summaryrefslogtreecommitdiff
path: root/keystore2/tests
diff options
context:
space:
mode:
authorRajesh Nyamagoud <nyamagoud@google.com>2022-08-20 01:45:17 +0000
committerRajesh Nyamagoud <nyamagoud@google.com>2022-10-05 18:57:51 +0000
commitc7d064d59f5a28b2477d45ea623883a8271c1acd (patch)
tree257db5f7f7e2b614a2d147cf8fd82cf1904abe6c /keystore2/tests
parent7990778df7fde01017e147d082bb92f16593bf39 (diff)
downloadsecurity-c7d064d59f5a28b2477d45ea623883a8271c1acd.tar.gz
Changes made in keystore2_client_tests to avoid test timeout issues.
Added macros to generate test code for RSA and EC keys use cases. Test cases are split to run them in distict test cases to avoid timeout issues. Limiting RSA and EC each test cases to generate only one key and perform an operation. Bug: 242356276 Test: atest keystore2_client_tests Change-Id: I2841734f329afb0005727da26cc5b9ff532b9e73
Diffstat (limited to 'keystore2/tests')
-rw-r--r--keystore2/tests/keystore2_client_aes_key_tests.rs10
-rw-r--r--keystore2/tests/keystore2_client_ec_key_tests.rs236
-rw-r--r--keystore2/tests/keystore2_client_key_id_domain_tests.rs12
-rw-r--r--keystore2/tests/keystore2_client_rsa_key_tests.rs1990
-rw-r--r--keystore2/tests/keystore2_client_test_utils.rs21
5 files changed, 1734 insertions, 535 deletions
diff --git a/keystore2/tests/keystore2_client_aes_key_tests.rs b/keystore2/tests/keystore2_client_aes_key_tests.rs
index c56eef6a..885cbf5e 100644
--- a/keystore2/tests/keystore2_client_aes_key_tests.rs
+++ b/keystore2/tests/keystore2_client_aes_key_tests.rs
@@ -26,7 +26,8 @@ use keystore2_test_utils::{
};
use crate::keystore2_client_test_utils::{
- perform_sample_sym_key_decrypt_op, perform_sample_sym_key_encrypt_op, SAMPLE_PLAIN_TEXT,
+ has_trusty_keymint, perform_sample_sym_key_decrypt_op, perform_sample_sym_key_encrypt_op,
+ SAMPLE_PLAIN_TEXT,
};
/// Generate a AES key. Create encrypt and decrypt operations using the generated key.
@@ -391,7 +392,12 @@ fn keystore2_aes_gcm_op_fails_missing_mac_len() {
&mut None,
));
assert!(result.is_err());
- assert_eq!(Error::Km(ErrorCode::MISSING_MAC_LENGTH), result.unwrap_err());
+
+ if has_trusty_keymint() {
+ assert_eq!(result.unwrap_err(), Error::Km(ErrorCode::MISSING_MAC_LENGTH));
+ } else {
+ assert_eq!(result.unwrap_err(), Error::Km(ErrorCode::UNSUPPORTED_MAC_LENGTH));
+ }
}
/// Generate a AES-GCM key with `MIN_MAC_LENGTH`. Try to create an operation using this
diff --git a/keystore2/tests/keystore2_client_ec_key_tests.rs b/keystore2/tests/keystore2_client_ec_key_tests.rs
index 60bcddf5..726d61c2 100644
--- a/keystore2/tests/keystore2_client_ec_key_tests.rs
+++ b/keystore2/tests/keystore2_client_ec_key_tests.rs
@@ -20,7 +20,9 @@ use android_hardware_security_keymint::aidl::android::hardware::security::keymin
KeyPurpose::KeyPurpose, SecurityLevel::SecurityLevel,
};
use android_system_keystore2::aidl::android::system::keystore2::{
- Domain::Domain, KeyDescriptor::KeyDescriptor, ResponseCode::ResponseCode,
+ CreateOperationResponse::CreateOperationResponse, Domain::Domain,
+ IKeystoreSecurityLevel::IKeystoreSecurityLevel, KeyDescriptor::KeyDescriptor,
+ ResponseCode::ResponseCode,
};
use keystore2_test_utils::{
@@ -28,9 +30,171 @@ use keystore2_test_utils::{
};
use crate::keystore2_client_test_utils::{
- execute_op_run_as_child, perform_sample_sign_operation, BarrierReached, ForcedOp, TestOutcome,
+ delete_app_key, execute_op_run_as_child, perform_sample_sign_operation, BarrierReached,
+ ForcedOp, TestOutcome,
};
+macro_rules! test_ec_sign_key_op_success {
+ ( $test_name:ident, $digest:expr, $ec_curve:expr ) => {
+ #[test]
+ fn $test_name() {
+ perform_ec_sign_key_op_success(stringify!($test_name), $digest, $ec_curve);
+ }
+ };
+}
+
+macro_rules! test_ec_sign_key_op_with_none_or_md5_digest {
+ ( $test_name:ident, $digest:expr, $ec_curve:expr ) => {
+ #[test]
+ fn $test_name() {
+ perform_ec_sign_key_op_with_none_or_md5_digest(
+ stringify!($test_name),
+ $digest,
+ $ec_curve,
+ );
+ }
+ };
+}
+
+fn create_ec_key_and_operation(
+ sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>,
+ domain: Domain,
+ nspace: i64,
+ alias: Option<String>,
+ digest: Digest,
+ ec_curve: EcCurve,
+) -> binder::Result<CreateOperationResponse> {
+ let key_metadata =
+ key_generations::generate_ec_key(sec_level, domain, nspace, alias, ec_curve, digest)?;
+
+ sec_level.createOperation(
+ &key_metadata.key,
+ &authorizations::AuthSetBuilder::new().purpose(KeyPurpose::SIGN).digest(digest),
+ false,
+ )
+}
+
+fn perform_ec_sign_key_op_success(alias: &str, digest: Digest, ec_curve: EcCurve) {
+ let keystore2 = get_keystore_service();
+ let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
+
+ let op_response = create_ec_key_and_operation(
+ &sec_level,
+ Domain::APP,
+ -1,
+ Some(alias.to_string()),
+ digest,
+ ec_curve,
+ )
+ .unwrap();
+
+ assert!(op_response.iOperation.is_some());
+ assert_eq!(
+ Ok(()),
+ key_generations::map_ks_error(perform_sample_sign_operation(
+ &op_response.iOperation.unwrap()
+ ))
+ );
+
+ delete_app_key(&keystore2, alias).unwrap();
+}
+
+fn perform_ec_sign_key_op_with_none_or_md5_digest(alias: &str, digest: Digest, ec_curve: EcCurve) {
+ let keystore2 = get_keystore_service();
+ let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
+
+ match key_generations::map_ks_error(create_ec_key_and_operation(
+ &sec_level,
+ Domain::APP,
+ -1,
+ Some(alias.to_string()),
+ digest,
+ ec_curve,
+ )) {
+ Ok(op_response) => {
+ assert!(op_response.iOperation.is_some());
+ assert_eq!(
+ Ok(()),
+ key_generations::map_ks_error(perform_sample_sign_operation(
+ &op_response.iOperation.unwrap()
+ ))
+ );
+ }
+ Err(e) => {
+ assert_eq!(e, Error::Km(ErrorCode::UNSUPPORTED_DIGEST));
+ assert!(digest == Digest::NONE || digest == Digest::MD5);
+ }
+ }
+
+ delete_app_key(&keystore2, alias).unwrap();
+}
+
+// Below macros generate tests for generating EC keys with curves EcCurve::P_224, EcCurve::P_256,
+// EcCurve::P_384, EcCurve::P_521 and various digest modes. Tests tries to create operations using
+// the generated keys. Operations with digest modes `SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and
+// SHA-2 512` should be created successfully. Creation of operations with digest modes NONE and
+// MD5 should fail with an error code `UNSUPPORTED_DIGEST`.
