2 * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file encryption-decryption.cpp
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
28 #include <dpl/test/test_runner.h>
29 #include <ckm-common.h>
30 #include <ckmc/ckmc-manager.h>
31 #include <ckm/ckm-type.h>
32 #include <ckm/ckm-manager.h>
33 #include <encryption-decryption-env.h>
39 const char* PASSWORD = "test-password";
40 const uid_t UID = 5001;
41 const size_t CTR_DEFAULT_LEN = 16*8;
42 const size_t DEFAULT_IV_LEN = 16;
43 const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024
49 EncryptionApi* g_api = &g_syncApi;
51 EncryptionError apiEncrypt(ckmc_param_list_h params,
52 const char *key_alias,
54 const ckmc_raw_buffer_s decrypted,
55 ckmc_raw_buffer_s **ppencrypted) {
56 RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
57 return g_api->encrypt(params, key_alias, password, decrypted, ppencrypted);
60 // Policy backend to use in subsequent operations (global for each test case)
61 PolicyBackend g_backend = PolicyBackend::DEFAULT;
65 testBackend(PolicyBackend backend){
66 m_backend = g_backend;
70 virtual ~testBackend(){
71 //restore in destructor
72 g_backend = m_backend;
75 PolicyBackend m_backend;
78 inline CKM::Password _tostring(const char *str)
80 return (str == nullptr) ? Password() : Password(str);
83 inline CKM::Policy _toCkmPolicy(const ckmc_policy_s &policy, PolicyBackend backend)
85 return CKM::Policy(_tostring(policy.password), policy.extractable, backend);
88 EncryptionError apiDecrypt(ckmc_param_list_h params,
89 const char *key_alias,
91 const ckmc_raw_buffer_s encrypted,
92 ckmc_raw_buffer_s **ppdecrypted) {
93 RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
94 return g_api->decrypt(params, key_alias, password, encrypted, ppdecrypted);
98 template <typename F, typename... Args>
99 void assert_crypto_result(EncryptionError expected, F&& func, Args... args)
101 EncryptionError ret = func(args...);
102 RUNNER_ASSERT_MSG(ret == expected,
103 "Expected: " << static_cast<int>(expected) <<
104 " got: " << static_cast<int>(ret));
107 template <typename F, typename... Args>
108 void assert_crypto_positive(F&& func, Args... args)
110 assert_crypto_result(EncryptionError::SUCCESS, std::move(func), args...);
113 template <typename F, typename... Args>
114 void assert_crypto_invalid_param(F&& func, Args... args)
116 assert_crypto_result(EncryptionError::INVALID_PARAM, std::move(func), args...);
121 EncryptionError expected;
130 class EncEnv : public RemoveDataEnv<UID> {
132 EncEnv() : m_dbu(NULL) {}
133 ~EncEnv() { delete m_dbu; }
135 void init(const std::string& str) {
136 RemoveDataEnv<UID>::init(str);
137 m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database
143 RemoveDataEnv<UID>::finish();
147 ScopedDBUnlock* m_dbu;
150 struct SyncEnv : public EncEnv {
151 void init(const std::string& str) {
156 static std::string suffix() { return "_sync"; }
159 struct AsyncEnv : public EncEnv {
160 void init(const std::string& str) {
165 static std::string suffix() { return "_async"; }
169 ckmc_algo_type_e m_type;
172 AlgoBase(ckmc_algo_type_e type, size_t keyLen) : m_type(type), m_keyLen(keyLen) {}
174 virtual KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr) = 0;
177 typedef std::shared_ptr<AlgoBase> AlgoBasePtr;
179 template <typename T>
180 AlgoBasePtr createAlgo(ckmc_algo_type_e type, size_t keyLen) {
181 return AlgoBasePtr(new T(type, keyLen));
184 struct AlgoAes : public AlgoBase {
185 AlgoAes(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
186 KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
189 KeyAliasPair AlgoAes::keyGen(const char* pass, const char* suffix)
191 KeyAliasPair aliases;
192 std::ostringstream oss;
193 std::string ownerId = getOwnerIdFromSelf();
194 CharPtr passPtr(nullptr, free);
196 passPtr.reset(strdup(pass));
198 oss << "aes_" << static_cast<int>(m_type) << "_" << m_keyLen << "_key_alias";
201 aliases.prv = aliasWithLabel(ownerId.c_str(),oss.str().c_str());
202 aliases.pub = aliasWithLabel(ownerId.c_str(), oss.str().c_str());
204 ckmc_policy_s policy;
205 policy.extractable = false;
206 policy.password = passPtr.get();
208 auto mgr = CKM::Manager::create();
209 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == mgr->createKeyAES(m_keyLen, Alias(aliases.prv.c_str()),
210 _toCkmPolicy(policy, g_backend)),
211 "AES key creation failed");
216 struct AlgoRsa : public AlgoBase {
217 AlgoRsa(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
