projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
CKM: Reduce big data size in TZ tests
[platform/core/test/security-tests.git] / src / ckm / unprivileged / encryption-decryption.cpp
1 /*
2  *  Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License
15  */
16 /*
17  * @file       encryption-decryption.cpp
18  * @author     Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
19  * @version    1.0
20  */
21
22
23 #include <string>
24 #include <vector>
25 #include <unordered_map>
26
27 #include <dpl/test/test_runner.h>
28 #include <ckm-common.h>
29 #include <ckmc/ckmc-manager.h>
30 #include <ckmc/ckmc-control.h>
31 #include <ckm/ckm-type.h>
32 #include <ckm/ckm-manager.h>
33 #include <encryption-decryption-env.h>
34
35 using namespace CKM;
36
37 namespace {
38
39 const char* PASSWORD = "test-password";
40 const uid_t UID = 5001;
41 const size_t CTR_DEFAULT_LEN = 16*8;
42 const size_t DEFAULT_IV_LEN = 16;
43 const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024
44
45 // Environment
46 SyncApi g_syncApi;
47 AsyncApi g_asyncApi;
48
49 EncryptionApi* g_api = &g_syncApi;
50
51 EncryptionError apiEncrypt(ckmc_param_list_h params,
52                         const char *key_alias,
53                         const char *password,
54                         const ckmc_raw_buffer_s decrypted,
55                         ckmc_raw_buffer_s **ppencrypted) {
56     RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
57     return g_api->encrypt(params, key_alias, password, decrypted, ppencrypted);
58 }
59
60 inline CKM::Password _tostring(const char *str)
61 {
62     return (str == nullptr) ? Password() : Password(str);
63 }
64
65 inline CKM::Policy _toCkmPolicy(const ckmc_policy_s &policy, PolicyBackend backend)
66 {
67     return CKM::Policy(_tostring(policy.password), policy.extractable, backend);
68 }
69
70 EncryptionError apiDecrypt(ckmc_param_list_h params,
71                         const char *key_alias,
72                         const char *password,
73                         const ckmc_raw_buffer_s encrypted,
74                         ckmc_raw_buffer_s **ppdecrypted) {
75     RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
76     return g_api->decrypt(params, key_alias, password, encrypted, ppdecrypted);
77 }
78
79
80 template <typename F, typename... Args>
81 void assert_crypto_result(EncryptionError expected, F&& func, Args... args)
82 {
83     EncryptionError ret = func(args...);
84     RUNNER_ASSERT_MSG(ret == expected,
85                       "Expected: " << static_cast<int>(expected) <<
86                       " got: " << static_cast<int>(ret));
87 }
88
89 template <typename F, typename... Args>
90 void assert_crypto_positive(F&& func, Args... args)
91 {
92     assert_crypto_result(EncryptionError::SUCCESS, std::move(func), args...);
93 }
94
95 template <typename F, typename... Args>
96 void assert_crypto_invalid_param(F&& func, Args... args)
97 {
98     assert_crypto_result(EncryptionError::INVALID_PARAM, std::move(func), args...);
99 }
100
101 struct TagTest {
102     int tagLen;
103     EncryptionError expected;
104 };
105
106 struct KeyAliasPair
107 {
108     Alias prv;
109     Alias pub;
110 };
111
112 struct SyncEnv {
113     void init(const std::string&) {
114         g_api = &g_syncApi;
115     }
116
117     void finish() {
118         g_api = nullptr;
119     }
120
121     static std::string suffix() { return "_sync"; }
122 };
123
124 struct AsyncEnv {
125     void init(const std::string&) {
126         g_api = &g_asyncApi;
127     }
128
129     void finish() {
130         g_api = nullptr;
131     }
132
133     static std::string suffix() { return "_async"; }
134 };
135
136 struct Algo {
137     ckmc_algo_type_e type;
138     size_t keyLen;
139 };
140
141 std::unordered_map<size_t, std::vector<Alias>> g_symKeys;
142 std::unordered_map<size_t, std::vector<KeyAliasPair>> g_asymKeys;
143
144 enum KeyIdx {
145     PRIMARY = 0,
146     PASSWORD_PROTECTED = 1,
147
148     KEY_IDX_MAX
149 };
150
151 RawBufferPtr PLAIN_DATA;
152 RawBufferPtr BIG_DATA;
153 ckmc_raw_buffer_s* DEFAULT_IV;
154 ckmc_raw_buffer_s* IV11;
155 ckmc_raw_buffer_s* IV12;
156 ckmc_raw_buffer_s* IV15;
157 ckmc_raw_buffer_s* IV17;
158 ckmc_raw_buffer_s* IV128;
159 ckmc_raw_buffer_s* AAD32;
160 ckmc_raw_buffer_s* AAD64;
161
162 KeyAliasPair getKey(const Algo& algo, KeyIdx idx)
163 {
164     if (algo.type == CKMC_ALGO_RSA_OAEP)
165         return g_asymKeys[algo.keyLen][idx];
166
167     KeyAliasPair pair;
168     pair.prv = g_symKeys[algo.keyLen][idx];
169     pair.pub = pair.prv;
170     return pair;
171 }
172
173 class EncGroupFixture: public DPL::Test::TestGroup
174 {
175 public:
176     void Init() override
177     {
178         remove_user_data(UID);
179         int ret = ckmc_unlock_user_key(UID, "db-pass");
180         if (ret != CKMC_ERROR_NONE)
181             RUNNER_ERROR_MSG("DB unlock failed: " << CKMCErrorToString(ret));
182
183         // Policy backend to use in subsequent operations (global for each test case)
184 #ifdef TZ_BACKEND
185         m_backend = PolicyBackend::FORCE_HARDWARE;
186 #else
187         m_backend = PolicyBackend::FORCE_SOFTWARE;
188 #endif
189
190         // generate keys
191         m_manager = Manager::create();
192         generateSymmetricKeys(128);
193         generateSymmetricKeys(192);
194         generateSymmetricKeys(256);
195         generateRsaKeys(1024);
196         generateRsaKeys(2048);
197         generateRsaKeys(4096);
198
199         PLAIN_DATA = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
200 #ifdef TZ_BACKEND
201         BIG_DATA = create_raw_buffer(createRandomBufferCAPI(1000));
202 #else
203         BIG_DATA = create_raw_buffer(createRandomBufferCAPI(5000000));
204 #endif
205         DEFAULT_IV = createRandomBufferCAPI(DEFAULT_IV_LEN);
206         IV11 = createRandomBufferCAPI(11);
207         IV12 = createRandomBufferCAPI(12);
208         IV15 = createRandomBufferCAPI(15);
209         IV17 = createRandomBufferCAPI(17);
210         IV128 = createRandomBufferCAPI(128);
211         AAD32 = createRandomBufferCAPI(32);
212         AAD64 = createRandomBufferCAPI(64);
213     }
214
215     void generateSymmetricKeys(size_t bitLen)
216     {
217         for (int i = 0; i < KEY_IDX_MAX; i++)
218         {
219             Policy p(Password(), false, m_backend);
220             if (i == PASSWORD_PROTECTED)
221                 p.password.assign(PASSWORD);
222
223             std::string alias = std::string("skey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
224             int ret = m_manager->createKeyAES(bitLen, alias, p);
225             if (ret != CKM_API_SUCCESS)
