projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
CKM: Add tests for encryption/decryption
[platform/core/test/security-tests.git] / src / ckm / encryption-decryption.cpp
1 /*
2  *  Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License
15  */
16 /*
17  * @file       encryption-decryption.cpp
18  * @author     Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
19  * @version    1.0
20  */
21
22
23 #include <string>
24 #include <vector>
25 #include <map>
26 #include <sstream>
27
28 #include <dpl/test/test_runner.h>
29 #include <ckm-common.h>
30 #include <ckmc/ckmc-manager.h>
31 #include <ckm/ckm-type.h>
32 #include <access_provider2.h>
33
34 namespace {
35
36 const char* PASSWORD = "test-password";
37 const uid_t UID = 5555;
38 const gid_t GID = 5555;
39 const size_t CTR_DEFAULT_LEN = 16*8;
40 const size_t DEFAULT_IV_LEN = 16;
41 const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024
42
43 struct TagTest {
44     int tagLen;
45     int expected;
46 };
47
48 struct KeyAliasPair
49 {
50     CKM::Alias prv;
51     CKM::Alias pub;
52 };
53
54 class EncEnv : public RemoveDataEnv<UID> {
55 public:
56     EncEnv() : m_dbu(NULL), m_sap(NULL) {}
57     ~EncEnv() { delete m_sap; delete m_dbu; }
58
59     void init(const std::string& str) {
60         RemoveDataEnv<UID>::init(str);
61         m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database
62         m_sap = new ScopedAccessProvider("my-label");    // setup label
63
64         // setup smack rules and switch user
65         m_sap->allowAPI("key-manager::api-storage", "rw");
66         m_sap->allowAPI("key-manager::api-encryption", "rw");
67         m_sap->applyAndSwithToUser(UID, GID);
68     }
69
70     void finish() {
71         delete m_sap;
72         m_sap = NULL;
73         delete m_dbu;
74         m_dbu = NULL;
75         RemoveDataEnv<UID>::finish();
76     }
77
78     ScopedDBUnlock* m_dbu;
79     ScopedAccessProvider* m_sap;
80 };
81
82 struct AlgoBase {
83     ckmc_algo_type_e m_type;
84     size_t m_keyLen;
85
86     AlgoBase(ckmc_algo_type_e type, size_t keyLen) : m_type(type), m_keyLen(keyLen) {}
87
88     virtual KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr) = 0;
89 };
90
91 typedef std::shared_ptr<AlgoBase> AlgoBasePtr;
92
93 template <typename T>
94 AlgoBasePtr createAlgo(ckmc_algo_type_e type, size_t keyLen) {
95     return AlgoBasePtr(new T(type, keyLen));
96 }
97
98 struct AlgoAes : public AlgoBase {
99     AlgoAes(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
100     KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
101 };
102
103 KeyAliasPair AlgoAes::keyGen(const char* pass, const char* suffix)
104 {
105     KeyAliasPair aliases;
106     std::ostringstream oss;
107     CharPtr my_label = get_label();
108     CharPtr passPtr(nullptr, free);
109     if (pass)
110         passPtr.reset(strdup(pass));
111
112     oss << "aes_" << static_cast<int>(m_type) << "_" << m_keyLen << "_key_alias";
113     if (suffix)
114         oss << suffix;
115     aliases.prv = aliasWithLabel(my_label.get(),oss.str().c_str());
116     aliases.pub = aliasWithLabel(my_label.get(), oss.str().c_str());
117
118     ckmc_policy_s policy;
119     policy.extractable = false;
120     policy.password = passPtr.get();
121
122     assert_positive(ckmc_create_key_aes, m_keyLen, aliases.prv.c_str(), policy);
123     return aliases;
124 }
125
126 struct AlgoRsa : public AlgoBase {
127     AlgoRsa(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
128     KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
129 };
130
131 KeyAliasPair AlgoRsa::keyGen(const char* pass, const char* suffix)
132 {
133     std::ostringstream oss_prv, oss_pub;
134     oss_prv << "rsa_oaep_prv_alias_" << m_keyLen;
135     oss_pub << "rsa_oaep_pub_alias_" << m_keyLen;
136     if (suffix) {
137         oss_prv << suffix;
138         oss_pub << suffix;
139     }
140     KeyAliasPair aliases = {
141             aliasWithLabel(get_label().get(), oss_prv.str().c_str()),
142             aliasWithLabel(get_label().get(), oss_pub.str().c_str())
143     };
144     CharPtr passPtr(nullptr, free);
145     if (pass)
146         passPtr.reset(strdup(pass));
147
148     ckmc_policy_s policyPrv;
149     policyPrv.password = passPtr.get();
150     policyPrv.extractable = 0;
151
152     ckmc_policy_s policyPub;
153     policyPub.password = passPtr.get();
154     policyPub.extractable = 0;
155
156     assert_positive(ckmc_create_key_pair_rsa,
157                     m_keyLen,
158                     aliases.prv.c_str(),
159                     aliases.pub.c_str(),
160                     policyPrv,
161                     policyPub);
162     return aliases;
163 }
164
165 enum Algorithm {
166     AES_CBC_128,
167     AES_CBC_192,
168     AES_CBC_256,
169     AES_GCM_128,
170     AES_GCM_192,
171     AES_GCM_256,
172     AES_CTR_128,
173     AES_CTR_192,
174     AES_CTR_256,
175     AES_CFB_128,
176     AES_CFB_192,
177     AES_CFB_256,
178     RSA_OAEP_1024,
179     RSA_OAEP_2048,
180     RSA_OAEP_4096,
181 };
182
183 std::map<Algorithm, AlgoBasePtr> g_algorithms = {
184         { AES_CBC_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 128) },
185         { AES_CBC_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 192) },
186         { AES_CBC_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 256) },
187         { AES_GCM_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 128) },
188         { AES_GCM_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 192) },
189         { AES_GCM_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 256) },
190         { AES_CTR_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 128) },
191         { AES_CTR_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 192) },
192         { AES_CTR_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 256) },
193         { AES_CFB_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 128) },
194         { AES_CFB_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 192) },
