add get_certifiactes, get_data, get_key and test cases

Change-Id: I0a0901f29b1bf53641493a4b5043a9bd4036e341
author: isaac2.lee <isaac2.lee@samsung.com> 2022-11-01 13:28:54 +0900
committer: isaac2.lee <isaac2.lee@samsung.com> 2022-11-01 14:48:11 +0900
commit: bb49645270b350deb97f0b846dc63e90a1b8e388 (patch)
tree: 82db49832d16b3aa8699435b66a3c1d1be880e11
parent: 91c6466d4ce13a523afc054b51f2ef3a90086062 (diff)
download: key-manager-se-backend-bb49645270b350deb97f0b846dc63e90a1b8e388.tar.gz
key-manager-se-backend-bb49645270b350deb97f0b846dc63e90a1b8e388.tar.bz2
key-manager-se-backend-bb49645270b350deb97f0b846dc63e90a1b8e388.zip
3 files changed, 217 insertions, 29 deletions
diff --git a/include/key-manager-se-backend.h b/include/key-manager-se-backend.h
index e121ff5..3583afb 100644
--- a/include/key-manager-se-backend.h
+++ b/include/key-manager-se-backend.h
@@ -286,7 +286,7 @@ kmsb_error_e kmsb_create_signature(const unsigned int key_idx,
 kmsb_error_e kmsb_verify_signature(const unsigned int key_idx,
                     const kmsb_sign_param_s *param,
                     const unsigned char *msg, const unsigned int msg_len,
-                    unsigned char *sig, unsigned int sig_len);
+                    const unsigned char *sig, const unsigned int sig_len);
 
 /*
  * @brief   Get a key value from SE
@@ -307,7 +307,7 @@ kmsb_error_e kmsb_verify_signature(const unsigned int key_idx,
  *             - KMSB_ERROR_NOT_SUPPORTED: when this operation is not supported
  *             - KMSB_ERROR_OPERATION_FAILED: when operation fails with unknown reason
  */
-int kmsb_get_key(const unsigned int key_idx, unsigned char **output, unsigned int *output_len);
+kmsb_error_e kmsb_get_key(const unsigned int key_idx, unsigned char **output, unsigned int *output_len);
 
 /*
  * @brief   Get a certificate value from SE
@@ -327,7 +327,7 @@ int kmsb_get_key(const unsigned int key_idx, unsigned char **output, unsigned in
  *             - KMSB_ERROR_NOT_SUPPORTED: when this operation is not supported
  *             - KMSB_ERROR_OPERATION_FAILED: when operation fails with unknown reason
  */
-int kmsb_get_certificate(const unsigned int cert_idx, unsigned char **output, unsigned int *output_len);
+kmsb_error_e kmsb_get_certificate(const unsigned int cert_idx, unsigned char **output, unsigned int *output_len);
 
 /*
  * @brief   Get a data value from SE
@@ -345,7 +345,7 @@ int kmsb_get_certificate(const unsigned int cert_idx, unsigned char **output, un
  *             - KMSB_ERROR_NOT_SUPPORTED: when this operation is not supported
  *             - KMSB_ERROR_OPERATION_FAILED: when operation fails with unknown reason
  */
-int kmsb_get_data(const unsigned int data_idx, unsigned char **output, unsigned int *output_len);
+kmsb_error_e kmsb_get_data(const unsigned int data_idx, unsigned char **output, unsigned int *output_len);
 
 #ifdef __cplusplus
 }
diff --git a/srcs/km_se_backend.c b/srcs/km_se_backend.c
index bac3a15..480fa17 100644
--- a/srcs/km_se_backend.c
+++ b/srcs/km_se_backend.c
@@ -50,6 +50,26 @@ enum {
 #define MAX_SLOT_INDEX  8
 
 static unsigned char *KEY_ARRAY[MAX_SLOT_INDEX] = {NULL,};
+static unsigned char CERT_ARRAY[MAX_SLOT_INDEX][1244] =
+    {"MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw" \
+    "EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD" \
+    "VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy" \
+    "MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ" \
+    "MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN" \
+    "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1" \
+    "2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm" \
+    "6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x" \
+    "54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY" \
+    "+Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID" \
+    "AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1" \
+    "PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ" \
+    "51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy" \
+    "9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU" \
+    "wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7" \
+    "7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK" \
+    "kOg11TpPdNDkhb1J4ZCh2gupDg==",};
+static unsigned char DATA_ARRAY[MAX_SLOT_INDEX][1000] =
+    {"My secret data",};
 
 const size_t DBP_KEY_SIZE = 32;
 const size_t AES_KEY_SIZE = 32;
@@ -67,6 +87,7 @@ const int32_t OPENSSL_SUCCESS = 1;
     if (buf) free(buf); \
     return result; \
     }
+
 //################################################################################
 // For Supporting Key Manager DB Encryption with SE Key
 //################################################################################
@@ -150,7 +171,7 @@ static kmsb_error_e generate_aes_key(const unsigned int key_idx,
     return KMSB_ERROR_NONE;
 }
 