218 KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
221 KeyAliasPair AlgoRsa::keyGen(const char* pass, const char* suffix)
223 std::ostringstream oss_prv, oss_pub;
224 oss_prv << "rsa_oaep_prv_alias_" << m_keyLen;
225 oss_pub << "rsa_oaep_pub_alias_" << m_keyLen;
230 KeyAliasPair aliases = {
231 aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_prv.str().c_str()),
232 aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_pub.str().c_str())
234 CharPtr passPtr(nullptr, free);
236 passPtr.reset(strdup(pass));
238 ckmc_policy_s policyPrv;
239 policyPrv.password = passPtr.get();
240 policyPrv.extractable = 0;
242 ckmc_policy_s policyPub;
243 policyPub.password = passPtr.get();
244 policyPub.extractable = 0;
246 auto mgr = CKM::Manager::create();
248 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == mgr->createKeyPairRSA(static_cast<int>(m_keyLen),
249 CKM::Alias(aliases.prv.c_str()),
250 CKM::Alias(aliases.pub.c_str()),
251 _toCkmPolicy(policyPrv, g_backend),
252 _toCkmPolicy(policyPub, g_backend)), "RSA key pair generation failed" );
274 std::map<Algorithm, AlgoBasePtr> g_algorithms = {
275 { AES_CBC_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 128) },
276 { AES_CBC_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 192) },
277 { AES_CBC_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 256) },
278 { AES_GCM_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 128) },
279 { AES_GCM_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 192) },
280 { AES_GCM_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 256) },
281 { AES_CTR_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 128) },
282 { AES_CTR_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 192) },
283 { AES_CTR_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 256) },
284 { AES_CFB_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 128) },
285 { AES_CFB_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 192) },
286 { AES_CFB_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 256) },
287 { RSA_OAEP_1024, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 1024) },
288 { RSA_OAEP_2048, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 2048) },
289 { RSA_OAEP_4096, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 4096) },
292 void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer)
294 int ret = ckmc_param_list_set_buffer(params.get(), name, buffer);
295 RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
296 "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
299 void setParam(ParamListPtr& params, ckmc_param_name_e name, int integer)
301 int ret = ckmc_param_list_set_integer(params.get(), name, integer);
302 RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
303 "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
306 struct EncryptionResult
308 RawBufferPtr encrypted;
314 EncryptionResult encrypt(const AlgoBasePtr& algo,
315 const RawBufferPtr& plain,
316 const char* pass = nullptr)
318 EncryptionResult ret;
319 ckmc_raw_buffer_s* encrypted = nullptr;
320 KeyAliasPair aliases = algo->keyGen(pass);
322 ckmc_param_list_h handle = NULL;
323 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
324 ret.params = ParamListPtr(handle, ckmc_param_list_free);
325 setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
327 assert_crypto_positive(apiEncrypt,
334 ret.encrypted = create_raw_buffer(encrypted);
335 ret.prvKey = aliases.prv;
336 ret.pubKey = aliases.pub;
340 void testAllAlgorithms(
341 const std::function<void(const AlgoBasePtr& algo)>& test)
343 for(const auto& it : g_algorithms)
347 void testNoIvEnc(Algorithm type)
349 const AlgoBasePtr& algo = g_algorithms.at(type);
352 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
353 ckmc_raw_buffer_s* encrypted = nullptr;
356 KeyAliasPair aliases = algo->keyGen();
358 // param list with algo type only
359 ParamListPtr params = createParamListPtr();
360 setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
361 assert_crypto_invalid_param(apiEncrypt,
369 void testNoIvDec(Algorithm type)
371 const AlgoBasePtr& algo = g_algorithms.at(type);
374 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
375 ckmc_raw_buffer_s* decrypted = nullptr;
378 auto ret = encrypt(algo, plain);
380 // param list with algo type only
381 ParamListPtr params = createParamListPtr();
382 setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
383 assert_crypto_invalid_param(apiDecrypt,
