1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 use crate::keystore2_client_test_utils::{delete_app_key, perform_sample_sign_operation, ForcedOp};
16 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
17 Digest::Digest, ErrorCode::ErrorCode, KeyPurpose::KeyPurpose, PaddingMode::PaddingMode,
18 };
19 use android_system_keystore2::aidl::android::system::keystore2::{
20 CreateOperationResponse::CreateOperationResponse, Domain::Domain,
21 };
22 use keystore2_test_utils::{authorizations, key_generations, key_generations::Error, SecLevel};
23
24 /// This macro is used for creating signing key operation tests using digests and paddings
25 /// for various key sizes.
26 macro_rules! test_rsa_sign_key_op {
27 ( $test_name:ident, $digest:expr, $key_size:expr, $padding:expr ) => {
28 #[test]
29 fn $test_name() {
30 perform_rsa_sign_key_op_success($digest, $key_size, stringify!($test_name), $padding);
31 }
32 };
33
34 ( $test_name:ident, $digest:expr, $padding:expr ) => {
35 #[test]
36 fn $test_name() {
37 perform_rsa_sign_key_op_failure($digest, stringify!($test_name), $padding);
38 }
39 };
40 }
41
42 /// This macro is used for creating encrypt/decrypt key operation tests using digests, mgf-digests
43 /// and paddings for various key sizes.
44 macro_rules! test_rsa_encrypt_key_op {
45 ( $test_name:ident, $digest:expr, $key_size:expr, $padding:expr ) => {
46 #[test]
47 fn $test_name() {
48 create_rsa_encrypt_decrypt_key_op_success(
49 $digest,
50 $key_size,
51 stringify!($test_name),
52 $padding,
53 None,
54 );
55 }
56 };
57
58 ( $test_name:ident, $digest:expr, $key_size:expr, $padding:expr, $mgf_digest:expr ) => {
59 #[test]
60 fn $test_name() {
61 create_rsa_encrypt_decrypt_key_op_success(
62 $digest,
63 $key_size,
64 stringify!($test_name),
65 $padding,
66 $mgf_digest,
67 );
68 }
69 };
70 }
71
72 /// Generate a RSA key and create an operation using the generated key.
create_rsa_key_and_operation( sl: &SecLevel, domain: Domain, nspace: i64, alias: Option<String>, key_params: &key_generations::KeyParams, op_purpose: KeyPurpose, forced_op: ForcedOp, ) -> binder::Result<Option<CreateOperationResponse>>73 fn create_rsa_key_and_operation(
74 sl: &SecLevel,
75 domain: Domain,
76 nspace: i64,
77 alias: Option<String>,
78 key_params: &key_generations::KeyParams,
79 op_purpose: KeyPurpose,
80 forced_op: ForcedOp,
81 ) -> binder::Result<Option<CreateOperationResponse>> {
82 let Some(key_metadata) =
83 key_generations::generate_rsa_key(sl, domain, nspace, alias, key_params, None)?
84 else {
85 return Ok(None);
86 };
87
88 let mut op_params = authorizations::AuthSetBuilder::new().purpose(op_purpose);
89
90 if let Some(value) = key_params.digest {
91 op_params = op_params.digest(value)
92 }
93 if let Some(value) = key_params.padding {
94 op_params = op_params.padding_mode(value);
95 }
96 if let Some(value) = key_params.mgf_digest {
97 op_params = op_params.mgf_digest(value);
98 }
99 if let Some(value) = key_params.block_mode {
100 op_params = op_params.block_mode(value)
101 }
102
103 sl.binder.createOperation(&key_metadata.key, &op_params, forced_op.0).map(Some)
104 }
105
106 /// Generate RSA signing key with given parameters and perform signing operation.
perform_rsa_sign_key_op_success( digest: Digest, key_size: i32, alias: &str, padding: PaddingMode, )107 fn perform_rsa_sign_key_op_success(
108 digest: Digest,
109 key_size: i32,
110 alias: &str,
111 padding: PaddingMode,
112 ) {
113 let sl = SecLevel::tee();
114
115 let Some(op_response) = create_rsa_key_and_operation(
116 &sl,
117 Domain::APP,
118 -1,
119 Some(alias.to_string()),
120 &key_generations::KeyParams {
121 key_size,
122 purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
123 padding: Some(padding),
124 digest: Some(digest),
125 mgf_digest: None,
126 block_mode: None,
127 att_challenge: None,
128 },
129 KeyPurpose::SIGN,
130 ForcedOp(false),
131 )
132 .expect("Failed to create an operation.") else {
133 return;
134 };
135
136 assert!(op_response.iOperation.is_some());
137 assert_eq!(
138 Ok(()),
139 key_generations::map_ks_error(perform_sample_sign_operation(
140 &op_response.iOperation.unwrap()
141 ))
142 );
143
144 delete_app_key(&sl.keystore2, alias).unwrap();
145 }
146
147 /// Generate RSA signing key with given parameters and try to perform signing operation.
148 /// Error `INCOMPATIBLE_DIGEST | UNKNOWN_ERROR` is expected while creating an opearation.
perform_rsa_sign_key_op_failure(digest: Digest, alias: &str, padding: PaddingMode)149 fn perform_rsa_sign_key_op_failure(digest: Digest, alias: &str, padding: PaddingMode) {
150 let sl = SecLevel::tee();
151
152 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
153 &sl,
154 Domain::APP,
155 -1,
156 Some(alias.to_string()),
157 &key_generations::KeyParams {
158 key_size: 2048,
159 purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
160 padding: Some(padding),
161 digest: Some(digest),
162 mgf_digest: None,
163 block_mode: None,
164 att_challenge: None,
165 },
166 KeyPurpose::SIGN,
167 ForcedOp(false),
168 ));
169 assert!(result.is_err());
170
171 let e = result.unwrap_err();
172 assert!(
173 e == Error::Km(ErrorCode::UNKNOWN_ERROR) || e == Error::Km(ErrorCode::INCOMPATIBLE_DIGEST)
174 );
175
176 delete_app_key(&sl.keystore2, alias).unwrap();
177 }
178
179 /// Generate RSA encrypt/decrypt key with given parameters and perform decrypt operation.
create_rsa_encrypt_decrypt_key_op_success( digest: Option<Digest>, key_size: i32, alias: &str, padding: PaddingMode, mgf_digest: Option<Digest>, )180 fn create_rsa_encrypt_decrypt_key_op_success(
181 digest: Option<Digest>,
182 key_size: i32,
183 alias: &str,
184 padding: PaddingMode,
185 mgf_digest: Option<Digest>,
186 ) {
187 let sl = SecLevel::tee();
188
189 let result = create_rsa_key_and_operation(
190 &sl,
191 Domain::APP,
192 -1,
193 Some(alias.to_string()),
194 &key_generations::KeyParams {
195 key_size,
196 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
197 padding: Some(padding),
198 digest,
199 mgf_digest,
200 block_mode: None,
201 att_challenge: None,
202 },
203 KeyPurpose::DECRYPT,
204 ForcedOp(false),
205 );
206
207 assert!(result.is_ok());
208
209 delete_app_key(&sl.keystore2, alias).unwrap();
210 }
211
212 // Below macros generate tests for generating RSA signing keys with -
213 // Padding mode: RSA_PKCS1_1_5_SIGN
214 // Digest modes: `NONE, MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
215 // and create operations with generated keys. Tests should create operations successfully.
