1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
16 Digest::Digest, ErrorCode::ErrorCode, KeyPurpose::KeyPurpose, PaddingMode::PaddingMode,
17 SecurityLevel::SecurityLevel,
18 };
19 use android_system_keystore2::aidl::android::system::keystore2::{
20 CreateOperationResponse::CreateOperationResponse, Domain::Domain,
21 IKeystoreSecurityLevel::IKeystoreSecurityLevel,
22 };
23
24 use keystore2_test_utils::{
25 authorizations, get_keystore_service, key_generations, key_generations::Error,
26 };
27
28 use crate::keystore2_client_test_utils::{delete_app_key, perform_sample_sign_operation, ForcedOp};
29
30 /// This macro is used for creating signing key operation tests using digests and paddings
31 /// for various key sizes.
32 macro_rules! test_rsa_sign_key_op {
33 ( $test_name:ident, $digest:expr, $key_size:expr, $padding:expr ) => {
34 #[test]
35 fn $test_name() {
36 perform_rsa_sign_key_op_success($digest, $key_size, stringify!($test_name), $padding);
37 }
38 };
39
40 ( $test_name:ident, $digest:expr, $padding:expr ) => {
41 #[test]
42 fn $test_name() {
43 perform_rsa_sign_key_op_failure($digest, stringify!($test_name), $padding);
44 }
45 };
46 }
47
48 /// This macro is used for creating encrypt/decrypt key operation tests using digests, mgf-digests
49 /// and paddings for various key sizes.
50 macro_rules! test_rsa_encrypt_key_op {
51 ( $test_name:ident, $digest:expr, $key_size:expr, $padding:expr ) => {
52 #[test]
53 fn $test_name() {
54 create_rsa_encrypt_decrypt_key_op_success(
55 $digest,
56 $key_size,
57 stringify!($test_name),
58 $padding,
59 None,
60 );
61 }
62 };
63
64 ( $test_name:ident, $digest:expr, $key_size:expr, $padding:expr, $mgf_digest:expr ) => {
65 #[test]
66 fn $test_name() {
67 create_rsa_encrypt_decrypt_key_op_success(
68 $digest,
69 $key_size,
70 stringify!($test_name),
71 $padding,
72 $mgf_digest,
73 );
74 }
75 };
76 }
77
78 /// Generate a RSA key and create an operation using the generated key.
create_rsa_key_and_operation( sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>, domain: Domain, nspace: i64, alias: Option<String>, key_params: &key_generations::KeyParams, op_purpose: KeyPurpose, forced_op: ForcedOp, ) -> binder::Result<CreateOperationResponse>79 fn create_rsa_key_and_operation(
80 sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>,
81 domain: Domain,
82 nspace: i64,
83 alias: Option<String>,
84 key_params: &key_generations::KeyParams,
85 op_purpose: KeyPurpose,
86 forced_op: ForcedOp,
87 ) -> binder::Result<CreateOperationResponse> {
88 let key_metadata =
89 key_generations::generate_rsa_key(sec_level, domain, nspace, alias, key_params, None)?;
90
91 let mut op_params = authorizations::AuthSetBuilder::new().purpose(op_purpose);
92
93 if let Some(value) = key_params.digest {
94 op_params = op_params.digest(value)
95 }
96 if let Some(value) = key_params.padding {
97 op_params = op_params.padding_mode(value);
98 }
99 if let Some(value) = key_params.mgf_digest {
100 op_params = op_params.mgf_digest(value);
101 }
102 if let Some(value) = key_params.block_mode {
103 op_params = op_params.block_mode(value)
104 }
105
106 sec_level.createOperation(&key_metadata.key, &op_params, forced_op.0)
107 }
108
109 /// Generate RSA signing key with given parameters and perform signing operation.
perform_rsa_sign_key_op_success( digest: Digest, key_size: i32, alias: &str, padding: PaddingMode, )110 fn perform_rsa_sign_key_op_success(
111 digest: Digest,
112 key_size: i32,
113 alias: &str,
114 padding: PaddingMode,
115 ) {
116 let keystore2 = get_keystore_service();
117 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
118
119 let op_response = create_rsa_key_and_operation(
120 &sec_level,
121 Domain::APP,
122 -1,
123 Some(alias.to_string()),
124 &key_generations::KeyParams {
125 key_size,
126 purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
127 padding: Some(padding),
128 digest: Some(digest),
129 mgf_digest: None,
130 block_mode: None,
131 att_challenge: None,
132 },
133 KeyPurpose::SIGN,
134 ForcedOp(false),
135 )
136 .expect("Failed to create an operation.");
137
138 assert!(op_response.iOperation.is_some());
139 assert_eq!(
140 Ok(()),
141 key_generations::map_ks_error(perform_sample_sign_operation(
142 &op_response.iOperation.unwrap()
143 ))
144 );
145
146 delete_app_key(&keystore2, alias).unwrap();
147 }
148
149 /// Generate RSA signing key with given parameters and try to perform signing operation.
150 /// Error `INCOMPATIBLE_DIGEST | UNKNOWN_ERROR` is expected while creating an opearation.
perform_rsa_sign_key_op_failure(digest: Digest, alias: &str, padding: PaddingMode)151 fn perform_rsa_sign_key_op_failure(digest: Digest, alias: &str, padding: PaddingMode) {
152 let keystore2 = get_keystore_service();
153 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
154
155 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
156 &sec_level,
157 Domain::APP,
158 -1,
159 Some(alias.to_string()),
160 &key_generations::KeyParams {
161 key_size: 2048,
162 purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
163 padding: Some(padding),
164 digest: Some(digest),
165 mgf_digest: None,
166 block_mode: None,
167 att_challenge: None,
168 },
169 KeyPurpose::SIGN,
170 ForcedOp(false),
171 ));
172 assert!(result.is_err());
173
174 let e = result.unwrap_err();
175 assert!(
176 e == Error::Km(ErrorCode::UNKNOWN_ERROR) || e == Error::Km(ErrorCode::INCOMPATIBLE_DIGEST)
177 );
178
179 delete_app_key(&keystore2, alias).unwrap();
180 }
181
182 /// Generate RSA encrypt/decrypt key with given parameters and perform decrypt operation.
create_rsa_encrypt_decrypt_key_op_success( digest: Option<Digest>, key_size: i32, alias: &str, padding: PaddingMode, mgf_digest: Option<Digest>, )183 fn create_rsa_encrypt_decrypt_key_op_success(
184 digest: Option<Digest>,
185 key_size: i32,
186 alias: &str,
187 padding: PaddingMode,
188 mgf_digest: Option<Digest>,
189 ) {
190 let keystore2 = get_keystore_service();
191 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
192
193 let result = create_rsa_key_and_operation(
194 &sec_level,
195 Domain::APP,
196 -1,
197 Some(alias.to_string()),
198 &key_generations::KeyParams {
199 key_size,
200 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
201 padding: Some(padding),
202 digest,
203 mgf_digest,
204 block_mode: None,
205 att_challenge: None,
206 },
207 KeyPurpose::DECRYPT,
208 ForcedOp(false),
209 );
210
211 assert!(result.is_ok());
212
213 delete_app_key(&keystore2, alias).unwrap();
214 }
215
216 // Below macros generate tests for generating RSA signing keys with -
217 // Padding mode: RSA_PKCS1_1_5_SIGN
218 // Digest modes: `NONE, MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
219 // and create operations with generated keys. Tests should create operations successfully.