+test_ec_sign_key_op_with_none_or_md5_digest!(
+ sign_ec_key_op_none_ec_p224,
+ Digest::NONE,
+ EcCurve::P_224
+);
+test_ec_sign_key_op_with_none_or_md5_digest!(
+ sign_ec_key_op_md5_ec_p224,
+ Digest::MD5,
+ EcCurve::P_224
+);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha1_ec_p224, Digest::SHA1, EcCurve::P_224);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha224_ec_p224, Digest::SHA_2_224, EcCurve::P_224);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha256_ec_p224, Digest::SHA_2_256, EcCurve::P_224);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha384_ec_p224, Digest::SHA_2_384, EcCurve::P_224);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha512_ec_p224, Digest::SHA_2_512, EcCurve::P_224);
+test_ec_sign_key_op_with_none_or_md5_digest!(
+ sign_ec_key_op_none_ec_p256,
+ Digest::NONE,
+ EcCurve::P_256
+);
+test_ec_sign_key_op_with_none_or_md5_digest!(
+ sign_ec_key_op_md5_ec_p256,
+ Digest::MD5,
+ EcCurve::P_256
+);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha1_ec_p256, Digest::SHA1, EcCurve::P_256);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha224_ec_p256, Digest::SHA_2_224, EcCurve::P_256);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha256_ec_p256, Digest::SHA_2_256, EcCurve::P_256);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha384_ec_p256, Digest::SHA_2_384, EcCurve::P_256);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha512_ec_p256, Digest::SHA_2_512, EcCurve::P_256);
+test_ec_sign_key_op_with_none_or_md5_digest!(
+ sign_ec_key_op_none_ec_p384,
+ Digest::NONE,
+ EcCurve::P_384
+);
+test_ec_sign_key_op_with_none_or_md5_digest!(
+ sign_ec_key_op_md5_ec_p384,
+ Digest::MD5,
+ EcCurve::P_384
+);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha1_ec_p384, Digest::SHA1, EcCurve::P_384);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha224_ec_p384, Digest::SHA_2_224, EcCurve::P_384);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha256_ec_p384, Digest::SHA_2_256, EcCurve::P_384);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha384_ec_p384, Digest::SHA_2_384, EcCurve::P_384);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha512_ec_p384, Digest::SHA_2_512, EcCurve::P_384);
+test_ec_sign_key_op_with_none_or_md5_digest!(
+ sign_ec_key_op_none_ec_p521,
+ Digest::NONE,
+ EcCurve::P_521
+);
+test_ec_sign_key_op_with_none_or_md5_digest!(
+ sign_ec_key_op_md5_ec_p521,
+ Digest::MD5,
+ EcCurve::P_521
+);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha1_ec_p521, Digest::SHA1, EcCurve::P_521);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha224_ec_p521, Digest::SHA_2_224, EcCurve::P_521);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha256_ec_p521, Digest::SHA_2_256, EcCurve::P_521);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha384_ec_p521, Digest::SHA_2_384, EcCurve::P_521);
+test_ec_sign_key_op_success!(sign_ec_key_op_sha512_ec_p521, Digest::SHA_2_512, EcCurve::P_521);
+
/// This test will try to load the key with Domain::BLOB.
/// INVALID_ARGUMENT error is expected.
#[test]
@@ -66,7 +230,7 @@ fn keystore2_generate_key_invalid_domain() {
let alias = format!("ks_invalid_test_key_{}", getuid());
let result = key_generations::map_ks_error(key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain(99), // Invalid domain.
key_generations::SELINUX_SHELL_NAMESPACE,
Some(alias),
@@ -146,64 +310,6 @@ fn keystore2_generate_ec_key_25519_multi_purpose() {
assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_PURPOSE), result.unwrap_err());
}
-/// Generate EC keys with curves EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521 and
-/// various digest modes. Try to create operations using generated keys. Operations with digest
-/// modes `SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512` should be created successfully.
-/// Creation of operations with digest modes NONE and MD5 should fail with an error code
-/// `UNSUPPORTED_DIGEST`.
-#[test]
-fn keystore2_ec_generate_key() {
- let keystore2 = get_keystore_service();
- let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
-
- let digests = [
- Digest::NONE,
- Digest::MD5,
- Digest::SHA1,
- Digest::SHA_2_224,
- Digest::SHA_2_256,
- Digest::SHA_2_384,
- Digest::SHA_2_512,
- ];
-
- let ec_curves = [EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521];
-
- for ec_curve in ec_curves {
- for digest in digests {
- let alias = format!("ks_ec_test_key_gen_{}{}{}", getuid(), ec_curve.0, digest.0);
- let key_metadata = key_generations::generate_ec_key(
- &*sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- ec_curve,
- digest,
- )
- .unwrap();
-
- match key_generations::map_ks_error(sec_level.createOperation(
- &key_metadata.key,
- &authorizations::AuthSetBuilder::new().purpose(KeyPurpose::SIGN).digest(digest),
- false,
- )) {
- Ok(op_response) => {
- assert!(op_response.iOperation.is_some());
- assert_eq!(
- Ok(()),
- key_generations::map_ks_error(perform_sample_sign_operation(
- &op_response.iOperation.unwrap()
- ))
- );
- }
- Err(e) => {
- assert_eq!(e, Error::Km(ErrorCode::UNSUPPORTED_DIGEST));
- assert!(digest == Digest::NONE || digest == Digest::MD5);
- }
- }
- }
- }
-}
-
/// Generate EC key with curve `CURVE_25519` and digest mode NONE. Try to create an operation using
/// generated key. `CURVE_25519` key should support `Digest::NONE` digest mode and test should be
/// able to create an operation successfully.