216 test_rsa_sign_key_op!(
217 sign_key_pkcs1_1_5_none_2048,
218 Digest::NONE,
219 2048,
220 PaddingMode::RSA_PKCS1_1_5_SIGN
221 );
222 test_rsa_sign_key_op!(
223 sign_key_pkcs1_1_5_md5_2048,
224 Digest::MD5,
225 2048,
226 PaddingMode::RSA_PKCS1_1_5_SIGN
227 );
228 test_rsa_sign_key_op!(
229 sign_key_pkcs1_1_5_sha1_2048,
230 Digest::SHA1,
231 2048,
232 PaddingMode::RSA_PKCS1_1_5_SIGN
233 );
234 test_rsa_sign_key_op!(
235 sign_key_pkcs1_1_5_sha224_2048,
236 Digest::SHA_2_224,
237 2048,
238 PaddingMode::RSA_PKCS1_1_5_SIGN
239 );
240 test_rsa_sign_key_op!(
241 sign_key_pkcs1_1_5_sha256_2048,
242 Digest::SHA_2_256,
243 2048,
244 PaddingMode::RSA_PKCS1_1_5_SIGN
245 );
246 test_rsa_sign_key_op!(
247 sign_key_pkcs1_1_5_sha384_2048,
248 Digest::SHA_2_384,
249 2048,
250 PaddingMode::RSA_PKCS1_1_5_SIGN
251 );
252 test_rsa_sign_key_op!(
253 sign_key_pkcs1_1_5_sha512_2048,
254 Digest::SHA_2_512,
255 2048,
256 PaddingMode::RSA_PKCS1_1_5_SIGN
257 );
258 test_rsa_sign_key_op!(
259 sign_key_pkcs1_1_5_none_3072,
260 Digest::NONE,
261 3072,
262 PaddingMode::RSA_PKCS1_1_5_SIGN
263 );
264 test_rsa_sign_key_op!(
265 sign_key_pkcs1_1_5_md5_3072,
266 Digest::MD5,
267 3072,
268 PaddingMode::RSA_PKCS1_1_5_SIGN
269 );
270 test_rsa_sign_key_op!(
271 sign_key_pkcs1_1_5_sha1_3072,
272 Digest::SHA1,
273 3072,
274 PaddingMode::RSA_PKCS1_1_5_SIGN
275 );
276 test_rsa_sign_key_op!(
277 sign_key_pkcs1_1_5_sha224_3072,
278 Digest::SHA_2_224,
279 3072,
280 PaddingMode::RSA_PKCS1_1_5_SIGN
281 );
282 test_rsa_sign_key_op!(
283 sign_key_pkcs1_1_5_sha256_3072,
284 Digest::SHA_2_256,
285 3072,
286 PaddingMode::RSA_PKCS1_1_5_SIGN
287 );
288 test_rsa_sign_key_op!(
289 sign_key_pkcs1_1_5_sha384_3072,
290 Digest::SHA_2_384,
291 3072,
292 PaddingMode::RSA_PKCS1_1_5_SIGN
293 );
294 test_rsa_sign_key_op!(
295 sign_key_pkcs1_1_5_sha512_3072,
296 Digest::SHA_2_512,
297 3072,
298 PaddingMode::RSA_PKCS1_1_5_SIGN
299 );
300 test_rsa_sign_key_op!(
301 sign_key_pkcs1_1_5_none_4096,
302 Digest::NONE,
303 4096,
304 PaddingMode::RSA_PKCS1_1_5_SIGN
305 );
306 test_rsa_sign_key_op!(
307 sign_key_pkcs1_1_5_md5_4096,
308 Digest::MD5,
309 4096,
310 PaddingMode::RSA_PKCS1_1_5_SIGN
311 );
312 test_rsa_sign_key_op!(
313 sign_key_pkcs1_1_5_sha1_4096,
314 Digest::SHA1,
315 4096,
316 PaddingMode::RSA_PKCS1_1_5_SIGN
317 );
318 test_rsa_sign_key_op!(
319 sign_key_pkcs1_1_5_sha224_4096,
320 Digest::SHA_2_224,
321 4096,
322 PaddingMode::RSA_PKCS1_1_5_SIGN
323 );
324 test_rsa_sign_key_op!(
325 sign_key_pkcs1_1_5_sha256_4096,
326 Digest::SHA_2_256,
327 4096,
328 PaddingMode::RSA_PKCS1_1_5_SIGN
329 );
330 test_rsa_sign_key_op!(
331 sign_key_pkcs1_1_5_sha384_4096,
332 Digest::SHA_2_384,
333 4096,
334 PaddingMode::RSA_PKCS1_1_5_SIGN
335 );
336 test_rsa_sign_key_op!(
337 sign_key_pkcs1_1_5_sha512_4096,
338 Digest::SHA_2_512,
339 4096,
340 PaddingMode::RSA_PKCS1_1_5_SIGN
341 );
342
343 // Below macros generate tests for generating RSA signing keys with -
344 // Padding mode: RSA_PSS
345 // Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
346 // and create operations with generated keys. Tests should create operations
347 // successfully.
348 test_rsa_sign_key_op!(sign_key_pss_md5_2048, Digest::MD5, 2048, PaddingMode::RSA_PSS);
349 test_rsa_sign_key_op!(sign_key_pss_sha1_2048, Digest::SHA1, 2048, PaddingMode::RSA_PSS);
350 test_rsa_sign_key_op!(sign_key_pss_sha224_2048, Digest::SHA_2_224, 2048, PaddingMode::RSA_PSS);
351 test_rsa_sign_key_op!(sign_key_pss_sha256_2048, Digest::SHA_2_256, 2048, PaddingMode::RSA_PSS);
352 test_rsa_sign_key_op!(sign_key_pss_sha384_2048, Digest::SHA_2_384, 2048, PaddingMode::RSA_PSS);
353 test_rsa_sign_key_op!(sign_key_pss_sha512_2048, Digest::SHA_2_512, 2048, PaddingMode::RSA_PSS);
354 test_rsa_sign_key_op!(sign_key_pss_md5_3072, Digest::MD5, 3072, PaddingMode::RSA_PSS);
355 test_rsa_sign_key_op!(sign_key_pss_sha1_3072, Digest::SHA1, 3072, PaddingMode::RSA_PSS);
356 test_rsa_sign_key_op!(sign_key_pss_sha224_3072, Digest::SHA_2_224, 3072, PaddingMode::RSA_PSS);
357 test_rsa_sign_key_op!(sign_key_pss_sha256_3072, Digest::SHA_2_256, 3072, PaddingMode::RSA_PSS);
358 test_rsa_sign_key_op!(sign_key_pss_sha384_3072, Digest::SHA_2_384, 3072, PaddingMode::RSA_PSS);
359 test_rsa_sign_key_op!(sign_key_pss_sha512_3072, Digest::SHA_2_512, 3072, PaddingMode::RSA_PSS);
360 test_rsa_sign_key_op!(sign_key_pss_md5_4096, Digest::MD5, 4096, PaddingMode::RSA_PSS);
361 test_rsa_sign_key_op!(sign_key_pss_sha1_4096, Digest::SHA1, 4096, PaddingMode::RSA_PSS);
362 test_rsa_sign_key_op!(sign_key_pss_sha224_4096, Digest::SHA_2_224, 4096, PaddingMode::RSA_PSS);
363 test_rsa_sign_key_op!(sign_key_pss_sha256_4096, Digest::SHA_2_256, 4096, PaddingMode::RSA_PSS);
364 test_rsa_sign_key_op!(sign_key_pss_sha384_4096, Digest::SHA_2_384, 4096, PaddingMode::RSA_PSS);
365 test_rsa_sign_key_op!(sign_key_pss_sha512_4096, Digest::SHA_2_512, 4096, PaddingMode::RSA_PSS);
366
367 // Below macros generate tests for generating RSA signing keys with -
368 // Padding mode: `NONE`
369 // Digest mode `NONE`
370 // and try to create operations with generated keys. Tests should create operations
371 // successfully.
372 test_rsa_sign_key_op!(sign_key_none_none_2048, Digest::NONE, 2048, PaddingMode::NONE);
373 test_rsa_sign_key_op!(sign_key_none_none_3072, Digest::NONE, 3072, PaddingMode::NONE);
374 test_rsa_sign_key_op!(sign_key_none_none_4096, Digest::NONE, 4096, PaddingMode::NONE);
375
376 // Below macros generate tests for generating RSA signing keys with -
377 // Padding mode: `NONE`
378 // Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
379 // and create operations with generated keys. Tests should fail to create operations with
380 // an error code `UNKNOWN_ERROR | INCOMPATIBLE_DIGEST`.
381 test_rsa_sign_key_op!(sign_key_none_md5_2048, Digest::MD5, PaddingMode::NONE);
382 test_rsa_sign_key_op!(sign_key_none_sha1_2048, Digest::SHA1, PaddingMode::NONE);
383 test_rsa_sign_key_op!(sign_key_none_sha224_2048, Digest::SHA_2_224, PaddingMode::NONE);
384 test_rsa_sign_key_op!(sign_key_none_sha256_2048, Digest::SHA_2_256, PaddingMode::NONE);
385 test_rsa_sign_key_op!(sign_key_none_sha384_2048, Digest::SHA_2_384, PaddingMode::NONE);
386 test_rsa_sign_key_op!(sign_key_none_sha512_2048, Digest::SHA_2_512, PaddingMode::NONE);
387
388 // Below macros generate tests for generating RSA encryption keys with various digest mode
389 // and padding mode combinations.
390 // Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
391 // Padding modes: `NONE, RSA_PKCS1_1_5_ENCRYPT`
392 // and try to create operations using generated keys, tests should create operations successfully.