220 test_rsa_sign_key_op!(
221 sign_key_pkcs1_1_5_none_2048,
222 Digest::NONE,
223 2048,
224 PaddingMode::RSA_PKCS1_1_5_SIGN
225 );
226 test_rsa_sign_key_op!(
227 sign_key_pkcs1_1_5_md5_2048,
228 Digest::MD5,
229 2048,
230 PaddingMode::RSA_PKCS1_1_5_SIGN
231 );
232 test_rsa_sign_key_op!(
233 sign_key_pkcs1_1_5_sha1_2048,
234 Digest::SHA1,
235 2048,
236 PaddingMode::RSA_PKCS1_1_5_SIGN
237 );
238 test_rsa_sign_key_op!(
239 sign_key_pkcs1_1_5_sha224_2048,
240 Digest::SHA_2_224,
241 2048,
242 PaddingMode::RSA_PKCS1_1_5_SIGN
243 );
244 test_rsa_sign_key_op!(
245 sign_key_pkcs1_1_5_sha256_2048,
246 Digest::SHA_2_256,
247 2048,
248 PaddingMode::RSA_PKCS1_1_5_SIGN
249 );
250 test_rsa_sign_key_op!(
251 sign_key_pkcs1_1_5_sha384_2048,
252 Digest::SHA_2_384,
253 2048,
254 PaddingMode::RSA_PKCS1_1_5_SIGN
255 );
256 test_rsa_sign_key_op!(
257 sign_key_pkcs1_1_5_sha512_2048,
258 Digest::SHA_2_512,
259 2048,
260 PaddingMode::RSA_PKCS1_1_5_SIGN
261 );
262 test_rsa_sign_key_op!(
263 sign_key_pkcs1_1_5_none_3072,
264 Digest::NONE,
265 3072,
266 PaddingMode::RSA_PKCS1_1_5_SIGN
267 );
268 test_rsa_sign_key_op!(
269 sign_key_pkcs1_1_5_md5_3072,
270 Digest::MD5,
271 3072,
272 PaddingMode::RSA_PKCS1_1_5_SIGN
273 );
274 test_rsa_sign_key_op!(
275 sign_key_pkcs1_1_5_sha1_3072,
276 Digest::SHA1,
277 3072,
278 PaddingMode::RSA_PKCS1_1_5_SIGN
279 );
280 test_rsa_sign_key_op!(
281 sign_key_pkcs1_1_5_sha224_3072,
282 Digest::SHA_2_224,
283 3072,
284 PaddingMode::RSA_PKCS1_1_5_SIGN
285 );
286 test_rsa_sign_key_op!(
287 sign_key_pkcs1_1_5_sha256_3072,
288 Digest::SHA_2_256,
289 3072,
290 PaddingMode::RSA_PKCS1_1_5_SIGN
291 );
292 test_rsa_sign_key_op!(
293 sign_key_pkcs1_1_5_sha384_3072,
294 Digest::SHA_2_384,
295 3072,
296 PaddingMode::RSA_PKCS1_1_5_SIGN
297 );
298 test_rsa_sign_key_op!(
299 sign_key_pkcs1_1_5_sha512_3072,
300 Digest::SHA_2_512,
301 3072,
302 PaddingMode::RSA_PKCS1_1_5_SIGN
303 );
304 test_rsa_sign_key_op!(
305 sign_key_pkcs1_1_5_none_4096,
306 Digest::NONE,
307 4096,
308 PaddingMode::RSA_PKCS1_1_5_SIGN
309 );
310 test_rsa_sign_key_op!(
311 sign_key_pkcs1_1_5_md5_4096,
312 Digest::MD5,
313 4096,
314 PaddingMode::RSA_PKCS1_1_5_SIGN
315 );
316 test_rsa_sign_key_op!(
317 sign_key_pkcs1_1_5_sha1_4096,
318 Digest::SHA1,
319 4096,
320 PaddingMode::RSA_PKCS1_1_5_SIGN
321 );
322 test_rsa_sign_key_op!(
323 sign_key_pkcs1_1_5_sha224_4096,
324 Digest::SHA_2_224,
325 4096,
326 PaddingMode::RSA_PKCS1_1_5_SIGN
327 );
328 test_rsa_sign_key_op!(
329 sign_key_pkcs1_1_5_sha256_4096,
330 Digest::SHA_2_256,
331 4096,
332 PaddingMode::RSA_PKCS1_1_5_SIGN
333 );
334 test_rsa_sign_key_op!(
335 sign_key_pkcs1_1_5_sha384_4096,
336 Digest::SHA_2_384,
337 4096,
338 PaddingMode::RSA_PKCS1_1_5_SIGN
339 );
340 test_rsa_sign_key_op!(
341 sign_key_pkcs1_1_5_sha512_4096,
342 Digest::SHA_2_512,
343 4096,
344 PaddingMode::RSA_PKCS1_1_5_SIGN
345 );
346
347 // Below macros generate tests for generating RSA signing keys with -
348 // Padding mode: RSA_PSS
349 // Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
350 // and create operations with generated keys. Tests should create operations
351 // successfully.
352 test_rsa_sign_key_op!(sign_key_pss_md5_2048, Digest::MD5, 2048, PaddingMode::RSA_PSS);
353 test_rsa_sign_key_op!(sign_key_pss_sha1_2048, Digest::SHA1, 2048, PaddingMode::RSA_PSS);
354 test_rsa_sign_key_op!(sign_key_pss_sha224_2048, Digest::SHA_2_224, 2048, PaddingMode::RSA_PSS);
355 test_rsa_sign_key_op!(sign_key_pss_sha256_2048, Digest::SHA_2_256, 2048, PaddingMode::RSA_PSS);
356 test_rsa_sign_key_op!(sign_key_pss_sha384_2048, Digest::SHA_2_384, 2048, PaddingMode::RSA_PSS);
357 test_rsa_sign_key_op!(sign_key_pss_sha512_2048, Digest::SHA_2_512, 2048, PaddingMode::RSA_PSS);
358 test_rsa_sign_key_op!(sign_key_pss_md5_3072, Digest::MD5, 3072, PaddingMode::RSA_PSS);
359 test_rsa_sign_key_op!(sign_key_pss_sha1_3072, Digest::SHA1, 3072, PaddingMode::RSA_PSS);
360 test_rsa_sign_key_op!(sign_key_pss_sha224_3072, Digest::SHA_2_224, 3072, PaddingMode::RSA_PSS);
361 test_rsa_sign_key_op!(sign_key_pss_sha256_3072, Digest::SHA_2_256, 3072, PaddingMode::RSA_PSS);
362 test_rsa_sign_key_op!(sign_key_pss_sha384_3072, Digest::SHA_2_384, 3072, PaddingMode::RSA_PSS);
363 test_rsa_sign_key_op!(sign_key_pss_sha512_3072, Digest::SHA_2_512, 3072, PaddingMode::RSA_PSS);
364 test_rsa_sign_key_op!(sign_key_pss_md5_4096, Digest::MD5, 4096, PaddingMode::RSA_PSS);
365 test_rsa_sign_key_op!(sign_key_pss_sha1_4096, Digest::SHA1, 4096, PaddingMode::RSA_PSS);
366 test_rsa_sign_key_op!(sign_key_pss_sha224_4096, Digest::SHA_2_224, 4096, PaddingMode::RSA_PSS);
367 test_rsa_sign_key_op!(sign_key_pss_sha256_4096, Digest::SHA_2_256, 4096, PaddingMode::RSA_PSS);
368 test_rsa_sign_key_op!(sign_key_pss_sha384_4096, Digest::SHA_2_384, 4096, PaddingMode::RSA_PSS);
369 test_rsa_sign_key_op!(sign_key_pss_sha512_4096, Digest::SHA_2_512, 4096, PaddingMode::RSA_PSS);
370
371 // Below macros generate tests for generating RSA signing keys with -
372 // Padding mode: `NONE`
373 // Digest mode `NONE`
374 // and try to create operations with generated keys. Tests should create operations
375 // successfully.
376 test_rsa_sign_key_op!(sign_key_none_none_2048, Digest::NONE, 2048, PaddingMode::NONE);
377 test_rsa_sign_key_op!(sign_key_none_none_3072, Digest::NONE, 3072, PaddingMode::NONE);
378 test_rsa_sign_key_op!(sign_key_none_none_4096, Digest::NONE, 4096, PaddingMode::NONE);
379
380 // Below macros generate tests for generating RSA signing keys with -
381 // Padding mode: `NONE`
382 // Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
383 // and create operations with generated keys. Tests should fail to create operations with
384 // an error code `UNKNOWN_ERROR | INCOMPATIBLE_DIGEST`.
385 test_rsa_sign_key_op!(sign_key_none_md5_2048, Digest::MD5, PaddingMode::NONE);
386 test_rsa_sign_key_op!(sign_key_none_sha1_2048, Digest::SHA1, PaddingMode::NONE);
387 test_rsa_sign_key_op!(sign_key_none_sha224_2048, Digest::SHA_2_224, PaddingMode::NONE);
388 test_rsa_sign_key_op!(sign_key_none_sha256_2048, Digest::SHA_2_256, PaddingMode::NONE);
389 test_rsa_sign_key_op!(sign_key_none_sha384_2048, Digest::SHA_2_384, PaddingMode::NONE);
390 test_rsa_sign_key_op!(sign_key_none_sha512_2048, Digest::SHA_2_512, PaddingMode::NONE);
391
392 // Below macros generate tests for generating RSA encryption keys with various digest mode
393 // and padding mode combinations.
394 // Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
395 // Padding modes: `NONE, RSA_PKCS1_1_5_ENCRYPT`
396 // and try to create operations using generated keys, tests should create operations successfully.
