2 * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file encryption-decryption.cpp
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
28 #include <dpl/test/test_runner.h>
29 #include <ckm-common.h>
30 #include <ckmc/ckmc-manager.h>
31 #include <ckm/ckm-type.h>
32 #include <ckm/ckm-manager.h>
33 #include <encryption-decryption-env.h>
39 const char* PASSWORD = "test-password";
40 const uid_t UID = 5001;
41 const size_t CTR_DEFAULT_LEN = 16*8;
42 const size_t DEFAULT_IV_LEN = 16;
43 const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024
49 EncryptionApi* g_api = &g_syncApi;
51 EncryptionError apiEncrypt(ckmc_param_list_h params,
52 const char *key_alias,
54 const ckmc_raw_buffer_s decrypted,
55 ckmc_raw_buffer_s **ppencrypted) {
56 RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
57 return g_api->encrypt(params, key_alias, password, decrypted, ppencrypted);
60 // Policy backend to use in subsequent operations (global for each test case)
61 PolicyBackend g_backend = PolicyBackend::DEFAULT;
65 testBackend(PolicyBackend backend){
66 m_backend = g_backend;
70 virtual ~testBackend(){
71 //restore in destructor
72 g_backend = m_backend;
75 PolicyBackend m_backend;
78 inline CKM::Password _tostring(const char *str)
80 return (str == nullptr) ? Password() : Password(str);
83 inline CKM::Policy _toCkmPolicy(const ckmc_policy_s &policy, PolicyBackend backend)
85 return CKM::Policy(_tostring(policy.password), policy.extractable, backend);
88 EncryptionError apiDecrypt(ckmc_param_list_h params,
89 const char *key_alias,
91 const ckmc_raw_buffer_s encrypted,
92 ckmc_raw_buffer_s **ppdecrypted) {
93 RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
94 return g_api->decrypt(params, key_alias, password, encrypted, ppdecrypted);
98 template <typename F, typename... Args>
99 void assert_crypto_result(EncryptionError expected, F&& func, Args... args)
101 EncryptionError ret = func(args...);
102 RUNNER_ASSERT_MSG(ret == expected,
103 "Expected: " << static_cast<int>(expected) <<
104 " got: " << static_cast<int>(ret));
107 template <typename F, typename... Args>
108 void assert_crypto_positive(F&& func, Args... args)
110 assert_crypto_result(EncryptionError::SUCCESS, std::move(func), args...);
113 template <typename F, typename... Args>
114 void assert_crypto_invalid_param(F&& func, Args... args)
116 assert_crypto_result(EncryptionError::INVALID_PARAM, std::move(func), args...);
121 EncryptionError expected;
130 class EncEnv : public RemoveDataEnv<UID> {
132 EncEnv() : m_dbu(NULL) {}
133 ~EncEnv() { delete m_dbu; }
135 void init(const std::string& str) {
136 RemoveDataEnv<UID>::init(str);
137 m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database
143 RemoveDataEnv<UID>::finish();
147 ScopedDBUnlock* m_dbu;
150 struct SyncEnv : public EncEnv {
151 void init(const std::string& str) {
156 static std::string suffix() { return "_sync"; }
159 struct AsyncEnv : public EncEnv {
160 void init(const std::string& str) {
165 static std::string suffix() { return "_async"; }
169 ckmc_algo_type_e m_type;
172 AlgoBase(ckmc_algo_type_e type, size_t keyLen) : m_type(type), m_keyLen(keyLen) {}
174 virtual KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr) = 0;
177 typedef std::shared_ptr<AlgoBase> AlgoBasePtr;
179 template <typename T>
180 AlgoBasePtr createAlgo(ckmc_algo_type_e type, size_t keyLen) {
181 return AlgoBasePtr(new T(type, keyLen));
184 struct AlgoAes : public AlgoBase {
185 AlgoAes(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
186 KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
189 KeyAliasPair AlgoAes::keyGen(const char* pass, const char* suffix)
191 KeyAliasPair aliases;
192 std::ostringstream oss;
193 std::string ownerId = getOwnerIdFromSelf();
194 CharPtr passPtr(nullptr, free);
196 passPtr.reset(strdup(pass));
198 oss << "aes_" << static_cast<int>(m_type) << "_" << m_keyLen << "_key_alias";
201 aliases.prv = aliasWithLabel(ownerId.c_str(),oss.str().c_str());
202 aliases.pub = aliasWithLabel(ownerId.c_str(), oss.str().c_str());
204 ckmc_policy_s policy;
205 policy.extractable = false;
206 policy.password = passPtr.get();
208 auto mgr = CKM::Manager::create();
209 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == mgr->createKeyAES(m_keyLen, Alias(aliases.prv.c_str()),
210 _toCkmPolicy(policy, g_backend)),
211 "AES key creation failed");
216 struct AlgoRsa : public AlgoBase {
217 AlgoRsa(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
218 KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
221 KeyAliasPair AlgoRsa::keyGen(const char* pass, const char* suffix)
223 std::ostringstream oss_prv, oss_pub;
224 oss_prv << "rsa_oaep_prv_alias_" << m_keyLen;
225 oss_pub << "rsa_oaep_pub_alias_" << m_keyLen;
230 KeyAliasPair aliases = {
231 aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_prv.str().c_str()),
232 aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_pub.str().c_str())
234 CharPtr passPtr(nullptr, free);
236 passPtr.reset(strdup(pass));
238 ckmc_policy_s policyPrv;
239 policyPrv.password = passPtr.get();
240 policyPrv.extractable = 0;
242 ckmc_policy_s policyPub;
243 policyPub.password = passPtr.get();
244 policyPub.extractable = 0;
246 auto mgr = CKM::Manager::create();
248 RUNNER_ASSERT_MSG(CKM_API_SUCCESS == mgr->createKeyPairRSA(static_cast<int>(m_keyLen),
249 CKM::Alias(aliases.prv.c_str()),
250 CKM::Alias(aliases.pub.c_str()),
251 _toCkmPolicy(policyPrv, g_backend),
252 _toCkmPolicy(policyPub, g_backend)), "RSA key pair generation failed" );