393 test_rsa_encrypt_key_op!(
394 encrypt_key_pkcs1_1_5_none_2048,
395 Some(Digest::NONE),
396 2048,
397 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
398 );
399 test_rsa_encrypt_key_op!(
400 encrypt_key_pkcs1_1_5_md5_2048,
401 Some(Digest::MD5),
402 2048,
403 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
404 );
405 test_rsa_encrypt_key_op!(
406 encrypt_key_pkcs1_1_5_sha1_2048,
407 Some(Digest::SHA1),
408 2048,
409 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
410 );
411 test_rsa_encrypt_key_op!(
412 encrypt_key_pkcs1_1_5_sha224_2048,
413 Some(Digest::SHA_2_224),
414 2048,
415 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
416 );
417 test_rsa_encrypt_key_op!(
418 encrypt_key_pkcs1_1_5_sha256_2048,
419 Some(Digest::SHA_2_256),
420 2048,
421 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
422 );
423 test_rsa_encrypt_key_op!(
424 encrypt_key_pkcs1_1_5_sha384_2048,
425 Some(Digest::SHA_2_384),
426 2048,
427 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
428 );
429 test_rsa_encrypt_key_op!(
430 encrypt_key_pkcs1_1_5_sha512_2048,
431 Some(Digest::SHA_2_512),
432 2048,
433 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
434 );
435 test_rsa_encrypt_key_op!(
436 encrypt_key_pkcs1_1_5_none_3072,
437 Some(Digest::NONE),
438 3072,
439 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
440 );
441 test_rsa_encrypt_key_op!(
442 encrypt_key_pkcs1_1_5_md5_3072,
443 Some(Digest::MD5),
444 3072,
445 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
446 );
447 test_rsa_encrypt_key_op!(
448 encrypt_key_pkcs1_1_5_sha1_3072,
449 Some(Digest::SHA1),
450 3072,
451 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
452 );
453 test_rsa_encrypt_key_op!(
454 encrypt_key_pkcs1_1_5_sha224_3072,
455 Some(Digest::SHA_2_224),
456 3072,
457 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
458 );
459 test_rsa_encrypt_key_op!(
460 encrypt_key_pkcs1_1_5_sha256_3072,
461 Some(Digest::SHA_2_256),
462 3072,
463 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
464 );
465 test_rsa_encrypt_key_op!(
466 encrypt_key_pkcs1_1_5_sha384_3072,
467 Some(Digest::SHA_2_384),
468 3072,
469 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
470 );
471 test_rsa_encrypt_key_op!(
472 encrypt_key_pkcs1_1_5_sha512_3072,
473 Some(Digest::SHA_2_512),
474 3072,
475 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
476 );
477 test_rsa_encrypt_key_op!(
478 encrypt_key_pkcs1_1_5_none_4096,
479 Some(Digest::NONE),
480 4096,
481 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
482 );
483 test_rsa_encrypt_key_op!(
484 encrypt_key_pkcs1_1_5_md5_4096,
485 Some(Digest::MD5),
486 4096,
487 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
488 );
489 test_rsa_encrypt_key_op!(
490 encrypt_key_pkcs1_1_5_sha1_4096,
491 Some(Digest::SHA1),
492 4096,
493 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
494 );
495 test_rsa_encrypt_key_op!(
496 encrypt_key_pkcs1_1_5_sha224_4096,
497 Some(Digest::SHA_2_224),
498 4096,
499 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
500 );
501 test_rsa_encrypt_key_op!(
502 encrypt_key_pkcs1_1_5_sha256_4096,
503 Some(Digest::SHA_2_256),
504 4096,
505 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
506 );
507 test_rsa_encrypt_key_op!(
508 encrypt_key_pkcs1_1_5_sha384_4096,
509 Some(Digest::SHA_2_384),
510 4096,
511 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
512 );
513 test_rsa_encrypt_key_op!(
514 encrypt_key_pkcs1_1_5_sha512_4096,
515 Some(Digest::SHA_2_512),
516 4096,
517 PaddingMode::RSA_PKCS1_1_5_ENCRYPT
518 );
519 test_rsa_encrypt_key_op!(encrypt_key_none_none_2048, Some(Digest::NONE), 2048, PaddingMode::NONE);
520 test_rsa_encrypt_key_op!(encrypt_key_none_md5_2048, Some(Digest::MD5), 2048, PaddingMode::NONE);
521 test_rsa_encrypt_key_op!(encrypt_key_none_sha1_2048, Some(Digest::SHA1), 2048, PaddingMode::NONE);
522 test_rsa_encrypt_key_op!(
523 encrypt_key_none_sha224_2048,
524 Some(Digest::SHA_2_224),
525 2048,
526 PaddingMode::NONE
527 );
528 test_rsa_encrypt_key_op!(
529 encrypt_key_none_sha256_2048,
530 Some(Digest::SHA_2_256),
531 2048,
532 PaddingMode::NONE
533 );
534 test_rsa_encrypt_key_op!(
535 encrypt_key_none_sha384_2048,
536 Some(Digest::SHA_2_384),
537 2048,
538 PaddingMode::NONE
539 );
540 test_rsa_encrypt_key_op!(
541 encrypt_key_none_sha512_2048,
542 Some(Digest::SHA_2_512),
543 2048,
544 PaddingMode::NONE
545 );
546 test_rsa_encrypt_key_op!(encrypt_key_none_none_3072, Some(Digest::NONE), 3072, PaddingMode::NONE);
547 test_rsa_encrypt_key_op!(encrypt_key_none_md5_3072, Some(Digest::MD5), 3072, PaddingMode::NONE);
548 test_rsa_encrypt_key_op!(encrypt_key_none_sha1_3072, Some(Digest::SHA1), 3072, PaddingMode::NONE);
549 test_rsa_encrypt_key_op!(
550 encrypt_key_none_sha224_3072,
551 Some(Digest::SHA_2_224),
552 3072,
553 PaddingMode::NONE
554 );
555 test_rsa_encrypt_key_op!(
556 encrypt_key_none_sha256_3072,
557 Some(Digest::SHA_2_256),
558 3072,
559 PaddingMode::NONE
560 );
561 test_rsa_encrypt_key_op!(
562 encrypt_key_none_sha384_3072,
563 Some(Digest::SHA_2_384),
564 3072,
565 PaddingMode::NONE
566 );
567 test_rsa_encrypt_key_op!(
568 encrypt_key_none_sha512_3072,
569 Some(Digest::SHA_2_512),
570 3072,
571 PaddingMode::NONE
572 );
573 test_rsa_encrypt_key_op!(encrypt_key_none_none_4096, Some(Digest::NONE), 4096, PaddingMode::NONE);
574 test_rsa_encrypt_key_op!(encrypt_key_none_md5_4096, Some(Digest::MD5), 4096, PaddingMode::NONE);
575 test_rsa_encrypt_key_op!(encrypt_key_none_sha1_4096, Some(Digest::SHA1), 4096, PaddingMode::NONE);
576 test_rsa_encrypt_key_op!(
577 encrypt_key_none_sha224_4096,
578 Some(Digest::SHA_2_224),
579 4096,
580 PaddingMode::NONE
581 );
582 test_rsa_encrypt_key_op!(
583 encrypt_key_none_sha256_4096,
584 Some(Digest::SHA_2_256),
585 4096,
586 PaddingMode::NONE
587 );
588 test_rsa_encrypt_key_op!(
589 encrypt_key_none_sha384_4096,
590 Some(Digest::SHA_2_384),
591 4096,
592 PaddingMode::NONE
593 );
594 test_rsa_encrypt_key_op!(
595 encrypt_key_none_sha512_4096,
596 Some(Digest::SHA_2_512),
597 4096,
598 PaddingMode::NONE
599 );
600
601 // Below macros generate tests for generating RSA keys with -
602 // Padding Mode: `RSA_OAEP`
603 // Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
604 // mgf-digests: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