@@ -214,7 +320,7 @@ fn keystore2_ec_25519_generate_key_success() {
let alias = format!("ks_ec_25519_none_test_key_gen_{}", getuid());
let key_metadata = key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain::APP,
-1,
Some(alias),
@@ -260,7 +366,7 @@ fn keystore2_ec_25519_generate_key_fail() {
for digest in digests {
let alias = format!("ks_ec_25519_test_key_gen_{}{}", getuid(), digest.0);
let key_metadata = key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain::APP,
-1,
Some(alias.to_string()),
@@ -289,7 +395,7 @@ fn keystore2_create_op_with_incompatible_key_digest() {
let alias = "ks_ec_test_incomp_key_digest";
let key_metadata = key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain::APP,
-1,
Some(alias.to_string()),
@@ -378,7 +484,7 @@ fn keystore2_generate_key_with_blob_domain() {
let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
let key_metadata = key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain::BLOB,
key_generations::SELINUX_SHELL_NAMESPACE,
None,
diff --git a/keystore2/tests/keystore2_client_key_id_domain_tests.rs b/keystore2/tests/keystore2_client_key_id_domain_tests.rs
index 2a1d990a..09b13784 100644
--- a/keystore2/tests/keystore2_client_key_id_domain_tests.rs
+++ b/keystore2/tests/keystore2_client_key_id_domain_tests.rs
@@ -37,7 +37,7 @@ fn keystore2_generate_key_with_key_id_domain_expect_sys_error() {
let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
let result = key_generations::map_ks_error(key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain::KEY_ID,
key_generations::SELINUX_SHELL_NAMESPACE,
Some(alias.to_string()),
@@ -58,7 +58,7 @@ fn keystore2_find_key_with_key_id_as_domain() {
let alias = "ks_key_id_test_key";
let key_metadata = key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain::APP,
-1,
Some(alias.to_string()),
@@ -115,7 +115,7 @@ fn keystore2_key_id_alias_rebind_verify_by_alias() {
let alias = format!("ks_key_id_test_alias_rebind_1_{}", getuid());
let key_metadata = key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain::APP,
-1,
Some(alias.to_string()),
@@ -127,7 +127,7 @@ fn keystore2_key_id_alias_rebind_verify_by_alias() {
// Generate a key with same alias as above generated key, so that alias will be rebound
// to this key.
let new_key_metadata = key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain::APP,
-1,
Some(alias),
@@ -182,7 +182,7 @@ fn keystore2_key_id_alias_rebind_verify_by_key_id() {
let alias = format!("ks_key_id_test_alias_rebind_2_{}", getuid());
let key_metadata = key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain::APP,
-1,
Some(alias.to_string()),
@@ -210,7 +210,7 @@ fn keystore2_key_id_alias_rebind_verify_by_key_id() {
// Generate another key with same alias as above generated key, so that alias will be rebound
// to this key.
let new_key_metadata = key_generations::generate_ec_key(
- &*sec_level,
+ &sec_level,
Domain::APP,
-1,
Some(alias),
diff --git a/keystore2/tests/keystore2_client_rsa_key_tests.rs b/keystore2/tests/keystore2_client_rsa_key_tests.rs
index aa822b92..3139c2b7 100644
--- a/keystore2/tests/keystore2_client_rsa_key_tests.rs
+++ b/keystore2/tests/keystore2_client_rsa_key_tests.rs
@@ -12,8 +12,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-use nix::unistd::getuid;
-
use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
BlockMode::BlockMode, Digest::Digest, ErrorCode::ErrorCode, KeyPurpose::KeyPurpose,
PaddingMode::PaddingMode, SecurityLevel::SecurityLevel,
@@ -27,7 +25,59 @@ use keystore2_test_utils::{
authorizations, get_keystore_service, key_generations, key_generations::Error,
};
-use crate::keystore2_client_test_utils::{perform_sample_sign_operation, ForcedOp};
+use crate::keystore2_client_test_utils::{
+ delete_app_key, has_trusty_keymint, perform_sample_sign_operation, ForcedOp,
+};
+
+/// This macro is used for creating signing key operation tests using digests and paddings
+/// for various key sizes.
+macro_rules! test_rsa_sign_key_op {
+ ( $test_name:ident, $digest:expr, $key_size:expr, $padding:expr ) => {
+ #[test]
+ fn $test_name() {
+ perform_rsa_sign_key_op_success($digest, $key_size, stringify!($test_name), $padding);
+ }
+ };
+
+ ( $test_name:ident, $digest:expr, $padding:expr ) => {
+ #[test]
+ fn $test_name() {
+ perform_rsa_sign_key_op_failure($digest, stringify!($test_name), $padding);
+ }
+ };
+}
+
+/// This macro is used for creating encrypt/decrypt key operation tests using digests, mgf-digests
+/// and paddings for various key sizes.
+macro_rules! test_rsa_encrypt_key_op {
+ ( $test_name:ident, $digest:expr, $key_size:expr, $padding:expr ) => {
+ #[test]
+ fn $test_name() {
+ create_rsa_encrypt_decrypt_key_op_success(
+ $digest,
+ $key_size,
+ stringify!($test_name),
+ $padding,
+ None,
+ None,
+ );
+ }
+ };
+
+ ( $test_name:ident, $digest:expr, $key_size:expr, $padding:expr, $mgf_digest:expr ) => {
+ #[test]
+ fn $test_name() {
+ create_rsa_encrypt_decrypt_key_op_success(
+ $digest,
+ $key_size,
+ stringify!($test_name),
+ $padding,
+ $mgf_digest,
+ Some(BlockMode::ECB),
+ );
+ }
+ };
+}
/// Generate a RSA key and create an operation using the generated key.
fn create_rsa_key_and_operation(
@@ -60,346 +110,1462 @@ fn create_rsa_key_and_operation(
sec_level.createOperation(&key_metadata.key, &op_params, forced_op.0)
}
-/// Generate RSA signing keys with -
-/// Padding mode: RSA_PKCS1_1_5_SIGN
-/// Digest modes: `NONE, MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
-/// Create operations with these generated keys. Test should create operations successfully.
-#[test]
-fn keystore2_rsa_generate_signing_key_padding_pkcs1_1_5() {
+/// Generate RSA signing key with given parameters and perform signing operation.
+fn perform_rsa_sign_key_op_success(
+ digest: Digest,
+ key_size: i32,
+ alias: &str,
+ padding: PaddingMode,
+) {
let keystore2 = get_keystore_service();
let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
- let digests = [
- Digest::NONE,
- Digest::MD5,
- Digest::SHA1,
- Digest::SHA_2_224,
- Digest::SHA_2_256,
- Digest::SHA_2_384,
- Digest::SHA_2_512,
- ];
-
- let key_sizes = [2048, 3072, 4096];
-
- for key_size in key_sizes {
- for digest in digests {
- let alias = format!("ks_rsa_key_test_{}{}{}", getuid(), key_size, digest.0);
- let op_response = create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
- padding: Some(PaddingMode::RSA_PKCS1_1_5_SIGN),
- digest: Some(digest),
- mgf_digest: None,
- block_mode: None,
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::SIGN,
- ForcedOp(false),
- )
- .unwrap();
-
- assert!(op_response.iOperation.is_some());
- assert_eq!(
- Ok(()),
- key_generations::map_ks_error(perform_sample_sign_operation(
- &op_response.iOperation.unwrap()
- ))
- );
- } // End of digests.
- } // End of key-sizes.
-}
-
-/// Generate RSA signing keys with -
-/// Padding mode: RSA_PSS
-/// Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
-/// Create operations with these generated keys. Test should create operations successfully.
-#[test]
-fn keystore2_rsa_generate_signing_key_padding_pss_success() {
- let keystore2 = get_keystore_service();
- let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
-
- let digests = [
- Digest::MD5,
- Digest::SHA1,
- Digest::SHA_2_224,
- Digest::SHA_2_256,
- Digest::SHA_2_384,
- Digest::SHA_2_512,
- ];
-
- let key_sizes = [2048, 3072, 4096];
-
- for key_size in key_sizes {
- for digest in digests {
- let alias = format!("ks_rsa_key_test_{}{}{}", getuid(), key_size, digest.0);
- let op_response = create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
- padding: Some(PaddingMode::RSA_PSS),
- digest: Some(digest),
- mgf_digest: None,
- block_mode: None,
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::SIGN,
- ForcedOp(false),
- )
- .unwrap();
-
- assert!(op_response.iOperation.is_some());
- assert_eq!(
- Ok(()),
- key_generations::map_ks_error(perform_sample_sign_operation(
- &op_response.iOperation.unwrap()
- ))
- );
- } // End of digests.