195         { AES_CFB_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 256) },
196         { RSA_OAEP_1024, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 1024) },
197         { RSA_OAEP_2048, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 2048) },
198         { RSA_OAEP_4096, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 4096) },
199 };
200
201 void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer)
202 {
203     int ret = ckmc_param_list_add_buffer(params.get(), name, buffer);
204     RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
205                       "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
206 }
207
208 void setParam(ParamListPtr& params, ckmc_param_name_e name, int integer)
209 {
210     int ret = ckmc_param_list_add_integer(params.get(), name, integer);
211     RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
212                       "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
213 }
214
215 struct EncryptionResult
216 {
217     RawBufferPtr encrypted;
218     ParamListPtr params;
219     CKM::Alias prvKey;
220     CKM::Alias pubKey;
221 };
222
223 EncryptionResult encrypt(const AlgoBasePtr& algo,
224                          const RawBufferPtr& plain,
225                          const char* pass = nullptr)
226 {
227     EncryptionResult ret;
228     ckmc_raw_buffer_s* encrypted = nullptr;
229     KeyAliasPair aliases = algo->keyGen(pass);
230
231     ret.params = createParamListPtr();
232     assert_positive(ckmc_generate_params, algo->m_type, ret.params.get());
233     setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
234
235     assert_positive(ckmc_encrypt_data,
236                     ret.params.get(),
237                     aliases.pub.c_str(),
238                     pass,
239                     *plain.get(),
240                     &encrypted);
241
242     ret.encrypted = create_raw_buffer(encrypted);
243     ret.prvKey = aliases.prv;
244     ret.pubKey = aliases.pub;
245     return ret;
246 }
247
248 void testAllAlgorithms(
249         const std::function<void(const AlgoBasePtr& algo)>& test)
250 {
251     for(const auto& it : g_algorithms)
252         test(it.second);
253 }
254
255 void testNoIvEnc(Algorithm type)
256 {
257     const AlgoBasePtr& algo = g_algorithms.at(type);
258
259     // prepare buffers
260     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
261     ckmc_raw_buffer_s* encrypted = nullptr;
262
263     // add key
264     KeyAliasPair aliases = algo->keyGen();
265
266     // param list with algo type only
267     ParamListPtr params = createParamListPtr();
268     setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
269     assert_invalid_param(ckmc_encrypt_data,
270                          params.get(),
271                          aliases.pub.c_str(),
272                          nullptr,
273                          *plain.get(),
274                          &encrypted);
275 }
276
277 void testNoIvDec(Algorithm type)
278 {
279     const AlgoBasePtr& algo = g_algorithms.at(type);
280
281     // prepare buffers
282     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
283     ckmc_raw_buffer_s* decrypted = nullptr;
284
285     // encrypt;
286     auto ret = encrypt(algo, plain);
287
288     // param list with algo type only
289     ParamListPtr params = createParamListPtr();
290     setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
291     assert_invalid_param(ckmc_decrypt_data,
292                          params.get(),
293                          ret.prvKey.c_str(),
294                          nullptr,
295                          *ret.encrypted.get(),
296                          &decrypted);
297 }
298
299 void testInvalidIvEnc(Algorithm type)
300 {
301     const AlgoBasePtr& algo = g_algorithms.at(type);
302
303     // prepare buffers
304     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
305     ckmc_raw_buffer_s* encryptedTmp = nullptr;
306
307     // add key
308     KeyAliasPair aliases = algo->keyGen();
309
310     // setup params
311     ParamListPtr params = createParamListPtr();
312     assert_positive(ckmc_generate_params, algo->m_type, params.get());
313
314     // invalid encryption
315     auto test = [&](){
316         assert_invalid_param(ckmc_encrypt_data,
317                              params.get(),
318                              aliases.pub.c_str(),
319                              nullptr,
320                              *plain.get(),
321                              &encryptedTmp);
322         ckmc_buffer_free(encryptedTmp);
323         encryptedTmp = nullptr;
324     };
325     // invalid iv size
326     setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
327     test();
328     setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
329     test();
330 };
331
332 void testInvalidIvDec(Algorithm type)
333 {
334     const AlgoBasePtr& algo = g_algorithms.at(type);
335
336     // prepare buffers
337     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
338     ckmc_raw_buffer_s* decrypted = nullptr;
339
340     // valid encryption
341     auto ret = encrypt(algo, plain);
342
343     // decryption
344     auto test2 = [&](){
345         assert_invalid_param(ckmc_decrypt_data,
346                              ret.params.get(),
347                              ret.prvKey.c_str(),
348                              nullptr,
349                              *ret.encrypted.get(),
350                              &decrypted);
351         ckmc_buffer_free(decrypted);
352         decrypted = nullptr;
353     };
354
355     // invalid iv size
356     setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
357     test2();
358     setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
359     test2();
360 };
361
362 void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name)
363 {
364     const AlgoBasePtr& algo = g_algorithms.at(type);
365
366     // prepare buffers
367     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
368     ckmc_raw_buffer_s* encrypted = nullptr;