397 test_rsa_encrypt_key_op!(
398 encrypt_key_pkcs1_1_5_none_2048,
399 Some(Digest::NONE),
400 2048,
401 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
402 );
403 test_rsa_encrypt_key_op!(
404 encrypt_key_pkcs1_1_5_md5_2048,
405 Some(Digest::MD5),
406 2048,
407 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
408 );
409 test_rsa_encrypt_key_op!(
410 encrypt_key_pkcs1_1_5_sha1_2048,
411 Some(Digest::SHA1),
412 2048,
413 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
414 );
415 test_rsa_encrypt_key_op!(
416 encrypt_key_pkcs1_1_5_sha224_2048,
417 Some(Digest::SHA_2_224),
418 2048,
419 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
420 );
421 test_rsa_encrypt_key_op!(
422 encrypt_key_pkcs1_1_5_sha256_2048,
423 Some(Digest::SHA_2_256),
424 2048,
425 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
426 );
427 test_rsa_encrypt_key_op!(
428 encrypt_key_pkcs1_1_5_sha384_2048,
429 Some(Digest::SHA_2_384),
430 2048,
431 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
432 );
433 test_rsa_encrypt_key_op!(
434 encrypt_key_pkcs1_1_5_sha512_2048,
435 Some(Digest::SHA_2_512),
436 2048,
437 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
438 );
439 test_rsa_encrypt_key_op!(
440 encrypt_key_pkcs1_1_5_none_3072,
441 Some(Digest::NONE),
442 3072,
443 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
444 );
445 test_rsa_encrypt_key_op!(
446 encrypt_key_pkcs1_1_5_md5_3072,
447 Some(Digest::MD5),
448 3072,
449 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
450 );
451 test_rsa_encrypt_key_op!(
452 encrypt_key_pkcs1_1_5_sha1_3072,
453 Some(Digest::SHA1),
454 3072,
455 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
456 );
457 test_rsa_encrypt_key_op!(
458 encrypt_key_pkcs1_1_5_sha224_3072,
459 Some(Digest::SHA_2_224),
460 3072,
461 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
462 );
463 test_rsa_encrypt_key_op!(
464 encrypt_key_pkcs1_1_5_sha256_3072,
465 Some(Digest::SHA_2_256),
466 3072,
467 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
468 );
469 test_rsa_encrypt_key_op!(
470 encrypt_key_pkcs1_1_5_sha384_3072,
471 Some(Digest::SHA_2_384),
472 3072,
473 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
474 );
475 test_rsa_encrypt_key_op!(
476 encrypt_key_pkcs1_1_5_sha512_3072,
477 Some(Digest::SHA_2_512),
478 3072,
479 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
480 );
481 test_rsa_encrypt_key_op!(
482 encrypt_key_pkcs1_1_5_none_4096,
483 Some(Digest::NONE),
484 4096,
485 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
486 );
487 test_rsa_encrypt_key_op!(
488 encrypt_key_pkcs1_1_5_md5_4096,
489 Some(Digest::MD5),
490 4096,
491 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
492 );
493 test_rsa_encrypt_key_op!(
494 encrypt_key_pkcs1_1_5_sha1_4096,
495 Some(Digest::SHA1),
496 4096,
497 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
498 );
499 test_rsa_encrypt_key_op!(
500 encrypt_key_pkcs1_1_5_sha224_4096,
501 Some(Digest::SHA_2_224),
502 4096,
503 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
504 );
505 test_rsa_encrypt_key_op!(
506 encrypt_key_pkcs1_1_5_sha256_4096,
507 Some(Digest::SHA_2_256),
508 4096,
509 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
510 );
511 test_rsa_encrypt_key_op!(
512 encrypt_key_pkcs1_1_5_sha384_4096,
513 Some(Digest::SHA_2_384),
514 4096,
515 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
516 );
517 test_rsa_encrypt_key_op!(
518 encrypt_key_pkcs1_1_5_sha512_4096,
519 Some(Digest::SHA_2_512),
520 4096,
521 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
522 );
523 test_rsa_encrypt_key_op!(encrypt_key_none_none_2048, Some(Digest::NONE), 2048, PaddingMode::NONE);
524 test_rsa_encrypt_key_op!(encrypt_key_none_md5_2048, Some(Digest::MD5), 2048, PaddingMode::NONE);
525 test_rsa_encrypt_key_op!(encrypt_key_none_sha1_2048, Some(Digest::SHA1), 2048, PaddingMode::NONE);
526 test_rsa_encrypt_key_op!(
527 encrypt_key_none_sha224_2048,
528 Some(Digest::SHA_2_224),
529 2048,
530 PaddingMode::NONE
531 );
532 test_rsa_encrypt_key_op!(
533 encrypt_key_none_sha256_2048,
534 Some(Digest::SHA_2_256),
535 2048,
536 PaddingMode::NONE
537 );
538 test_rsa_encrypt_key_op!(
539 encrypt_key_none_sha384_2048,
540 Some(Digest::SHA_2_384),
541 2048,
542 PaddingMode::NONE
543 );
544 test_rsa_encrypt_key_op!(
545 encrypt_key_none_sha512_2048,
546 Some(Digest::SHA_2_512),
547 2048,
548 PaddingMode::NONE
549 );
550 test_rsa_encrypt_key_op!(encrypt_key_none_none_3072, Some(Digest::NONE), 3072, PaddingMode::NONE);
551 test_rsa_encrypt_key_op!(encrypt_key_none_md5_3072, Some(Digest::MD5), 3072, PaddingMode::NONE);
552 test_rsa_encrypt_key_op!(encrypt_key_none_sha1_3072, Some(Digest::SHA1), 3072, PaddingMode::NONE);
553 test_rsa_encrypt_key_op!(
554 encrypt_key_none_sha224_3072,
555 Some(Digest::SHA_2_224),
556 3072,
557 PaddingMode::NONE
558 );
559 test_rsa_encrypt_key_op!(
560 encrypt_key_none_sha256_3072,
561 Some(Digest::SHA_2_256),
562 3072,
563 PaddingMode::NONE
564 );
565 test_rsa_encrypt_key_op!(
566 encrypt_key_none_sha384_3072,
567 Some(Digest::SHA_2_384),
568 3072,
569 PaddingMode::NONE
570 );
571 test_rsa_encrypt_key_op!(
572 encrypt_key_none_sha512_3072,
573 Some(Digest::SHA_2_512),
574 3072,
575 PaddingMode::NONE
576 );
577 test_rsa_encrypt_key_op!(encrypt_key_none_none_4096, Some(Digest::NONE), 4096, PaddingMode::NONE);
578 test_rsa_encrypt_key_op!(encrypt_key_none_md5_4096, Some(Digest::MD5), 4096, PaddingMode::NONE);
579 test_rsa_encrypt_key_op!(encrypt_key_none_sha1_4096, Some(Digest::SHA1), 4096, PaddingMode::NONE);
580 test_rsa_encrypt_key_op!(
581 encrypt_key_none_sha224_4096,
582 Some(Digest::SHA_2_224),
583 4096,
584 PaddingMode::NONE
585 );
586 test_rsa_encrypt_key_op!(
587 encrypt_key_none_sha256_4096,
588 Some(Digest::SHA_2_256),
589 4096,
590 PaddingMode::NONE
591 );
592 test_rsa_encrypt_key_op!(
593 encrypt_key_none_sha384_4096,
594 Some(Digest::SHA_2_384),
595 4096,
596 PaddingMode::NONE
597 );
598 test_rsa_encrypt_key_op!(
599 encrypt_key_none_sha512_4096,
600 Some(Digest::SHA_2_512),
601 4096,
602 PaddingMode::NONE
603 );
604
605 // Below macros generate tests for generating RSA keys with -
606 // Padding Mode: `RSA_OAEP`
607 // Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