-static kmsb_error_e generate_ecdsa_key(const unsigned int key_idx, 
+static kmsb_error_e generate_ecdsa_key(const unsigned int key_idx,
                         kmsb_ec_type_e ec, const bool delete_old)
 {
     if (!delete_old && KEY_ARRAY[key_idx])
@@ -226,7 +247,7 @@ static kmsb_error_e aes_gcm_encrypt(EVP_CIPHER_CTX *ctx, kmsb_aes_param_s *param
     if (!buf) return KMSB_ERROR_OUT_OF_MEMORY;
 
     /*
-     * Set Padding zero forcely, with our concept, there should be no padding 
+     * Set Padding zero forcely, with our concept, there should be no padding
      * to increase buffer size.
      */
     if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
@@ -285,7 +306,7 @@ static kmsb_error_e aes_gcm_decrypt(EVP_CIPHER_CTX *ctx, kmsb_aes_param_s *param
     buf = calloc(clen, sizeof(unsigned char));
     if (!buf) return KMSB_ERROR_OUT_OF_MEMORY;
     /*
-     * Set Padding zero forcely, with our concept, there should be no padding 
+     * Set Padding zero forcely, with our concept, there should be no padding
      * to increase buffer size.
      */
     if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
@@ -327,7 +348,8 @@ kmsb_error_e kmsb_aes_encrypt(const unsigned int key_idx,
                     unsigned char **output, unsigned int *output_len)
 {
     // check the input parameters
-    if (input == NULL ||
+    if (key_idx >= MAX_SLOT_INDEX ||
+        input == NULL ||
         input_len == 0 ||
         output == NULL ||
         output_len == NULL ||
@@ -370,7 +392,7 @@ kmsb_error_e kmsb_aes_encrypt(const unsigned int key_idx,
     if (!buf) return KMSB_ERROR_OUT_OF_MEMORY;
 
     /*
-     * Set Padding zero forcely, with our concept, there should be no padding 
+     * Set Padding zero forcely, with our concept, there should be no padding
      * to increase buffer size.
      */
     if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
@@ -403,7 +425,8 @@ kmsb_error_e kmsb_aes_decrypt(const unsigned int key_idx,
                     unsigned char **output, unsigned int *output_len)
 {
     // check the input parameters
-    if (input == NULL ||
+    if (key_idx >= MAX_SLOT_INDEX ||
+        input == NULL ||
         input_len == 0 ||
         output == NULL ||
         output_len == NULL ||
@@ -446,7 +469,7 @@ kmsb_error_e kmsb_aes_decrypt(const unsigned int key_idx,
     if (!buf) return KMSB_ERROR_OUT_OF_MEMORY;
 
     /*
-     * Set Padding zero forcely, with our concept, there should be no padding 
+     * Set Padding zero forcely, with our concept, there should be no padding
      * to increase buffer size.
      */
     if (OPENSSL_SUCCESS != EVP_CIPHER_CTX_set_padding(ctx, 0))
@@ -495,7 +518,8 @@ kmsb_error_e kmsb_create_signature(const unsigned int key_idx,
                 unsigned char **sig, unsigned int *sig_len)
 {
     // check the input parameters
-    if (msg == NULL ||
+    if (key_idx >= MAX_SLOT_INDEX ||
+        msg == NULL ||
         msg_len == 0 ||
         sig == NULL ||
         sig_len == NULL)
@@ -545,10 +569,11 @@ kmsb_error_e kmsb_create_signature(const unsigned int key_idx,
 kmsb_error_e kmsb_verify_signature(const unsigned int key_idx,
                 const kmsb_sign_param_s *param,
                 const unsigned char *msg, const unsigned int msg_len,
-                unsigned char *sig, unsigned int sig_len)
+                const unsigned char *sig, const unsigned int sig_len)
 {
     // check the input parameters
-    if (msg == NULL ||
+    if (key_idx >= MAX_SLOT_INDEX ||
+        msg == NULL ||
         msg_len == 0 ||
         sig == NULL ||
         sig_len == 0)
@@ -582,26 +607,65 @@ kmsb_error_e kmsb_verify_signature(const unsigned int key_idx,
     return KMSB_ERROR_NONE;
 }
 