369     ckmc_raw_buffer_s* decrypted = nullptr;
370
371     // add key
372     KeyAliasPair aliases = algo->keyGen();
373
374     // setup params
375     ParamListPtr params = createParamListPtr();
376     assert_positive(ckmc_generate_params, algo->m_type, params.get());
377     setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
378
379     // set AAD
380     setParam(params, name, createRandomBufferCAPI(64));
381
382     // encrypt
383     assert_positive(ckmc_encrypt_data,
384                     params.get(),
385                     aliases.pub.c_str(),
386                     nullptr,
387                     *plain.get(),
388                     &encrypted);
389     RawBufferPtr tmpEnc = create_raw_buffer(encrypted);
390
391     // decrypt
392     assert_positive(ckmc_decrypt_data,
393                     params.get(),
394                     aliases.prv.c_str(),
395                     nullptr,
396                     *tmpEnc.get(),
397                     &decrypted);
398     RawBufferPtr tmpDec = create_raw_buffer(decrypted);
399
400     // check
401     assert_buffers_equal(*plain.get(), *tmpDec.get());
402     tmpDec.reset();
403     decrypted = nullptr;
404
405     // set wrong AAD
406     setParam(params, name, createRandomBufferCAPI(32));
407
408     // decrypt
409     assert_result(CKMC_ERROR_SERVER_ERROR,
410                   ckmc_decrypt_data,
411                   params.get(),
412                   aliases.prv.c_str(),
413                   nullptr,
414                   *tmpEnc.get(),
415                   &decrypted);
416 }
417
418 void testGcmIvSize(size_t size, const KeyAliasPair& aliases, int error = CKMC_ERROR_NONE)
419 {
420     // prepare buffers
421     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
422     RawBufferPtr encrypted;
423     RawBufferPtr decrypted;
424     ckmc_raw_buffer_s* encryptedTmp = nullptr;
425     ckmc_raw_buffer_s* decryptedTmp = nullptr;
426
427     // setup params
428     ParamListPtr params = createParamListPtr();
429     assert_positive(ckmc_generate_params, CKMC_ALGO_AES_GCM, params.get());
430     setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
431     setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(size));
432
433     // encryption
434     assert_result(error,
435                   ckmc_encrypt_data,
436                   params.get(),
437                   aliases.pub.c_str(),
438                   nullptr,
439                   *plain.get(),
440                   &encryptedTmp);
441
442     if(error != CKMC_ERROR_NONE)
443         return;
444     encrypted = create_raw_buffer(encryptedTmp);
445
446     // decryption
447     assert_positive(ckmc_decrypt_data,
448                     params.get(),
449                     aliases.prv.c_str(),
450                     nullptr,
451                     *encrypted.get(),
452                     &decryptedTmp);
453     decrypted = create_raw_buffer(decryptedTmp);
454
455     assert_buffers_equal(*plain.get(), *decrypted.get());
456 }
457
458 void testIntegrity(Algorithm type)
459 {
460     const AlgoBasePtr& algo = g_algorithms.at(type);
461
462     // prepare buffers
463     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
464     ckmc_raw_buffer_s* decrypted = nullptr;
465
466     // encrypt
467     auto ret = encrypt(algo, plain);
468
469     // break the encrypted data
470     ret.encrypted->data[BUF_LEN/2]++;
471
472     // no data integrity check
473     assert_positive(ckmc_decrypt_data,
474                     ret.params.get(),
475                     ret.prvKey.c_str(),
476                     nullptr,
477                     *ret.encrypted.get(),
478                      &decrypted);
479
480     RawBufferPtr tmp = create_raw_buffer(decrypted);
481     assert_buffers_equal(*plain.get(), *decrypted, false);
482 }
483
484 void testCtrEncryptionInvalidLength(Algorithm type)
485 {
486     const AlgoBasePtr& algo = g_algorithms.at(type);
487
488     // prepare buffers
489     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
490     ckmc_raw_buffer_s* encryptedTmp = nullptr;
491
492     // add AES CTR key
493     KeyAliasPair aliases = algo->keyGen();
494
495     // setup params
496     ParamListPtr params = createParamListPtr();
497     assert_positive(ckmc_generate_params, algo->m_type, params.get());
498     setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
499
500     // encryption
501     auto test = [&](){
502         assert_invalid_param(ckmc_encrypt_data,
503                              params.get(),
504                              aliases.pub.c_str(),
505                              nullptr,
506                              *plain.get(),
507                              &encryptedTmp);
508         ckmc_buffer_free(encryptedTmp);
509         encryptedTmp = nullptr;
510     };
511     // invalid counter size
512     setParam(params, CKMC_PARAM_ED_CTR_LEN, -1);
513     test();
514     setParam(params, CKMC_PARAM_ED_CTR_LEN, 0);
515     test();
516     setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
517     test();
518 }
519
520 void testCtrEncryptionValidLength(Algorithm type)
521 {
522     const AlgoBasePtr& algo = g_algorithms.at(type);
523
524     // prepare buffers
525     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
526     ckmc_raw_buffer_s* encryptedTmp = nullptr;
527
528     // add AES CTR key
529     KeyAliasPair aliases = algo->keyGen();
530
531     // setup params
532     ParamListPtr params = createParamListPtr();
533     assert_positive(ckmc_generate_params, algo->m_type, params.get());
534     setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
535
536     // encryption
537     auto test = [&](){
538         assert_positive(ckmc_encrypt_data,
539                         params.get(),
540                         aliases.pub.c_str(),
541                         nullptr,
542                         *plain.get(),
543                         &encryptedTmp);
544         ckmc_buffer_free(encryptedTmp);
545         encryptedTmp = nullptr;
546     };
547     // valid counter sizez