605 // and create a decrypt operations using generated keys. Tests should create operations
606 // successfully.
607 test_rsa_encrypt_key_op!(
608 encrypt_key_oaep_md5_md5_2048,
609 Some(Digest::MD5),
610 2048,
611 PaddingMode::RSA_OAEP,
612 Some(Digest::MD5)
613 );
614 test_rsa_encrypt_key_op!(
615 encrypt_key_oaep_md5_sha1_2048,
616 Some(Digest::MD5),
617 2048,
618 PaddingMode::RSA_OAEP,
619 Some(Digest::SHA1)
620 );
621 test_rsa_encrypt_key_op!(
622 encrypt_key_oaep_md5_sha224_2048,
623 Some(Digest::MD5),
624 2048,
625 PaddingMode::RSA_OAEP,
626 Some(Digest::SHA_2_224)
627 );
628 test_rsa_encrypt_key_op!(
629 encrypt_key_oaep_md5_sha256_2048,
630 Some(Digest::MD5),
631 2048,
632 PaddingMode::RSA_OAEP,
633 Some(Digest::SHA_2_256)
634 );
635 test_rsa_encrypt_key_op!(
636 encrypt_key_oaep_md5_sha384_2048,
637 Some(Digest::MD5),
638 2048,
639 PaddingMode::RSA_OAEP,
640 Some(Digest::SHA_2_384)
641 );
642 test_rsa_encrypt_key_op!(
643 encrypt_key_oaep_md5_sha512_2048,
644 Some(Digest::MD5),
645 2048,
646 PaddingMode::RSA_OAEP,
647 Some(Digest::SHA_2_512)
648 );
649 test_rsa_encrypt_key_op!(
650 encrypt_key_oaep_sha1_md5_2048,
651 Some(Digest::SHA1),
652 2048,
653 PaddingMode::RSA_OAEP,
654 Some(Digest::MD5)
655 );
656 test_rsa_encrypt_key_op!(
657 encrypt_key_oaep_sha1_sha1_2048,
658 Some(Digest::SHA1),
659 2048,
660 PaddingMode::RSA_OAEP,
661 Some(Digest::SHA1)
662 );
663 test_rsa_encrypt_key_op!(
664 encrypt_key_oaep_sha1_sha224_2048,
665 Some(Digest::SHA1),
666 2048,
667 PaddingMode::RSA_OAEP,
668 Some(Digest::SHA_2_224)
669 );
670 test_rsa_encrypt_key_op!(
671 encrypt_key_oaep_sha1_sha256_2048,
672 Some(Digest::SHA1),
673 2048,
674 PaddingMode::RSA_OAEP,
675 Some(Digest::SHA_2_256)
676 );
677 test_rsa_encrypt_key_op!(
678 encrypt_key_oaep_sha1_sha384_2048,
679 Some(Digest::SHA1),
680 2048,
681 PaddingMode::RSA_OAEP,
682 Some(Digest::SHA_2_384)
683 );
684 test_rsa_encrypt_key_op!(
685 encrypt_key_oaep_sha1_sha512_2048,
686 Some(Digest::SHA1),
687 2048,
688 PaddingMode::RSA_OAEP,
689 Some(Digest::SHA_2_512)
690 );
691 test_rsa_encrypt_key_op!(
692 encrypt_key_oaep_sha224_md5_2048,
693 Some(Digest::SHA_2_224),
694 2048,
695 PaddingMode::RSA_OAEP,
696 Some(Digest::MD5)
697 );
698 test_rsa_encrypt_key_op!(
699 encrypt_key_oaep_sha224_sha1_2048,
700 Some(Digest::SHA_2_224),
701 2048,
702 PaddingMode::RSA_OAEP,
703 Some(Digest::SHA1)
704 );
705 test_rsa_encrypt_key_op!(
706 encrypt_key_oaep_sha224_sha224_2048,
707 Some(Digest::SHA_2_224),
708 2048,
709 PaddingMode::RSA_OAEP,
710 Some(Digest::SHA_2_224)
711 );
712 test_rsa_encrypt_key_op!(
713 encrypt_key_oaep_sha224_sha256_2048,
714 Some(Digest::SHA_2_224),
715 2048,
716 PaddingMode::RSA_OAEP,
717 Some(Digest::SHA_2_256)
718 );
719 test_rsa_encrypt_key_op!(
720 encrypt_key_oaep_sha224_sha384_2048,
721 Some(Digest::SHA_2_224),
722 2048,
723 PaddingMode::RSA_OAEP,
724 Some(Digest::SHA_2_384)
725 );
726 test_rsa_encrypt_key_op!(
727 encrypt_key_oaep_sha224_sha512_2048,
728 Some(Digest::SHA_2_224),
729 2048,
730 PaddingMode::RSA_OAEP,
731 Some(Digest::SHA_2_512)
732 );
733 test_rsa_encrypt_key_op!(
734 encrypt_key_oaep_sha256_md5_2048,
735 Some(Digest::SHA_2_256),
736 2048,
737 PaddingMode::RSA_OAEP,
738 Some(Digest::MD5)
739 );
740 test_rsa_encrypt_key_op!(
741 encrypt_key_oaep_sha256_sha1_2048,
742 Some(Digest::SHA_2_256),
743 2048,
744 PaddingMode::RSA_OAEP,
745 Some(Digest::SHA1)
746 );
747 test_rsa_encrypt_key_op!(
748 encrypt_key_oaep_sha256_sha224_2048,
749 Some(Digest::SHA_2_256),
750 2048,
751 PaddingMode::RSA_OAEP,
752 Some(Digest::SHA_2_224)
753 );
754 test_rsa_encrypt_key_op!(
755 encrypt_key_oaep_sha256_sha256_2048,
756 Some(Digest::SHA_2_256),
757 2048,
758 PaddingMode::RSA_OAEP,
759 Some(Digest::SHA_2_256)
760 );
761 test_rsa_encrypt_key_op!(
762 encrypt_key_oaep_sha256_sha384_2048,
763 Some(Digest::SHA_2_256),
764 2048,
765 PaddingMode::RSA_OAEP,
766 Some(Digest::SHA_2_384)
767 );
768 test_rsa_encrypt_key_op!(
769 encrypt_key_oaep_sha256_sha512_2048,
770 Some(Digest::SHA_2_256),
771 2048,
772 PaddingMode::RSA_OAEP,
773 Some(Digest::SHA_2_512)
774 );
775 test_rsa_encrypt_key_op!(
776 encrypt_key_oaep_sha384_md5_2048,
777 Some(Digest::SHA_2_384),
778 2048,
779 PaddingMode::RSA_OAEP,
780 Some(Digest::MD5)
781 );
782 test_rsa_encrypt_key_op!(
783 encrypt_key_oaep_sha384_sha1_2048,
784 Some(Digest::SHA_2_384),
785 2048,
786 PaddingMode::RSA_OAEP,
787 Some(Digest::SHA1)
788 );
789 test_rsa_encrypt_key_op!(
790 encrypt_key_oaep_sha384_sha224_2048,
791 Some(Digest::SHA_2_384),
792 2048,
793 PaddingMode::RSA_OAEP,
794 Some(Digest::SHA_2_224)
795 );
796 test_rsa_encrypt_key_op!(
797 encrypt_key_oaep_sha384_sha256_2048,
798 Some(Digest::SHA_2_384),
799 2048,
800 PaddingMode::RSA_OAEP,
801 Some(Digest::SHA_2_256)
802 );
803 test_rsa_encrypt_key_op!(
804 encrypt_key_oaep_sha384_sha384_2048,
805 Some(Digest::SHA_2_384),
806 2048,
807 PaddingMode::RSA_OAEP,
808 Some(Digest::SHA_2_384)
809 );
810 test_rsa_encrypt_key_op!(
811 encrypt_key_oaep_sha384_sha512_2048,
812 Some(Digest::SHA_2_384),
813 2048,
814 PaddingMode::RSA_OAEP,
815 Some(Digest::SHA_2_512)
816 );
817 test_rsa_encrypt_key_op!(
818 encrypt_key_oaep_sha512_md5_2048,
819 Some(Digest::SHA_2_512),
820 2048,
821 PaddingMode::RSA_OAEP,
822 Some(Digest::MD5)
823 );
824 test_rsa_encrypt_key_op!(
825 encrypt_key_oaep_sha512_sha1_2048,
826 Some(Digest::SHA_2_512),
827 2048,
828 PaddingMode::RSA_OAEP,
829 Some(Digest::SHA1)
830 );
831 test_rsa_encrypt_key_op!(
832 encrypt_key_oaep_sha512_sha224_2048,
833 Some(Digest::SHA_2_512),
834 2048,
835 PaddingMode::RSA_OAEP,
836 Some(Digest::SHA_2_224)
837 );
838 test_rsa_encrypt_key_op!(
839 encrypt_key_oaep_sha512_sha256_2048,
840 Some(Digest::SHA_2_512),
841 2048,
842 PaddingMode::RSA_OAEP,
843 Some(Digest::SHA_2_256)
844 );
845 test_rsa_encrypt_key_op!(
846 encrypt_key_oaep_sha512_sha384_2048,
847 Some(Digest::SHA_2_512),
848 2048,
849 PaddingMode::RSA_OAEP,
850 Some(Digest::SHA_2_384)
851 );
852 test_rsa_encrypt_key_op!(
853 encrypt_key_oaep_sha512_sha512_2048,
854 Some(Digest::SHA_2_512),
855 2048,
856 PaddingMode::RSA_OAEP,
857 Some(Digest::SHA_2_512)
858 );
859 test_rsa_encrypt_key_op!(
860 encrypt_key_oaep_md5_md5_3072,
861 Some(Digest::MD5),
862 3072,
863 PaddingMode::RSA_OAEP,