- } // End of key-sizes.
+ let op_response = create_rsa_key_and_operation(
+ &sec_level,
+ Domain::APP,
+ -1,
+ Some(alias.to_string()),
+ &key_generations::KeyParams {
+ key_size,
+ purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
+ padding: Some(padding),
+ digest: Some(digest),
+ mgf_digest: None,
+ block_mode: None,
+ att_challenge: None,
+ att_app_id: None,
+ },
+ KeyPurpose::SIGN,
+ ForcedOp(false),
+ )
+ .expect("Failed to create an operation.");
+
+ assert!(op_response.iOperation.is_some());
+ assert_eq!(
+ Ok(()),
+ key_generations::map_ks_error(perform_sample_sign_operation(
+ &op_response.iOperation.unwrap()
+ ))
+ );
+
+ delete_app_key(&keystore2, alias).unwrap();
}
-/// Generate RSA signing key with -
-/// Padding mode: RSA_PSS
-/// Digest mode: `NONE`.
-/// Try to create an operation with this generated key. Test should fail to create an operation with
-/// `INCOMPATIBLE_DIGEST` error code.
-#[test]
-fn keystore2_rsa_generate_signing_key_padding_pss_fail() {
+/// Generate RSA signing key with given parameters and try to perform signing operation.
+/// Error `INCOMPATIBLE_DIGEST | UNKNOWN_ERROR` is expected while creating an opearation.
+fn perform_rsa_sign_key_op_failure(digest: Digest, alias: &str, padding: PaddingMode) {
let keystore2 = get_keystore_service();
let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
- let key_sizes = [2048, 3072, 4096];
+ let result = key_generations::map_ks_error(create_rsa_key_and_operation(
+ &sec_level,
+ Domain::APP,
+ -1,
+ Some(alias.to_string()),
+ &key_generations::KeyParams {
+ key_size: 2048,
+ purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
+ padding: Some(padding),
+ digest: Some(digest),
+ mgf_digest: None,
+ block_mode: None,
+ att_challenge: None,
+ att_app_id: None,
+ },
+ KeyPurpose::SIGN,
+ ForcedOp(false),
+ ));
+ assert!(result.is_err());
- for key_size in key_sizes {
- let alias = format!("ks_rsa_pss_none_key_test_{}{}", getuid(), key_size);
- let result = key_generations::map_ks_error(create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
- padding: Some(PaddingMode::RSA_PSS),
- digest: Some(Digest::NONE),
- mgf_digest: None,
- block_mode: None,
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::SIGN,
- ForcedOp(false),
- ));
- assert!(result.is_err());
- assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_DIGEST), result.unwrap_err());
+ if has_trusty_keymint() {
+ assert_eq!(result.unwrap_err(), Error::Km(ErrorCode::UNKNOWN_ERROR));
+ } else {
+ assert_eq!(result.unwrap_err(), Error::Km(ErrorCode::INCOMPATIBLE_DIGEST));
}
-}
-
-/// Generate RSA signing key with -
-/// Padding mode: `NONE`
-/// Digest mode `NONE`
-/// Try to create an operation with this generated key. Test should create an operation successfully.
-#[test]
-fn keystore2_rsa_generate_signing_key_padding_none_success() {
- let keystore2 = get_keystore_service();
- let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
-
- let key_sizes = [2048, 3072, 4096];
- for key_size in key_sizes {
- let alias = format!("ks_rsa_pad_none_key_test_{}{}", getuid(), key_size);
- let op_response = create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
- padding: Some(PaddingMode::NONE),
- digest: Some(Digest::NONE),
- mgf_digest: None,
- block_mode: None,
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::SIGN,
- ForcedOp(false),
- )
- .unwrap();
-
- assert!(op_response.iOperation.is_some());
- assert_eq!(
- Ok(()),
- key_generations::map_ks_error(perform_sample_sign_operation(
- &op_response.iOperation.unwrap()
- ))
- );
- }
+ delete_app_key(&keystore2, alias).unwrap();
}
-/// Generate RSA signing keys with -
-/// Padding mode: `NONE`
-/// Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
-/// Create operations with these generated keys. Test should fail to create operations with
-/// an error code `UNKNOWN_ERROR`.
-#[test]
-fn keystore2_rsa_generate_signing_key_padding_none_fail() {
+/// Generate RSA encrypt/decrypt key with given parameters and perform decrypt operation.
+fn create_rsa_encrypt_decrypt_key_op_success(
+ digest: Option<Digest>,
+ key_size: i32,
+ alias: &str,
+ padding: PaddingMode,
+ mgf_digest: Option<Digest>,
+ block_mode: Option<BlockMode>,
+) {
let keystore2 = get_keystore_service();
let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
- let digests = [
- Digest::MD5,
- Digest::SHA1,
- Digest::SHA_2_224,
- Digest::SHA_2_256,
- Digest::SHA_2_384,
- Digest::SHA_2_512,
- ];
-
- let key_sizes = [2048, 3072, 4096];
-
- for key_size in key_sizes {
- for digest in digests {
- let alias = format!("ks_rsa_key_test_{}{}{}", getuid(), key_size, digest.0);
- let result = key_generations::map_ks_error(create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
- padding: Some(PaddingMode::NONE),
- digest: Some(digest),
- mgf_digest: None,
- block_mode: None,
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::SIGN,
- ForcedOp(false),
- ));
- assert!(result.is_err());
- assert_eq!(Error::Km(ErrorCode::UNKNOWN_ERROR), result.unwrap_err());
- }
- }
-}
+ let result = create_rsa_key_and_operation(
+ &sec_level,
+ Domain::APP,
+ -1,
+ Some(alias.to_string()),
+ &key_generations::KeyParams {
+ key_size,
+ purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
+ padding: Some(padding),
+ digest,
+ mgf_digest,
+ block_mode,
+ att_challenge: None,
+ att_app_id: None,
+ },
+ KeyPurpose::DECRYPT,
+ ForcedOp(false),
+ );
-/// Generate RSA keys with -
-/// Padding Mode: `RSA_OAEP`
-/// Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
-/// mgf-digests: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
-/// Create a decrypt operations using generated keys. Test should create operations successfully.
-#[test]
-fn keystore2_rsa_generate_key_with_oaep_padding_success() {
- let keystore2 = get_keystore_service();
- let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
+ assert!(result.is_ok());
- let digests = [
- Digest::MD5,
- Digest::SHA1,
- Digest::SHA_2_224,
- Digest::SHA_2_256,
- Digest::SHA_2_384,
- Digest::SHA_2_512,
- ];
-
- let mgf_digests = [
- Digest::MD5,
- Digest::SHA1,
- Digest::SHA_2_224,
- Digest::SHA_2_256,
- Digest::SHA_2_384,
- Digest::SHA_2_512,
- ];
-
- let key_sizes = [2048, 3072, 4096];
-
- for key_size in key_sizes {
- for digest in digests {
- for mgf_digest in mgf_digests {
- let alias =
- format!("ks_rsa_key_pair_oaep_test_{}{}{}", getuid(), key_size, digest.0);
- let result = create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
- padding: Some(PaddingMode::RSA_OAEP),
- digest: Some(digest),
- mgf_digest: Some(mgf_digest),
- block_mode: Some(BlockMode::ECB),
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::DECRYPT,
- ForcedOp(false),
- );
- assert!(result.is_ok());
- } // End of mgf-digests.