548     setParam(params, CKMC_PARAM_ED_CTR_LEN, 1);
549     test();
550     setParam(params, CKMC_PARAM_ED_CTR_LEN, 4);
551     test();
552     setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
553     test();
554     setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
555     test();
556 }
557
558 void testCtrDecryptionInvalidLength(Algorithm type)
559 {
560     const AlgoBasePtr& algo = g_algorithms.at(type);
561
562     // prepare buffers
563     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
564     ckmc_raw_buffer_s* decrypted = nullptr;
565
566     // add AES CTR key & encrypt
567     auto ret = encrypt(algo, plain);
568
569     // decryption
570     auto test = [&](){
571         assert_invalid_param(ckmc_decrypt_data,
572                              ret.params.get(),
573                              ret.prvKey.c_str(),
574                              nullptr,
575                              *ret.encrypted.get(),
576                              &decrypted);
577         ckmc_buffer_free(decrypted);
578         decrypted = nullptr;
579     };
580     // invalid counter size
581     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, -1);
582     test();
583     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0);
584     test();
585     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
586     test();
587 }
588
589 void testCtrDecryptionValidLength(Algorithm type)
590 {
591     const AlgoBasePtr& algo = g_algorithms.at(type);
592
593     // prepare buffers
594     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
595     ckmc_raw_buffer_s* decrypted = nullptr;
596
597     // add AES CTR key & encrypt
598     auto ret = encrypt(algo, plain);
599
600     // decryption
601     auto test = [&](){
602         assert_positive(ckmc_decrypt_data,
603                              ret.params.get(),
604                              ret.prvKey.c_str(),
605                              nullptr,
606                              *ret.encrypted.get(),
607                              &decrypted);
608         ckmc_buffer_free(decrypted);
609         RawBufferPtr tmp = create_raw_buffer(decrypted);
610         assert_buffers_equal(*plain.get(), *decrypted);
611     };
612     // invalid counter size
613     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1);
614     test();
615     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 4);
616     test();
617     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
618     test();
619     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
620     test();
621 }
622
623 void testGcmEncryptionTagLen(Algorithm type)
624 {
625     const AlgoBasePtr& algo = g_algorithms.at(type);
626
627     // prepare buffers
628     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
629     ckmc_raw_buffer_s* encryptedTmp = nullptr;
630
631     // add AES GCM key
632     KeyAliasPair aliases = algo->keyGen();
633
634     // setup params
635     ParamListPtr params = createParamListPtr();
636     assert_positive(ckmc_generate_params, algo->m_type, params.get());
637     setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
638
639     std::vector<TagTest> testData = {
640             // illegal tag lengths
641             { -1,   CKMC_ERROR_INVALID_PARAMETER },
642             { 0,    CKMC_ERROR_INVALID_PARAMETER },
643             { 16,   CKMC_ERROR_INVALID_PARAMETER },
644             { 48,   CKMC_ERROR_INVALID_PARAMETER },
645             { 72,   CKMC_ERROR_INVALID_PARAMETER },
646             { 100,  CKMC_ERROR_INVALID_PARAMETER },
647             { 108,  CKMC_ERROR_INVALID_PARAMETER },
648             { 116,  CKMC_ERROR_INVALID_PARAMETER },
649             { 124,  CKMC_ERROR_INVALID_PARAMETER },
650             { 256,  CKMC_ERROR_INVALID_PARAMETER },
651             // legal tag lengths
652             { 32,   CKMC_ERROR_NONE },
653             { 64,   CKMC_ERROR_NONE },
654             { 96,   CKMC_ERROR_NONE },
655             { 104,  CKMC_ERROR_NONE },
656             { 112,  CKMC_ERROR_NONE },
657             { 120,  CKMC_ERROR_NONE },
658             { 128,  CKMC_ERROR_NONE },
659     };
660
661     // encryption
662     for(const auto& it : testData)
663     {
664         setParam(params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
665         assert_result(it.expected,
666                       ckmc_encrypt_data,
667                       params.get(),
668                       aliases.pub.c_str(),
669                       nullptr,
670                       *plain.get(),
671                       &encryptedTmp);
672         ckmc_buffer_free(encryptedTmp);
673         encryptedTmp = nullptr;
674     }
675 }
676
677 void testGcmDecryptionTagLen(Algorithm type)
678 {
679     const AlgoBasePtr& algo = g_algorithms.at(type);
680
681     // prepare buffers
682     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
683     ckmc_raw_buffer_s* decrypted = nullptr;
684
685     // add AES GCM key & encrypt
686     auto ret = encrypt(algo, plain);
687
688     std::vector<TagTest> testData = {
689             // illegal tag lengths
690             { -1,   CKMC_ERROR_INVALID_PARAMETER },
691             { 0,    CKMC_ERROR_INVALID_PARAMETER },
692             { 16,   CKMC_ERROR_INVALID_PARAMETER },
693             { 48,   CKMC_ERROR_INVALID_PARAMETER },
694             { 72,   CKMC_ERROR_INVALID_PARAMETER },
695             { 100,  CKMC_ERROR_INVALID_PARAMETER },
696             { 108,  CKMC_ERROR_INVALID_PARAMETER },
697             { 116,  CKMC_ERROR_INVALID_PARAMETER },
698             { 124,  CKMC_ERROR_INVALID_PARAMETER },
699             { 256,  CKMC_ERROR_INVALID_PARAMETER },
700             // legal tag lengths (EVP_CipherFinal fails but we can't get the error code)
701             { 32,   CKMC_ERROR_SERVER_ERROR },
702             { 64,   CKMC_ERROR_SERVER_ERROR },
703             { 96,   CKMC_ERROR_SERVER_ERROR },
704             { 104,  CKMC_ERROR_SERVER_ERROR },
705             { 112,  CKMC_ERROR_SERVER_ERROR },
706             { 120,  CKMC_ERROR_SERVER_ERROR },
