19:53:06Z", "2037-12-09T19:53:06Z", - macKey, version, salg); - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - Sec_StorageLoc loc = SEC_STORAGELOC_RAM; - - //provision encryption key - if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY, loc, encryptionKey, encKc)) { - SEC_LOG_ERROR("provisionKey failed"); - return SEC_RESULT_FAILURE; - } - - //provision maccing key - if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY, loc, macKey, macKc)) { - SEC_LOG_ERROR("provisionKey failed"); - return SEC_RESULT_FAILURE; - } - - //provision jtype key - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_JTYPE, - (SEC_BYTE *) &jtype[0], jtype.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - //test encryption - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, SEC_OBJECTID_USER_BASE, alg, input_len)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/jtype.h b/test/main/cpp/jtype.h deleted file mode 100644 index cea3afa..0000000 --- a/test/main/cpp/jtype.h +++ /dev/null @@ -1,37 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_JTYPE_H_ -#define TEST_JTYPE_H_ - -#include "sec_security.h" -#include "test_creds.h" -#include - -Sec_Result testProvisionJType(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, int version, const char *valg); -Sec_Result testDecryptJType(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, Sec_CipherAlgorithm alg, SEC_SIZE input_len, int version, const char *calg); -Sec_Result testExportKey(TestKey contentKey, TestKey encryptionKey, TestKc encKc, TestKey macKey, TestKc macKc, Sec_CipherAlgorithm alg, SEC_SIZE input_len, int version, const char *calg); - -std::string createJTypeContainer(const char *kid, const char *macalg, - TestKey contentKey, TestKey encryptionKey, const char *contentKeyId, const char *contentKeyRights, SEC_BOOL cachable, int contentKeyUsage, const char* contentKeyNotBefore, const char* contentKeyNotOnOrAfter, - TestKey macKey, int version, const char *alg); - -std::string createDefaultRights(Sec_KeyType kt); - -#endif diff --git a/test/main/cpp/key.cpp b/test/main/cpp/key.cpp deleted file mode 100644 index 53401b1..0000000 --- a/test/main/cpp/key.cpp +++ /dev/null @@ -1,1290 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "key.h" -#include "cipher.h" -#include "test_ctx.h" -#include "sec_security_utils.h" -#include -#include -#include "sec_security_store.h" -#include -#include - -static int _Sec_DisablePassphrasePrompt(char *buf, int size, int rwflag, void *u) -{ - return 0; -} - -static Sec_Result _BigNumToBuffer(const BIGNUM *bignum, SEC_BYTE *buffer, SEC_SIZE buffer_len) -{ - SEC_SIZE num_bytes; - - memset(buffer, 0, buffer_len); - num_bytes = BN_num_bytes(bignum); - - if (num_bytes > buffer_len) { - SEC_LOG_ERROR("buffer not large enough. needed: %d, actual: %d", num_bytes, buffer_len); - return SEC_RESULT_FAILURE; - } - - BN_bn2bin(bignum, buffer + buffer_len - num_bytes); - - return SEC_RESULT_SUCCESS; -} - -static void _RSAToPubBinary(RSA *rsa, Sec_RSARawPublicKey *binary) -{ - Sec_Uint32ToBEBytes(RSA_size(rsa), binary->modulus_len_be); - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - _BigNumToBuffer(rsa->n, binary->n, Sec_BEBytesToUint32(binary->modulus_len_be)); - _BigNumToBuffer(rsa->e, binary->e, 4); -#else - const BIGNUM *n = NULL; - const BIGNUM *e = NULL; - RSA_get0_key(rsa, &n, &e, NULL); - _BigNumToBuffer((BIGNUM *) n, binary->n, Sec_BEBytesToUint32(binary->modulus_len_be)); - _BigNumToBuffer((BIGNUM *) e, binary->e, 4); -#endif -} - - -static Sec_Result aesKeyCheck(Sec_ProcessorHandle *proc, SEC_OBJECTID id_first, SEC_OBJECTID id_second) { - SEC_PRINT("--- aes key check ---\n"); - - std::vector clear = TestCtx::random(SEC_AES_BLOCK_SIZE); - TestCtx::printHex("clear", clear); - - std::vector cipher_first; - cipher_first.resize(SEC_AES_BLOCK_SIZE); - SEC_SIZE cipher_first_len; - - if (SEC_RESULT_SUCCESS != SecCipher_SingleInputId(proc, - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, id_first, - NULL, &clear[0], clear.size(), &cipher_first[0], - cipher_first.size(), &cipher_first_len)) { - SEC_LOG_ERROR("SecCipher_SingleInputId failed"); - return SEC_RESULT_FAILURE; - } - cipher_first.resize(cipher_first_len); - TestCtx::printHex("cipher_first", cipher_first); - - std::vector cipher_second; - cipher_second.resize(SEC_AES_BLOCK_SIZE); - SEC_SIZE cipher_second_len; - - if (SEC_RESULT_SUCCESS != SecCipher_SingleInputId(proc, - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, id_second, - NULL, &clear[0], clear.size(), &cipher_second[0], - cipher_second.size(), &cipher_second_len)) { - SEC_LOG_ERROR("SecCipher_SingleInputId failed"); - return SEC_RESULT_FAILURE; - } - cipher_second.resize(cipher_second_len); - TestCtx::printHex("cipher_second", cipher_second); - - SEC_PRINT("---------------------\n"); - - //check if results match - if (cipher_first != cipher_second) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -static Sec_Result macCheck(Sec_ProcessorHandle *proc, Sec_MacAlgorithm alg, SEC_OBJECTID id_first, SEC_OBJECTID id_second) { - std::vector clear = TestCtx::random(256); - TestCtx::printHex("clear", clear); - - std::vector mac_first; - mac_first.resize(SEC_MAC_MAX_LEN); - SEC_SIZE mac_first_len; - if (SEC_RESULT_SUCCESS != SecMac_SingleInputId(proc, alg, id_first, &clear[0], clear.size(), &mac_first[0], &mac_first_len)) { - SEC_LOG_ERROR("SecMac_SingleInputId failed"); - return SEC_RESULT_FAILURE; - } - - mac_first.resize(mac_first_len); - TestCtx::printHex("mac_first", mac_first); - - std::vector mac_second; - mac_second.resize(SEC_MAC_MAX_LEN); - SEC_SIZE mac_second_len; - if (SEC_RESULT_SUCCESS != SecMac_SingleInputId(proc, alg, id_first, &clear[0], clear.size(), &mac_second[0], &mac_second_len)) { - SEC_LOG_ERROR("SecMac_SingleInputId failed"); - return SEC_RESULT_FAILURE; - } - - mac_second.resize(mac_second_len); - TestCtx::printHex("macSecApi", mac_second); - - //check if results match - if (mac_first != mac_second) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testStore(SEC_BOOL encrypt, SEC_BOOL mac) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector data = ctx.random(20); - TestCtx::printHex("data: ", data); - - //fill header - SecUtils_KeyStoreHeader keystore_header; - if (SEC_RESULT_SUCCESS != SecUtils_FillKeyStoreUserHeader(ctx.proc(), &keystore_header, SEC_KEYCONTAINER_RAW_HMAC_160)) - { - SEC_LOG_ERROR("SecUtils_FillKeyStoreUserHeader failed"); - return SEC_RESULT_FAILURE; - } - - //write store - std::vector store; - store.resize(SEC_KEYCONTAINER_MAX_LEN); - if (SEC_RESULT_SUCCESS != SecStore_StoreData(ctx.proc(), encrypt, mac, - (SEC_BYTE *) SEC_UTILS_KEYSTORE_MAGIC, &keystore_header, sizeof(keystore_header), - &data[0], data.size(), &store[0], store.size())) - { - SEC_LOG_ERROR("SecStore_StoreData failed"); - return SEC_RESULT_FAILURE; - } - store.resize(SecStore_GetStoreLen(&store[0])); - TestCtx::printHex("store: ", store); - - //read from store - SecUtils_KeyStoreHeader keystore_header2; - std::vector extracted_data; - extracted_data.resize(SEC_KEYCONTAINER_MAX_LEN); - if (SEC_RESULT_SUCCESS != SecStore_RetrieveData(ctx.proc(), mac, &keystore_header2, sizeof(keystore_header2), &extracted_data[0], extracted_data.size(), &store[0], store.size())) { - SEC_LOG_ERROR("SecStore_RetrieveData failed"); - return SEC_RESULT_FAILURE; - } - extracted_data.resize(SecStore_GetDataLen(&store[0])); - TestCtx::printHex("extracted_data: ", extracted_data); - - if (data != extracted_data) { - SEC_LOG_ERROR("Extracted data does not match what was put into the store"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testStoreProvision(SEC_OBJECTID id, SEC_BOOL encrypt, SEC_BOOL mac) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector data = ctx.random(20); - TestCtx::printHex("data: ", data); - - //fill header - SecUtils_KeyStoreHeader keystore_header; - if (SEC_RESULT_SUCCESS != SecUtils_FillKeyStoreUserHeader(ctx.proc(), &keystore_header, SEC_KEYCONTAINER_RAW_HMAC_160)) - { - SEC_LOG_ERROR("SecUtils_FillKeyStoreUserHeader failed"); - return SEC_RESULT_FAILURE; - } - - //write store - std::vector store; - store.resize(SEC_KEYCONTAINER_MAX_LEN); - if (SEC_RESULT_SUCCESS != SecStore_StoreData(ctx.proc(), encrypt, mac, - (SEC_BYTE *) SEC_UTILS_KEYSTORE_MAGIC, &keystore_header, sizeof(keystore_header), - &data[0], data.size(), &store[0], store.size())) - { - SEC_LOG_ERROR("SecStore_StoreData failed"); - return SEC_RESULT_FAILURE; - } - store.resize(SecStore_GetStoreLen(&store[0])); - TestCtx::printHex("store: ", store); - - //provision store - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), id, - SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_KEYCONTAINER_STORE, &store[0], - store.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyProvision(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == ctx.provisionKey(id, loc, key, kc)) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyProvisionDouble(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, TestKey key2, TestKc kc2, Sec_StorageLoc loc2) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = ctx.provisionKey(id, loc, key, kc); - if (NULL == handle) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - ctx.releaseKey(handle); - - handle = ctx.provisionKey(SEC_OBJECTID_USER_BASE, loc2, key2, kc2); - if (NULL == handle) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyGetKeyInfo(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = ctx.provisionKey(id, loc, key, kc); - if (NULL == handle) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyType kt = SecKey_GetKeyType(handle); - if (kt < 0 || kt >= SEC_KEYTYPE_NUM) { - SEC_LOG_ERROR("Invalid key type"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_GetKeyLen(handle) == 0) { - SEC_LOG_ERROR("Invalid key length"); - return SEC_RESULT_FAILURE; - } - - if (ctx.proc() != SecKey_GetProcessor(handle)) { - SEC_LOG_ERROR("SecKey_GetProcessor failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -static Sec_KeyType _GroupToKeyType(const EC_GROUP *group) -{ - if (NULL == group) - return SEC_KEYTYPE_NUM; - switch (EC_GROUP_get_curve_name(group)) - { - case NID_X9_62_prime256v1: - return SEC_KEYTYPE_ECC_NISTP256_PUBLIC; - case 0: - default: - return SEC_KEYTYPE_NUM; - } -} - -static Sec_Result _Extract_EC_KEY_X_Y(const EC_KEY *ec_key, BIGNUM **xp, BIGNUM **yp, Sec_KeyType *keyTypep) -{ - const EC_GROUP *group = NULL; - const EC_POINT *ec_point = NULL; - BN_CTX *ctx = NULL; - Sec_Result res = SEC_RESULT_FAILURE; - - if (NULL == xp) - { - SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: X cannot be NULL"); - goto error; - } - - group = EC_KEY_get0_group(ec_key); - if (NULL == group) - { - SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_KEY_get0_group: %s", ERR_error_string(ERR_get_error(), NULL)); - goto error; - } - - ec_point = EC_KEY_get0_public_key(ec_key); - if (NULL == ec_point) - { - SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_KEY_get0_public_key: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto error; - } - - ctx = BN_CTX_new(); - if (NULL == ctx) - { - SEC_LOG_ERROR("BN_CTX_new() failed"); - goto error; - } - - *xp = BN_new(); - if (NULL == *xp) - { - SEC_LOG_ERROR("BN_new() failed"); - goto error; - } - - if (NULL != yp) { // if caller wants y coordinate returned - *yp = BN_new(); - if (NULL == *yp) - { - SEC_LOG_ERROR("BN_new() failed"); - goto error; - } - } - - if (NULL != keyTypep) // if caller wants key type returned - { - *keyTypep = _GroupToKeyType(group); - } - - // Get the X coordinate and optionally the Y coordinate - if (EC_POINT_get_affine_coordinates_GFp(group, ec_point, - *xp, - yp != NULL ? *yp : NULL, - ctx) != 1) - { - BN_clear_free(*xp); - if (NULL != yp) - BN_clear_free(*yp); - SEC_LOG_ERROR("SecUtils_ExtractEcc_Key_X_Y: EC_POINT_get_affine_coordinates_GFp: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto error; - } - - res = SEC_RESULT_SUCCESS; - // continue into "error" - -error: - if (NULL != ctx) - BN_CTX_free(ctx); - - return res; -} - -static Sec_Result _ECCToPubBinary(EC_KEY *ec_key, Sec_ECCRawPublicKey *binary) -{ - BIGNUM *x = NULL; - BIGNUM *y = NULL; - Sec_KeyType keyType; - - if (_Extract_EC_KEY_X_Y(ec_key, &x, &y, &keyType) != SEC_RESULT_SUCCESS) - { - - SEC_LOG_ERROR("_Extract_EC_KEY_X_Y failed"); - return SEC_RESULT_FAILURE; - } - else - { - binary->type = keyType; - Sec_Uint32ToBEBytes(SecKey_GetKeyLenForKeyType(keyType), binary->key_len); - _BigNumToBuffer(x, binary->x, Sec_BEBytesToUint32(binary->key_len)); - _BigNumToBuffer(y, binary->y, Sec_BEBytesToUint32(binary->key_len)); - - BN_free(y); - BN_free(x); - return SEC_RESULT_SUCCESS; - } -} - -Sec_Result testKeyExtractPublicKey(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = ctx.provisionKey(id, loc, key, kc); - if (NULL == handle) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsEcc(TestCreds::getKeyType(key))) { - Sec_ECCRawPublicKey public_key; - memset(&public_key, 0, sizeof(public_key)); - if (SEC_RESULT_SUCCESS != SecKey_ExtractECCPublicKey(handle, &public_key)) { - SEC_LOG_ERROR("SecKey_ExtractECCPublicKey failed"); - return SEC_RESULT_FAILURE; - } - - std::vector secapi((SEC_BYTE *) &public_key, ((SEC_BYTE *) &public_key) + sizeof(Sec_ECCRawPublicKey)); - - TestCtx::printHex("secapi", secapi); - - if (kc != TESTKC_GENERATED) { - EC_KEY *ec = TestCreds::asOpenSslEcKey(key); - if (ec == NULL) { - SEC_LOG_ERROR("TestCreds::asOpenSslEc failed"); - return SEC_RESULT_FAILURE; - } - - memset(&public_key, 0, sizeof(public_key)); - _ECCToPubBinary(ec, &public_key); - SEC_ECC_FREE(ec); - - std::vector openssl((SEC_BYTE *) &public_key, ((SEC_BYTE *) &public_key) + sizeof(Sec_ECCRawPublicKey)); - TestCtx::printHex("openssl", openssl); - - if (secapi != openssl) { - return SEC_RESULT_FAILURE; - } - } - } else { - Sec_RSARawPublicKey public_key; - memset(&public_key, 0, sizeof(public_key)); - if (SEC_RESULT_SUCCESS != SecKey_ExtractRSAPublicKey(handle, &public_key)) { - SEC_LOG_ERROR("SecKey_ExtractRSAPublicKey failed"); - return SEC_RESULT_FAILURE; - } - - std::vector secapi((SEC_BYTE *) &public_key, ((SEC_BYTE *) &public_key) + sizeof(Sec_RSARawPublicKey)); - - TestCtx::printHex("secapi", secapi); - - RSA *rsa = TestCreds::asOpenSslRsa(key); - if (rsa == NULL) { - SEC_LOG_ERROR("TestCreds::asOpenSslRsa failed"); - return SEC_RESULT_FAILURE; - } - - memset(&public_key, 0, sizeof(public_key)); - _RSAToPubBinary(rsa, &public_key); - SEC_RSA_FREE(rsa); - - std::vector openssl((SEC_BYTE *) &public_key, ((SEC_BYTE *) &public_key) + sizeof(Sec_RSARawPublicKey)); - TestCtx::printHex("openssl", openssl); - - if (secapi != openssl) { - return SEC_RESULT_FAILURE; - } - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyGenerate(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, SEC_BOOL testEncDec) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_Generate(ctx.proc(), id, keyType, loc)) { - SEC_LOG_ERROR("SecKey_Generate failed"); - return SEC_RESULT_FAILURE; - } - - if (testEncDec) { - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - } - - if (keyType == SEC_KEYTYPE_ECC_NISTP256) { - Sec_KeyHandle *keyHandle; - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, &keyHandle)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - SecKey_Delete(ctx.proc(), id); - return SEC_RESULT_FAILURE; - } - - Sec_ECCRawPublicKey public_key; - if (SEC_RESULT_SUCCESS != SecKey_ExtractECCPublicKey(keyHandle, &public_key)) { - SEC_LOG_ERROR("SecKey_ExtractECCPublicKey failed"); - SecKey_Release(keyHandle); - SecKey_Delete(ctx.proc(), id); - return SEC_RESULT_FAILURE; - } - - SecKey_Release(keyHandle); - } - - SecKey_Delete(ctx.proc(), id); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyDeriveHKDF(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm, SEC_BOOL testEncDec) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector nonce = TestCtx::random(SEC_NONCE_LEN); - TestCtx::printHex("nonce", nonce); - std::vector salt = TestCtx::random(25); - TestCtx::printHex("salt", salt); - std::vector info = TestCtx::random(17); - TestCtx::printHex("info", info); - - if (SEC_RESULT_SUCCESS != SecKey_Derive_HKDF(ctx.proc(), - id, keyType, loc, macAlgorithm, - &nonce[0], &salt[0], salt.size(), &info[0], info.size())) { - SEC_LOG_ERROR("SecKey_Derive_HKDF failed"); - return SEC_RESULT_FAILURE; - } - - if (testEncDec) { - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - } - - SecKey_Delete(ctx.proc(), id); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyDeriveConcatKDF(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm, SEC_BOOL testEncDec) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector nonce = TestCtx::random(SEC_NONCE_LEN); - TestCtx::printHex("nonce", nonce); - std::vector otherInfo = TestCtx::random(17); - TestCtx::printHex("otherInfo", otherInfo); - - if (SEC_RESULT_SUCCESS != SecKey_Derive_ConcatKDF(ctx.proc(), - id, keyType,loc, digestAlgorithm, - &nonce[0], &otherInfo[0], otherInfo.size())) { - SEC_LOG_ERROR("SecKey_Derive_ConcatKDF failed"); - return SEC_RESULT_FAILURE; - } - - if (testEncDec) { - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - } - - SecKey_Delete(ctx.proc(), id); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyDeriveVendorAes128(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm, SEC_BOOL testEncDec) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector input = TestCtx::random(25); - TestCtx::printHex("input", input); - - if (SEC_RESULT_SUCCESS != SecKey_Derive_VendorAes128(ctx.proc(), - id, loc, &input[0], input.size())) { - SEC_LOG_ERROR("SecKey_Derive_VendorAes128 failed"); - return SEC_RESULT_FAILURE; - } - - if (testEncDec) { - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - } - - SecKey_Delete(ctx.proc(), id); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyDeriveKeyLadderAes128(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_KeyLadderRoot root, SEC_BOOL testEncDec) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector > inputs; - inputs.resize(SecProcessor_GetKeyLadderMaxDepth(ctx.proc(), root)); - - if (inputs.size() == 0) { - SEC_LOG_ERROR("Key ladder not available"); - return SEC_RESULT_FAILURE; - } - - for (unsigned int i=0; i 0 ? &(inputs[0])[0] : NULL, - inputs.size() > 1 ? &(inputs[1])[0] : NULL, - inputs.size() > 2 ? &(inputs[2])[0] : NULL, - inputs.size() > 3 ? &(inputs[3])[0] : NULL)) { - SEC_LOG_ERROR("SecKey_Derive_KeyLadderAes128 failed"); - return SEC_RESULT_FAILURE; - } - - if (testEncDec) { - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - } - - SecKey_Delete(ctx.proc(), id); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyComputeBaseKeyDigest(SEC_OBJECTID id, Sec_DigestAlgorithm alg) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector nonce = TestCtx::random(SEC_NONCE_LEN); - TestCtx::printHex("nonce", nonce); - - std::vector digest; - digest.resize(SEC_DIGEST_MAX_LEN); - SEC_SIZE digestLen; - - if (SEC_RESULT_SUCCESS != SecKey_ComputeBaseKeyDigest(ctx.proc(), &nonce[0], - alg, &digest[0], &digestLen)) { - SEC_LOG_ERROR("SecKey_ComputeBaseKeyDigest failed"); - return SEC_RESULT_FAILURE; - } - - digest.resize(digestLen); - TestCtx::printHex("digest", digest); - - return SEC_RESULT_SUCCESS; -} - -static EC_KEY *_ECCFromDERPriv(SEC_BYTE *der, SEC_SIZE der_len) -{ - const unsigned char *p = (const unsigned char *) der; - PKCS8_PRIV_KEY_INFO *p8 = NULL; - EVP_PKEY *evp_key = NULL; - EC_KEY *ecc = NULL; - - p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, der_len); - if (p8 != NULL) - { - evp_key = EVP_PKCS82PKEY(p8); - if (evp_key == NULL) - { - SEC_LOG_ERROR("EVP_PKCS82PKEY failed"); - goto done; - } - } - else - { - evp_key = d2i_AutoPrivateKey(NULL, &p, der_len); - if (evp_key == NULL) - { - SEC_LOG_ERROR("d2i_AutoPrivateKey failed"); - goto done; - } - } - - ecc = EVP_PKEY_get1_EC_KEY(evp_key); - if (ecc == NULL) - { - SEC_LOG_ERROR("EVP_PKEY_get1_EC_KEY failed"); - goto done; - } - -done: - SEC_EVPPKEY_FREE(evp_key); - - if (p8 != NULL) - { - PKCS8_PRIV_KEY_INFO_free(p8); - } - - return ecc; -} - -static EC_KEY *_ECCFromPEMPub(SEC_BYTE *pem, SEC_SIZE pem_len) -{ - BIO *bio = NULL; - EC_KEY *ec_key = NULL; - - bio = BIO_new_mem_buf(pem, pem_len); - ec_key = PEM_read_bio_EC_PUBKEY(bio, &ec_key, _Sec_DisablePassphrasePrompt, NULL); - - if (ec_key == NULL) - { - SEC_LOG_ERROR("Invalid ECC key container"); - goto done; - } - -done: - SEC_BIO_FREE(bio); - - return ec_key; -} - -static EC_KEY *_ECCFromDERPub(SEC_BYTE *der, SEC_SIZE der_len) -{ - const unsigned char *p = (const unsigned char *) der; - EC_KEY *ec_key = NULL; - - ec_key = d2i_EC_PUBKEY(&ec_key, &p, der_len); - - if (ec_key == NULL) - { - SEC_LOG_ERROR("Invalid ECC key container"); - goto done; - } - -done: - return ec_key; -} - -static EC_KEY *_ECCFromPrivBinary(Sec_ECCRawPrivateKey *binary) -{ - BN_CTX *ctx = BN_CTX_new(); - - // Note that SEC_KEYTYPE_ECC_NISTP256_PUBLIC is not acceptable, - // because it won't have a private key value - if (binary->type != SEC_KEYTYPE_ECC_NISTP256) - return NULL; - - EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); //create ec_key structure with NIST p256 curve; - const EC_GROUP *group = EC_KEY_get0_group(ec_key); - EC_POINT *ec_point = EC_POINT_new(group); - BN_CTX_start(ctx); - BIGNUM *xp, *yp, *prvp; - if (((xp = BN_CTX_get(ctx)) == NULL) || ((yp = BN_CTX_get(ctx)) == NULL) - || ((prvp = BN_CTX_get(ctx)) == NULL)) - goto done; - - EC_POINT_set_affine_coordinates_GFp(group, ec_point, - BN_bin2bn(binary->x, Sec_BEBytesToUint32(binary->key_len), xp), - BN_bin2bn(binary->y, Sec_BEBytesToUint32(binary->key_len), yp), ctx); - EC_KEY_set_public_key(ec_key, ec_point); - - EC_KEY_set_private_key(ec_key, - BN_bin2bn(binary->prv, Sec_BEBytesToUint32(binary->key_len), prvp)); - -done: - EC_POINT_free(ec_point); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - - return ec_key; -} - -static EC_KEY *_ECCFromPubBinary(Sec_ECCRawPublicKey *binary) -{ - BN_CTX *ctx = BN_CTX_new(); - - if ( binary->type != SEC_KEYTYPE_ECC_NISTP256_PUBLIC - && binary->type != SEC_KEYTYPE_ECC_NISTP256) - return NULL; - - EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); //create ec_key structure with NIST p256 curve; - const EC_GROUP *group = EC_KEY_get0_group(ec_key); - EC_POINT *ec_point = EC_POINT_new(group); - BN_CTX_start(ctx); - BIGNUM *xp, *yp; - - if (((xp = BN_CTX_get(ctx)) == NULL) || ((yp = BN_CTX_get(ctx)) == NULL)) - goto done; - - EC_POINT_set_affine_coordinates_GFp(group, ec_point, - BN_bin2bn(binary->x, Sec_BEBytesToUint32(binary->key_len), xp), - BN_bin2bn(binary->y, Sec_BEBytesToUint32(binary->key_len), yp), ctx); - EC_KEY_set_public_key(ec_key, ec_point); - -done: - EC_POINT_free(ec_point); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - - return ec_key; -} - -static EC_KEY *_ECCFromPEMPriv(SEC_BYTE *pem, SEC_SIZE pem_len) -{ - BIO *bio = NULL; - EC_KEY *ec_key = NULL; - - bio = BIO_new_mem_buf(pem, pem_len); - ec_key = PEM_read_bio_ECPrivateKey(bio, &ec_key, _Sec_DisablePassphrasePrompt, NULL); - - if (ec_key == NULL) - { - SEC_LOG_ERROR("Invalid ECC key container"); - goto done; - } - -done: - SEC_BIO_FREE(bio); - - return ec_key; -} - -static EC_KEY* _ECCFromClearKC(Sec_ProcessorHandle *proc, Sec_KeyContainer kc, - SEC_BYTE *data, SEC_SIZE data_len) -{ //$$$ could add SEC_KEYCONTAINER_RAW_ECC_PRIVONLY_NISTP256 - EC_KEY *ec_key = NULL; - SecUtils_KeyStoreHeader store_header; - SEC_BYTE store_data[SEC_KEYCONTAINER_MAX_LEN]; - - if (kc == SEC_KEYCONTAINER_DER_ECC_NISTP256) - { - ec_key = _ECCFromDERPriv(data, data_len); - if (ec_key == NULL) - { - SEC_LOG_ERROR("SecUtils_ECCFromDERPriv failed"); - goto done; - } - } - else if (kc == SEC_KEYCONTAINER_DER_ECC_NISTP256_PUBLIC) - { - ec_key = _ECCFromDERPub(data, data_len); - if (ec_key == NULL) - { - SEC_LOG_ERROR("SecUtils_ECCFromDERPub failed"); - goto done; - } - } - else if (kc == SEC_KEYCONTAINER_RAW_ECC_NISTP256) - { - if (data_len == sizeof(Sec_ECCRawPrivateKey)) - { - ec_key = _ECCFromPrivBinary((Sec_ECCRawPrivateKey *) data); - if (ec_key == NULL) - { - SEC_LOG_ERROR("SecUtils_ECCFromPrivBinary failed"); - goto done; - } - } - else - { - SEC_LOG_ERROR("Invalid priv key structure size: %d", data_len); - goto done; - } - } - else if (kc == SEC_KEYCONTAINER_RAW_ECC_NISTP256_PUBLIC) - { - if (data_len != sizeof(Sec_ECCRawPublicKey)) - { - SEC_LOG_ERROR("Invalid pub key structure size: %d", data_len); - goto done; - } - - ec_key = _ECCFromPubBinary((Sec_ECCRawPublicKey *) data); - if (ec_key == NULL) - { - SEC_LOG_ERROR("SecUtils_ECCFromPubBinary failed"); - goto done; - } - } - else if (kc == SEC_KEYCONTAINER_PEM_ECC_NISTP256) - { - ec_key = _ECCFromPEMPriv(data, data_len); - if (ec_key == NULL) - { - SEC_LOG_ERROR("SecUtils_ECCFromPEMPriv failed"); - goto done; - } - } - else if (kc == SEC_KEYCONTAINER_PEM_ECC_NISTP256_PUBLIC) - { - ec_key = _ECCFromPEMPub(data, data_len); - if (ec_key == NULL) - { - SEC_LOG_ERROR("SecUtils_ECCFromPEMPub failed"); - goto done; - } - } - else if (kc == SEC_KEYCONTAINER_STORE) - { - if (SEC_RESULT_SUCCESS - != SecStore_RetrieveData(proc, SEC_FALSE, &store_header, - sizeof(store_header), store_data, sizeof(store_data), - data, data_len)) - { - SEC_LOG_ERROR("SecStore_RetrieveData failed"); - goto done; - } - - ec_key = _ECCFromClearKC(proc, (Sec_KeyContainer) store_header.inner_kc_type, - store_data, SecStore_GetDataLen(data)); - if (ec_key == NULL) - { - SEC_LOG_ERROR("_ECCFromClearKC failed"); - goto done; - } - } - else - { - SEC_LOG_ERROR("Unknown container type"); - goto done; - } - -done: return ec_key; -} - -Sec_Result testKeyECDHKeyAgreementWithKDF( - SEC_OBJECTID id_derived, - SEC_OBJECTID id_priv, TestKey priv, TestKc priv_kc, TestKey pub, - Sec_KeyType keyType, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm, - SEC_BOOL testEncDec) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *priv_handle = NULL; - if (NULL == (priv_handle = ctx.provisionKey(id_priv, loc, priv, priv_kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - ProvKey* keyPubRaw = TestCreds::getKey(pub, TESTKC_RAW, SEC_OBJECTID_INVALID); - EC_KEY* ec_key_pub = _ECCFromClearKC(ctx.proc(), keyPubRaw->kc, &(keyPubRaw->key[0]), keyPubRaw->key.size()); - if (ec_key_pub == NULL) { - SEC_ECC_FREE(ec_key_pub); - SEC_LOG_ERROR("_ECCFromClearKC failed"); - return SEC_RESULT_FAILURE; - } - - Sec_ECCRawPublicKey pub_other; - if (SEC_RESULT_SUCCESS != _ECCToPubBinary(ec_key_pub, &pub_other)) { - SEC_ECC_FREE(ec_key_pub); - SEC_LOG_ERROR("_ECCToPubBinary failed"); - return SEC_RESULT_FAILURE; - } - - std::vector other_info = TestCtx::random(52); - TestCtx::printHex("other_info: ", other_info); - - if (SEC_RESULT_SUCCESS != SecKey_ECDHKeyAgreementWithKDF(priv_handle, - &pub_other, keyType, id_derived, loc, - SEC_KDF_CONCAT, - digestAlgorithm, &other_info[0], other_info.size())) { - SEC_LOG_ERROR("SecKey_ECDHKeyAgreementWithKDF failed"); - return SEC_RESULT_FAILURE; - } - - if (testEncDec) { - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id_derived, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - } - - SecKey_Delete(ctx.proc(), id_derived); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyDeriveCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, TestKc baseKc, Sec_KeyType keyType, Sec_StorageLoc loc, SEC_BOOL testEncDec, SEC_BYTE counter, uint32_t L) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == ctx.provisionKey(idBase, loc, TESTKEY_AES128, baseKc)) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - //base key - TestCtx::printHex("baseKey", TestCreds::asOpenSslAes(TESTKEY_AES128)); - - //label - std::vector otherData = TestCtx::random(10); - //separator - otherData.push_back(0); - //ctx - std::vector ctx2 = TestCtx::random(32); - otherData.insert(otherData.end(), ctx2.begin(), ctx2.end()); - - otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); - Sec_Uint32ToBEBytes(L, &otherData[otherData.size() - 4]); - - TestCtx::printHex("otherData", otherData); - - if (SEC_RESULT_SUCCESS != SecKey_Derive_CMAC_AES128(ctx.proc(), - idDerived, keyType,loc, - idBase, - &otherData[0], otherData.size(), - &counter, 1)) { - SEC_LOG_ERROR("SecKey_Derive_CMAC_AES128 failed"); - return SEC_RESULT_FAILURE; - } - - if (testEncDec) { - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idDerived, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - } - } - - SecKey_Delete(ctx.proc(), idDerived); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyDeriveBaseKey(SEC_OBJECTID idDerived, Sec_StorageLoc loc) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector nonce = TestCtx::random(SEC_NONCE_LEN); - TestCtx::printHex("nonce", nonce); - - if (SEC_RESULT_SUCCESS != SecKey_Derive_BaseKey(ctx.proc(), idDerived, SEC_KEYTYPE_HMAC_128, loc, &nonce[0])) { - SEC_LOG_ERROR("SecKey_Derive_BaseKey failed"); - return SEC_RESULT_FAILURE; - } - - SecKey_Delete(ctx.proc(), idDerived); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyDeriveHKDFBaseKey(Sec_KeyType typeDerived, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm) { - Sec_Result res = SEC_RESULT_FAILURE; - SEC_OBJECTID baseKeyId = SEC_OBJECTID_USER_BASE; - SEC_OBJECTID idDerived = baseKeyId + 1; - SEC_OBJECTID idDerivedSecond = idDerived + 1; - - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector nonce = TestCtx::random(SEC_NONCE_LEN); - TestCtx::printHex("nonce", nonce); - - std::vector salt = TestCtx::random(20); - TestCtx::printHex("salt", salt); - - std::vector info = TestCtx::random(40); - TestCtx::printHex("info", info); - - if (SEC_RESULT_SUCCESS != SecKey_Derive_BaseKey(ctx.proc(), baseKeyId, SEC_KEYTYPE_HMAC_128, loc, &nonce[0])) { - SEC_LOG_ERROR("SecKey_Derive_BaseKey failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKey_Derive_HKDF_BaseKey(ctx.proc(), idDerived, typeDerived, loc, macAlgorithm, &salt[0], salt.size(), &info[0], info.size(), baseKeyId)) { - SEC_LOG_ERROR("SecKey_Derive_HKDF_BaseKey failed"); - goto done; - } - - //repeat derivation - if (SEC_RESULT_SUCCESS != SecKey_Derive_BaseKey(ctx.proc(), baseKeyId, SEC_KEYTYPE_HMAC_128, loc, &nonce[0])) { - SEC_LOG_ERROR("SecKey_Derive_BaseKey failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKey_Derive_HKDF_BaseKey(ctx.proc(), idDerivedSecond, typeDerived, loc, macAlgorithm, &salt[0], salt.size(), &info[0], info.size(), baseKeyId)) { - SEC_LOG_ERROR("SecKey_Derive_HKDF_BaseKey failed"); - goto done; - } - - //test enc/dec or mac - if (SecKey_IsAES(typeDerived)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idDerived, idDerivedSecond)) { - SEC_LOG_ERROR("aesKeyCheck failed"); - goto done; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idDerived, idDerivedSecond)) { - SEC_LOG_ERROR("macCheck failed"); - goto done; - } - } - - res = SEC_RESULT_SUCCESS; - -done: - SecKey_Delete(ctx.proc(), baseKeyId); - SecKey_Delete(ctx.proc(), idDerived); - SecKey_Delete(ctx.proc(), idDerivedSecond); - - return res; -} - -Sec_Result testKeyDeriveConcatKDFBaseKey(Sec_KeyType typeDerived, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm) { - SEC_OBJECTID baseKeyId = SEC_OBJECTID_USER_BASE; - SEC_OBJECTID idDerived = baseKeyId + 1; - SEC_OBJECTID idDerivedSecond = idDerived + 1; - Sec_Result res = SEC_RESULT_FAILURE; - - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector nonce = TestCtx::random(SEC_NONCE_LEN); - TestCtx::printHex("nonce", nonce); - - std::vector info = TestCtx::random(40); - TestCtx::printHex("info", info); - - if (SEC_RESULT_SUCCESS != SecKey_Derive_BaseKey(ctx.proc(), baseKeyId, SEC_KEYTYPE_AES_128, loc, &nonce[0])) { - SEC_LOG_ERROR("SecKey_Derive_BaseKey failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKey_Derive_ConcatKDF_BaseKey(ctx.proc(), idDerived, typeDerived, loc, digestAlgorithm, &info[0], info.size(), baseKeyId)) { - SEC_LOG_ERROR("SecKey_Derive_ConcatKDF_BaseKey failed"); - SecKey_Delete(ctx.proc(), baseKeyId); - goto done; - } - - //repeat derivation - if (SEC_RESULT_SUCCESS != SecKey_Derive_BaseKey(ctx.proc(), baseKeyId, SEC_KEYTYPE_AES_128, loc, &nonce[0])) { - SEC_LOG_ERROR("SecKey_Derive_BaseKey failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKey_Derive_ConcatKDF_BaseKey(ctx.proc(), idDerivedSecond, typeDerived, loc, digestAlgorithm, &info[0], info.size(), baseKeyId)) { - SEC_LOG_ERROR("SecKey_Derive_ConcatKDF_BaseKey failed"); - SecKey_Delete(ctx.proc(), baseKeyId); - goto done; - } - - //test enc/dec or mac - if (SecKey_IsAES(typeDerived)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idDerived, idDerivedSecond)) { - SEC_LOG_ERROR("aesKeyCheck failed"); - goto done; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idDerived, idDerivedSecond)) { - SEC_LOG_ERROR("macCheck failed"); - goto done; - } - } - - res = SEC_RESULT_SUCCESS; - -done: - SecKey_Delete(ctx.proc(), baseKeyId); - SecKey_Delete(ctx.proc(), idDerived); - SecKey_Delete(ctx.proc(), idDerivedSecond); - - return res; -} - -Sec_Result testExportProvisionedKey(TestKey key, TestKc kc) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - //provision encryption key - Sec_KeyHandle *key_handle = ctx.provisionKey(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, key, kc); - if (NULL == key_handle) { - SEC_LOG_ERROR("provisionKey failed"); - return SEC_RESULT_FAILURE; - } - - //export j-type key - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key; - exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE exported_len; - - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(key_handle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("SecKey_ExportKey failed"); - return SEC_RESULT_FAILURE; - } - exported_key.resize(exported_len); - - //provision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *key_handle_exported; - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &key_handle_exported)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - //grab properties from exported - Sec_KeyProperties exported_props; - if (SEC_RESULT_SUCCESS != SecKey_GetProperties(key_handle_exported, &exported_props)) { - SEC_LOG_ERROR("SecKey_GetProperties failed"); - return SEC_RESULT_FAILURE; - } - - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/key.h b/test/main/cpp/key.h deleted file mode 100644 index 5bd965a..0000000 --- a/test/main/cpp/key.h +++ /dev/null @@ -1,45 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_KEY_H_ -#define TEST_KEY_H_ - -#include "sec_security.h" -#include "test_creds.h" - -Sec_Result testStore(SEC_BOOL encrypt, SEC_BOOL mac); -Sec_Result testStoreProvision(SEC_OBJECTID id, SEC_BOOL encrypt, SEC_BOOL mac); -Sec_Result testKeyProvision(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); -Sec_Result testKeyProvisionDouble(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, TestKey key2, TestKc kc2, Sec_StorageLoc loc2); -Sec_Result testKeyGetKeyInfo(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); -Sec_Result testKeyExtractPublicKey(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); -Sec_Result testKeyGenerate(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, SEC_BOOL testEncDec); -Sec_Result testKeyDeriveHKDF(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm, SEC_BOOL testEncDec); -Sec_Result testKeyDeriveConcatKDF(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm, SEC_BOOL testEncDec); -Sec_Result testKeyDeriveVendorAes128(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm, SEC_BOOL testEncDec); -Sec_Result testKeyDeriveKeyLadderAes128(SEC_OBJECTID id, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_KeyLadderRoot root, SEC_BOOL testEncDec); -Sec_Result testKeyComputeBaseKeyDigest(SEC_OBJECTID id, Sec_DigestAlgorithm alg); -Sec_Result testKeyECDHKeyAgreementWithKDF(SEC_OBJECTID id_derived, SEC_OBJECTID id_priv, TestKey priv, TestKc priv_kc, TestKey pub, Sec_KeyType keyType, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm, SEC_BOOL testEncDec); -Sec_Result testKeyDeriveCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, TestKc baseKc, Sec_KeyType keyType, Sec_StorageLoc loc, SEC_BOOL testEncDec, SEC_BYTE counter, uint32_t L); -Sec_Result testKeyDeriveBaseKey(SEC_OBJECTID idDerived, Sec_StorageLoc loc); -Sec_Result testKeyDeriveHKDFBaseKey(Sec_KeyType typeDerived, Sec_StorageLoc loc, Sec_MacAlgorithm macAlgorithm); -Sec_Result testKeyDeriveConcatKDFBaseKey(Sec_KeyType typeDerived, Sec_StorageLoc loc, Sec_DigestAlgorithm digestAlgorithm); -Sec_Result testExportProvisionedKey(TestKey key, TestKc kc); - -#endif diff --git a/test/main/cpp/keyctrl.cpp b/test/main/cpp/keyctrl.cpp deleted file mode 100644 index 630648e..0000000 --- a/test/main/cpp/keyctrl.cpp +++ /dev/null @@ -1,1970 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "keyctrl.h" -#include "jtype.h" -#include "mac.h" -#include "test_ctx.h" -#include "sec_security_comcastids.h" -#include "sec_security_utils.h" -#include "cipher.h" -#include "sign.h" -#include "jtype.h" -#include -#include -#include -#include - -// default params for jtype key container -struct default_jtype_data_st -{ - TestKey contentKey; - TestKey encryptionKey; - TestKc encKc; - TestKey macKey; - TestKc macKc; - SEC_OBJECTID provisionId; -}g_default_jtype_data = { - .contentKey = TESTKEY_AES128, - .encryptionKey = TESTKEY_AES128, - .encKc = TESTKC_SOC, - .macKey = TESTKEY_HMAC160, - .macKc = TESTKC_RAW, - .provisionId = SEC_OBJECTID_USER_BASE -}; - -#define RIGHTS_INIT(x) memset(x,0,SEC_KEYOUTPUTRIGHT_NUM) - -std::string toB64(SEC_BYTE *data, SEC_SIZE len); - -/* Convenience function to provision the jtype key and session keys using the default - * settings. Since the jtype is a wrapped key, a check is performed to test if the - * platform supports wrapped keys in the clear. if it doesn't, SOC key container - * needs to be used. - */ -static Sec_KeyHandle* _provisionJTypeAndSession(TestCtx &ctx, std::string &jtypeKey) -{ - Sec_KeyHandle *keyHandle = NULL; - - if (SecKey_IsProvisioned(ctx.proc(), SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY) - && SecKey_IsProvisioned(ctx.proc(), SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY)) { - SEC_PRINT("Session ENC and MAC keys are already provisioned. Not provisioning again.