226                 RUNNER_ERROR_MSG("AES key creation failed");
227
228             g_symKeys[bitLen].push_back(alias);
229         }
230     }
231
232     void generateRsaKeys(size_t bitLen)
233     {
234         for (int i = 0; i < KEY_IDX_MAX; i++)
235         {
236             Policy prvPolicy(Password(), false, m_backend);
237             Policy pubPolicy(Password(), true, m_backend);
238             if (i == PASSWORD_PROTECTED) {
239                 prvPolicy.password.assign(PASSWORD);
240                 pubPolicy.password.assign(PASSWORD);
241             }
242
243             KeyAliasPair alias;
244             alias.prv = std::string("akey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
245             alias.pub = std::string("pub") + alias.prv;
246             int ret = m_manager->createKeyPairRSA(bitLen, alias.prv, alias.pub, prvPolicy, pubPolicy);
247             if (ret != CKM_API_SUCCESS)
248                 RUNNER_ERROR_MSG("RSA key creation failed");
249
250             g_asymKeys[bitLen].push_back(alias);
251         }
252     }
253
254     void Finish() override
255     {
256         for (const auto &entry : g_asymKeys) {
257             for (const auto &keyPair : entry.second) {
258                 m_manager->removeAlias(keyPair.prv);
259                 m_manager->removeAlias(keyPair.pub);
260             }
261         }
262
263         for (const auto &entry : g_symKeys) {
264             for (const auto &key : entry.second) {
265                 m_manager->removeAlias(key);
266             }
267         }
268
269         BIG_DATA.reset();
270         PLAIN_DATA.reset();
271         ckmc_buffer_free(AAD64);
272         ckmc_buffer_free(AAD32);
273         ckmc_buffer_free(IV128);
274         ckmc_buffer_free(IV17);
275         ckmc_buffer_free(IV15);
276         ckmc_buffer_free(IV12);
277         ckmc_buffer_free(IV11);
278         ckmc_buffer_free(DEFAULT_IV);
279
280         int ret = ckmc_lock_user_key(UID);
281         if (ret != CKMC_ERROR_NONE)
282             RUNNER_ERROR_MSG("DB lock failed: " << CKMCErrorToString(ret));
283         remove_user_data(UID);
284     }
285 private:
286     ManagerShPtr m_manager;
287     PolicyBackend m_backend;
288 };
289
290
291 void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer)
292 {
293     int ret = ckmc_param_list_set_buffer(params.get(), name, buffer);
294     RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
295                       "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
296 }
297
298 void setParam(ParamListPtr& params, ckmc_param_name_e name, int integer)
299 {
300     int ret = ckmc_param_list_set_integer(params.get(), name, integer);
301     RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
302                       "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
303 }
304
305 struct EncryptionResult
306 {
307     RawBufferPtr encrypted;
308     ParamListPtr params;
309     Alias prvKey;
310     Alias pubKey;
311 };
312
313 EncryptionResult encrypt(const Algo& algo,
314                          const RawBufferPtr& plain,
315                          const char* pass = nullptr)
316 {
317     EncryptionResult ret;
318     ckmc_raw_buffer_s* encrypted = nullptr;
319     KeyAliasPair aliases = getKey(algo, pass == nullptr ? PRIMARY : PASSWORD_PROTECTED);
320
321     ckmc_param_list_h handle = NULL;
322     assert_positive(ckmc_generate_new_params, algo.type, &handle);
323     ret.params = ParamListPtr(handle, ckmc_param_list_free);
324     setParam(ret.params, CKMC_PARAM_ED_IV, DEFAULT_IV);
325
326     assert_crypto_positive(apiEncrypt,
327                            ret.params.get(),
328                            aliases.pub.c_str(),
329                            pass,
330                            *plain.get(),
331                            &encrypted);
332
333     ret.encrypted = create_raw_buffer(encrypted);
334     ret.prvKey = aliases.prv;
335     ret.pubKey = aliases.pub;
336     return ret;
337 }
338
339 void testAllAlgorithms(
340         const std::function<void(const Algo& algo)>& test)
341 {
342     test( { CKMC_ALGO_AES_CBC, 128 });
343     test( { CKMC_ALGO_AES_CBC, 192 });
344     test( { CKMC_ALGO_AES_CBC, 256 });
345     test( { CKMC_ALGO_AES_GCM, 128 });
346     test( { CKMC_ALGO_AES_GCM, 192 });
347     test( { CKMC_ALGO_AES_GCM, 256 });
348     test( { CKMC_ALGO_AES_CTR, 128 });
349     test( { CKMC_ALGO_AES_CTR, 192 });
350     test( { CKMC_ALGO_AES_CTR, 256 });
351     test( { CKMC_ALGO_AES_CFB, 128 });
352     test( { CKMC_ALGO_AES_CFB, 192 });
353     test( { CKMC_ALGO_AES_CFB, 256 });
354     test( { CKMC_ALGO_RSA_OAEP, 1024 });
355     test( { CKMC_ALGO_RSA_OAEP, 2048 });
356     test( { CKMC_ALGO_RSA_OAEP, 4096 });
357 }
358
359 void testNoIvEnc(const Algo& algo)
360 {
361     // prepare buffers
362     ckmc_raw_buffer_s* encrypted = nullptr;
363
364     // add key
365     KeyAliasPair aliases = getKey(algo, PRIMARY);
366
367     // param list with algo type only
368     ParamListPtr params = createParamListPtr();
369     setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type);
370     assert_crypto_invalid_param(apiEncrypt,
371                                 params.get(),
372                                 aliases.pub.c_str(),
373                                 nullptr,
374                                 *PLAIN_DATA.get(),
375                                 &encrypted);
376 }
377
378 void testNoIvDec(const Algo& algo)
379 {
380     // prepare buffers
381     ckmc_raw_buffer_s* decrypted = nullptr;
382
383     // encrypt;
384     auto ret = encrypt(algo, PLAIN_DATA);
385
386     // param list with algo type only
387     ParamListPtr params = createParamListPtr();
388     setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type);
389     assert_crypto_invalid_param(apiDecrypt,
390                                 params.get(),
391                                 ret.prvKey.c_str(),
392                                 nullptr,
393                                 *ret.encrypted.get(),
394                                 &decrypted);
395 }
396
397 void testInvalidIvEnc(const Algo& algo)
398 {
399     // prepare buffers
400     ckmc_raw_buffer_s* encryptedTmp = nullptr;
401
402     // add key
403     KeyAliasPair aliases = getKey(algo, PRIMARY);
404
405     // setup params
406     ckmc_param_list_h handle = NULL;
407     assert_positive(ckmc_generate_new_params, algo.type, &handle);
408     ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
409
410     // invalid encryption
411     auto test = [&](){
412         assert_crypto_invalid_param(apiEncrypt,
413                                     params.get(),