707             // legal tag length that was actually used for encryption (default)
708             { 128,  CKMC_ERROR_NONE },
709     };
710
711     // decryption
712     for(const auto& it : testData)
713     {
714         setParam(ret.params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
715         assert_result(it.expected,
716                       ckmc_decrypt_data,
717                       ret.params.get(),
718                       ret.prvKey.c_str(),
719                       nullptr,
720                       *ret.encrypted.get(),
721                       &decrypted);
722         ckmc_buffer_free(decrypted);
723         decrypted = nullptr;
724     }
725 }
726
727 void testGcmWrongTag(Algorithm type)
728 {
729     const AlgoBasePtr& algo = g_algorithms.at(type);
730
731     // prepare buffers
732     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
733     ckmc_raw_buffer_s* decrypted = nullptr;
734
735     // encrypt with AES GCM
736     auto ret = encrypt(algo, plain);
737
738     // modify tag (last 16B of encrypted message)
739     ret.encrypted->data[ret.encrypted->size-1]++;
740
741     // EVP_CipherFinal fails but we can't get error code
742     assert_result(CKMC_ERROR_SERVER_ERROR,
743                   ckmc_decrypt_data,
744                   ret.params.get(),
745                   ret.prvKey.c_str(),
746                   nullptr,
747                   *ret.encrypted.get(),
748                   &decrypted);
749 }
750
751 void testGcmDifferentIvSizes(Algorithm type)
752 {
753     const AlgoBasePtr& algo = g_algorithms.at(type);
754
755     // add AES GCM key
756     KeyAliasPair aliases = algo->keyGen();
757
758     testGcmIvSize(11,   aliases, CKMC_ERROR_SERVER_ERROR); // 12B is the smallest
759     testGcmIvSize(12,  aliases);
760     testGcmIvSize(17,  aliases);
761     testGcmIvSize(128, aliases);
762 }
763
764 void testEncryptDecryptBigData(Algorithm type)
765 {
766     const AlgoBasePtr& algo = g_algorithms.at(type);
767
768     // prepare buffers
769     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(5000000));
770     ckmc_raw_buffer_s* decrypted = nullptr;
771
772     // encrypt
773     auto ret = encrypt(algo, plain);
774
775     assert_positive(ckmc_decrypt_data,
776                     ret.params.get(),
777                     ret.prvKey.c_str(),
778                     nullptr,
779                     *ret.encrypted.get(),
780                     &decrypted);
781     RawBufferPtr tmp = create_raw_buffer(decrypted);
782
783     assert_buffers_equal(*plain.get(), *decrypted);
784 }
785
786 void testEncryptDecryptDifferentKeys(Algorithm type, bool success)
787 {
788     const AlgoBasePtr& algo = g_algorithms.at(type);
789     // prepare buffers
790     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
791     ckmc_raw_buffer_s* decrypted = nullptr;
792
793     // encrypt
794     auto ret = encrypt(algo, plain);
795
796     // add different key
797     KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong");
798
799
800     if (success) {
801         // some algorithms don't verify key validity
802         assert_positive(ckmc_decrypt_data,
803                         ret.params.get(),
804                         differentKeys.prv.c_str(),
805                         nullptr,
806                         *ret.encrypted.get(),
807                         &decrypted);
808         RawBufferPtr tmp = create_raw_buffer(decrypted);
809
810         assert_buffers_equal(*plain.get(), *decrypted, false);
811     } else {
812         // different key should not be accepted
813         assert_result(CKMC_ERROR_SERVER_ERROR,
814                       ckmc_decrypt_data,
815                       ret.params.get(),
816                       differentKeys.prv.c_str(),
817                       nullptr,
818                       *ret.encrypted.get(),
819                       &decrypted);
820     }
821
822     // Cleanup before testing next algorithm. Ignore results because not all keys are present
823     ckmc_remove_alias(ret.prvKey.c_str());
824     ckmc_remove_alias(ret.pubKey.c_str());
825     ckmc_remove_alias(differentKeys.prv.c_str());
826     ckmc_remove_alias(differentKeys.pub.c_str());
827 }
828
829 void testRsaLongestData(Algorithm type, size_t dataSize)
830 {
831     const AlgoBasePtr& algo = g_algorithms.at(type);
832     // prepare buffers
833     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
834     ckmc_raw_buffer_s* decrypted = nullptr;
835
836     // encrypt
837     auto ret = encrypt(algo, plain);
838
839     assert_positive(ckmc_decrypt_data,
840                     ret.params.get(),
841                     ret.prvKey.c_str(),
842                     nullptr,
843                     *ret.encrypted.get(),
844                     &decrypted);
845     RawBufferPtr tmp = create_raw_buffer(decrypted);
846
847     assert_buffers_equal(*plain.get(), *decrypted);
848 }
849
850 void testRsaDataTooLong(Algorithm type, size_t dataSize)
851 {
852     const AlgoBasePtr& algo = g_algorithms.at(type);
853     // prepare buffers
854     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
855
856     // encrypt
857     EncryptionResult ret;
858     ckmc_raw_buffer_s* encrypted = nullptr;
859     KeyAliasPair aliases = algo->keyGen();
860
861     ret.params = createParamListPtr();
862     assert_positive(ckmc_generate_params, algo->m_type, ret.params.get());
863     assert_result(CKMC_ERROR_SERVER_ERROR,
864                   ckmc_encrypt_data,
865                   ret.params.get(),
866                   aliases.pub.c_str(),
867                   nullptr,
868                   *plain.get(),
869                   &encrypted);
870 }
871
872 } // namespace anonymous
873
874
875 RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION);
876
877 /////////////////////////////////////////
878 // Generic encryption decryption tests
879 /////////////////////////////////////////
880
881 RUNNER_TEST(TED_0010_encrypt_invalid_param_list, EncEnv)
882 {
883     testAllAlgorithms([](const AlgoBasePtr& algo){