\n"); - } else { - SEC_PRINT("Provisioning session ENC and MAC.\n"); - - //provision encryption key - if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONENCKEY, SEC_STORAGELOC_RAM, - g_default_jtype_data.encryptionKey, g_default_jtype_data.encKc)) { - SEC_LOG_ERROR("provisionKey failed"); - goto done; - } - - //provision maccing key - if (NULL == ctx.provisionKey(SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY, SEC_STORAGELOC_RAM, - g_default_jtype_data.macKey, g_default_jtype_data.macKc)) { - SEC_LOG_ERROR("provisionKey failed"); - goto done; - } - } - - //provision jtype key - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), g_default_jtype_data.provisionId, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_JTYPE, - (SEC_BYTE *)&jtypeKey[0], jtypeKey.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), g_default_jtype_data.provisionId, &keyHandle)) - { - SEC_LOG_ERROR("SecKey_GetInstance failed for jtype key"); - goto done; - } - -done: - - return keyHandle; -} - -/* SecCipher_GetInstance should fail with notBefore date in the future */ -Sec_Result testKeyCtrlKeyNotYetAvail(int version, const char *alg) -{ - Sec_Result result = SEC_RESULT_FAILURE; - TestCtx ctx; - Sec_CipherHandle *cipherHandle = NULL; - Sec_KeyHandle *keyHandle = NULL; - SEC_BYTE iv[16] = {0x01}; - const char *notBeforeTimeStr = "2022-12-09T19:53:06Z"; - - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - /* key avail in one hour */ - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - g_default_jtype_data.contentKey, - g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), - SEC_FALSE, 1, - notBeforeTimeStr, - "2030-12-09T19:53:06Z", - g_default_jtype_data.macKey, - version, alg); - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - goto done; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - goto done; - } - - if (SEC_RESULT_FAILURE - != SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, - keyHandle, iv, &cipherHandle)) - { - SEC_LOG_ERROR( - "expected SeCcipher_GetInstance to fail for jtype key with notBefore [%s]", notBeforeTimeStr); - - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (cipherHandle) - SecCipher_Release(cipherHandle); - - if (keyHandle) - SecKey_Release(keyHandle); - - return result; -} - -/* Generate a jtype key with usage of key only. SecCipher_GetInstance should fail. */ -Sec_Result testKeyCtrlKeyOnlyUsage(int version, const char *alg) -{ - Sec_Result result = SEC_RESULT_FAILURE; - TestCtx ctx; - Sec_CipherHandle *cipherHandle = NULL; - Sec_KeyHandle *keyHandle = NULL; - SEC_BYTE iv[16] = {0x01}; - - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - - /* expired key */ - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - g_default_jtype_data.contentKey, g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), - SEC_FALSE, SEC_KEYUSAGE_KEY, - "2010-12-09T19:53:06Z", "2025-12-09T01:02:03Z", - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - goto done; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - goto done; - } - - if (SEC_RESULT_SUCCESS == SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, - keyHandle, iv, &cipherHandle)) - { - SEC_LOG_ERROR( - "expected Seccipher_GetInstance to fail for key with usage flag for 'key' only"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (keyHandle) - SecKey_Release(keyHandle); - - if (cipherHandle) - SecCipher_Release(cipherHandle); - - return result; -} - -/* Generate a jtype key with usage of data only. */ -Sec_Result testKeyCtrlUnwrapWithKeyUsage(int version, const char *alg, TestKey contentKey) -{ - Sec_Result result = SEC_RESULT_FAILURE; - TestCtx ctx; - Sec_KeyHandle *keyHandle = NULL; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - contentKey, g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - createDefaultRights(TestCreds::getKeyType(contentKey)).c_str(), - SEC_FALSE, SEC_KEYUSAGE_KEY, - "2010-12-09T19:53:06Z", "2025-12-09T01:02:03Z", - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - /* FIXME: actually encrypt the key bytes first */ - - //create wrapped asn1 key - std::vector wrapped = TestCtx::random(16); - std::vector asn1; - asn1.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE asn1_len; - SEC_BYTE input[SEC_AES_BLOCK_SIZE]; - SEC_BYTE output[SEC_AES_BLOCK_SIZE]; - SEC_SIZE output_len; - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1(&wrapped[0], wrapped.size(), - SEC_KEYTYPE_AES_128, - g_default_jtype_data.provisionId, NULL, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, - &asn1[0], asn1.size(), &asn1_len)) { - SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); - goto done; - } - asn1.resize(asn1_len); - - //provision wrapped - SEC_PRINT("Provisioning wrapped\n"); - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE+1, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_ASN1, - (SEC_BYTE *) &asn1[0], asn1.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - goto done; - } - - SEC_PRINT("Wielding wrapped\n"); - if (SEC_RESULT_SUCCESS != SecCipher_SingleInputId(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_OBJECTID_USER_BASE+1, - NULL, input, sizeof(input), output, - sizeof(output), &output_len)) { - SEC_LOG_ERROR("SecCipher_SingleInputId failed"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (keyHandle) - SecKey_Release(keyHandle); - - return result; -} - -Sec_Result testKeyCtrlUnwrapWithDataUsage(int version, const char *alg) -{ - Sec_Result result = SEC_RESULT_FAILURE; - TestCtx ctx; - Sec_KeyHandle *keyHandle = NULL; - //create wrapped asn1 key - std::vector wrapped = TestCtx::random(16); - std::vector asn1; - asn1.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE asn1_len; - SEC_BYTE input[SEC_AES_BLOCK_SIZE]; - SEC_BYTE output[SEC_AES_BLOCK_SIZE]; - SEC_SIZE output_len; - std::string jtype; - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key(SEC_KEYCONTAINER_MAX_LEN,0); - SEC_SIZE exported_len = 0; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - goto done; - } - - jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - g_default_jtype_data.contentKey, g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), - SEC_TRUE, SEC_KEYUSAGE_DATA, - "2010-12-09T19:53:06Z", "2025-12-09T01:02:03Z", - g_default_jtype_data.macKey, - version, alg); - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1(&wrapped[0], wrapped.size(), - SEC_KEYTYPE_AES_128, - SEC_OBJECTID_USER_BASE, NULL, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, - &asn1[0], asn1.size(), &asn1_len)) { - SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); - goto done; - } - asn1.resize(asn1_len); - - //provision wrapped - SEC_PRINT("Provisioning wrapped\n"); - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE+1, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_ASN1, - (SEC_BYTE *) &asn1[0], asn1.size())) - { - //this will fail on some platforms, others will fail when wielding cipher - result = SEC_RESULT_SUCCESS; - goto done; - } - - - SEC_PRINT("Wielding wrapped\n"); - if (SEC_RESULT_SUCCESS == SecCipher_SingleInputId(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_OBJECTID_USER_BASE+1, - NULL, input, sizeof(input), output, - sizeof(output), &output_len)) - { - SEC_LOG_ERROR("Expected provisioning or wielding cipher to fail"); - goto done; - } - - /* export the jtype and re-provision as exported to test exported logic as well */ - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("SecKey_Export failed"); - goto done; - } - SecKey_Release(keyHandle); - keyHandle = NULL; - SecKey_Delete(ctx.proc(), g_default_jtype_data.provisionId); - - /* provision exported */ - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), g_default_jtype_data.provisionId, SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, - &exported_key[0], exported_len)) - { - SEC_LOG_ERROR("SecKey_Provision failed for exported key"); - goto done; - } - - if (SEC_RESULT_SUCCESS == SecCipher_SingleInputId(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_OBJECTID_USER_BASE+1, - NULL, input, sizeof(input), output, - sizeof(output), &output_len)) - { - SEC_LOG_ERROR("Expected provisioning or wielding cipher to fail"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (keyHandle) - SecKey_Release(keyHandle); - - return result; -} - -/* SecCipher_Getinstance should fail with notOnOrAfter date < now */ -Sec_Result testKeyCtrlKeyExpired(int version, const char *alg) -{ - TestCtx ctx; - - Sec_CipherHandle *cipherHandle = NULL; - Sec_KeyHandle *keyHandle = NULL; - SEC_BYTE iv[16] = {0x01}; - const char *notOnOrAfter = "2015-12-09T19:53:06Z"; - Sec_Result result = SEC_RESULT_FAILURE; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - /* expired key */ - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - g_default_jtype_data.contentKey, g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), - SEC_FALSE, 1, - "2010-12-09T19:53:06Z", notOnOrAfter, - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - goto done; - } - - if (SEC_RESULT_SUCCESS - == SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, - keyHandle, iv, &cipherHandle)) - { - SEC_LOG_ERROR( - "expected Seccipher_GetInstance to fail for jtype key with expired notOnOrAfter [%s]", - notOnOrAfter); - goto done; - } - - result = SEC_RESULT_SUCCESS; -done: - if (cipherHandle) - SecCipher_Release(cipherHandle); - - if (keyHandle) - SecKey_Release(keyHandle); - - - return result; -} - -/* test that export fails with a jtype key where is_cacheable is false */ -Sec_Result testKeyCtrlExportUnCachable(int version, const char *alg) -{ - - Sec_Result result = SEC_RESULT_FAILURE; - TestCtx ctx; - Sec_KeyHandle *keyHandle = NULL; - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key(SEC_KEYCONTAINER_MAX_LEN,0); - SEC_SIZE exported_len = 0; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - g_default_jtype_data.contentKey, g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), - SEC_FALSE, 1, - "2010-12-09T19:53:06Z", "2037-12-09T19:53:06Z", - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - return SEC_RESULT_FAILURE; - } - - //get properties from j-type - Sec_KeyProperties jtype_props; - if (SEC_RESULT_SUCCESS != SecKey_GetProperties(keyHandle, &jtype_props)) { - SEC_LOG_ERROR("SecKey_GetProperties failed"); - goto done; - } - - //export j-type key - if (SEC_RESULT_SUCCESS == SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("expected SecKey_ExportKey to fail with cachable flag set to false"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (keyHandle) - SecKey_Release(keyHandle); - - return result; -} - -Sec_Result testKeyCtrlExpectedJTypeProperties(int version, const char *alg, TestKey contentKey) -{ - TestCtx ctx; - Sec_KeyHandle *keyHandle = NULL; - const char* notOnOrAfter = "2025-12-09T19:53:06Z"; - const char* notBefore = "2010-12-09T19:53:06Z"; - const char* keyId = "9c621060-3a17-4813-8dcb-2e9187aaa903"; - Sec_KeyProperties keyProps; - SEC_BOOL cacheable = SEC_FALSE; - Sec_KeyUsage keyUsage = SEC_KEYUSAGE_KEY; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - /* expired key */ - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - contentKey, g_default_jtype_data.encryptionKey, keyId, - createDefaultRights(TestCreds::getKeyType(contentKey)).c_str(), - cacheable, keyUsage, - notBefore, notOnOrAfter, - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - return SEC_RESULT_FAILURE; - } - - SecKey_GetProperties(keyHandle, &keyProps); - SecKey_Release(keyHandle); - - if (0!=strcmp(keyId,keyProps.keyId)) - { - SEC_LOG_ERROR("keyid mismatch expecting '%s', received '%s'", keyId, keyProps.keyId); - return SEC_RESULT_FAILURE; - } - if (0!=strcmp(notOnOrAfter,keyProps.notOnOrAfter)) - { - SEC_LOG_ERROR("notOnOrAfter mismatch expecting '%s', received '%s'", notOnOrAfter, keyProps.notOnOrAfter); - return SEC_RESULT_FAILURE; - } - if (0!=strcmp(notBefore,keyProps.notBefore)) - { - SEC_LOG_ERROR("notBefore mismatch expecting '%s', received '%s'", notBefore, keyProps.notBefore); - return SEC_RESULT_FAILURE; - } - if (TestCreds::getKeyType(contentKey) != keyProps.keyType) - { - SEC_LOG_ERROR("keyType mismatch. got %d, expected %d", keyProps.keyType, TestCreds::getKeyType(contentKey)); - return SEC_RESULT_FAILURE; - } - if (SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)) != keyProps.keyLength) - { - SEC_LOG_ERROR("keyLength mismatch expecting %d, received %d", SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)), keyProps.keyLength); - return SEC_RESULT_FAILURE; - } - if (cacheable != keyProps.cacheable) - { - SEC_LOG_ERROR("cacheable mismatch, expecting %d", cacheable); - return SEC_RESULT_FAILURE; - } - if (keyUsage != keyProps.usage) - { - SEC_LOG_ERROR("usage mismatch, expecting %d, received %d", keyUsage, keyProps.usage); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyCtrlBadB64Jtype(int version, const char *alg) -{ - TestCtx ctx; - TestKey contentKey = TESTKEY_AES128; - TestKey encryptionKey = TESTKEY_AES128; - TestKey macKey = TESTKEY_HMAC160; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::string jtype = "B" + createJTypeContainer("1WXQ46EYW65SENER", "HS256", - contentKey, encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - createDefaultRights(SEC_KEYTYPE_AES_128).c_str(), - SEC_FALSE, 1, - "2010-12-09T19:53:06Z", "2037-12-09T19:53:06Z", - macKey, - version, alg); - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - //provision jtype key - if (SEC_RESULT_FAILURE != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_JTYPE, - (SEC_BYTE *) &jtype[0], jtype.size())) { - SEC_LOG_ERROR("expected provisionKey to failed with bad base64"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyCtrlExportEcc(TestKc kc) -{ - Sec_Result result = SEC_RESULT_FAILURE; - TestCtx ctx; - SEC_OBJECTID priv_id = SEC_OBJECTID_USER_BASE +1; - Sec_KeyHandle *priv_key_handle = NULL; - TestKey pub = TESTKEY_EC_PUB; - TestKey priv = TESTKEY_EC_PRIV; - std::vector clear = TestCtx::random(32); - std::vector derivation_input = TestCtx::random(16); - SEC_BYTE exported_buffer[1024]; - std::vector signature; - signature.resize(512); - SEC_SIZE exported_size = 0, signature_size = 0; - - if (ctx.init() != SEC_RESULT_SUCCESS) - { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == (priv_key_handle = ctx.provisionKey(priv_id, SEC_STORAGELOC_RAM, priv, kc))) - { - SEC_LOG_ERROR("provision priv key failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS - != SecSignature_SingleInputId(ctx.proc(), - SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, - SEC_SIGNATUREMODE_SIGN, priv_id, &clear[0], clear.size(), - &signature[0], &signature_size)) - { - - SEC_LOG_ERROR("SecSignature_SingleInputId failed on signing with priv ecc key"); - return SEC_RESULT_FAILURE; - } - signature.resize(signature_size); - - //verify - if (!verifyOpenSSL(SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, pub, clear, signature)) { - SEC_LOG_ERROR("verifyOpenSSL failed"); - return SEC_RESULT_FAILURE; - } - - /* export priv key */ - if ( SEC_RESULT_SUCCESS != SecKey_ExportKey(priv_key_handle, - &derivation_input[0], exported_buffer, sizeof(exported_buffer), &exported_size)) - { - SEC_LOG_ERROR("SecKey_Export failed for private ecc"); - return SEC_RESULT_FAILURE; - } - SecKey_Delete(ctx.proc(), priv_id); - - if (SEC_RESULT_SUCCESS - != SecKey_Provision(ctx.proc(), priv_id, SEC_STORAGELOC_RAM, - SEC_KEYCONTAINER_EXPORTED, exported_buffer, exported_size)) - { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - signature.resize(512); - if (SEC_RESULT_SUCCESS - != SecSignature_SingleInputId(ctx.proc(), - SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, - SEC_SIGNATUREMODE_VERIFY, priv_id, &clear[0], clear.size(), - &signature[0], &signature_size)) - { - - SEC_LOG_ERROR("SecSignature_SingleInputId failed on verification with priv ecc key"); - return SEC_RESULT_FAILURE; - } - signature.resize(signature_size); - - //verify - if (!verifyOpenSSL(SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, pub, clear, signature)) { - SEC_LOG_ERROR("verifyOpenSSL failed"); - return SEC_RESULT_FAILURE; - } - - result = SEC_RESULT_SUCCESS; - - return result; -} - -Sec_Result testKeyCtrlExportAes(TestKey aesKey, Sec_StorageLoc location) -{ - Sec_Result result = SEC_RESULT_FAILURE; - Sec_KeyHandle *key_handle = NULL; - - TestCtx ctx; - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - SEC_BYTE exported_key[4096]; - SEC_SIZE exported_key_len = 0; - SEC_SIZE exported_key_len2 = 0; - Sec_CipherAlgorithm alg = SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING; - Sec_KeyProperties keyProps; - std::vector encrypted(16); - std::vector decrypted(16); - SEC_SIZE enc_len = 0; - - memset(&keyProps,0, sizeof(Sec_KeyProperties)); - - if (key_handle != NULL) { - SecKey_Release(key_handle); - } - key_handle = NULL; - - // input to export function - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - - //gen iv - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - - //gen clear input - std::vector clear = TestCtx::random(SEC_AES_BLOCK_SIZE); - - if (ctx.init() != SEC_RESULT_SUCCESS) - { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_PRINT("SEC_KEYCONTAINER_RAW_AES_128\n"); - ProvKey *p = TestCreds::getKey(aesKey, TESTKC_RAW, id); - SEC_PRINT("provisioning " SEC_OBJECTID_PATTERN "\n", id); - - if (SEC_RESULT_SUCCESS - != SecKey_Provision(ctx.proc(), id, location, - aesKey == TESTKEY_AES128 ? SEC_KEYCONTAINER_RAW_AES_128 : SEC_KEYCONTAINER_RAW_AES_256, - &p->key[0], - p->key.size())) - { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - //encrypt - if (SEC_RESULT_SUCCESS - != SecCipher_SingleInputId(ctx.proc(), alg, - SEC_CIPHERMODE_ENCRYPT, id, - NULL, &clear[0], clear.size(), &encrypted[0], - encrypted.size(), &enc_len)) - { - - SEC_LOG_ERROR("Encrypt failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS - != SecKey_GetInstance(ctx.proc(), id, &key_handle)) - { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - goto done; - } - // get size - if (SEC_RESULT_SUCCESS - != SecKey_ExportKey(key_handle, &derivation_input[0], - NULL, 0, &exported_key_len2)) - { - SEC_LOG_ERROR("SecKey_ExportKey failed for key size"); - goto done; - } - if (SEC_RESULT_SUCCESS - != SecKey_ExportKey(key_handle, &derivation_input[0], - exported_key, sizeof(exported_key), &exported_key_len)) - { - SEC_LOG_ERROR("SecKey_ExportKey failed"); - goto done; - } - SecKey_Release(key_handle); - key_handle = NULL; - - if (exported_key_len2 != exported_key_len) - { - SEC_LOG_ERROR("exported key length mismatch, expected %d, received %d", - exported_key_len2, exported_key_len); - goto done; - } - - // NOTE: on intel, exported keys MUST be provisioned with the same object_id as when - // they were originally provisioned. - SEC_PRINT("provisioning exported " SEC_OBJECTID_PATTERN "\n", id); - if (SEC_RESULT_SUCCESS - != SecKey_Provision(ctx.proc(), id, SEC_STORAGELOC_RAM, - SEC_KEYCONTAINER_EXPORTED, exported_key, - exported_key_len)) - { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - // test decrypt with exported key - if (SEC_RESULT_SUCCESS - != SecCipher_SingleInputId(ctx.proc(), alg, - SEC_CIPHERMODE_DECRYPT, id, - NULL, &encrypted[0], encrypted.size(), &decrypted[0], - decrypted.size(), &enc_len)) - { - - SEC_LOG_ERROR("Decrypt failed"); - goto done; - } - TestCtx::printHex("derivation input", derivation_input); - TestCtx::printHex(" encrypted", encrypted); - TestCtx::printHex(" decrypted", decrypted); - TestCtx::printHex(" clear", clear); - if (clear != decrypted) - { - SEC_LOG_ERROR("decrypted vector mismatch"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (key_handle != NULL) - SecKey_Release(key_handle); - - return result; -} - -Sec_Result testKeyCtrlExportDerived() -{ - Sec_Result result = SEC_RESULT_FAILURE; - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - SEC_BYTE exported_key[4096]; - SEC_SIZE exported_key_len = 0; - Sec_KeyHandle *key_handle = NULL; - TestCtx ctx; - SEC_BYTE enc_output[256]; - SEC_SIZE enc_output_len = 0; - SEC_BYTE enc_output2[256]; - SEC_SIZE enc_output_len2 = 0; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - - std::vector input = TestCtx::random(25); - TestCtx::printHex("input", input); - - if (SEC_RESULT_SUCCESS != SecKey_Derive_VendorAes128(ctx.proc(), - id, SEC_STORAGELOC_RAM, &input[0], input.size())) { - SEC_LOG_ERROR("SecKey_Derive_VendorAes128 failed"); - return SEC_RESULT_FAILURE; - } - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, &key_handle)) - { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS - != SecCipher_SingleInputId(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, - SEC_CIPHERMODE_ENCRYPT, id, - NULL, &derivation_input[0], derivation_input.size(), - enc_output, sizeof(enc_output), &enc_output_len)) - { - - SEC_LOG_ERROR("Encrypt failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(key_handle, &derivation_input[0], exported_key, sizeof(exported_key), &exported_key_len)) - { - SEC_LOG_ERROR("SecKey_ExportKey failed for derived key type"); - goto done; - } - SecKey_Release(key_handle); - key_handle = NULL; - SecKey_Delete(ctx.proc(),id); - - /* import exported derived key */ - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), id, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, - exported_key, exported_key_len)) { - SEC_LOG_ERROR("SecKey_Provision failed for exported key"); - return SEC_RESULT_FAILURE; - } - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, &key_handle)) - { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - goto done; - } - if (SEC_RESULT_SUCCESS - != SecCipher_SingleInputId(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, - SEC_CIPHERMODE_DECRYPT, id, - NULL, enc_output, enc_output_len, - enc_output2, sizeof(enc_output2), &enc_output_len2)) - { - - SEC_LOG_ERROR("Decrypt failed"); - goto done; - } - if (derivation_input.size() != enc_output_len2) - { - SEC_LOG_ERROR("enc output size mismatch, expected %d, %d", derivation_input.size(), - enc_output_len2); - goto done; - } - Sec_PrintHex(&derivation_input[0], derivation_input.size()); - SEC_PRINT("\n"); - Sec_PrintHex(enc_output2, enc_output_len2); - SEC_PRINT("\n"); - if (0!=memcmp(&derivation_input[0], enc_output2, enc_output_len2)) - { - SEC_LOG_ERROR("enc output mismatch"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (key_handle) - SecKey_Release(key_handle); - - return result; -} - -Sec_Result testKeyCtrlExpectedExportedProperties(int version, const char *alg, TestKey contentKey) -{ - TestCtx ctx; - - SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; - std::string b64rights; - Sec_KeyHandle *keyHandle = NULL; - const char* notOnOrAfter = "2025-12-09T19:53:06Z"; - const char* notBefore = "2010-12-09T19:53:06Z"; - const char* keyId = "9c621060-3a17-4813-8dcb-2e9187aaa903"; - Sec_KeyProperties keyProps; - SEC_BOOL cacheable = SEC_TRUE; - Sec_KeyUsage keyUsage = SEC_KEYUSAGE_KEY; - SEC_BYTE exported_key[4096]; - SEC_SIZE exported_key_len = 0; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - RIGHTS_INIT(jtypeRights); - jtypeRights[0]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; - jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; - jtypeRights[2]= SEC_KEYOUTPUTRIGHT_ANALOG_OUTPUT_ALLOWED; - b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); - - /* expired key */ - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - contentKey, g_default_jtype_data.encryptionKey, keyId, - b64rights.c_str(), cacheable, keyUsage, - notBefore, notOnOrAfter, - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - return SEC_RESULT_FAILURE; - } - - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - - if (SEC_RESULT_SUCCESS - != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, - sizeof(exported_key), &exported_key_len)) - { - SecKey_Release(keyHandle); - SEC_LOG_ERROR("SecKey_ExportKey failed"); - return SEC_RESULT_FAILURE; - } - - SecKey_Release(keyHandle); - keyHandle = NULL; - SecKey_Delete(ctx.proc(),SEC_OBJECTID_USER_BASE); - - // reprovision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, - exported_key, exported_key_len)) { - SEC_LOG_ERROR("SecKey_Provision failed for exported key"); - return SEC_RESULT_FAILURE; - } - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &keyHandle)) - { - SEC_LOG_ERROR("SecKey_GetInstance failed for exported key"); - return SEC_RESULT_FAILURE; - } - - SecKey_GetProperties(keyHandle, &keyProps); - SecKey_Release(keyHandle); - keyHandle = NULL; - - if (0!=strcmp(keyId,keyProps.keyId)) - { - SEC_LOG_ERROR("keyid mismatch expecting '%s', received '%s'", keyId, keyProps.keyId); - return SEC_RESULT_FAILURE; - } - if (0!=strcmp(notOnOrAfter,keyProps.notOnOrAfter)) - { - SEC_LOG_ERROR("notOnOrAfter mismatch expecting '%s', received '%s'", notOnOrAfter, keyProps.notOnOrAfter); - return SEC_RESULT_FAILURE; - } - if (0!=strcmp(notBefore,keyProps.notBefore)) - { - SEC_LOG_ERROR("notBefore mismatch expecting '%s', received '%s'", notBefore, keyProps.notBefore); - return SEC_RESULT_FAILURE; - } - if (TestCreds::getKeyType(contentKey) != keyProps.keyType) - { - SEC_LOG_ERROR("keyType mismatch. got %d, expected %d", keyProps.keyType, TestCreds::getKeyType(contentKey)); - return SEC_RESULT_FAILURE; - } - if (SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)) != keyProps.keyLength) - { - SEC_LOG_ERROR("keyLength mismatch expecting %d, received %d", SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)), keyProps.keyLength); - return SEC_RESULT_FAILURE; - } - if (cacheable != keyProps.cacheable) - { - SEC_LOG_ERROR("cacheable mismatch, expecting %d", cacheable); - return SEC_RESULT_FAILURE; - } - if (keyUsage != keyProps.usage) - { - SEC_LOG_ERROR("usage mismatch, expecting %d, received %d", keyUsage, keyProps.usage); - return SEC_RESULT_FAILURE; - } - - if (0!= memcmp(keyProps.rights, jtypeRights, 8)) - { - SEC_LOG_ERROR("keyrights mismatch"); - return SEC_RESULT_FAILURE; - } - - - return SEC_RESULT_SUCCESS; -} - -/* export a key, re-provision it, then export it again - */ -Sec_Result testKeyCtrlExportProvisionExport(int version, const char *alg, TestKey contentKey) -{ - TestCtx ctx; - - SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; - std::string b64rights; - Sec_KeyHandle *keyHandle = NULL; - const char* notOnOrAfter = "2025-12-09T19:53:06Z"; - const char* notBefore = "2010-12-09T19:53:06Z"; - const char* keyId = "9c621060-3a17-4813-8dcb-2e9187aaa903"; - Sec_KeyProperties keyProps; - SEC_BOOL cacheable = SEC_TRUE; - Sec_KeyUsage keyUsage = SEC_KEYUSAGE_KEY; - SEC_BYTE exported_key[4096]; - SEC_SIZE exported_key_len = 0; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - RIGHTS_INIT(jtypeRights); - jtypeRights[0]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; - jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; - jtypeRights[2]= SEC_KEYOUTPUTRIGHT_ANALOG_OUTPUT_ALLOWED; - b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); - - /* expired key */ - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - contentKey, g_default_jtype_data.encryptionKey, keyId, - b64rights.c_str(), cacheable, keyUsage, - notBefore, notOnOrAfter, - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - return SEC_RESULT_FAILURE; - } - - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - - if (SEC_RESULT_SUCCESS - != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, - sizeof(exported_key), &exported_key_len)) - { - SecKey_Release(keyHandle); - SEC_LOG_ERROR("SecKey_ExportKey failed"); - return SEC_RESULT_FAILURE; - } - - SecKey_Release(keyHandle); - keyHandle = NULL; - SecKey_Delete(ctx.proc(),SEC_OBJECTID_USER_BASE); - - // reprovision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, - exported_key, exported_key_len)) { - SEC_LOG_ERROR("SecKey_Provision failed for exported key"); - return SEC_RESULT_FAILURE; - } - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &keyHandle)) - { - SEC_LOG_ERROR("SecKey_GetInstance failed for exported key"); - return SEC_RESULT_FAILURE; - } - - // export it again - derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - if (SEC_RESULT_SUCCESS - != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, - sizeof(exported_key), &exported_key_len)) - { - SecKey_Release(keyHandle); - SEC_LOG_ERROR("SecKey_ExportKey failed"); - return SEC_RESULT_FAILURE; - } - SecKey_Release(keyHandle); - keyHandle = NULL; - SecKey_Delete(ctx.proc(),SEC_OBJECTID_USER_BASE); - - // reprovision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), SEC_OBJECTID_USER_BASE, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, - exported_key, exported_key_len)) { - SEC_LOG_ERROR("SecKey_Provision failed for exported key"); - return SEC_RESULT_FAILURE; - } - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), SEC_OBJECTID_USER_BASE, &keyHandle)) - { - SEC_LOG_ERROR("SecKey_GetInstance failed for exported key"); - return SEC_RESULT_FAILURE; - } - - SecKey_GetProperties(keyHandle, &keyProps); - SecKey_Release(keyHandle); - keyHandle = NULL; - - if (0!=strcmp(keyId,keyProps.keyId)) - { - SEC_LOG_ERROR("keyid mismatch expecting '%s', received '%s'", keyId, keyProps.keyId); - return SEC_RESULT_FAILURE; - } - if (0!=strcmp(notOnOrAfter,keyProps.notOnOrAfter)) - { - SEC_LOG_ERROR("notOnOrAfter mismatch expecting '%s', received '%s'", notOnOrAfter, keyProps.notOnOrAfter); - return SEC_RESULT_FAILURE; - } - if (0!=strcmp(notBefore,keyProps.notBefore)) - { - SEC_LOG_ERROR("notBefore mismatch expecting '%s', received '%s'", notBefore, keyProps.notBefore); - return SEC_RESULT_FAILURE; - } - if (TestCreds::getKeyType(contentKey) != keyProps.keyType) - { - SEC_LOG_ERROR("keyType mismatch. got %d, expected %d", keyProps.keyType, TestCreds::getKeyType(contentKey)); - return SEC_RESULT_FAILURE; - } - if (SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)) != keyProps.keyLength) - { - SEC_LOG_ERROR("keyLength mismatch expecting %d, received %d", SecKey_GetKeyLenForKeyType(TestCreds::getKeyType(contentKey)), keyProps.keyLength); - return SEC_RESULT_FAILURE; - } - if (cacheable != keyProps.cacheable) - { - SEC_LOG_ERROR("cacheable mismatch, expecting %d", cacheable); - return SEC_RESULT_FAILURE; - } - if (keyUsage != keyProps.usage) - { - SEC_LOG_ERROR("usage mismatch, expecting %d, received %d", keyUsage, keyProps.usage); - return SEC_RESULT_FAILURE; - } - - if (0!