608 // mgf-digests: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
609 // and create a decrypt operations using generated keys. Tests should create operations
610 // successfully.
611 test_rsa_encrypt_key_op!(
612 encrypt_key_oaep_md5_md5_2048,
613 Some(Digest::MD5),
614 2048,
615 PaddingMode::RSA_OAEP,
616 Some(Digest::MD5)
617 );
618 test_rsa_encrypt_key_op!(
619 encrypt_key_oaep_md5_sha1_2048,
620 Some(Digest::MD5),
621 2048,
622 PaddingMode::RSA_OAEP,
623 Some(Digest::SHA1)
624 );
625 test_rsa_encrypt_key_op!(
626 encrypt_key_oaep_md5_sha224_2048,
627 Some(Digest::MD5),
628 2048,
629 PaddingMode::RSA_OAEP,
630 Some(Digest::SHA_2_224)
631 );
632 test_rsa_encrypt_key_op!(
633 encrypt_key_oaep_md5_sha256_2048,
634 Some(Digest::MD5),
635 2048,
636 PaddingMode::RSA_OAEP,
637 Some(Digest::SHA_2_256)
638 );
639 test_rsa_encrypt_key_op!(
640 encrypt_key_oaep_md5_sha384_2048,
641 Some(Digest::MD5),
642 2048,
643 PaddingMode::RSA_OAEP,
644 Some(Digest::SHA_2_384)
645 );
646 test_rsa_encrypt_key_op!(
647 encrypt_key_oaep_md5_sha512_2048,
648 Some(Digest::MD5),
649 2048,
650 PaddingMode::RSA_OAEP,
651 Some(Digest::SHA_2_512)
652 );
653 test_rsa_encrypt_key_op!(
654 encrypt_key_oaep_sha1_md5_2048,
655 Some(Digest::SHA1),
656 2048,
657 PaddingMode::RSA_OAEP,
658 Some(Digest::MD5)
659 );
660 test_rsa_encrypt_key_op!(
661 encrypt_key_oaep_sha1_sha1_2048,
662 Some(Digest::SHA1),
663 2048,
664 PaddingMode::RSA_OAEP,
665 Some(Digest::SHA1)
666 );
667 test_rsa_encrypt_key_op!(
668 encrypt_key_oaep_sha1_sha224_2048,
669 Some(Digest::SHA1),
670 2048,
671 PaddingMode::RSA_OAEP,
672 Some(Digest::SHA_2_224)
673 );
674 test_rsa_encrypt_key_op!(
675 encrypt_key_oaep_sha1_sha256_2048,
676 Some(Digest::SHA1),
677 2048,
678 PaddingMode::RSA_OAEP,
679 Some(Digest::SHA_2_256)
680 );
681 test_rsa_encrypt_key_op!(
682 encrypt_key_oaep_sha1_sha384_2048,
683 Some(Digest::SHA1),
684 2048,
685 PaddingMode::RSA_OAEP,
686 Some(Digest::SHA_2_384)
687 );
688 test_rsa_encrypt_key_op!(
689 encrypt_key_oaep_sha1_sha512_2048,
690 Some(Digest::SHA1),
691 2048,
692 PaddingMode::RSA_OAEP,
693 Some(Digest::SHA_2_512)
694 );
695 test_rsa_encrypt_key_op!(
696 encrypt_key_oaep_sha224_md5_2048,
697 Some(Digest::SHA_2_224),
698 2048,
699 PaddingMode::RSA_OAEP,
700 Some(Digest::MD5)
701 );
702 test_rsa_encrypt_key_op!(
703 encrypt_key_oaep_sha224_sha1_2048,
704 Some(Digest::SHA_2_224),
705 2048,
706 PaddingMode::RSA_OAEP,
707 Some(Digest::SHA1)
708 );
709 test_rsa_encrypt_key_op!(
710 encrypt_key_oaep_sha224_sha224_2048,
711 Some(Digest::SHA_2_224),
712 2048,
713 PaddingMode::RSA_OAEP,
714 Some(Digest::SHA_2_224)
715 );
716 test_rsa_encrypt_key_op!(
717 encrypt_key_oaep_sha224_sha256_2048,
718 Some(Digest::SHA_2_224),
719 2048,
720 PaddingMode::RSA_OAEP,
721 Some(Digest::SHA_2_256)
722 );
723 test_rsa_encrypt_key_op!(
724 encrypt_key_oaep_sha224_sha384_2048,
725 Some(Digest::SHA_2_224),
726 2048,
727 PaddingMode::RSA_OAEP,
728 Some(Digest::SHA_2_384)
729 );
730 test_rsa_encrypt_key_op!(
731 encrypt_key_oaep_sha224_sha512_2048,
732 Some(Digest::SHA_2_224),
733 2048,
734 PaddingMode::RSA_OAEP,
735 Some(Digest::SHA_2_512)
736 );
737 test_rsa_encrypt_key_op!(
738 encrypt_key_oaep_sha256_md5_2048,
739 Some(Digest::SHA_2_256),
740 2048,
741 PaddingMode::RSA_OAEP,
742 Some(Digest::MD5)
743 );
744 test_rsa_encrypt_key_op!(
745 encrypt_key_oaep_sha256_sha1_2048,
746 Some(Digest::SHA_2_256),
747 2048,
748 PaddingMode::RSA_OAEP,
749 Some(Digest::SHA1)
750 );
751 test_rsa_encrypt_key_op!(
752 encrypt_key_oaep_sha256_sha224_2048,
753 Some(Digest::SHA_2_256),
754 2048,
755 PaddingMode::RSA_OAEP,
756 Some(Digest::SHA_2_224)
757 );
758 test_rsa_encrypt_key_op!(
759 encrypt_key_oaep_sha256_sha256_2048,
760 Some(Digest::SHA_2_256),
761 2048,
762 PaddingMode::RSA_OAEP,
763 Some(Digest::SHA_2_256)
764 );
765 test_rsa_encrypt_key_op!(
766 encrypt_key_oaep_sha256_sha384_2048,
767 Some(Digest::SHA_2_256),
768 2048,
769 PaddingMode::RSA_OAEP,
770 Some(Digest::SHA_2_384)
771 );
772 test_rsa_encrypt_key_op!(
773 encrypt_key_oaep_sha256_sha512_2048,
774 Some(Digest::SHA_2_256),
775 2048,
776 PaddingMode::RSA_OAEP,
777 Some(Digest::SHA_2_512)
778 );
779 test_rsa_encrypt_key_op!(
780 encrypt_key_oaep_sha384_md5_2048,
781 Some(Digest::SHA_2_384),
782 2048,
783 PaddingMode::RSA_OAEP,
784 Some(Digest::MD5)
785 );
786 test_rsa_encrypt_key_op!(
787 encrypt_key_oaep_sha384_sha1_2048,
788 Some(Digest::SHA_2_384),
789 2048,
790 PaddingMode::RSA_OAEP,
791 Some(Digest::SHA1)
792 );
793 test_rsa_encrypt_key_op!(
794 encrypt_key_oaep_sha384_sha224_2048,
795 Some(Digest::SHA_2_384),
796 2048,
797 PaddingMode::RSA_OAEP,
798 Some(Digest::SHA_2_224)
799 );
800 test_rsa_encrypt_key_op!(
801 encrypt_key_oaep_sha384_sha256_2048,
802 Some(Digest::SHA_2_384),
803 2048,
804 PaddingMode::RSA_OAEP,
805 Some(Digest::SHA_2_256)
806 );
807 test_rsa_encrypt_key_op!(
808 encrypt_key_oaep_sha384_sha384_2048,
809 Some(Digest::SHA_2_384),
810 2048,
811 PaddingMode::RSA_OAEP,
812 Some(Digest::SHA_2_384)
813 );
814 test_rsa_encrypt_key_op!(
815 encrypt_key_oaep_sha384_sha512_2048,
816 Some(Digest::SHA_2_384),
817 2048,
818 PaddingMode::RSA_OAEP,
819 Some(Digest::SHA_2_512)
820 );
821 test_rsa_encrypt_key_op!(
822 encrypt_key_oaep_sha512_md5_2048,
823 Some(Digest::SHA_2_512),
824 2048,
825 PaddingMode::RSA_OAEP,
826 Some(Digest::MD5)
827 );
828 test_rsa_encrypt_key_op!(
829 encrypt_key_oaep_sha512_sha1_2048,
830 Some(Digest::SHA_2_512),
831 2048,
832 PaddingMode::RSA_OAEP,
833 Some(Digest::SHA1)
834 );
835 test_rsa_encrypt_key_op!(
836 encrypt_key_oaep_sha512_sha224_2048,
837 Some(Digest::SHA_2_512),
838 2048,
839 PaddingMode::RSA_OAEP,
840 Some(Digest::SHA_2_224)
841 );
842 test_rsa_encrypt_key_op!(
843 encrypt_key_oaep_sha512_sha256_2048,
844 Some(Digest::SHA_2_512),
845 2048,
846 PaddingMode::RSA_OAEP,
847 Some(Digest::SHA_2_256)
848 );
849 test_rsa_encrypt_key_op!(
850 encrypt_key_oaep_sha512_sha384_2048,
851 Some(Digest::SHA_2_512),
852 2048,
853 PaddingMode::RSA_OAEP,
854 Some(Digest::SHA_2_384)
855 );
856 test_rsa_encrypt_key_op!(
857 encrypt_key_oaep_sha512_sha512_2048,
858 Some(Digest::SHA_2_512),
859 2048,
860 PaddingMode::RSA_OAEP,
861 Some(Digest::SHA_2_512)
862 );
863 test_rsa_encrypt_key_op!(
864 encrypt_key_oaep_md5_md5_3072,
865 Some(Digest::MD5),
866 3072,
867 PaddingMode::RSA_OAEP,
