The present invention relates generally to the field of software testing, and more particularly to software testing of computer code that includes the use of cryptographic encrypted keys where a set of key(s) in a public space is derived from a set of key(s) stored in a system space.
Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test. Software testing can also provide an objective, independent view of the software to allow the business to appreciate and understand the risks of software implementation. Test techniques include the process of executing a program or application with the intent of finding software bugs (errors or other defects), and verifying that the software product is fit for use. In software testing, it is known to use a “test program” that generates multiple “test streams.” A test stream is an instance of a run of a test program (or an instance of a loop of a test program coded to loop through multiple runs of the testing code and instructions in a single run of the test program).
Some test programs run in a computing environment that includes a “system space” and a “test program space.” As the term in used herein, a system space is a portion of memory and/or persistent storage that is allocated to store system information (for example, the memory and/or persistent storage to save the current master keys); outside entities like the operating system or test program do not have direct access to the system space. It is noted that a “system space” is typically different than an “operating system space,” which is a portion of memory and/or persistent storage that is allocated to running of the operating system of a computer system (for example, the memory and/or persistent storage to run a mainframe computer operating system on a mainframe computer system). As the term in used herein, a test program space is a portion of memory and/or persistent storage that is allocated to running of test program(s) running on the computer system. Programs running in the program space typically get important information and/or data from the system space and communicate through the operating system running in the system space when accessing the data processing hardware of the computer.
A cryptographic key (sometimes herein more simply referred to as a “key” or “cipher key”) is a piece of information (a parameter) that determines the functional output of an algorithm that encrypts and/or decrypts data (for example, transforms plaintext into ciphertext and/or vice versa, digital signature schemes, message authentication codes, etc.). Keys are generated to be used with a given set of algorithms, called a cryptosystem. Cryptography typically addresses security concerns, such as confidence about who signed a given document, or who replies at the other side of a data communication connection. Assuming that keys are not compromised, this involves determination of the owner of an applicable public key. Test programs that are designed to deal with encrypted data, of course, typically use keys. Sometimes keys are “destroyed” (that is, unlinked and/or written over in memory and/or storage). Sometimes this destruction of a key is a good thing, from a security perspective, such as when the key is no longer needed and/or has been superseded by a new set of key(s). However, if a key is destroyed when it is still needed for proper operation of a program then destruction of the key is considered an error (see definition of “error,” below in the Definitions sub-section).
In test programs that use cryptography and keys, the test program will typically: (i) receive information relating to a set of master key(s) that exists in the system space; and (ii) use that information to derive a corresponding set of subsidiary key(s) in the program space of the test program. In this way, encrypted information can be used when the test program communicates with the system (that is, the low level functions of the processor(s) set)—that is, the corresponding sets of master and subsidiary key(s) can be used to encrypt and decrypt data as necessary and appropriate to the running of the test program.
A set of key(s) may include only a single key. However, in many applications, a set of key(s) include: (i) a “clear” version of a key (that is, an unencrypted version of a key); (ii) an encrypted version of the same key; and (iii) a wrapping key (that is, a key used to decrypt the encrypted version of the key into the clear version of the key.
PCKMO (Perform Cryptographic Key Management Operations) instruction is a known type of computer instruction that performs the following function: (i) it takes the DES (Data Encryption Standard) clear key of selected predefined length as input from the test program, generates the encrypted version of the DES clear key using the DES wrapping key, and returns the encrypted version of the DES clear key as the output to the test program; or (ii) it takes the AES (Advanced Encryption Standard) clear key of selected predefined length as input from the test program, generates the encrypted version of the AES clear key using the AES wrapping key, and returns the encrypted version of the AES clear key as the output to the test program. Thus, these functions allow the test program to create the encrypted version of the AES clear key without knowing the actual wrapping key that resides in the system space and is not known to the test program. As long as the current wrapping keys do not change, performing the one of the above function repeatedly with the same clear key would produce the same encrypted version of the clear key. Therefore, these machine functions offer the test program a means to obtain a clear key from an encrypted key without knowing the wrapping key and vice versa.
For the encrypted operation, the test program typically provides the encrypted DES/AES key instead of the clear DES/AES key. This is done to hide the clear key from a rogue program or a hacker that may be inspecting the crypto messages. However, only the clear key can be used to encrypt the input message. Thus, the encrypted key in the input message must be decrypted using the current wrapping key to get the clear version of the encrypted key and then use the clear version of the encrypted key to finally encrypt the input message.