= memcmp(keyProps.rights, jtypeRights, 8)) - { - SEC_LOG_ERROR("keyrights mismatch"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -// get just size needed for key by passing NULL out buffer to KeyExport call -Sec_Result testKeyCtrlKeyExportGetSize(int version, const char *alg) -{ - TestCtx ctx; - - SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; - std::string b64rights; - Sec_KeyHandle *keyHandle = NULL; - const char* notOnOrAfter = "2025-12-09T19:53:06Z"; - const char* notBefore = "2010-12-09T19:53:06Z"; - const char* keyId = "9c621060-3a17-4813-8dcb-2e9187aaa903"; - SEC_BOOL cacheable = SEC_TRUE; - Sec_KeyUsage keyUsage = SEC_KEYUSAGE_KEY; - SEC_BYTE exported_key[4096]; - SEC_SIZE exported_key_len = 0; - SEC_SIZE exported_key_len2 = 0; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - RIGHTS_INIT(jtypeRights); - jtypeRights[0]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; - jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; - jtypeRights[2]= SEC_KEYOUTPUTRIGHT_ANALOG_OUTPUT_ALLOWED; - b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); - - /* expired key */ - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", "HS256", - g_default_jtype_data.contentKey, g_default_jtype_data.encryptionKey, keyId, - b64rights.c_str(), cacheable, keyUsage, - notBefore, notOnOrAfter, - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - return SEC_RESULT_FAILURE; - } - - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - - // get size - if (SEC_RESULT_SUCCESS - != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], NULL, 0, &exported_key_len2)) - { - SecKey_Release(keyHandle); - SEC_LOG_ERROR("SecKey_ExportKey failed while getting key length"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS - != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, - sizeof(exported_key), &exported_key_len)) - { - SecKey_Release(keyHandle); - SEC_LOG_ERROR("SecKey_ExportKey failed"); - return SEC_RESULT_FAILURE; - } - SecKey_Release(keyHandle); - keyHandle = NULL; - - if (exported_key_len != exported_key_len2) - { - SEC_LOG_ERROR("exported key length mismatch, expected %d, received %d", - exported_key_len2, exported_key_len); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeyCtrlKeyExportHmac(TestKey macKey, Sec_StorageLoc location) -{ - TestCtx ctx; - Sec_Result result = SEC_RESULT_FAILURE; - - Sec_KeyHandle *keyHandle = NULL; - TestKc macKc = TESTKC_RAW; - SEC_BYTE exported_key[4096]; - SEC_SIZE exported_key_len = 0; - SEC_SIZE exported_key_len2 = 0; - Sec_MacHandle *macHandle = NULL; - SEC_BYTE mac_output[256]; - SEC_SIZE mac_output_len = 0; - SEC_BYTE mac_output2[256]; - SEC_SIZE mac_output_len2 = 0; - SEC_OBJECTID id = SEC_OBJECTID_COMCAST_XCALSESSIONMACKEY ; - - memset(mac_output, 0, sizeof(mac_output)); - memset(mac_output2, 0, sizeof(mac_output2)); - - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - goto done; - } - - //provision maccing key - if (NULL == ctx.provisionKey(id, location, macKey, macKc)) { - SEC_LOG_ERROR("provisionKey failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, - &keyHandle)) - { - SEC_LOG_ERROR("SecKey_GetInstance failed for session mac key"); - goto done; - } - - if(SEC_RESULT_SUCCESS != SecMac_GetInstance(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA1, - keyHandle, &macHandle)) - { - SEC_LOG_ERROR("SecMac_GetInstance failed for hmac key"); - goto done; - } - if (SEC_RESULT_SUCCESS != SecMac_Update(macHandle, (SEC_BYTE*)&derivation_input[0], derivation_input.size())) - { - SEC_LOG_ERROR("SecMac_GetInstance failed for hmac key"); - goto done; - } - - SecMac_Release(macHandle, mac_output, &mac_output_len); - macHandle = NULL; - - // get size - if (SEC_RESULT_SUCCESS - != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], NULL, 0, &exported_key_len2)) - { - SEC_LOG_ERROR("SecKey_ExportKey failed while getting key length"); - goto done; - } - - if (SEC_RESULT_SUCCESS - != SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, - sizeof(exported_key), &exported_key_len)) - { - SEC_LOG_ERROR("SecKey_ExportKey failedi for mac key"); - goto done; - } - SecKey_Release(keyHandle); - keyHandle = NULL; - - SecKey_Delete(ctx.proc(),id); - - if (exported_key_len != exported_key_len2) - { - SEC_LOG_ERROR("exported key length mismatch, expected %d, received %d", - exported_key_len2, exported_key_len); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), id, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, - exported_key, exported_key_len)) { - SEC_LOG_ERROR("SecKey_Provision failed for exported hmac key"); - return SEC_RESULT_FAILURE; - } - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, - &keyHandle)) - { - SEC_LOG_ERROR("SecKey_GetInstance failed for session mac key"); - goto done; - } - if(SEC_RESULT_SUCCESS != SecMac_GetInstance(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA1, - keyHandle, &macHandle)) - { - SEC_LOG_ERROR("SecMac_GetInstance failed for hmac key"); - goto done; - } - if (SEC_RESULT_SUCCESS != SecMac_Update(macHandle, (SEC_BYTE*)&derivation_input[0], derivation_input.size())) - { - SEC_LOG_ERROR("SecMac_GetInstance failed for hmac key"); - goto done; - } - - SecMac_Release(macHandle, mac_output2, &mac_output_len2); - macHandle = NULL; - - if (mac_output_len != mac_output_len2) - { - SEC_LOG_ERROR("mac output size mismatch, %d, %d", mac_output_len, mac_output_len2); - goto done; - } - Sec_PrintHex(mac_output, mac_output_len); - SEC_PRINT("\n"); - Sec_PrintHex(mac_output2, mac_output_len2); - SEC_PRINT("\n"); - if (0!=memcmp(mac_output, mac_output2, mac_output_len2)) - { - SEC_LOG_ERROR("mac output mismatch"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (macHandle) - SecMac_Release(macHandle,mac_output, &mac_output_len); - if (keyHandle) - SecKey_Release(keyHandle); - - - return result; -} - -/* Only Opaque buffers can be used when SVP is required */ -Sec_Result testKeyCtrlCipherFailsSvpNonOpaque(int version, const char *alg) -{ - Sec_Result result = SEC_RESULT_FAILURE; - TestCtx ctx; - Sec_CipherHandle *cipherHandle = NULL; - Sec_KeyHandle *keyHandle = NULL; - SEC_BYTE iv[16] = {0x01}; - SEC_BYTE clear_text[16] = {0x01}; - SEC_BYTE cipher_text[16]; - SEC_SIZE bytesWritten = 0; - const char *notBeforeTimeStr = "2010-12-09T19:53:06Z"; - const char *notOnOrAfterTimeStr = "2022-12-09T19:53:06Z"; - SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; - std::string b64rights; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - RIGHTS_INIT(jtypeRights); - jtypeRights[0]= SEC_KEYOUTPUTRIGHT_SVP_REQUIRED; - jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; - jtypeRights[2]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; - b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); - - /* key avail in one hour */ - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", - "HS256", - g_default_jtype_data.contentKey, - g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - b64rights.c_str(), SEC_TRUE, 1, - notBeforeTimeStr, - notOnOrAfterTimeStr, - g_default_jtype_data.macKey, - version, alg); - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - goto done; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - goto done; - } - - if (SEC_RESULT_SUCCESS - != SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, - keyHandle, iv, &cipherHandle)) - { - SEC_LOG_ERROR( "SeCcipher_GetInstance failed" ); - goto done; - } - - if (SEC_RESULT_SUCCESS == - SecCipher_Process(cipherHandle, clear_text, sizeof(clear_text), SEC_TRUE, cipher_text, sizeof(cipher_text), &bytesWritten)) - { - SEC_LOG_ERROR( - "expected SeCcipher_Process to fail when processing non-opaque buffer with SVP required"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (cipherHandle) - SecCipher_Release(cipherHandle); - - if (keyHandle) - SecKey_Release(keyHandle); - - return result; -} - -/* cipher process succeeds with svp required and opaque buffer */ -Sec_Result testKeyCtrlCipherSvpOpaque(int version, const char *alg, TestKey contentKey) -{ - Sec_Result result = SEC_RESULT_FAILURE; - TestCtx ctx; - Sec_CipherHandle *cipherHandle = NULL; - Sec_KeyHandle *keyHandle = NULL; - SEC_BYTE iv[16] = {0x01}; - Sec_OpaqueBufferHandle *opaque_clear_text = NULL; - Sec_OpaqueBufferHandle *opaque_cipher_text = NULL; - SEC_SIZE bytesWritten = 0; - const char *notBeforeTimeStr = "2010-12-09T19:53:06Z"; - const char *notOnOrAfterTimeStr = "2022-12-09T19:53:06Z"; - SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; - std::string b64rights; - SEC_BYTE clear_data[16] = { 0x01 }; - - RIGHTS_INIT(jtypeRights); - jtypeRights[0]= SEC_KEYOUTPUTRIGHT_SVP_REQUIRED; - jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; - jtypeRights[2]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; - b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); - - - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", - "HS256", - contentKey, - g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - b64rights.c_str(), SEC_TRUE, 1, - notBeforeTimeStr, - notOnOrAfterTimeStr, - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - goto done; - } - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - goto done; - } - - /* init opaque buffers */ - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(16, &opaque_clear_text)) - { - SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); - goto done; - } - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(16, &opaque_cipher_text)) - { - SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); - goto done; - } - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Write(opaque_clear_text,0, clear_data, 16)) - { - SEC_LOG_ERROR("SecOpaqueBuffer_Write failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS - != SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, - keyHandle, iv, &cipherHandle)) - { - SEC_LOG_ERROR( "SeCcipher_GetInstance failed" ); - goto done; - } - - if (SEC_RESULT_SUCCESS != - SecCipher_ProcessOpaque(cipherHandle, opaque_clear_text, opaque_cipher_text, 16, SEC_TRUE, &bytesWritten)) - { - SEC_LOG_ERROR( - "SeCcipher_ProcessOpaque failed"); - goto done; - } - if (bytesWritten != 16) - { - SEC_LOG_ERROR("expected output size to be 16, received %d", (int)bytesWritten); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (cipherHandle) - SecCipher_Release(cipherHandle); - - if (keyHandle) - SecKey_Release(keyHandle); - - if (opaque_clear_text) - SecOpaqueBuffer_Free(opaque_clear_text); - - if (opaque_cipher_text) - SecOpaqueBuffer_Free(opaque_cipher_text); - - return result; -} - -Sec_Result testKeyCtrlCipherSvpDataShiftOpaque(int version, const char *alg) -{ - Sec_Result result = SEC_RESULT_FAILURE; - SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; - std::string b64rights; - const char *notBeforeTimeStr = "2010-12-09T19:53:06Z"; - const char *notOnOrAfterTimeStr = "2022-12-09T19:53:06Z"; - TestCtx ctx; - Sec_OpaqueBufferHandle *inputHandle1 = NULL; - Sec_OpaqueBufferHandle *inputHandle2 = NULL; - Sec_OpaqueBufferHandle *outputHandle = NULL; - SEC_SIZE written = 0; - Sec_CipherHandle* cipherHandle = NULL; - Sec_KeyHandle *handle = NULL; - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - - RIGHTS_INIT(jtypeRights); - jtypeRights[0]= SEC_KEYOUTPUTRIGHT_SVP_REQUIRED; - jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; - jtypeRights[2]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; - b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); - - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", - "HS256", - g_default_jtype_data.contentKey, - g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - b64rights.c_str(), SEC_TRUE, 1, - notBeforeTimeStr, - notOnOrAfterTimeStr, - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - goto done; - } - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == (handle = _provisionJTypeAndSession(ctx, jtype))) - { - goto done; - } - - if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, handle, - &iv[0], &cipherHandle)) { - SEC_LOG_ERROR("SecCipher_GetInstance failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(8, &inputHandle1)) { - SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256-8, &inputHandle2)) { - SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &outputHandle)) { - SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecCipher_ProcessOpaque(cipherHandle, - inputHandle1, outputHandle, 8, SEC_FALSE, - &written)) { - SEC_LOG_ERROR("SecCipher_ProcessOpaque failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecCipher_ProcessCtrWithOpaqueDataShift(cipherHandle, inputHandle2, outputHandle, 256-8, &written, 8)) { - SEC_LOG_ERROR("SecCipher_ProcessCtrWithOpaqueDataShift failed"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (cipherHandle) - SecCipher_Release(cipherHandle); - if (handle) - SecKey_Release(handle); - if (outputHandle) - SecOpaqueBuffer_Free(outputHandle); - if (inputHandle1) - SecOpaqueBuffer_Free(inputHandle1); - if (inputHandle2) - SecOpaqueBuffer_Free(inputHandle2); - - return result; -} - -Sec_Result testKeyCtrlSvpCheckOpaque(int version, const char *alg, TestKey contentKey) -{ - TestCtx ctx; - Sec_Result result = SEC_RESULT_FAILURE; - SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; - std::string b64rights; - const char *notBeforeTimeStr = "2010-12-09T19:53:06Z"; - const char *notOnOrAfterTimeStr = "2022-12-09T19:53:06Z"; - Sec_CipherHandle* cipherHandle = NULL; - Sec_KeyHandle *handle = NULL, *handle2 = NULL; - std::vector input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector expected(SEC_AES_BLOCK_SIZE,0); - SEC_SIZE bytesWritten = 0; - Sec_OpaqueBufferHandle *inputHandle = NULL; - - RIGHTS_INIT(jtypeRights); - jtypeRights[0]= SEC_KEYOUTPUTRIGHT_SVP_REQUIRED; - jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; - jtypeRights[2]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; - b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); - - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", - "HS256", - contentKey, - g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - b64rights.c_str(), SEC_TRUE, 1, - notBeforeTimeStr, - notOnOrAfterTimeStr, - g_default_jtype_data.macKey, - version, alg); - - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - goto done; - } - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - if (NULL == (handle = _provisionJTypeAndSession(ctx, jtype))) - { - goto done; - } - - /* provision key setup expected test data */ - handle2=ctx.provisionKey(SEC_OBJECTID_USER_BASE +1, SEC_STORAGELOC_RAM, contentKey, TESTKC_RAW, SEC_FALSE); - if( handle2 == NULL ) - { - SEC_LOG_ERROR("provision failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecCipher_SingleInput(ctx.proc(), SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, - handle2, NULL, &input[0], input.size(), &expected[0], expected.size(), - &bytesWritten)) - { - SEC_LOG_ERROR("SecCipher_SingleInputId failed"); - goto done; - } - - /* cipher handle using jtype key */ - if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, handle, - NULL, &cipherHandle)) { - SEC_LOG_ERROR("SecCipher_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - TestCtx::printHex(" input", input); - TestCtx::printHex("expected", expected); - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(input.size(), &inputHandle)) { - SEC_LOG_ERROR("SecOpaqueBuffer_Malloc failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Write(inputHandle, 0, &input[0], input.size())) { - SEC_LOG_ERROR("SecOpaqueBuffer_Write failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecCipher_KeyCheckOpaque(cipherHandle, inputHandle, SEC_AES_BLOCK_SIZE, &expected[0])) { - SEC_LOG_ERROR("SecCipher_KeyCheckOpaque failed"); - return SEC_RESULT_FAILURE; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (cipherHandle) - SecCipher_Release(cipherHandle); - if (inputHandle) - SecOpaqueBuffer_Free(inputHandle); - if (handle) - SecKey_Release(handle); - - return result; -} - - - -/* Only Opaque buffers can be used when SVP is required */ -Sec_Result testKeyCtrlProcessCtrDataShiftFailsSvpNonOpaque(int version, const char *alg) -{ - Sec_Result result = SEC_RESULT_FAILURE; - TestCtx ctx; - Sec_CipherHandle *cipherHandle = NULL; - Sec_KeyHandle *keyHandle = NULL; - SEC_BYTE iv[16] = {0x01}; - SEC_BYTE clear_text[16] = {0x01}; - SEC_BYTE cipher_text[16]; - SEC_SIZE bytesWritten = 0; - const char *notBeforeTimeStr = "2010-12-09T19:53:06Z"; - const char *notOnOrAfterTimeStr = "2022-12-09T19:53:06Z"; - SEC_BYTE jtypeRights[SEC_KEYOUTPUTRIGHT_NUM]; - std::string b64rights; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - RIGHTS_INIT(jtypeRights); - jtypeRights[0]= SEC_KEYOUTPUTRIGHT_SVP_REQUIRED; - jtypeRights[1]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_1_4_ALLOWED; - jtypeRights[2]= SEC_KEYOUTPUTRIGHT_DIGITAL_OPL_HDCP_2_2_ALLOWED; - b64rights = toB64(jtypeRights, SEC_KEYOUTPUTRIGHT_NUM); - - /* key avail in one hour */ - std::string jtype = createJTypeContainer("1WXQ46EYW65SENER", - "HS256", - g_default_jtype_data.contentKey, - g_default_jtype_data.encryptionKey, - "9c621060-3a17-4813-8dcb-2e9187aaa903", - b64rights.c_str(), SEC_TRUE, 1, - notBeforeTimeStr, - notOnOrAfterTimeStr, - g_default_jtype_data.macKey, - version, alg); - if (jtype.size() == 0) { - SEC_LOG_ERROR("createJTypeContainer failed"); - goto done; - } - - if (NULL == (keyHandle = _provisionJTypeAndSession(ctx, jtype))) - { - goto done; - } - - if (SEC_RESULT_SUCCESS - != SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, - keyHandle, iv, &cipherHandle)) - { - SEC_LOG_ERROR( "SeCcipher_GetInstance failed" ); - goto done; - } - - if (SEC_RESULT_SUCCESS == - SecCipher_ProcessCtrWithDataShift(cipherHandle, clear_text, sizeof(clear_text), cipher_text, sizeof(cipher_text), &bytesWritten, 8)) - { - SEC_LOG_ERROR( - "expected SeCcipher_ProcessCtrWithDataShift to fail when processing non-opaque buffer with SVP required"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (cipherHandle) - SecCipher_Release(cipherHandle); - - if (keyHandle) - SecKey_Release(keyHandle); - - return result; -} - -Sec_Result testKeyCtrlKeyExportSmallBuffer() -{ - Sec_Result result = SEC_RESULT_FAILURE; - - Sec_KeyHandle *keyHandle = NULL; - SEC_BYTE exported_key[8]; - SEC_SIZE exported_key_len = 0; - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE + 50; - Sec_StorageLoc location = SEC_STORAGELOC_RAM; - TestCtx ctx; - - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector aesKey = TestCtx::random(SEC_AES_BLOCK_SIZE); - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), id, location, SEC_KEYCONTAINER_RAW_AES_128, - (SEC_BYTE*)&aesKey[0], aesKey.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), id, &keyHandle)) - { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS == SecKey_ExportKey(keyHandle, (SEC_BYTE*)&derivation_input[0], exported_key, - sizeof(exported_key), &exported_key_len)) - { - SEC_LOG_ERROR("Expected SecKey_ExportKey to fail with under-sized output buffer"); - goto done; - } - - result = SEC_RESULT_SUCCESS; - - done: - - if (keyHandle) - SecKey_Release(keyHandle); - - return result; -} diff --git a/test/main/cpp/keyctrl.h b/test/main/cpp/keyctrl.h deleted file mode 100644 index f827771..0000000 --- a/test/main/cpp/keyctrl.h +++ /dev/null @@ -1,83 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_KEYCTRL_H_ -#define TEST_KEYCTRL_H_ - -#include "sec_security.h" -#include "test_creds.h" -#include - -Sec_Result testKeyCtrlDefaultProperties(int version, const char *alg); - -Sec_Result testKeyCtrlFalseDefaultProperties(int version, const char *alg); - -/* test expected platform default rights */ -Sec_Result testKeyCtrlRightsFromPlatformDefault(int version, const char *alg); - -/* gets output rights from either default (hard-coded) values or devicesettings - * depending on compile directive -DSEC_KEYCTRL_ENABLE_DEVICE_SETTINGS - */ -Sec_Result testKeyCtrlGetOutputRights(int version, const char *alg); - -/* Sec_GetCipherInstance fails with request right that is not allowed on device */ -Sec_Result testKeyCtrlUnSupportedOutputRight(int version, const char *alg); - -/* En/Decrypt successful with key requesting a right that is allowed on the device */ -Sec_Result testKeyCtrlDecryptSupportedOutputRight(int version, const char *alg); - -/* SecKey_Export fails if cacheable flag == 0 */ -Sec_Result testKeyCtrlExportUnCachable(int version, const char *alg); - -/* general rights combinations */ -Sec_Result testKeyCtrlAllowedRights(int version, const char *alg); - -/* SecCipher_GetInstance fails for key with usage for 'key' only */ -Sec_Result testKeyCtrlKeyOnlyUsage(int version, const char *alg); - -/* SecCipher_Getinstance should fail with notOnOrAfter date < now */ -Sec_Result testKeyCtrlKeyExpired(int version, const char *alg); - -/* SecCipher_GetInstance should fail with notBefore date in the future */ -Sec_Result testKeyCtrlKeyNotYetAvail(int version, const char *alg); - -/* key properties vaidation */ -Sec_Result testKeyCtrlValidatePropertiesBadNotBefore(int version, const char *alg); -Sec_Result testKeyCtrlValidatePropertiesBadNotOnOrAfter(int version, const char *alg); -Sec_Result testKeyCtrlValidatePropertiesDefaults(int version, const char *alg); -Sec_Result testKeyCtrlUtilsTime(int version, const char *alg); -Sec_Result testKeyCtrlUnwrapWithKeyUsage(int version, const char *alg, TestKey key); -Sec_Result testKeyCtrlUnwrapWithDataUsage(int version, const char *alg); -Sec_Result testKeyCtrlBadB64Jtype(int version, const char *alg); -Sec_Result testKeyCtrlExportDerived(); -Sec_Result testKeyCtrlExpectedJTypeProperties(int version, const char *alg, TestKey key); -Sec_Result testKeyCtrlExpectedExportedProperties(int version, const char *alg, TestKey key); -Sec_Result testKeyCtrlExportProvisionExport(int version, const char *alg, TestKey contentKey); -Sec_Result testKeyCtrlKeyExportGetSize(int version, const char *alg); -Sec_Result testKeyCtrlExportAes(TestKey aesKey, Sec_StorageLoc location); -Sec_Result testKeyCtrlKeyExportHmac(TestKey macKey, Sec_StorageLoc location); -Sec_Result testKeyCtrlCipherFailsSvpNonOpaque(int version, const char *alg); -Sec_Result testKeyCtrlCipherSvpOpaque(int version, const char *alg, TestKey contentKey); -Sec_Result testKeyCtrlCipherSvpDataShiftOpaque(int version, const char *alg); -Sec_Result testKeyCtrlSvpCheckOpaque(int version, const char *alg, TestKey contentKey); -Sec_Result testKeyCtrlProcessCtrDataShiftFailsSvpNonOpaque(int version, const char *alg); -Sec_Result testKeyCtrlExportEcc(TestKc kc); -Sec_Result testKeyCtrlKeyExportSmallBuffer(); - -#endif diff --git a/test/main/cpp/mac.cpp b/test/main/cpp/mac.cpp deleted file mode 100644 index 3e13aa1..0000000 --- a/test/main/cpp/mac.cpp +++ /dev/null @@ -1,316 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "mac.h" -#include "test_ctx.h" -#include -#include - -std::vector macOpenSSL( - Sec_MacAlgorithm alg, const std::vector& openssl_key, const std::vector& input) { - std::vector mac; - SEC_SIZE mac_len; - CMAC_CTX *cmac_ctx; - - switch (alg) { - case SEC_MACALGORITHM_HMAC_SHA1: - mac.resize(20); - HMAC(EVP_sha1(), - &openssl_key[0], openssl_key.size(), - &input[0], input.size(), - &mac[0], &mac_len); - return mac; - - case SEC_MACALGORITHM_HMAC_SHA256: - mac.resize(32); - HMAC(EVP_sha256(), - &openssl_key[0], openssl_key.size(), - &input[0], input.size(), - &mac[0], &mac_len); - return mac; - - case SEC_MACALGORITHM_CMAC_AES_128: - { - mac.resize(16); - cmac_ctx = CMAC_CTX_new(); - if (1 != CMAC_Init(cmac_ctx, &openssl_key[0], openssl_key.size(), openssl_key.size() == 16 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), NULL )) { - SEC_LOG_ERROR("Comcast_CMAC_Init failed"); - return std::vector(); - } - CMAC_Update(cmac_ctx, &input[0], input.size()); - size_t outl; - CMAC_Final(cmac_ctx, &mac[0], &outl); - mac_len = outl; - CMAC_CTX_free(cmac_ctx); - return mac; - } - default: - break; - } - - SEC_LOG_ERROR("Unimplemented"); - return std::vector(); -} - -std::vector macOpenSSL( - Sec_MacAlgorithm alg, TestKey key, const std::vector& input) { - std::vector mac; - SEC_SIZE mac_len; - CMAC_CTX *cmac_ctx; - - std::vector openssl_key = TestCreds::asOpenSslAes(key); - if (openssl_key.size() == 0) { - SEC_LOG_ERROR("TestCreds::asOpenSslAes failed"); - return std::vector(); - } - - switch (alg) { - case SEC_MACALGORITHM_HMAC_SHA1: - mac.resize(20); - HMAC(EVP_sha1(), - &openssl_key[0], openssl_key.size(), - &input[0], input.size(), - &mac[0], &mac_len); - return mac; - - case SEC_MACALGORITHM_HMAC_SHA256: - mac.resize(32); - HMAC(EVP_sha256(), - &openssl_key[0], openssl_key.size(), - &input[0], input.size(), - &mac[0], &mac_len); - return mac; - - case SEC_MACALGORITHM_CMAC_AES_128: - { - mac.resize(16); - cmac_ctx = CMAC_CTX_new(); - if (1 != CMAC_Init(cmac_ctx, &openssl_key[0], openssl_key.size(), openssl_key.size() == 16 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), NULL )) { - SEC_LOG_ERROR("Comcast_CMAC_Init failed"); - return std::vector(); - } - CMAC_Update(cmac_ctx, &input[0], input.size()); - size_t outl; - CMAC_Final(cmac_ctx, &mac[0], &outl); - mac_len = outl; - CMAC_CTX_free(cmac_ctx); - return mac; - } - default: - break; - } - - SEC_LOG_ERROR("Unimplemented"); - return std::vector(); -} - -std::vector macSecApi(TestCtx *ctx, - Sec_MacAlgorithm alg, - Sec_KeyHandle *key, - const std::vector& input, - const std::vector& inputSizes) { - - std::vector output; - output.resize(SEC_MAC_MAX_LEN); - - SEC_SIZE inputProcessed = 0; - SEC_SIZE written = 0; - - Sec_MacHandle *mac = ctx->acquireMac(alg, key); - if (mac == NULL) { - SEC_LOG_ERROR("TestCtx::acquireMac failed"); - return std::vector(); - } - - for (unsigned int i=0; i 0) { - if (SEC_RESULT_SUCCESS != SecMac_Update(mac, (SEC_BYTE *) &input[inputProcessed], - inputSizes[i])) { - SEC_LOG_ERROR("SecMac_Update failed"); - return std::vector(); - } - } - - inputProcessed += inputSizes[i]; - } - - if (SEC_RESULT_SUCCESS != ctx->releaseMac(mac, &output[0], &written)) { - SEC_LOG_ERROR("SecCipher_Process failed"); - return std::vector(); - } - - output.resize(written); - - return output; -} - -std::vector macSecApi(TestCtx *ctx, - Sec_MacAlgorithm alg, Sec_KeyHandle *key, Sec_KeyHandle *payloadKey) { - - std::vector output; - output.resize(SEC_MAC_MAX_LEN);; - - SEC_SIZE written = 0; - - Sec_MacHandle *mac = ctx->acquireMac(alg, key); - if (mac == NULL) { - SEC_LOG_ERROR("TestCtx::acquireMac failed"); - return std::vector(); - } - - if (SEC_RESULT_SUCCESS != SecMac_UpdateWithKey(mac, payloadKey)) { - SEC_LOG_ERROR("SecDigest_Update failed"); - return std::vector(); - } - - if (SEC_RESULT_SUCCESS != ctx->releaseMac(mac, &output[0], &written)) { - SEC_LOG_ERROR("SecCipher_Process failed"); - return std::vector(); - } - - output.resize(written); - - return output; -} - -Sec_Result testMacOverKey(Sec_MacAlgorithm alg, SEC_OBJECTID id_mac, TestKey keyMac, TestKc kc, SEC_OBJECTID id_payload, TestKey keyPayload, Sec_StorageLoc loc) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *keyHandleMac = NULL; - if (NULL == (keyHandleMac = ctx.provisionKey(id_mac, loc, keyMac, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *keyHandlePayload = NULL; - - if ((TestCreds::supports(CAPABILITY_HMAC_OVER_HWKEY) && alg != SEC_MACALGORITHM_CMAC_AES_128) - || (TestCreds::supports(CAPABILITY_CMAC_OVER_HWKEY) && alg == SEC_MACALGORITHM_CMAC_AES_128)) { - if (NULL == (keyHandlePayload = ctx.provisionKey(id_payload, loc, keyPayload, TESTKC_RAW))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (NULL == (keyHandlePayload = ctx.provisionKey(id_payload, loc, keyPayload, TESTKC_RAW, SEC_TRUE))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - } - - //gen clear input - std::vector clear = TestCreds::asOpenSslAes(keyPayload); - TestCtx::printHex("key", clear); - - //mac - std::vector macSA = macSecApi(&ctx, alg, keyHandleMac, keyHandlePayload); - TestCtx::printHex("macSecApi", macSA); - - std::vector macOS = macOpenSSL(alg, keyMac, clear); - TestCtx::printHex("macOpenssl", macOS); - - //check if results match - if (macSA != macOS || macSA.size() == 0) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testMacSingle( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_MacAlgorithm alg, SEC_SIZE inputSize) { - std::vector inputSizes; - inputSizes.resize(1); - inputSizes[0] = inputSize; - - return testMacMult(id, key, kc, loc, alg, inputSizes); -} - -Sec_Result testMacMult( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_MacAlgorithm alg, const std::vector& inputSizes) { - - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *keyHandle = NULL; - if (NULL == (keyHandle = ctx.provisionKey(id, loc, key, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - //gen clear input - std::vector clear = TestCtx::random(TestCtx::coalesceInputSizes(inputSizes)); - TestCtx::printHex("clear", clear); - - //mac - std::vector macSA = macSecApi(&ctx, alg, keyHandle, clear, inputSizes); - TestCtx::printHex("macSecApi", macSA); - - std::vector macOS = macOpenSSL(alg, key, clear); - TestCtx::printHex("macOpenssl", macOS); - - //check if results match - if (macSA != macOS) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result macCheck(Sec_ProcessorHandle *proc, Sec_MacAlgorithm alg, SEC_OBJECTID id, SEC_BYTE *key, SEC_SIZE key_len) { - std::vector mac_secapi; - mac_secapi.resize(SEC_MAC_MAX_LEN); - SEC_SIZE mac_len; - - std::vector clear = TestCtx::random(256); - TestCtx::printHex("clear", clear); - - if (SEC_RESULT_SUCCESS != SecMac_SingleInputId(proc, alg, id, &clear[0], clear.size(), &mac_secapi[0], &mac_len)) { - SEC_LOG_ERROR("SecMac_SingleInputId failed"); - return SEC_RESULT_FAILURE; - } - - mac_secapi.resize(mac_len); - TestCtx::printHex("macSecApi", mac_secapi); - - std::vector openssl_key = std::vector (key, key + key_len); - - std::vector macOS = macOpenSSL(alg, openssl_key, clear); - TestCtx::printHex("macOpenssl", macOS); - - //check if results match - if (mac_secapi != macOS) { - SEC_LOG_ERROR("Results do not match"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/mac.h b/test/main/cpp/mac.h deleted file mode 100644 index 4759d0f..0000000 --- a/test/main/cpp/mac.h +++ /dev/null @@ -1,41 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_MAC_H_ -#define TEST_MAC_H_ - -#include "sec_security.h" -#include -#include "test_creds.h" - -Sec_Result testMacOverKey(Sec_MacAlgorithm alg, SEC_OBJECTID id_mac, TestKey keyMac, TestKc kc, SEC_OBJECTID id_payload, TestKey keyPayload, Sec_StorageLoc loc); - -Sec_Result testMacSingle( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_MacAlgorithm alg, SEC_SIZE inputSize); - -Sec_Result testMacMult( - SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc, - Sec_MacAlgorithm alg, const std::vector& inputSizes); - -std::vector macOpenSSL(Sec_MacAlgorithm alg, TestKey key, const std::vector& input); - -Sec_Result macCheck(Sec_ProcessorHandle *proc, Sec_MacAlgorithm alg, SEC_OBJECTID id, SEC_BYTE *key, SEC_SIZE key_len); - -#endif diff --git a/test/main/cpp/processor.cpp b/test/main/cpp/processor.cpp deleted file mode 100644 index 36ccb98..0000000 --- a/test/main/cpp/processor.cpp +++ /dev/null @@ -1,115 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "processor.h" -#include "test_ctx.h" - -Sec_Result testProcessorPrintInfo() { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecProcessor_PrintInfo(ctx.proc())) { - SEC_LOG_ERROR("SecProcessor_PrintInfo failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testProcessorGetInfo() { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_ProcessorInfo info; - - if (SEC_RESULT_SUCCESS != SecProcessor_GetInfo(ctx.proc(), &info)) { - SEC_LOG_ERROR("SecProcessor_GetInfo failed"); - return SEC_RESULT_FAILURE; - } - - SEC_PRINT("version: %s\n", (const char *) info.version); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testProcessorGetDeviceId() { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - std::vector deviceId(SEC_DEVICEID_LEN); - std::vector zeros(SEC_DEVICEID_LEN); - - if (SEC_RESULT_SUCCESS != SecProcessor_GetDeviceId(ctx.proc(), &deviceId[0])) { - SEC_LOG_ERROR("SecProcessor_GetDeviceId failed"); - return SEC_RESULT_FAILURE; - } - - TestCtx::printHex("deviceid", deviceId); - - if (deviceId == zeros) { - SEC_LOG_ERROR("deviceId is all zeros"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testProcessorGetKeyLadderMinMaxDepth(Sec_KeyLadderRoot root) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_SIZE depthMin = SecProcessor_GetKeyLadderMinDepth(ctx.proc(), root); - SEC_SIZE depthMax = SecProcessor_GetKeyLadderMaxDepth(ctx.proc(), root); - - SEC_PRINT("min:%d\nmax:%d\n", depthMin, depthMax); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testProcessorNativeMallocFree() { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - void *mem = Sec_NativeMalloc(ctx.proc(), 256); - memset(mem, 0, 256); - - if (mem == NULL) { - SEC_LOG_ERROR("Sec_NativeMalloc failed"); - return SEC_RESULT_FAILURE; - } - - Sec_NativeFree(ctx.proc(), mem); - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/processor.h b/test/main/cpp/processor.h deleted file mode 100644 index c0d0f60..0000000 --- a/test/main/cpp/processor.h +++ /dev/null @@ -1,31 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_PROCESSOR_H_ -#define TEST_PROCESSOR_H_ - -#include "sec_security.h" - -Sec_Result testProcessorPrintInfo(); -Sec_Result testProcessorGetDeviceId(); -Sec_Result testProcessorGetKeyLadderMinMaxDepth(Sec_KeyLadderRoot root); -Sec_Result testProcessorNativeMallocFree(); -Sec_Result testProcessorGetInfo(); - -#endif diff --git a/test/main/cpp/random.cpp b/test/main/cpp/random.cpp deleted file mode 100644 index 191c8b4..0000000 --- a/test/main/cpp/random.cpp +++ /dev/null @@ -1,48 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "random.h" -#include "test_ctx.h" - -Sec_Result testRandom(Sec_RandomAlgorithm alg, SEC_SIZE size) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_RandomHandle *handle = NULL; - if (NULL == (handle = ctx.acquireRandom(alg))) { - SEC_LOG_ERROR("TestCtx::acquireRandom failed"); - return SEC_RESULT_FAILURE; - } - - std::vector out; - out.resize(size); - - if (SEC_RESULT_SUCCESS != SecRandom_Process(handle, &out[0], out.size())) { - SEC_LOG_ERROR("SecRandom_Process failed"); - return SEC_RESULT_FAILURE; - } - - TestCtx::printHex("out", out); - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/random.h b/test/main/cpp/random.h deleted file mode 100644 index 3ccd16e..0000000 --- a/test/main/cpp/random.h +++ /dev/null @@ -1,27 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_RANDOM_H_ -#define