864 Some(Digest::MD5)
865 );
866 test_rsa_encrypt_key_op!(
867 encrypt_key_oaep_md5_sha1_3072,
868 Some(Digest::MD5),
869 3072,
870 PaddingMode::RSA_OAEP,
871 Some(Digest::SHA1)
872 );
873 test_rsa_encrypt_key_op!(
874 encrypt_key_oaep_md5_sha224_3072,
875 Some(Digest::MD5),
876 3072,
877 PaddingMode::RSA_OAEP,
878 Some(Digest::SHA_2_224)
879 );
880 test_rsa_encrypt_key_op!(
881 encrypt_key_oaep_md5_sha256_3072,
882 Some(Digest::MD5),
883 3072,
884 PaddingMode::RSA_OAEP,
885 Some(Digest::SHA_2_256)
886 );
887 test_rsa_encrypt_key_op!(
888 encrypt_key_oaep_md5_sha384_3072,
889 Some(Digest::MD5),
890 3072,
891 PaddingMode::RSA_OAEP,
892 Some(Digest::SHA_2_384)
893 );
894 test_rsa_encrypt_key_op!(
895 encrypt_key_oaep_md5_sha512_3072,
896 Some(Digest::MD5),
897 3072,
898 PaddingMode::RSA_OAEP,
899 Some(Digest::SHA_2_512)
900 );
901 test_rsa_encrypt_key_op!(
902 encrypt_key_oaep_sha1_md5_3072,
903 Some(Digest::SHA1),
904 3072,
905 PaddingMode::RSA_OAEP,
906 Some(Digest::MD5)
907 );
908 test_rsa_encrypt_key_op!(
909 encrypt_key_oaep_sha1_sha1_3072,
910 Some(Digest::SHA1),
911 3072,
912 PaddingMode::RSA_OAEP,
913 Some(Digest::SHA1)
914 );
915 test_rsa_encrypt_key_op!(
916 encrypt_key_oaep_sha1_sha224_3072,
917 Some(Digest::SHA1),
918 3072,
919 PaddingMode::RSA_OAEP,
920 Some(Digest::SHA_2_224)
921 );
922 test_rsa_encrypt_key_op!(
923 encrypt_key_oaep_sha1_sha256_3072,
924 Some(Digest::SHA1),
925 3072,
926 PaddingMode::RSA_OAEP,
927 Some(Digest::SHA_2_256)
928 );
929 test_rsa_encrypt_key_op!(
930 encrypt_key_oaep_sha1_sha384_3072,
931 Some(Digest::SHA1),
932 3072,
933 PaddingMode::RSA_OAEP,
934 Some(Digest::SHA_2_384)
935 );
936 test_rsa_encrypt_key_op!(
937 encrypt_key_oaep_sha1_sha512_3072,
938 Some(Digest::SHA1),
939 3072,
940 PaddingMode::RSA_OAEP,
941 Some(Digest::SHA_2_512)
942 );
943 test_rsa_encrypt_key_op!(
944 encrypt_key_oaep_sha224_md5_3072,
945 Some(Digest::SHA_2_224),
946 3072,
947 PaddingMode::RSA_OAEP,
948 Some(Digest::MD5)
949 );
950 test_rsa_encrypt_key_op!(
951 encrypt_key_oaep_sha224_sha1_3072,
952 Some(Digest::SHA_2_224),
953 3072,
954 PaddingMode::RSA_OAEP,
955 Some(Digest::SHA1)
956 );
957 test_rsa_encrypt_key_op!(
958 encrypt_key_oaep_sha224_sha224_3072,
959 Some(Digest::SHA_2_224),
960 3072,
961 PaddingMode::RSA_OAEP,
962 Some(Digest::SHA_2_224)
963 );
964 test_rsa_encrypt_key_op!(
965 encrypt_key_oaep_sha224_sha256_3072,
966 Some(Digest::SHA_2_224),
967 3072,
968 PaddingMode::RSA_OAEP,
969 Some(Digest::SHA_2_256)
970 );
971 test_rsa_encrypt_key_op!(
972 encrypt_key_oaep_sha224_sha384_3072,
973 Some(Digest::SHA_2_224),
974 3072,
975 PaddingMode::RSA_OAEP,
976 Some(Digest::SHA_2_384)
977 );
978 test_rsa_encrypt_key_op!(
979 encrypt_key_oaep_sha224_sha512_3072,
980 Some(Digest::SHA_2_224),
981 3072,
982 PaddingMode::RSA_OAEP,
983 Some(Digest::SHA_2_512)
984 );
985 test_rsa_encrypt_key_op!(
986 encrypt_key_oaep_sha256_md5_3072,
987 Some(Digest::SHA_2_256),
988 3072,
989 PaddingMode::RSA_OAEP,
990 Some(Digest::MD5)
991 );
992 test_rsa_encrypt_key_op!(
993 encrypt_key_oaep_sha256_sha1_3072,
994 Some(Digest::SHA_2_256),
995 3072,
996 PaddingMode::RSA_OAEP,
997 Some(Digest::SHA1)
998 );
999 test_rsa_encrypt_key_op!(
1000 encrypt_key_oaep_sha256_sha224_3072,
1001 Some(Digest::SHA_2_256),
1002 3072,
1003 PaddingMode::RSA_OAEP,
1004 Some(Digest::SHA_2_224)
1005 );
1006 test_rsa_encrypt_key_op!(
1007 encrypt_key_oaep_sha256_sha256_3072,
1008 Some(Digest::SHA_2_256),
1009 3072,
1010 PaddingMode::RSA_OAEP,
1011 Some(Digest::SHA_2_256)
1012 );
1013 test_rsa_encrypt_key_op!(
1014 encrypt_key_oaep_sha256_sha384_3072,
1015 Some(Digest::SHA_2_256),
1016 3072,
1017 PaddingMode::RSA_OAEP,
1018 Some(Digest::SHA_2_384)
1019 );
1020 test_rsa_encrypt_key_op!(
1021 encrypt_key_oaep_sha256_sha512_3072,
1022 Some(Digest::SHA_2_256),
1023 3072,
1024 PaddingMode::RSA_OAEP,
1025 Some(Digest::SHA_2_512)
1026 );
1027 test_rsa_encrypt_key_op!(
1028 encrypt_key_oaep_sha384_md5_3072,
1029 Some(Digest::SHA_2_384),
1030 3072,
1031 PaddingMode::RSA_OAEP,
1032 Some(Digest::MD5)
1033 );
1034 test_rsa_encrypt_key_op!(
1035 encrypt_key_oaep_sha384_sha1_3072,
1036 Some(Digest::SHA_2_384),
1037 3072,
1038 PaddingMode::RSA_OAEP,
1039 Some(Digest::SHA1)
1040 );
1041 test_rsa_encrypt_key_op!(
1042 encrypt_key_oaep_sha384_sha224_3072,
1043 Some(Digest::SHA_2_384),
1044 3072,
1045 PaddingMode::RSA_OAEP,
1046 Some(Digest::SHA_2_224)
1047 );
1048 test_rsa_encrypt_key_op!(
1049 encrypt_key_oaep_sha384_sha256_3072,
1050 Some(Digest::SHA_2_384),
1051 3072,
1052 PaddingMode::RSA_OAEP,
1053 Some(Digest::SHA_2_256)
1054 );
1055 test_rsa_encrypt_key_op!(
1056 encrypt_key_oaep_sha384_sha384_3072,
1057 Some(Digest::SHA_2_384),
1058 3072,
1059 PaddingMode::RSA_OAEP,
1060 Some(Digest::SHA_2_384)
1061 );
1062 test_rsa_encrypt_key_op!(
1063 encrypt_key_oaep_sha384_sha512_3072,
1064 Some(Digest::SHA_2_384),
1065 3072,
1066 PaddingMode::RSA_OAEP,
1067 Some(Digest::SHA_2_512)
1068 );
1069 test_rsa_encrypt_key_op!(
1070 encrypt_key_oaep_sha512_md5_3072,
1071 Some(Digest::SHA_2_512),
1072 3072,
1073 PaddingMode::RSA_OAEP,
1074 Some(Digest::MD5)
1075 );
1076 test_rsa_encrypt_key_op!(
1077 encrypt_key_oaep_sha512_sha1_3072,
1078 Some(Digest::SHA_2_512),
1079 3072,
1080 PaddingMode::RSA_OAEP,
1081 Some(Digest::SHA1)
1082 );
1083 test_rsa_encrypt_key_op!(
1084 encrypt_key_oaep_sha512_sha224_3072,
1085 Some(Digest::SHA_2_512),
1086 3072,
1087 PaddingMode::RSA_OAEP,
1088 Some(Digest::SHA_2_224)
1089 );
1090 test_rsa_encrypt_key_op!(
1091 encrypt_key_oaep_sha512_sha256_3072,
1092 Some(Digest::SHA_2_512),
1093 3072,
1094 PaddingMode::RSA_OAEP,
1095 Some(Digest::SHA_2_256)
1096 );
1097 test_rsa_encrypt_key_op!(
1098 encrypt_key_oaep_sha512_sha384_3072,
1099 Some(Digest::SHA_2_512),
1100 3072,
1101 PaddingMode::RSA_OAEP,
1102 Some(Digest::SHA_2_384)
1103 );
1104 test_rsa_encrypt_key_op!(
1105 encrypt_key_oaep_sha512_sha512_3072,
1106 Some(Digest::SHA_2_512),
1107 3072,
1108 PaddingMode::RSA_OAEP,
1109 Some(Digest::SHA_2_512)
1110 );
1111 test_rsa_encrypt_key_op!(
1112 encrypt_key_oaep_md5_md5_4096,
1113 Some(Digest::MD5),
1114 4096,
1115 PaddingMode::RSA_OAEP,
1116 Some(Digest::MD5)
1117 );
1118 test_rsa_encrypt_key_op!(
1119 encrypt_key_oaep_md5_sha1_4096,
1120 Some(Digest::MD5),
1121 4096,
1122 PaddingMode::RSA_OAEP,