414                                     aliases.pub.c_str(),
415                                     nullptr,
416                                     *PLAIN_DATA.get(),
417                                     &encryptedTmp);
418         ckmc_buffer_free(encryptedTmp);
419         encryptedTmp = nullptr;
420     };
421     // invalid iv size
422     setParam(params, CKMC_PARAM_ED_IV, IV15);
423     test();
424     setParam(params, CKMC_PARAM_ED_IV, IV17);
425     test();
426 };
427
428 void testInvalidIvDec(const Algo& algo)
429 {
430     // prepare buffers
431     ckmc_raw_buffer_s* decrypted = nullptr;
432
433     // valid encryption
434     auto ret = encrypt(algo, PLAIN_DATA);
435
436     // decryption
437     auto test2 = [&](){
438         assert_crypto_invalid_param(apiDecrypt,
439                                     ret.params.get(),
440                                     ret.prvKey.c_str(),
441                                     nullptr,
442                                     *ret.encrypted.get(),
443                                     &decrypted);
444         ckmc_buffer_free(decrypted);
445         decrypted = nullptr;
446     };
447
448     // invalid iv size
449     setParam(ret.params, CKMC_PARAM_ED_IV, IV15);
450     test2();
451     setParam(ret.params, CKMC_PARAM_ED_IV, IV17);
452     test2();
453 };
454
455 void encryptionWithCustomData(const Algo& algo, ckmc_param_name_e name)
456 {
457     // prepare buffers
458     ckmc_raw_buffer_s* encrypted = nullptr;
459     ckmc_raw_buffer_s* decrypted = nullptr;
460
461     // add key
462     KeyAliasPair aliases = getKey(algo, PRIMARY);
463
464     // setup params
465     ckmc_param_list_h handle = NULL;
466     assert_positive(ckmc_generate_new_params, algo.type, &handle);
467     ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
468
469     setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
470
471     // set AAD
472     setParam(params, name, AAD64);
473
474     // encrypt
475     assert_crypto_positive(apiEncrypt,
476                            params.get(),
477                            aliases.pub.c_str(),
478                            nullptr,
479                            *PLAIN_DATA.get(),
480                            &encrypted);
481     RawBufferPtr tmpEnc = create_raw_buffer(encrypted);
482
483     // decrypt
484     assert_crypto_positive(apiDecrypt,
485                            params.get(),
486                            aliases.prv.c_str(),
487                            nullptr,
488                            *tmpEnc.get(),
489                            &decrypted);
490     RawBufferPtr tmpDec = create_raw_buffer(decrypted);
491
492     // check
493     assert_buffers_equal(*PLAIN_DATA.get(), *tmpDec.get());
494     tmpDec.reset();
495     decrypted = nullptr;
496
497     // set wrong AAD
498     setParam(params, name, AAD32);
499
500     // decrypt
501     assert_crypto_result(EncryptionError::INVALID_PARAM,
502                          apiDecrypt,
503                          params.get(),
504                          aliases.prv.c_str(),
505                          nullptr,
506                          *tmpEnc.get(),
507                          &decrypted);
508 }
509
510 void testGcmIvSize(ckmc_raw_buffer_s* iv,
511                    const KeyAliasPair& aliases,
512                    EncryptionError error = EncryptionError::SUCCESS)
513 {
514     // prepare buffers
515     RawBufferPtr encrypted;
516     RawBufferPtr decrypted;
517     ckmc_raw_buffer_s* encryptedTmp = nullptr;
518     ckmc_raw_buffer_s* decryptedTmp = nullptr;
519
520     // setup params
521     ckmc_param_list_h handle = NULL;
522     assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle);
523     ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
524     setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
525     setParam(params, CKMC_PARAM_ED_IV, iv);
526
527     // encryption
528     assert_crypto_result(error,
529                          apiEncrypt,
530                          params.get(),
531                          aliases.pub.c_str(),
532                          nullptr,
533                          *PLAIN_DATA.get(),
534                          &encryptedTmp);
535
536     if(error != EncryptionError::SUCCESS)
537         return;
538     encrypted = create_raw_buffer(encryptedTmp);
539
540     // decryption
541     assert_crypto_positive(apiDecrypt,
542                            params.get(),
543                            aliases.prv.c_str(),
544                            nullptr,
545                            *encrypted.get(),
546                            &decryptedTmp);
547     decrypted = create_raw_buffer(decryptedTmp);
548
549     assert_buffers_equal(*PLAIN_DATA.get(), *decrypted.get());
550 }
551
552 void testIntegrity(const Algo& algo)
553 {
554     // prepare buffers
555     ckmc_raw_buffer_s* decrypted = nullptr;
556
557     // encrypt
558     auto ret = encrypt(algo, PLAIN_DATA);
559
560     // break the encrypted data
561     ret.encrypted->data[BUF_LEN/2]++;
562
563     // no data integrity check
564     assert_crypto_positive(apiDecrypt,
565                            ret.params.get(),
566                            ret.prvKey.c_str(),
567                            nullptr,
568                            *ret.encrypted.get(),
569                            &decrypted);
570
571     RawBufferPtr tmp = create_raw_buffer(decrypted);
572     assert_buffers_equal(*PLAIN_DATA.get(), *decrypted, false);
573 }
574
575 void testCtrEncryptionInvalidLength(const Algo& algo)
576 {
577     // prepare buffers
578     ckmc_raw_buffer_s* encryptedTmp = nullptr;
579
580     // add AES CTR key
581     KeyAliasPair aliases = getKey(algo, PRIMARY);
582
583     // setup params
584     ckmc_param_list_h handle = NULL;
585     assert_positive(ckmc_generate_new_params, algo.type, &handle);
586     ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
587     setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
588
589     // encryption
590     auto test = [&](){
591         assert_crypto_invalid_param(apiEncrypt,
592                                     params.get(),
593                                     aliases.pub.c_str(),
594                                     nullptr,
595                                     *PLAIN_DATA.get(),
596                                     &encryptedTmp);
597         ckmc_buffer_free(encryptedTmp);
598         encryptedTmp = nullptr;
599     };
600     // invalid counter size
601     setParam(params, CKMC_PARAM_ED_CTR_LEN, -1);
602     test();
603     setParam(params, CKMC_PARAM_ED_CTR_LEN, 0);
604     test();