387 *ret.encrypted.get(),
391 void testInvalidIvEnc(Algorithm type)
393 const AlgoBasePtr& algo = g_algorithms.at(type);
396 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
397 ckmc_raw_buffer_s* encryptedTmp = nullptr;
400 KeyAliasPair aliases = algo->keyGen();
403 ckmc_param_list_h handle = NULL;
404 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
405 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
407 // invalid encryption
409 assert_crypto_invalid_param(apiEncrypt,
415 ckmc_buffer_free(encryptedTmp);
416 encryptedTmp = nullptr;
419 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
421 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
425 void testInvalidIvDec(Algorithm type)
427 const AlgoBasePtr& algo = g_algorithms.at(type);
430 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
431 ckmc_raw_buffer_s* decrypted = nullptr;
434 auto ret = encrypt(algo, plain);
438 assert_crypto_invalid_param(apiDecrypt,
442 *ret.encrypted.get(),
444 ckmc_buffer_free(decrypted);
449 setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
451 setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
455 void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name)
457 const AlgoBasePtr& algo = g_algorithms.at(type);
460 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
461 ckmc_raw_buffer_s* encrypted = nullptr;
462 ckmc_raw_buffer_s* decrypted = nullptr;
465 KeyAliasPair aliases = algo->keyGen();
468 ckmc_param_list_h handle = NULL;
469 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
470 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
472 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
475 setParam(params, name, createRandomBufferCAPI(64));
478 assert_crypto_positive(apiEncrypt,
484 RawBufferPtr tmpEnc = create_raw_buffer(encrypted);
487 assert_crypto_positive(apiDecrypt,
493 RawBufferPtr tmpDec = create_raw_buffer(decrypted);
496 assert_buffers_equal(*plain.get(), *tmpDec.get());
501 setParam(params, name, createRandomBufferCAPI(32));
504 assert_crypto_result(EncryptionError::SERVER_ERROR,
513 void testGcmIvSize(size_t size,
514 const KeyAliasPair& aliases,
515 EncryptionError error = EncryptionError::SUCCESS)
518 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
519 RawBufferPtr encrypted;
520 RawBufferPtr decrypted;
521 ckmc_raw_buffer_s* encryptedTmp = nullptr;
522 ckmc_raw_buffer_s* decryptedTmp = nullptr;
525 ckmc_param_list_h handle = NULL;
526 assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle);
527 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
528 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
529 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(size));
532 assert_crypto_result(error,
540 if(error != EncryptionError::SUCCESS)
542 encrypted = create_raw_buffer(encryptedTmp);
545 assert_crypto_positive(apiDecrypt,
551 decrypted = create_raw_buffer(decryptedTmp);
553 assert_buffers_equal(*plain.get(), *decrypted.get());
556 void testIntegrity(Algorithm type)
558 const AlgoBasePtr& algo = g_algorithms.at(type);
561 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
562 ckmc_raw_buffer_s* decrypted = nullptr;
565 auto ret = encrypt(algo, plain);
567 // break the encrypted data
568 ret.encrypted->data[BUF_LEN/2]++;
570 // no data integrity check
571 assert_crypto_positive(apiDecrypt,
575 *ret.encrypted.get(),
578 RawBufferPtr tmp = create_raw_buffer(decrypted);
579 assert_buffers_equal(*plain.get(), *decrypted, false);
582 void testCtrEncryptionInvalidLength(Algorithm type)
584 const AlgoBasePtr& algo = g_algorithms.at(type);
587 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
588 ckmc_raw_buffer_s* encryptedTmp = nullptr;
591 KeyAliasPair aliases = algo->keyGen();
594 ckmc_param_list_h handle = NULL;
595 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
596 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
597 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
601 assert_crypto_invalid_param(apiEncrypt,
607 ckmc_buffer_free(encryptedTmp);
608 encryptedTmp = nullptr;
610 // invalid counter size
611 setParam(params, CKMC_PARAM_ED_CTR_LEN, -1);
613 setParam(params, CKMC_PARAM_ED_CTR_LEN, 0);
615 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
619 void testCtrEncryptionValidLength(Algorithm type)
621 const AlgoBasePtr& algo = g_algorithms.at(type);
624 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
625 ckmc_raw_buffer_s* encryptedTmp = nullptr;