1123 Some(Digest::SHA1)
1124 );
1125 test_rsa_encrypt_key_op!(
1126 encrypt_key_oaep_md5_sha224_4096,
1127 Some(Digest::MD5),
1128 4096,
1129 PaddingMode::RSA_OAEP,
1130 Some(Digest::SHA_2_224)
1131 );
1132 test_rsa_encrypt_key_op!(
1133 encrypt_key_oaep_md5_sha256_4096,
1134 Some(Digest::MD5),
1135 4096,
1136 PaddingMode::RSA_OAEP,
1137 Some(Digest::SHA_2_256)
1138 );
1139 test_rsa_encrypt_key_op!(
1140 encrypt_key_oaep_md5_sha384_4096,
1141 Some(Digest::MD5),
1142 4096,
1143 PaddingMode::RSA_OAEP,
1144 Some(Digest::SHA_2_384)
1145 );
1146 test_rsa_encrypt_key_op!(
1147 encrypt_key_oaep_md5_sha512_4096,
1148 Some(Digest::MD5),
1149 4096,
1150 PaddingMode::RSA_OAEP,
1151 Some(Digest::SHA_2_512)
1152 );
1153 test_rsa_encrypt_key_op!(
1154 encrypt_key_oaep_sha1_md5_4096,
1155 Some(Digest::SHA1),
1156 4096,
1157 PaddingMode::RSA_OAEP,
1158 Some(Digest::MD5)
1159 );
1160 test_rsa_encrypt_key_op!(
1161 encrypt_key_oaep_sha1_sha1_4096,
1162 Some(Digest::SHA1),
1163 4096,
1164 PaddingMode::RSA_OAEP,
1165 Some(Digest::SHA1)
1166 );
1167 test_rsa_encrypt_key_op!(
1168 encrypt_key_oaep_sha1_sha224_4096,
1169 Some(Digest::SHA1),
1170 4096,
1171 PaddingMode::RSA_OAEP,
1172 Some(Digest::SHA_2_224)
1173 );
1174 test_rsa_encrypt_key_op!(
1175 encrypt_key_oaep_sha1_sha256_4096,
1176 Some(Digest::SHA1),
1177 4096,
1178 PaddingMode::RSA_OAEP,
1179 Some(Digest::SHA_2_256)
1180 );
1181 test_rsa_encrypt_key_op!(
1182 encrypt_key_oaep_sha1_sha384_4096,
1183 Some(Digest::SHA1),
1184 4096,
1185 PaddingMode::RSA_OAEP,
1186 Some(Digest::SHA_2_384)
1187 );
1188 test_rsa_encrypt_key_op!(
1189 encrypt_key_oaep_sha1_sha512_4096,
1190 Some(Digest::SHA1),
1191 4096,
1192 PaddingMode::RSA_OAEP,
1193 Some(Digest::SHA_2_512)
1194 );
1195 test_rsa_encrypt_key_op!(
1196 encrypt_key_oaep_sha224_md5_4096,
1197 Some(Digest::SHA_2_224),
1198 4096,
1199 PaddingMode::RSA_OAEP,
1200 Some(Digest::MD5)
1201 );
1202 test_rsa_encrypt_key_op!(
1203 encrypt_key_oaep_sha224_sha1_4096,
1204 Some(Digest::SHA_2_224),
1205 4096,
1206 PaddingMode::RSA_OAEP,
1207 Some(Digest::SHA1)
1208 );
1209 test_rsa_encrypt_key_op!(
1210 encrypt_key_oaep_sha224_sha224_4096,
1211 Some(Digest::SHA_2_224),
1212 4096,
1213 PaddingMode::RSA_OAEP,
1214 Some(Digest::SHA_2_224)
1215 );
1216 test_rsa_encrypt_key_op!(
1217 encrypt_key_oaep_sha224_sha256_4096,
1218 Some(Digest::SHA_2_224),
1219 4096,
1220 PaddingMode::RSA_OAEP,
1221 Some(Digest::SHA_2_256)
1222 );
1223 test_rsa_encrypt_key_op!(
1224 encrypt_key_oaep_sha224_sha384_4096,
1225 Some(Digest::SHA_2_224),
1226 4096,
1227 PaddingMode::RSA_OAEP,
1228 Some(Digest::SHA_2_384)
1229 );
1230 test_rsa_encrypt_key_op!(
1231 encrypt_key_oaep_sha224_sha512_4096,
1232 Some(Digest::SHA_2_224),
1233 4096,
1234 PaddingMode::RSA_OAEP,
1235 Some(Digest::SHA_2_512)
1236 );
1237 test_rsa_encrypt_key_op!(
1238 encrypt_key_oaep_sha256_md5_4096,
1239 Some(Digest::SHA_2_256),
1240 4096,
1241 PaddingMode::RSA_OAEP,
1242 Some(Digest::MD5)
1243 );
1244 test_rsa_encrypt_key_op!(
1245 encrypt_key_oaep_sha256_sha1_4096,
1246 Some(Digest::SHA_2_256),
1247 4096,
1248 PaddingMode::RSA_OAEP,
1249 Some(Digest::SHA1)
1250 );
1251 test_rsa_encrypt_key_op!(
1252 encrypt_key_oaep_sha256_sha224_4096,
1253 Some(Digest::SHA_2_256),
1254 4096,
1255 PaddingMode::RSA_OAEP,
1256 Some(Digest::SHA_2_224)
1257 );
1258 test_rsa_encrypt_key_op!(
1259 encrypt_key_oaep_sha256_sha256_4096,
1260 Some(Digest::SHA_2_256),
1261 4096,
1262 PaddingMode::RSA_OAEP,
1263 Some(Digest::SHA_2_256)
1264 );
1265 test_rsa_encrypt_key_op!(
1266 encrypt_key_oaep_sha256_sha384_4096,
1267 Some(Digest::SHA_2_256),
1268 4096,
1269 PaddingMode::RSA_OAEP,
1270 Some(Digest::SHA_2_384)
1271 );
1272 test_rsa_encrypt_key_op!(
1273 encrypt_key_oaep_sha256_sha512_4096,
1274 Some(Digest::SHA_2_256),
1275 4096,
1276 PaddingMode::RSA_OAEP,
1277 Some(Digest::SHA_2_512)
1278 );
1279 test_rsa_encrypt_key_op!(
1280 encrypt_key_oaep_sha384_md5_4096,
1281 Some(Digest::SHA_2_384),
1282 4096,
1283 PaddingMode::RSA_OAEP,
1284 Some(Digest::MD5)
1285 );
1286 test_rsa_encrypt_key_op!(
1287 encrypt_key_oaep_sha384_sha1_4096,
1288 Some(Digest::SHA_2_384),
1289 4096,
1290 PaddingMode::RSA_OAEP,
1291 Some(Digest::SHA1)
1292 );
1293 test_rsa_encrypt_key_op!(
1294 encrypt_key_oaep_sha384_sha224_4096,
1295 Some(Digest::SHA_2_384),
1296 4096,
1297 PaddingMode::RSA_OAEP,
1298 Some(Digest::SHA_2_224)
1299 );
1300 test_rsa_encrypt_key_op!(
1301 encrypt_key_oaep_sha384_sha256_4096,
1302 Some(Digest::SHA_2_384),
1303 4096,
1304 PaddingMode::RSA_OAEP,
1305 Some(Digest::SHA_2_256)
1306 );
1307 test_rsa_encrypt_key_op!(
1308 encrypt_key_oaep_sha384_sha384_4096,
1309 Some(Digest::SHA_2_384),
1310 4096,
1311 PaddingMode::RSA_OAEP,
1312 Some(Digest::SHA_2_384)
1313 );
1314 test_rsa_encrypt_key_op!(
1315 encrypt_key_oaep_sha384_sha512_4096,
1316 Some(Digest::SHA_2_384),
1317 4096,
1318 PaddingMode::RSA_OAEP,
1319 Some(Digest::SHA_2_512)
1320 );
1321 test_rsa_encrypt_key_op!(
1322 encrypt_key_oaep_sha512_md5_4096,
1323 Some(Digest::SHA_2_512),
1324 4096,
1325 PaddingMode::RSA_OAEP,
1326 Some(Digest::MD5)
1327 );
1328 test_rsa_encrypt_key_op!(
1329 encrypt_key_oaep_sha512_sha1_4096,
1330 Some(Digest::SHA_2_512),
1331 4096,
1332 PaddingMode::RSA_OAEP,
1333 Some(Digest::SHA1)
1334 );
1335 test_rsa_encrypt_key_op!(
1336 encrypt_key_oaep_sha512_sha224_4096,
1337 Some(Digest::SHA_2_512),
1338 4096,
1339 PaddingMode::RSA_OAEP,
1340 Some(Digest::SHA_2_224)
1341 );
1342 test_rsa_encrypt_key_op!(
1343 encrypt_key_oaep_sha512_sha256_4096,
1344 Some(Digest::SHA_2_512),
1345 4096,
1346 PaddingMode::RSA_OAEP,
1347 Some(Digest::SHA_2_256)
1348 );
1349 test_rsa_encrypt_key_op!(
1350 encrypt_key_oaep_sha512_sha384_4096,
1351 Some(Digest::SHA_2_512),
1352 4096,
1353 PaddingMode::RSA_OAEP,
1354 Some(Digest::SHA_2_384)
1355 );
1356 test_rsa_encrypt_key_op!(
1357 encrypt_key_oaep_sha512_sha512_4096,
1358 Some(Digest::SHA_2_512),
1359 4096,
1360 PaddingMode::RSA_OAEP,
1361 Some(Digest::SHA_2_512)
1362 );
1363
1364 // Below macros generate tests for generating RSA keys with -
1365 // Padding mode: `RSA_OAEP`
1366 // Digest modes: `MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
1367 // and create a decrypt operations using generated keys. Tests should create operations
1368 // successfully.