605     setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
606     test();
607 }
608
609 void testCtrEncryptionValidLength(const Algo& algo)
610 {
611     // prepare buffers
612     ckmc_raw_buffer_s* encryptedTmp = nullptr;
613
614     // add AES CTR key
615     KeyAliasPair aliases = getKey(algo, PRIMARY);
616
617     // setup params
618     ckmc_param_list_h handle = NULL;
619     assert_positive(ckmc_generate_new_params, algo.type, &handle);
620     ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
621     setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
622
623     // encryption
624     auto test = [&](){
625         assert_crypto_positive(apiEncrypt,
626                                params.get(),
627                                aliases.pub.c_str(),
628                                nullptr,
629                                *PLAIN_DATA.get(),
630                                &encryptedTmp);
631         ckmc_buffer_free(encryptedTmp);
632         encryptedTmp = nullptr;
633     };
634     // valid counter sizez
635     setParam(params, CKMC_PARAM_ED_CTR_LEN, 1);
636     test();
637     setParam(params, CKMC_PARAM_ED_CTR_LEN, 4);
638     test();
639     setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
640     test();
641     setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
642     test();
643 }
644
645 void testCtrDecryptionInvalidLength(const Algo& algo)
646 {
647     // prepare buffers
648     ckmc_raw_buffer_s* decrypted = nullptr;
649
650     // add AES CTR key & encrypt
651     auto ret = encrypt(algo, PLAIN_DATA);
652
653     // decryption
654     auto test = [&](){
655         assert_crypto_invalid_param(apiDecrypt,
656                                     ret.params.get(),
657                                     ret.prvKey.c_str(),
658                                     nullptr,
659                                     *ret.encrypted.get(),
660                                     &decrypted);
661         ckmc_buffer_free(decrypted);
662         decrypted = nullptr;
663     };
664     // invalid counter size
665     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, -1);
666     test();
667     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0);
668     test();
669     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
670     test();
671 }
672
673 void testCtrDecryptionValidLength(const Algo& algo)
674 {
675     // prepare buffers
676     ckmc_raw_buffer_s* decrypted = nullptr;
677
678     // add AES CTR key & encrypt
679     auto ret = encrypt(algo, PLAIN_DATA);
680
681     // decryption
682     auto test = [&](){
683         assert_crypto_positive(apiDecrypt,
684                                ret.params.get(),
685                                ret.prvKey.c_str(),
686                                nullptr,
687                                *ret.encrypted.get(),
688                                &decrypted);
689         ckmc_buffer_free(decrypted);
690         RawBufferPtr tmp = create_raw_buffer(decrypted);
691         assert_buffers_equal(*PLAIN_DATA.get(), *decrypted);
692     };
693     // invalid counter size
694     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1);
695     test();
696     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 4);
697     test();
698     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
699     test();
700     setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
701     test();
702 }
703
704 void testGcmEncryptionTagLen(const Algo& algo)
705 {
706     // prepare buffers
707     ckmc_raw_buffer_s* encryptedTmp = nullptr;
708
709     // add AES GCM key
710     KeyAliasPair aliases = getKey(algo, PRIMARY);
711
712     // setup params
713     ckmc_param_list_h handle = NULL;
714     assert_positive(ckmc_generate_new_params, algo.type, &handle);
715     ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
716     setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
717
718     std::vector<TagTest> testData = {
719             // illegal tag lengths
720             { -1,   EncryptionError::INVALID_PARAM },
721             { 0,    EncryptionError::INVALID_PARAM },
722             { 16,   EncryptionError::INVALID_PARAM },
723             { 48,   EncryptionError::INVALID_PARAM },
724             { 72,   EncryptionError::INVALID_PARAM },
725             { 100,  EncryptionError::INVALID_PARAM },
726             { 108,  EncryptionError::INVALID_PARAM },
727             { 116,  EncryptionError::INVALID_PARAM },
728             { 124,  EncryptionError::INVALID_PARAM },
729             { 256,  EncryptionError::INVALID_PARAM },
730             // legal tag lengths
731             { 32,   EncryptionError::SUCCESS },
732             { 64,   EncryptionError::SUCCESS },
733             { 96,   EncryptionError::SUCCESS },
734             { 104,  EncryptionError::SUCCESS },
735             { 112,  EncryptionError::SUCCESS },
736             { 120,  EncryptionError::SUCCESS },
737             { 128,  EncryptionError::SUCCESS },
738     };
739
740     // encryption
741     for(const auto& it : testData)
742     {
743         setParam(params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
744         assert_crypto_result(it.expected,
745                              apiEncrypt,
746                              params.get(),
747                              aliases.pub.c_str(),
748                              nullptr,
749                              *PLAIN_DATA.get(),
750                              &encryptedTmp);
751         ckmc_buffer_free(encryptedTmp);
752         encryptedTmp = nullptr;
753     }
754 }
755
756 void testGcmDecryptionTagLen(const Algo& algo)
757 {
758     // prepare buffers
759     ckmc_raw_buffer_s* decrypted = nullptr;
760
761     // add AES GCM key & encrypt
762     auto ret = encrypt(algo, PLAIN_DATA);
763
764     std::vector<TagTest> testData = {
765             // illegal tag lengths
766             { -1,   EncryptionError::INVALID_PARAM },
767             { 0,    EncryptionError::INVALID_PARAM },
768             { 16,   EncryptionError::INVALID_PARAM },
769             { 48,   EncryptionError::INVALID_PARAM },
770             { 72,   EncryptionError::INVALID_PARAM },
771             { 100,  EncryptionError::INVALID_PARAM },
772             { 108,  EncryptionError::INVALID_PARAM },
773             { 116,  EncryptionError::INVALID_PARAM },
774             { 124,  EncryptionError::INVALID_PARAM },
775             { 256,  EncryptionError::INVALID_PARAM },
776             // legal tag lengths but different than the one used for encryption
777             { 32,   EncryptionError::INVALID_PARAM },
778             { 64,   EncryptionError::INVALID_PARAM },