-int kmsb_get_key(const unsigned int key_idx, unsigned char **output, unsigned int *output_len)
+kmsb_error_e kmsb_get_key(const unsigned int key_idx, unsigned char **output, unsigned int *output_len)
 {
-    (void) key_idx;
-    (void) output;
-    (void) output_len;
-    return KMSB_ERROR_NOT_SUPPORTED;
+    if (key_idx >= MAX_SLOT_INDEX ||
+        output == NULL ||
+        output_len == NULL)
+        return KMSB_ERROR_INVALID_PARAMETER;
+
+    if (!KEY_ARRAY[key_idx])
+        return KMSB_ERROR_NO_KEY;
+
+    EVP_PKEY *pkey = (EVP_PKEY *)KEY_ARRAY[key_idx];
+
+    EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pkey);
+    if (!ec_key)
+        return KMSB_ERROR_OPERATION_FAILED;
+
+    *output_len = EC_POINT_point2buf(EC_KEY_get0_group(ec_key),
+                                 EC_KEY_get0_public_key(ec_key),
+                                 2, output, NULL);
+    if (!*output)
+        return KMSB_ERROR_OPERATION_FAILED;
+
+    return KMSB_ERROR_NONE;
 }
 
-int kmsb_get_certificate(const unsigned int cert_idx, unsigned char **output, unsigned int *output_len)
+/* warn: The cerification data should be pre-loaded in Secure element */
+kmsb_error_e kmsb_get_certificate(const unsigned int cert_idx, unsigned char **output, unsigned int *output_len)
 {
-    (void) cert_idx;
-    (void) output;
-    (void) output_len;
-    return KMSB_ERROR_NOT_SUPPORTED;
+    if (cert_idx >= MAX_SLOT_INDEX ||
+        output == NULL ||
+        output_len == NULL)
+        return KMSB_ERROR_INVALID_PARAMETER;
+
+    if (!CERT_ARRAY[cert_idx])
+        return KMSB_ERROR_OPERATION_FAILED;
+
+    *output_len = strlen((const char*)CERT_ARRAY[cert_idx]);
+    *output = calloc(*output_len, sizeof(unsigned char));
+    if (!*output) return KMSB_ERROR_OUT_OF_MEMORY;
+
+    memcpy(*output, CERT_ARRAY[cert_idx], *output_len);
+    return KMSB_ERROR_NONE;
 }
 
-int kmsb_get_data(const unsigned int data_idx, unsigned char **output, unsigned int *output_len)
+/* warn: The data should be pre-loaded securely in Secure element */
+kmsb_error_e kmsb_get_data(const unsigned int data_idx, unsigned char **output, unsigned int *output_len)
 {
-    (void) data_idx;
-    (void) output;
-    (void) output_len;
-    return KMSB_ERROR_NOT_SUPPORTED;
+    if (data_idx >= MAX_SLOT_INDEX ||
+        output == NULL ||
+        output_len == NULL)
+        return KMSB_ERROR_INVALID_PARAMETER;
+
+    if (!DATA_ARRAY[data_idx])
+        return KMSB_ERROR_OPERATION_FAILED;
+
+    *output_len = strlen((const char*)DATA_ARRAY[data_idx]);
+    *output = calloc(*output_len, sizeof(unsigned char));
+    if (!*output) return KMSB_ERROR_OUT_OF_MEMORY;
+
+    memcpy(*output, DATA_ARRAY[data_idx], *output_len);
+    return KMSB_ERROR_NONE;
 }
diff --git a/tests/test_cases.cpp b/tests/test_cases.cpp
index 087296a..561f99d 100644
--- a/tests/test_cases.cpp
+++ b/tests/test_cases.cpp
@@ -205,6 +205,8 @@ const int TEST_AES_KEY_IDX = 1;
 const int TEST_ECDSA_P192_KEY_IDX = 2;
 const int TEST_ECDSA_P256_KEY_IDX = 3;
 const int TEST_ECDSA_S384_KEY_IDX = 4;
+const int TEST_CERT_IDX = 0;
+const int TEST_DATA_IDX = 0;
 
 BOOST_AUTO_TEST_CASE(kmsb_aes_cbc_encrypt_p)
 {
@@ -952,6 +954,128 @@ BOOST_AUTO_TEST_CASE(kmsb_verify_signature_invalid_parameters_n)
     if (signature) free(signature);
 }
 