868 Some(Digest::MD5)
869 );
870 test_rsa_encrypt_key_op!(
871 encrypt_key_oaep_md5_sha1_3072,
872 Some(Digest::MD5),
873 3072,
874 PaddingMode::RSA_OAEP,
875 Some(Digest::SHA1)
876 );
877 test_rsa_encrypt_key_op!(
878 encrypt_key_oaep_md5_sha224_3072,
879 Some(Digest::MD5),
880 3072,
881 PaddingMode::RSA_OAEP,
882 Some(Digest::SHA_2_224)
883 );
884 test_rsa_encrypt_key_op!(
885 encrypt_key_oaep_md5_sha256_3072,
886 Some(Digest::MD5),
887 3072,
888 PaddingMode::RSA_OAEP,
889 Some(Digest::SHA_2_256)
890 );
891 test_rsa_encrypt_key_op!(
892 encrypt_key_oaep_md5_sha384_3072,
893 Some(Digest::MD5),
894 3072,
895 PaddingMode::RSA_OAEP,
896 Some(Digest::SHA_2_384)
897 );
898 test_rsa_encrypt_key_op!(
899 encrypt_key_oaep_md5_sha512_3072,
900 Some(Digest::MD5),
901 3072,
902 PaddingMode::RSA_OAEP,
903 Some(Digest::SHA_2_512)
904 );
905 test_rsa_encrypt_key_op!(
906 encrypt_key_oaep_sha1_md5_3072,
907 Some(Digest::SHA1),
908 3072,
909 PaddingMode::RSA_OAEP,
910 Some(Digest::MD5)
911 );
912 test_rsa_encrypt_key_op!(
913 encrypt_key_oaep_sha1_sha1_3072,
914 Some(Digest::SHA1),
915 3072,
916 PaddingMode::RSA_OAEP,
917 Some(Digest::SHA1)
918 );
919 test_rsa_encrypt_key_op!(
920 encrypt_key_oaep_sha1_sha224_3072,
921 Some(Digest::SHA1),
922 3072,
923 PaddingMode::RSA_OAEP,
924 Some(Digest::SHA_2_224)
925 );
926 test_rsa_encrypt_key_op!(
927 encrypt_key_oaep_sha1_sha256_3072,
928 Some(Digest::SHA1),
929 3072,
930 PaddingMode::RSA_OAEP,
931 Some(Digest::SHA_2_256)
932 );
933 test_rsa_encrypt_key_op!(
934 encrypt_key_oaep_sha1_sha384_3072,
935 Some(Digest::SHA1),
936 3072,
937 PaddingMode::RSA_OAEP,
938 Some(Digest::SHA_2_384)
939 );
940 test_rsa_encrypt_key_op!(
941 encrypt_key_oaep_sha1_sha512_3072,
942 Some(Digest::SHA1),
943 3072,
944 PaddingMode::RSA_OAEP,
945 Some(Digest::SHA_2_512)
946 );
947 test_rsa_encrypt_key_op!(
948 encrypt_key_oaep_sha224_md5_3072,
949 Some(Digest::SHA_2_224),
950 3072,
951 PaddingMode::RSA_OAEP,
952 Some(Digest::MD5)
953 );
954 test_rsa_encrypt_key_op!(
955 encrypt_key_oaep_sha224_sha1_3072,
956 Some(Digest::SHA_2_224),
957 3072,
958 PaddingMode::RSA_OAEP,
959 Some(Digest::SHA1)
960 );
961 test_rsa_encrypt_key_op!(
962 encrypt_key_oaep_sha224_sha224_3072,
963 Some(Digest::SHA_2_224),
964 3072,
965 PaddingMode::RSA_OAEP,
966 Some(Digest::SHA_2_224)
967 );
968 test_rsa_encrypt_key_op!(
969 encrypt_key_oaep_sha224_sha256_3072,
970 Some(Digest::SHA_2_224),
971 3072,
972 PaddingMode::RSA_OAEP,
973 Some(Digest::SHA_2_256)
974 );
975 test_rsa_encrypt_key_op!(
976 encrypt_key_oaep_sha224_sha384_3072,
977 Some(Digest::SHA_2_224),
978 3072,
979 PaddingMode::RSA_OAEP,
980 Some(Digest::SHA_2_384)
981 );
982 test_rsa_encrypt_key_op!(
983 encrypt_key_oaep_sha224_sha512_3072,
984 Some(Digest::SHA_2_224),
985 3072,
986 PaddingMode::RSA_OAEP,
987 Some(Digest::SHA_2_512)
988 );
989 test_rsa_encrypt_key_op!(
990 encrypt_key_oaep_sha256_md5_3072,
991 Some(Digest::SHA_2_256),
992 3072,
993 PaddingMode::RSA_OAEP,
994 Some(Digest::MD5)
995 );
996 test_rsa_encrypt_key_op!(
997 encrypt_key_oaep_sha256_sha1_3072,
998 Some(Digest::SHA_2_256),
999 3072,
1000 PaddingMode::RSA_OAEP,
1001 Some(Digest::SHA1)
1002 );
1003 test_rsa_encrypt_key_op!(
1004 encrypt_key_oaep_sha256_sha224_3072,
1005 Some(Digest::SHA_2_256),
1006 3072,
1007 PaddingMode::RSA_OAEP,
1008 Some(Digest::SHA_2_224)
1009 );
1010 test_rsa_encrypt_key_op!(
1011 encrypt_key_oaep_sha256_sha256_3072,
1012 Some(Digest::SHA_2_256),
1013 3072,
1014 PaddingMode::RSA_OAEP,
1015 Some(Digest::SHA_2_256)
1016 );
1017 test_rsa_encrypt_key_op!(
1018 encrypt_key_oaep_sha256_sha384_3072,
1019 Some(Digest::SHA_2_256),
1020 3072,
1021 PaddingMode::RSA_OAEP,
1022 Some(Digest::SHA_2_384)
1023 );
1024 test_rsa_encrypt_key_op!(
1025 encrypt_key_oaep_sha256_sha512_3072,
1026 Some(Digest::SHA_2_256),
1027 3072,
1028 PaddingMode::RSA_OAEP,
1029 Some(Digest::SHA_2_512)
1030 );
1031 test_rsa_encrypt_key_op!(
1032 encrypt_key_oaep_sha384_md5_3072,
1033 Some(Digest::SHA_2_384),
1034 3072,
1035 PaddingMode::RSA_OAEP,
1036 Some(Digest::MD5)
1037 );
1038 test_rsa_encrypt_key_op!(
1039 encrypt_key_oaep_sha384_sha1_3072,
1040 Some(Digest::SHA_2_384),
1041 3072,
1042 PaddingMode::RSA_OAEP,
1043 Some(Digest::SHA1)
1044 );
1045 test_rsa_encrypt_key_op!(
1046 encrypt_key_oaep_sha384_sha224_3072,
1047 Some(Digest::SHA_2_384),
1048 3072,
1049 PaddingMode::RSA_OAEP,
1050 Some(Digest::SHA_2_224)
1051 );
1052 test_rsa_encrypt_key_op!(
1053 encrypt_key_oaep_sha384_sha256_3072,
1054 Some(Digest::SHA_2_384),
1055 3072,
1056 PaddingMode::RSA_OAEP,
1057 Some(Digest::SHA_2_256)
1058 );
1059 test_rsa_encrypt_key_op!(
1060 encrypt_key_oaep_sha384_sha384_3072,
1061 Some(Digest::SHA_2_384),
1062 3072,
1063 PaddingMode::RSA_OAEP,
1064 Some(Digest::SHA_2_384)
1065 );
1066 test_rsa_encrypt_key_op!(
1067 encrypt_key_oaep_sha384_sha512_3072,
1068 Some(Digest::SHA_2_384),
1069 3072,
1070 PaddingMode::RSA_OAEP,
1071 Some(Digest::SHA_2_512)
1072 );
1073 test_rsa_encrypt_key_op!(
1074 encrypt_key_oaep_sha512_md5_3072,
1075 Some(Digest::SHA_2_512),
1076 3072,
1077 PaddingMode::RSA_OAEP,
1078 Some(Digest::MD5)
1079 );
1080 test_rsa_encrypt_key_op!(
1081 encrypt_key_oaep_sha512_sha1_3072,
1082 Some(Digest::SHA_2_512),
1083 3072,
1084 PaddingMode::RSA_OAEP,
1085 Some(Digest::SHA1)
1086 );
1087 test_rsa_encrypt_key_op!(
1088 encrypt_key_oaep_sha512_sha224_3072,
1089 Some(Digest::SHA_2_512),
1090 3072,
1091 PaddingMode::RSA_OAEP,
1092 Some(Digest::SHA_2_224)
1093 );
1094 test_rsa_encrypt_key_op!(
1095 encrypt_key_oaep_sha512_sha256_3072,
1096 Some(Digest::SHA_2_512),
1097 3072,
1098 PaddingMode::RSA_OAEP,
1099 Some(Digest::SHA_2_256)
1100 );
1101 test_rsa_encrypt_key_op!(
1102 encrypt_key_oaep_sha512_sha384_3072,
1103 Some(Digest::SHA_2_512),
1104 3072,
1105 PaddingMode::RSA_OAEP,
1106 Some(Digest::SHA_2_384)
1107 );
1108 test_rsa_encrypt_key_op!(
1109 encrypt_key_oaep_sha512_sha512_3072,
1110 Some(Digest::SHA_2_512),
1111 3072,
1112 PaddingMode::RSA_OAEP,
1113 Some(Digest::SHA_2_512)
1114 );
1115 test_rsa_encrypt_key_op!(
1116 encrypt_key_oaep_md5_md5_4096,
1117 Some(Digest::MD5),
1118 4096,
1119 PaddingMode::RSA_OAEP,
1120 Some(Digest::MD5)
1121 );
1122 test_rsa_encrypt_key_op!(
1123 encrypt_key_oaep_md5_sha1_4096,
1124 Some(Digest::MD5),
1125 4096,