1369 test_rsa_encrypt_key_op!(
1370 encrypt_key_oaep_md5_no_mgf_2048,
1371 Some(Digest::MD5),
1372 2048,
1373 PaddingMode::RSA_OAEP,
1374 None
1375 );
1376 test_rsa_encrypt_key_op!(
1377 encrypt_key_oaep_sha1_no_mgf_2048,
1378 Some(Digest::SHA1),
1379 2048,
1380 PaddingMode::RSA_OAEP,
1381 None
1382 );
1383 test_rsa_encrypt_key_op!(
1384 encrypt_key_oaep_sha224_no_mgf_2048,
1385 Some(Digest::SHA_2_224),
1386 2048,
1387 PaddingMode::RSA_OAEP,
1388 None
1389 );
1390 test_rsa_encrypt_key_op!(
1391 encrypt_key_oaep_sha256_no_mgf_2048,
1392 Some(Digest::SHA_2_256),
1393 2048,
1394 PaddingMode::RSA_OAEP,
1395 None
1396 );
1397 test_rsa_encrypt_key_op!(
1398 encrypt_key_oaep_sha384_no_mgf_2048,
1399 Some(Digest::SHA_2_384),
1400 2048,
1401 PaddingMode::RSA_OAEP,
1402 None
1403 );
1404 test_rsa_encrypt_key_op!(
1405 encrypt_key_oaep_sha512_no_mgf_2048,
1406 Some(Digest::SHA_2_512),
1407 2048,
1408 PaddingMode::RSA_OAEP,
1409 None
1410 );
1411 test_rsa_encrypt_key_op!(
1412 encrypt_key_oaep_md5_no_mgf_3072,
1413 Some(Digest::MD5),
1414 3072,
1415 PaddingMode::RSA_OAEP,
1416 None
1417 );
1418 test_rsa_encrypt_key_op!(
1419 encrypt_key_oaep_sha1_no_mgf_3072,
1420 Some(Digest::SHA1),
1421 3072,
1422 PaddingMode::RSA_OAEP,
1423 None
1424 );
1425 test_rsa_encrypt_key_op!(
1426 encrypt_key_oaep_sha224_no_mgf_3072,
1427 Some(Digest::SHA_2_224),
1428 3072,
1429 PaddingMode::RSA_OAEP,
1430 None
1431 );
1432 test_rsa_encrypt_key_op!(
1433 encrypt_key_oaep_sha256_no_mgf_3072,
1434 Some(Digest::SHA_2_256),
1435 3072,
1436 PaddingMode::RSA_OAEP,
1437 None
1438 );
1439 test_rsa_encrypt_key_op!(
1440 encrypt_key_oaep_sha384_no_mgf_3072,
1441 Some(Digest::SHA_2_384),
1442 3072,
1443 PaddingMode::RSA_OAEP,
1444 None
1445 );
1446 test_rsa_encrypt_key_op!(
1447 encrypt_key_oaep_sha512_no_mgf_3072,
1448 Some(Digest::SHA_2_512),
1449 3072,
1450 PaddingMode::RSA_OAEP,
1451 None
1452 );
1453 test_rsa_encrypt_key_op!(
1454 encrypt_key_oaep_md5_no_mgf_4096,
1455 Some(Digest::MD5),
1456 4096,
1457 PaddingMode::RSA_OAEP,
1458 None
1459 );
1460 test_rsa_encrypt_key_op!(
1461 encrypt_key_oaep_sha1_no_mgf_4096,
1462 Some(Digest::SHA1),
1463 4096,
1464 PaddingMode::RSA_OAEP,
1465 None
1466 );
1467 test_rsa_encrypt_key_op!(
1468 encrypt_key_oaep_sha224_no_mgf_4096,
1469 Some(Digest::SHA_2_224),
1470 4096,
1471 PaddingMode::RSA_OAEP,
1472 None
1473 );
1474 test_rsa_encrypt_key_op!(
1475 encrypt_key_oaep_sha256_no_mgf_4096,
1476 Some(Digest::SHA_2_256),
1477 4096,
1478 PaddingMode::RSA_OAEP,
1479 None
1480 );
1481 test_rsa_encrypt_key_op!(
1482 encrypt_key_oaep_sha384_no_mgf_4096,
1483 Some(Digest::SHA_2_384),
1484 4096,
1485 PaddingMode::RSA_OAEP,
1486 None
1487 );
1488 test_rsa_encrypt_key_op!(
1489 encrypt_key_oaep_sha512_no_mgf_4096,
1490 Some(Digest::SHA_2_512),
1491 4096,
1492 PaddingMode::RSA_OAEP,
1493 None
1494 );
1495
1496 // Below macros generate tests for generating RSA encryption keys with only padding modes.
1497 // Padding modes: `NONE, RSA_PKCS1_1_5_ENCRYPT`
1498 // and try to create operations using generated keys, tests should create operations
1499 // successfully.
1500 test_rsa_encrypt_key_op!(encrypt_key_none_pad_2048, None, 2048, PaddingMode::NONE, None);
1501 test_rsa_encrypt_key_op!(encrypt_key_none_pad_3072, None, 3072, PaddingMode::NONE, None);
1502 test_rsa_encrypt_key_op!(encrypt_key_none_pad_4096, None, 4096, PaddingMode::NONE, None);
1503 test_rsa_encrypt_key_op!(
1504 encrypt_key_pkcs1_1_5_pad_2048,
1505 None,
1506 2048,
1507 PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
1508 None
1509 );
1510 test_rsa_encrypt_key_op!(
1511 encrypt_key_pkcs1_1_5_pad_3072,
1512 None,
1513 3072,
1514 PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
1515 None
1516 );
1517 test_rsa_encrypt_key_op!(
1518 encrypt_key_pkcs1_1_5_pad_4096,
1519 None,
1520 4096,
1521 PaddingMode::RSA_PKCS1_1_5_ENCRYPT,
1522 None
1523 );
1524
1525 /// Generate RSA signing key with -
1526 /// Padding mode: RSA_PSS
1527 /// Digest mode: `NONE`.
1528 /// Try to create an operation with this generated key. Test should fail to create an operation with
1529 /// `INCOMPATIBLE_DIGEST` error code.
1530 #[test]
keystore2_rsa_generate_signing_key_padding_pss_fail()1531 fn keystore2_rsa_generate_signing_key_padding_pss_fail() {
1532 let sl = SecLevel::tee();
1533
1534 let alias = "ks_rsa_pss_none_key_op_test";
1535 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1536 &sl,
1537 Domain::APP,
1538 -1,
1539 Some(alias.to_string()),
1540 &key_generations::KeyParams {
1541 key_size: 2048,
1542 purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
1543 padding: Some(PaddingMode::RSA_PSS),
1544 digest: Some(Digest::NONE),
1545 mgf_digest: None,
1546 block_mode: None,
1547 att_challenge: None,
1548 },
1549 KeyPurpose::SIGN,
1550 ForcedOp(false),
1551 ));
1552 assert!(result.is_err());
1553 assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_DIGEST), result.unwrap_err());
1554 }
1555
1556 /// Generate RSA encryption key with -
1557 /// Digest mode: `NONE`
1558 /// Padding mode: `RSA_OAEP`
1559 /// Try to create an operation using generated key. Test should fail to create an operation
1560 /// with an error code `INCOMPATIBLE_DIGEST`.
1561 #[test]
keystore2_rsa_generate_key_with_oaep_padding_fail()1562 fn keystore2_rsa_generate_key_with_oaep_padding_fail() {
1563 let sl = SecLevel::tee();
1564
1565 let alias = "ks_rsa_key_oaep_padding_fail_test";
1566 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1567 &sl,
1568 Domain::APP,
1569 -1,
1570 Some(alias.to_string()),
1571 &key_generations::KeyParams {
1572 key_size: 2048,
1573 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1574 padding: Some(PaddingMode::RSA_OAEP),
1575 digest: Some(Digest::NONE),
1576 mgf_digest: None,
1577 block_mode: None,
1578 att_challenge: None,
1579 },
1580 KeyPurpose::DECRYPT,
1581 ForcedOp(false),
1582 ));
1583
1584 assert!(result.is_err());
1585 assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_DIGEST), result.unwrap_err());
1586 }
1587
1588 /// Generate RSA keys without padding and digest modes. Try to create decrypt operation without
1589 /// digest and padding. Creation of an operation should fail with an error code
1590 /// `UNSUPPORTED_PADDING_MODE`.
1591 #[test]
keystore2_rsa_generate_keys()1592 fn keystore2_rsa_generate_keys() {
1593 let sl = SecLevel::tee();
1594
1595 let alias = "ks_rsa_key_unsupport_padding_test";
1596 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1597 &sl,
1598 Domain::APP,
1599 -1,
1600 Some(alias.to_string()),
1601 &key_generations::KeyParams {
1602 key_size: 2048,
1603 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1604 padding: None,
1605 digest: None,
1606 mgf_digest: None,
1607 block_mode: None,
1608 att_challenge: None,
1609 },
1610 KeyPurpose::DECRYPT,
1611 ForcedOp(false),
1612 ));
1613 assert!(result.is_err());
1614 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PADDING_MODE), result.unwrap_err());
1615 }
1616
1617 /// Generate a RSA encryption key. Try to create a signing operation with it, an error
1618 /// `INCOMPATIBLE_PURPOSE` is expected as the generated key doesn't support sign operation.
1619 #[test]
keystore2_rsa_encrypt_key_op_invalid_purpose()1620 fn keystore2_rsa_encrypt_key_op_invalid_purpose() {
1621 let sl = SecLevel::tee();
1622
1623 let alias = "ks_rsa_test_key_1";
1624 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1625 &sl,
1626 Domain::APP,
1627 -1,
1628 Some(alias.to_string()),
1629 &key_generations::KeyParams {
1630 key_size: 2048,
1631 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1632 padding: Some(PaddingMode::RSA_PKCS1_1_5_ENCRYPT),
1633 digest: Some(Digest::SHA_2_256),
1634 mgf_digest: None,
1635 block_mode: None,
1636 att_challenge: None,
1637 },
1638 KeyPurpose::SIGN,
1639 ForcedOp(false),
1640 ));
1641 assert!(result.is_err());
1642 assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_PURPOSE), result.unwrap_err());
1643 }
1644
1645 /// Generate a RSA signing key. Try to create a decrypt operation with it, an error
1646 /// `INCOMPATIBLE_PURPOSE` is expected as the generated key doesn't support decrypt operation.