- } // End of digests.
- } // End of key-sizes.
+ delete_app_key(&keystore2, alias).unwrap();
}
-/// Generate RSA keys with -
-/// Padding mode: `RSA_OAEP`
-/// Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
-/// Create a decrypt operations using generated keys. Test should create operations successfully.
+// Below macros generate tests for generating RSA signing keys with -
+// Padding mode: RSA_PKCS1_1_5_SIGN
+// Digest modes: `NONE, MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
+// and create operations with generated keys. Tests should create operations successfully.
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_none_2048,
+ Digest::NONE,
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_md5_2048,
+ Digest::MD5,
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha1_2048,
+ Digest::SHA1,
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha224_2048,
+ Digest::SHA_2_224,
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha256_2048,
+ Digest::SHA_2_256,
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha384_2048,
+ Digest::SHA_2_384,
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha512_2048,
+ Digest::SHA_2_512,
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_none_3072,
+ Digest::NONE,
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_md5_3072,
+ Digest::MD5,
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha1_3072,
+ Digest::SHA1,
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha224_3072,
+ Digest::SHA_2_224,
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha256_3072,
+ Digest::SHA_2_256,
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha384_3072,
+ Digest::SHA_2_384,
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha512_3072,
+ Digest::SHA_2_512,
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_none_4096,
+ Digest::NONE,
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_md5_4096,
+ Digest::MD5,
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha1_4096,
+ Digest::SHA1,
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha224_4096,
+ Digest::SHA_2_224,
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha256_4096,
+ Digest::SHA_2_256,
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha384_4096,
+ Digest::SHA_2_384,
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+test_rsa_sign_key_op!(
+ sign_key_pkcs1_1_5_sha512_4096,
+ Digest::SHA_2_512,
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_SIGN
+);
+
+// Below macros generate tests for generating RSA signing keys with -
+// Padding mode: RSA_PSS
+// Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
+// and create operations with generated keys. Tests should create operations
+// successfully.
+test_rsa_sign_key_op!(sign_key_pss_md5_2048, Digest::MD5, 2048, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha1_2048, Digest::SHA1, 2048, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha224_2048, Digest::SHA_2_224, 2048, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha256_2048, Digest::SHA_2_256, 2048, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha384_2048, Digest::SHA_2_384, 2048, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha512_2048, Digest::SHA_2_512, 2048, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_md5_3072, Digest::MD5, 3072, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha1_3072, Digest::SHA1, 3072, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha224_3072, Digest::SHA_2_224, 3072, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha256_3072, Digest::SHA_2_256, 3072, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha384_3072, Digest::SHA_2_384, 3072, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha512_3072, Digest::SHA_2_512, 3072, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_md5_4096, Digest::MD5, 4096, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha1_4096, Digest::SHA1, 4096, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha224_4096, Digest::SHA_2_224, 4096, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha256_4096, Digest::SHA_2_256, 4096, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha384_4096, Digest::SHA_2_384, 4096, PaddingMode::RSA_PSS);
+test_rsa_sign_key_op!(sign_key_pss_sha512_4096, Digest::SHA_2_512, 4096, PaddingMode::RSA_PSS);
+
+// Below macros generate tests for generating RSA signing keys with -
+// Padding mode: `NONE`
+// Digest mode `NONE`
+// and try to create operations with generated keys. Tests should create operations
+// successfully.
+test_rsa_sign_key_op!(sign_key_none_none_2048, Digest::NONE, 2048, PaddingMode::NONE);
+test_rsa_sign_key_op!(sign_key_none_none_3072, Digest::NONE, 3072, PaddingMode::NONE);
+test_rsa_sign_key_op!(sign_key_none_none_4096, Digest::NONE, 4096, PaddingMode::NONE);
+
+// Below macros generate tests for generating RSA signing keys with -
+// Padding mode: `NONE`
+// Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
+// and create operations with generated keys. Tests should fail to create operations with
+// an error code `UNKNOWN_ERROR | INCOMPATIBLE_DIGEST`.
+test_rsa_sign_key_op!(sign_key_none_md5_2048, Digest::MD5, PaddingMode::NONE);
+test_rsa_sign_key_op!(sign_key_none_sha1_2048, Digest::SHA1, PaddingMode::NONE);
+test_rsa_sign_key_op!(sign_key_none_sha224_2048, Digest::SHA_2_224, PaddingMode::NONE);
+test_rsa_sign_key_op!(sign_key_none_sha256_2048, Digest::SHA_2_256, PaddingMode::NONE);
+test_rsa_sign_key_op!(sign_key_none_sha384_2048, Digest::SHA_2_384, PaddingMode::NONE);
+test_rsa_sign_key_op!(sign_key_none_sha512_2048, Digest::SHA_2_512, PaddingMode::NONE);
+
+// Below macros generate tests for generating RSA encryption keys with various digest mode
+// and padding mode combinations.
+// Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
+// Padding modes: `NONE, RSA_PKCS1_1_5_ENCRYPT`
+// and try to create operations using generated keys, tests should create operations successfully.