1126 PaddingMode::RSA_OAEP,
1127 Some(Digest::SHA1)
1128 );
1129 test_rsa_encrypt_key_op!(
1130 encrypt_key_oaep_md5_sha224_4096,
1131 Some(Digest::MD5),
1132 4096,
1133 PaddingMode::RSA_OAEP,
1134 Some(Digest::SHA_2_224)
1135 );
1136 test_rsa_encrypt_key_op!(
1137 encrypt_key_oaep_md5_sha256_4096,
1138 Some(Digest::MD5),
1139 4096,
1140 PaddingMode::RSA_OAEP,
1141 Some(Digest::SHA_2_256)
1142 );
1143 test_rsa_encrypt_key_op!(
1144 encrypt_key_oaep_md5_sha384_4096,
1145 Some(Digest::MD5),
1146 4096,
1147 PaddingMode::RSA_OAEP,
1148 Some(Digest::SHA_2_384)
1149 );
1150 test_rsa_encrypt_key_op!(
1151 encrypt_key_oaep_md5_sha512_4096,
1152 Some(Digest::MD5),
1153 4096,
1154 PaddingMode::RSA_OAEP,
1155 Some(Digest::SHA_2_512)
1156 );
1157 test_rsa_encrypt_key_op!(
1158 encrypt_key_oaep_sha1_md5_4096,
1159 Some(Digest::SHA1),
1160 4096,
1161 PaddingMode::RSA_OAEP,
1162 Some(Digest::MD5)
1163 );
1164 test_rsa_encrypt_key_op!(
1165 encrypt_key_oaep_sha1_sha1_4096,
1166 Some(Digest::SHA1),
1167 4096,
1168 PaddingMode::RSA_OAEP,
1169 Some(Digest::SHA1)
1170 );
1171 test_rsa_encrypt_key_op!(
1172 encrypt_key_oaep_sha1_sha224_4096,
1173 Some(Digest::SHA1),
1174 4096,
1175 PaddingMode::RSA_OAEP,
1176 Some(Digest::SHA_2_224)
1177 );
1178 test_rsa_encrypt_key_op!(
1179 encrypt_key_oaep_sha1_sha256_4096,
1180 Some(Digest::SHA1),
1181 4096,
1182 PaddingMode::RSA_OAEP,
1183 Some(Digest::SHA_2_256)
1184 );
1185 test_rsa_encrypt_key_op!(
1186 encrypt_key_oaep_sha1_sha384_4096,
1187 Some(Digest::SHA1),
1188 4096,
1189 PaddingMode::RSA_OAEP,
1190 Some(Digest::SHA_2_384)
1191 );
1192 test_rsa_encrypt_key_op!(
1193 encrypt_key_oaep_sha1_sha512_4096,
1194 Some(Digest::SHA1),
1195 4096,
1196 PaddingMode::RSA_OAEP,
1197 Some(Digest::SHA_2_512)
1198 );
1199 test_rsa_encrypt_key_op!(
1200 encrypt_key_oaep_sha224_md5_4096,
1201 Some(Digest::SHA_2_224),
1202 4096,
1203 PaddingMode::RSA_OAEP,
1204 Some(Digest::MD5)
1205 );
1206 test_rsa_encrypt_key_op!(
1207 encrypt_key_oaep_sha224_sha1_4096,
1208 Some(Digest::SHA_2_224),
1209 4096,
1210 PaddingMode::RSA_OAEP,
1211 Some(Digest::SHA1)
1212 );
1213 test_rsa_encrypt_key_op!(
1214 encrypt_key_oaep_sha224_sha224_4096,
1215 Some(Digest::SHA_2_224),
1216 4096,
1217 PaddingMode::RSA_OAEP,
1218 Some(Digest::SHA_2_224)
1219 );
1220 test_rsa_encrypt_key_op!(
1221 encrypt_key_oaep_sha224_sha256_4096,
1222 Some(Digest::SHA_2_224),
1223 4096,
1224 PaddingMode::RSA_OAEP,
1225 Some(Digest::SHA_2_256)
1226 );
1227 test_rsa_encrypt_key_op!(
1228 encrypt_key_oaep_sha224_sha384_4096,
1229 Some(Digest::SHA_2_224),
1230 4096,
1231 PaddingMode::RSA_OAEP,
1232 Some(Digest::SHA_2_384)
1233 );
1234 test_rsa_encrypt_key_op!(
1235 encrypt_key_oaep_sha224_sha512_4096,
1236 Some(Digest::SHA_2_224),
1237 4096,
1238 PaddingMode::RSA_OAEP,
1239 Some(Digest::SHA_2_512)
1240 );
1241 test_rsa_encrypt_key_op!(
1242 encrypt_key_oaep_sha256_md5_4096,
1243 Some(Digest::SHA_2_256),
1244 4096,
1245 PaddingMode::RSA_OAEP,
1246 Some(Digest::MD5)
1247 );
1248 test_rsa_encrypt_key_op!(
1249 encrypt_key_oaep_sha256_sha1_4096,
1250 Some(Digest::SHA_2_256),
1251 4096,
1252 PaddingMode::RSA_OAEP,
1253 Some(Digest::SHA1)
1254 );
1255 test_rsa_encrypt_key_op!(
1256 encrypt_key_oaep_sha256_sha224_4096,
1257 Some(Digest::SHA_2_256),
1258 4096,
1259 PaddingMode::RSA_OAEP,
1260 Some(Digest::SHA_2_224)
1261 );
1262 test_rsa_encrypt_key_op!(
1263 encrypt_key_oaep_sha256_sha256_4096,
1264 Some(Digest::SHA_2_256),
1265 4096,
1266 PaddingMode::RSA_OAEP,
1267 Some(Digest::SHA_2_256)
1268 );
1269 test_rsa_encrypt_key_op!(
1270 encrypt_key_oaep_sha256_sha384_4096,
1271 Some(Digest::SHA_2_256),
1272 4096,
1273 PaddingMode::RSA_OAEP,
1274 Some(Digest::SHA_2_384)
1275 );
1276 test_rsa_encrypt_key_op!(
1277 encrypt_key_oaep_sha256_sha512_4096,
1278 Some(Digest::SHA_2_256),
1279 4096,
1280 PaddingMode::RSA_OAEP,
1281 Some(Digest::SHA_2_512)
1282 );
1283 test_rsa_encrypt_key_op!(
1284 encrypt_key_oaep_sha384_md5_4096,
1285 Some(Digest::SHA_2_384),
1286 4096,
1287 PaddingMode::RSA_OAEP,
1288 Some(Digest::MD5)
1289 );
1290 test_rsa_encrypt_key_op!(
1291 encrypt_key_oaep_sha384_sha1_4096,
1292 Some(Digest::SHA_2_384),
1293 4096,
1294 PaddingMode::RSA_OAEP,
1295 Some(Digest::SHA1)
1296 );
1297 test_rsa_encrypt_key_op!(
1298 encrypt_key_oaep_sha384_sha224_4096,
1299 Some(Digest::SHA_2_384),
1300 4096,
1301 PaddingMode::RSA_OAEP,
1302 Some(Digest::SHA_2_224)
1303 );
1304 test_rsa_encrypt_key_op!(
1305 encrypt_key_oaep_sha384_sha256_4096,
1306 Some(Digest::SHA_2_384),
1307 4096,
1308 PaddingMode::RSA_OAEP,
1309 Some(Digest::SHA_2_256)
1310 );
1311 test_rsa_encrypt_key_op!(
1312 encrypt_key_oaep_sha384_sha384_4096,
1313 Some(Digest::SHA_2_384),
1314 4096,
1315 PaddingMode::RSA_OAEP,
1316 Some(Digest::SHA_2_384)
1317 );
1318 test_rsa_encrypt_key_op!(
1319 encrypt_key_oaep_sha384_sha512_4096,
1320 Some(Digest::SHA_2_384),
1321 4096,
1322 PaddingMode::RSA_OAEP,
1323 Some(Digest::SHA_2_512)
1324 );
1325 test_rsa_encrypt_key_op!(
1326 encrypt_key_oaep_sha512_md5_4096,
1327 Some(Digest::SHA_2_512),
1328 4096,
1329 PaddingMode::RSA_OAEP,
1330 Some(Digest::MD5)
1331 );
1332 test_rsa_encrypt_key_op!(
1333 encrypt_key_oaep_sha512_sha1_4096,
1334 Some(Digest::SHA_2_512),
1335 4096,
1336 PaddingMode::RSA_OAEP,
1337 Some(Digest::SHA1)
1338 );
1339 test_rsa_encrypt_key_op!(
1340 encrypt_key_oaep_sha512_sha224_4096,
1341 Some(Digest::SHA_2_512),
1342 4096,
1343 PaddingMode::RSA_OAEP,
1344 Some(Digest::SHA_2_224)
1345 );
1346 test_rsa_encrypt_key_op!(
1347 encrypt_key_oaep_sha512_sha256_4096,
1348 Some(Digest::SHA_2_512),
1349 4096,
1350 PaddingMode::RSA_OAEP,
1351 Some(Digest::SHA_2_256)
1352 );
1353 test_rsa_encrypt_key_op!(
1354 encrypt_key_oaep_sha512_sha384_4096,
1355 Some(Digest::SHA_2_512),
1356 4096,
1357 PaddingMode::RSA_OAEP,
1358 Some(Digest::SHA_2_384)
1359 );
1360 test_rsa_encrypt_key_op!(
1361 encrypt_key_oaep_sha512_sha512_4096,
1362 Some(Digest::SHA_2_512),
1363 4096,
1364 PaddingMode::RSA_OAEP,
1365 Some(Digest::SHA_2_512)
1366 );
1367
1368 // Below macros generate tests for generating RSA keys with -
1369 // Padding mode: `RSA_OAEP`
1370 // Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
1371 // and create a decrypt operations using generated keys. Tests should create operations
1372 // successfully.