TEST_RANDOM_H_ - -#include "sec_security.h" - -Sec_Result testRandom(Sec_RandomAlgorithm alg, SEC_SIZE size); - -#endif diff --git a/test/main/cpp/sec_api_utest_main.cpp b/test/main/cpp/sec_api_utest_main.cpp deleted file mode 100644 index 476fafa..0000000 --- a/test/main/cpp/sec_api_utest_main.cpp +++ /dev/null @@ -1,997 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "sec_api_utest_main.h" -#include -#include "sec_security.h" -#include "test_ctx.h" -#include "processor.h" -#include "key.h" -#include "cert.h" -#include "cipher.h" -#include "digest.h" -#include "mac.h" -#include "sign.h" -#include "bundle.h" -#include "random.h" -#include "wrapped.h" -#include "concurrent.h" -#include "jtype.h" -#include "svp.h" -#include "exchange.h" -#include "keyctrl.h" -#include "test_creds.h" -#include - -#ifdef SEC_PLATFORM_OPENSSL -#include "sec_security_openssl.h" -#endif - -void runProcessorTests(SuiteCtx *suite) { - RUN_TEST(suite, testProcessorPrintInfo()); - RUN_TEST(suite, testProcessorGetInfo()); - RUN_TEST(suite, testProcessorGetDeviceId()); - RUN_TEST(suite, testProcessorGetKeyLadderMinMaxDepth(SEC_KEYLADDERROOT_UNIQUE)); - RUN_TEST(suite, testProcessorGetKeyLadderMinMaxDepth(SEC_KEYLADDERROOT_SHARED)); - RUN_TEST(suite, testProcessorNativeMallocFree()); -} - -void runBundleTests(SuiteCtx *suite) { - RUN_TEST(suite, testBundleProvision(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, 256)); - RUN_TEST(suite, testBundleProvision(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_FILE, 256)); - RUN_TEST(suite, testBundleProvisionNoAppDir(SEC_OBJECTID_USER_BASE, 256)); -} - -#define CERT_TESTS_LOC(suite, cert, loc) do { \ - RUN_TEST(suite, testCertProvision(SEC_OBJECTID_USER_BASE, cert, loc)); \ - RUN_TEST(suite, testCertExport(SEC_OBJECTID_USER_BASE, cert, loc)); \ -} while (0) - -#define CERT_TESTS(suite, cert, pub_key) do { \ - CERT_TESTS_LOC(suite, cert, SEC_STORAGELOC_RAM); \ - CERT_TESTS_LOC(suite, cert, SEC_STORAGELOC_FILE); \ - RUN_TEST(suite, testCertVerify(SEC_OBJECTID_USER_BASE, cert, SEC_OBJECTID_USER_BASE+1, pub_key, SEC_STORAGELOC_RAM)); \ - RUN_TEST(suite, testCertVerify(SEC_OBJECTID_USER_BASE, cert, SEC_OBJECTID_USER_BASE+1, pub_key, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); \ -} while (0) - -void runCertTests(SuiteCtx *suite) { - if (TestCreds::supports(CAPABILITY_RSA_1024)) { - CERT_TESTS(suite, TESTCERT_RSA1024, TESTKEY_RSA1024_SGN_PUB); - } - CERT_TESTS(suite, TESTCERT_RSA2048, TESTKEY_RSA2048_SGN_PUB); - CERT_TESTS(suite, TESTCERT_EC, TESTKEY_EC_PUB); -} - -#define KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, encKc, macKey, version, alg) do { \ - RUN_TEST(suite, testExportKey(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_CTR, 20, version, alg)); \ - RUN_TEST(suite, testExportKey(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, 32, version, alg)); \ - RUN_TEST(suite, testExportKey(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, 20, version, alg)); \ - RUN_TEST(suite, testExportKey(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 32, version, alg)); \ - RUN_TEST(suite, testExportKey(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, 20, version, alg)); \ -} while (0) - -#define JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, encKc, macKey, version, alg) do { \ - RUN_TEST(suite, testDecryptJType(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, 256, version, alg)); \ - RUN_TEST(suite, testDecryptJType(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_CTR, 256, version, alg)); \ - RUN_TEST(suite, testDecryptJType(contentKey, encryptionKey, encKc, macKey, TESTKC_RAW, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256, version, alg)); \ -} while (0) - -#define JTYPE_TESTS(suite, contentKey, encryptionKey, macKey, version) do { \ - if (version == 1) { \ - if (TestCreds::supports(CAPABILITY_LOAD_SYM_SOC_KC)) { \ - RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_SOC, macKey, TESTKC_RAW, 1, "aesEcbNone")); \ - KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 1, "aesEcbNone"); \ - JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 1, "aesEcbNone"); \ - } \ - if (TestCreds::supports(CAPABILITY_CLEAR_JTYPE_WRAPPING)) { \ - RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_RAW, macKey, TESTKC_RAW, 1, "aesEcbNone")); \ - KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 1, "aesEcbNone"); \ - JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 1, "aesEcbNone"); \ - } \ - } else if (version == 2) { \ - if (TestCreds::supports(CAPABILITY_LOAD_SYM_SOC_KC)) { \ - RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_SOC, macKey, TESTKC_RAW, 2, "aesEcbNone")); \ - RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_SOC, macKey, TESTKC_RAW, 2, "aesEcbPkcs5")); \ - KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 2, "aesEcbNone"); \ - KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 2, "aesEcbPkcs5"); \ - JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 2, "aesEcbNone"); \ - JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_SOC, macKey, 2, "aesEcbPkcs5"); \ - } \ - if (TestCreds::supports(CAPABILITY_CLEAR_JTYPE_WRAPPING)) { \ - RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_RAW, macKey, TESTKC_RAW, 2, "aesEcbNone")); \ - RUN_TEST(suite, testProvisionJType(contentKey, encryptionKey, TESTKC_RAW, macKey, TESTKC_RAW, 2, "aesEcbPkcs5")); \ - KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 2, "aesEcbNone"); \ - KEY_EXPORT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 2, "aesEcbPkcs5"); \ - JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 2, "aesEcbNone"); \ - JTYPE_DECRYPT_TESTS(suite, contentKey, encryptionKey, TESTKC_RAW, macKey, 2, "aesEcbPkcs5"); \ - } \ - } \ -} while (0) - -void runProvisionedKeyExportTest(SuiteCtx *suite) { - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES128, TESTKC_RAW)); - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES256, TESTKC_RAW)); - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC128, TESTKC_RAW)); - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC160, TESTKC_RAW)); - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC256, TESTKC_RAW)); - - if (TestCreds::supports(CAPABILITY_LOAD_SYM_SOC_KC)) { - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES128, TESTKC_SOC)); - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES256, TESTKC_SOC)); - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC128, TESTKC_SOC)); - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC160, TESTKC_SOC)); - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_HMAC256, TESTKC_SOC)); - - if (TestCreds::supports(CAPABILITY_EXPORT_RSA) && TestCreds::supports(CAPABILITY_RSA_1024)) { - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_RSA1024_SGN_PRIV, TESTKC_SOC)); - } - if (TestCreds::supports(CAPABILITY_EXPORT_RSA)) { - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_RSA2048_SGN_PRIV, TESTKC_SOC)); - } - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_EC_PRIV, TESTKC_SOC)); - } - - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES128, TESTKC_GENERATED)); - RUN_TEST(suite, testExportProvisionedKey(TESTKEY_AES256, TESTKC_GENERATED)); -} - -void runKeyTests(SuiteCtx *suite) { - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_FILE)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_FILE_SOFT_WRAPPED)); - - RUN_TEST(suite, testKeyProvisionDouble(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM)); - - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - - JTYPE_TESTS(suite, TESTKEY_AES128, TESTKEY_AES128, TESTKEY_HMAC160, 1); - JTYPE_TESTS(suite, TESTKEY_AES128, TESTKEY_AES128, TESTKEY_HMAC160, 2); - JTYPE_TESTS(suite, TESTKEY_AES256, TESTKEY_AES128, TESTKEY_HMAC160, 2); - - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM)); - - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - - RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE)); - RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_FALSE)); - RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_HMAC_160, SEC_STORAGELOC_RAM, SEC_FALSE)); - RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_FALSE)); - RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_ECC_NISTP256, SEC_STORAGELOC_RAM, SEC_FALSE)); - - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_GENERATED, SEC_STORAGELOC_RAM)); - - RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA1, SEC_TRUE)); - RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA256, SEC_TRUE)); - if (TestCreds::supports(CAPABILITY_HKDF_CMAC)) { - RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_CMAC_AES_128, SEC_TRUE)); - } - RUN_TEST(suite, testKeyDeriveConcatKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_DIGESTALGORITHM_SHA1, SEC_TRUE)); - RUN_TEST(suite, testKeyDeriveConcatKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_DIGESTALGORITHM_SHA256, SEC_TRUE)); - - RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1, SEC_TRUE)); - RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256, SEC_TRUE)); - if (TestCreds::supports(CAPABILITY_HKDF_CMAC)) { - RUN_TEST(suite, testKeyDeriveHKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_CMAC_AES_128, SEC_TRUE)); - } - RUN_TEST(suite, testKeyDeriveConcatKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1, SEC_TRUE)); - RUN_TEST(suite, testKeyDeriveConcatKDF(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256, SEC_TRUE)); - - RUN_TEST(suite, testKeyDeriveVendorAes128(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1, SEC_TRUE)); - RUN_TEST(suite, testKeyDeriveVendorAes128(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256, SEC_TRUE)); - RUN_TEST(suite, testKeyDeriveKeyLadderAes128(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_KEYLADDERROOT_UNIQUE, SEC_TRUE)); - - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 1, 256)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 2, 256)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 3, 512)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 4, 512)); - - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_GENERATED, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 1, 256)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_GENERATED, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 2, 256)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_GENERATED, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 3, 512)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_GENERATED, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_TRUE, 4, 512)); - - if (TestCreds::supports(CAPABILITY_AES256)) { - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_TRUE, 1, 256)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_TRUE, 2, 512)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_TRUE, 3, 512)); - } - - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_FALSE, 1, 256)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_FALSE, 2, 256)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_FALSE, 3, 512)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_FALSE, 4, 512)); - - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_FALSE, 1, 512)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_FALSE, 2, 512)); - RUN_TEST(suite, testKeyDeriveCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKC_SOC, SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_FALSE, 3, 512)); - - RUN_TEST(suite, testKeyDeriveBaseKey(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM)); - - RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1)); - if (TestCreds::supports(CAPABILITY_AES256)) { - RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1)); - } - RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1)); - RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_160, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1)); - RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1)); - - RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256)); - if (TestCreds::supports(CAPABILITY_AES256)) { - RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256)); - } - RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256)); - RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_160, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256)); - RUN_TEST(suite, testKeyDeriveHKDFBaseKey(SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256)); - - RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1)); - if (TestCreds::supports(CAPABILITY_AES256)) { - RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1)); - } - RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1)); - RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_160, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1)); - RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1)); - - RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256)); - if (TestCreds::supports(CAPABILITY_AES256)) { - RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256)); - } - RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256)); - RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_160, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256)); - RUN_TEST(suite, testKeyDeriveConcatKDFBaseKey(SEC_KEYTYPE_HMAC_256, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256)); - - if (TestCreds::supports(CAPABILITY_AES256)) { - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM, SEC_TRUE)); - - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyGenerate(SEC_OBJECTID_USER_BASE, SEC_KEYTYPE_AES_256, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_TRUE)); - } - - if (TestCreds::supports(CAPABILITY_RSA_1024)) { - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA1024_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); - } - - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_RSA2048_SGN_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); - - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PUB, TESTKC_RAW, SEC_STORAGELOC_RAM)); - - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_SOC, SEC_STORAGELOC_RAM)); - - RUN_TEST(suite, testKeyProvision(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_GENERATED, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyGetKeyInfo(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_GENERATED, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyExtractPublicKey(SEC_OBJECTID_USER_BASE, TESTKEY_EC_PRIV, TESTKC_GENERATED, SEC_STORAGELOC_RAM)); - - RUN_TEST(suite, testKeyComputeBaseKeyDigest(SEC_OBJECTID_USER_BASE, SEC_DIGESTALGORITHM_SHA1)); - RUN_TEST(suite, testKeyComputeBaseKeyDigest(SEC_OBJECTID_USER_BASE, SEC_DIGESTALGORITHM_SHA256)); - - RUN_TEST(suite, testKeyECDHKeyAgreementWithKDF(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKEY_EC_PRIV, TESTKC_SOC, TESTKEY_EC_PUB, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1, SEC_TRUE)); - RUN_TEST(suite, testKeyECDHKeyAgreementWithKDF(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKEY_EC_PRIV, TESTKC_SOC, TESTKEY_EC_PUB, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256, SEC_TRUE)); - - RUN_TEST(suite, testKeyECDHKeyAgreementWithKDF(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKEY_EC_PRIV, TESTKC_GENERATED, TESTKEY_EC_PUB, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA1, SEC_TRUE)); - RUN_TEST(suite, testKeyECDHKeyAgreementWithKDF(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, TESTKEY_EC_PRIV, TESTKC_GENERATED, TESTKEY_EC_PUB, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, SEC_DIGESTALGORITHM_SHA256, SEC_TRUE)); - - runProvisionedKeyExportTest(suite); -} - -void runKeyCtrlTests(SuiteCtx *suite) -{ - RUN_TEST(suite, testKeyCtrlExportUnCachable(1, "aesEcbNone")); - RUN_TEST(suite, testKeyCtrlKeyOnlyUsage(1, "aesEcbNone")); - RUN_TEST(suite, testKeyCtrlKeyExpired(1, "aesEcbNone")); - RUN_TEST(suite, testKeyCtrlKeyNotYetAvail(1, "aesEcbNone")); - RUN_TEST(suite, testKeyCtrlExpectedJTypeProperties(1, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlExpectedJTypeProperties(2, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlExpectedJTypeProperties(2, "aesEcbNone", TESTKEY_AES256)); - RUN_TEST(suite, testKeyCtrlExpectedExportedProperties(1, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlExpectedExportedProperties(2, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlExpectedExportedProperties(2, "aesEcbNone", TESTKEY_AES256)); - RUN_TEST(suite, testKeyCtrlUnwrapWithKeyUsage(1, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlUnwrapWithKeyUsage(2, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlUnwrapWithKeyUsage(2, "aesEcbNone", TESTKEY_AES256)); - RUN_TEST(suite, testKeyCtrlUnwrapWithDataUsage(1, "aesEcbNone")); - RUN_TEST(suite, testKeyCtrlBadB64Jtype(1, "aesEcbNone")); - RUN_TEST(suite, testKeyCtrlExportDerived()); - RUN_TEST(suite, testKeyCtrlExportProvisionExport(1, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlExportProvisionExport(2, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlExportProvisionExport(2, "aesEcbNone", TESTKEY_AES256)); - RUN_TEST(suite, testKeyCtrlKeyExportGetSize(1, "aesEcbNone")); - RUN_TEST(suite, testKeyCtrlKeyExportGetSize(2, "aesEcbNone")); - RUN_TEST(suite, testKeyCtrlExportAes(TESTKEY_AES128, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyCtrlExportAes(TESTKEY_AES256, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyCtrlExportAes(TESTKEY_AES128, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyCtrlExportAes(TESTKEY_AES256, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyCtrlKeyExportHmac(TESTKEY_HMAC128, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyCtrlKeyExportHmac(TESTKEY_HMAC160, SEC_STORAGELOC_RAM_SOFT_WRAPPED)); - RUN_TEST(suite, testKeyCtrlKeyExportHmac(TESTKEY_HMAC128, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testKeyCtrlKeyExportHmac(TESTKEY_HMAC160, SEC_STORAGELOC_RAM)); - if (TestCreds::supports(CAPABILITY_SVP)) { - RUN_TEST(suite, testKeyCtrlCipherFailsSvpNonOpaque(1, "aesEcbNone")); - RUN_TEST(suite, testKeyCtrlCipherSvpOpaque(1, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlCipherSvpOpaque(2, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlCipherSvpOpaque(2, "aesEcbNone", TESTKEY_AES256)); - RUN_TEST(suite, testKeyCtrlCipherSvpDataShiftOpaque(1, "aesEcbNone")); - RUN_TEST(suite, testKeyCtrlSvpCheckOpaque(1, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlSvpCheckOpaque(2, "aesEcbNone", TESTKEY_AES128)); - RUN_TEST(suite, testKeyCtrlSvpCheckOpaque(2, "aesEcbNone", TESTKEY_AES256)); - RUN_TEST(suite, testKeyCtrlProcessCtrDataShiftFailsSvpNonOpaque(1, "aesEcbNone")); - } - RUN_TEST(suite, testKeyCtrlExportEcc(TESTKC_SOC)); - RUN_TEST(suite, testKeyCtrlKeyExportSmallBuffer()); -} - -#define DIGEST_TESTS(suite, alg) do { \ - RUN_TEST(suite, testDigestSingle(alg, 0)); \ - RUN_TEST(suite, testDigestSingle(alg, 256)); \ - RUN_TEST(suite, testDigestSingle(alg, 259)); \ - \ - SEC_SIZE inputSizes[] = { 16, 16, 8, 0, 3, 16 }; \ - RUN_TEST(suite, testDigestMult(alg, std::vector(inputSizes, inputSizes+sizeof(inputSizes)/sizeof(SEC_SIZE)))); \ - \ - RUN_TEST(suite, testDigestOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, SEC_STORAGELOC_RAM)); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RUN_TEST(suite, testDigestOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, SEC_STORAGELOC_RAM)); \ - } \ - RUN_TEST(suite, testDigestOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, SEC_STORAGELOC_RAM)); \ - RUN_TEST(suite, testDigestOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, SEC_STORAGELOC_RAM)); \ - RUN_TEST(suite, testDigestOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, SEC_STORAGELOC_RAM)); \ -} while (0) - -#define MAC_TESTS(suite, key, kc, loc, alg) do { \ - RUN_TEST(suite, testMacSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, alg, 256)); \ - RUN_TEST(suite, testMacSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, alg, 259)); \ - \ - SEC_SIZE inputSizes[] = { 16, 16, 8, 0, 3, 16 }; \ - RUN_TEST(suite, testMacMult(SEC_OBJECTID_USER_BASE, key, kc, loc, alg, std::vector(inputSizes, inputSizes+sizeof(inputSizes)/sizeof(SEC_SIZE)))); \ - \ - if (alg != SEC_MACALGORITHM_CMAC_AES_128) { \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES128, loc)); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES256, loc)); \ - } \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC128, loc)); \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC160, loc)); \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC256, loc)); \ - \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES128, loc)); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES256, loc)); \ - } \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC128, loc)); \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC160, loc)); \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC160, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC256, loc)); \ - \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES128, loc)); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES256, loc)); \ - } \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC128, loc)); \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC160, loc)); \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_HMAC256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC256, loc)); \ - } else { \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES128, loc)); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES256, loc)); \ - } \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC128, loc)); \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC160, loc)); \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC256, loc)); \ - \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES128, loc)); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_AES256, loc)); \ - } \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC128, loc)); \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC160, loc)); \ - RUN_TEST(suite, testMacOverKey(alg, SEC_OBJECTID_USER_BASE, TESTKEY_AES256, TESTKC_RAW, SEC_OBJECTID_USER_BASE + 1, TESTKEY_HMAC256, loc)); \ - } \ - } \ -} while (0); - -#define AESCTR_SPECIFIC_TESTS(suite, key, kc, loc, mode, inplace) do { \ - if (kc != TESTKC_GENERATED) { \ - RUN_TEST(suite, testProcessCtrWithDataShift(SEC_OBJECTID_USER_BASE, key, kc, loc, mode, inplace)); \ - RUN_TEST(suite, testCtrRollover(SEC_OBJECTID_USER_BASE, key, kc, loc, mode, 256, inplace)); \ - } \ -} while (0) - -#define AESCTR_INPLACE_TESTS(suite, key, kc, loc, mode) do { \ - AESCTR_SPECIFIC_TESTS(suite, key, kc, loc, mode, SEC_TRUE); \ - AESCTR_SPECIFIC_TESTS(suite, key, kc, loc, mode, SEC_FALSE); \ -} while (0) - -#define AESCTR_MODE_TESTS(suite, key, kc, loc) do { \ - AESCTR_INPLACE_TESTS(suite, key, kc, loc, SEC_CIPHERMODE_ENCRYPT); \ - AESCTR_INPLACE_TESTS(suite, key, kc, loc, SEC_CIPHERMODE_DECRYPT); \ -} while (0) - -#define AESCTR_LOC_TESTS(suite, key, kc) do { \ - AESCTR_MODE_TESTS(suite, key, kc, SEC_STORAGELOC_RAM); \ - if (kc == TESTKC_RAW) { \ - AESCTR_MODE_TESTS(suite, key, kc, SEC_STORAGELOC_RAM_SOFT_WRAPPED); \ - } \ -} while (0) - -#define AESCTR_KC_TESTS(suite, key) do { \ - AESCTR_LOC_TESTS(suite, key, TESTKC_RAW); \ - if (TestCreds::supports(CAPABILITY_LOAD_SYM_SOC_KC)) { \ - AESCTR_LOC_TESTS(suite, key, TESTKC_SOC); \ - } \ - AESCTR_LOC_TESTS(suite, key, TESTKC_GENERATED); \ -} while (0) - -#define AESCTR_TESTS(suite) do { \ - AESCTR_KC_TESTS(suite, TESTKEY_AES128); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - AESCTR_KC_TESTS(suite, TESTKEY_AES256); \ - } \ -} while (0) - -#define AES_TESTS(suite, key, kc, loc) do { \ - SEC_SIZE inputSizesBlock[] = { 0, 16, 32, 64, 128 }; \ - SEC_SIZE inputSizes[] = { 0, 16, 32, 64, 128, 5 }; \ - std::vector blocked(inputSizesBlock, inputSizesBlock + sizeof(inputSizesBlock)/sizeof(SEC_SIZE)); \ - std::vector unaligned(inputSizes, inputSizes + sizeof(inputSizes)/sizeof(SEC_SIZE)); \ - \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, blocked)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, blocked)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, blocked, SEC_TRUE)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, blocked, SEC_TRUE)); \ - RUN_TEST(suite, testCipherUpdateIV(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2, SEC_FALSE)); \ - RUN_TEST(suite, testCipherUpdateIV(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2, SEC_FALSE)); \ - \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2+8)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2+8)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, unaligned)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, unaligned)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, unaligned, SEC_TRUE)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, unaligned, SEC_TRUE)); \ - \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, blocked)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, blocked)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, blocked, SEC_TRUE)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, blocked, SEC_TRUE)); \ - \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2+8)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2+8)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, unaligned)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, unaligned)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_ENCRYPT, unaligned, SEC_TRUE)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_ECB_PKCS7_PADDING, SEC_CIPHERMODE_DECRYPT, unaligned, SEC_TRUE)); \ - \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE+1)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE+1, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE+1)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE+1, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, blocked)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, unaligned)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, blocked)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, unaligned)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, blocked, SEC_TRUE)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, unaligned, SEC_TRUE)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, blocked, SEC_TRUE)); \ - RUN_TEST(suite, testCipherMult(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, unaligned, SEC_TRUE)); \ - RUN_TEST(suite, testCipherUpdateIV(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE*2, SEC_FALSE)); \ - RUN_TEST(suite, testCipherUpdateIV(SEC_OBJECTID_USER_BASE, key, kc, loc, SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE*2, SEC_FALSE)); \ -} while(0) - -#define RSA_ENCRYPT_TESTS(suite, pub, priv, kc) do { \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING, SEC_CIPHERMODE_ENCRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ -} while(0) - -#define RSA_DECRYPT_TESTS(suite, pub, priv, kc) do { \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE)); \ - RUN_TEST(suite, testCipherSingle(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING, SEC_CIPHERMODE_DECRYPT, SEC_AES_BLOCK_SIZE, SEC_TRUE)); \ -} while(0) - -void runRandomTests(SuiteCtx *suite) { - RUN_TEST(suite, testRandom(SEC_RANDOMALGORITHM_TRUE, 17)); - RUN_TEST(suite, testRandom(SEC_RANDOMALGORITHM_PRNG, 17)); -} - -void runSVPTests(SuiteCtx* suite) { - if (TestCreds::supports(CAPABILITY_SVP)) { - RUN_TEST(suite, testOpaqueMalloc()); - RUN_TEST(suite, testCopyOpaque()); - RUN_TEST(suite, testSecureBootEnabled()); - RUN_TEST(suite, testSetTime()); - RUN_TEST(suite, testKeycheckOpaque(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testProcessOpaque(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)); - RUN_TEST(suite, testProcessDataShiftOpaque(SEC_OBJECTID_USER_BASE, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM)); - } -} - -#define RSAAESRSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, ck_sym_alg, wkfv) do { \ - TestKey key = sym_type == SEC_KEYTYPE_AES_128 ? TESTKEY_AES128 : TESTKEY_AES256; \ - RUN_TEST(suite, testWrappedCipherSingleRsaAesRsaAesAes(key, TESTKC_SOC, rsa_type, rsa_alg, sym_type, sym_alg, ck_sym_alg, wkfv)); \ -} while (0) - -#define RSAAESRSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, ck_sym_alg) do { \ - RSAAESRSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, ck_sym_alg, WKFV_V2); \ - if (TestCreds::supports(CAPABILITY_WRAPPED_KEY_FORMAT_V3)) { \ - RSAAESRSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, ck_sym_alg, WKFV_V3); \ - } \ -} while (0) - -#define RSAAESRSAAESAES_CKSYMALG_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg) do { \ - if (TestCreds::supports(CAPABILITY_RSA_AESCBC_AES)) { \ - RSAAESRSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING); \ - RSAAESRSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING); \ - } \ - RSAAESRSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING); \ - if (TestCreds::supports(CAPABILITY_RSA_AESCTR_AES)) { \ - RSAAESRSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, SEC_CIPHERALGORITHM_AES_CTR); \ - } \ -} while (0) - -#define RSAAESRSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, sym_type) do { \ - RSAAESRSAAESAES_CKSYMALG_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING); \ - if (TestCreds::supports(CAPABILITY_RSA_AESCTR_RSA)) { \ - RSAAESRSAAESAES_CKSYMALG_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_CTR); \ - } \ -} while (0) - -#define RSAAESRSAAESAES_SYMTYPE_TESTS(suite, rsa_type, rsa_alg) do { \ - RSAAESRSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, SEC_KEYTYPE_AES_128); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RSAAESRSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, SEC_KEYTYPE_AES_256); \ - } \ -} while (0) - -#define RSAAESRSAAESAES_ASYMALG_TESTS(suite, rsa_type) do { \ - RSAAESRSAAESAES_SYMTYPE_TESTS(suite, rsa_type, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING); \ - RSAAESRSAAESAES_SYMTYPE_TESTS(suite, rsa_type, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING); \ -} while (0) - -#define RSAAESRSAAESAES_ASYMTYPE_TESTS(suite) do { \ - if (TestCreds::supports(CAPABILITY_RSA_1024)) { \ - RSAAESRSAAESAES_ASYMALG_TESTS(suite, SEC_KEYTYPE_RSA_1024); \ - } \ - RSAAESRSAAESAES_ASYMALG_TESTS(suite, SEC_KEYTYPE_RSA_2048); \ -} while (0) - -#define RSAAES_SPECIFIC_TESTS(suite, con_key, rsa_type, rsa_alg, wkfv) do { \ - RUN_TEST(suite, testWrappedCipherSingleRsaAes(con_key, TESTKC_SOC, rsa_type, rsa_alg, wkfv)); \ -} while (0) - -#define RSAAES_WKFV_TESTS(suite, con_key, rsa_type, rsa_alg) do { \ - RSAAES_SPECIFIC_TESTS(suite, con_key, rsa_type, rsa_alg, WKFV_V2); \ - if (TestCreds::supports(CAPABILITY_WRAPPED_KEY_FORMAT_V3)) { \ - RSAAES_SPECIFIC_TESTS(suite, con_key, rsa_type, rsa_alg, WKFV_V3); \ - } \ -} while (0) - -#define RSAAES_ASYMALG_TESTS(suite, con_key, rsa_type) do { \ - RSAAES_WKFV_TESTS(suite, con_key, rsa_type, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING); \ - RSAAES_WKFV_TESTS(suite, con_key, rsa_type, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING); \ -} while (0) - -#define RSAAES_ASYTYPE_TESTS(suite, con_key) do { \ - if (TestCreds::supports(CAPABILITY_RSA_1024)) { \ - RSAAES_ASYMALG_TESTS(suite, con_key, SEC_KEYTYPE_RSA_1024); \ - } \ - RSAAES_ASYMALG_TESTS(suite, con_key, SEC_KEYTYPE_RSA_2048); \ -} while (0) - -#define RSAAES_TESTS(suite) do { \ - if (TestCreds::supports(CAPABILITY_RSA_AES_M2M)) { \ - RSAAES_ASYTYPE_TESTS(suite, TESTKEY_AES128); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RSAAES_ASYTYPE_TESTS(suite, TESTKEY_AES256); \ - } \ - } \ -} while (0) - -#define RSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, wkfv) do { \ - TestKey key = sym_type == SEC_KEYTYPE_AES_128 ? TESTKEY_AES128 : TESTKEY_AES256; \ - RUN_TEST(suite, testWrappedCipherSingleRsaAesAes(key, TESTKC_SOC, rsa_type, rsa_alg, sym_type, sym_alg, wkfv)); \ - RUN_TEST(suite, testExportWrappedRsaAesAes(key, TESTKC_SOC, rsa_type, rsa_alg, sym_type, sym_alg, wkfv)); \ -} while (0) - -#define RSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg) do { \ - RSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, WKFV_V2); \ - if (TestCreds::supports(CAPABILITY_WRAPPED_KEY_FORMAT_V3)) { \ - RSAAESAES_SPECIFIC_TESTS(suite, rsa_type, rsa_alg, sym_type, sym_alg, WKFV_V3); \ - } \ -} while (0) - -#define RSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, sym_type) do { \ - RSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING); \ - if (TestCreds::supports(CAPABILITY_RSA_AESCBC_AES)) { \ - RSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_CBC_NO_PADDING); \ - RSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING); \ - } \ - if (TestCreds::supports(CAPABILITY_RSA_AESCTR_AES)) { \ - RSAAESAES_WKFV_TESTS(suite, rsa_type, rsa_alg, sym_type, SEC_CIPHERALGORITHM_AES_CTR); \ - } \ -} while (0) - -#define RSAAESAES_SYMTYPE_TESTS(suite, rsa_type, rsa_alg) do { \ - RSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, SEC_KEYTYPE_AES_128); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RSAAESAES_SYMALG_TESTS(suite, rsa_type, rsa_alg, SEC_KEYTYPE_AES_256); \ - } \ -} while (0) - -#define RSAAESAES_ASYMALG_TESTS(suite, rsa_type) do { \ - RSAAESAES_SYMTYPE_TESTS(suite, rsa_type, SEC_CIPHERALGORITHM_RSA_OAEP_PADDING); \ - RSAAESAES_SYMTYPE_TESTS(suite, rsa_type, SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING); \ -} while (0) - -#define RSAAESAES_TESTS(suite) do { \ - if (TestCreds::supports(CAPABILITY_RSA_1024)) { \ - RSAAESAES_ASYMALG_TESTS(suite, SEC_KEYTYPE_RSA_1024); \ - } \ - RSAAESAES_ASYMALG_TESTS(suite, SEC_KEYTYPE_RSA_2048); \ -} while (0) - -#define ECAESAES_SPECIFIC_TESTS(suite, con_key, asym_alg, sym_alg, wkfv) do { \ - RUN_TEST(suite, testWrappedCipherSingleEcAesAes(con_key, TESTKC_SOC, SEC_KEYTYPE_AES_128, asym_alg, sym_alg, wkfv)); \ - RUN_TEST(suite, testExportWrappedEccAesAes(con_key, TESTKC_SOC, asym_alg, SEC_KEYTYPE_AES_128, sym_alg, wkfv)); \ - RUN_TEST(suite, testExportWrappedGeneratedEccAesAes(con_key, asym_alg, SEC_KEYTYPE_AES_128, sym_alg, wkfv)); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - RUN_TEST(suite, testWrappedCipherSingleEcAesAes(con_key, TESTKC_SOC, SEC_KEYTYPE_AES_256, asym_alg, sym_alg, wkfv)); \ - RUN_TEST(suite, testExportWrappedEccAesAes(con_key, TESTKC_SOC, asym_alg, SEC_KEYTYPE_AES_256, sym_alg, wkfv)); \ - RUN_TEST(suite, testExportWrappedGeneratedEccAesAes(con_key, asym_alg, SEC_KEYTYPE_AES_256, sym_alg, wkfv)); \ - } \ -} while (0) - -#define ECAES_SPECIFIC_TESTS(suite, con_key, asym_alg, wkfv) do { \ - RUN_TEST(suite, testWrappedCipherSingleEcAes(con_key, TESTKC_SOC, asym_alg, wkfv)); \ - RUN_TEST(suite, testExportWrappedEccAes(con_key, TESTKC_SOC, asym_alg, wkfv)); \ - RUN_TEST(suite, testExportWrappedGeneratedEccAes(con_key, asym_alg, wkfv)); \ -} while (0) - -#define ECAES_WKFV_TESTS(suite, con_key, asym_alg) do { \ - ECAES_SPECIFIC_TESTS(suite, con_key, asym_alg, WKFV_V2); \ - ECAESAES_SPECIFIC_TESTS(suite, con_key, asym_alg, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, WKFV_V2); \ - ECAESAES_SPECIFIC_TESTS(suite, con_key, asym_alg, SEC_CIPHERALGORITHM_AES_CTR, WKFV_V2); \ - if (TestCreds::supports(CAPABILITY_WRAPPED_KEY_FORMAT_V3)) { \ - ECAES_SPECIFIC_TESTS(suite, con_key, asym_alg, WKFV_V3); \ - ECAESAES_SPECIFIC_TESTS(suite, con_key, asym_alg, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, WKFV_V3); \ - ECAESAES_SPECIFIC_TESTS(suite, con_key, asym_alg, SEC_CIPHERALGORITHM_AES_CTR, WKFV_V3); \ - } \ -} while (0) - -#define ECAES_ASYMALG_TESTS(suite, con_key) do { \ - ECAES_WKFV_TESTS(suite, con_key, SEC_CIPHERALGORITHM_ECC_ELGAMAL); \ -} while (0) - -#define ECAES_TESTS(suite) do { \ - ECAES_ASYMALG_TESTS(suite, TESTKEY_AES128); \ - if (TestCreds::supports(CAPABILITY_AES256)) { \ - ECAES_ASYMALG_TESTS(suite, TESTKEY_AES256); \ - } \ -} while (0) - -void runWrappedTests(SuiteCtx *suite) { - RSAAESRSAAESAES_ASYMTYPE_TESTS(suite); - RSAAESAES_TESTS(suite); - RSAAES_TESTS(suite); - ECAES_TESTS(suite); - - RUN_TEST(suite, testWrappedKDFCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, SEC_OBJECTID_USER_BASE+2, SEC_KEYTYPE_AES_128, 1, 256)); - RUN_TEST(suite, testWrappedKDFCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, SEC_OBJECTID_USER_BASE+2, SEC_KEYTYPE_HMAC_128, 1, 256)); - RUN_TEST(suite, testExportedKDFCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, SEC_OBJECTID_USER_BASE+2, SEC_KEYTYPE_AES_128, 1, 256)); - RUN_TEST(suite, testExportedKDFCMACAES128(SEC_OBJECTID_USER_BASE, SEC_OBJECTID_USER_BASE+1, SEC_OBJECTID_USER_BASE+2, SEC_KEYTYPE_HMAC_128, 1, 256)); -} - -void runConcurrentTests(SuiteCtx *suite) { - RUN_TEST(suite, testConcurrentVendor128(40)); - - if (TestCreds::supports(CAPABILITY_RSA_1024)) { \ - RUN_TEST(suite, testConcurrentRsa(TESTKEY_RSA1024_ENC_PUB, TESTKEY_RSA1024_ENC_PRIV, TESTKC_SOC, 10)); \ - } \ - RUN_TEST(suite, testConcurrentRsa(TESTKEY_RSA2048_ENC_PUB, TESTKEY_RSA2048_ENC_PRIV, TESTKC_SOC, 10)); -} - -void runExchangeTests(SuiteCtx *suite) { - RUN_TEST(suite, testKeyExchangeDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_AES_128)); - if (TestCreds::supports(CAPABILITY_AES256)) { - RUN_TEST(suite, testKeyExchangeDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_AES_256)); - } - RUN_TEST(suite, testKeyExchangeDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_HMAC_128)); - RUN_TEST(suite, testKeyExchangeDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_HMAC_160)); - - RUN_TEST(suite, testKeyExchangeECDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_AES_128)); - if (TestCreds::supports(CAPABILITY_AES256)) { - RUN_TEST(suite, testKeyExchangeECDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_AES_256)); - } - RUN_TEST(suite, testKeyExchangeECDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_HMAC_128)); - RUN_TEST(suite, testKeyExchangeECDH(SEC_OBJECTID_USER_BASE, SEC_STORAGELOC_RAM, SEC_KEYTYPE_HMAC_160)); -} - -#define RSA_SIGNATURE_TESTS(suite, pub, priv, kc, keySize) do { \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS_DIGEST, SEC_SIGNATUREMODE_SIGN, 20)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS_DIGEST, SEC_SIGNATUREMODE_VERIFY, 20)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS, SEC_SIGNATUREMODE_SIGN, 2049)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS, SEC_SIGNATUREMODE_VERIFY, 2049)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS_DIGEST, SEC_SIGNATUREMODE_SIGN, 32)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS_DIGEST, SEC_SIGNATUREMODE_VERIFY, 32)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS, SEC_SIGNATUREMODE_SIGN, 2049)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS, SEC_SIGNATUREMODE_VERIFY, 2049)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST, SEC_SIGNATUREMODE_SIGN, 20)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST, SEC_SIGNATUREMODE_VERIFY, 20)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS, SEC_SIGNATUREMODE_SIGN, 2049)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS, SEC_SIGNATUREMODE_VERIFY, 2049)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST, SEC_SIGNATUREMODE_SIGN, 32)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST, SEC_SIGNATUREMODE_VERIFY, 32)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS, SEC_SIGNATUREMODE_SIGN, 2049)); \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS, SEC_SIGNATUREMODE_VERIFY, 2049)); \ -} while(0) - -#define EC_SIGNATURE_TESTS(suite, pub, priv, kc, keySize) do { \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_ECDSA_NISTP256_DIGEST, SEC_SIGNATUREMODE_SIGN, 32)); \ - if (kc != TESTKC_GENERATED) { \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_ECDSA_NISTP256_DIGEST, SEC_SIGNATUREMODE_VERIFY, 32)); \ - } \ - \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, kc, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, SEC_SIGNATUREMODE_SIGN, 2049)); \ - if (kc != TESTKC_GENERATED) { \ - RUN_TEST(suite, testSignature(SEC_OBJECTID_USER_BASE, pub, priv, TESTKC_RAW, SEC_STORAGELOC_RAM, \ - SEC_SIGNATUREALGORITHM_ECDSA_NISTP256, SEC_SIGNATUREMODE_VERIFY, 2049)); \ - } \ -} while (0) - -int testIt(int argc, char *argv[]) { - int nParams = argc-1; - std::vector runParams; - SEC_PRINT("Number of runParams: %d\n", nParams); - for (int i=1; i<(nParams+1); ++i) { - runParams.push_back(atoi(argv[i])); - } - - SEC_PRINT("==============================================\n"); - - //print SecApi info - { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return 1; - } - - if (SEC_RESULT_SUCCESS != SecProcessor_PrintInfo(ctx.proc())) { - SEC_LOG_ERROR("SecProcessor_PrintInfo failed"); - return 1; - } - } - - TestCreds::init(); - SuiteCtx suite; - suite.setRunParams(runParams); - - SEC_PRINT("\n"); - SEC_PRINT("CAPABILITY_AES256: %d\n", TestCreds::supports(CAPABILITY_AES256)); - SEC_PRINT("CAPABILITY_HMAC_IN_HW: %d\n", TestCreds::supports(CAPABILITY_HMAC_IN_HW)); - SEC_PRINT("CAPABILITY_CMAC_IN_HW: %d\n", TestCreds::supports(CAPABILITY_CMAC_IN_HW)); - SEC_PRINT("CAPABILITY_DIGEST_OVER_HWKEY: %d\n", TestCreds::supports(CAPABILITY_DIGEST_OVER_HWKEY)); - SEC_PRINT("CAPABILITY_HMAC_OVER_HWKEY: %d\n", TestCreds::supports(CAPABILITY_HMAC_OVER_HWKEY)); - SEC_PRINT("CAPABILITY_CMAC_OVER_HWKEY: %d\n", TestCreds::supports(CAPABILITY_CMAC_OVER_HWKEY)); - SEC_PRINT("CAPABILITY_HKDF_CMAC: %d\n", TestCreds::supports(CAPABILITY_HKDF_CMAC)); - SEC_PRINT("CAPABILITY_EXTRACT_RSA_PUB: %d\n", TestCreds::supports(CAPABILITY_EXTRACT_RSA_PUB)); - SEC_PRINT("CAPABILITY_WRAPPED_KEY_FORMAT_V3: %d\n", TestCreds::supports(CAPABILITY_WRAPPED_KEY_FORMAT_V3)); - SEC_PRINT("CAPABILITY_RSA_AES_M2M: %d\n", TestCreds::supports(CAPABILITY_RSA_AES_M2M)); - SEC_PRINT("CAPABILITY_CLEAR_JTYPE_WRAPPING: %d\n", TestCreds::supports(CAPABILITY_CLEAR_JTYPE_WRAPPING)); - SEC_PRINT("CAPABILITY_SVP: %d\n", TestCreds::supports(CAPABILITY_SVP)); - SEC_PRINT("CAPABILITY_LOAD_SYM_SOC_KC: %d\n", TestCreds::supports(CAPABILITY_LOAD_SYM_SOC_KC)); - SEC_PRINT("CAPABILITY_EXPORT_RSA: %d\n", TestCreds::supports(CAPABILITY_EXPORT_RSA)); - SEC_PRINT("CAPABILITY_RSA_1024: %d\n", TestCreds::supports(CAPABILITY_RSA_1024)); - SEC_PRINT("CAPABILITY_RSA_AESCBC_AES: %d\n", TestCreds::supports(CAPABILITY_RSA_AESCBC_AES)); - SEC_PRINT("CAPABILITY_RSA_AESCTR_AES: %d\n", TestCreds::supports(CAPABILITY_RSA_AESCTR_AES)); - SEC_PRINT("CAPABILITY_RSA_AESCTR_RSA: %d\n", TestCreds::supports(CAPABILITY_RSA_AESCTR_RSA)); - SEC_PRINT("\n"); - - runProcessorTests(&suite); - - runRandomTests(&suite); - - runBundleTests(&suite); - - runCertTests(&suite); - - runKeyTests(&suite); - - DIGEST_TESTS(&suite, SEC_DIGESTALGORITHM_SHA1); - DIGEST_TESTS(&suite, SEC_DIGESTALGORITHM_SHA256); - - if (TestCreds::supports(CAPABILITY_HMAC_IN_HW)) { - MAC_TESTS(&suite, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1); - MAC_TESTS(&suite, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1); - MAC_TESTS(&suite, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA1); - MAC_TESTS(&suite, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256); - MAC_TESTS(&suite, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256); - MAC_TESTS(&suite, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_HMAC_SHA256); - } else { - MAC_TESTS(&suite, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA1); - MAC_TESTS(&suite, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA1); - MAC_TESTS(&suite, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA1); - MAC_TESTS(&suite, TESTKEY_HMAC128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA256); - MAC_TESTS(&suite, TESTKEY_HMAC160, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA256); - MAC_TESTS(&suite, TESTKEY_HMAC256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_HMAC_SHA256); - } - - if (TestCreds::supports(CAPABILITY_CMAC_IN_HW)) { - MAC_TESTS(&suite, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_CMAC_AES_128); - if (TestCreds::supports(CAPABILITY_AES256)) { - MAC_TESTS(&suite, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM, SEC_MACALGORITHM_CMAC_AES_128); - } - } else { - MAC_TESTS(&suite, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_CMAC_AES_128); - if (TestCreds::supports(CAPABILITY_AES256)) { - MAC_TESTS(&suite, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED, SEC_MACALGORITHM_CMAC_AES_128); - } - } - - //aes - AES_TESTS(&suite, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM); - AES_TESTS(&suite, TESTKEY_AES128, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED); - - if (TestCreds::supports(CAPABILITY_AES256)) { - AES_TESTS(&suite, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM); - AES_TESTS(&suite, TESTKEY_AES256, TESTKC_RAW, SEC_STORAGELOC_RAM_SOFT_WRAPPED); - } - - AESCTR_TESTS(&suite); - - //rsa - if (TestCreds::supports(CAPABILITY_RSA_1024)) { - RSA_ENCRYPT_TESTS(&suite, TESTKEY_RSA1024_ENC_PUB, TESTKEY_RSA1024_ENC_PRIV, TESTKC_RAW); - RSA_DECRYPT_TESTS(&suite, TESTKEY_RSA1024_ENC_PUB, TESTKEY_RSA1024_ENC_PRIV, TESTKC_SOC); - } - - RSA_ENCRYPT_TESTS(&suite, TESTKEY_RSA2048_ENC_PUB, TESTKEY_RSA2048_ENC_PRIV, TESTKC_RAW); - RSA_DECRYPT_TESTS(&suite, TESTKEY_RSA2048_ENC_PUB, TESTKEY_RSA2048_ENC_PRIV, TESTKC_SOC); - - //sign - if (TestCreds::supports(CAPABILITY_RSA_1024)) { - RSA_SIGNATURE_TESTS(&suite, TESTKEY_RSA1024_SGN_PUB, TESTKEY_RSA1024_SGN_PRIV, TESTKC_SOC, 128); - } - RSA_SIGNATURE_TESTS(&suite, TESTKEY_RSA2048_SGN_PUB, TESTKEY_RSA2048_SGN_PRIV, TESTKC_SOC, 256); - - EC_SIGNATURE_TESTS(&suite, TESTKEY_EC_PUB, TESTKEY_EC_PRIV, TESTKC_SOC, 128); - EC_SIGNATURE_TESTS(&suite, TESTKEY_EC_PUB, TESTKEY_EC_PRIV, TESTKC_GENERATED, 128); - EC_SIGNATURE_TESTS(&suite, TESTKEY_EC_PUB, TESTKEY_EC_PRIV, TESTKC_EXPORTED, 128); - - runWrappedTests(&suite); - - runKeyCtrlTests(&suite); - - runSVPTests(&suite); - - runConcurrentTests(&suite); - - runExchangeTests(&suite); - - //todo: fragmented processing - //todo: add pem containers, raw formats for keys, certs - - SEC_PRINT("==============================================\n"); - SEC_PRINT("Test summary: %d/%d succeeded, %d skipped\n", suite.getSucceeded().size(), suite.getAttempted().size(), suite.getSkipped().size()); - - std::vector failed = suite.getFailed(); - if (failed.size() > 0) { - SEC_PRINT("\nFailed Tests: [%d]\n", failed.size()); - for (unsigned int i=0; i -#include - -static Sec_Result _BigNumToBuffer(const BIGNUM *bignum, SEC_BYTE *buffer, SEC_SIZE buffer_len) -{ - SEC_SIZE num_bytes; - - memset(buffer, 0, buffer_len); - num_bytes = BN_num_bytes(bignum); - - if (num_bytes > buffer_len) { - SEC_LOG_ERROR("buffer not large enough. needed: %d, actual: %d", num_bytes, buffer_len); - return SEC_RESULT_FAILURE; - } - - BN_bn2bin(bignum, buffer + buffer_len - num_bytes); - - return SEC_RESULT_SUCCESS; -} - -std::vector signOpenSSL( - Sec_SignatureAlgorithm alg, - TestKey key, - const std::vector& input) { - - std::vector digest; - const EVP_MD * evp_md = NULL; - - SEC_BOOL pss = (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS); - - if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS_DIGEST - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST) { - digest = input; - evp_md = EVP_sha1(); - } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS_DIGEST - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST) { - digest = input; - evp_md = EVP_sha256(); - } else if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256_DIGEST) { - digest = input; - evp_md = EVP_sha256(); - } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS) { - digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA1, input); - evp_md = EVP_sha1(); - } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS) { - digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, input); - evp_md = EVP_sha256(); - } else if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256) { - digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, input); - evp_md = EVP_sha256(); - } else { - SEC_LOG_ERROR("Unknown signature algorithm"); - return std::vector(); - } - - TestCtx::printHex("digest to sign", digest); - - if (SecKey_IsEcc(TestCreds::getKeyType(key))) { - ECDSA_SIG *esig = NULL; - - EC_KEY *ec_key = TestCreds::asOpenSslEcKey(key); - if (NULL == ec_key) - { - SEC_LOG_ERROR("TestCreds::asOpenSslEcKey failed"); - return std::vector(); - } - - esig = ECDSA_do_sign(&digest[0], digest.size(), ec_key); - SEC_ECC_FREE(ec_key); - - if (NULL == esig) - { - SEC_LOG_ERROR("ECDSA_do_sign failed"); - return std::vector(); - } - - std::vector sig; - sig.resize(256); - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - _BigNumToBuffer(esig->r, &sig[0], SEC_ECC_NISTP256_KEY_LEN); - _BigNumToBuffer(esig->s, &sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN); -#else - const BIGNUM *esigr = NULL; - const BIGNUM *esigs = NULL; - ECDSA_SIG_get0(esig, &esigr, &esigs); - _BigNumToBuffer((BIGNUM *) esigr, &sig[0], SEC_ECC_NISTP256_KEY_LEN); - _BigNumToBuffer((BIGNUM *) esigs, &sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN); -#endif - - sig.resize(SecSignature_GetEccSignatureSize(alg)); - - return sig; - } else { - EVP_PKEY *evp_pkey = TestCreds::asOpenSslEvpPkey(key); - if (evp_pkey == NULL) { - SEC_LOG_ERROR("TestCreds::asOpenSslEvpPkey failed"); - return std::vector(); - } - - EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(evp_pkey, NULL); - if (ctx == NULL) { - EVP_PKEY_free(evp_pkey); - SEC_LOG_ERROR("EVP_PKEY_CTX_new failed"); - return std::vector(); - } - - if (EVP_PKEY_sign_init(ctx) <= 0 - || EVP_PKEY_CTX_set_rsa_padding(ctx, pss ? RSA_PKCS1_PSS_PADDING : RSA_PKCS1_PADDING) <= 0 - || EVP_PKEY_CTX_set_signature_md(ctx, evp_md) <= 0) { - EVP_PKEY_free(evp_pkey); - EVP_PKEY_CTX_free(ctx); - SEC_LOG_ERROR("Could not setup EVP_PKEY_CTX"); - return std::vector(); - } - - if (pss && EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, evp_md == EVP_sha1() ? 20 : 32) <= 0) { - EVP_PKEY_free(evp_pkey); - EVP_PKEY_CTX_free(ctx); - SEC_LOG_ERROR("Could not setup EVP_PKEY_CTX"); - return std::vector(); - } - - std::vector sig; - sig.resize(256); - size_t siglen = 256; - - if (EVP_PKEY_sign(ctx, NULL, &siglen, &digest[0], digest.size()) <= 0 || - EVP_PKEY_sign(ctx, &sig[0], &siglen, &digest[0], digest.size()) <= 0) { - EVP_PKEY_free(evp_pkey); - EVP_PKEY_CTX_free(ctx); - SEC_LOG_ERROR("EVP_PKEY_sign failed"); - return std::vector(); - } - - EVP_PKEY_free(evp_pkey); - EVP_PKEY_CTX_free(ctx); - - sig.resize(siglen); - - return sig; - } -} - -static EC_KEY *_ECCFromPubBinary(Sec_ECCRawPublicKey *binary) -{ - BN_CTX *ctx = BN_CTX_new(); - - if ( binary->type != SEC_KEYTYPE_ECC_NISTP256_PUBLIC - && binary->type != SEC_KEYTYPE_ECC_NISTP256) - return NULL; - - EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); //create ec_key structure with NIST p256 curve; - const EC_GROUP *group = EC_KEY_get0_group(ec_key); - EC_POINT *ec_point = EC_POINT_new(group); - BN_CTX_start(ctx); - BIGNUM *xp, *yp; - - if (((xp = BN_CTX_get(ctx)) == NULL) || ((yp = BN_CTX_get(ctx)) == NULL)) - goto done; - - EC_POINT_set_affine_coordinates_GFp(group, ec_point, - BN_bin2bn(binary->x, Sec_BEBytesToUint32(binary->key_len), xp), - BN_bin2bn(binary->y, Sec_BEBytesToUint32(binary->key_len), yp), ctx); - EC_KEY_set_public_key(ec_key, ec_point); - -done: - EC_POINT_free(ec_point); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - - return ec_key; -} - -static SEC_BOOL verifyOpenSSLEccPub( - Sec_SignatureAlgorithm alg, - Sec_ECCRawPublicKey *eccPub, - const std::vector& input, - const std::vector& sig) { - - std::vector digest; - const EVP_MD * evp_md = NULL; - - if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256_DIGEST) { - digest = input; - evp_md = EVP_sha256(); - } else if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256) { - digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, input); - evp_md = EVP_sha256(); - } else { - SEC_LOG_ERROR("Unknown signature algorithm"); - return SEC_FALSE; - } - - TestCtx::printHex("digest to verify", digest); - - if (sig.size() != SecSignature_GetEccSignatureSize(alg)) - { - SEC_LOG_ERROR("Incorrect ECC signature size"); - return SEC_FALSE; - } - - EC_KEY *ec_key = _ECCFromPubBinary(eccPub); - if (NULL == ec_key) - { - SEC_LOG_ERROR("TestCreds::_ECCFromPubBinary failed"); - return SEC_FALSE; - } - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ECDSA_SIG esig; - esig.r = BN_new(); - esig.s = BN_new(); - BN_bin2bn(&sig[0], SEC_ECC_NISTP256_KEY_LEN, esig.r); - BN_bin2bn(&sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN, esig.s); - int openssl_res = ECDSA_do_verify(&digest[0], digest.size(), &esig, ec_key); - BN_free(esig.r); - BN_free(esig.s); -#else - ECDSA_SIG *esig = ECDSA_SIG_new(); - BIGNUM *r = BN_new(); - BIGNUM *s = BN_new(); - BN_bin2bn(&sig[0], SEC_ECC_NISTP256_KEY_LEN, r); - BN_bin2bn(&sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN, s); - ECDSA_SIG_set0(esig, r, s); - int openssl_res = ECDSA_do_verify(&digest[0], digest.size(), esig, ec_key); - ECDSA_SIG_free(esig); -#endif - SEC_ECC_FREE(ec_key); - - if (1 != openssl_res) - { - SEC_LOG_ERROR("ECDSA_do_verify failed"); - return SEC_FALSE; - } - - return SEC_TRUE; -} - -SEC_BOOL verifyOpenSSL( - Sec_SignatureAlgorithm alg, - TestKey key, - const std::vector& input, - const std::vector& sig) { - - std::vector digest; - const EVP_MD * evp_md = NULL; - - SEC_BOOL pss = (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS); - - if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS_DIGEST - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS_DIGEST) { - digest = input; - evp_md = EVP_sha1(); - } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS_DIGEST - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS_DIGEST) { - digest = input; - evp_md = EVP_sha256(); - } else if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256_DIGEST) { - digest = input; - evp_md = EVP_sha256(); - } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PKCS - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA1_PSS) { - digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA1, input); - evp_md = EVP_sha1(); - } else if (alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PKCS - || alg == SEC_SIGNATUREALGORITHM_RSA_SHA256_PSS) { - digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, input); - evp_md = EVP_sha256(); - } else if (alg == SEC_SIGNATUREALGORITHM_ECDSA_NISTP256) { - digest = digestOpenSSL(SEC_DIGESTALGORITHM_SHA256, input); - evp_md = EVP_sha256(); - } else { - SEC_LOG_ERROR("Unknown signature algorithm"); - return SEC_FALSE; - } - - TestCtx::printHex("digest to verify", digest); - - if (SecKey_IsEcc(TestCreds::getKeyType(key))) { - if (sig.size() != SecSignature_GetEccSignatureSize(alg)) - { - SEC_LOG_ERROR("Incorrect ECC signature size"); - return SEC_FALSE; - } - - EC_KEY *ec_key = TestCreds::asOpenSslEcKey(key); - if (NULL == ec_key) - { - SEC_LOG_ERROR("TestCreds::asOpenSslEcKey failed"); - return SEC_FALSE; - } - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ECDSA_SIG esig; - esig.r = BN_new(); - esig.s = BN_new(); - BN_bin2bn(&sig[0], SEC_ECC_NISTP256_KEY_LEN, esig.r); - BN_bin2bn(&sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN, esig.s); - int openssl_res = ECDSA_do_verify(&digest[0], digest.size(), &esig, ec_key); - BN_free(esig.r); - BN_free(esig.s); -#else - ECDSA_SIG *esig = ECDSA_SIG_new(); - BIGNUM *r = BN_new(); - BIGNUM *s = BN_new(); - BN_bin2bn(&sig[0], SEC_ECC_NISTP256_KEY_LEN, r); - BN_bin2bn(&sig[SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN, s); - ECDSA_SIG_set0(esig, r, s); - int openssl_res = ECDSA_do_verify(&digest[0], digest.size(), esig, ec_key); - ECDSA_SIG_free(esig); -#endif - SEC_ECC_FREE(ec_key); - - if (1 != openssl_res) - { - SEC_LOG_ERROR("ECDSA_do_verify failed"); - return SEC_FALSE; - } - - return SEC_TRUE; - } else { - EVP_PKEY *evp_pkey = TestCreds::asOpenSslEvpPkey(key); - if (evp_pkey == NULL) { - SEC_LOG_ERROR("TestCreds::asOpenSslEvpPkey failed"); - return SEC_FALSE; - } - - EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(evp_pkey, NULL); - if (ctx == NULL) { - EVP_PKEY_free(evp_pkey); - SEC_LOG_ERROR("EVP_PKEY_CTX_new failed"); - return SEC_FALSE; - } - - if (EVP_PKEY_verify_init(ctx) <= 0 - || EVP_PKEY_CTX_set_rsa_padding(ctx, pss ? RSA_PKCS1_PSS_PADDING : RSA_PKCS1_PADDING) <= 0 - || EVP_PKEY_CTX_set_signature_md(ctx, evp_md) <= 0) { - EVP_PKEY_free(evp_pkey); - EVP_PKEY_CTX_free(ctx); - SEC_LOG_ERROR("Could not setup EVP_PKEY_CTX"); - return SEC_FALSE; - } - - if (pss && EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, evp_md == EVP_sha1() ? 20 : 32) <= 0) { - EVP_PKEY_free(evp_pkey); - EVP_PKEY_CTX_free(ctx); - SEC_LOG_ERROR("Could not setup EVP_PKEY_CTX"); - return SEC_FALSE; - } - - if (EVP_PKEY_verify(ctx, &sig[0], sig.size(), &digest[0], digest.size()) <= 0) { - EVP_PKEY_free(evp_pkey); - EVP_PKEY_CTX_free(ctx); - SEC_LOG_ERROR("EVP_PKEY_verify failed"); - return SEC_FALSE; - } - - EVP_PKEY_free(evp_pkey); - EVP_PKEY_CTX_free(ctx); - - return SEC_TRUE; - } - - return SEC_FALSE; -} - -std::vector signSecApi(TestCtx *ctx, - Sec_SignatureAlgorithm alg, - Sec_KeyHandle *key, - const std::vector& input) { - - Sec_SignatureHandle *handle = ctx->acquireSignature(alg, SEC_SIGNATUREMODE_SIGN, key); - if (handle == NULL) { - SEC_LOG_ERROR("TestCtx::acquireSignature failed"); - return std::vector(); - } - - std::vector sig; - sig.resize(256); - SEC_SIZE sig_len; - - if (SEC_RESULT_SUCCESS != SecSignature_Process(handle, - (SEC_BYTE *) &input[0], input.size(), - &sig[0], &sig_len)) { - SEC_LOG_ERROR("SecSignature_Process failed"); - return std::vector(); - } - - sig.resize(sig_len); - - return sig; -} - -SEC_BOOL verifySecApi(TestCtx *ctx, - Sec_SignatureAlgorithm alg, - Sec_KeyHandle *key, - const std::vector& input, - const std::vector& sig) { - - Sec_SignatureHandle *handle = ctx->acquireSignature(alg, SEC_SIGNATUREMODE_VERIFY, key); - if (handle == NULL) { - SEC_LOG_ERROR("TestCtx::acquireSignature failed"); - return SEC_FALSE; - } - - SEC_SIZE sig_len = sig.size(); - - if (SEC_RESULT_SUCCESS != SecSignature_Process(handle, - (SEC_BYTE *) &input[0], input.size(), - (SEC_BYTE *) &sig[0], &sig_len)) { - SEC_LOG_ERROR("SecSignature_Process failed"); - return SEC_FALSE; - } - - return SEC_TRUE; -} - -Sec_Result testSignature( - SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, - Sec_SignatureAlgorithm alg, Sec_SignatureMode mode, SEC_SIZE inputSize) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - //mode - SEC_BOOL testSign = (mode == SEC_SIGNATUREMODE_SIGN); - - Sec_KeyHandle *keyHandle = NULL; - if (testSign) { - if (NULL == (keyHandle = ctx.provisionKey(id, loc, priv, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (NULL == (keyHandle = ctx.provisionKey(id, loc, pub, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - } - - //gen clear input - std::vector clear = TestCtx::random(inputSize); - TestCtx::printHex("clear", clear); - - //sign - std::vector sig; - if (testSign) { - sig = signSecApi(&ctx, alg, keyHandle, clear); - } else { - //use openssl to sign - sig = signOpenSSL(alg, priv, clear); - } - - TestCtx::printHex("sig", sig); - - //verify - SEC_BOOL ver_res; - if (testSign) { - //use openssl to verify - if (kc == TESTKC_GENERATED) { - //extract pub from the generated key - Sec_ECCRawPublicKey eccPub; - if (SEC_RESULT_SUCCESS != SecKey_ExtractECCPublicKey(keyHandle, &eccPub)) { - SEC_LOG_ERROR("SecKey_ExtractECCPublicKey failed"); - return SEC_RESULT_FAILURE; - } - - ver_res = verifyOpenSSLEccPub(alg, &eccPub, clear, sig); - } else { - ver_res = verifyOpenSSL(alg, pub, clear, sig); - } - } else { - //use sec api to verify - ver_res = verifySecApi(&ctx, alg, keyHandle, clear, sig); - } - - //check if results match - if (!ver_res) { - SEC_LOG_ERROR("Verification failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/sign.h b/test/main/cpp/sign.h deleted file mode 100644 index 83b0a9b..0000000 --- a/test/main/cpp/sign.h +++ /dev/null @@ -1,35 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_SIGN_H_ -#define TEST_SIGN_H_ - -#include "sec_security.h" -#include -#include "test_creds.h" - -std::vector signOpenSSL(Sec_SignatureAlgorithm alg, TestKey key, const std::vector& input); - -SEC_BOOL verifyOpenSSL(Sec_SignatureAlgorithm alg, TestKey key, const std::vector& input, const std::vector& sig); - -Sec_Result testSignature( - SEC_OBJECTID id, TestKey pub, TestKey priv, TestKc kc, Sec_StorageLoc loc, - Sec_SignatureAlgorithm alg, Sec_SignatureMode mode, SEC_SIZE inputSize); - -#endif diff --git a/test/main/cpp/svp.cpp b/test/main/cpp/svp.cpp deleted file mode 100644 index 9ffd962..0000000 --- a/test/main/cpp/svp.cpp +++ /dev/null @@ -1,320 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "svp.h" -#include "cipher.h" -#include "test_ctx.h" - -Sec_Result testOpaqueMalloc() { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_OpaqueBufferHandle* handle = NULL; - SEC_BYTE input[64*1024]; - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(sizeof(input), &handle)) { - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Write(handle, 0, input, sizeof(input))) { - SEC_LOG_ERROR("Sec_OpaqueBufferWrite failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Free(handle)) { - SEC_LOG_ERROR("Sec_OpaqueBufferFree failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testSecureBootEnabled() { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecCodeIntegrity_SecureBootEnabled()) { - SEC_LOG_ERROR("SecCodeIntegrity_SecureBootEnabled failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testSetTime() { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecSVP_SetTime(time(NULL))) { - SEC_LOG_ERROR("SecSVP_SetTime failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testKeycheckOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = NULL; - if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_CipherHandle* cipherHandle = NULL; - if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_ENCRYPT, handle, - NULL, &cipherHandle)) { - SEC_LOG_ERROR("SecCipher_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - std::vector input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector expected = opensslAesEcb(key, SEC_CIPHERMODE_ENCRYPT, SEC_FALSE, NULL, input); - - TestCtx::printHex("input", input); - TestCtx::printHex("expected", expected); - - Sec_OpaqueBufferHandle *inputHandle = NULL; - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &inputHandle)) { - SecCipher_Release(cipherHandle); - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Write(inputHandle, 0, &input[0], input.size())) { - SecOpaqueBuffer_Free(inputHandle); - SecCipher_Release(cipherHandle); - SEC_LOG_ERROR("Sec_OpaqueBufferWrite failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecCipher_KeyCheckOpaque(cipherHandle, inputHandle, SEC_AES_BLOCK_SIZE, &expected[0])) { - SecOpaqueBuffer_Free(inputHandle); - SecCipher_Release(cipherHandle); - SEC_LOG_ERROR("SecCipher_KeyCheckOpaque failed"); - return SEC_RESULT_FAILURE; - } - - /* 2.2 checks for 'checkLength' arg */ - if (SEC_RESULT_SUCCESS != SecCipher_KeyCheckOpaque(cipherHandle, inputHandle, 8, &expected[0])) { - SecOpaqueBuffer_Free(inputHandle); - SecCipher_Release(cipherHandle); - SEC_LOG_ERROR("SecCipher_KeyCheckOpaque failed"); - return SEC_RESULT_FAILURE; - } - if (SEC_RESULT_SUCCESS == SecCipher_KeyCheckOpaque(cipherHandle, inputHandle, 7, &expected[0])) { - SecOpaqueBuffer_Free(inputHandle); - SecCipher_Release(cipherHandle); - SEC_LOG_ERROR("expected SecCipher_KeyCheckOpaque to fail with checkLength < 8"); - return SEC_RESULT_FAILURE; - } - if (SEC_RESULT_SUCCESS == SecCipher_KeyCheckOpaque(cipherHandle, inputHandle, 17, &expected[0])) { - SecOpaqueBuffer_Free(inputHandle); - SecCipher_Release(cipherHandle); - SEC_LOG_ERROR("expected SecCipher_KeyCheckOpaque to fail with checkLength > 16"); - return SEC_RESULT_FAILURE; - } - - SecOpaqueBuffer_Free(inputHandle); - SecCipher_Release(cipherHandle); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testProcessOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = NULL; - if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_CipherHandle* cipherHandle = NULL; - if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, SEC_CIPHERMODE_DECRYPT, handle, - NULL, &cipherHandle)) { - SEC_LOG_ERROR("SecCipher_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - Sec_OpaqueBufferHandle *inputHandle = NULL; - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &inputHandle)) { - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - SecCipher_Release(cipherHandle); - return SEC_RESULT_FAILURE; - } - - Sec_OpaqueBufferHandle *outputHandle = NULL; - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &outputHandle)) { - SecOpaqueBuffer_Free(inputHandle); - SecCipher_Release(cipherHandle); - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - return SEC_RESULT_FAILURE; - } - - SEC_SIZE written = 0; - - if (SEC_RESULT_SUCCESS != SecCipher_ProcessOpaque(cipherHandle, - inputHandle, outputHandle, 256, SEC_TRUE, &written)) { - SecOpaqueBuffer_Free(inputHandle); - SecOpaqueBuffer_Free(outputHandle); - SecCipher_Release(cipherHandle); - SEC_LOG_ERROR("SecCipher_ProcessOpaque failed"); - return SEC_RESULT_FAILURE; - } - - SecOpaqueBuffer_Free(inputHandle); - SecOpaqueBuffer_Free(outputHandle); - SecCipher_Release(cipherHandle); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testCopyOpaque() { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_OpaqueBufferHandle *inputHandle = NULL; - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &inputHandle)) { - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - return SEC_RESULT_FAILURE; - } - - Sec_OpaqueBufferHandle *outputHandle = NULL; - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &outputHandle)) { - SecOpaqueBuffer_Free(inputHandle); - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - return SEC_RESULT_FAILURE; - } - - SEC_BYTE tmp[128]; - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Write(inputHandle, 128, tmp, 128)) { - SEC_LOG_ERROR("SecOpaqueBuffer_Write failed"); - SecOpaqueBuffer_Free(inputHandle); - SecOpaqueBuffer_Free(outputHandle); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Copy(outputHandle, 0, inputHandle, 128, 128)) { - SEC_LOG_ERROR("SecOpaqueBuffer_Copy failed"); - SecOpaqueBuffer_Free(inputHandle); - SecOpaqueBuffer_Free(outputHandle); - return SEC_RESULT_FAILURE; - } - - SecOpaqueBuffer_Free(inputHandle); - SecOpaqueBuffer_Free(outputHandle); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testProcessDataShiftOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc) { - TestCtx ctx; - Sec_Result result = SEC_RESULT_FAILURE; - Sec_OpaqueBufferHandle *inputHandle1 = NULL; - Sec_OpaqueBufferHandle *inputHandle2 = NULL; - Sec_OpaqueBufferHandle *outputHandle = NULL; - SEC_SIZE written = 0; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyHandle *handle = NULL; - if (NULL == (handle = ctx.provisionKey(id, loc, key, kc))) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - Sec_CipherHandle* cipherHandle = NULL; - if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(ctx.proc(), - SEC_CIPHERALGORITHM_AES_CTR, SEC_CIPHERMODE_DECRYPT, handle, - &iv[0], &cipherHandle)) { - SEC_LOG_ERROR("SecCipher_GetInstance failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(8, &inputHandle1)) { - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256-8, &inputHandle2)) { - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecOpaqueBuffer_Malloc(256, &outputHandle)) { - SEC_LOG_ERROR("Sec_OpaqueBufferMalloc failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecCipher_ProcessOpaque(cipherHandle, - inputHandle1, outputHandle, 8, SEC_FALSE, &written)) { - SEC_LOG_ERROR("SecCipher_ProcessOpaque failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != SecCipher_ProcessCtrWithOpaqueDataShift(cipherHandle, inputHandle2, outputHandle, 256-8, &written, 8)) { - SEC_LOG_ERROR("SecCipher_ProcessCtrWithOpaqueDataShift failed"); - goto done; - } - - - result = SEC_RESULT_SUCCESS; - - done: - - if (inputHandle1) - SecOpaqueBuffer_Free(inputHandle1); - if (inputHandle2) - SecOpaqueBuffer_Free(inputHandle2); - if (outputHandle) - SecOpaqueBuffer_Free(outputHandle); - if (cipherHandle) - SecCipher_Release(cipherHandle); - - return result; -} diff --git a/test/main/cpp/svp.h b/test/main/cpp/svp.h deleted file mode 100644 index 1ca05e2..0000000 --- a/test/main/cpp/svp.h +++ /dev/null @@ -1,35 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_SVP_H_ -#define TEST_SVP_H_ - -#include "sec_security.h" -#include -#include "test_creds.h" - -Sec_Result testOpaqueMalloc(); -Sec_Result testCopyOpaque(); -Sec_Result testSecureBootEnabled(); -Sec_Result testSetTime(); -Sec_Result testKeycheckOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); -Sec_Result testProcessOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); -Sec_Result testProcessDataShiftOpaque(SEC_OBJECTID id, TestKey key, TestKc kc, Sec_StorageLoc loc); - -#endif diff --git a/test/main/cpp/test_creds_clear.cpp b/test/main/cpp/test_creds_clear.cpp deleted file mode 100644 index e4bbb00..0000000 --- a/test/main/cpp/test_creds_clear.cpp +++ /dev/null @@ -1,1386 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "test_creds.h" -#include "test_ctx.h" -#include "sec_security_utils.h" -#include -#include -#include - -unsigned char sym128_a_bin[] = { 0x05, 0xe8, 0x38, 0x84, 0xc4, 0x0c, 0x0a, 0xd8, - 0x20, 0x79, 0x9e, 0xb5, 0x81, 0xf8, 0x74, 0x28 }; -unsigned int sym128_a_bin_len = 16; - -unsigned char sym160_a_bin[] = { 0xaa, 0xbe, 0xf6, 0x0b, 0x97, 0x3a, 0x55, 0xc0, - 0x3d, 0xa0, 0xdd, 0x85, 0xef, 0xb3, 0xbd, 0xc0, 0x2f, 0x09, 0x32, 0x88 }; -unsigned int sym160_a_bin_len = 20; - -unsigned char sym256_a_bin[] = { 0x6f, 0x08, 0x2b, 0xb5, 0xa9, 0xb9, 0x27, 0x3b, - 0xd5, 0x4b, 0xaf, 0xfb, 0xe9, 0x63, 0xc7, 0xd2, 0xad, 0xde, 0xf1, 0x68, - 0x87, 0x07, 0xdb, 0xc5, 0xbf, 0x7c, 0x2b, 0x33, 0x5f, 0x29, 0x99, 0x44 }; -unsigned int sym256_a_bin_len = 32; - -unsigned char rsa1024_der[] = { 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, - 0x81, 0x81, 0x00, 0xc4, 0x32, 0x70, 0x15, 0xb3, 0x53, 0xd5, 0xaf, 0x26, - 0xc2, 0xcd, 0x6e, 0x87, 0x9f, 0x13, 0x10, 0x9e, 0x3d, 0x8d, 0x6c, 0xb4, - 0x1e, 0xc8, 0xbb, 0xf1, 0xbf, 0x7a, 0xc0, 0xce, 0xbf, 0x5c, 0x00, 0x1f, - 0x83, 0xd8, 0xe3, 0xf7, 0xe8, 0xa3, 0x79, 0x61, 0xd4, 0x3a, 0xae, 0x49, - 0x6d, 0x38, 0x1d, 0x12, 0x74, 0xba, 0x9c, 0xb4, 0x38, 0x61, 0x6b, 0x44, - 0x1d, 0xac, 0xf7, 0xa7, 0x7d, 0x8a, 0x80, 0x9f, 0x56, 0x67, 0xb2, 0xe5, - 0x45, 0xbc, 0x0d, 0xde, 0xde, 0x63, 0x06, 0x13, 0x4d, 0x06, 0x2e, 0xe2, - 0xf9, 0xfa, 0xe4, 0x3b, 0xa6, 0xa0, 0x49, 0xbb, 0x11, 0x23, 0xf8, 0x68, - 0x85, 0x3c, 0x1b, 0x92, 0xe1, 0x6c, 0x42, 0x37, 0xe3, 0x1b, 0x7c, 0x7a, - 0x25, 0x91, 0x30, 0xd5, 0xa5, 0xf3, 0xbb, 0x91, 0x23, 0xdf, 0x23, 0x94, - 0xb8, 0xf2, 0x61, 0x4f, 0xba, 0x73, 0xd1, 0x4b, 0x2b, 0x89, 0x8f, 0x02, - 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x81, 0x00, 0x8c, 0x8d, 0xad, 0xaa, - 0x7e, 0x2b, 0xe2, 0xfb, 0x75, 0x83, 0x3c, 0xf4, 0xa0, 0x08, 0x1f, 0xfa, - 0x59, 0xc2, 0xb2, 0xdc, 0x5b, 0x35, 0x6a, 0x8c, 0xea, 0x25, 0x48, 0xe5, - 0x73, 0xb7, 0xb7, 0x4b, 0x07, 0x48, 0xc7, 0x4a, 0x99, 0xc1, 0x79, 0xcb, - 0x6d, 0x80, 0x43, 0x01, 0xb4, 0xec, 0x9f, 0xb4, 0x84, 0x12, 0x47, 0xd6, - 0x17, 0x6e, 0x04, 0xac, 0x79, 0xc1, 0xe0, 0xb6, 0x12, 0xb1, 0x67, 0x54, - 0x77, 0xa2, 0xd4, 0x80, 0xf2, 0x87, 0xb9, 0x56, 0xcc, 0xde, 0xc2, 0x52, - 0x09, 0x2d, 0x5b, 0x7b, 0x0e, 0xfa, 0xe2, 0xd8, 0x9e, 0x41, 0xaf, 0xfc, - 0x42, 0x0d, 0x24, 0x6c, 0xe2, 0x8b, 0x3a, 0xae, 0x5c, 0x17, 0x11, 0xbb, - 0x33, 0x13, 0xb8, 0x66, 0xd6, 0xc6, 0xb1, 0x2f, 0xef, 0xf0, 0x68, 0x0e, - 0x2c, 0xf9, 0x41, 0xd2, 0x7f, 0xe0, 0x15, 0xe2, 0x33, 0xf5, 0xd8, 0xb6, - 0x01, 0xb0, 0x64, 0x91, 0x02, 0x41, 0x00, 0xf3, 0x37, 0x23, 0xf9, 0xff, - 0x24, 0x37, 0x63, 0x10, 0x19, 0x6f, 0x6c, 0x35, 0xa0, 0x41, 0x3c, 0x2c, - 0x00, 0xa8, 0x71, 0xa9, 0x09, 0x0e, 0x1f, 0xc7, 0x87, 0x6e, 0x67, 0xf3, - 0x8a, 0x76, 0x5f, 0xfb, 0x69, 0x44, 0x22, 0x88, 0x36, 0x1d, 0x31, 0xb9, - 0x79, 0xd3, 0x8c, 0x92, 0xb4, 0x0c, 0x0b, 0x72, 0xdd, 0x62, 0x47, 0x86, - 0xd7, 0x7d, 0x63, 0xb1, 0xe3, 0x30, 0xb4, 0x8f, 0x89, 0x63, 0x3b, 0x02, - 0x41, 0x00, 0xce, 0x82, 0x96, 0xa8, 0x5c, 0x6a, 0x8a, 0x50, 0x31, 0xf1, - 0x9c, 0xe3, 0xaa, 0x0d, 0x89, 0xe4, 0xe2, 0x68, 0xe2, 0x25, 0xf7, 0xec, - 0x5e, 0xe8, 0xde, 0x68, 0x29, 0x84, 0xf2, 0x58, 0x68, 0xa8, 0xb3, 0x1b, - 0x36, 0x68, 0x7c, 0x2d, 0x21, 0xea, 0x92, 0xb5, 0x3a, 0x80, 0xc2, 0x45, - 0xbb, 0xc4, 0xfc, 0x38, 0xb0, 0x33, 0xe2, 0xf1, 0x93, 0x83, 0x48, 0x5d, - 0x91, 0x31, 0xc4, 0x55, 0x65, 0xbd, 0x02, 0x40, 0x0e, 0x66, 0x2d, 0x53, - 0x17, 0xaf, 0xe5, 0x37, 0x90, 0x34, 0x71, 0x4c, 0x4e, 0xc0, 0x76, 0x1c, - 0x41, 0xde, 0xa8, 0x1a, 0x52, 0x8f, 0x9e, 0xae, 0x72, 0xf9, 0xa9, 0xa7, - 0xad, 0xdb, 0x7c, 0xb6, 0xa2, 0x03, 0xd1, 0x6c, 0xd9, 0xf3, 0x9a, 0x36, - 0xdf, 0x6c, 0x3f, 0x02, 0x0b, 0x8d, 0x6d, 0x49, 0x20, 0x3b, 0xcb, 0x1d, - 0xc0, 0xf5, 0xf1, 0x0e, 0x7d, 0xf1, 0x9d, 0x68, 0x93, 0x36, 0xe7, 0x11, - 0x02, 0x40, 0x4c, 0x12, 0x93, 0x09, 0x26, 0x32, 0x21, 0x0d, 0x75, 0xb8, - 0x79, 0x80, 0xec, 0x4d, 0xdc, 0x74, 0x32, 0x6b, 0x4c, 0x93, 0x8c, 0x06, - 0xc8, 0xd7, 0xa3, 0xc6, 0x5f, 0x35, 0x18, 0x49, 0x35, 0x14, 0xa0, 0x15, - 0xf0, 0x2f, 0x01, 0x3f, 0x66, 0xf5, 0x10, 0x62, 0x2e, 0x50, 0xec, 0x3f, - 0xdf, 0xf1, 0xaa, 0xaf, 0xff, 0x48, 0xbd, 0xdb, 0x1b, 0xea, 0x0a, 0xa8, - 0x5d, 0x2a, 0x26, 0x17, 0x07, 0x49, 0x02, 0x41, 0x00, 0xb6, 0xc4, 0x4b, - 0x68, 0x82, 0xe8, 0x40, 0xc0, 0x70, 0x58, 0xdb, 0x68, 0x49, 0x30, 0x7d, - 0x6a, 0xf1, 0xfc, 0x9d, 0x66, 0x33, 0x10, 0x28, 0x1b, 0x54, 0x1d, 0x81, - 0xf1, 0x88, 0x9a, 0x6b, 0xb7, 0x1b, 0x7f, 0x36, 0x79, 0xce, 0x02, 0xec, - 0x7c, 0x7e, 0x71, 0x37, 0x05, 0x46, 0x33, 0xee, 0x3d, 0x71, 0x8f, 0xb6, - 0x16, 0x6c, 0xa6, 0x64, 0xa9, 0xe4, 0x04, 0xc8, 0x12, 0xd7, 0x14, 0xcf, - 0xed }; -unsigned int rsa1024_der_len = 609; - -unsigned char rsa1024_pub_der[] = { 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc4, 0x32, - 0x70, 0x15, 0xb3, 0x53, 0xd5, 0xaf, 0x26, 0xc2, 0xcd, 0x6e, 0x87, 0x9f, - 0x13, 0x10, 0x9e, 0x3d, 0x8d, 0x6c, 0xb4, 0x1e, 0xc8, 0xbb, 0xf1, 0xbf, - 0x7a, 0xc0, 0xce, 0xbf, 0x5c, 0x00, 0x1f, 0x83, 0xd8, 0xe3, 0xf7, 0xe8, - 0xa3, 0x79, 0x61, 0xd4, 0x3a, 0xae, 0x49, 0x6d, 0x38, 0x1d, 0x12, 0x74, - 0xba, 0x9c, 0xb4, 0x38, 0x61, 0x6b, 0x44, 0x1d, 0xac, 0xf7, 0xa7, 0x7d, - 0x8a, 0x80, 0x9f, 0x56, 0x67, 0xb2, 0xe5, 0x45, 0xbc, 0x0d, 0xde, 0xde, - 0x63, 0x06, 0x13, 0x4d, 0x06, 0x2e, 0xe2, 0xf9, 0xfa, 0xe4, 0x3b, 0xa6, - 0xa0, 0x49, 0xbb, 0x11, 0x23, 0xf8, 0x68, 0x85, 0x3c, 0x1b, 0x92, 0xe1, - 0x6c, 0x42, 0x37, 0xe3, 0x1b, 0x7c, 0x7a, 0x25, 0x91, 0x30, 0xd5, 0xa5, - 0xf3, 0xbb, 0x91, 0x23, 0xdf, 0x23, 0x94, 0xb8, 0xf2, 0x61, 0x4f, 0xba, - 0x73, 0xd1, 0x4b, 0x2b, 0x89, 0x8f, 0x02, 0x03, 0x01, 0x00, 0x01 }; -unsigned int rsa1024_pub_der_len = 162; - -unsigned char rsa2048_der[] = { - 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xf2, 0x6a, 0x52, 0xa0, 0x96, 0xc5, 0xb7, 0x86, 0x6f, 0xc4, 0x35, 0x39, - 0x5e, 0x28, 0xd3, 0xa6, 0xab, 0x80, 0x6a, 0xbb, 0x07, 0x10, 0x74, 0xea, - 0xe0, 0xfc, 0xef, 0x54, 0xb0, 0x5e, 0x66, 0x34, 0x21, 0x89, 0x35, 0x09, - 0xb7, 0x46, 0xf8, 0xb6, 0xf8, 0x86, 0xc0, 0x55, 0xc6, 0xc5, 0x2e, 0x36, - 0xcc, 0xb7, 0x24, 0x5e, 0x56, 0xba, 0x2b, 0x8d, 0xfb, 0x8d, 0x7b, 0xe1, - 0x4b, 0x9e, 0xdf, 0x08, 0x5c, 0xb2, 0x28, 0xc0, 0x79, 0x45, 0xd1, 0xf3, - 0x9c, 0x70, 0xd8, 0xaf, 0x50, 0x1c, 0xc3, 0x10, 0x24, 0x84, 0xc1, 0xb1, - 0x36, 0x3f, 0xd4, 0xbf, 0x10, 0x18, 0xf9, 0xd0, 0x72, 0xea, 0xce, 0xbf, - 0x34, 0x8e, 0xb5, 0x97, 0xcb, 0x8a, 0x5e, 0x8e, 0x7d, 0xed, 0x1f, 0xe3, - 0xa9, 0xde, 0x5b, 0x3f, 0xc9, 0x33, 0x4c, 0x9b, 0x3e, 0xd8, 0x29, 0x61, - 0x6b, 0x30, 0xba, 0xa1, 0x36, 0xbd, 0x22, 0x33, 0xa1, 0x25, 0x73, 0xab, - 0x5f, 0x6f, 0x35, 0x48, 0xf1, 0xad, 0x96, 0x5f, 0x0d, 0x0c, 0xe5, 0xe9, - 0x8d, 0xf9, 0xed, 0x0c, 0xcf, 0x50, 0x3c, 0x24, 0x34, 0x9b, 0x9e, 0xbc, - 0xf9, 0xfa, 0x19, 0x51, 0x37, 0x03, 0x5c, 0xd0, 0x25, 0x1f, 0xe6, 0xb2, - 0xf7, 0xff, 0x96, 0xb0, 0x61, 0x42, 0xbb, 0xc5, 0x64, 0x5f, 0x3d, 0xaf, - 0x6f, 0x14, 0xcc, 0x92, 0x74, 0x6a, 0x06, 0xfa, 0xb2, 0xd9, 0xe1, 0x4d, - 0x42, 0x76, 0xab, 0x88, 0xe3, 0x08, 0xa2, 0xad, 0x00, 0xb6, 0xf7, 0x78, - 0x0c, 0xba, 0x08, 0x71, 0xbc, 0x8d, 0x98, 0x43, 0x12, 0x63, 0x8d, 0x5e, - 0x1f, 0x49, 0xb9, 0x5f, 0x0d, 0x55, 0x1a, 0x90, 0x63, 0x4c, 0xd8, 0xe8, - 0x0b, 0x9f, 0x3d, 0x10, 0xb4, 0xf9, 0x1b, 0x44, 0x3f, 0x43, 0xad, 0x35, - 0x42, 0x3d, 0x3d, 0x21, 0x8e, 0xa8, 0x08, 0x28, 0x47, 0x19, 0x14, 0x28, - 0x1c, 0x95, 0xb7, 0x5d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, - 0x00, 0x17, 0xd3, 0x1d, 0x45, 0xcd, 0x2b, 0xa7, 0x6a, 0xde, 0x07, 0x31, - 0x97, 0xee, 0xca, 0x22, 0x6b, 0x0a, 0x05, 0xf7, 0xf7, 0x63, 0xad, 0x59, - 0x60, 0x50, 0x36, 0x6b, 0xab, 0x2e, 0x1e, 0x48, 0xfb, 0x2c, 0xa4, 0x98, - 0x82, 0xd8, 0xf1, 0x6f, 0xb6, 0x43, 0xdc, 0xb2, 0x80, 0x7b, 0xa5, 0x9b, - 0x72, 0x25, 0x52, 0x86, 0x8f, 0x83, 0x04, 0x8f, 0x0d, 0x48, 0x40, 0xd2, - 0x81, 0x04, 0xf6, 0x9b, 0x42, 0xee, 0x21, 0x50, 0x62, 0x02, 0x49, 0x3b, - 0x66, 0x2e, 0xe4, 0xe4, 0x56, 0xee, 0x8f, 0xb5, 0x18, 0x1c, 0x0e, 0xb4, - 0x1e, 0x9f, 0x8f, 0x4c, 0x70, 0x6e, 0xbb, 0x95, 0xa9, 0xc7, 0xf1, 0x8d, - 0xda, 0x3a, 0xe7, 0x1f, 0xaf, 0xc8, 0x80, 0x53, 0xe4, 0xbb, 0x39, 0x97, - 0xdd, 0xbf, 0x2f, 0x2c, 0x56, 0xab, 0x86, 0x90, 0x2b, 0xdd, 0xd4, 0x4e, - 0xd4, 0xd5, 0x3d, 0x17, 0xca, 0x8a, 0x5f, 0xb2, 0x41, 0xa1, 0xc6, 0x52, - 0x80, 0xe5, 0xf0, 0x7a, 0xda, 0x35, 0xa5, 0x36, 0xb9, 0x61, 0x15, 0x60, - 0x39, 0x2f, 0x04, 0x1f, 0x6e, 0xee, 0x99, 0xee, 0xa5, 0x21, 0xcc, 0x4f, - 0xa3, 0x4e, 0x06, 0xc5, 0xbc, 0xa5, 0x34, 0xd6, 0x10, 0x57, 0x36, 0x85, - 0xf7, 0x0a, 0x34, 0xfb, 0xa5, 0x6b, 0x71, 0x9c, 0x4a, 0x43, 0x4a, 0xd0, - 0xcb, 0xb4, 0x9a, 0xac, 0x4f, 0x9a, 0x29, 0xe8, 0x68, 0x15, 0x00, 0xe4, - 0x6c, 0x34, 0xc3, 0x73, 0x7e, 0xb5, 0x16, 0x2a, 0x17, 0x37, 0xc0, 0xb6, - 0xaf, 0x81, 0xb4, 0x73, 0xf2, 0xd3, 0x9f, 0xaa, 0x40, 0x73, 0x28, 0x0d, - 0xfd, 0xb4, 0x67, 0x6e, 0x82, 0xa8, 0x13, 0x34, 0xc0, 0x54, 0x88, 0xaf, - 0x85, 0x6f, 0xd8, 0x33, 0x84, 0x82, 0xb5, 0xd0, 0x5f, 0x7f, 0x21, 0xca, - 0x6d, 0x86, 0x74, 0xb3, 0x89, 0x81, 0x19, 0x45, 0x47, 0x38, 0x41, 0x53, - 0x47, 0x86, 0xc6, 0xcd, 0x9d, 0x02, 0x81, 0x81, 0x00, 0xfd, 0x90, 0x23, - 0xf9, 0xba, 0xc5, 0x69, 0x7d, 0x11, 0xed, 0x69, 0x57, 0x73, 0x1d, 0x06, - 0xe8, 0x1b, 0x37, 0x00, 0x69, 0x95, 0xc5, 0x63, 0x86, 0x3f, 0xda, 0xb4, - 0x11, 0xad, 0x69, 0x55, 0xf4, 0x76, 0x3c, 0xa0, 0x95, 0x65, 0x60, 0x29, - 0xb9, 0x69, 0x79, 0xca, 0x74, 0x50, 0xe3, 0x98, 0xc7, 0x90, 0xd7, 0xb8, - 0xd4, 0xc5, 0x51, 0x10, 0xa3, 0x10, 0x72, 0xf3, 0xdc, 0x91, 0xb4, 0xee, - 0xdd, 0x9a, 0x57, 0xf1, 0x1b, 0x0e, 0xba, 0x0f, 0x67, 0x1a, 0x94, 0x86, - 0x36, 0x69, 0x20, 0xd5, 0x6b, 0x80, 0x50, 0x7d, 0x20, 0x53, 0xeb, 0xed, - 0x8a, 0xc5, 0xbc, 0xcb, 0x13, 0xb9, 0x0d, 0x49, 0x22, 0x7c, 0xeb, 0xa6, - 0x97, 0x5a, 0x5b, 0x92, 0x3a, 0x3d, 0x93, 0x5b, 0x86, 0x2c, 0x75, 0x0b, - 0xfa, 0x68, 0xa6, 0xc1, 0x68, 0x07, 0x37, 0x01, 0x9b, 0xd1, 0x51, 0xfe, - 0xc0, 0x4c, 0x2d, 0x15, 0x9f, 0x02, 0x81, 0x81, 0x00, 0xf4, 0xbe, 0xc1, - 0x32, 0xad, 0xca, 0x28, 0x37, 0x7c, 0x17, 0x99, 0xde, 0x64, 0x9b, 0xc1, - 0xf8, 0x23, 0x6a, 0xde, 0xd8, 0x01, 0x59, 0x09, 0x10, 0x67, 0xb8, 0x27, - 0xc5, 0xe6, 0xee, 0xf8, 0x16, 0x7c, 0x46, 0xa0, 0x0b, 0x00, 0xf9, 0xff, - 0x72, 0x4b, 0xde, 0x65, 0x65, 0xb6, 0xaa, 0x44, 0x1a, 0xbc, 0xdf, 0x13, - 0x15, 0x08, 0x80, 0xa5, 0xb4, 0xdd, 0xcd, 0xe0, 0x34, 0x4a, 0x85, 0x31, - 0x82, 0x17, 0x57, 0x5a, 0xea, 0x21, 0x38, 0x26, 0xdf, 0x48, 0x59, 0x1d, - 0x58, 0x5b, 0x9f, 0x04, 0x12, 0xee, 0x5b, 0xa2, 0xa9, 0xb3, 0xfe, 0x83, - 0xa7, 0xda, 0x47, 0xc6, 0xfb, 0x89, 0x77, 0x1f, 0x3a, 0xbc, 0x7c, 0xc7, - 0x13, 0xc9, 0xb8, 0xdc, 0xb0, 0x9e, 0xa7, 0x2a, 0xa5, 0x2c, 0x3b, 0x96, - 0xe2, 0x2e, 0xc0, 0xcf, 0xfa, 0x0c, 0xe0, 0x2d, 0xad, 0xaa, 0x7f, 0x85, - 0x4b, 0x6f, 0x04, 0xf9, 0x83, 0x02, 0x81, 0x81, 0x00, 0xca, 0x8f, 0xd2, - 0xdd, 0x96, 0xc2, 0x4c, 0x52, 0x58, 0xf7, 0x03, 0x77, 0x94, 0x03, 0x75, - 0x58, 0x09, 0x1d, 0xb8, 0x5b, 0xa1, 0x05, 0x4e, 0x4b, 0x9a, 0x49, 0x5a, - 0x1e, 0xe1, 0x1c, 0xcc, 0x48, 0xfe, 0x07, 0xd2, 0xf5, 0x66, 0x46, 0x1b, - 0x2e, 0xfe, 0xbf, 0x07, 0xe8, 0x42, 0x12, 0x80, 0x23, 0xb5, 0x67, 0x50, - 0x45, 0xd1, 0xd7, 0xbf, 0xe5, 0xb4, 0xa7, 0x50, 0x7f, 0x3d, 0x7b, 0x80, - 0x73, 0x51, 0xf0, 0xbd, 0x31, 0x33, 0x63, 0x9a, 0x18, 0x70, 0xd8, 0x84, - 0x1b, 0x85, 0x82, 0x70, 0x5c, 0x6f, 0xe6, 0x5c, 0xff, 0x6d, 0x6b, 0x85, - 0x99, 0x9d, 0xfc, 0x03, 0x73, 0x9f, 0x1a, 0xa8, 0xf9, 0x3f, 0x38, 0x76, - 0x1e, 0x65, 0x55, 0xd0, 0x0c, 0x6c, 0xd2, 0x82, 0x84, 0x3e, 0x91, 0xc6, - 0xde, 0xe5, 0xa9, 0x89, 0xca, 0x54, 0x31, 0x32, 0x3c, 0xcb, 0x4c, 0xa8, - 0xa9, 0xf0, 0x70, 0xf7, 0xdb, 0x02, 0x81, 0x80, 0x62, 0x16, 0xd9, 0xa3, - 0x90, 0x17, 0x87, 0x8a, 0xc5, 0x47, 0x48, 0x39, 0xe3, 0xa4, 0xb1, 0x56, - 0xdc, 0x0b, 0x07, 0x09, 0x17, 0x71, 0x31, 0xba, 0xcb, 0x76, 0xf9, 0x29, - 0xcd, 0xe6, 0x54, 0xb3, 0xde, 0x57, 0x07, 0xe9, 0xa1, 0x18, 0x91, 0x12, - 0xa3, 0xe9, 0x9c, 0x45, 0xe9, 0xb1, 0xcf, 0xdd, 0xcf, 0x78, 0xb0, 0x53, - 0x2b, 0xb7, 0x33, 0xb2, 0x8b, 0x7a, 0xe9, 0xb2, 0xcb, 0x73, 0x1a, 0x66, - 0x83, 0x28, 0x55, 0x9d, 0xa4, 0x76, 0xb6, 0xcd, 0xa2, 0x57, 0x64, 0xf5, - 0x76, 0xb3, 0x02, 0x94, 0xfb, 0xc6, 0xea, 0x28, 0x8d, 0xa5, 0x21, 0xea, - 0xf2, 0x06, 0xf6, 0x6e, 0xf5, 0xa7, 0x32, 0x72, 0xfd, 0xfc, 0x1c, 0x65, - 0x87, 0xe1, 0x79, 0x41, 0xa8, 0x34, 0x63, 0x59, 0x13, 0xa3, 0x46, 0x53, - 0x9c, 0x5d, 0x56, 0x7d, 0x67, 0x0f, 0xa9, 0xff, 0x02, 0x68, 0x5d, 0x69, - 0xe0, 0x32, 0xe4, 0x35, 0x02, 0x81, 0x80, 0x55, 0xf8, 0x25, 0x84, 0x94, - 0xad, 0x50, 0xab, 0x49, 0x38, 0x30, 0xaf, 0xde, 0x53, 0xdc, 0x27, 0x08, - 0x25, 0x27, 0x5a, 0xd2, 0xe5, 0x21, 0x50, 0xde, 0x6d, 0x6b, 0xc7, 0x17, - 0xae, 0x21, 0xb6, 0xcb, 0xe9, 0x24, 0x7c, 0x76, 0x32, 0xe3, 0xcb, 0xba, - 0xee, 0x61, 0xd2, 0x79, 0xf2, 0x88, 0x12, 0x1c, 0x9f, 0x29, 0xb3, 0x6a, - 0x73, 0x16, 0xfc, 0x35, 0xcf, 0xe7, 0x68, 0xec, 0x47, 0xf7, 0xfb, 0x2d, - 0x18, 0xff, 0xa8, 0xbf, 0xe1, 0xe8, 0x64, 0xa0, 0x98, 0x4a, 0x70, 0x07, - 0x5d, 0xb1, 0x8e, 0x6e, 0x15, 0x4e, 0x0d, 0x28, 0x61, 0xb1, 0x37, 0x21, - 0xcb, 0xba, 0x1d, 0x1b, 0xff, 0x06, 0x9f, 0xbe, 0xbc, 0xa9, 0x93, 0x77, - 0x07, 0xc1, 0xc0, 0x1a, 0x4b, 0x13, 0xee, 0xa3, 0xdb, 0x7e, 0x99, 0x94, - 0xcc, 0x5b, 0x88, 0xfb, 0xb9, 0x77, 0x3c, 0x81, 0x80, 0x5d, 0xef, 0x3e, - 0xf8, 0x6e, 0xfa -}; -unsigned int rsa2048_der_len = 1191; - -unsigned char rsa2048_pub_der[] = { - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf2, 0x6a, 0x52, - 0xa0, 0x96, 0xc5, 0xb7, 0x86, 0x6f, 0xc4, 0x35, 0x39, 0x5e, 0x28, 0xd3, - 0xa6, 0xab, 0x80, 0x6a, 0xbb, 0x07, 0x10, 0x74, 0xea, 0xe0, 0xfc, 0xef, - 0x54, 0xb0, 0x5e, 0x66, 0x34, 0x21, 0x89, 0x35, 0x09, 0xb7, 0x46, 0xf8, - 0xb6, 0xf8, 0x86, 0xc0, 0x55, 0xc6, 0xc5, 0x2e, 0x36, 0xcc, 0xb7, 0x24, - 0x5e, 0x56, 0xba, 0x2b, 0x8d, 0xfb, 0x8d, 0x7b, 0xe1, 0x4b, 0x9e, 0xdf, - 0x08, 0x5c, 0xb2, 0x28, 0xc0, 0x79, 0x45, 0xd1, 0xf3, 0x9c, 0x70, 0xd8, - 0xaf, 0x50, 0x1c, 0xc3, 0x10, 0x24, 0x84, 0xc1, 0xb1, 0x36, 0x3f, 0xd4, - 0xbf, 0x10, 0x18, 0xf9, 0xd0, 0x72, 0xea, 0xce, 0xbf, 0x34, 0x8e, 0xb5, - 0x97, 0xcb, 0x8a, 0x5e, 0x8e, 0x7d, 0xed, 0x1f, 0xe3, 0xa9, 0xde, 0x5b, - 0x3f, 0xc9, 0x33, 0x4c, 0x9b, 0x3e, 0xd8, 0x29, 0x61, 0x6b, 0x30, 0xba, - 0xa1, 0x36, 0xbd, 0x22, 0x33, 0xa1, 0x25, 0x73, 0xab, 0x5f, 0x6f, 0x35, - 0x48, 0xf1, 0xad, 0x96, 0x5f, 0x0d, 0x0c, 0xe5, 0xe9, 0x8d, 0xf9, 0xed, - 0x0c, 0xcf, 0x50, 0x3c, 0x24, 0x34, 0x9b, 0x9e, 0xbc, 0xf9, 0xfa, 0x19, - 0x51, 0x37, 0x03, 0x5c, 0xd0, 0x25, 0x1f, 0xe6, 0xb2, 0xf7, 0xff, 0x96, - 0xb0, 0x61, 0x42, 0xbb, 0xc5, 0x64, 0x5f, 0x3d, 0xaf, 0x6f, 0x14, 0xcc, - 0x92, 0x74, 0x6a, 0x06, 0xfa, 0xb2, 0xd9, 0xe1, 0x4d, 0x42, 0x76, 0xab, - 0x88, 0xe3, 0x08, 0xa2, 0xad, 0x00, 0xb6, 0xf7, 0x78, 0x0c, 0xba, 0x08, - 0x71, 0xbc, 0x8d, 0x98, 0x43, 0x12, 0x63, 0x8d, 0x5e, 0x1f, 0x49, 0xb9, - 0x5f, 0x0d, 0x55, 0x1a, 0x90, 0x63, 0x4c, 0xd8, 0xe8, 0x0b, 0x9f, 0x3d, - 0x10, 0xb4, 0xf9, 0x1b, 0x44, 0x3f, 0x43, 0xad, 0x35, 0x42, 0x3d, 0x3d, - 0x21, 0x8e, 0xa8, 0x08, 0x28, 0x47, 0x19, 0x14, 0x28, 0x1c, 0x95, 0xb7, - 0x5d, 0x02, 0x03, 0x01, 0x00, 0x01 -}; -unsigned int rsa2048_pub_der_len = 294; - -unsigned char rsa1024_cert_der[] = { - 0x30, 0x82, 0x02, 0xb4, 0x30, 0x82, 0x02, 0x1d, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x09, 0x00, 0xc4, 0x52, 0xc1, 0x4a, 0x9e, 0x74, 0xe8, 0xa8, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x05, 0x05, 0x00, 0x30, 0x73, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0c, 0x08, 0x4d, 0x61, 0x72, 0x79, 0x6c, 0x61, 0x6e, - 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08, - 0x43, 0x6f, 0x6c, 0x75, 0x6d, 0x62, 0x69, 0x61, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x43, 0x6f, 0x6d, 0x63, 0x61, - 0x73, 0x74, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, - 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x31, 0x1b, 0x30, 0x19, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, - 0x2e, 0x63, 0x6f, 0x6d, 0x63, 0x61, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x36, 0x32, 0x33, 0x30, 0x33, - 0x30, 0x35, 0x31, 0x36, 0x5a, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x37, 0x32, - 0x33, 0x30, 0x33, 0x30, 0x35, 0x31, 0x36, 0x5a, 0x30, 0x73, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x08, 0x4d, 0x61, - 0x72, 0x79, 0x6c, 0x61, 0x6e, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x0c, 0x08, 0x43, 0x6f, 0x6c, 0x75, 0x6d, 0x62, 0x69, - 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, - 0x43, 0x6f, 0x6d, 0x63, 0x61, 0x73, 0x74, 0x31, 0x0f, 0x30, 0x0d, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x63, - 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x2e, 0x63, 0x6f, 0x6d, 0x63, 0x61, 0x73, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, - 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc4, 0x32, - 0x70, 0x15, 0xb3, 0x53, 0xd5, 0xaf, 0x26, 0xc2, 0xcd, 0x6e, 0x87, 0x9f, - 0x13, 0x10, 0x9e, 0x3d, 0x8d, 0x6c, 0xb4, 0x1e, 0xc8, 0xbb, 0xf1, 0xbf, - 0x7a, 0xc0, 0xce, 0xbf, 0x5c, 0x00, 0x1f, 0x83, 0xd8, 0xe3, 0xf7, 0xe8, - 0xa3, 0x79, 0x61, 0xd4, 0x3a, 0xae, 0x49, 0x6d, 0x38, 0x1d, 0x12, 0x74, - 0xba, 0x9c, 0xb4, 0x38, 0x61, 0x6b, 0x44, 0x1d, 0xac, 0xf7, 0xa7, 0x7d, - 0x8a, 0x80, 0x9f, 0x56, 0x67, 0xb2, 0xe5, 0x45, 0xbc, 0x0d, 0xde, 0xde, - 0x63, 0x06, 0x13, 0x4d, 0x06, 0x2e, 0xe2, 0xf9, 0xfa, 0xe4, 0x3b, 0xa6, - 0xa0, 0x49, 0xbb, 0x11, 0x23, 0xf8, 0x68, 0x85, 0x3c, 0x1b, 0x92, 0xe1, - 0x6c, 0x42, 0x37, 0xe3, 0x1b, 0x7c, 0x7a, 0x25, 0x91, 0x30, 0xd5, 0xa5, - 0xf3, 0xbb, 0x91, 0x23, 0xdf, 0x23, 0x94, 0xb8, 0xf2, 0x61, 0x4f, 0xba, - 0x73, 0xd1, 0x4b, 0x2b, 0x89, 0x8f, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, - 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, - 0x04, 0x14, 0x76, 0x63, 0x9b, 0x06, 0xa5, 0x12, 0x26, 0xa5, 0x89, 0xc6, - 0x6c, 0x57, 0x5b, 0x4a, 0x3e, 0x47, 0xb0, 0xa4, 0x0b, 0x1a, 0x30, 0x1f, - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x76, - 0x63, 0x9b, 0x06, 0xa5, 0x12, 0x26, 0xa5, 0x89, 0xc6, 0x6c, 0x57, 0x5b, - 0x4a, 0x3e, 0x47, 0xb0, 0xa4, 0x0b, 0x1a, 0x30, 0x0c, 0x06, 0x03, 0x55, - 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, - 0x03, 0x81, 0x81, 0x00, 0x33, 0xbe, 0xfe, 0x79, 0xdb, 0x9b, 0xc2, 0x09, - 0xb8, 0x9c, 0x51, 0x6a, 0x2b, 0x5f, 0xe5, 0xc6, 0xc6, 0xd2, 0x72, 0x5d, - 0x56, 0x24, 0xa1, 0xa5, 0xac, 0x28, 0xbc, 0xba, 0x60, 0xb9, 0xd6, 0x30, - 0x39, 0x4e, 0x89, 0xc9, 0x41, 0x89, 0x37, 0xf0, 0xeb, 0xee, 0x09, 0x31, - 0xb0, 0x34, 0xed, 0xf6, 0x8f, 0x70, 0xd3, 0x65, 0x81, 0x18, 0x1c, 0xbe, - 0xd0, 0x08, 0x94, 0x1d, 0x80, 0x92, 0x72, 0x8f, 0x16, 0xa4, 0xac, 0xf4, - 0x7d, 0x1e, 0xe1, 0x8b, 0xe7, 0x79, 0x26, 0x4b, 0xc8, 0x17, 0x3e, 0x19, - 0xf5, 0x50, 0x07, 0xd0, 0x85, 0xb6, 0xeb, 0x56, 0xff, 0xdb, 0xe2, 0x28, - 0x42, 0x58, 0x52, 0xf3, 0xef, 0x6a, 0xf8, 0x86, 0xae, 0x9e, 0xa2, 0x7c, - 0xa2, 0xb7, 0x87, 0x90, 0x1b, 0x48, 0xdc, 0x7d, 0x2a, 0xf2, 0x0c, 0x55, - 0xf3, 0x34, 0x79, 0xb3, 0x87, 0x67, 0x18, 0x29, 0xc8, 0x3a, 0xc9, 0xe3 -}; -unsigned int rsa1024_cert_der_len = 696; - -unsigned char rsa2048_cert_der[] = { - 0x30, 0x82, 0x03, 0xb9, 0x30, 0x82, 0x02, 0xa1, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x09, 0x00, 0xee, 0x91, 0x7a, 0x08, 0x9a, 0x55, 0x9f, 0x5f, - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x05, 0x05, 0x00, 0x30, 0x73, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0c, 0x08, 0x4d, 0x61, 0x72, 0x79, 0x6c, 0x61, 0x6e, - 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x08, - 0x43, 0x6f, 0x6c, 0x75, 0x6d, 0x62, 0x69, 0x61, 0x31, 0x0f, 0x30, 0x0d, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x65, - 0x63, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, - 0x43, 0x6f, 0x6d, 0x63, 0x61, 0x73, 0x74, 0x31, 0x1b, 0x30, 0x19, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, - 0x2e, 0x63, 0x6f, 0x6d, 0x63, 0x61, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x36, 0x32, 0x33, 0x30, 0x33, - 0x30, 0x36, 0x30, 0x37, 0x5a, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x37, 0x32, - 0x33, 0x30, 0x33, 0x30, 0x36, 0x30, 0x37, 0x5a, 0x30, 0x73, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x08, 0x4d, 0x61, - 0x72, 0x79, 0x6c, 0x61, 0x6e, 0x64, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x0c, 0x08, 0x43, 0x6f, 0x6c, 0x75, 0x6d, 0x62, 0x69, - 0x61, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x06, - 0x43, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x43, 0x6f, 0x6d, 0x63, 0x61, 0x73, 0x74, - 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x63, - 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x2e, 0x63, 0x6f, 0x6d, 0x63, 0x61, 0x73, - 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xf2, 0x6a, 0x52, 0xa0, 0x96, 0xc5, 0xb7, 0x86, 0x6f, 0xc4, - 0x35, 0x39, 0x5e, 0x28, 0xd3, 0xa6, 0xab, 0x80, 0x6a, 0xbb, 0x07, 0x10, - 0x74, 0xea, 0xe0, 0xfc, 0xef, 0x54, 0xb0, 0x5e, 0x66, 0x34, 0x21, 0x89, - 0x35, 0x09, 0xb7, 0x46, 0xf8, 0xb6, 0xf8, 0x86, 0xc0, 0x55, 0xc6, 0xc5, - 0x2e, 0x36, 0xcc, 0xb7, 0x24, 0x5e, 0x56, 0xba, 0x2b, 0x8d, 0xfb, 0x8d, - 0x7b, 0xe1, 0x4b, 0x9e, 0xdf, 0x08, 0x5c, 0xb2, 0x28, 0xc0, 0x79, 0x45, - 0xd1, 0xf3, 0x9c, 0x70, 0xd8, 0xaf, 0x50, 0x1c, 0xc3, 0x10, 0x24, 0x84, - 0xc1, 0xb1, 0x36, 0x3f, 0xd4, 0xbf, 0x10, 0x18, 0xf9, 0xd0, 0x72, 0xea, - 0xce, 0xbf, 0x34, 0x8e, 0xb5, 0x97, 0xcb, 0x8a, 0x5e, 0x8e, 0x7d, 0xed, - 0x1f, 0xe3, 0xa9, 0xde, 0x5b, 0x3f, 0xc9, 0x33, 0x4c, 0x9b, 0x3e, 0xd8, - 0x29, 0x61, 0x6b, 0x30, 0xba, 0xa1, 0x36, 0xbd, 0x22, 0x33, 0xa1, 0x25, - 0x73, 0xab, 0x5f, 0x6f, 0x35, 0x48, 0xf1, 0xad, 0x96, 0x5f, 0x0d, 0x0c, - 0xe5, 0xe9, 0x8d, 0xf9, 0xed, 0x0c, 0xcf, 0x50, 0x3c, 0x24, 0x34, 0x9b, - 0x9e, 0xbc, 0xf9, 0xfa, 0x19, 0x51, 0x37, 0x03, 0x5c, 0xd0, 0x25, 0x1f, - 0xe6, 0xb2, 0xf7, 0xff, 0x96, 0xb0, 0x61, 0x42, 0xbb, 0xc5, 0x64, 0x5f, - 0x3d, 0xaf, 0x6f, 0x14, 0xcc, 0x92, 0x74, 0x6a, 0x06, 0xfa, 0xb2, 0xd9, - 0xe1, 0x4d, 0x42, 0x76, 0xab, 0x88, 0xe3, 0x08, 0xa2, 0xad, 0x00, 0xb6, - 0xf7, 0x78, 0x0c, 0xba, 0x08, 0x71, 0xbc, 0x8d, 0x98, 0x43, 0x12, 0x63, - 0x8d, 0x5e, 0x1f, 0x49, 0xb9, 0x5f, 0x0d, 0x55, 0x1a, 0x90, 0x63, 0x4c, - 0xd8, 0xe8, 0x0b, 0x9f, 0x3d, 0x10, 0xb4, 0xf9, 0x1b, 0x44, 0x3f, 0x43, - 0xad, 0x35, 0x42, 0x3d, 0x3d, 0x21, 0x8e, 0xa8, 0x08, 0x28, 0x47, 0x19, - 0x14, 0x28, 0x1c, 0x95, 0xb7, 0x5d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, - 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, - 0x04, 0x14, 0xf0, 0xe1, 0x4e, 0x26, 0x9b, 0xa4, 0xc8, 0x7c, 0x24, 0x2d, - 0xa2, 0xdc, 0x5e, 0x3e, 0xb8, 0x64, 0xb0, 0xb7, 0x3e, 0x96, 0x30, 0x1f, - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xf0, - 0xe1, 0x4e, 0x26, 0x9b, 0xa4, 0xc8, 0x7c, 0x24, 0x2d, 0xa2, 0xdc, 0x5e, - 0x3e, 0xb8, 0x64, 0xb0, 0xb7, 0x3e, 0x96, 0x30, 0x0c, 0x06, 0x03, 0x55, - 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x68, 0x60, 0x3a, 0x9a, 0xcf, 0x75, 0x6c, - 0x09, 0xab, 0x9a, 0x4a, 0x0d, 0x9b, 0xe4, 0x7f, 0xdc, 0x7a, 0xa9, 0xfa, - 0x06, 0xb4, 0xc4, 0xca, 0xcf, 0xa0, 0x38, 0x7f, 0xdf, 0xc2, 0x4d, 0x4a, - 0x94, 0x82, 0x33, 0x83, 0x9a, 0x7b, 0x9b, 0x84, 0xf7, 0xfd, 0xb3, 0x93, - 0x22, 0xd0, 0xb2, 0x73, 0xa8, 0x54, 0x45, 0xb0, 0x05, 0xac, 0x1a, 0xff, - 0x60, 0x03, 0x54, 0xa7, 0x0d, 0xcb, 0x8d, 0xeb, 0x62, 0x59, 0xcb, 0x8b, - 0xfa, 0x7f, 0x8d, 0xd8, 0xa4, 0x64, 0x3a, 0x3e, 0xdc, 0x5d, 0xb9, 0xc0, - 0x27, 0x50, 0xd0, 0x54, 0x62, 0x1e, 0xe7, 0x7f, 0x66, 0xa8, 0xdf, 0xbc, - 0x6a, 0x17, 0xf1, 0xcd, 0x45, 0x76, 0x34, 0xc3, 0x6c, 0x6f, 0xac, 0x85, - 0x50, 0xdc, 0xd4, 0xf0, 0xdd, 0x85, 0xfa, 0x75, 0x23, 0x45, 0x12, 0x90, - 0x0d, 0xf2, 0xc9, 0x43, 0x83, 0x4c, 0x97, 0xfd, 0x76, 0x64, 0xa8, 0x80, - 0x15, 0x45, 0x4a, 0xa4, 0x36, 0xc7, 0xa5, 0x12, 0x09, 0x4d, 0xc1, 0xdb, - 0xc0, 0xbe, 0x58, 0x9b, 0x16, 0xe6, 0x6f, 0x63, 0xed, 0x5c, 0x62, 0xd6, - 0x23, 0xb0, 0x26, 0x46, 0xb1, 0x98, 0x5c, 0x94, 0x72, 0x86, 0x2f, 0x26, - 0xa1, 0x91, 0x68, 0x4a, 0x5c, 0x01, 0x8b, 0x44, 0x00, 0xea, 0xa4, 0x61, - 0x85, 0x4b, 0xd4, 0xc3, 0x50, 0x16, 0x97, 0xa4, 0x6f, 0x56, 0x2f, 0x2a, - 0xf0, 0x6e, 0x3f, 0x35, 0x6e, 0xe5, 0x27, 0x3c, 0x76, 0xa9, 0x91, 0x6b, - 0x1f, 0x1e, 0x73, 0x82, 0x61, 0xcc, 0x06, 0x2d, 0xae, 0x12, 0x49, 0x66, - 0xa6, 0x86, 0x39, 0x65, 0x00, 0x77, 0x22, 0x92, 0x64, 0x9c, 0x12, 0x30, - 0x24, 0x75, 0x8b, 0xd7, 0x02, 0x7a, 0x5b, 0xbe, 0x15, 0xda, 0x0e, 0xac, - 0x9c, 0xfe, 0xb1, 0xc8, 0x6c, 0x25, 0xf8, 0xea, 0x0a, 0x69, 0x64, 0xb7, - 0x5e, 0x60, 0x65, 0xba, 0x02, 0xe4, 0xf5, 0x66, 0x07 -}; -unsigned int rsa2048_cert_der_len = 957; - -unsigned char ecc_der[] = { - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x4d, 0xef, 0x8c, 0x19, 0x60, - 0xf5, 0xd6, 0x78, 0x18, 0x84, 0x4d, 0xe6, 0xe3, 0x2f, 0x19, 0x4f, 0xcd, - 0x10, 0xc5, 0xfd, 0x55, 0x54, 0xc1, 0x7e, 0x95, 0x4e, 0xbc, 0xe1, 0xba, - 0xba, 0x56, 0xc6, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x7f, 0xd8, 0x8a, - 0x21, 0x09, 0x41, 0xb2, 0x02, 0x5b, 0x1d, 0xb0, 0x2e, 0xa5, 0x04, 0x6e, - 0xae, 0xae, 0x21, 0xd8, 0x02, 0x8e, 0xaa, 0x3b, 0x68, 0x03, 0x6e, 0x25, - 0xd6, 0x2c, 0x08, 0xff, 0xa6, 0x13, 0x5a, 0x8c, 0x14, 0xe0, 0x93, 0x66, - 0xa2, 0x25, 0x46, 0x75, 0x8f, 0xd6, 0x87, 0x79, 0xb4, 0xc2, 0x62, 0x7e, - 0xa8, 0xed, 0x45, 0xb1, 0xe5, 0x91, 0xb6, 0x2b, 0xd4, 0x2a, 0xbb, 0x2d, - 0x94 -}; -unsigned int ecc_der_len = 121; - -unsigned char ecc_pub_der[] = { - 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, - 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, - 0x42, 0x00, 0x04, 0x7f, 0xd8, 0x8a, 0x21, 0x09, 0x41, 0xb2, 0x02, 0x5b, - 0x1d, 0xb0, 0x2e, 0xa5, 0x04, 0x6e, 0xae, 0xae, 0x21, 0xd8, 0x02, 0x8e, - 0xaa, 0x3b, 0x68, 0x03, 0x6e, 0x25, 0xd6, 0x2c, 0x08, 0xff, 0xa6, 0x13, - 0x5a, 0x8c, 0x14, 0xe0, 0x93, 0x66, 0xa2, 0x25, 0x46, 0x75, 0x8f, 0xd6, - 0x87, 0x79, 0xb4, 0xc2, 0x62, 0x7e, 0xa8, 0xed, 0x45, 0xb1, 0xe5, 0x91, - 0xb6, 0x2b, 0xd4, 0x2a, 0xbb, 0x2d, 0x94 -}; -unsigned int ecc_pub_der_len = 91; - - - -unsigned char ecc_cert_der[] = { - 0x30, 0x82, 0x01, 0x7a, 0x30, 0x82, 0x01, 0x20, 0x02, 0x09, 0x00, 0xa6, - 0x4e, 0x60, 0x8c, 0xa5, 0xe7, 0x04, 0x98, 0x30, 0x0a, 0x06, 0x08, 0x2a, - 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x45, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, - 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, - 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, - 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, - 0x31, 0x30, 0x30, 0x39, 0x31, 0x38, 0x31, 0x35, 0x33, 0x31, 0x5a, 0x17, - 0x0d, 0x31, 0x38, 0x31, 0x31, 0x30, 0x38, 0x31, 0x38, 0x31, 0x35, 0x33, - 0x31, 0x5a, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, - 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, - 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, - 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, - 0x64, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, - 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, - 0x03, 0x42, 0x00, 0x04, 0x7f, 0xd8, 0x8a, 0x21, 0x09, 0x41, 0xb2, 0x02, - 0x5b, 0x1d, 0xb0, 0x2e, 0xa5, 0x04, 0x6e, 0xae, 0xae, 0x21, 0xd8, 0x02, - 0x8e, 0xaa, 0x3b, 0x68, 0x03, 0x6e, 0x25, 0xd6, 0x2c, 0x08, 0xff, 0xa6, - 0x13, 0x5a, 0x8c, 0x14, 0xe0, 0x93, 0x66, 0xa2, 0x25, 0x46, 0x75, 0x8f, - 0xd6, 0x87, 0x79, 0xb4, 0xc2, 0x62, 0x7e, 0xa8, 0xed, 0x45, 0xb1, 0xe5, - 0x91, 0xb6, 0x2b, 0xd4, 0x2a, 0xbb, 0x2d, 0x94, 0x30, 0x0a, 0x06, 0x08, - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, - 0x45, 0x02, 0x21, 0x00, 0xad, 0xfc, 0x19, 0xb8, 0xc3, 0x87, 0x8d, 0x52, - 0x3a, 0xf5, 0x83, 0xc6, 0x58, 0xc5, 0x86, 0x3b, 0xd5, 0xce, 0x74, 0x85, - 0x66, 0xd5, 0xbc, 0xfe, 0x5f, 0xd1, 0x75, 0xe3, 0x42, 0xe1, 0x5a, 0x00, - 0x02, 0x20, 0x7c, 0x9c, 0xb8, 0x45, 0x9e, 0xe7, 0x3a, 0x52, 0x9b, 0x2c, - 0x92, 0xf3, 0x1b, 0x93, 0x65, 0x47, 0xb3, 0xf1, 0x1b, 0xf4, 0xf6, 0x50, - 0xd2, 0xf4, 0xcb, 0x25, 0x38, 0x21, 0xcb, 0x43, 0xae, 0x7a -}; -unsigned int ecc_cert_der_len = 382; - -struct TestKeyData { - Sec_KeyType type; - Sec_KeyContainer kc; - SEC_BYTE *buffer; - SEC_SIZE buffer_len; -}; - -static TestKeyData g_keyData[TESTKEY_NUM] = { - { SEC_KEYTYPE_AES_128, SEC_KEYCONTAINER_RAW_AES_128, sym128_a_bin, sym128_a_bin_len }, //TESTKEY_AES128_A - { SEC_KEYTYPE_AES_256, SEC_KEYCONTAINER_RAW_AES_256, sym256_a_bin, sym256_a_bin_len }, //TESTKEY_AES256_A - { SEC_KEYTYPE_HMAC_128, SEC_KEYCONTAINER_RAW_HMAC_128, sym128_a_bin, sym128_a_bin_len }, //TESTKEY_HMAC128_A - { SEC_KEYTYPE_HMAC_160, SEC_KEYCONTAINER_RAW_HMAC_160, sym160_a_bin, sym160_a_bin_len }, //TESTKEY_HMAC160_A - { SEC_KEYTYPE_HMAC_256, SEC_KEYCONTAINER_RAW_HMAC_256, sym256_a_bin, sym256_a_bin_len }, //TESTKEY_HMAC256_A - { SEC_KEYTYPE_RSA_1024, SEC_KEYCONTAINER_DER_RSA_1024, rsa1024_der, rsa1024_der_len }, //TESTKEY_RSA1024_SGN_PRIV - { SEC_KEYTYPE_RSA_1024_PUBLIC, SEC_KEYCONTAINER_DER_RSA_1024_PUBLIC, rsa1024_pub_der, rsa1024_pub_der_len }, //TESTKEY_RSA1024_SGN_PUB - { SEC_KEYTYPE_RSA_1024, SEC_KEYCONTAINER_DER_RSA_1024, rsa1024_der, rsa1024_der_len }, //TESTKEY_RSA1024_ENC_PRIV - { SEC_KEYTYPE_RSA_1024_PUBLIC, SEC_KEYCONTAINER_DER_RSA_1024_PUBLIC, rsa1024_pub_der, rsa1024_pub_der_len }, //TESTKEY_RSA1024_ENC_PUB - { SEC_KEYTYPE_RSA_1024, SEC_KEYCONTAINER_DER_RSA_1024, rsa1024_der, rsa1024_der_len }, //TESTKEY_RSA1024_KEK_PRIV - { SEC_KEYTYPE_RSA_1024_PUBLIC, SEC_KEYCONTAINER_DER_RSA_1024_PUBLIC, rsa1024_pub_der, rsa1024_pub_der_len }, //TESTKEY_RSA1024_KEK_PUB - { SEC_KEYTYPE_RSA_2048, SEC_KEYCONTAINER_DER_RSA_2048, rsa2048_der, rsa2048_der_len }, //TESTKEY_RSA2048_SGN_PRIV - { SEC_KEYTYPE_RSA_2048_PUBLIC, SEC_KEYCONTAINER_DER_RSA_2048_PUBLIC, rsa2048_pub_der, rsa2048_pub_der_len }, //TESTKEY_RSA2048_SGN_PUB - { SEC_KEYTYPE_RSA_2048, SEC_KEYCONTAINER_DER_RSA_2048, rsa2048_der, rsa2048_der_len }, //TESTKEY_RSA2048_ENC_PRIV - { SEC_KEYTYPE_RSA_2048_PUBLIC, SEC_KEYCONTAINER_DER_RSA_2048_PUBLIC, rsa2048_pub_der, rsa2048_pub_der_len }, //TESTKEY_RSA2048_ENC_PUB - { SEC_KEYTYPE_RSA_2048, SEC_KEYCONTAINER_DER_RSA_2048, rsa2048_der, rsa2048_der_len }, //TESTKEY_RSA2048_KEK_PRIV - { SEC_KEYTYPE_RSA_2048_PUBLIC, SEC_KEYCONTAINER_DER_RSA_2048_PUBLIC, rsa2048_pub_der, rsa2048_pub_der_len }, //TESTKEY_RSA2048_KEK_PUB - { SEC_KEYTYPE_ECC_NISTP256, SEC_KEYCONTAINER_DER_ECC_NISTP256, ecc_der, ecc_der_len }, //TESTKEY_ECC - { SEC_KEYTYPE_ECC_NISTP256_PUBLIC, SEC_KEYCONTAINER_DER_ECC_NISTP256_PUBLIC, ecc_pub_der, ecc_pub_der_len }, //TESTKEY_ECC_PUB - }; - -struct TestCertData { - Sec_CertificateContainer cc; - SEC_BYTE *buffer; - SEC_SIZE buffer_len; -}; - -static TestCertData g_certData[TESTKEY_NUM] = { - { SEC_CERTIFICATECONTAINER_X509_DER, rsa1024_cert_der, rsa1024_cert_der_len }, //TESTCERT_RSA1024 - { SEC_CERTIFICATECONTAINER_X509_DER, rsa2048_cert_der, rsa2048_cert_der_len }, //TESTCERT_RSA2048 - { SEC_CERTIFICATECONTAINER_X509_DER, ecc_cert_der, ecc_cert_der_len }, //TESTCERT_EC - }; - -static Sec_Result _BigNumToBuffer(const BIGNUM *bignum, SEC_BYTE *buffer, SEC_SIZE buffer_len) -{ - SEC_SIZE num_bytes; - - memset(buffer, 0, buffer_len); - num_bytes = BN_num_bytes(bignum); - - if (num_bytes > buffer_len) { - SEC_LOG_ERROR("buffer not large enough. needed: %d, actual: %d", num_bytes, buffer_len); - return SEC_RESULT_FAILURE; - } - - BN_bn2bin(bignum, buffer + buffer_len - num_bytes); - - return SEC_RESULT_SUCCESS; -} - -ProvKey* TestCreds::getKey(TestKey key, TestKc kc, SEC_OBJECTID id) { - if (key >= TESTKEY_NUM) { - SEC_LOG_ERROR("Invalid key: %d", key); - return NULL; - } - - switch (kc) { - case TESTKC_RAW: - return new ProvKey(std::vector (g_keyData[key].buffer, - g_keyData[key].buffer + g_keyData[key].buffer_len), g_keyData[key].kc); - break; - - case TESTKC_SOC: - return TestCreds::getSocKey(key, id); - break; - - case TESTKC_GENERATED: - case TESTKC_STORE: - default: - break; - } - - SEC_LOG_ERROR("Unimplemented"); - return NULL; -} - -Sec_KeyType TestCreds::getKeyType(TestKey key) { - if (key >= TESTKEY_NUM) { - SEC_LOG_ERROR("Invalid key: %d", key); - return SEC_KEYTYPE_NUM; - } - - return g_keyData[key].type; -} - -ProvCert *TestCreds::getCert(TestCert cert) { - if (cert >= TESTCERT_NUM) { - SEC_LOG_ERROR("Invalid cert: %d", cert); - return NULL; - } - - return new ProvCert(std::vector (g_certData[cert].buffer, - g_certData[cert].buffer + g_certData[cert].buffer_len), g_certData[cert].cc); -} - -std::vector TestCreds::asOpenSslAes(TestKey key) { - return std::vector (g_keyData[key].buffer, g_keyData[key].buffer + g_keyData[key].buffer_len); -} - -static RSA *_RSAFromDERPub(SEC_BYTE *der, SEC_SIZE der_len) -{ - const unsigned char *p = (const unsigned char *) der; - RSA *rsa = NULL; - - rsa = d2i_RSAPublicKey(&rsa, &p, der_len); - - if (!rsa) - { - p = (const unsigned char *) der; - rsa = d2i_RSA_PUBKEY(&rsa, &p, der_len); - } - - if (!rsa) - { - SEC_LOG_ERROR("Invalid RSA key container"); - goto done; - } - -done: - return rsa; -} - -static RSA *_RSAFromDERPriv(SEC_BYTE *der, SEC_SIZE der_len) -{ - const unsigned char *p = (const unsigned char *) der; - PKCS8_PRIV_KEY_INFO *p8 = NULL; - EVP_PKEY *evp_key = NULL; - RSA *rsa = NULL; - - p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, der_len); - if (p8 != NULL) - { - evp_key = EVP_PKCS82PKEY(p8); - if (evp_key == NULL) - { - SEC_LOG_ERROR("EVP_PKCS82PKEY failed"); - goto done; - } - } - else - { - evp_key = d2i_AutoPrivateKey(NULL, &p, der_len); - if (evp_key == NULL) - { - SEC_LOG_ERROR("d2i_AutoPrivateKey failed"); - goto done; - } - } - - rsa = EVP_PKEY_get1_RSA(evp_key); - if (rsa == NULL) - { - SEC_LOG_ERROR("EVP_PKEY_get1_RSA failed"); - goto done; - } - -done: - SEC_EVPPKEY_FREE(evp_key); - - if (p8 != NULL) - { - PKCS8_PRIV_KEY_INFO_free(p8); - } - - return rsa; -} - -RSA* TestCreds::asOpenSslRsa(TestKey key) { - RSA *rsa = NULL; - if (g_keyData[key].kc == SEC_KEYCONTAINER_DER_RSA_1024_PUBLIC - || g_keyData[key].kc == SEC_KEYCONTAINER_DER_RSA_2048_PUBLIC) { - rsa = _RSAFromDERPub(g_keyData[key].buffer, g_keyData[key].buffer_len); - if (rsa == NULL) { - SEC_LOG_ERROR("SecUtils_RSAFromDERPub failed"); - } - } else { - rsa = _RSAFromDERPriv(g_keyData[key].buffer, g_keyData[key].buffer_len); - if (rsa == NULL) { - SEC_LOG_ERROR("SecUtils_RSAFromDERPriv failed"); - } - } - - return rsa; -} - -static EC_KEY *_ECCFromDERPub(SEC_BYTE *der, SEC_SIZE der_len) -{ - const unsigned char *p = (const unsigned