628 KeyAliasPair aliases = algo->keyGen();
631 ckmc_param_list_h handle = NULL;
632 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
633 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
634 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
638 assert_crypto_positive(apiEncrypt,
644 ckmc_buffer_free(encryptedTmp);
645 encryptedTmp = nullptr;
647 // valid counter sizez
648 setParam(params, CKMC_PARAM_ED_CTR_LEN, 1);
650 setParam(params, CKMC_PARAM_ED_CTR_LEN, 4);
652 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
654 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
658 void testCtrDecryptionInvalidLength(Algorithm type)
660 const AlgoBasePtr& algo = g_algorithms.at(type);
663 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
664 ckmc_raw_buffer_s* decrypted = nullptr;
666 // add AES CTR key & encrypt
667 auto ret = encrypt(algo, plain);
671 assert_crypto_invalid_param(apiDecrypt,
675 *ret.encrypted.get(),
677 ckmc_buffer_free(decrypted);
680 // invalid counter size
681 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, -1);
683 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0);
685 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
689 void testCtrDecryptionValidLength(Algorithm type)
691 const AlgoBasePtr& algo = g_algorithms.at(type);
694 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
695 ckmc_raw_buffer_s* decrypted = nullptr;
697 // add AES CTR key & encrypt
698 auto ret = encrypt(algo, plain);
702 assert_crypto_positive(apiDecrypt,
706 *ret.encrypted.get(),
708 ckmc_buffer_free(decrypted);
709 RawBufferPtr tmp = create_raw_buffer(decrypted);
710 assert_buffers_equal(*plain.get(), *decrypted);
712 // invalid counter size
713 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1);
715 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 4);
717 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
719 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
723 void testGcmEncryptionTagLen(Algorithm type)
725 const AlgoBasePtr& algo = g_algorithms.at(type);
728 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
729 ckmc_raw_buffer_s* encryptedTmp = nullptr;
732 KeyAliasPair aliases = algo->keyGen();
735 ckmc_param_list_h handle = NULL;
736 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
737 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
738 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
740 std::vector<TagTest> testData = {
741 // illegal tag lengths
742 { -1, EncryptionError::INVALID_PARAM },
743 { 0, EncryptionError::INVALID_PARAM },
744 { 16, EncryptionError::INVALID_PARAM },
745 { 48, EncryptionError::INVALID_PARAM },
746 { 72, EncryptionError::INVALID_PARAM },
747 { 100, EncryptionError::INVALID_PARAM },
748 { 108, EncryptionError::INVALID_PARAM },
749 { 116, EncryptionError::INVALID_PARAM },
750 { 124, EncryptionError::INVALID_PARAM },
751 { 256, EncryptionError::INVALID_PARAM },
753 { 32, EncryptionError::SUCCESS },
754 { 64, EncryptionError::SUCCESS },
755 { 96, EncryptionError::SUCCESS },
756 { 104, EncryptionError::SUCCESS },
757 { 112, EncryptionError::SUCCESS },
758 { 120, EncryptionError::SUCCESS },
759 { 128, EncryptionError::SUCCESS },
763 for(const auto& it : testData)
765 setParam(params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
766 assert_crypto_result(it.expected,
773 ckmc_buffer_free(encryptedTmp);
774 encryptedTmp = nullptr;
778 void testGcmDecryptionTagLen(Algorithm type)
780 const AlgoBasePtr& algo = g_algorithms.at(type);
783 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
784 ckmc_raw_buffer_s* decrypted = nullptr;
786 // add AES GCM key & encrypt
787 auto ret = encrypt(algo, plain);
789 std::vector<TagTest> testData = {
790 // illegal tag lengths
791 { -1, EncryptionError::INVALID_PARAM },
792 { 0, EncryptionError::INVALID_PARAM },
793 { 16, EncryptionError::INVALID_PARAM },
794 { 48, EncryptionError::INVALID_PARAM },
795 { 72, EncryptionError::INVALID_PARAM },
796 { 100, EncryptionError::INVALID_PARAM },
797 { 108, EncryptionError::INVALID_PARAM },
798 { 116, EncryptionError::INVALID_PARAM },
799 { 124, EncryptionError::INVALID_PARAM },
800 { 256, EncryptionError::INVALID_PARAM },
801 // legal tag lengths (EVP_CipherFinal fails but we can't get the error code)
802 { 32, EncryptionError::SERVER_ERROR },
803 { 64, EncryptionError::SERVER_ERROR },
804 { 96, EncryptionError::SERVER_ERROR },
805 { 104, EncryptionError::SERVER_ERROR },
806 { 112, EncryptionError::SERVER_ERROR },