1373 test_rsa_encrypt_key_op!(
1374 encrypt_key_oaep_md5_no_mgf_2048,
1375 Some(Digest::MD5),
1376 2048,
1377 PaddingMode::RSA_OAEP,
1378 None
1379 );
1380 test_rsa_encrypt_key_op!(
1381 encrypt_key_oaep_sha1_no_mgf_2048,
1382 Some(Digest::SHA1),
1383 2048,
1384 PaddingMode::RSA_OAEP,
1385 None
1386 );
1387 test_rsa_encrypt_key_op!(
1388 encrypt_key_oaep_sha224_no_mgf_2048,
1389 Some(Digest::SHA_2_224),
1390 2048,
1391 PaddingMode::RSA_OAEP,
1392 None
1393 );
1394 test_rsa_encrypt_key_op!(
1395 encrypt_key_oaep_sha256_no_mgf_2048,
1396 Some(Digest::SHA_2_256),
1397 2048,
1398 PaddingMode::RSA_OAEP,
1399 None
1400 );
1401 test_rsa_encrypt_key_op!(
1402 encrypt_key_oaep_sha384_no_mgf_2048,
1403 Some(Digest::SHA_2_384),
1404 2048,
1405 PaddingMode::RSA_OAEP,
1406 None
1407 );
1408 test_rsa_encrypt_key_op!(
1409 encrypt_key_oaep_sha512_no_mgf_2048,
1410 Some(Digest::SHA_2_512),
1411 2048,
1412 PaddingMode::RSA_OAEP,
1413 None
1414 );
1415 test_rsa_encrypt_key_op!(
1416 encrypt_key_oaep_md5_no_mgf_3072,
1417 Some(Digest::MD5),
1418 3072,
1419 PaddingMode::RSA_OAEP,
1420 None
1421 );
1422 test_rsa_encrypt_key_op!(
1423 encrypt_key_oaep_sha1_no_mgf_3072,
1424 Some(Digest::SHA1),
1425 3072,
1426 PaddingMode::RSA_OAEP,
1427 None
1428 );
1429 test_rsa_encrypt_key_op!(
1430 encrypt_key_oaep_sha224_no_mgf_3072,
1431 Some(Digest::SHA_2_224),
1432 3072,
1433 PaddingMode::RSA_OAEP,
1434 None
1435 );
1436 test_rsa_encrypt_key_op!(
1437 encrypt_key_oaep_sha256_no_mgf_3072,
1438 Some(Digest::SHA_2_256),
1439 3072,
1440 PaddingMode::RSA_OAEP,
1441 None
1442 );
1443 test_rsa_encrypt_key_op!(
1444 encrypt_key_oaep_sha384_no_mgf_3072,
1445 Some(Digest::SHA_2_384),
1446 3072,
1447 PaddingMode::RSA_OAEP,
1448 None
1449 );
1450 test_rsa_encrypt_key_op!(
1451 encrypt_key_oaep_sha512_no_mgf_3072,
1452 Some(Digest::SHA_2_512),
1453 3072,
1454 PaddingMode::RSA_OAEP,
1455 None
1456 );
1457 test_rsa_encrypt_key_op!(
1458 encrypt_key_oaep_md5_no_mgf_4096,
1459 Some(Digest::MD5),
1460 4096,
1461 PaddingMode::RSA_OAEP,
1462 None
1463 );
1464 test_rsa_encrypt_key_op!(
1465 encrypt_key_oaep_sha1_no_mgf_4096,
1466 Some(Digest::SHA1),
1467 4096,
1468 PaddingMode::RSA_OAEP,
1469 None
1470 );
1471 test_rsa_encrypt_key_op!(
1472 encrypt_key_oaep_sha224_no_mgf_4096,
1473 Some(Digest::SHA_2_224),
1474 4096,
1475 PaddingMode::RSA_OAEP,
1476 None
1477 );
1478 test_rsa_encrypt_key_op!(
1479 encrypt_key_oaep_sha256_no_mgf_4096,
1480 Some(Digest::SHA_2_256),
1481 4096,
1482 PaddingMode::RSA_OAEP,
1483 None
1484 );
1485 test_rsa_encrypt_key_op!(
1486 encrypt_key_oaep_sha384_no_mgf_4096,
1487 Some(Digest::SHA_2_384),
1488 4096,
1489 PaddingMode::RSA_OAEP,
1490 None
1491 );
1492 test_rsa_encrypt_key_op!(
1493 encrypt_key_oaep_sha512_no_mgf_4096,
1494 Some(Digest::SHA_2_512),
1495 4096,
1496 PaddingMode::RSA_OAEP,
1497 None
1498 );
1499
1500 // Below macros generate tests for generating RSA encryption keys with only padding modes.
1501 // Padding modes: `NONE, RSA_PKCS1_1_5_ENCRYPT`
1502 // and try to create operations using generated keys, tests should create operations
1503 // successfully.
1504 test_rsa_encrypt_key_op!(encrypt_key_none_pad_2048, None, 2048, PaddingMode::NONE, None);
1505 test_rsa_encrypt_key_op!(encrypt_key_none_pad_3072, None, 3072, PaddingMode::NONE, None);
1506 test_rsa_encrypt_key_op!(encrypt_key_none_pad_4096, None, 4096, PaddingMode::NONE, None);
1507 test_rsa_encrypt_key_op!(
1508 encrypt_key_pkcs1_1_5_pad_2048,
1509 None,
1510 2048,
1511 PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
1512 None
1513 );
1514 test_rsa_encrypt_key_op!(
1515 encrypt_key_pkcs1_1_5_pad_3072,
1516 None,
1517 3072,
1518 PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
1519 None
1520 );
1521 test_rsa_encrypt_key_op!(
1522 encrypt_key_pkcs1_1_5_pad_4096,
1523 None,
1524 4096,
1525 PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
1526 None
1527 );
1528
1529 /// Generate RSA signing key with -
1530 /// Padding mode: RSA_PSS
1531 /// Digest mode: `NONE`.
1532 /// Try to create an operation with this generated key. Test should fail to create an operation with
1533 /// `INCOMPATIBLE_DIGEST` error code.
1534 #[test]
keystore2_rsa_generate_signing_key_padding_pss_fail()1535 fn keystore2_rsa_generate_signing_key_padding_pss_fail() {
1536 let keystore2 = get_keystore_service();
1537 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1538
1539 let alias = "ks_rsa_pss_none_key_op_test";
1540 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1541 &sec_level,
1542 Domain::APP,
1543 -1,
1544 Some(alias.to_string()),
1545 &key_generations::KeyParams {
1546 key_size: 2048,
1547 purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
1548 padding: Some(PaddingMode::RSA_PSS),
1549 digest: Some(Digest::NONE),
1550 mgf_digest: None,
1551 block_mode: None,
1552 att_challenge: None,
1553 },
1554 KeyPurpose::SIGN,
1555 ForcedOp(false),
1556 ));
1557 assert!(result.is_err());
1558 assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_DIGEST), result.unwrap_err());
1559 }
1560
1561 /// Generate RSA encryption key with -
1562 /// Digest mode: `NONE`
1563 /// Padding mode: `RSA_OAEP`
1564 /// Try to create an operation using generated key. Test should fail to create an operation
1565 /// with an error code `INCOMPATIBLE_DIGEST`.
1566 #[test]
keystore2_rsa_generate_key_with_oaep_padding_fail()1567 fn keystore2_rsa_generate_key_with_oaep_padding_fail() {
1568 let keystore2 = get_keystore_service();
1569 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1570
1571 let alias = "ks_rsa_key_oaep_padding_fail_test";
1572 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1573 &sec_level,
1574 Domain::APP,
1575 -1,
1576 Some(alias.to_string()),
1577 &key_generations::KeyParams {
1578 key_size: 2048,
1579 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1580 padding: Some(PaddingMode::RSA_OAEP),
1581 digest: Some(Digest::NONE),
1582 mgf_digest: None,
1583 block_mode: None,
1584 att_challenge: None,
1585 },
1586 KeyPurpose::DECRYPT,
1587 ForcedOp(false),
1588 ));
1589
1590 assert!(result.is_err());
1591 assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_DIGEST), result.unwrap_err());
1592 }
1593
1594 /// Generate RSA keys without padding and digest modes. Try to create decrypt operation without
1595 /// digest and padding. Creation of an operation should fail with an error code
1596 /// `UNSUPPORTED_PADDING_MODE`.
1597 #[test]
keystore2_rsa_generate_keys()1598 fn keystore2_rsa_generate_keys() {
1599 let keystore2 = get_keystore_service();
1600 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1601
1602 let alias = "ks_rsa_key_unsupport_padding_test";
1603 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1604 &sec_level,
1605 Domain::APP,
1606 -1,
1607 Some(alias.to_string()),
1608 &key_generations::KeyParams {
1609 key_size: 2048,
1610 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1611 padding: None,
1612 digest: None,
1613 mgf_digest: None,
1614 block_mode: None,
1615 att_challenge: None,
1616 },
1617 KeyPurpose::DECRYPT,
1618 ForcedOp(false),
1619 ));
1620 assert!(result.is_err());
1621 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PADDING_MODE), result.unwrap_err());
1622 }
1623
1624 /// Generate a RSA encryption key. Try to create a signing operation with it, an error
1625 /// `INCOMPATIBLE_PURPOSE` is expected as the generated key doesn't support sign operation.
1626 #[test]
keystore2_rsa_encrypt_key_op_invalid_purpose()1627 fn keystore2_rsa_encrypt_key_op_invalid_purpose() {
1628 let keystore2 = get_keystore_service();
1629 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1630
1631 let alias = "ks_rsa_test_key_1";
1632 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1633 &sec_level,
1634 Domain::APP,
1635 -1,
1636 Some(alias.to_string()),
1637 &key_generations::KeyParams {
1638 key_size: 2048,
1639 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1640 padding: Some(PaddingMode::RSA_PKCS1_1_5_ENCRYPT),
1641 digest: Some(Digest::SHA_2_256),
1642 mgf_digest: None,
1643 block_mode: None,
1644 att_challenge: None,
1645 },
1646 KeyPurpose::SIGN,
1647 ForcedOp(false),
1648 ));
1649 assert!(result.is_err());
1650 assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_PURPOSE), result.unwrap_err());
1651 }
1652
1653 /// Generate a RSA signing key. Try to create a decrypt operation with it, an error
1654 /// `INCOMPATIBLE_PURPOSE` is expected as the generated key doesn't support decrypt operation.