char *) der; - EC_KEY *ec_key = NULL; - - ec_key = d2i_EC_PUBKEY(&ec_key, &p, der_len); - - if (ec_key == NULL) - { - SEC_LOG_ERROR("Invalid ECC key container"); - goto done; - } - -done: - return ec_key; -} - -static EC_KEY *_ECCFromDERPriv(SEC_BYTE *der, SEC_SIZE der_len) -{ - const unsigned char *p = (const unsigned char *) der; - PKCS8_PRIV_KEY_INFO *p8 = NULL; - EVP_PKEY *evp_key = NULL; - EC_KEY *ecc = NULL; - - p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, der_len); - if (p8 != NULL) - { - evp_key = EVP_PKCS82PKEY(p8); - if (evp_key == NULL) - { - SEC_LOG_ERROR("EVP_PKCS82PKEY failed"); - goto done; - } - } - else - { - evp_key = d2i_AutoPrivateKey(NULL, &p, der_len); - if (evp_key == NULL) - { - SEC_LOG_ERROR("d2i_AutoPrivateKey failed"); - goto done; - } - } - - ecc = EVP_PKEY_get1_EC_KEY(evp_key); - if (ecc == NULL) - { - SEC_LOG_ERROR("EVP_PKEY_get1_EC_KEY failed"); - goto done; - } - -done: - SEC_EVPPKEY_FREE(evp_key); - - if (p8 != NULL) - { - PKCS8_PRIV_KEY_INFO_free(p8); - } - - return ecc; -} - -EC_KEY *TestCreds::asOpenSslEcKey(TestKey key) { - EC_KEY *ec = NULL; - if (g_keyData[key].kc == SEC_KEYCONTAINER_DER_ECC_NISTP256_PUBLIC) { - ec = _ECCFromDERPub(g_keyData[key].buffer, g_keyData[key].buffer_len); - if (ec == NULL) { - SEC_LOG_ERROR("SecUtils_ECCFromDERPub failed"); - } - } else { - ec = _ECCFromDERPriv(g_keyData[key].buffer, g_keyData[key].buffer_len); - if (ec == NULL) { - SEC_LOG_ERROR("SecUtils_ECCFromDERPriv failed"); - } - } - - return ec; -} - -EVP_PKEY *TestCreds::asOpenSslEvpPkey(TestKey key) { - EVP_PKEY *evp_key = NULL; - - if (SecKey_IsEcc(g_keyData[key].type)) { - EC_KEY *ec = TestCreds::asOpenSslEcKey(key); - if (ec == NULL) { - SEC_LOG_ERROR("TestCreds::asOpenSslEcKey failed"); - return NULL; - } - - evp_key = EVP_PKEY_new(); - if (evp_key == NULL) { - SEC_LOG_ERROR("EVP_PKEY_new failed"); - return NULL; - } - - if (0 == EVP_PKEY_set1_EC_KEY(evp_key, ec)) - { - SEC_EVPPKEY_FREE(evp_key); - SEC_ECC_FREE(ec); - SEC_LOG_ERROR("EVP_PKEY_set1_EC failed"); - return NULL; - } - } else if (SecKey_IsRsa(g_keyData[key].type)) { - RSA *rsa = TestCreds::asOpenSslRsa(key); - if (rsa == NULL) { - SEC_LOG_ERROR("TestCreds::asOpenSslRsa failed"); - return NULL; - } - - evp_key = EVP_PKEY_new(); - if (evp_key == NULL) { - SEC_LOG_ERROR("EVP_PKEY_new failed"); - return NULL; - } - - if (0 == EVP_PKEY_set1_RSA(evp_key, rsa)) - { - SEC_EVPPKEY_FREE(evp_key); - SEC_RSA_FREE(rsa); - SEC_LOG_ERROR("EVP_PKEY_set1_RSA failed"); - return NULL; - } - } else { - SEC_LOG_ERROR("Not an asymetric key type"); - return NULL; - } - - return evp_key; -} - -static bool _Is_Valid_Point(EC_KEY* ec_key, const std::vector data) -{ - if (data.size() != SEC_ECC_NISTP256_KEY_LEN) { - SEC_LOG_ERROR("Input size needed != One BIGNUM"); - return false; - } - - // Convert the input buffer to be encrypted to a BIGNUM - std::shared_ptr inputAsBN(BN_new(), BN_free); - if (inputAsBN.get() == NULL) { - SEC_LOG_ERROR("BN_new failed"); - return false; - } - - if (BN_bin2bn(&data[0], data.size(), inputAsBN.get()) == NULL) { - SEC_LOG_ERROR("BN_bin2bn failed. Error: %s", ERR_error_string(ERR_get_error(), NULL)); - return false; - } - - const EC_GROUP *group = EC_KEY_get0_group(ec_key); - if (NULL == group) { - SEC_LOG_ERROR("EC_KEY_get0_group failed"); - return false; - } - - std::shared_ptr ctx(BN_CTX_new(), BN_CTX_free); - if (ctx.get() == NULL) { - SEC_LOG_ERROR("BN_CTX_new failed"); - return false; - } - - std::shared_ptr pt(EC_POINT_new(group), EC_POINT_free); - if (pt.get() == NULL) { - SEC_LOG_ERROR("EC_POINT_new failed"); - return false; - } - - if (!EC_POINT_set_compressed_coordinates_GFp(group, pt.get(), inputAsBN.get(), 0, ctx.get())) { - SEC_LOG_ERROR("EC_POINT_set_compressed_coordinates_GFp failed"); - return false; - } - - return true; -} - -static int _ElGamal_Encrypt_Rand(EC_KEY *ec_key, - SEC_BYTE* input, SEC_SIZE inputSize, - SEC_BYTE* output, SEC_SIZE outputSize, - BIGNUM *sender_rand) -{ - int res = -1; - BIGNUM *inputAsBN = NULL; - const EC_GROUP *group = NULL; - const EC_POINT *P = NULL; - const EC_POINT *PK_recipient = NULL; - EC_POINT *shared_secret = NULL; - EC_POINT *key_2_wrap_point = NULL; - EC_POINT *sender_share = NULL; - EC_POINT *wrapped_key = NULL; - BIGNUM *x = NULL; - BIGNUM *y = NULL; - BN_CTX *ctx = NULL; - - if (inputSize != SEC_ECC_NISTP256_KEY_LEN) - { - SEC_LOG_ERROR("Input size needed != One BIGNUM"); - goto done; - } - - if (outputSize < 4 * SEC_ECC_NISTP256_KEY_LEN) - { - SEC_LOG_ERROR("Output size needed < Four BIGNUMs"); - goto done; - } - - // Convert the input buffer to be encrypted to a BIGNUM - inputAsBN = BN_new(); - if (inputAsBN == NULL) - { - SEC_LOG_ERROR("BN_new failed"); - goto done; - } - if (BN_bin2bn(input, inputSize, inputAsBN) == NULL) - { - SEC_LOG_ERROR("BN_bin2bn failed. Error: %s", - ERR_error_string(ERR_get_error(), NULL)); - goto done; - } - - group = EC_KEY_get0_group(ec_key); - if (NULL == group) - { - SEC_LOG_ERROR("EC_KEY_get0_group failed"); - goto done; - } - - ctx = BN_CTX_new(); - if (ctx == NULL) - { - SEC_LOG_ERROR("BN_CTX_new failed"); - goto done; - } - - // Convert the X coordinate to an EC Point. This takes the desired Y value in 1 bit (to choose - // which of the two possible Y values to use). This *calculates* an actual Y value for the point. - key_2_wrap_point = EC_POINT_new(group); - if (key_2_wrap_point == NULL) - { - SEC_LOG_ERROR("EC_POINT_new failed"); - goto done; - } - - if (!EC_POINT_set_compressed_coordinates_GFp(group, key_2_wrap_point, inputAsBN, 0, ctx)) //$$$ 1=>0 on 7/8/15 - { - // Don't print an error message if the error is "point not on curve" 100A906E, but still fail - if (ERR_get_error() != 0x100A906E) // i.e. error:100A906E:lib(16):func(169):reason(110) - { - SEC_LOG_ERROR("Set EC_POINT_set_compressed_coordinates_GFp failed. Error: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - goto done; - } - - // Calc sender's shared point 'wP' => this gets sent back to receiver - sender_share = EC_POINT_new(group); - if (sender_share == NULL) - { - SEC_LOG_ERROR("EC_POINT_new failed"); - goto done; - } - - P = EC_GROUP_get0_generator(group); - if (P == NULL) - { - SEC_LOG_ERROR("EC_GROUP_get0_generator failed"); - goto done; - } - EC_POINT_mul(group, sender_share, NULL, P, sender_rand, ctx); - - // Calc sender's Shared Secret 'wRr' => this hides the key I want to send - shared_secret = EC_POINT_new(group); - if (shared_secret == NULL) - { - SEC_LOG_ERROR("EC_POINT_new failed"); - goto done; - } - - PK_recipient = EC_KEY_get0_public_key(ec_key); - if (PK_recipient == NULL) - { - SEC_LOG_ERROR("EC_KEY_get0_public_key failed"); - goto done; - } - EC_POINT_mul(group, shared_secret, NULL, PK_recipient, sender_rand, ctx); - - // key_2_wrap_point is a point on the curve, we add the shared_secret - // to it and send the result, the wrapped_key, to the receiver. - wrapped_key = EC_POINT_new(group); - if (wrapped_key == NULL) - { - SEC_LOG_ERROR("EC_POINT_new failed"); - goto done; - } - EC_POINT_add(group, wrapped_key, key_2_wrap_point, shared_secret, ctx); - - // Dissect the wrapped point to get its coordinates - x = BN_new(); - if (x == NULL) - { - SEC_LOG_ERROR("BN_new failed"); - goto done; - } - y = BN_new(); - if (y == NULL) - { - SEC_LOG_ERROR("BN_new failed"); - goto done; - } - - // Dissect shared_secret to get its coordinates and output them - EC_POINT_get_affine_coordinates_GFp(group, sender_share, x, y, ctx); - - if (SEC_RESULT_SUCCESS != _BigNumToBuffer(x, (unsigned char *) &output[0 * SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN)) { - SEC_LOG_ERROR("SecUtils_BigNumToBuffer failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != _BigNumToBuffer(y, (unsigned char *) &output[1 * SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN)) { - SEC_LOG_ERROR("SecUtils_BigNumToBuffer failed"); - goto done; - } - - // Dissect wrapped_key to get its coordinates and output them - EC_POINT_get_affine_coordinates_GFp(group, wrapped_key, x, y, ctx); - - if (SEC_RESULT_SUCCESS != _BigNumToBuffer(x, (unsigned char *) &output[2 * SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN)) { - SEC_LOG_ERROR("SecUtils_BigNumToBuffer failed"); - goto done; - } - - if (SEC_RESULT_SUCCESS != _BigNumToBuffer(y, (unsigned char *) &output[3 * SEC_ECC_NISTP256_KEY_LEN], SEC_ECC_NISTP256_KEY_LEN)) { - SEC_LOG_ERROR("SecUtils_BigNumToBuffer failed"); - goto done; - } - - res = 4 * SEC_ECC_NISTP256_KEY_LEN; - -done: - if (NULL != x) - BN_free(x); - if (NULL != y) - BN_free(y); - if (NULL != inputAsBN) - BN_free(inputAsBN); - if (NULL != sender_rand) - BN_free(sender_rand); - if (NULL != shared_secret) - EC_POINT_free(shared_secret); - if (NULL != sender_share) - EC_POINT_free(sender_share); - if (NULL != key_2_wrap_point) - EC_POINT_free(key_2_wrap_point); - if (NULL != wrapped_key) - EC_POINT_free(wrapped_key); - BN_CTX_free(ctx); - - return res; -} - -static int _ElGamal_Encrypt(EC_KEY *ec_key, - SEC_BYTE* input, SEC_SIZE inputSize, - SEC_BYTE* output, SEC_SIZE outputSize) -{ - // Generate random number 'w' (multiplier) for the sender - BIGNUM *sender_rand = BN_new(); - - if (sender_rand == NULL) - { - SEC_LOG_ERROR("BN_new failed"); - return -1; - } - if (0 == BN_rand(sender_rand, 256, -1, 0)) - { - SEC_LOG_ERROR("BN_rand failed"); - if (NULL != sender_rand) - BN_free(sender_rand); - return -1; - } - - return _ElGamal_Encrypt_Rand(ec_key, - input, inputSize, - output, outputSize, - sender_rand); -} - -static std::vector opensslRsaCrypt(RSA *rsa, Sec_CipherAlgorithm algorithm, Sec_CipherMode mode, const std::vector& input) { - int padding; - if (algorithm == SEC_CIPHERALGORITHM_RSA_PKCS1_PADDING) { - padding = RSA_PKCS1_PADDING; - } else { - padding = RSA_PKCS1_OAEP_PADDING; - } - - int openssl_res; - std::vector output; - output.resize(RSA_size(rsa)); - - if (mode == SEC_CIPHERMODE_ENCRYPT || mode == SEC_CIPHERMODE_ENCRYPT_NATIVEMEM) { - openssl_res = RSA_public_encrypt(input.size(), &input[0], &output[0], rsa, padding); - } else { - openssl_res = RSA_private_decrypt(input.size(), &input[0], &output[0], rsa, padding); - } - - if (openssl_res < 0) - { - SEC_LOG_ERROR("%s", ERR_error_string(ERR_get_error(), NULL)); - return std::vector(); - } - - output.resize(openssl_res); - - return output; -} - -static Sec_Result _RSAToDERPrivKeyInfo(RSA *rsa, SEC_BYTE *output, SEC_SIZE out_len, SEC_SIZE *written) -{ - BIO *bio = NULL; - EVP_PKEY *evp_key = NULL; - BUF_MEM *bptr = NULL; - Sec_Result res = SEC_RESULT_FAILURE; - - evp_key = EVP_PKEY_new(); - if (0 == EVP_PKEY_set1_RSA(evp_key, rsa)) - { - SEC_LOG_ERROR("EVP_PKEY_set1_RSA failed"); - goto done; - } - - bio = BIO_new(BIO_s_mem()); - if (bio == NULL) - { - SEC_LOG_ERROR("BIO_new(BIO_s_mem()) failed"); - goto done; - } - - if (!i2d_PKCS8PrivateKeyInfo_bio(bio, evp_key)) - { - SEC_LOG_ERROR("i2d_PKCS8_PRIV_KEY_INFO_bio failed"); - goto done; - } - - BIO_flush(bio); - BIO_get_mem_ptr(bio, &bptr); - - *written = bptr->length; - - if (output != NULL) - { - if (out_len < bptr->length) - { - SEC_LOG_ERROR("output buffer is not large enough"); - goto done; - } - memcpy(output, bptr->data, bptr->length); - } - - res = SEC_RESULT_SUCCESS; - -done: - SEC_EVPPKEY_FREE(evp_key); - SEC_BIO_FREE(bio); - - return res; -} - -static std::vector toPkcs8(RSA* rsa) { - std::vector pkcs8; - pkcs8.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE pkcs8_len; - - if (SEC_RESULT_SUCCESS != _RSAToDERPrivKeyInfo(rsa, &pkcs8[0], pkcs8.size(), &pkcs8_len)) { - SEC_LOG_ERROR("SecUtils_RSAToDERPriv failed"); - return std::vector(); - } - - pkcs8.resize(pkcs8_len); - - return pkcs8; -} - -template std::vector concat(std::vector &a, std::vector &b) { - std::vector ret = std::vector(); - std::copy(a.begin(), a.end(), std::back_inserter(ret)); - std::copy(b.begin(), b.end(), std::back_inserter(ret)); - return ret; -} - -ProvKey* TestCreds::wrapAesWithEc(const SEC_BYTE* clear, Sec_KeyType type, EC_KEY *ec_key, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm asymAlg) { - std::vector payload; - payload.resize(32); - - if (type == SEC_KEYTYPE_AES_128) { - memcpy(&payload[0], clear, 16); - memcpy(&payload[16], clear, 16); - } else { - memcpy(&payload[0], clear, 32); - } - - std::vector encrypted; - encrypted.resize(SEC_ECC_NISTP256_KEY_LEN*4); - - int encrypted_len = _ElGamal_Encrypt(ec_key, - &payload[0], payload.size(), - &encrypted[0], encrypted.size()); - - if (encrypted_len <= 0) { - SEC_LOG_ERROR("_ElGamal_Encrypt failed"); - return NULL; - } - - encrypted.resize(encrypted_len); - - std::vector res; - res.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE res_len; - if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1Off(&encrypted[0], encrypted.size(), - type, wrappingId, NULL, asymAlg, - &res[0], res.size(), &res_len, 32 - SecKey_GetKeyLenForKeyType(type))) { - SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); - return NULL; - } - res.resize(res_len); - - return new ProvKey(res, SEC_KEYCONTAINER_ASN1); -} - -ProvKey* TestCreds::wrapAesWithRsa(const SEC_BYTE* data, Sec_KeyType type, RSA *rsa_key, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm asymAlg) { - std::vector clear(data, data+SecKey_GetKeyLenForKeyType(type)); - std::vector wrapped = opensslRsaCrypt(rsa_key, asymAlg, SEC_CIPHERMODE_ENCRYPT, clear); - - if (wrapped.size() == 0) { - SEC_LOG_ERROR("opensslRsaCrypt failed"); - return NULL; - } - - std::vector res; - res.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE res_len; - - if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1(&wrapped[0], wrapped.size(), type, wrappingId, NULL, asymAlg, &res[0], res.size(), &res_len)) { - SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); - return NULL; - } - - return new ProvKey(res, SEC_KEYCONTAINER_ASN1); -} - -ProvKey* TestCreds::wrapAesWithAes(const SEC_BYTE* clear, Sec_KeyType type, const SEC_BYTE* wrapping, Sec_KeyType wrappingType, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm symAlg) { - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - - TestCtx ctx; - ctx.init(); - - if (NULL == ctx.provisionKey(wrappingId, SEC_STORAGELOC_RAM, wrapping, SecKey_GetKeyLenForKeyType(wrappingType), - wrappingType == SEC_KEYTYPE_AES_128 ? SEC_KEYCONTAINER_RAW_AES_128 : SEC_KEYCONTAINER_RAW_AES_256)) { - SEC_LOG_ERROR("TestCtx::provisionKey failed"); - return NULL; - } - - std::vector wrapped; - wrapped.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE wrapped_len; - if (SEC_RESULT_SUCCESS != SecUtils_WrapSymetric(ctx.proc(), wrappingId, - symAlg, &iv[0], - (SEC_BYTE*) clear, SecKey_GetKeyLenForKeyType(type), - &wrapped[0], wrapped.size(), &wrapped_len)) { - SEC_LOG_ERROR("SecUtils_WrapSymetric failed"); - return NULL; - } - wrapped.resize(wrapped_len); - - std::vector asn1; - asn1.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE asn1_len; - - if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1(&wrapped[0], wrapped.size(), type, - wrappingId, &iv[0], symAlg, - &asn1[0], asn1.size(), &asn1_len)) { - SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); - return NULL; - } - asn1.resize(asn1_len); - - return new ProvKey(asn1, SEC_KEYCONTAINER_ASN1); -} - -ProvKey* TestCreds::wrapRsaWithAes(RSA* rsa, const SEC_BYTE* wrapping, Sec_KeyType wrappingType, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm symAlg) { - std::vector iv = TestCtx::random(SEC_AES_BLOCK_SIZE); - - TestCtx ctx; - ctx.init(); - - if (NULL == ctx.provisionKey(wrappingId, SEC_STORAGELOC_RAM, wrapping, SecKey_GetKeyLenForKeyType(wrappingType), - wrappingType == SEC_KEYTYPE_AES_128 ? SEC_KEYCONTAINER_RAW_AES_128 : SEC_KEYCONTAINER_RAW_AES_256)) { - SEC_LOG_ERROR("TestCtx::provisionKey failed"); - return NULL; - } - - std::vector pkcs8 = toPkcs8(rsa); - if (pkcs8.size() == 0) { - SEC_LOG_ERROR("toPkcs8 failed"); - return NULL; - } - Sec_KeyType type = (RSA_size(rsa) == 128) ? SEC_KEYTYPE_RSA_1024 : SEC_KEYTYPE_RSA_2048; - - std::vector wrapped; - wrapped.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE wrapped_len; - if (SEC_RESULT_SUCCESS != SecUtils_WrapSymetric(ctx.proc(), wrappingId, - symAlg, &iv[0], - &pkcs8[0], pkcs8.size(), - &wrapped[0], wrapped.size(), &wrapped_len)) { - SEC_LOG_ERROR("SecUtils_WrapSymetric failed"); - return NULL; - } - wrapped.resize(wrapped_len); - - std::vector asn1; - asn1.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE asn1_len; - - if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1(&wrapped[0], wrapped.size(), type, - wrappingId, &iv[0], symAlg, - &asn1[0], asn1.size(), &asn1_len)) { - SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1 failed"); - return NULL; - } - asn1.resize(asn1_len); - - return new ProvKey(asn1, SEC_KEYCONTAINER_ASN1); -} - -std::vector TestCreds::getWrappedContentKeyChainEcAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_CipherAlgorithm asymAlg) { - std::vector res; - - //generate key0 - std::shared_ptr provKey(TestCreds::getKey(TESTKEY_EC_PRIV, kc, base_id)); - res.push_back(*provKey); - - //generate key1 - std::shared_ptr ec_key(TestCreds::asOpenSslEcKey(TESTKEY_EC_PRIV), EC_KEY_free); - std::shared_ptr wrappedKey1(wrapAesWithEc(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), ec_key.get(), base_id, asymAlg)); - res.push_back(*wrappedKey1); - - return res; -} - -std::vector TestCreds::getWrappedContentKeyChainEcAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_KeyType aesType, Sec_CipherAlgorithm asymAlg, Sec_CipherAlgorithm symAlg) { - std::vector res; - - //generate key0 - std::shared_ptr provKey(TestCreds::getKey(TESTKEY_EC_PRIV, kc, base_id)); - - res.push_back(*provKey); - - //generate key1 - std::shared_ptr ec_key(TestCreds::asOpenSslEcKey(TESTKEY_EC_PRIV), EC_KEY_free); - std::vector key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); - while (!_Is_Valid_Point(ec_key.get(), (SecKey_GetKeyLenForKeyType(aesType) == 16) ? concat(key1, key1) : key1)) { - SEC_PRINT("Not a valid point. Regenerating.\n"); - key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); - } - - std::shared_ptr wrappedKey1(wrapAesWithEc(&key1[0], aesType, ec_key.get(), base_id, asymAlg)); - res.push_back(*wrappedKey1); - - //generate key2 - std::shared_ptr wrappedKey2(wrapAesWithAes(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), &key1[0], aesType, base_id+1, symAlg)); - res.push_back(*wrappedKey2); - - return res; -} - -std::vector TestCreds::getWrappedContentKeyChainRsaAesRsaAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, Sec_CipherAlgorithm ckSymAlg) { - std::vector res; - - //generate key0 - TestKey rsaPrivKey = (rsaType == SEC_KEYTYPE_RSA_1024) ? TESTKEY_RSA1024_KEK_PRIV : TESTKEY_RSA2048_KEK_PRIV; - std::shared_ptr provKey(TestCreds::getKey(rsaPrivKey, kc, base_id)); - res.push_back(*provKey); - - //generate key1 - std::vector key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); - std::shared_ptr rsa_key(TestCreds::asOpenSslRsa(rsaPrivKey), RSA_free); - std::shared_ptr wrappedKey1(wrapAesWithRsa(&key1[0], aesType, rsa_key.get(), base_id, asymAlg)); - res.push_back(*wrappedKey1); - - //generate key2 - std::shared_ptr wrappedKey2(wrapRsaWithAes(rsa_key.get(), &key1[0], aesType, base_id+1, symAlg)); - res.push_back(*wrappedKey2); - - //generate key3 - std::vector key3 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); - std::shared_ptr wrappedKey3(wrapAesWithRsa(&key3[0], aesType, rsa_key.get(), base_id+2, asymAlg)); - res.push_back(*wrappedKey3); - - //generate key4 - std::shared_ptr wrappedKey4(wrapAesWithAes(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), &key3[0], aesType, base_id+3, ckSymAlg)); - res.push_back(*wrappedKey4); - - return res; -} - -std::vector TestCreds::getWrappedContentKeyChainRsaAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg) { - std::vector res; - - //generate key0 - TestKey rsaKey = (rsaType == SEC_KEYTYPE_RSA_1024) ? TESTKEY_RSA1024_KEK_PRIV : TESTKEY_RSA2048_KEK_PRIV; - std::shared_ptr provKey(TestCreds::getKey(rsaKey, kc, base_id)); - res.push_back(*provKey); - - //generate key1 - std::shared_ptr rsa(TestCreds::asOpenSslRsa(rsaKey), RSA_free); - std::shared_ptr wrappedKey1(wrapAesWithRsa(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), rsa.get(), base_id, asymAlg)); - res.push_back(*wrappedKey1); - - return res; -} - -std::vector TestCreds::getWrappedContentKeyChainRsaAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg) { - std::vector res; - - //generate key0 - TestKey rsaPrivKey = (rsaType == SEC_KEYTYPE_RSA_1024) ? TESTKEY_RSA1024_KEK_PRIV : TESTKEY_RSA2048_KEK_PRIV; - std::shared_ptr provKey(TestCreds::getKey(rsaPrivKey, kc, base_id)); - res.push_back(*provKey); - - //generate key1 - std::vector key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); - - std::shared_ptr rsa_key(TestCreds::asOpenSslRsa(rsaPrivKey), RSA_free); - std::shared_ptr wrappedKey1(wrapAesWithRsa(&key1[0], aesType, rsa_key.get(), base_id, asymAlg)); - res.push_back(*wrappedKey1); - - //generate key2 - std::shared_ptr wrappedKey2(wrapAesWithAes(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), &key1[0], aesType, base_id+1, symAlg)); - res.push_back(*wrappedKey2); - - return res; -} diff --git a/test/main/cpp/test_ctx.cpp b/test/main/cpp/test_ctx.cpp deleted file mode 100644 index a562b88..0000000 --- a/test/main/cpp/test_ctx.cpp +++ /dev/null @@ -1,507 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "test_ctx.h" - -#include -#include -#include - -std::string g_log_output; - -static void _variable_logger(const char *fmt, ...) -{ - static pthread_mutex_t _log_mutex = PTHREAD_MUTEX_INITIALIZER; - - pthread_mutex_lock(&_log_mutex); - - va_list args; - va_start(args, fmt); - - char tmp[65536]; - memset(tmp, 0, sizeof(tmp)); - vsnprintf(tmp, sizeof(tmp)-1, fmt, args); - - va_end(args); - - g_log_output += std::string(tmp); - - pthread_mutex_unlock(&_log_mutex); -} - -void Logger::init() { - g_log_output.clear(); - Sec_SetLogger(_variable_logger); -} - -void Logger::shutdown() { - Sec_SetLogger(Sec_DefaultLoggerCb); -} - -const char *Logger::output() { - return g_log_output.c_str(); -} - -std::vector SuiteCtx::getFailed() const { - std::vector res; - - for (unsigned int i=0; i SuiteCtx::getSucceeded() const { - std::vector res; - - for (unsigned int i=0; i SuiteCtx::getSkipped() const { - std::vector res; - - for (unsigned int i=0; i SuiteCtx::getAttempted() const { - std::vector res; - - for (unsigned int i=0; i SuiteCtx::getAll() const { - std::vector res; - - for (unsigned int i=0; i prov(TestCreds::getKey(key, TESTKC_SOC, id)); - if (!prov.get()) { - SEC_LOG_ERROR("TestCreds::getKey failed"); - return NULL; - } - - Sec_KeyHandle* handle = provisionKey(id, loc, &prov->key[0], prov->key.size(), prov->kc, softWrap); - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key; - exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE exported_len; - - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(handle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("SecKey_ExportKey failed"); - return NULL; - } - exported_key.resize(exported_len); - - return provisionKey(id, loc, &exported_key[0], exported_key.size(), SEC_KEYCONTAINER_EXPORTED, SEC_FALSE); - } - - std::shared_ptr prov(TestCreds::getKey(key, kc, id)); - if (!prov.get()) { - SEC_LOG_ERROR("TestCreds::getKey failed"); - return NULL; - } - - return provisionKey(id, loc, &prov->key[0], prov->key.size(), prov->kc, softWrap); -} - -Sec_KeyHandle * TestCtx::getKey(SEC_OBJECTID id) { - Sec_KeyHandle *handle = NULL; - - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(proc_, id, &handle)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - return NULL; - } - - keys_.push_back(handle); - - return handle; -} - -void TestCtx::releaseKey(Sec_KeyHandle *key) { - keys_.remove(key); - SecKey_Release(key); -} - -void TestCtx::deleteKey(SEC_OBJECTID id) { - provisionedKeys_.remove(id); - SecKey_Delete(proc_, id); -} - -void TestCtx::releaseCert(Sec_CertificateHandle *cert) { - certs_.remove(cert); - SecCertificate_Release(cert); -} - -Sec_CertificateHandle* TestCtx::provisionCert(SEC_OBJECTID id, Sec_StorageLoc loc, TestCert cert) { - std::shared_ptr prov(TestCreds::getCert(cert)); - if (!prov.get()) { - SEC_LOG_ERROR("TestCreds::getCert failed"); - return NULL; - } - - if (SEC_RESULT_SUCCESS != SecCertificate_Provision( - proc_, id, loc, prov->cc, &prov->cert[0], prov->cert.size())) { - SEC_LOG_ERROR("SecCertificate_Provision failed"); - return NULL; - } - - provisionedCerts_.push_back(id); - - return getCert(id); -} - -Sec_CertificateHandle* TestCtx::getCert(SEC_OBJECTID id) { - Sec_CertificateHandle *handle = NULL; - - if (SEC_RESULT_SUCCESS != SecCertificate_GetInstance(proc_, id, &handle)) { - SEC_LOG_ERROR("SecCertificate_GetInstance failed"); - return NULL; - } - - certs_.push_back(handle); - - return handle; -} - -void TestCtx::deleteCert(SEC_OBJECTID id) { - provisionedCerts_.remove(id); - SecCertificate_Delete(proc_, id); -} - -Sec_BundleHandle * TestCtx::provisionBundle(SEC_OBJECTID id, Sec_StorageLoc location, const std::vector& bundle) { - if (SEC_RESULT_SUCCESS != SecBundle_Provision( - proc_, id, location, (SEC_BYTE *) &bundle[0], bundle.size())) { - SEC_LOG_ERROR("SecBundle_Provision failed"); - return NULL; - } - - provisionedBundles_.push_back(id); - - return getBundle(id); -} - -Sec_BundleHandle* TestCtx::getBundle(SEC_OBJECTID id) { - Sec_BundleHandle *handle = NULL; - - if (SEC_RESULT_SUCCESS != SecBundle_GetInstance(proc_, id, &handle)) { - SEC_LOG_ERROR("SecBundle_GetInstance failed"); - return NULL; - } - - bundles_.push_back(handle); - - return handle; -} - -void TestCtx::releaseBundle(Sec_BundleHandle *bundle) { - bundles_.remove(bundle); - SecBundle_Release(bundle); -} - -void TestCtx::deleteBundle(SEC_OBJECTID id) { - provisionedBundles_.remove(id); - SecBundle_Delete(proc_, id); -} - -Sec_CipherHandle *TestCtx::acquireCipher(Sec_CipherAlgorithm algorithm, Sec_CipherMode mode, Sec_KeyHandle* key, SEC_BYTE* iv) { - Sec_CipherHandle *handle = NULL; - - if (SEC_RESULT_SUCCESS != SecCipher_GetInstance(proc_, - algorithm, mode, key, - iv, &handle)) { - SEC_LOG_ERROR("SecCipher_GetInstance failed"); - return NULL; - } - - ciphers_.push_back(handle); - - return handle; -} - -void TestCtx::releaseCipher(Sec_CipherHandle *cipher) { - ciphers_.remove(cipher); - SecCipher_Release(cipher); -} - -Sec_RandomHandle *TestCtx::acquireRandom(Sec_RandomAlgorithm algorithm) { - Sec_RandomHandle *handle = NULL; - - if (SEC_RESULT_SUCCESS != SecRandom_GetInstance(proc_, - algorithm, &handle)) { - SEC_LOG_ERROR("SecRandom_GetInstance failed"); - return NULL; - } - - randoms_.push_back(handle); - - return handle; -} - -void TestCtx::releaseRandom(Sec_RandomHandle* randomHandle) { - randoms_.remove(randomHandle); - SecRandom_Release(randomHandle); -} - -Sec_SignatureHandle *TestCtx::acquireSignature(Sec_SignatureAlgorithm algorithm, Sec_SignatureMode mode, Sec_KeyHandle* key) { - Sec_SignatureHandle *handle = NULL; - - if (SEC_RESULT_SUCCESS != SecSignature_GetInstance(proc_, - algorithm, mode, key, &handle)) { - SEC_LOG_ERROR("SecSignature_GetInstance failed"); - return NULL; - } - - sigs_.push_back(handle); - - return handle; -} - -void TestCtx::releaseSignature(Sec_SignatureHandle *sig) { - sigs_.remove(sig); - SecSignature_Release(sig); -} - -Sec_MacHandle *TestCtx::acquireMac(Sec_MacAlgorithm algorithm, Sec_KeyHandle *key) { - Sec_MacHandle *handle = NULL; - - if (SEC_RESULT_SUCCESS != SecMac_GetInstance(proc_, algorithm, key, &handle)) { - SEC_LOG_ERROR("SecMac_GetInstance failed"); - return NULL; - } - - macs_.push_back(handle); - - return handle; -} - -Sec_Result TestCtx::releaseMac(Sec_MacHandle* macHandle, SEC_BYTE* macBuffer, SEC_SIZE* macSize) { - macs_.remove(macHandle); - return SecMac_Release(macHandle, macBuffer, macSize); -} - -void TestCtx::releaseMac(Sec_MacHandle* macHandle) { - SEC_BYTE macBuffer[SEC_DIGEST_MAX_LEN]; - SEC_SIZE macSize; - - releaseMac(macHandle, macBuffer, &macSize); -} - -Sec_DigestHandle *TestCtx::acquireDigest(Sec_DigestAlgorithm algorithm) { - Sec_DigestHandle *handle = NULL; - - if (SEC_RESULT_SUCCESS != SecDigest_GetInstance(proc_, algorithm, &handle)) { - SEC_LOG_ERROR("SecDigest_GetInstance failed"); - return NULL; - } - - digests_.push_back(handle); - - return handle; -} - -Sec_Result TestCtx::releaseDigest(Sec_DigestHandle* digestHandle, SEC_BYTE* digestOutput, SEC_SIZE* digestSize) { - digests_.remove(digestHandle); - return SecDigest_Release(digestHandle, digestOutput, digestSize); -} - -void TestCtx::releaseDigest(Sec_DigestHandle* digestHandle) { - SEC_BYTE digestOutput[SEC_DIGEST_MAX_LEN]; - SEC_SIZE digestSize; - - releaseDigest(digestHandle, digestOutput, &digestSize); -} - -void TestCtx::printHex(const char *label, const std::vector& data) { - SEC_PRINT("%s[%d]: ", label, data.size()); - Sec_PrintHex((void *) &data[0], data.size()); - SEC_PRINT("\n"); -} - -std::vector TestCtx::random(SEC_SIZE len) { - std::vector output; - - output.resize(len); - - RAND_bytes(&output[0], output.size()); - - return output; -} - -std::vector TestCtx::coalesceInputs(const std::vector >& inputs) { - std::vector input; - - for (unsigned int i=0; i& inputSizes) { - SEC_SIZE out = 0; - - for (unsigned int i=0; i - -static ProvKey convertV2ToV3(const std::vector& v2) { - ProvKey lastKey; - - for (unsigned int i=0; i v3Key; - v3Key.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE v3KeyLen; - - if (i == 0) { - lastKey = key; - } else { - if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1V3( - payload, payloadLen, wrappedKeyType, - &lastKey.key[0], lastKey.key.size(), - wrappingIv, wrappingAlg, - &v3Key[0], v3Key.size(), &v3KeyLen, key_offset)) { - - SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1V3 failed"); - return ProvKey(); - } - - v3Key.resize(v3KeyLen); - - lastKey = ProvKey(v3Key, SEC_KEYCONTAINER_ASN1); - } - } else { - lastKey = key; - } - } - - return lastKey; -} - -Sec_Result testWrappedCipherSingleRsaAesRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, Sec_CipherAlgorithm ckSymAlg, WrappedKeyFormatVersion wkfv) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - - std::vector keys = TestCreds::getWrappedContentKeyChainRsaAesRsaAesAes(key, kc, id, rsaType, asymAlg, aesType, symAlg, ckSymAlg); - if (keys.size() == 0) { - SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); - return SEC_RESULT_FAILURE; - } - - switch (wkfv) { - case WKFV_V2: { - for (unsigned int i=0; i clear = TestCreds::asOpenSslAes(key); - - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id-1, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), id-1, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, id-1, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testWrappedCipherSingleRsaAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - - std::vector keys = TestCreds::getWrappedContentKeyChainRsaAes(key, kc, id, rsaType, asymAlg); - if (keys.size() == 0) { - SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); - return SEC_RESULT_FAILURE; - } - - switch (wkfv) { - case WKFV_V2: { - for (unsigned int i=0; i clear = TestCreds::asOpenSslAes(key); - - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id-1, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), id-1, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, id-1, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testWrappedCipherSingleEcAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - - std::vector keys = TestCreds::getWrappedContentKeyChainEcAes(key, kc, id, asymAlg); - if (keys.size() == 0) { - SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); - return SEC_RESULT_FAILURE; - } - - switch (wkfv) { - case WKFV_V2: { - for (unsigned int i=0; i clear = TestCreds::asOpenSslAes(key); - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), id - 1, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, id - 1, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - //check enc/dec - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id-1, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testWrappedCipherSingleEcAesAes(TestKey key, TestKc kc, Sec_KeyType aesType, Sec_CipherAlgorithm asymAlg, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - - std::vector keys = TestCreds::getWrappedContentKeyChainEcAesAes(key, kc, id, aesType, asymAlg, symAlg); - if (keys.size() == 0) { - SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); - return SEC_RESULT_FAILURE; - } - - switch (wkfv) { - case WKFV_V2: { - for (unsigned int i=0; i clear = TestCreds::asOpenSslAes(key); - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), id - 1, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, id - 1, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - //check enc/dec - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id-1, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testExportWrappedRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - - std::vector keys = TestCreds::getWrappedContentKeyChainRsaAesAes(key, kc, id, rsaType, asymAlg, aesType, symAlg); - if (keys.size() == 0) { - SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); - return SEC_RESULT_FAILURE; - } - - switch (wkfv) { - case WKFV_V2: { - for (unsigned int i=0; i derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key; - exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE exported_len; - - Sec_KeyHandle *keyHandle; - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idContentKey, &keyHandle)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("SecKey_ExportKey failed"); - SecKey_Release(keyHandle); - return SEC_RESULT_FAILURE; - } - exported_key.resize(exported_len); - SecKey_Release(keyHandle); - - //provision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idContentKey, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyType keyType = TestCreds::getKeyType(key); - std::vector clear = TestCreds::asOpenSslAes(key); - - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idContentKey, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idContentKey, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idContentKey, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testWrappedCipherSingleRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - - std::vector keys = TestCreds::getWrappedContentKeyChainRsaAesAes(key, kc, id, rsaType, asymAlg, aesType, symAlg); - if (keys.size() == 0) { - SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); - return SEC_RESULT_FAILURE; - } - - switch (wkfv) { - case WKFV_V2: { - for (unsigned int i=0; i clear = TestCreds::asOpenSslAes(key); - - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, id-1, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), id-1, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, id-1, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - return SEC_RESULT_SUCCESS; -} - -static std::vector asn1(Sec_ProcessorHandle *proc, const std::vector& clear, Sec_KeyType type, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm algorithm) { - std::vector wrapped; - wrapped.