807 { 120, EncryptionError::SERVER_ERROR },
808 // legal tag length that was actually used for encryption (default)
809 { 128, EncryptionError::SUCCESS },
813 for(const auto& it : testData)
815 setParam(ret.params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
816 assert_crypto_result(it.expected,
821 *ret.encrypted.get(),
823 ckmc_buffer_free(decrypted);
828 void testGcmWrongTag(Algorithm type)
830 const AlgoBasePtr& algo = g_algorithms.at(type);
833 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
834 ckmc_raw_buffer_s* decrypted = nullptr;
836 // encrypt with AES GCM
837 auto ret = encrypt(algo, plain);
839 // modify tag (last 16B of encrypted message)
840 ret.encrypted->data[ret.encrypted->size-1]++;
842 // EVP_CipherFinal fails but we can't get error code
843 assert_crypto_result(EncryptionError::SERVER_ERROR,
848 *ret.encrypted.get(),
852 void testGcmDifferentIvSizes(Algorithm type)
854 const AlgoBasePtr& algo = g_algorithms.at(type);
857 KeyAliasPair aliases = algo->keyGen();
859 testGcmIvSize(11, aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest
860 testGcmIvSize(12, aliases);
861 testGcmIvSize(17, aliases);
862 testGcmIvSize(128, aliases);
865 void testEncryptDecryptBigData(Algorithm type)
867 const AlgoBasePtr& algo = g_algorithms.at(type);
870 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(5000000));
871 ckmc_raw_buffer_s* decrypted = nullptr;
874 auto ret = encrypt(algo, plain);
876 assert_positive(apiDecrypt,
880 *ret.encrypted.get(),
882 RawBufferPtr tmp = create_raw_buffer(decrypted);
884 assert_buffers_equal(*plain.get(), *decrypted);
887 void testEncryptDecryptDifferentKeys(Algorithm type, bool success)
889 const AlgoBasePtr& algo = g_algorithms.at(type);
891 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
892 ckmc_raw_buffer_s* decrypted = nullptr;
895 auto ret = encrypt(algo, plain);
898 KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong");
902 // some algorithms don't verify key validity
903 assert_crypto_positive(apiDecrypt,
905 differentKeys.prv.c_str(),
907 *ret.encrypted.get(),
909 RawBufferPtr tmp = create_raw_buffer(decrypted);
911 assert_buffers_equal(*plain.get(), *decrypted, false);
913 // different key should not be accepted
914 assert_crypto_result(EncryptionError::SERVER_ERROR,
917 differentKeys.prv.c_str(),
919 *ret.encrypted.get(),
923 // Cleanup before testing next algorithm. Ignore results because not all keys are present
924 ckmc_remove_alias(ret.prvKey.c_str());
925 ckmc_remove_alias(ret.pubKey.c_str());
926 ckmc_remove_alias(differentKeys.prv.c_str());
927 ckmc_remove_alias(differentKeys.pub.c_str());
930 void testRsaLongestData(Algorithm type, size_t dataSize)
932 const AlgoBasePtr& algo = g_algorithms.at(type);
934 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
935 ckmc_raw_buffer_s* decrypted = nullptr;
938 auto ret = encrypt(algo, plain);
940 assert_crypto_positive(apiDecrypt,
944 *ret.encrypted.get(),
946 RawBufferPtr tmp = create_raw_buffer(decrypted);
948 assert_buffers_equal(*plain.get(), *decrypted);
951 void testRsaDataTooLong(Algorithm type, size_t dataSize)
953 const AlgoBasePtr& algo = g_algorithms.at(type);
955 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
958 EncryptionResult ret;
959 ckmc_raw_buffer_s* encrypted = nullptr;
960 KeyAliasPair aliases = algo->keyGen();
962 ckmc_param_list_h handle = NULL;
963 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
964 ret.params = ParamListPtr(handle, ckmc_param_list_free);
965 assert_crypto_result(EncryptionError::SERVER_ERROR,
974 } // namespace anonymous
977 RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION);
979 /////////////////////////////////////////
980 // Generic encryption decryption tests
981 /////////////////////////////////////////
983 RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv)
985 testAllAlgorithms([](const AlgoBasePtr& algo){
987 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
988 ckmc_raw_buffer_s* encrypted = nullptr;
991 KeyAliasPair aliases = algo->keyGen();
994 assert_crypto_invalid_param(apiEncrypt,
1002 ParamListPtr params = createParamListPtr();
1003 assert_crypto_invalid_param(apiEncrypt,
1005 aliases.pub.c_str(),
1012 RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv)
1014 testAllAlgorithms([](const AlgoBasePtr& algo){
1016 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1017 ckmc_raw_buffer_s* encrypted = nullptr;
1020 ckmc_param_list_h handle = NULL;