779             { 96,   EncryptionError::INVALID_PARAM },
780             { 104,  EncryptionError::INVALID_PARAM },
781             { 112,  EncryptionError::INVALID_PARAM },
782             { 120,  EncryptionError::INVALID_PARAM },
783             // legal tag length that was actually used for encryption (default)
784             { 128,  EncryptionError::SUCCESS },
785     };
786
787     // decryption
788     for(const auto& it : testData)
789     {
790         setParam(ret.params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
791         assert_crypto_result(it.expected,
792                              apiDecrypt,
793                              ret.params.get(),
794                              ret.prvKey.c_str(),
795                              nullptr,
796                              *ret.encrypted.get(),
797                              &decrypted);
798         ckmc_buffer_free(decrypted);
799         decrypted = nullptr;
800     }
801 }
802
803 void testGcmWrongTag(const Algo& algo)
804 {
805     // prepare buffers
806     ckmc_raw_buffer_s* decrypted = nullptr;
807
808     // encrypt with AES GCM
809     auto ret = encrypt(algo, PLAIN_DATA);
810
811     // modify tag (last 16B of encrypted message)
812     ret.encrypted->data[ret.encrypted->size-1]++;
813
814     // EVP_CipherFinal fails because of an authentication error
815     assert_crypto_result(EncryptionError::INVALID_PARAM,
816                          apiDecrypt,
817                          ret.params.get(),
818                          ret.prvKey.c_str(),
819                          nullptr,
820                          *ret.encrypted.get(),
821                          &decrypted);
822 }
823
824 void testGcmDifferentIvSizes(const Algo& algo)
825 {
826     // add AES GCM key
827     KeyAliasPair aliases = getKey(algo, PRIMARY);
828
829     testGcmIvSize(IV11,  aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest
830     testGcmIvSize(IV12,  aliases);
831     testGcmIvSize(IV17,  aliases);
832     testGcmIvSize(IV128, aliases);
833 }
834
835 void testEncryptDecryptBigData(const Algo& algo)
836 {
837     // prepare buffers
838     ckmc_raw_buffer_s* decrypted = nullptr;
839
840     // encrypt
841     auto ret = encrypt(algo, BIG_DATA);
842
843     assert_positive(apiDecrypt,
844                     ret.params.get(),
845                     ret.prvKey.c_str(),
846                     nullptr,
847                     *ret.encrypted.get(),
848                     &decrypted);
849     RawBufferPtr tmp = create_raw_buffer(decrypted);
850
851     assert_buffers_equal(*BIG_DATA.get(), *decrypted);
852 }
853
854 void testEncryptDecryptDifferentKeys(const Algo& algo, bool success)
855 {
856     // prepare buffers
857     ckmc_raw_buffer_s* decrypted = nullptr;
858
859     // encrypt
860     auto ret = encrypt(algo, PLAIN_DATA);
861
862     // get different keys
863     KeyAliasPair differentKeys = getKey(algo, PASSWORD_PROTECTED);
864
865     if (success) {
866         // some algorithms don't verify key validity
867         assert_crypto_positive(apiDecrypt,
868                                ret.params.get(),
869                                differentKeys.prv.c_str(),
870                                PASSWORD,
871                                *ret.encrypted.get(),
872                                &decrypted);
873         RawBufferPtr tmp = create_raw_buffer(decrypted);
874
875         assert_buffers_equal(*PLAIN_DATA.get(), *decrypted, false);
876     } else {
877         assert_crypto_result(EncryptionError::INVALID_PARAM,
878                              apiDecrypt,
879                              ret.params.get(),
880                              differentKeys.prv.c_str(),
881                              PASSWORD,
882                              *ret.encrypted.get(),
883                              &decrypted);
884     }
885 }
886
887 void testRsaLongestData(const Algo& algo, size_t dataSize)
888 {
889     // prepare buffers
890     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
891     ckmc_raw_buffer_s* decrypted = nullptr;
892
893     // encrypt
894     auto ret = encrypt(algo, plain);
895
896     assert_crypto_positive(apiDecrypt,
897                            ret.params.get(),
898                            ret.prvKey.c_str(),
899                            nullptr,
900                            *ret.encrypted.get(),
901                            &decrypted);
902     RawBufferPtr tmp = create_raw_buffer(decrypted);
903
904     assert_buffers_equal(*plain.get(), *decrypted);
905 }
906
907 void testRsaDataTooLong(const Algo& algo, size_t dataSize)
908 {
909     // prepare buffers
910     RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
911
912     // encrypt
913     EncryptionResult ret;
914     ckmc_raw_buffer_s* encrypted = nullptr;
915     KeyAliasPair aliases = getKey(algo, PRIMARY);
916
917     ckmc_param_list_h handle = NULL;
918     assert_positive(ckmc_generate_new_params, algo.type, &handle);
919     ret.params = ParamListPtr(handle, ckmc_param_list_free);
920     assert_crypto_result(EncryptionError::INVALID_PARAM,
921                          apiEncrypt,
922                          ret.params.get(),
923                          aliases.pub.c_str(),
924                          nullptr,
925                          *plain.get(),
926                          &encrypted);
927 }
928
929 } // namespace anonymous
930
931 RUNNER_TEST_GROUP_INIT_ENV(CKM_ENCRYPTION_DECRYPTION, EncGroupFixture);
932
933 /////////////////////////////////////////
934 // Generic encryption decryption tests
935 /////////////////////////////////////////
936
937 RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv)
938 {
939     testAllAlgorithms([](const Algo& algo){
940         // prepare buffers
941         ckmc_raw_buffer_s* encrypted = nullptr;
942
943         // add key
944         KeyAliasPair aliases = getKey(algo, PRIMARY);
945
946         // null param list
947         assert_crypto_invalid_param(apiEncrypt,
948                                     nullptr,
949                                     aliases.pub.c_str(),
950                                     nullptr,
951                                     *PLAIN_DATA.get(),
952                                     &encrypted);
953
954         // empty param list
955         ParamListPtr params = createParamListPtr();
956         assert_crypto_invalid_param(apiEncrypt,
957                                     params.get(),
958                                     aliases.pub.c_str(),
959                                     nullptr,
960                                     *PLAIN_DATA.get(),