1647 #[test]
keystore2_rsa_sign_key_op_invalid_purpose()1648 fn keystore2_rsa_sign_key_op_invalid_purpose() {
1649 let sl = SecLevel::tee();
1650
1651 let alias = "ks_rsa_test_key_2";
1652 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1653 &sl,
1654 Domain::APP,
1655 -1,
1656 Some(alias.to_string()),
1657 &key_generations::KeyParams {
1658 key_size: 2048,
1659 purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
1660 padding: Some(PaddingMode::RSA_PKCS1_1_5_SIGN),
1661 digest: Some(Digest::SHA_2_256),
1662 mgf_digest: None,
1663 block_mode: None,
1664 att_challenge: None,
1665 },
1666 KeyPurpose::DECRYPT,
1667 ForcedOp(false),
1668 ));
1669 assert!(result.is_err());
1670 assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_PURPOSE), result.unwrap_err());
1671 }
1672
1673 /// Generate a RSA key with SIGN and AGREE_KEY purposes. Try to perform an operation using the
1674 /// generated key, an error `UNSUPPORTED_PURPOSE` is expected as RSA doesn't support AGREE_KEY.
1675 #[test]
keystore2_rsa_key_unsupported_purpose()1676 fn keystore2_rsa_key_unsupported_purpose() {
1677 let sl = SecLevel::tee();
1678
1679 let alias = "ks_rsa_key_test_3";
1680 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1681 &sl,
1682 Domain::APP,
1683 -1,
1684 Some(alias.to_string()),
1685 &key_generations::KeyParams {
1686 key_size: 2048,
1687 purpose: vec![KeyPurpose::AGREE_KEY],
1688 padding: Some(PaddingMode::RSA_PKCS1_1_5_SIGN),
1689 digest: Some(Digest::SHA_2_256),
1690 mgf_digest: None,
1691 block_mode: None,
1692 att_challenge: None,
1693 },
1694 KeyPurpose::AGREE_KEY,
1695 ForcedOp(false),
1696 ));
1697 assert!(result.is_err());
1698 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PURPOSE), result.unwrap_err());
1699 }
1700
1701 /// Generate a RSA encrypt key with padding mode supported for signing. Try to create an operation
1702 /// using generated key, an error `UNSUPPORTED_PADDING_MODE` is expected with unsupported padding
1703 /// mode.
1704 #[test]
keystore2_rsa_encrypt_key_unsupported_padding()1705 fn keystore2_rsa_encrypt_key_unsupported_padding() {
1706 let sl = SecLevel::tee();
1707 let paddings = [PaddingMode::RSA_PKCS1_1_5_SIGN, PaddingMode::RSA_PSS];
1708
1709 for padding in paddings {
1710 let alias = format!("ks_rsa_encrypt_key_unsupported_pad_test{}", padding.0);
1711 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1712 &sl,
1713 Domain::APP,
1714 -1,
1715 Some(alias.to_string()),
1716 &key_generations::KeyParams {
1717 key_size: 2048,
1718 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1719 padding: Some(padding),
1720 digest: Some(Digest::SHA_2_256),
1721 mgf_digest: None,
1722 block_mode: None,
1723 att_challenge: None,
1724 },
1725 KeyPurpose::DECRYPT,
1726 ForcedOp(false),
1727 ));
1728 assert!(result.is_err());
1729 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PADDING_MODE), result.unwrap_err());
1730 }
1731 }
1732
1733 /// Generate a RSA signing key with padding mode supported for encryption. Try to create an
1734 /// operation using generated key, an error `UNSUPPORTED_PADDING_MODE` is expected with
1735 /// unsupported padding mode.
1736 #[test]
keystore2_rsa_signing_key_unsupported_padding()1737 fn keystore2_rsa_signing_key_unsupported_padding() {
1738 let sl = SecLevel::tee();
1739 let paddings = [PaddingMode::RSA_PKCS1_1_5_ENCRYPT, PaddingMode::RSA_OAEP];
1740
1741 for padding in paddings {
1742 let alias = format!("ks_rsa_sign_key_unsupported_pad_test_4_{}", padding.0);
1743 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1744 &sl,
1745 Domain::APP,
1746 -1,
1747 Some(alias.to_string()),
1748 &key_generations::KeyParams {
1749 key_size: 2048,
1750 purpose: vec![KeyPurpose::SIGN, KeyPurpose::VERIFY],
1751 padding: Some(padding),
1752 digest: Some(Digest::SHA_2_256),
1753 mgf_digest: None,
1754 block_mode: None,
1755 att_challenge: None,
1756 },
1757 KeyPurpose::SIGN,
1758 ForcedOp(false),
1759 ));
1760 assert!(result.is_err());
1761 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PADDING_MODE), result.unwrap_err());
1762 }
1763 }
1764
1765 /// Generate a RSA encryption key. Try to perform encrypt operation using the generated
1766 /// key, an error `UNSUPPORTED_PURPOSE` is expected as encrypt operation is not supported
1767 /// with RSA key.
1768 #[test]
keystore2_rsa_key_unsupported_op()1769 fn keystore2_rsa_key_unsupported_op() {
1770 let sl = SecLevel::tee();
1771
1772 let alias = "ks_rsa_key_test_5";
1773 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1774 &sl,
1775 Domain::APP,
1776 -1,
1777 Some(alias.to_string()),
1778 &key_generations::KeyParams {
1779 key_size: 2048,
1780 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1781 padding: Some(PaddingMode::RSA_PKCS1_1_5_ENCRYPT),
1782 digest: Some(Digest::SHA_2_256),
1783 mgf_digest: None,
1784 block_mode: None,
1785 att_challenge: None,
1786 },
1787 KeyPurpose::ENCRYPT,
1788 ForcedOp(false),
1789 ));
1790
1791 assert!(result.is_err());
1792 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_PURPOSE), result.unwrap_err());
1793 }
1794
1795 /// Generate a RSA key with encrypt, sign and verify purpose. Try to perform decrypt operation
1796 /// using the generated key, an error `INCOMPATIBLE_PURPOSE` is expected as the key is not
1797 /// generated with decrypt purpose.
1798 #[test]
keystore2_rsa_key_missing_purpose()1799 fn keystore2_rsa_key_missing_purpose() {
1800 let sl = SecLevel::tee();
1801
1802 let alias = "ks_rsa_key_test_6";
1803 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1804 &sl,
1805 Domain::APP,
1806 -1,
1807 Some(alias.to_string()),
1808 &key_generations::KeyParams {
1809 key_size: 2048,
1810 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::SIGN, KeyPurpose::VERIFY],
1811 padding: Some(PaddingMode::RSA_PKCS1_1_5_ENCRYPT),
1812 digest: Some(Digest::SHA_2_256),
1813 mgf_digest: None,
1814 block_mode: None,
1815 att_challenge: None,
1816 },
1817 KeyPurpose::DECRYPT,
1818 ForcedOp(false),
1819 ));
1820
1821 assert!(result.is_err());
1822 assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_PURPOSE), result.unwrap_err());
1823 }
1824
1825 /// Generate RSA encryption keys with OAEP padding mode and without digest mode. Try to create an
1826 /// operation with generated key, unsupported digest error is expected.
1827 #[test]
keystore2_rsa_gen_keys_with_oaep_paddings_without_digest()1828 fn keystore2_rsa_gen_keys_with_oaep_paddings_without_digest() {
1829 let sl = SecLevel::tee();
1830
1831 let alias = "ks_rsa_key_padding_fail";
1832 let result = key_generations::map_ks_error(create_rsa_key_and_operation(
1833 &sl,
1834 Domain::APP,
1835 -1,
1836 Some(alias.to_string()),
1837 &key_generations::KeyParams {
1838 key_size: 2048,
1839 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT],
1840 padding: Some(PaddingMode::RSA_OAEP),
1841 digest: None,
1842 mgf_digest: None,
1843 block_mode: None,
1844 att_challenge: None,
1845 },
1846 KeyPurpose::DECRYPT,
1847 ForcedOp(false),
1848 ));
1849
1850 assert!(result.is_err());
1851 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_DIGEST), result.unwrap_err());
1852 }
1853
1854 /// Generate RSA keys with unsupported key size, an error `UNSUPPORTED_KEY_SIZE` is expected.
1855 #[test]
keystore2_rsa_gen_keys_unsupported_size()1856 fn keystore2_rsa_gen_keys_unsupported_size() {
1857 let sl = SecLevel::tee();
1858
1859 let alias = "ks_rsa_key_padding_fail";
1860 let result = key_generations::map_ks_error(key_generations::generate_rsa_key(
1861 &sl,
1862 Domain::APP,
1863 -1,
1864 Some(alias.to_string()),
1865 &key_generations::KeyParams {
1866 key_size: 5120,
1867 purpose: vec![KeyPurpose::ENCRYPT, KeyPurpose::SIGN, KeyPurpose::VERIFY],
1868 padding: Some(PaddingMode::RSA_PKCS1_1_5_ENCRYPT),
1869 digest: Some(Digest::SHA_2_256),
1870 mgf_digest: None,
1871 block_mode: None,
1872 att_challenge: None,
1873 },
1874 None,
1875 ));
1876
1877 assert!(result.is_err());
1878 assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_KEY_SIZE), result.unwrap_err());
1879 }
1880