1021 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
1022 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1023 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1025 assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
1028 "non-existing-key-alias",
1035 RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv)
1037 testAllAlgorithms([](const AlgoBasePtr& algo){
1039 ckmc_raw_buffer_s plain = { nullptr, 0 };
1040 ckmc_raw_buffer_s* encrypted = nullptr;
1043 KeyAliasPair aliases = algo->keyGen();
1046 ckmc_param_list_h handle = NULL;
1047 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
1048 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1049 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1051 assert_crypto_invalid_param(apiEncrypt,
1053 aliases.pub.c_str(),
1060 RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv)
1062 testAllAlgorithms([](const AlgoBasePtr& algo){
1064 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1065 ckmc_raw_buffer_s** encrypted = nullptr;
1068 KeyAliasPair aliases = algo->keyGen();
1071 ckmc_param_list_h handle = NULL;
1072 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
1073 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1074 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1076 assert_crypto_invalid_param(apiEncrypt,
1078 aliases.pub.c_str(),
1085 RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv)
1087 testAllAlgorithms([](const AlgoBasePtr& algo){
1089 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1090 ckmc_raw_buffer_s* decrypted = nullptr;
1093 auto ret = encrypt(algo, plain);
1096 assert_crypto_invalid_param(apiDecrypt,
1100 *ret.encrypted.get(),
1104 ParamListPtr params = createParamListPtr();
1105 assert_crypto_invalid_param(apiDecrypt,
1109 *ret.encrypted.get(),
1114 RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv)
1116 testAllAlgorithms([](const AlgoBasePtr& algo){
1118 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1119 ckmc_raw_buffer_s* decrypted = nullptr;
1122 auto ret = encrypt(algo, plain);
1125 assert_positive(ckmc_remove_alias, ret.prvKey.c_str());
1128 assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
1133 *ret.encrypted.get(),
1138 RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv)
1140 testAllAlgorithms([](const AlgoBasePtr& algo){
1142 ckmc_raw_buffer_s encrypted = { nullptr, 0 };
1143 ckmc_raw_buffer_s* decrypted = nullptr;
1146 KeyAliasPair aliases = algo->keyGen();
1149 ckmc_param_list_h handle = NULL;
1150 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
1151 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1152 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1154 assert_crypto_invalid_param(apiDecrypt,
1156 aliases.prv.c_str(),
1163 RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv)
1165 testAllAlgorithms([](const AlgoBasePtr& algo){
1167 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1168 ckmc_raw_buffer_s** decrypted = nullptr;
1171 auto ret = encrypt(algo, plain);
1173 assert_crypto_invalid_param(apiDecrypt,
1177 *ret.encrypted.get(),
1182 RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv)
1184 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1185 testEncryptDecryptDifferentKeys(AES_CBC_128, false);
1186 testEncryptDecryptDifferentKeys(AES_CBC_192, false);
1187 testEncryptDecryptDifferentKeys(AES_CBC_256, false);
1188 testEncryptDecryptDifferentKeys(AES_GCM_128, false);
1189 testEncryptDecryptDifferentKeys(AES_GCM_192, false);
1190 testEncryptDecryptDifferentKeys(AES_GCM_256, false);
1191 testEncryptDecryptDifferentKeys(AES_CTR_128, true);
1192 testEncryptDecryptDifferentKeys(AES_CTR_192, true);
1193 testEncryptDecryptDifferentKeys(AES_CTR_256, true);
1194 testEncryptDecryptDifferentKeys(AES_CFB_128, true);
1195 testEncryptDecryptDifferentKeys(AES_CFB_192, true);
1196 testEncryptDecryptDifferentKeys(AES_CFB_256, true);
1197 testEncryptDecryptDifferentKeys(RSA_OAEP_1024, false);
1198 testEncryptDecryptDifferentKeys(RSA_OAEP_2048, false);
1199 testEncryptDecryptDifferentKeys(RSA_OAEP_4096, false);
1202 RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv)
1204 testAllAlgorithms([](const AlgoBasePtr& algo){
1206 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1207 ckmc_raw_buffer_s* decrypted = nullptr;
1210 auto ret = encrypt(algo, plain);
1212 assert_crypto_positive(apiDecrypt,
1216 *ret.encrypted.get(),
1218 RawBufferPtr tmp = create_raw_buffer(decrypted);