961                                     &encrypted);
962     });
963 }
964
965 RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv)
966 {
967     testAllAlgorithms([](const Algo& algo){
968         // prepare buffers
969         ckmc_raw_buffer_s* encrypted = nullptr;
970
971         // setup params
972         ckmc_param_list_h handle = NULL;
973         assert_positive(ckmc_generate_new_params, algo.type, &handle);
974         ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
975         setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
976
977         assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
978                              apiEncrypt,
979                              params.get(),
980                              "non-existing-key-alias",
981                              nullptr,
982                              *PLAIN_DATA.get(),
983                              &encrypted);
984     });
985 }
986
987 RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv)
988 {
989     testAllAlgorithms([](const Algo& algo){
990         // prepare buffers
991         ckmc_raw_buffer_s plain = { nullptr, 0 };
992         ckmc_raw_buffer_s* encrypted = nullptr;
993
994         // add key
995         KeyAliasPair aliases = getKey(algo, PRIMARY);
996
997         // setup params
998         ckmc_param_list_h handle = NULL;
999         assert_positive(ckmc_generate_new_params, algo.type, &handle);
1000         ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1001         setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1002
1003         assert_crypto_invalid_param(apiEncrypt,
1004                                     params.get(),
1005                                     aliases.pub.c_str(),
1006                                     nullptr,
1007                                     plain,
1008                                     &encrypted);
1009     });
1010 }
1011
1012 RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv)
1013 {
1014     testAllAlgorithms([](const Algo& algo){
1015         // prepare buffers
1016         ckmc_raw_buffer_s** encrypted = nullptr;
1017
1018         // add key
1019         KeyAliasPair aliases = getKey(algo, PRIMARY);
1020
1021         // setup params
1022         ckmc_param_list_h handle = NULL;
1023         assert_positive(ckmc_generate_new_params, algo.type, &handle);
1024         ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1025         setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1026
1027         assert_crypto_invalid_param(apiEncrypt,
1028                                     params.get(),
1029                                     aliases.pub.c_str(),
1030                                     nullptr,
1031                                     *PLAIN_DATA.get(),
1032                                     encrypted);
1033     });
1034 }
1035
1036 RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv)
1037 {
1038     testAllAlgorithms([](const Algo& algo){
1039         // prepare buffers
1040         ckmc_raw_buffer_s* decrypted = nullptr;
1041
1042         // encrypt;
1043         auto ret = encrypt(algo, PLAIN_DATA);
1044
1045         // null param list
1046         assert_crypto_invalid_param(apiDecrypt,
1047                                     nullptr,
1048                                     ret.prvKey.c_str(),
1049                                     nullptr,
1050                                     *ret.encrypted.get(),
1051                                     &decrypted);
1052
1053         // empty param list
1054         ParamListPtr params = createParamListPtr();
1055         assert_crypto_invalid_param(apiDecrypt,
1056                                     params.get(),
1057                                     ret.prvKey.c_str(),
1058                                     nullptr,
1059                                     *ret.encrypted.get(),
1060                                     &decrypted);
1061     });
1062 }
1063
1064 RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv)
1065 {
1066     testAllAlgorithms([](const Algo& algo){
1067         // prepare buffers
1068         ckmc_raw_buffer_s* decrypted = nullptr;
1069
1070         // encrypt
1071         auto ret = encrypt(algo, PLAIN_DATA);
1072
1073         // try to decrypt
1074         assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
1075                              apiDecrypt,
1076                              ret.params.get(),
1077                              "non-existent-key",
1078                              nullptr,
1079                              *ret.encrypted.get(),
1080                              &decrypted);
1081     });
1082 }
1083
1084 RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv)
1085 {
1086     testAllAlgorithms([](const Algo& algo){
1087         // prepare buffers
1088         ckmc_raw_buffer_s encrypted = { nullptr, 0 };
1089         ckmc_raw_buffer_s* decrypted = nullptr;
1090
1091         // add key
1092         KeyAliasPair aliases = getKey(algo, PRIMARY);
1093
1094         // setup params
1095         ckmc_param_list_h handle = NULL;
1096         assert_positive(ckmc_generate_new_params, algo.type, &handle);
1097         ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1098         setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1099
1100         assert_crypto_invalid_param(apiDecrypt,
1101                                     params.get(),
1102                                     aliases.prv.c_str(),
1103                                     nullptr,
1104                                     encrypted,
1105                                     &decrypted);
1106     });
1107 }
1108
1109 RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv)
1110 {
1111     testAllAlgorithms([](const Algo& algo){
1112         // prepare buffers
1113         ckmc_raw_buffer_s** decrypted = nullptr;
1114
1115         // encrypt
1116         auto ret = encrypt(algo, PLAIN_DATA);
1117
1118         assert_crypto_invalid_param(apiDecrypt,
1119                                     ret.params.get(),
1120                                     ret.prvKey.c_str(),
1121                                     nullptr,
1122                                     *ret.encrypted.get(),
1123                                     decrypted);
1124     });
1125 }
1126
1127 RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv)
1128 {
1129     testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 128}, false);
1130     testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 192}, false);
1131     testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 256}, false);
1132     testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 128}, true);