884         // prepare buffers
885         RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
886         ckmc_raw_buffer_s* encrypted = nullptr;
887
888         // add key
889         KeyAliasPair aliases = algo->keyGen();
890
891         // null param list
892         assert_invalid_param(ckmc_encrypt_data,
893                              nullptr,
894                              aliases.pub.c_str(),
895                              nullptr,
896                              *plain.get(),
897                              &encrypted);
898
899         // empty param list
900         ParamListPtr params = createParamListPtr();
901         assert_invalid_param(ckmc_encrypt_data,
902                              params.get(),
903                              aliases.pub.c_str(),
904                              nullptr,
905                              *plain.get(),
906                              &encrypted);
907     });
908 }
909
910 RUNNER_TEST(TED_0020_encrypt_missing_key, EncEnv)
911 {
912     testAllAlgorithms([](const AlgoBasePtr& algo){
913         // prepare buffers
914         RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
915         ckmc_raw_buffer_s* encrypted = nullptr;
916
917         // setup params
918         ParamListPtr params = createParamListPtr();
919         assert_positive(ckmc_generate_params, algo->m_type, params.get());
920         setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
921
922         assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
923                       ckmc_encrypt_data,
924                       params.get(),
925                       "non-existing-key-alias",
926                       nullptr,
927                       *plain.get(),
928                       &encrypted);
929     });
930 }
931
932 RUNNER_TEST(TED_0030_encrypt_no_plain_text, EncEnv)
933 {
934     testAllAlgorithms([](const AlgoBasePtr& algo){
935         // prepare buffers
936         ckmc_raw_buffer_s plain = { nullptr, 0 };
937         ckmc_raw_buffer_s* encrypted = nullptr;
938
939         // add key
940         KeyAliasPair aliases = algo->keyGen();
941
942         // setup params
943         ParamListPtr params = createParamListPtr();
944         assert_positive(ckmc_generate_params, algo->m_type, params.get());
945         setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
946
947         assert_invalid_param(ckmc_encrypt_data,
948                              params.get(),
949                              aliases.pub.c_str(),
950                              nullptr,
951                              plain,
952                              &encrypted);
953     });
954 }
955
956 RUNNER_TEST(TED_0040_encrypt_no_output_buffer, EncEnv)
957 {
958     testAllAlgorithms([](const AlgoBasePtr& algo){
959         // prepare buffers
960         RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
961         ckmc_raw_buffer_s** encrypted = nullptr;
962
963         // add key
964         KeyAliasPair aliases = algo->keyGen();
965
966         // setup params
967         ParamListPtr params = createParamListPtr();
968         assert_positive(ckmc_generate_params, algo->m_type, params.get());
969         setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
970
971         assert_invalid_param(ckmc_encrypt_data,
972                              params.get(),
973                              aliases.pub.c_str(),
974                              nullptr,
975                              *plain.get(),
976                              encrypted);
977     });
978 }
979
980 RUNNER_TEST(TED_0110_decrypt_invalid_param_list, EncEnv)
981 {
982     testAllAlgorithms([](const AlgoBasePtr& algo){
983         // prepare buffers
984         RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
985         ckmc_raw_buffer_s* decrypted = nullptr;
986
987         // encrypt;
988         auto ret = encrypt(algo, plain);
989
990         // null param list
991         assert_invalid_param(ckmc_decrypt_data,
992                              nullptr,
993                              ret.prvKey.c_str(),
994                              nullptr,
995                              *ret.encrypted.get(),
996                              &decrypted);
997
998         // empty param list
999         ParamListPtr params = createParamListPtr();
1000         assert_invalid_param(ckmc_decrypt_data,
1001                              params.get(),
1002                              ret.prvKey.c_str(),
1003                              nullptr,
1004                              *ret.encrypted.get(),
1005                              &decrypted);
1006     });
1007 }
1008
1009 RUNNER_TEST(TED_0120_decrypt_missing_key, EncEnv)
1010 {
1011     testAllAlgorithms([](const AlgoBasePtr& algo){
1012         // prepare buffers
1013         RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1014         ckmc_raw_buffer_s* decrypted = nullptr;
1015
1016         // encrypt
1017         auto ret = encrypt(algo, plain);
1018
1019         // remove key
1020         assert_positive(ckmc_remove_alias, ret.prvKey.c_str());
1021
1022         // try to decrypt
1023         assert_result(CKMC_ERROR_DB_ALIAS_UNKNOWN,
1024                       ckmc_decrypt_data,
1025                       ret.params.get(),
1026                       ret.prvKey.c_str(),
1027                       nullptr,
1028                       *ret.encrypted.get(),
1029                       &decrypted);
1030     });
1031 }
1032
1033 RUNNER_TEST(TED_0130_decrypt_no_encrypted_text, EncEnv)
1034 {
1035     testAllAlgorithms([](const AlgoBasePtr& algo){
1036         // prepare buffers
1037         ckmc_raw_buffer_s encrypted = { nullptr, 0 };
1038         ckmc_raw_buffer_s* decrypted = nullptr;
1039
1040         // add key
1041         KeyAliasPair aliases = algo->keyGen();
1042
1043         // setup params
1044         ParamListPtr params = createParamListPtr();
1045         assert_positive(ckmc_generate_params, algo->m_type, params.get());