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_none_2048,
+ Some(Digest::NONE),
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_md5_2048,
+ Some(Digest::MD5),
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha1_2048,
+ Some(Digest::SHA1),
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha224_2048,
+ Some(Digest::SHA_2_224),
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha256_2048,
+ Some(Digest::SHA_2_256),
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha384_2048,
+ Some(Digest::SHA_2_384),
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha512_2048,
+ Some(Digest::SHA_2_512),
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_none_3072,
+ Some(Digest::NONE),
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_md5_3072,
+ Some(Digest::MD5),
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha1_3072,
+ Some(Digest::SHA1),
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha224_3072,
+ Some(Digest::SHA_2_224),
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha256_3072,
+ Some(Digest::SHA_2_256),
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha384_3072,
+ Some(Digest::SHA_2_384),
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha512_3072,
+ Some(Digest::SHA_2_512),
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_none_4096,
+ Some(Digest::NONE),
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_md5_4096,
+ Some(Digest::MD5),
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha1_4096,
+ Some(Digest::SHA1),
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha224_4096,
+ Some(Digest::SHA_2_224),
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha256_4096,
+ Some(Digest::SHA_2_256),
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha384_4096,
+ Some(Digest::SHA_2_384),
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_sha512_4096,
+ Some(Digest::SHA_2_512),
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT
+);
+test_rsa_encrypt_key_op!(encrypt_key_none_none_2048, Some(Digest::NONE), 2048, PaddingMode::NONE);
+test_rsa_encrypt_key_op!(encrypt_key_none_md5_2048, Some(Digest::MD5), 2048, PaddingMode::NONE);
+test_rsa_encrypt_key_op!(encrypt_key_none_sha1_2048, Some(Digest::SHA1), 2048, PaddingMode::NONE);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha224_2048,
+ Some(Digest::SHA_2_224),
+ 2048,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha256_2048,
+ Some(Digest::SHA_2_256),
+ 2048,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha384_2048,
+ Some(Digest::SHA_2_384),
+ 2048,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha512_2048,
+ Some(Digest::SHA_2_512),
+ 2048,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(encrypt_key_none_none_3072, Some(Digest::NONE), 3072, PaddingMode::NONE);
+test_rsa_encrypt_key_op!(encrypt_key_none_md5_3072, Some(Digest::MD5), 3072, PaddingMode::NONE);
+test_rsa_encrypt_key_op!(encrypt_key_none_sha1_3072, Some(Digest::SHA1), 3072, PaddingMode::NONE);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha224_3072,
+ Some(Digest::SHA_2_224),
+ 3072,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha256_3072,
+ Some(Digest::SHA_2_256),
+ 3072,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha384_3072,
+ Some(Digest::SHA_2_384),
+ 3072,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha512_3072,
+ Some(Digest::SHA_2_512),
+ 3072,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(encrypt_key_none_none_4096, Some(Digest::NONE), 4096, PaddingMode::NONE);
+test_rsa_encrypt_key_op!(encrypt_key_none_md5_4096, Some(Digest::MD5), 4096, PaddingMode::NONE);
+test_rsa_encrypt_key_op!(encrypt_key_none_sha1_4096, Some(Digest::SHA1), 4096, PaddingMode::NONE);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha224_4096,
+ Some(Digest::SHA_2_224),
+ 4096,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha256_4096,
+ Some(Digest::SHA_2_256),
+ 4096,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha384_4096,
+ Some(Digest::SHA_2_384),
+ 4096,
+ PaddingMode::NONE
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_none_sha512_4096,
+ Some(Digest::SHA_2_512),
+ 4096,
+ PaddingMode::NONE
+);
+
+// Below macros generate tests for generating RSA keys with -
+// Padding Mode: `RSA_OAEP`
+// Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
+// mgf-digests: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
+// and create a decrypt operations using generated keys. Tests should create operations
+// successfully.
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_md5_2048,
+ Some(Digest::MD5),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha1_2048,
+ Some(Digest::MD5),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha224_2048,
+ Some(Digest::MD5),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha256_2048,
+ Some(Digest::MD5),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha384_2048,
+ Some(Digest::MD5),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha512_2048,
+ Some(Digest::MD5),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_md5_2048,
+ Some(Digest::SHA1),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha1_2048,
+ Some(Digest::SHA1),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha224_2048,
+ Some(Digest::SHA1),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha256_2048,
+ Some(Digest::SHA1),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha384_2048,
+ Some(Digest::SHA1),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha512_2048,
+ Some(Digest::SHA1),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_md5_2048,
+ Some(Digest::SHA_2_224),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha1_2048,
+ Some(Digest::SHA_2_224),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha224_2048,
+ Some(Digest::SHA_2_224),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha256_2048,
+ Some(Digest::SHA_2_224),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha384_2048,
+ Some(Digest::SHA_2_224),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha512_2048,
+ Some(Digest::SHA_2_224),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_md5_2048,
+ Some(Digest::SHA_2_256),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha1_2048,
+ Some(Digest::SHA_2_256),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha224_2048,
+ Some(Digest::SHA_2_256),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha256_2048,
+ Some(Digest::SHA_2_256),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha384_2048,
+ Some(Digest::SHA_2_256),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha512_2048,
+ Some(Digest::SHA_2_256),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_md5_2048,
+ Some(Digest::SHA_2_384),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha1_2048,
+ Some(Digest::SHA_2_384),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha224_2048,
+ Some(Digest::SHA_2_384),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha256_2048,
+ Some(Digest::SHA_2_384),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha384_2048,
+ Some(Digest::SHA_2_384),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha512_2048,
+ Some(Digest::SHA_2_384),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_md5_2048,
+ Some(Digest::SHA_2_512),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha1_2048,
+ Some(Digest::SHA_2_512),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha224_2048,
+ Some(Digest::SHA_2_512),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha256_2048,
+ Some(Digest::SHA_2_512),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha384_2048,
+ Some(Digest::SHA_2_512),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha512_2048,
+ Some(Digest::SHA_2_512),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_md5_3072,
+ Some(Digest::MD5),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha1_3072,
+ Some(Digest::MD5),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha224_3072,
+ Some(Digest::MD5),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha256_3072,
+ Some(Digest::MD5),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha384_3072,
+ Some(Digest::MD5),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha512_3072,
+ Some(Digest::MD5),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_md5_3072,
+ Some(Digest::SHA1),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha1_3072,
+ Some(Digest::SHA1),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha224_3072,
+ Some(Digest::SHA1),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha256_3072,
+ Some(Digest::SHA1),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha384_3072,
+ Some(Digest::SHA1),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha512_3072,
+ Some(Digest::SHA1),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_md5_3072,
+ Some(Digest::SHA_2_224),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha1_3072,
+ Some(Digest::SHA_2_224),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha224_3072,
+ Some(Digest::SHA_2_224),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha256_3072,
+ Some(Digest::SHA_2_224),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha384_3072,
+ Some(Digest::SHA_2_224),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha512_3072,
+ Some(Digest::SHA_2_224),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_md5_3072,
+ Some(Digest::SHA_2_256),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha1_3072,
+ Some(Digest::SHA_2_256),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha224_3072,
+ Some(Digest::SHA_2_256),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha256_3072,
+ Some(Digest::SHA_2_256),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha384_3072,
+ Some(Digest::SHA_2_256),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha512_3072,
+ Some(Digest::SHA_2_256),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_md5_3072,
+ Some(Digest::SHA_2_384),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha1_3072,
+ Some(Digest::SHA_2_384),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha224_3072,
+ Some(Digest::SHA_2_384),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha256_3072,
+ Some(Digest::SHA_2_384),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha384_3072,
+ Some(Digest::SHA_2_384),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha512_3072,
+ Some(Digest::SHA_2_384),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_md5_3072,
+ Some(Digest::SHA_2_512),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha1_3072,
+ Some(Digest::SHA_2_512),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha224_3072,
+ Some(Digest::SHA_2_512),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha256_3072,
+ Some(Digest::SHA_2_512),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha384_3072,
+ Some(Digest::SHA_2_512),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha512_3072,
+ Some(Digest::SHA_2_512),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_md5_4096,
+ Some(Digest::MD5),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha1_4096,
+ Some(Digest::MD5),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha224_4096,
+ Some(Digest::MD5),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha256_4096,
+ Some(Digest::MD5),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha384_4096,
+ Some(Digest::MD5),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_sha512_4096,
+ Some(Digest::MD5),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_md5_4096,
+ Some(Digest::SHA1),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha1_4096,
+ Some(Digest::SHA1),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha224_4096,
+ Some(Digest::SHA1),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha256_4096,
+ Some(Digest::SHA1),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha384_4096,
+ Some(Digest::SHA1),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_sha512_4096,
+ Some(Digest::SHA1),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_md5_4096,
+ Some(Digest::SHA_2_224),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha1_4096,
+ Some(Digest::SHA_2_224),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha224_4096,
+ Some(Digest::SHA_2_224),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha256_4096,
+ Some(Digest::SHA_2_224),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha384_4096,
+ Some(Digest::SHA_2_224),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_sha512_4096,
+ Some(Digest::SHA_2_224),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_md5_4096,
+ Some(Digest::SHA_2_256),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha1_4096,
+ Some(Digest::SHA_2_256),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha224_4096,
+ Some(Digest::SHA_2_256),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha256_4096,
+ Some(Digest::SHA_2_256),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha384_4096,
+ Some(Digest::SHA_2_256),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_sha512_4096,
+ Some(Digest::SHA_2_256),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_md5_4096,
+ Some(Digest::SHA_2_384),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha1_4096,
+ Some(Digest::SHA_2_384),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha224_4096,
+ Some(Digest::SHA_2_384),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha256_4096,
+ Some(Digest::SHA_2_384),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha384_4096,
+ Some(Digest::SHA_2_384),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_sha512_4096,
+ Some(Digest::SHA_2_384),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_md5_4096,
+ Some(Digest::SHA_2_512),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::MD5)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha1_4096,
+ Some(Digest::SHA_2_512),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA1)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha224_4096,
+ Some(Digest::SHA_2_512),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_224)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha256_4096,
+ Some(Digest::SHA_2_512),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_256)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha384_4096,
+ Some(Digest::SHA_2_512),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_384)
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_sha512_4096,
+ Some(Digest::SHA_2_512),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ Some(Digest::SHA_2_512)
+);
+
+// Below macros generate tests for generating RSA keys with -
+// Padding mode: `RSA_OAEP`
+// Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
+// and create a decrypt operations using generated keys. Tests should create operations
+// successfully.