1655 #[test]
keystore2_rsa_sign_key_op_invalid_purpose()1656 fn keystore2_rsa_sign_key_op_invalid_purpose() {
1657 let keystore2 = get_keystore_service();
1658 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1659
1660 let alias = "ks_rsa_test_key_2";
1661 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1662 &sec_level,
1663 Domain::APP,
1664 -1,
1665 Some(alias.to_string()),
1666 &key_generations::KeyParams {
1667 key_size: 2048,
1668 purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
1669 padding: Some(PaddingMode::RSA_PKCS1_1_5_SIGN),
1670 digest: Some(Digest::SHA_2_256),
1671 mgf_digest: None,
1672 block_mode: None,
1673 att_challenge: None,
1674 },
1675 KeyPurpose::DECRYPT,
1676 ForcedOp(false),
1677 ));
1678 assert!(result.is_err());
1679 assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_PURPOSE), result.unwrap_err());
1680 }
1681
1682 /// Generate a RSA key with SIGN and AGREE_KEY purposes. Try to perform an operation using the
1683 /// generated key, an error `UNSUPPORTED_PURPOSE` is expected as RSA doesn't support AGREE_KEY.
1684 #[test]
keystore2_rsa_key_unsupported_purpose()1685 fn keystore2_rsa_key_unsupported_purpose() {
1686 let keystore2 = get_keystore_service();
1687 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1688
1689 let alias = "ks_rsa_key_test_3";
1690 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1691 &sec_level,
1692 Domain::APP,
1693 -1,
1694 Some(alias.to_string()),
1695 &key_generations::KeyParams {
1696 key_size: 2048,
1697 purpose: vec![KeyPurpose::AGREE_KEY],
1698 padding: Some(PaddingMode::RSA_PKCS1_1_5_SIGN),
1699 digest: Some(Digest::SHA_2_256),
1700 mgf_digest: None,
1701 block_mode: None,
1702 att_challenge: None,
1703 },
1704 KeyPurpose::AGREE_KEY,
1705 ForcedOp(false),
1706 ));
1707 assert!(result.is_err());
1708 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PURPOSE), result.unwrap_err());
1709 }
1710
1711 /// Generate a RSA encrypt key with padding mode supported for signing. Try to create an operation
1712 /// using generated key, an error `UNSUPPORTED_PADDING_MODE` is expected with unsupported padding
1713 /// mode.
1714 #[test]
keystore2_rsa_encrypt_key_unsupported_padding()1715 fn keystore2_rsa_encrypt_key_unsupported_padding() {
1716 let keystore2 = get_keystore_service();
1717 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1718 let paddings = [PaddingMode::RSA_PKCS1_1_5_SIGN, PaddingMode::RSA_PSS];
1719
1720 for padding in paddings {
1721 let alias = format!("ks_rsa_encrypt_key_unsupported_pad_test{}", padding.0);
1722 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1723 &sec_level,
1724 Domain::APP,
1725 -1,
1726 Some(alias.to_string()),
1727 &key_generations::KeyParams {
1728 key_size: 2048,
1729 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1730 padding: Some(padding),
1731 digest: Some(Digest::SHA_2_256),
1732 mgf_digest: None,
1733 block_mode: None,
1734 att_challenge: None,
1735 },
1736 KeyPurpose::DECRYPT,
1737 ForcedOp(false),
1738 ));
1739 assert!(result.is_err());
1740 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PADDING_MODE), result.unwrap_err());
1741 }
1742 }
1743
1744 /// Generate a RSA signing key with padding mode supported for encryption. Try to create an
1745 /// operation using generated key, an error `UNSUPPORTED_PADDING_MODE` is expected with
1746 /// unsupported padding mode.
1747 #[test]
keystore2_rsa_signing_key_unsupported_padding()1748 fn keystore2_rsa_signing_key_unsupported_padding() {
1749 let keystore2 = get_keystore_service();
1750 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1751 let paddings = [PaddingMode::RSA_PKCS1_1_5_ENCRYPT, PaddingMode::RSA_OAEP];
1752
1753 for padding in paddings {
1754 let alias = format!("ks_rsa_sign_key_unsupported_pad_test_4_{}", padding.0);
1755 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1756 &sec_level,
1757 Domain::APP,
1758 -1,
1759 Some(alias.to_string()),
1760 &key_generations::KeyParams {
1761 key_size: 2048,
1762 purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
1763 padding: Some(padding),
1764 digest: Some(Digest::SHA_2_256),
1765 mgf_digest: None,
1766 block_mode: None,
1767 att_challenge: None,
1768 },
1769 KeyPurpose::SIGN,
1770 ForcedOp(false),
1771 ));
1772 assert!(result.is_err());
1773 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PADDING_MODE), result.unwrap_err());
1774 }
1775 }
1776
1777 /// Generate a RSA encryption key. Try to perform encrypt operation using the generated
1778 /// key, an error `UNSUPPORTED_PURPOSE` is expected as encrypt operation is not supported
1779 /// with RSA key.
1780 #[test]
keystore2_rsa_key_unsupported_op()1781 fn keystore2_rsa_key_unsupported_op() {
1782 let keystore2 = get_keystore_service();
1783 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1784
1785 let alias = "ks_rsa_key_test_5";
1786 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1787 &sec_level,
1788 Domain::APP,
1789 -1,
1790 Some(alias.to_string()),
1791 &key_generations::KeyParams {
1792 key_size: 2048,
1793 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1794 padding: Some(PaddingMode::RSA_PKCS1_1_5_ENCRYPT),
1795 digest: Some(Digest::SHA_2_256),
1796 mgf_digest: None,
1797 block_mode: None,
1798 att_challenge: None,
1799 },
1800 KeyPurpose::ENCRYPT,
1801 ForcedOp(false),
1802 ));
1803
1804 assert!(result.is_err());
1805 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PURPOSE), result.unwrap_err());
1806 }
1807
1808 /// Generate a RSA key with encrypt, sign and verify purpose. Try to perform decrypt operation
1809 /// using the generated key, an error `INCOMPATIBLE_PURPOSE` is expected as the key is not
1810 /// generated with decrypt purpose.
1811 #[test]
keystore2_rsa_key_missing_purpose()1812 fn keystore2_rsa_key_missing_purpose() {
1813 let keystore2 = get_keystore_service();
1814 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1815
1816 let alias = "ks_rsa_key_test_6";
1817 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1818 &sec_level,
1819 Domain::APP,
1820 -1,
1821 Some(alias.to_string()),
1822 &key_generations::KeyParams {
1823 key_size: 2048,
1824 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::SIGN, KeyPurpose::VERIFY],
1825 padding: Some(PaddingMode::RSA_PKCS1_1_5_ENCRYPT),
1826 digest: Some(Digest::SHA_2_256),
1827 mgf_digest: None,
1828 block_mode: None,
1829 att_challenge: None,
1830 },
1831 KeyPurpose::DECRYPT,
1832 ForcedOp(false),
1833 ));
1834
1835 assert!(result.is_err());
1836 assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_PURPOSE), result.unwrap_err());
1837 }
1838
1839 /// Generate RSA encryption keys with OAEP padding mode and without digest mode. Try to create an
1840 /// operation with generated key, unsupported digest error is expected.
1841 #[test]
keystore2_rsa_gen_keys_with_oaep_paddings_without_digest()1842 fn keystore2_rsa_gen_keys_with_oaep_paddings_without_digest() {
1843 let keystore2 = get_keystore_service();
1844 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1845
1846 let alias = "ks_rsa_key_padding_fail";
1847 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1848 &sec_level,
1849 Domain::APP,
1850 -1,
1851 Some(alias.to_string()),
1852 &key_generations::KeyParams {
1853 key_size: 2048,
1854 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1855 padding: Some(PaddingMode::RSA_OAEP),
1856 digest: None,
1857 mgf_digest: None,
1858 block_mode: None,
1859 att_challenge: None,
1860 },
1861 KeyPurpose::DECRYPT,
1862 ForcedOp(false),
1863 ));
1864
1865 assert!(result.is_err());
1866 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_DIGEST), result.unwrap_err());
1867 }
1868
1869 /// Generate RSA keys with unsupported key size, an error `UNSUPPORTED_KEY_SIZE` is expected.
1870 #[test]
keystore2_rsa_gen_keys_unsupported_size()1871 fn keystore2_rsa_gen_keys_unsupported_size() {
1872 let keystore2 = get_keystore_service();
1873 let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
1874
1875 let alias = "ks_rsa_key_padding_fail";
1876 let result = key_generations::map_ks_error(key_generations::generate_rsa_key(
1877 &sec_level,
1878 Domain::APP,
1879 -1,
1880 Some(alias.to_string()),
1881 &key_generations::KeyParams {
1882 key_size: 5120,
1883 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::SIGN, KeyPurpose::VERIFY],
1884 padding: Some(PaddingMode::RSA_PKCS1_1_5_ENCRYPT),
1885 digest: Some(Digest::SHA_2_256),
1886 mgf_digest: None,
1887 block_mode: None,
1888 att_challenge: None,
1889 },
1890 None,
1891 ));
1892
1893 assert!(result.is_err());
1894 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_KEY_SIZE), result.unwrap_err());
1895 }
1896