1046         setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1047
1048         assert_invalid_param(ckmc_decrypt_data,
1049                              params.get(),
1050                              aliases.prv.c_str(),
1051                              nullptr,
1052                              encrypted,
1053                              &decrypted);
1054     });
1055 }
1056
1057 RUNNER_TEST(TED_0140_decrypt_no_output_buffer, EncEnv)
1058 {
1059     testAllAlgorithms([](const AlgoBasePtr& algo){
1060         // prepare buffers
1061         RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1062         ckmc_raw_buffer_s** decrypted = nullptr;
1063
1064         // encrypt
1065         auto ret = encrypt(algo, plain);
1066
1067         assert_invalid_param(ckmc_decrypt_data,
1068                              ret.params.get(),
1069                              ret.prvKey.c_str(),
1070                              nullptr,
1071                              *ret.encrypted.get(),
1072                              decrypted);
1073     });
1074 }
1075
1076 RUNNER_TEST(TED_0200_encrypt_decrypt_different_keys, EncEnv)
1077 {
1078     testEncryptDecryptDifferentKeys(AES_CBC_128, false);
1079     testEncryptDecryptDifferentKeys(AES_CBC_192, false);
1080     testEncryptDecryptDifferentKeys(AES_CBC_256, false);
1081     testEncryptDecryptDifferentKeys(AES_GCM_128, false);
1082     testEncryptDecryptDifferentKeys(AES_GCM_192, false);
1083     testEncryptDecryptDifferentKeys(AES_GCM_256, false);
1084     testEncryptDecryptDifferentKeys(AES_CTR_128, true);
1085     testEncryptDecryptDifferentKeys(AES_CTR_192, true);
1086     testEncryptDecryptDifferentKeys(AES_CTR_256, true);
1087     testEncryptDecryptDifferentKeys(AES_CFB_128, true);
1088     testEncryptDecryptDifferentKeys(AES_CFB_192, true);
1089     testEncryptDecryptDifferentKeys(AES_CFB_256, true);
1090     testEncryptDecryptDifferentKeys(RSA_OAEP_1024, false);
1091     testEncryptDecryptDifferentKeys(RSA_OAEP_2048, false);
1092     testEncryptDecryptDifferentKeys(RSA_OAEP_4096, false);
1093 }
1094
1095 RUNNER_TEST(TED_0210_encrypt_decrypt_different_params, EncEnv)
1096 {
1097     testAllAlgorithms([](const AlgoBasePtr& algo){
1098         // prepare buffers
1099         RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1100         ckmc_raw_buffer_s* decrypted = nullptr;
1101
1102         // encrypt
1103         auto ret = encrypt(algo, plain);
1104
1105         // setup different params
1106         ParamListPtr params = createParamListPtr();
1107         assert_positive(ckmc_generate_params, CKMC_ALGO_RSA_GEN, params.get());
1108         setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1109
1110         assert_invalid_param(ckmc_decrypt_data,
1111                              params.get(),
1112                              ret.prvKey.c_str(),
1113                              nullptr,
1114                              *ret.encrypted.get(),
1115                              &decrypted);
1116     });
1117 }
1118
1119 RUNNER_TEST(TED_0300_encrypt_decrypt, EncEnv)
1120 {
1121     testAllAlgorithms([](const AlgoBasePtr& algo){
1122         // prepare buffers
1123         RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1124         ckmc_raw_buffer_s* decrypted = nullptr;
1125
1126         // encrypt
1127         auto ret = encrypt(algo, plain);
1128
1129         assert_positive(ckmc_decrypt_data,
1130                         ret.params.get(),
1131                         ret.prvKey.c_str(),
1132                         nullptr,
1133                         *ret.encrypted.get(),
1134                         &decrypted);
1135         RawBufferPtr tmp = create_raw_buffer(decrypted);
1136
1137         assert_buffers_equal(*plain.get(), *decrypted);
1138     });
1139 }
1140
1141 RUNNER_TEST(TED_0310_encrypt_decrypt_password, EncEnv)
1142 {
1143     testAllAlgorithms([](const AlgoBasePtr& algo){
1144         // prepare buffers
1145         RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1146         ckmc_raw_buffer_s* decrypted = nullptr;
1147
1148         // encrypt
1149         auto ret = encrypt(algo, plain, PASSWORD);
1150
1151         // wrong password
1152         assert_result(CKMC_ERROR_AUTHENTICATION_FAILED,
1153                       ckmc_decrypt_data,
1154                       ret.params.get(),
1155                       ret.prvKey.c_str(),
1156                       "wrong-password",
1157                       *ret.encrypted.get(),
1158                       &decrypted);
1159
1160         // correct password
1161         assert_positive(ckmc_decrypt_data,
1162                         ret.params.get(),
1163                         ret.prvKey.c_str(),
1164                         PASSWORD,
1165                         *ret.encrypted.get(),
1166                         &decrypted);
1167         RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion
1168
1169         assert_buffers_equal(*plain.get(), *decrypted);
1170     });
1171 }
1172
1173 // long test split into smaller ones
1174 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_cbc_128, EncEnv)
1175 {
1176     testEncryptDecryptBigData(AES_CBC_128);
1177 }
1178
1179 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_cbc_192, EncEnv)
1180 {
1181     testEncryptDecryptBigData(AES_CBC_192);
1182 }
1183
1184 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_cbc_256, EncEnv)
1185 {
1186     testEncryptDecryptBigData(AES_CBC_256);
1187 }
1188
1189 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_gcm_128, EncEnv)
1190 {
1191     testEncryptDecryptBigData(AES_GCM_128);
1192 }
1193
1194 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_gcm_192, EncEnv)
1195 {
1196     testEncryptDecryptBigData(AES_GCM_192);
1197 }
1198
1199 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_gcm_256, EncEnv)
1200 {
1201     testEncryptDecryptBigData(AES_GCM_256);
1202 }
1203
1204 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_ctr_128, EncEnv)
1205 {
1206     testEncryptDecryptBigData(AES_CTR_128);
1207 }
1208