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_no_mgf_2048,
+ Some(Digest::MD5),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_no_mgf_2048,
+ Some(Digest::SHA1),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_no_mgf_2048,
+ Some(Digest::SHA_2_224),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_no_mgf_2048,
+ Some(Digest::SHA_2_256),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_no_mgf_2048,
+ Some(Digest::SHA_2_384),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_no_mgf_2048,
+ Some(Digest::SHA_2_512),
+ 2048,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_no_mgf_3072,
+ Some(Digest::MD5),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_no_mgf_3072,
+ Some(Digest::SHA1),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_no_mgf_3072,
+ Some(Digest::SHA_2_224),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_no_mgf_3072,
+ Some(Digest::SHA_2_256),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_no_mgf_3072,
+ Some(Digest::SHA_2_384),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_no_mgf_3072,
+ Some(Digest::SHA_2_512),
+ 3072,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_md5_no_mgf_4096,
+ Some(Digest::MD5),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha1_no_mgf_4096,
+ Some(Digest::SHA1),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha224_no_mgf_4096,
+ Some(Digest::SHA_2_224),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha256_no_mgf_4096,
+ Some(Digest::SHA_2_256),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha384_no_mgf_4096,
+ Some(Digest::SHA_2_384),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_oaep_sha512_no_mgf_4096,
+ Some(Digest::SHA_2_512),
+ 4096,
+ PaddingMode::RSA_OAEP,
+ None
+);
+
+// Below macros generate tests for generating RSA encryption keys with only padding modes.
+// Padding modes: `NONE, RSA_PKCS1_1_5_ENCRYPT`
+// and try to create operations using generated keys, tests should create operations
+// successfully.
+test_rsa_encrypt_key_op!(encrypt_key_none_pad_2048, None, 2048, PaddingMode::NONE, None);
+test_rsa_encrypt_key_op!(encrypt_key_none_pad_3072, None, 3072, PaddingMode::NONE, None);
+test_rsa_encrypt_key_op!(encrypt_key_none_pad_4096, None, 4096, PaddingMode::NONE, None);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_pad_2048,
+ None,
+ 2048,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_pad_3072,
+ None,
+ 3072,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
+ None
+);
+test_rsa_encrypt_key_op!(
+ encrypt_key_pkcs1_1_5_pad_4096,
+ None,
+ 4096,
+ PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
+ None
+);
+
+/// Generate RSA signing key with -
+/// Padding mode: RSA_PSS
+/// Digest mode: `NONE`.
+/// Try to create an operation with this generated key. Test should fail to create an operation with
+/// `INCOMPATIBLE_DIGEST` error code.
#[test]
-fn keystore2_rsa_generate_key_with_oaep_padding_and_digests_success() {
+fn keystore2_rsa_generate_signing_key_padding_pss_fail() {
let keystore2 = get_keystore_service();
let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
- let digests = [
- Digest::MD5,
- Digest::SHA1,
- Digest::SHA_2_224,
- Digest::SHA_2_256,
- Digest::SHA_2_384,
- Digest::SHA_2_512,
- ];
-
- let key_sizes = [2048, 3072, 4096];
-
- for key_size in key_sizes {
- for digest in digests {
- let alias = format!("ks_rsa_key_pair_oaep_test_{}{}{}", getuid(), key_size, digest.0);
- let result = create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
- padding: Some(PaddingMode::RSA_OAEP),
- digest: Some(digest),
- mgf_digest: None,
- block_mode: Some(BlockMode::ECB),
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::DECRYPT,
- ForcedOp(false),
- );
- assert!(result.is_ok());
- } // End of digests.
- } // End of key-sizes.
+ let alias = "ks_rsa_pss_none_key_op_test";
+ let result = key_generations::map_ks_error(create_rsa_key_and_operation(
+ &sec_level,
+ Domain::APP,
+ -1,
+ Some(alias.to_string()),
+ &key_generations::KeyParams {
+ key_size: 2048,
+ purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
+ padding: Some(PaddingMode::RSA_PSS),
+ digest: Some(Digest::NONE),
+ mgf_digest: None,
+ block_mode: None,
+ att_challenge: None,
+ att_app_id: None,
+ },
+ KeyPurpose::SIGN,
+ ForcedOp(false),
+ ));
+ assert!(result.is_err());
+ assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_DIGEST), result.unwrap_err());
}
/// Generate RSA encryption key with -
@@ -412,122 +1578,28 @@ fn keystore2_rsa_generate_key_with_oaep_padding_fail() {
let keystore2 = get_keystore_service();
let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
- let key_sizes = [2048, 3072, 4096];
-
- for key_size in key_sizes {
- let alias = format!("ks_rsa_key_padding_{}{}", getuid(), key_size);
- let result = key_generations::map_ks_error(create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
- padding: Some(PaddingMode::RSA_OAEP),
- digest: Some(Digest::NONE),
- mgf_digest: None,
- block_mode: None,
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::DECRYPT,
- ForcedOp(false),
- ));
-
- assert!(result.is_err());
- assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_DIGEST), result.unwrap_err());
- }
-}
-
-/// Generate RSA encryption keys with various digest mode and padding mode combinations.
-/// Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
-/// Padding modes: `NONE, RSA_PKCS1_1_5_ENCRYPT`
-/// Try to create operations using generated keys, test should create operations successfully.