1220 assert_buffers_equal(*plain.get(), *decrypted);
1224 RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv)
1226 testAllAlgorithms([](const AlgoBasePtr& algo){
1228 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1229 ckmc_raw_buffer_s* decrypted = nullptr;
1232 auto ret = encrypt(algo, plain, PASSWORD);
1235 assert_crypto_result(EncryptionError::AUTH_FAILED,
1240 *ret.encrypted.get(),
1244 assert_crypto_positive(apiDecrypt,
1248 *ret.encrypted.get(),
1250 RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion
1252 assert_buffers_equal(*plain.get(), *decrypted);
1256 // long test split into smaller ones
1257 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_128, SyncEnv, AsyncEnv)
1259 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1260 testEncryptDecryptBigData(AES_CBC_128);
1263 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_192, SyncEnv, AsyncEnv)
1265 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1266 testEncryptDecryptBigData(AES_CBC_192);
1269 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_256, SyncEnv, AsyncEnv)
1271 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1272 testEncryptDecryptBigData(AES_CBC_256);
1275 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_128, SyncEnv, AsyncEnv)
1277 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1278 testEncryptDecryptBigData(AES_GCM_128);
1281 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_192, SyncEnv, AsyncEnv)
1283 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1284 testEncryptDecryptBigData(AES_GCM_192);
1287 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_256, SyncEnv, AsyncEnv)
1289 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1290 testEncryptDecryptBigData(AES_GCM_256);
1293 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_128, SyncEnv, AsyncEnv)
1295 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1296 testEncryptDecryptBigData(AES_CTR_128);
1299 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_192, SyncEnv, AsyncEnv)
1301 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1302 testEncryptDecryptBigData(AES_CTR_192);
1305 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_256, SyncEnv, AsyncEnv)
1307 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1308 testEncryptDecryptBigData(AES_CTR_256);
1311 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_128, SyncEnv, AsyncEnv)
1313 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1314 testEncryptDecryptBigData(AES_CFB_128);
1317 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_192, SyncEnv, AsyncEnv)
1319 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1320 testEncryptDecryptBigData(AES_CFB_192);
1323 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, AsyncEnv)
1325 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1326 testEncryptDecryptBigData(AES_CFB_256);
1329 /////////////////////////////////////////
1330 // Algorithm specific tests
1331 /////////////////////////////////////////
1333 RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv)
1335 testNoIvEnc(AES_CTR_128);
1336 testNoIvEnc(AES_CTR_192);
1337 testNoIvEnc(AES_CTR_256);
1338 testNoIvEnc(AES_CBC_128);
1339 testNoIvEnc(AES_CBC_192);
1340 testNoIvEnc(AES_CBC_256);
1341 testNoIvEnc(AES_CFB_128);
1342 testNoIvEnc(AES_CFB_192);
1343 testNoIvEnc(AES_CFB_256);
1344 testNoIvEnc(AES_GCM_128);
1345 testNoIvEnc(AES_GCM_192);
1346 testNoIvEnc(AES_GCM_256);
1349 RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv)
1351 testInvalidIvEnc(AES_CTR_128);
1352 testInvalidIvEnc(AES_CTR_192);
1353 testInvalidIvEnc(AES_CTR_256);
1354 testInvalidIvEnc(AES_CBC_128);
1355 testInvalidIvEnc(AES_CBC_192);
1356 testInvalidIvEnc(AES_CBC_256);
1357 testInvalidIvEnc(AES_CFB_128);
1358 testInvalidIvEnc(AES_CFB_192);
1359 testInvalidIvEnc(AES_CFB_256);
1362 RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv)
1364 testNoIvDec(AES_CTR_128);
1365 testNoIvDec(AES_CTR_192);
1366 testNoIvDec(AES_CTR_256);
1367 testNoIvDec(AES_CBC_128);
1368 testNoIvDec(AES_CBC_192);
1369 testNoIvDec(AES_CBC_256);
1370 testNoIvDec(AES_CFB_128);
1371 testNoIvDec(AES_CFB_192);
1372 testNoIvDec(AES_CFB_256);
1373 testNoIvDec(AES_GCM_128);
1374 testNoIvDec(AES_GCM_192);
1375 testNoIvDec(AES_GCM_256);
1378 RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv)
1380 testInvalidIvDec(AES_CTR_128);
1381 testInvalidIvDec(AES_CTR_192);
1382 testInvalidIvDec(AES_CTR_256);
1383 testInvalidIvDec(AES_CBC_128);
1384 testInvalidIvDec(AES_CBC_192);