1209 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_ctr_192, EncEnv)
1210 {
1211     testEncryptDecryptBigData(AES_CTR_192);
1212 }
1213
1214 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_ctr_256, EncEnv)
1215 {
1216     testEncryptDecryptBigData(AES_CTR_256);
1217 }
1218
1219 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_cfb_128, EncEnv)
1220 {
1221     testEncryptDecryptBigData(AES_CFB_128);
1222 }
1223
1224 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_cfb_192, EncEnv)
1225 {
1226     testEncryptDecryptBigData(AES_CFB_192);
1227 }
1228
1229 RUNNER_TEST(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, EncEnv)
1230 {
1231     testEncryptDecryptBigData(AES_CFB_256);
1232 }
1233
1234 /////////////////////////////////////////
1235 // Algorithm specific tests
1236 /////////////////////////////////////////
1237
1238 RUNNER_TEST(TED_1005_no_iv_enc, EncEnv)
1239 {
1240     testNoIvEnc(AES_CTR_128);
1241     testNoIvEnc(AES_CTR_192);
1242     testNoIvEnc(AES_CTR_256);
1243     testNoIvEnc(AES_CBC_128);
1244     testNoIvEnc(AES_CBC_192);
1245     testNoIvEnc(AES_CBC_256);
1246     testNoIvEnc(AES_CFB_128);
1247     testNoIvEnc(AES_CFB_192);
1248     testNoIvEnc(AES_CFB_256);
1249     testNoIvEnc(AES_GCM_128);
1250     testNoIvEnc(AES_GCM_192);
1251     testNoIvEnc(AES_GCM_256);
1252 }
1253
1254 RUNNER_TEST(TED_1010_invalid_iv_enc, EncEnv)
1255 {
1256     testInvalidIvEnc(AES_CTR_128);
1257     testInvalidIvEnc(AES_CTR_192);
1258     testInvalidIvEnc(AES_CTR_256);
1259     testInvalidIvEnc(AES_CBC_128);
1260     testInvalidIvEnc(AES_CBC_192);
1261     testInvalidIvEnc(AES_CBC_256);
1262     testInvalidIvEnc(AES_CFB_128);
1263     testInvalidIvEnc(AES_CFB_192);
1264     testInvalidIvEnc(AES_CFB_256);
1265 }
1266
1267 RUNNER_TEST(TED_1015_no_iv_dec, EncEnv)
1268 {
1269     testNoIvDec(AES_CTR_128);
1270     testNoIvDec(AES_CTR_192);
1271     testNoIvDec(AES_CTR_256);
1272     testNoIvDec(AES_CBC_128);
1273     testNoIvDec(AES_CBC_192);
1274     testNoIvDec(AES_CBC_256);
1275     testNoIvDec(AES_CFB_128);
1276     testNoIvDec(AES_CFB_192);
1277     testNoIvDec(AES_CFB_256);
1278     testNoIvDec(AES_GCM_128);
1279     testNoIvDec(AES_GCM_192);
1280     testNoIvDec(AES_GCM_256);
1281 }
1282
1283 RUNNER_TEST(TED_1020_invalid_iv_dec, EncEnv)
1284 {
1285     testInvalidIvDec(AES_CTR_128);
1286     testInvalidIvDec(AES_CTR_192);
1287     testInvalidIvDec(AES_CTR_256);
1288     testInvalidIvDec(AES_CBC_128);
1289     testInvalidIvDec(AES_CBC_192);
1290     testInvalidIvDec(AES_CBC_256);
1291     testInvalidIvDec(AES_CFB_128);
1292     testInvalidIvDec(AES_CFB_192);
1293     testInvalidIvDec(AES_CFB_256);
1294 }
1295
1296 RUNNER_TEST(TED_1050_data_integrity, EncEnv)
1297 {
1298     testIntegrity(AES_CTR_128);
1299     testIntegrity(AES_CTR_192);
1300     testIntegrity(AES_CTR_256);
1301     testIntegrity(AES_CBC_128);
1302     testIntegrity(AES_CBC_192);
1303     testIntegrity(AES_CBC_256);
1304     testIntegrity(AES_CFB_128);
1305     testIntegrity(AES_CFB_192);
1306     testIntegrity(AES_CFB_256);
1307 }
1308
1309 RUNNER_TEST(TED_1100_ctr_encryption_invalid_length, EncEnv)
1310 {
1311     testCtrEncryptionInvalidLength(AES_CTR_128);
1312     testCtrEncryptionInvalidLength(AES_CTR_192);
1313     testCtrEncryptionInvalidLength(AES_CTR_256);
1314 }
1315
1316 RUNNER_TEST(TED_1105_ctr_encryption_valid_length, EncEnv)
1317 {
1318     RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1319     testCtrEncryptionValidLength(AES_CTR_128);
1320     testCtrEncryptionValidLength(AES_CTR_192);
1321     testCtrEncryptionValidLength(AES_CTR_256);
1322 }
1323
1324 RUNNER_TEST(TED_1110_ctr_decryption_invalid_length, EncEnv)
1325 {
1326     testCtrDecryptionInvalidLength(AES_CTR_128);
1327     testCtrDecryptionInvalidLength(AES_CTR_192);
1328     testCtrDecryptionInvalidLength(AES_CTR_256);
1329 }
1330
1331 RUNNER_TEST(TED_1115_ctr_decryption_valid_length, EncEnv)
1332 {
1333     RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1334     testCtrDecryptionValidLength(AES_CTR_128);
1335     testCtrDecryptionValidLength(AES_CTR_192);
1336     testCtrDecryptionValidLength(AES_CTR_256);
1337 }
1338
1339 RUNNER_TEST(TED_1200_gcm_encryption_tag_len, EncEnv)
1340 {
1341     testGcmEncryptionTagLen(AES_GCM_128);
1342     testGcmEncryptionTagLen(AES_GCM_192);
1343     testGcmEncryptionTagLen(AES_GCM_256);
1344 }
1345
1346 RUNNER_TEST(TED_1210_gcm_decryption_tag_len, EncEnv)
1347 {
1348     testGcmDecryptionTagLen(AES_GCM_128);
1349     testGcmDecryptionTagLen(AES_GCM_192);
1350     testGcmDecryptionTagLen(AES_GCM_256);
1351 }
1352
1353 RUNNER_TEST(TED_1230_gcm_wrong_tag, EncEnv)
1354 {
1355     testGcmWrongTag(AES_GCM_128);
1356     testGcmWrongTag(AES_GCM_192);
1357     testGcmWrongTag(AES_GCM_256);
1358 }
1359
1360 RUNNER_TEST(TED_1240_gcm_different_iv_sizes, EncEnv)
1361 {
1362     testGcmDifferentIvSizes(AES_GCM_128);
1363     testGcmDifferentIvSizes(AES_GCM_192);
1364     testGcmDifferentIvSizes(AES_GCM_256);
1365 }
1366
1367 RUNNER_TEST(TED_1250_gcm_aad, EncEnv)
1368 {
1369     encryptionWithCustomData(AES_GCM_128, CKMC_PARAM_ED_AAD);
1370     encryptionWithCustomData(AES_GCM_192, CKMC_PARAM_ED_AAD);
1371     encryptionWithCustomData(AES_GCM_256, CKMC_PARAM_ED_AAD);
1372 }
1373
1374 RUNNER_TEST(TED_1300_rsa_label, EncEnv)
1375 {
1376     RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
1377     encryptionWithCustomData(RSA_OAEP_1024, CKMC_PARAM_ED_LABEL);
1378     encryptionWithCustomData(RSA_OAEP_2048, CKMC_PARAM_ED_LABEL);
1379     encryptionWithCustomData(RSA_OAEP_4096, CKMC_PARAM_ED_LABEL);
1380 }
1381
1382 RUNNER_TEST(TED_1330_rsa_longest_data, EncEnv)
1383 {
1384     testRsaLongestData(RSA_OAEP_1024, 86);
1385     testRsaLongestData(RSA_OAEP_2048, 214);
1386     testRsaLongestData(RSA_OAEP_4096, 470);
1387 }
1388
1389 RUNNER_TEST(TED_1350_rsa_data_too_long, EncEnv)
1390 {
1391     testRsaDataTooLong(RSA_OAEP_1024, 87);
1392     testRsaDataTooLong(RSA_OAEP_2048, 215);
1393     testRsaDataTooLong(RSA_OAEP_4096, 471);
1394 }
Domain: Security / Uncategorized;