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE wrapped_len; - - std::vector iv = TestCtx::random(16); - - if (SEC_RESULT_SUCCESS != SecCipher_SingleInputId(proc, algorithm, SEC_CIPHERMODE_ENCRYPT, wrappingId, &iv[0], (SEC_BYTE *) &clear[0], clear.size(), &wrapped[0], wrapped.size(), &wrapped_len)) { - SEC_LOG_ERROR("SecCipher_SingleInputId failed"); - return std::vector(); - } - wrapped.resize(wrapped_len); - - std::vector res; - SEC_SIZE written; - res.resize(SEC_KEYCONTAINER_MAX_LEN); - - if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1Off( - (SEC_BYTE *) &wrapped[0], - wrapped.size(), - type, - wrappingId, - (SEC_BYTE *) &iv[0], - algorithm, - &res[0], - res.size(), - &written, - 0)) { - SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1Off failed"); - return std::vector(); - } - - res.resize(written); - - return res; -} - -Sec_Result testWrappedKDFCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, SEC_OBJECTID idWrapped, Sec_KeyType keyType, SEC_BYTE counter, uint32_t L) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == ctx.provisionKey(idBase, SEC_STORAGELOC_RAM, TESTKEY_AES128, TESTKC_SOC)) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - //base key - TestCtx::printHex("baseKey", TestCreds::asOpenSslAes(TESTKEY_AES128)); - - //label - std::vector otherData = TestCtx::random(10); - //separator - otherData.push_back(0); - //ctx - std::vector ctx2 = TestCtx::random(32); - otherData.insert(otherData.end(), ctx2.begin(), ctx2.end()); - - otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); - Sec_Uint32ToBEBytes(L, &otherData[otherData.size() - 4]); - - TestCtx::printHex("otherData", otherData); - - if (SEC_RESULT_SUCCESS != SecKey_Derive_CMAC_AES128(ctx.proc(), - idDerived, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, - idBase, - &otherData[0], otherData.size(), - &counter, 1)) { - SEC_LOG_ERROR("SecKey_Derive_CMAC_AES128 failed"); - return SEC_RESULT_FAILURE; - } - - //create wrapped key protected by CMAC_AES128 derived key - std::vector clear = TestCtx::random(SecKey_GetKeyLenForKeyType(keyType)); - TestCtx::printHex("key", clear); - - std::vector wrapped = asn1(ctx.proc(), clear, keyType, idDerived, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING); - if (wrapped.size() == 0) { - SEC_LOG_ERROR("asn1 failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idWrapped, SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_ASN1, &wrapped[0], wrapped.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idWrapped, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idWrapped, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - - SecKey_Delete(ctx.proc(), idDerived); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testExportedKDFCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, SEC_OBJECTID idWrapped, Sec_KeyType keyType, SEC_BYTE counter, uint32_t L) { - TestCtx ctx; - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - if (NULL == ctx.provisionKey(idBase, SEC_STORAGELOC_RAM, TESTKEY_AES128, TESTKC_SOC)) { - SEC_LOG_ERROR("TestCtx.provision failed"); - return SEC_RESULT_FAILURE; - } - - //export content key - std::vector derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key; - exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE exported_len; - - Sec_KeyHandle *keyHandle; - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idBase, &keyHandle)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("SecKey_ExportKey failed"); - SecKey_Release(keyHandle); - return SEC_RESULT_FAILURE; - } - exported_key.resize(exported_len); - SecKey_Release(keyHandle); - - //provision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idBase, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - //base key - TestCtx::printHex("baseKey", TestCreds::asOpenSslAes(TESTKEY_AES128)); - - //label - std::vector otherData = TestCtx::random(10); - //separator - otherData.push_back(0); - //ctx - std::vector ctx2 = TestCtx::random(32); - otherData.insert(otherData.end(), ctx2.begin(), ctx2.end()); - - otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); otherData.push_back(0); - Sec_Uint32ToBEBytes(L, &otherData[otherData.size() - 4]); - - TestCtx::printHex("otherData", otherData); - - if (SEC_RESULT_SUCCESS != SecKey_Derive_CMAC_AES128(ctx.proc(), - idDerived, SEC_KEYTYPE_AES_128, SEC_STORAGELOC_RAM, - idBase, - &otherData[0], otherData.size(), - &counter, 1)) { - SEC_LOG_ERROR("SecKey_Derive_CMAC_AES128 failed"); - return SEC_RESULT_FAILURE; - } - - //create wrapped key protected by CMAC_AES128 derived key - std::vector clear = TestCtx::random(SecKey_GetKeyLenForKeyType(keyType)); - TestCtx::printHex("key", clear); - - std::vector wrapped = asn1(ctx.proc(), clear, keyType, idDerived, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING); - if (wrapped.size() == 0) { - SEC_LOG_ERROR("asn1 failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idWrapped, SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_ASN1, &wrapped[0], wrapped.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idWrapped, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idWrapped, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - - SecKey_Delete(ctx.proc(), idDerived); - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testExportWrappedEccAesAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - - std::vector keys = TestCreds::getWrappedContentKeyChainEcAesAes(key, kc, id, aesType, asymAlg, symAlg); - if (keys.size() == 0) { - SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); - return SEC_RESULT_FAILURE; - } - - switch (wkfv) { - case WKFV_V2: { - for (unsigned int i=0; i derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key; - exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE exported_len; - - Sec_KeyHandle *keyHandle; - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idContentKey, &keyHandle)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("SecKey_ExportKey failed"); - SecKey_Release(keyHandle); - return SEC_RESULT_FAILURE; - } - exported_key.resize(exported_len); - SecKey_Release(keyHandle); - - //provision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idContentKey, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyType keyType = TestCreds::getKeyType(key); - std::vector clear = TestCreds::asOpenSslAes(key); - - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idContentKey, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idContentKey, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idContentKey, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testExportWrappedEccAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - - std::vector keys = TestCreds::getWrappedContentKeyChainEcAes(key, kc, id, asymAlg); - if (keys.size() == 0) { - SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); - return SEC_RESULT_FAILURE; - } - - switch (wkfv) { - case WKFV_V2: { - for (unsigned int i=0; i derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key; - exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE exported_len; - - Sec_KeyHandle *keyHandle; - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idContentKey, &keyHandle)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("SecKey_ExportKey failed"); - SecKey_Release(keyHandle); - return SEC_RESULT_FAILURE; - } - exported_key.resize(exported_len); - SecKey_Release(keyHandle); - - //provision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idContentKey, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyType keyType = TestCreds::getKeyType(key); - std::vector clear = TestCreds::asOpenSslAes(key); - - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idContentKey, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idContentKey, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idContentKey, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - return SEC_RESULT_SUCCESS; -} - -static std::vector getWrappedContentKeyChainGeneratedEcAes(TestKey contentKey, EC_KEY* ec_key, SEC_OBJECTID base_id, Sec_CipherAlgorithm asymAlg) { - std::vector res; - - //generate key1 - std::shared_ptr wrappedKey1(TestCreds::wrapAesWithEc(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), ec_key, base_id, asymAlg)); - res.push_back(*wrappedKey1); - - return res; -} - -static bool _Is_Valid_Point(EC_KEY* ec_key, const std::vector data) -{ - if (data.size() != SEC_ECC_NISTP256_KEY_LEN) { - SEC_LOG_ERROR("Input size needed != One BIGNUM"); - return false; - } - - // Convert the input buffer to be encrypted to a BIGNUM - std::shared_ptr inputAsBN(BN_new(), BN_free); - if (inputAsBN.get() == NULL) { - SEC_LOG_ERROR("BN_new failed"); - return false; - } - - if (BN_bin2bn(&data[0], data.size(), inputAsBN.get()) == NULL) { - SEC_LOG_ERROR("BN_bin2bn failed."); - return false; - } - - const EC_GROUP *group = EC_KEY_get0_group(ec_key); - if (NULL == group) { - SEC_LOG_ERROR("EC_KEY_get0_group failed"); - return false; - } - - std::shared_ptr ctx(BN_CTX_new(), BN_CTX_free); - if (ctx.get() == NULL) { - SEC_LOG_ERROR("BN_CTX_new failed"); - return false; - } - - std::shared_ptr pt(EC_POINT_new(group), EC_POINT_free); - if (pt.get() == NULL) { - SEC_LOG_ERROR("EC_POINT_new failed"); - return false; - } - - if (!EC_POINT_set_compressed_coordinates_GFp(group, pt.get(), inputAsBN.get(), 0, ctx.get())) { - SEC_LOG_ERROR("EC_POINT_set_compressed_coordinates_GFp failed"); - return false; - } - - return true; -} - -template std::vector concat(std::vector &a, std::vector &b) { - std::vector ret = std::vector(); - std::copy(a.begin(), a.end(), std::back_inserter(ret)); - std::copy(b.begin(), b.end(), std::back_inserter(ret)); - return ret; -} - -static std::vector getWrappedContentKeyChainGeneratedEcAesAes(TestKey contentKey, EC_KEY* ec_key, SEC_OBJECTID base_id, Sec_KeyType aesType, Sec_CipherAlgorithm asymAlg, Sec_CipherAlgorithm symAlg) { - std::vector res; - - //generate key1 - std::vector key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); - while (!_Is_Valid_Point(ec_key, (SecKey_GetKeyLenForKeyType(aesType) == 16) ? concat(key1, key1) : key1)) { - SEC_PRINT("Not a valid point. Regenerating.\n"); - key1 = TestCtx::random(SecKey_GetKeyLenForKeyType(aesType)); - } - - std::shared_ptr wrappedKey1(TestCreds::wrapAesWithEc(&key1[0], aesType, ec_key, base_id, asymAlg)); - res.push_back(*wrappedKey1); - - //generate key2 - std::shared_ptr wrappedKey2(TestCreds::wrapAesWithAes(TestCreds::asOpenSslAes(contentKey).data(), TestCreds::getKeyType(contentKey), &key1[0], aesType, base_id+1, symAlg)); - res.push_back(*wrappedKey2); - - return res; -} - -static EC_KEY *_ECCFromPubBinary(Sec_ECCRawPublicKey *binary) -{ - BN_CTX *ctx = BN_CTX_new(); - - if ( binary->type != SEC_KEYTYPE_ECC_NISTP256_PUBLIC - && binary->type != SEC_KEYTYPE_ECC_NISTP256) - return NULL; - - EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); //create ec_key structure with NIST p256 curve; - const EC_GROUP *group = EC_KEY_get0_group(ec_key); - EC_POINT *ec_point = EC_POINT_new(group); - BN_CTX_start(ctx); - BIGNUM *xp, *yp; - - if (((xp = BN_CTX_get(ctx)) == NULL) || ((yp = BN_CTX_get(ctx)) == NULL)) - goto done; - - EC_POINT_set_affine_coordinates_GFp(group, ec_point, - BN_bin2bn(binary->x, Sec_BEBytesToUint32(binary->key_len), xp), - BN_bin2bn(binary->y, Sec_BEBytesToUint32(binary->key_len), yp), ctx); - EC_KEY_set_public_key(ec_key, ec_point); - -done: - EC_POINT_free(ec_point); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - - return ec_key; -} - -static EC_KEY* generateEcAndGetPublic(TestCtx& ctx, SEC_OBJECTID id) { - Sec_KeyHandle *ecKey = ctx.provisionKey(id, SEC_STORAGELOC_RAM, TESTKEY_EC_PRIV, TESTKC_GENERATED, SEC_FALSE); - if (ecKey == NULL) { - SEC_LOG_ERROR("provisionKey failed"); - return NULL; - } - - Sec_ECCRawPublicKey public_key; - memset(&public_key, 0, sizeof(public_key)); - if (SEC_RESULT_SUCCESS != SecKey_ExtractECCPublicKey(ecKey, &public_key)) { - SEC_LOG_ERROR("SecKey_ExtractECCPublicKey failed"); - return NULL; - } - - EC_KEY* openssl_key = _ECCFromPubBinary(&public_key); - if (openssl_key == NULL) { - SEC_LOG_ERROR("_ECCFromPubBinary failed"); - return NULL; - } - - return openssl_key; -} - -Sec_Result testExportWrappedGeneratedEccAesAes(TestKey key, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - - EC_KEY* pub_ec = generateEcAndGetPublic(ctx, id); - std::vector keys = getWrappedContentKeyChainGeneratedEcAesAes(key, pub_ec, id, aesType, asymAlg, symAlg); - - if (keys.size() == 0) { - SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); - return SEC_RESULT_FAILURE; - } - - //generated key is alreay provisioned - id++; - - switch (wkfv) { - case WKFV_V2: { - for (unsigned int i=0; i derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key; - exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE exported_len; - - Sec_KeyHandle *keyHandle; - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idContentKey, &keyHandle)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("SecKey_ExportKey failed"); - SecKey_Release(keyHandle); - return SEC_RESULT_FAILURE; - } - exported_key.resize(exported_len); - SecKey_Release(keyHandle); - - //provision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idContentKey, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyType keyType = TestCreds::getKeyType(key); - std::vector clear = TestCreds::asOpenSslAes(key); - - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idContentKey, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idContentKey, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idContentKey, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - return SEC_RESULT_SUCCESS; -} - -Sec_Result testExportWrappedGeneratedEccAes(TestKey key, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv) { - TestCtx ctx; - - if (ctx.init() != SEC_RESULT_SUCCESS) { - SEC_LOG_ERROR("TestCtx.init failed"); - return SEC_RESULT_FAILURE; - } - - SEC_OBJECTID id = SEC_OBJECTID_USER_BASE; - - EC_KEY* pub_ec = generateEcAndGetPublic(ctx, id); - std::vector keys = getWrappedContentKeyChainGeneratedEcAes(key, pub_ec, id, asymAlg); - - if (keys.size() == 0) { - SEC_LOG_ERROR("TestCreds::getWrappedContentKeyChain failed"); - return SEC_RESULT_FAILURE; - } - - //generated key is alreay provisioned - id++; - - switch (wkfv) { - case WKFV_V2: { - for (unsigned int i=0; i derivation_input = TestCtx::random(SEC_AES_BLOCK_SIZE); - std::vector exported_key; - exported_key.resize(SEC_KEYCONTAINER_MAX_LEN); - SEC_SIZE exported_len; - - Sec_KeyHandle *keyHandle; - if (SEC_RESULT_SUCCESS != SecKey_GetInstance(ctx.proc(), idContentKey, &keyHandle)) { - SEC_LOG_ERROR("SecKey_GetInstance failed"); - return SEC_RESULT_FAILURE; - } - - if (SEC_RESULT_SUCCESS != SecKey_ExportKey(keyHandle, &derivation_input[0], &exported_key[0], exported_key.size(), &exported_len)) { - SEC_LOG_ERROR("SecKey_ExportKey failed"); - SecKey_Release(keyHandle); - return SEC_RESULT_FAILURE; - } - exported_key.resize(exported_len); - SecKey_Release(keyHandle); - - //provision exported - if (SEC_RESULT_SUCCESS != SecKey_Provision(ctx.proc(), idContentKey, - SEC_STORAGELOC_RAM, SEC_KEYCONTAINER_EXPORTED, &exported_key[0], exported_key.size())) { - SEC_LOG_ERROR("SecKey_Provision failed"); - return SEC_RESULT_FAILURE; - } - - Sec_KeyType keyType = TestCreds::getKeyType(key); - std::vector clear = TestCreds::asOpenSslAes(key); - - if (SEC_RESULT_SUCCESS != cipherEncDecSingle(&ctx, idContentKey, SEC_CIPHERALGORITHM_AES_ECB_NO_PADDING, 256)) { - SEC_LOG_ERROR("cipherEncDecSingle failed"); - return SEC_RESULT_FAILURE; - } - - if (SecKey_IsAES(keyType)) { - if (SEC_RESULT_SUCCESS != aesKeyCheck(ctx.proc(), idContentKey, &clear[0], clear.size())) { - SEC_LOG_ERROR("aesKeyCheck failed"); - return SEC_RESULT_FAILURE; - } - } else { - if (SEC_RESULT_SUCCESS != macCheck(ctx.proc(), SEC_MACALGORITHM_HMAC_SHA256, idContentKey, &clear[0], clear.size())) { - SEC_LOG_ERROR("macCheck failed"); - return SEC_RESULT_FAILURE; - } - } - - return SEC_RESULT_SUCCESS; -} diff --git a/test/main/cpp/wrapped.h b/test/main/cpp/wrapped.h deleted file mode 100644 index 5377cc0..0000000 --- a/test/main/cpp/wrapped.h +++ /dev/null @@ -1,39 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_WRAPPED_H_ -#define TEST_WRAPPED_H_ - -#include "sec_security.h" -#include "test_creds.h" - -Sec_Result testWrappedCipherSingleRsaAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv); -Sec_Result testWrappedCipherSingleRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv); -Sec_Result testWrappedCipherSingleRsaAesRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, Sec_CipherAlgorithm ckSymAlg, WrappedKeyFormatVersion wkfv); -Sec_Result testWrappedCipherSingleEcAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv); -Sec_Result testWrappedCipherSingleEcAesAes(TestKey key, TestKc kc, Sec_KeyType aesType, Sec_CipherAlgorithm asymAlg, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv); -Sec_Result testExportWrappedRsaAesAes(TestKey key, TestKc kc, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv); -Sec_Result testWrappedKDFCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, SEC_OBJECTID idWrapped, Sec_KeyType keyType, SEC_BYTE counter, uint32_t L); -Sec_Result testExportedKDFCMACAES128(SEC_OBJECTID idDerived, SEC_OBJECTID idBase, SEC_OBJECTID idWrapped, Sec_KeyType keyType, SEC_BYTE counter, uint32_t L); -Sec_Result testExportWrappedEccAesAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv); -Sec_Result testExportWrappedEccAes(TestKey key, TestKc kc, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv); -Sec_Result testExportWrappedGeneratedEccAesAes(TestKey key, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, WrappedKeyFormatVersion wkfv); -Sec_Result testExportWrappedGeneratedEccAes(TestKey key, Sec_CipherAlgorithm asymAlg, WrappedKeyFormatVersion wkfv); - -#endif diff --git a/test/main/headers/test_creds.h b/test/main/headers/test_creds.h deleted file mode 100644 index b79fda4..0000000 --- a/test/main/headers/test_creds.h +++ /dev/null @@ -1,149 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_CREDS_H_ -#define TEST_CREDS_H_ - -#include -#include -#include -#include -#include "sec_security.h" - -enum TestKey { - TESTKEY_AES128 = 0, - TESTKEY_AES256, - TESTKEY_HMAC128, - TESTKEY_HMAC160, - TESTKEY_HMAC256, - TESTKEY_RSA1024_SGN_PRIV, - TESTKEY_RSA1024_SGN_PUB, - TESTKEY_RSA1024_ENC_PRIV, - TESTKEY_RSA1024_ENC_PUB, - TESTKEY_RSA1024_KEK_PRIV, - TESTKEY_RSA1024_KEK_PUB, - TESTKEY_RSA2048_SGN_PRIV, - TESTKEY_RSA2048_SGN_PUB, - TESTKEY_RSA2048_ENC_PRIV, - TESTKEY_RSA2048_ENC_PUB, - TESTKEY_RSA2048_KEK_PRIV, - TESTKEY_RSA2048_KEK_PUB, - TESTKEY_EC_PRIV, - TESTKEY_EC_PUB, - TESTKEY_NUM -}; - -enum TestKc { - TESTKC_RAW, - TESTKC_STORE, - TESTKC_SOC, - TESTKC_GENERATED, - TESTKC_EXPORTED, - TESTKC_NUM -}; - -enum TestCert { - TESTCERT_RSA1024 = 0, - TESTCERT_RSA2048, - TESTCERT_EC, - TESTCERT_NUM -}; - -enum WrappedKeyFormatVersion { - WKFV_V2 = 2, //with offset field - WKFV_V3 //with embedded wrappedKey -}; - -enum Capability { - CAPABILITY_AES256 = 0, - CAPABILITY_HMAC_IN_HW, - CAPABILITY_CMAC_IN_HW, - CAPABILITY_DIGEST_OVER_HWKEY, - CAPABILITY_HMAC_OVER_HWKEY, - CAPABILITY_CMAC_OVER_HWKEY, - CAPABILITY_HKDF_CMAC, - CAPABILITY_EXTRACT_RSA_PUB, - CAPABILITY_WRAPPED_KEY_FORMAT_V3, //nested key containers - CAPABILITY_RSA_AES_M2M, - CAPABILITY_CLEAR_JTYPE_WRAPPING, // SOC only - CAPABILITY_SVP, - CAPABILITY_LOAD_SYM_SOC_KC, - CAPABILITY_EXPORT_RSA, - CAPABILITY_RSA_1024, - CAPABILITY_RSA_AESCBC_AES, - CAPABILITY_RSA_AESCTR_AES, - CAPABILITY_RSA_AESCTR_RSA, - CAPABILITY_NUM -}; - -class TestCtx; - -class ProvKey { -public: - ProvKey() {} - - ProvKey(std::vector _key, Sec_KeyContainer _kc) { - key = _key; - kc = _kc; - } - std::vector key; - Sec_KeyContainer kc; -}; - -class ProvCert { -public: - ProvCert(std::vector _cert, Sec_CertificateContainer _cc) { - cert = _cert; - cc = _cc; - } - std::vector cert; - Sec_CertificateContainer cc; -}; - -class TestCreds { -public: - static ProvKey* getKey(TestKey key, TestKc kc, SEC_OBJECTID id); - static Sec_KeyType getKeyType(TestKey key); - static ProvCert* getCert(TestCert cert); - - static std::vector asOpenSslAes(TestKey key); - static RSA* asOpenSslRsa(TestKey key); - static EC_KEY *asOpenSslEcKey(TestKey key); - static EVP_PKEY *asOpenSslEvpPkey(TestKey key); - - //following stubs should be implemented by the SOC vendors in test_creds_soc.cpp - static ProvKey* getSocKey(TestKey key, SEC_OBJECTID id); - static Sec_Result preprovisionSoc(TestCtx *testCtx); - static SEC_BOOL supports(Capability cap); - static void init(); - static void shutdown(); - - static std::vector getWrappedContentKeyChainRsaAes(TestKey contentKey, TestKc kc, SEC_OBJECTID id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg); - static std::vector getWrappedContentKeyChainRsaAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg); - static std::vector getWrappedContentKeyChainRsaAesRsaAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID id, Sec_KeyType rsaType, Sec_CipherAlgorithm asymAlg, Sec_KeyType aesType, Sec_CipherAlgorithm symAlg, Sec_CipherAlgorithm ckSymAlg); - static std::vector getWrappedContentKeyChainEcAes(TestKey contentKey, TestKc kc, SEC_OBJECTID id, Sec_CipherAlgorithm asymAlg); - static std::vector getWrappedContentKeyChainEcAesAes(TestKey contentKey, TestKc kc, SEC_OBJECTID base_id, Sec_KeyType aesType, Sec_CipherAlgorithm asymAlg, Sec_CipherAlgorithm symAlg); - - static ProvKey* wrapAesWithAes(const SEC_BYTE* clear, Sec_KeyType type, const SEC_BYTE* wrapping, Sec_KeyType wrappingType, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm symAlg); - static ProvKey* wrapAesWithEc(const SEC_BYTE* clear, Sec_KeyType type, EC_KEY *ec_key, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm asymAlg); - static ProvKey* wrapAesWithRsa(const SEC_BYTE* data, Sec_KeyType type, RSA *rsa_key, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm asymAlg); - static ProvKey* wrapRsaWithAes(RSA* rsa, const SEC_BYTE* wrapping, Sec_KeyType wrappingType, SEC_OBJECTID wrappingId, Sec_CipherAlgorithm symAlg); -}; - -#endif diff --git a/test/main/headers/test_ctx.h b/test/main/headers/test_ctx.h deleted file mode 100644 index 3ab691d..0000000 --- a/test/main/headers/test_ctx.h +++ /dev/null @@ -1,171 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef TEST_CTX_H_ -#define TEST_CTX_H_ - -#include -#include -#include -#include -#include -#include "sec_security.h" -#include "test_creds.h" - -//#define ENABLE_FULL_LOGS - -#ifdef ENABLE_FULL_LOGS - #define DELAYED_LOG 0 -#else - #define DELAYED_LOG 1 -#endif - -enum TestState { - TESTRESULT_SUCCEEDED = 0, - TESTRESULT_FAILED, - TESTRESULT_SKIPPED, - TESTRESULT_NUM -}; - -#define SEC_PRINT_HEX(name, ptr, size) \ - SEC_PRINT("%s[%d]: ", name, size); Sec_PrintHex(ptr, size); SEC_PRINT("\n"); -#define RUN_TEST(suite, function) \ - { \ - int testIdx = (suite)->addTest(#function); \ - \ - if ((suite)->shouldRun(testIdx)) { \ - if (DELAYED_LOG) { Logger::init(); } \ - SEC_PRINT("\n"); \ - SEC_PRINT("%d: " #function " STARTING\n", testIdx); \ - Sec_Result res = function; \ - std::string output = DELAYED_LOG ? Logger::output() : std::string(); \ - if (DELAYED_LOG) { Logger::shutdown(); } \ - if (SEC_RESULT_SUCCESS == res) { \ - SEC_PRINT("%d: " #function " SUCCEEDED\n", testIdx); \ - (suite)->setTestState(testIdx, TESTRESULT_SUCCEEDED); \ - } else { \ - SEC_PRINT(output.c_str()); \ - SEC_PRINT("%d: " #function " FAILED\n\n", testIdx); \ - (suite)->setTestState(testIdx, TESTRESULT_FAILED); \ - } \ - } else { \ - (suite)->setTestState(testIdx, TESTRESULT_SKIPPED); \ - if ((suite)->shouldPrint(testIdx)) { \ - SEC_PRINT("%d: " #function "\n", testIdx); \ - } \ - } \ - } - -class SuiteCtx { - typedef std::pair TestEntry; -public: - SuiteCtx() {} - ~SuiteCtx() {} - - void setRunParams(const std::vector& runParams) { runParams_ = runParams; } - SEC_BOOL shouldRun(int id) const { return runParams_.size() == 0 || std::find(runParams_.begin(), runParams_.end(), id) != runParams_.end(); } - SEC_BOOL shouldPrint(int id) const { return shouldRun(id) || (runParams_.size() == 1 && runParams_[0] <= 0); } - int addTest(const char *name) { tests_.push_back(std::make_pair(name, TESTRESULT_NUM)); return tests_.size(); } - void setTestState(int id, TestState state) { tests_[id-1].second = state; } - TestEntry getTestEntry(int id) const { return tests_[id-1]; } - std::vector getFailed() const; - std::vector getSucceeded() const; - std::vector getSkipped() const; - std::vector getAttempted() const; - std::vector getAll() const; - -private: - std::vector tests_; - std::vector runParams_; -}; - -class TestCtx { -public: - TestCtx(); - ~TestCtx(); - - Sec_Result init(const char *global_dir = "/tmp/sec_api_test_global", const char *app_dir = "/tmp/sec_api_test_app"); - - Sec_KeyHandle *provisionKey(SEC_OBJECTID id, Sec_StorageLoc location, TestKey key, TestKc, SEC_BOOL softWrap = SEC_FALSE); - Sec_KeyHandle *provisionKey(SEC_OBJECTID id, Sec_StorageLoc location, const SEC_BYTE *data, SEC_SIZE len, Sec_KeyContainer kc, SEC_BOOL softWrap = SEC_FALSE); - Sec_KeyHandle *getKey(SEC_OBJECTID id); - void releaseKey(Sec_KeyHandle *key); - void deleteKey(SEC_OBJECTID id); - - Sec_CertificateHandle * provisionCert(SEC_OBJECTID id, Sec_StorageLoc location, TestCert cert); - Sec_CertificateHandle *getCert(SEC_OBJECTID id); - void releaseCert(Sec_CertificateHandle* certHandle); - void deleteCert(SEC_OBJECTID id); - - Sec_BundleHandle * provisionBundle(SEC_OBJECTID id, Sec_StorageLoc location, const std::vector& bundle); - Sec_BundleHandle *getBundle(SEC_OBJECTID id); - void releaseBundle(Sec_BundleHandle* bundleHandle); - void deleteBundle(SEC_OBJECTID id); - - Sec_MacHandle *acquireMac(Sec_MacAlgorithm algorithm, Sec_KeyHandle *key); - Sec_Result releaseMac(Sec_MacHandle* macHandle, SEC_BYTE* macBuffer, SEC_SIZE* macSize); - void releaseMac(Sec_MacHandle* macHandle); - - Sec_CipherHandle *acquireCipher(Sec_CipherAlgorithm algorithm, Sec_CipherMode mode, Sec_KeyHandle* key, SEC_BYTE* iv); - void releaseCipher(Sec_CipherHandle *cipher); - - Sec_SignatureHandle *acquireSignature(Sec_SignatureAlgorithm algorithm, Sec_SignatureMode mode, Sec_KeyHandle* key); - void releaseSignature(Sec_SignatureHandle *sig); - - Sec_DigestHandle *acquireDigest(Sec_DigestAlgorithm algorithm); - Sec_Result releaseDigest(Sec_DigestHandle* digestHandle, SEC_BYTE* digestOutput, SEC_SIZE* digestSize); - void releaseDigest(Sec_DigestHandle* digestHandle); - - Sec_RandomHandle *acquireRandom(Sec_RandomAlgorithm algorithm); - void releaseRandom(Sec_RandomHandle* randomHandle); - - SEC_BYTE* Sec_NativeMalloc(Sec_ProcessorHandle* handle, SEC_SIZE length); - void Sec_NativeFree(Sec_ProcessorHandle* handle, void *ptr); - - Sec_ProcessorHandle *proc() { return proc_; } - - //utils - static void printHex(const char *label, const std::vector& data); - static std::vector random(SEC_SIZE len); - static std::vector coalesceInputs(const std::vector >& inputs); - static SEC_SIZE coalesceInputSizes(const std::vector& inputSizes); - -private: - Sec_ProcessorHandle *proc_; - std::list provisionedKeys_; - std::list keys_; - std::list provisionedCerts_; - std::list certs_; - std::list provisionedBundles_; - std::list bundles_; - std::list macs_; - std::list ciphers_; - std::list sigs_; - std::list digests_; - std::list randoms_; -}; - -class Logger { -public: - static void init(); - static void shutdown(); - static const char *output(); -}; - -#endif /* TEST_CTX_H_ */ diff --git a/test/openssl/cpp/test_creds_soc.cpp b/test/openssl/cpp/test_creds_soc.cpp deleted file mode 100644 index 1b7be41..0000000 --- a/test/openssl/cpp/test_creds_soc.cpp +++ /dev/null @@ -1,249 +0,0 @@ -/** - * If not stated otherwise in this file or this component's Licenses.txt file the - * following copyright and licenses apply: - * - * Copyright 2019 RDK Management - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "test_creds.h" -#include "test_ctx.h" -#include "sec_security_utils.h" -#include "openssl/rand.h" -#include - -#define SEC_OBJECTID_OPENSSL_KPK SEC_OBJECTID_RESERVEDPLATFORM_7 - -static std::vector random(SEC_SIZE len) { - std::vector res; - res.resize(len); - - if (1 != RAND_bytes(&res[0], len)) - { - SEC_LOG_ERROR("RAND_bytes failed"); - return std::vector(); - } - - return res; -} - -static std::vector asn1(const std::vector& wrapped, const std::vector& iv, Sec_KeyType type) { - std::vector res; - SEC_SIZE written; - - res.resize(SEC_KEYCONTAINER_MAX_LEN); - - if (SEC_RESULT_SUCCESS != SecKey_GenerateWrappedKeyAsn1Off( - (SEC_BYTE *) &wrapped[0], - wrapped.size(), - type, - SEC_OBJECTID_OPENSSL_KPK, - (SEC_BYTE *) &iv[0], - SEC_CIPHERALGORITHM_AES_CBC_PKCS7_PADDING, - &res[0], - res.size(), - &written, - 0)) { - SEC_LOG_ERROR("SecKey_GenerateWrappedKeyAsn1Off failed"); - return std::vector(); - } - - res.resize(written); - - return res; -} - -static std::vector wrap(const std::vector& input, const std::vector& iv) { - std::vector output; - std::vector openssl_key = TestCreds::asOpenSslAes(TESTKEY_AES128); - - const EVP_CIPHER *evp_cipher; - - if (openssl_key.size() == 16) { - evp_cipher = (EVP_CIPHER *) EVP_aes_128_cbc(); - } else { - evp_cipher = (EVP_CIPHER *) EVP_aes_256_cbc(); - } - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX evp_ctx; - EVP_CIPHER_CTX_init(&evp_ctx); - EVP_CIPHER_CTX *p_evp_ctx = &evp_ctx; -#else - EVP_CIPHER_CTX *p_evp_ctx = EVP_CIPHER_CTX_new(); -#endif - - if (1 != EVP_CipherInit_ex(p_evp_ctx, evp_cipher, NULL, NULL, NULL, 1)) - { - SEC_LOG_ERROR("EVP_CipherInit failed"); - return std::vector(); - } - - if (1 != EVP_CIPHER_CTX_set_padding(p_evp_ctx, 1)) - { - SEC_LOG_ERROR("EVP_CIPHER_CTX_set_padding failed"); - return std::vector(); - } - - if (1 != EVP_CipherInit_ex(p_evp_ctx, NULL, NULL, &openssl_key[0], &iv[0], 1)) - { - SEC_LOG_ERROR("EVP_CipherInit failed"); - return std::vector(); - } - - output.resize(input.size() + SEC_AES_BLOCK_SIZE); - - SEC_SIZE written = 0; - int outlen = 0; - if (1 != EVP_CipherUpdate(p_evp_ctx, &output[0], &outlen, &input[0], input.size())) - { - SEC_LOG_ERROR("EVP_CipherUpdate failed"); - return std::vector(); - } - written += outlen; - outlen = 0; - - if (1 != EVP_CipherFinal_ex(p_evp_ctx, &output[written], &outlen)) - { - SEC_LOG_ERROR("EVP_CipherFinal failed"); - return std::vector(); - } - written += outlen; - - output.resize(written); - - return output; -} - -ProvKey* TestCreds::getSocKey(TestKey key, SEC_OBJECTID id) { - //Here the soc vendors should add code that returns the same key material as - //getClearKey(key), but packaged in the secure format that is specific to the - //chipset. - // - //This result can either be computed live or be pre-generated. - // - //The kc_type field should be set to the SEC_KEYCONTAINER_SOC. - - ProvKey *pk = TestCreds::getKey(key, TESTKC_RAW, id); - if (pk == NULL) { - return NULL; - } - - std::vector toWrap; - - switch (pk->kc) { - case SEC_KEYCONTAINER_DER_RSA_1024: - case SEC_KEYCONTAINER_DER_RSA_2048: { - RSA *rsa = SecUtils_RSAFromDERPriv(&pk->key[0], pk->key.size()); - if (rsa == NULL) { - SEC_LOG_ERROR("SecUtils_RSAFromDERPriv failed "); - delete pk; - return NULL; - } - - SEC_SIZE written; - toWrap.resize(SEC_KEYCONTAINER_MAX_LEN); - if (SEC_RESULT_SUCCESS - != SecUtils_RSAToDERPrivKeyInfo(rsa, &toWrap[0], toWrap.size(), - &written)) { - SEC_LOG_ERROR("SecUtils_RSAToDERPrivKeyInfo failed"); - SEC_RSA_FREE(rsa); - return NULL; - } - - toWrap.resize(written); - SEC_RSA_FREE(rsa); - } - break; - - case SEC_KEYCONTAINER_DER_ECC_NISTP256: { - EC_KEY *ec_key = SecUtils_ECCFromDERPriv(&pk->key[0], pk->key.size()); - if (ec_key == NULL) { - SEC_LOG_ERROR("SecUtils_ECCFromDERPriv failed "); - delete pk; - return NULL; - } - - Sec_ECCRawPrivateKey ec_bin; - if (SEC_RESULT_SUCCESS != SecUtils_ECCToPrivBinary(ec_key, &ec_bin)) { - SEC_LOG_ERROR("SecUtils_ECCToPrivBinary failed"); - SEC_ECC_FREE(ec_key); - delete pk; - return NULL; - } - - SEC_ECC_FREE(ec_key); - - toWrap.resize(32); - memcpy(&toWrap[0], &ec_bin.prv[0], 32); - } - break; - - case SEC_KEYCONTAINER_RAW_AES_128: - case SEC_KEYCONTAINER_RAW_AES_256: - case SEC_KEYCONTAINER_RAW_HMAC_128: - case SEC_KEYCONTAINER_RAW_HMAC_160: - case SEC_KEYCONTAINER_RAW_HMAC_256: { - toWrap.resize(pk->key.size()); - memcpy(&toWrap[0], &pk->key[0], pk->key.size()); - } - break; - - default: - SEC_LOG_ERROR("Unexpected kc encountered"); - return NULL; - } - - std::vector iv = random(SEC_AES_BLOCK_SIZE); - std::vector wrapped = wrap(toWrap, iv); - if (wrapped.empty()) { - SEC_LOG_ERROR("wrap failed"); - delete pk; - return NULL; - } - - std::vector a1 = asn1(wrapped, iv, TestCreds::getKeyType(key)); - if (a1.empty()) { - SEC_LOG_ERROR("ans1 failed"); - return NULL; - } - - delete pk; - - return new ProvKey(a1, SEC_KEYCONTAINER_SOC); -} - -Sec_Result TestCreds::preprovisionSoc(TestCtx *ctx) { - //Here the soc vendors should add code to preprovision any credentials that - //are required for the rest of the system to operate properly. - - //For most platforms this can stay a NOP - - //provision kpk - ctx->provisionKey(SEC_OBJECTID_OPENSSL_KPK, SEC_STORAGELOC_RAM, TESTKEY_AES128, TESTKC_RAW, SEC_TRUE); - - return SEC_RESULT_SUCCESS; -} - -SEC_BOOL TestCreds::supports(Capability cap) { - //return whether a specific capability is supported in the target soc - return cap != CAPABILITY_HKDF_CMAC - && cap != CAPABILITY_SVP; -} - -void TestCreds::init() { -} - -void TestCreds::shutdown() { -}