1385 testInvalidIvDec(AES_CBC_256);
1386 testInvalidIvDec(AES_CFB_128);
1387 testInvalidIvDec(AES_CFB_192);
1388 testInvalidIvDec(AES_CFB_256);
1391 RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv)
1393 testIntegrity(AES_CTR_128);
1394 testIntegrity(AES_CTR_192);
1395 testIntegrity(AES_CTR_256);
1396 testIntegrity(AES_CBC_128);
1397 testIntegrity(AES_CBC_192);
1398 testIntegrity(AES_CBC_256);
1399 testIntegrity(AES_CFB_128);
1400 testIntegrity(AES_CFB_192);
1401 testIntegrity(AES_CFB_256);
1404 RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv)
1406 testCtrEncryptionInvalidLength(AES_CTR_128);
1407 testCtrEncryptionInvalidLength(AES_CTR_192);
1408 testCtrEncryptionInvalidLength(AES_CTR_256);
1411 RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv)
1413 RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1414 testCtrEncryptionValidLength(AES_CTR_128);
1415 testCtrEncryptionValidLength(AES_CTR_192);
1416 testCtrEncryptionValidLength(AES_CTR_256);
1419 RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv)
1421 testCtrDecryptionInvalidLength(AES_CTR_128);
1422 testCtrDecryptionInvalidLength(AES_CTR_192);
1423 testCtrDecryptionInvalidLength(AES_CTR_256);
1426 RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv)
1428 RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1429 testCtrDecryptionValidLength(AES_CTR_128);
1430 testCtrDecryptionValidLength(AES_CTR_192);
1431 testCtrDecryptionValidLength(AES_CTR_256);
1434 RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv)
1436 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1437 testGcmEncryptionTagLen(AES_GCM_128);
1438 testGcmEncryptionTagLen(AES_GCM_192);
1439 testGcmEncryptionTagLen(AES_GCM_256);
1442 RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv)
1444 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1445 testGcmDecryptionTagLen(AES_GCM_128);
1446 testGcmDecryptionTagLen(AES_GCM_192);
1447 testGcmDecryptionTagLen(AES_GCM_256);
1450 RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv)
1452 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1453 testGcmWrongTag(AES_GCM_128);
1454 testGcmWrongTag(AES_GCM_192);
1455 testGcmWrongTag(AES_GCM_256);
1458 RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv)
1460 testGcmDifferentIvSizes(AES_GCM_128);
1461 testGcmDifferentIvSizes(AES_GCM_192);
1462 testGcmDifferentIvSizes(AES_GCM_256);
1465 RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv)
1467 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1468 encryptionWithCustomData(AES_GCM_128, CKMC_PARAM_ED_AAD);
1469 encryptionWithCustomData(AES_GCM_192, CKMC_PARAM_ED_AAD);
1470 encryptionWithCustomData(AES_GCM_256, CKMC_PARAM_ED_AAD);
1473 RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv)
1475 RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
1476 encryptionWithCustomData(RSA_OAEP_1024, CKMC_PARAM_ED_LABEL);
1477 encryptionWithCustomData(RSA_OAEP_2048, CKMC_PARAM_ED_LABEL);
1478 encryptionWithCustomData(RSA_OAEP_4096, CKMC_PARAM_ED_LABEL);
1481 RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv)
1483 testRsaLongestData(RSA_OAEP_1024, 86);
1484 testRsaLongestData(RSA_OAEP_2048, 214);
1485 testRsaLongestData(RSA_OAEP_4096, 470);
1488 RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv)
1490 testRsaDataTooLong(RSA_OAEP_1024, 87);
1491 testRsaDataTooLong(RSA_OAEP_2048, 215);
1492 testRsaDataTooLong(RSA_OAEP_4096, 471);
1495 /////////////////////////////////////////
1496 // Asynchronous only tests
1497 /////////////////////////////////////////
1498 RUNNER_TEST(TED_2000_enc_no_observer_async, EncEnv)
1500 testAllAlgorithms([](const AlgoBasePtr& algo){
1502 RawBuffer plain = createRandomBuffer(BUF_LEN);
1505 KeyAliasPair aliases = algo->keyGen(nullptr);
1508 ckmc_param_list_h handle = NULL;
1509 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
1510 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1511 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1514 test_no_observer(&ManagerAsync::encrypt,
1515 *reinterpret_cast<CryptoAlgorithm*>(params.get()),
1522 RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv)
1524 testAllAlgorithms([](const AlgoBasePtr& algo){
1526 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1529 auto ret = encrypt(algo, plain);
1530 RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size);
1533 test_no_observer(&ManagerAsync::decrypt,
1534 *reinterpret_cast<CryptoAlgorithm*>(ret.params.get()),