+BOOST_AUTO_TEST_CASE(kmsb_get_key_invalid_parameters_n)
+{
+    kmsb_error_e ret = KMSB_ERROR_NONE;
+    unsigned char *public_key = NULL;
+    unsigned int key_len = 0;
+    unsigned int key_idx = TEST_ECDSA_P256_KEY_IDX;
+
+    ret = kmsb_get_key(100, &public_key, &key_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+    ret = kmsb_get_key(key_idx, NULL, &key_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+    ret = kmsb_get_key(key_idx, &public_key, NULL);
+    BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+    if (public_key) free(public_key);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_key_p192_p)
+{
+    kmsb_error_e ret = KMSB_ERROR_NONE;
+    unsigned char *public_key = NULL;
+    unsigned int key_len = 0;
+    unsigned int key_idx = TEST_ECDSA_P192_KEY_IDX;
+
+    ret = kmsb_get_key(key_idx, &public_key, &key_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+    if (public_key) free(public_key);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_key_p256_n)
+{
+    kmsb_error_e ret = KMSB_ERROR_NONE;
+    unsigned char *public_key = NULL;
+    unsigned int key_len = 0;
+    unsigned int key_idx = TEST_ECDSA_P256_KEY_IDX;
+
+    ret = kmsb_get_key(key_idx, &public_key, &key_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+    if (public_key) free(public_key);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_key_secp384r1_n)
+{
+    kmsb_error_e ret = KMSB_ERROR_NONE;
+    unsigned char *public_key = NULL;
+    unsigned int key_len = 0;
+    unsigned int key_idx = TEST_ECDSA_S384_KEY_IDX;
+
+    ret = kmsb_get_key(key_idx, &public_key, &key_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+    if (public_key) free(public_key);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_certificate_invalid_parameters_n)
+{
+    kmsb_error_e ret = KMSB_ERROR_NONE;
+    unsigned char *certificate = NULL;
+    unsigned int cert_len = 0;
+    unsigned int cert_idx = TEST_CERT_IDX;
+
+    ret = kmsb_get_certificate(100, &certificate, &cert_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+    ret = kmsb_get_certificate(cert_idx, NULL, &cert_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+    ret = kmsb_get_certificate(cert_idx, &certificate, NULL);
+    BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+    if (certificate) free(certificate);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_certificate_p)
+{
+    kmsb_error_e ret = KMSB_ERROR_NONE;
+    unsigned char *certificate = NULL;
+    unsigned int cert_len = 0;
+    unsigned int cert_idx = TEST_CERT_IDX;
+
+    ret = kmsb_get_certificate(cert_idx, &certificate, &cert_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+    if (certificate) free(certificate);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_data_invalid_parameters_n)
+{
+    kmsb_error_e ret = KMSB_ERROR_NONE;
+    unsigned char *data = NULL;
+    unsigned int data_len = 0;
+    unsigned int data_idx = TEST_DATA_IDX;
+
+    ret = kmsb_get_data(100, &data, &data_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+    ret = kmsb_get_data(data_idx, NULL, &data_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+    ret = kmsb_get_data(data_idx, &data, NULL);
+    BOOST_REQUIRE(ret == KMSB_ERROR_INVALID_PARAMETER);
+
+    if (data) free(data);
+}
+
+BOOST_AUTO_TEST_CASE(kmsb_get_data_p)
+{
+    kmsb_error_e ret = KMSB_ERROR_NONE;
+    unsigned char *data = NULL;
+    unsigned int data_len = 0;
+    unsigned int data_idx = TEST_DATA_IDX;
+
+    ret = kmsb_get_data(data_idx, &data, &data_len);
+    BOOST_REQUIRE(ret == KMSB_ERROR_NONE);
+
+    if (data) free(data);
+}
+
 BOOST_AUTO_TEST_SUITE_END() // SE_EMUL
 
 BOOST_AUTO_TEST_SUITE_END() // USER
author	isaac2.lee <isaac2.lee@samsung.com>	2022-11-01 13:28:54 +0900
committer	isaac2.lee <isaac2.lee@samsung.com>	2022-11-01 14:48:11 +0900
commit	bb49645270b350deb97f0b846dc63e90a1b8e388 (patch)
tree	82db49832d16b3aa8699435b66a3c1d1be880e11
parent	91c6466d4ce13a523afc054b51f2ef3a90086062 (diff)
download	key-manager-se-backend-bb49645270b350deb97f0b846dc63e90a1b8e388.tar.gz key-manager-se-backend-bb49645270b350deb97f0b846dc63e90a1b8e388.tar.bz2 key-manager-se-backend-bb49645270b350deb97f0b846dc63e90a1b8e388.zip