1133     testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 192}, true);
1134     testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 256}, true);
1135     testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 128}, true);
1136     testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 192}, true);
1137     testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 256}, true);
1138     testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 1024}, false);
1139     testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 2048}, false);
1140     testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 4096}, false);
1141 }
1142
1143 RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv)
1144 {
1145     testAllAlgorithms([](const Algo& algo){
1146         // prepare buffers
1147         ckmc_raw_buffer_s* decrypted = nullptr;
1148
1149         // encrypt
1150         auto ret = encrypt(algo, PLAIN_DATA);
1151
1152         assert_crypto_positive(apiDecrypt,
1153                                ret.params.get(),
1154                                ret.prvKey.c_str(),
1155                                nullptr,
1156                                *ret.encrypted.get(),
1157                                &decrypted);
1158         RawBufferPtr tmp = create_raw_buffer(decrypted);
1159
1160         assert_buffers_equal(*PLAIN_DATA.get(), *decrypted);
1161     });
1162 }
1163
1164 RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv)
1165 {
1166     testAllAlgorithms([](const Algo& algo){
1167         // prepare buffers
1168         ckmc_raw_buffer_s* decrypted = nullptr;
1169
1170         // encrypt
1171         auto ret = encrypt(algo, PLAIN_DATA, PASSWORD);
1172
1173         // wrong password
1174         assert_crypto_result(EncryptionError::AUTH_FAILED,
1175                              apiDecrypt,
1176                              ret.params.get(),
1177                              ret.prvKey.c_str(),
1178                              "wrong-password",
1179                              *ret.encrypted.get(),
1180                              &decrypted);
1181
1182         // correct password
1183         assert_crypto_positive(apiDecrypt,
1184                                ret.params.get(),
1185                                ret.prvKey.c_str(),
1186                                PASSWORD,
1187                                *ret.encrypted.get(),
1188                                &decrypted);
1189         RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion
1190
1191         assert_buffers_equal(*PLAIN_DATA.get(), *decrypted);
1192     });
1193 }
1194
1195 // long test split into smaller ones
1196 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_128, SyncEnv, AsyncEnv)
1197 {
1198     testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 128});
1199 }
1200
1201 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_192, SyncEnv, AsyncEnv)
1202 {
1203     testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 192});
1204 }
1205
1206 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_256, SyncEnv, AsyncEnv)
1207 {
1208     testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 256});
1209 }
1210
1211 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_128, SyncEnv, AsyncEnv)
1212 {
1213     testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 128});
1214 }
1215
1216 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_192, SyncEnv, AsyncEnv)
1217 {
1218     testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 192});
1219 }
1220
1221 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_256, SyncEnv, AsyncEnv)
1222 {
1223     testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 256});
1224 }
1225
1226 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_128, SyncEnv, AsyncEnv)
1227 {
1228     testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 128});
1229 }
1230
1231 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_192, SyncEnv, AsyncEnv)
1232 {
1233     testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 192});
1234 }
1235
1236 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_256, SyncEnv, AsyncEnv)
1237 {
1238     testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 256});
1239 }
1240
1241 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_128, SyncEnv, AsyncEnv)
1242 {
1243     testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 128});
1244 }
1245
1246 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_192, SyncEnv, AsyncEnv)
1247 {
1248     testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 192});
1249 }
1250
1251 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_256, SyncEnv, AsyncEnv)
1252 {
1253     testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 256});
1254 }
1255
1256 /////////////////////////////////////////
1257 // Algorithm specific tests
1258 /////////////////////////////////////////
1259
1260 RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv)
1261 {
1262     testNoIvEnc({CKMC_ALGO_AES_CTR, 128});
1263     testNoIvEnc({CKMC_ALGO_AES_CTR, 192});
1264     testNoIvEnc({CKMC_ALGO_AES_CTR, 256});
1265     testNoIvEnc({CKMC_ALGO_AES_CBC, 128});
1266     testNoIvEnc({CKMC_ALGO_AES_CBC, 192});
1267     testNoIvEnc({CKMC_ALGO_AES_CBC, 256});
1268     testNoIvEnc({CKMC_ALGO_AES_CFB, 128});
1269     testNoIvEnc({CKMC_ALGO_AES_CFB, 192});
1270     testNoIvEnc({CKMC_ALGO_AES_CFB, 256});
1271     testNoIvEnc({CKMC_ALGO_AES_GCM, 128});
1272     testNoIvEnc({CKMC_ALGO_AES_GCM, 192});
1273     testNoIvEnc({CKMC_ALGO_AES_GCM, 256});
1274 }
1275
1276 RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv)
1277 {
1278     testInvalidIvEnc({CKMC_ALGO_AES_CTR, 128});
1279     testInvalidIvEnc({CKMC_ALGO_AES_CTR, 192});
1280     testInvalidIvEnc({CKMC_ALGO_AES_CTR, 256});
1281     testInvalidIvEnc({CKMC_ALGO_AES_CBC, 128});
1282     testInvalidIvEnc({CKMC_ALGO_AES_CBC, 192});
1283     testInvalidIvEnc({CKMC_ALGO_AES_CBC, 256});
1284     testInvalidIvEnc({CKMC_ALGO_AES_CFB, 128});
1285     testInvalidIvEnc({CKMC_ALGO_AES_CFB, 192});
1286     testInvalidIvEnc({CKMC_ALGO_AES_CFB, 256});
1287 }
1288
1289 RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv)
1290 {
1291     testNoIvDec({CKMC_ALGO_AES_CTR, 128});
1292     testNoIvDec({CKMC_ALGO_AES_CTR, 192});
1293     testNoIvDec({CKMC_ALGO_AES_CTR, 256});
1294     testNoIvDec({CKMC_ALGO_AES_CBC, 128});
1295     testNoIvDec({CKMC_ALGO_AES_CBC, 192});
1296     testNoIvDec({CKMC_ALGO_AES_CBC, 256});
1297     testNoIvDec({CKMC_ALGO_AES_CFB, 128});
1298     testNoIvDec({CKMC_ALGO_AES_CFB, 192});
1299     testNoIvDec({CKMC_ALGO_AES_CFB, 256});