-#[test]
-fn keystore2_rsa_generate_keys_with_digest_paddings() {
- let keystore2 = get_keystore_service();
- let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
-
- let digests = [
- Digest::NONE,
- Digest::MD5,
- Digest::SHA1,
- Digest::SHA_2_224,
- Digest::SHA_2_256,
- Digest::SHA_2_384,
- Digest::SHA_2_512,
- ];
-
- let paddings = [PaddingMode::NONE, PaddingMode::RSA_PKCS1_1_5_ENCRYPT];
-
- let key_sizes = [2048, 3072, 4096];
-
- for key_size in key_sizes {
- for digest in digests {
- for padding in paddings {
- let alias = format!("ks_rsa_key_padding_{}{}{}", getuid(), key_size, digest.0);
- let result = key_generations::map_ks_error(create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
- padding: Some(padding),
- digest: Some(digest),
- mgf_digest: None,
- block_mode: None,
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::DECRYPT,
- ForcedOp(false),
- ));
-
- assert!(result.is_ok());
- } // End of paddings.
- } // End of digests.
- } // End of key-sizes.
-}
-
-/// Generate RSA encryption keys with only padding modes.
-/// Padding modes: `NONE, RSA_PKCS1_1_5_ENCRYPT`
-/// Try to create operations using generated keys, test should create operations successfully.
-#[test]
-fn keystore2_rsa_generate_keys_with_paddings() {
- let keystore2 = get_keystore_service();
- let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
+ let alias = "ks_rsa_key_oaep_padding_fail_test";
+ let result = key_generations::map_ks_error(create_rsa_key_and_operation(
+ &sec_level,
+ Domain::APP,
+ -1,
+ Some(alias.to_string()),
+ &key_generations::KeyParams {
+ key_size: 2048,
+ purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
+ padding: Some(PaddingMode::RSA_OAEP),
+ digest: Some(Digest::NONE),
+ mgf_digest: None,
+ block_mode: None,
+ att_challenge: None,
+ att_app_id: None,
+ },
+ KeyPurpose::DECRYPT,
+ ForcedOp(false),
+ ));
- let paddings = [PaddingMode::NONE, PaddingMode::RSA_PKCS1_1_5_ENCRYPT];
-
- let key_sizes = [2048, 3072, 4096];
-
- for key_size in key_sizes {
- for padding in paddings {
- let alias = format!("ks_rsa_key_padding_{}{}", getuid(), key_size);
- let result = create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
- padding: Some(padding),
- digest: None,
- mgf_digest: None,
- block_mode: None,
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::DECRYPT,
- ForcedOp(false),
- );
- assert!(result.is_ok());
- } // End of paddings.
- } // End of key-sizes.
+ assert!(result.is_err());
+ assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_DIGEST), result.unwrap_err());
}
/// Generate RSA keys without padding and digest modes. Try to create decrypt operation without
@@ -538,31 +1610,27 @@ fn keystore2_rsa_generate_keys() {
let keystore2 = get_keystore_service();
let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
- let key_sizes = [2048, 3072, 4096];
-
- for key_size in key_sizes {
- let alias = format!("ks_rsa_key_test_{}{}", getuid(), key_size);
- let result = key_generations::map_ks_error(create_rsa_key_and_operation(
- &sec_level,
- Domain::APP,
- -1,
- Some(alias.to_string()),
- &key_generations::KeyParams {
- key_size,
- purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
- padding: None,
- digest: None,
- mgf_digest: None,
- block_mode: None,
- att_challenge: None,
- att_app_id: None,
- },
- KeyPurpose::DECRYPT,
- ForcedOp(false),
- ));
- assert!(result.is_err());
- assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PADDING_MODE), result.unwrap_err());
- }
+ let alias = "ks_rsa_key_unsupport_padding_test";
+ let result = key_generations::map_ks_error(create_rsa_key_and_operation(
+ &sec_level,
+ Domain::APP,
+ -1,
+ Some(alias.to_string()),
+ &key_generations::KeyParams {
+ key_size: 2048,
+ purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
+ padding: None,
+ digest: None,
+ mgf_digest: None,
+ block_mode: None,
+ att_challenge: None,
+ att_app_id: None,
+ },
+ KeyPurpose::DECRYPT,
+ ForcedOp(false),
+ ));
+ assert!(result.is_err());
+ assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PADDING_MODE), result.unwrap_err());
}
/// Generate a RSA encryption key. Try to create a signing operation with it, an error
@@ -665,7 +1733,7 @@ fn keystore2_rsa_encrypt_key_unsupported_padding() {
let paddings = [PaddingMode::RSA_PKCS1_1_5_SIGN, PaddingMode::RSA_PSS];
for padding in paddings {
- let alias = format!("ks_rsa_key_test_4_{}{}", getuid(), padding.0);
+ let alias = format!("ks_rsa_encrypt_key_unsupported_pad_test{}", padding.0);
let result = key_generations::map_ks_error(create_rsa_key_and_operation(
&sec_level,
Domain::APP,
@@ -699,7 +1767,7 @@ fn keystore2_rsa_signing_key_unsupported_padding() {
let paddings = [PaddingMode::RSA_PKCS1_1_5_ENCRYPT, PaddingMode::RSA_OAEP];
for padding in paddings {
- let alias = format!("ks_rsa_key_test_4_{}{}", getuid(), padding.0);
+ let alias = format!("ks_rsa_sign_key_unsupported_pad_test_4_{}", padding.0);
let result = key_generations::map_ks_error(create_rsa_key_and_operation(
&sec_level,
Domain::APP,
diff --git a/keystore2/tests/keystore2_client_test_utils.rs b/keystore2/tests/keystore2_client_test_utils.rs
index 006f2f90..2f739b5c 100644
--- a/keystore2/tests/keystore2_client_test_utils.rs
+++ b/keystore2/tests/keystore2_client_test_utils.rs
@@ -23,7 +23,8 @@ use android_hardware_security_keymint::aidl::android::hardware::security::keymin
use android_system_keystore2::aidl::android::system::keystore2::{
CreateOperationResponse::CreateOperationResponse, Domain::Domain,
IKeystoreOperation::IKeystoreOperation, IKeystoreSecurityLevel::IKeystoreSecurityLevel,
- KeyDescriptor::KeyDescriptor, KeyParameters::KeyParameters, ResponseCode::ResponseCode,
+ IKeystoreService::IKeystoreService, KeyDescriptor::KeyDescriptor, KeyParameters::KeyParameters,
+ ResponseCode::ResponseCode,
};
use keystore2_test_utils::{
@@ -50,6 +51,11 @@ pub struct ForcedOp(pub bool);
/// Sample plain text input for encrypt operation.
pub const SAMPLE_PLAIN_TEXT: &[u8] = b"my message 11111";
+pub fn has_trusty_keymint() -> bool {
+ binder::is_declared("android.hardware.security.keymint.IKeyMintDevice/default")
+ .expect("Could not check for declared keymint interface")
+}
+
/// Generate a EC_P256 key using given domain, namespace and alias.
/// Create an operation using the generated key and perform sample signing operation.
pub fn create_signing_operation(
@@ -202,3 +208,16 @@ pub fn perform_sample_sym_key_decrypt_op(
let op = op_response.iOperation.unwrap();
op.finish(Some(input), None)
}
+
+/// Delete a key with domain APP.
+pub fn delete_app_key(
+ keystore2: &binder::Strong<dyn IKeystoreService>,
+ alias: &str,
+) -> binder::Result<()> {
+ keystore2.deleteKey(&KeyDescriptor {
+ domain: Domain::APP,
+ nspace: -1,
+ alias: Some(alias.to_string()),
+ blob: None,
+ })
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 02:08:27 +0000