1300     testNoIvDec({CKMC_ALGO_AES_GCM, 128});
1301     testNoIvDec({CKMC_ALGO_AES_GCM, 192});
1302     testNoIvDec({CKMC_ALGO_AES_GCM, 256});
1303 }
1304
1305 RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv)
1306 {
1307     testInvalidIvDec({CKMC_ALGO_AES_CTR, 128});
1308     testInvalidIvDec({CKMC_ALGO_AES_CTR, 192});
1309     testInvalidIvDec({CKMC_ALGO_AES_CTR, 256});
1310     testInvalidIvDec({CKMC_ALGO_AES_CBC, 128});
1311     testInvalidIvDec({CKMC_ALGO_AES_CBC, 192});
1312     testInvalidIvDec({CKMC_ALGO_AES_CBC, 256});
1313     testInvalidIvDec({CKMC_ALGO_AES_CFB, 128});
1314     testInvalidIvDec({CKMC_ALGO_AES_CFB, 192});
1315     testInvalidIvDec({CKMC_ALGO_AES_CFB, 256});
1316 }
1317
1318 RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv)
1319 {
1320     testIntegrity({CKMC_ALGO_AES_CTR, 128});
1321     testIntegrity({CKMC_ALGO_AES_CTR, 192});
1322     testIntegrity({CKMC_ALGO_AES_CTR, 256});
1323     testIntegrity({CKMC_ALGO_AES_CBC, 128});
1324     testIntegrity({CKMC_ALGO_AES_CBC, 192});
1325     testIntegrity({CKMC_ALGO_AES_CBC, 256});
1326     testIntegrity({CKMC_ALGO_AES_CFB, 128});
1327     testIntegrity({CKMC_ALGO_AES_CFB, 192});
1328     testIntegrity({CKMC_ALGO_AES_CFB, 256});
1329 }
1330
1331 RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv)
1332 {
1333     testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 128});
1334     testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 192});
1335     testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 256});
1336 }
1337
1338 RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv)
1339 {
1340     RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1341     testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 128});
1342     testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 192});
1343     testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 256});
1344 }
1345
1346 RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv)
1347 {
1348     testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 128});
1349     testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 192});
1350     testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 256});
1351 }
1352
1353 RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv)
1354 {
1355     RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1356     testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 128});
1357     testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 192});
1358     testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 256});
1359 }
1360
1361 RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv)
1362 {
1363     testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 128});
1364     testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 192});
1365     testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 256});
1366 }
1367
1368 RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv)
1369 {
1370     testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 128});
1371     testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 192});
1372     testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 256});
1373 }
1374
1375 RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv)
1376 {
1377     testGcmWrongTag({CKMC_ALGO_AES_GCM, 128});
1378     testGcmWrongTag({CKMC_ALGO_AES_GCM, 192});
1379     testGcmWrongTag({CKMC_ALGO_AES_GCM, 256});
1380 }
1381
1382 RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv)
1383 {
1384     testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 128});
1385     testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 192});
1386     testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 256});
1387 }
1388
1389 RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv)
1390 {
1391     encryptionWithCustomData({CKMC_ALGO_AES_GCM, 128}, CKMC_PARAM_ED_AAD);
1392     encryptionWithCustomData({CKMC_ALGO_AES_GCM, 192}, CKMC_PARAM_ED_AAD);
1393     encryptionWithCustomData({CKMC_ALGO_AES_GCM, 256}, CKMC_PARAM_ED_AAD);
1394 }
1395
1396 RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv)
1397 {
1398     RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
1399     encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 1024}, CKMC_PARAM_ED_LABEL);
1400     encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 2048}, CKMC_PARAM_ED_LABEL);
1401     encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 4096}, CKMC_PARAM_ED_LABEL);
1402 }
1403
1404 RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv)
1405 {
1406     testRsaLongestData({CKMC_ALGO_RSA_OAEP, 1024}, 86);
1407     testRsaLongestData({CKMC_ALGO_RSA_OAEP, 2048}, 214);
1408     testRsaLongestData({CKMC_ALGO_RSA_OAEP, 4096}, 470);
1409 }
1410
1411 RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv)
1412 {
1413     testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 1024}, 87);
1414     testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 2048}, 215);
1415     testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 4096}, 471);
1416 }
1417
1418 /////////////////////////////////////////
1419 // Asynchronous only tests
1420 /////////////////////////////////////////
1421 RUNNER_TEST(TED_2000_enc_no_observer_async, AsyncEnv)
1422 {
1423     testAllAlgorithms([](const Algo& algo){
1424         // prepare buffers
1425         RawBuffer plain = createRandomBuffer(BUF_LEN);
1426
1427         // keys
1428         KeyAliasPair aliases = getKey(algo, PRIMARY);
1429
1430         // params
1431         ckmc_param_list_h handle = NULL;
1432         assert_positive(ckmc_generate_new_params, algo.type, &handle);
1433         ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1434         setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1435
1436         // encrypt
1437         test_no_observer(&ManagerAsync::encrypt,
1438                          *reinterpret_cast<CryptoAlgorithm*>(params.get()),
1439                          aliases.pub,
1440                          Password(),
1441                          plain);
1442     });
1443 }
1444
1445 RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv)
1446 {
1447     testAllAlgorithms([](const Algo& algo){
1448         // encrypt
1449         auto ret = encrypt(algo, PLAIN_DATA);
1450         RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size);
1451
1452         // decrypt
1453         test_no_observer(&ManagerAsync::decrypt,
1454                          *reinterpret_cast<CryptoAlgorithm*>(ret.params.get()),
1455                          ret.prvKey,
1456                          Password(),
1457                          encrypted);
1458     });
1459 }
Domain: Security / Uncategorized;