274 std::map<Algorithm, AlgoBasePtr> g_algorithms = {
275 { AES_CBC_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 128) },
276 { AES_CBC_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 192) },
277 { AES_CBC_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 256) },
278 { AES_GCM_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 128) },
279 { AES_GCM_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 192) },
280 { AES_GCM_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 256) },
281 { AES_CTR_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 128) },
282 { AES_CTR_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 192) },
283 { AES_CTR_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 256) },
284 { AES_CFB_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 128) },
285 { AES_CFB_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 192) },
286 { AES_CFB_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 256) },
287 { RSA_OAEP_1024, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 1024) },
288 { RSA_OAEP_2048, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 2048) },
289 { RSA_OAEP_4096, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 4096) },
292 void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer)
294 int ret = ckmc_param_list_set_buffer(params.get(), name, buffer);
295 RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
296 "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
299 void setParam(ParamListPtr& params, ckmc_param_name_e name, int integer)
301 int ret = ckmc_param_list_set_integer(params.get(), name, integer);
302 RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
303 "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
306 struct EncryptionResult
308 RawBufferPtr encrypted;
314 EncryptionResult encrypt(const AlgoBasePtr& algo,
315 const RawBufferPtr& plain,
316 const char* pass = nullptr)
318 EncryptionResult ret;
319 ckmc_raw_buffer_s* encrypted = nullptr;
320 KeyAliasPair aliases = algo->keyGen(pass);
322 ckmc_param_list_h handle = NULL;
323 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
324 ret.params = ParamListPtr(handle, ckmc_param_list_free);
325 setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
327 assert_crypto_positive(apiEncrypt,
334 ret.encrypted = create_raw_buffer(encrypted);
335 ret.prvKey = aliases.prv;
336 ret.pubKey = aliases.pub;
340 void testAllAlgorithms(
341 const std::function<void(const AlgoBasePtr& algo)>& test)
343 for(const auto& it : g_algorithms)
347 void testNoIvEnc(Algorithm type)
349 const AlgoBasePtr& algo = g_algorithms.at(type);
352 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
353 ckmc_raw_buffer_s* encrypted = nullptr;
356 KeyAliasPair aliases = algo->keyGen();
358 // param list with algo type only
359 ParamListPtr params = createParamListPtr();
360 setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
361 assert_crypto_invalid_param(apiEncrypt,
369 void testNoIvDec(Algorithm type)
371 const AlgoBasePtr& algo = g_algorithms.at(type);
374 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
375 ckmc_raw_buffer_s* decrypted = nullptr;
378 auto ret = encrypt(algo, plain);
380 // param list with algo type only
381 ParamListPtr params = createParamListPtr();
382 setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
383 assert_crypto_invalid_param(apiDecrypt,
387 *ret.encrypted.get(),
391 void testInvalidIvEnc(Algorithm type)
393 const AlgoBasePtr& algo = g_algorithms.at(type);
396 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
397 ckmc_raw_buffer_s* encryptedTmp = nullptr;
400 KeyAliasPair aliases = algo->keyGen();
403 ckmc_param_list_h handle = NULL;
404 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
405 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
407 // invalid encryption
409 assert_crypto_invalid_param(apiEncrypt,
415 ckmc_buffer_free(encryptedTmp);
416 encryptedTmp = nullptr;
419 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
421 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
425 void testInvalidIvDec(Algorithm type)
427 const AlgoBasePtr& algo = g_algorithms.at(type);
430 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
431 ckmc_raw_buffer_s* decrypted = nullptr;
434 auto ret = encrypt(algo, plain);
438 assert_crypto_invalid_param(apiDecrypt,
442 *ret.encrypted.get(),
444 ckmc_buffer_free(decrypted);
449 setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
451 setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
455 void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name)
457 const AlgoBasePtr& algo = g_algorithms.at(type);
460 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
461 ckmc_raw_buffer_s* encrypted = nullptr;
462 ckmc_raw_buffer_s* decrypted = nullptr;
465 KeyAliasPair aliases = algo->keyGen();
468 ckmc_param_list_h handle = NULL;
469 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
470 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
472 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
475 setParam(params, name, createRandomBufferCAPI(64));
478 assert_crypto_positive(apiEncrypt,
484 RawBufferPtr tmpEnc = create_raw_buffer(encrypted);
487 assert_crypto_positive(apiDecrypt,
493 RawBufferPtr tmpDec = create_raw_buffer(decrypted);
496 assert_buffers_equal(*plain.get(), *tmpDec.get());
501 setParam(params, name, createRandomBufferCAPI(32));
504 assert_crypto_result(EncryptionError::INVALID_PARAM,
513 void testGcmIvSize(size_t size,
514 const KeyAliasPair& aliases,
515 EncryptionError error = EncryptionError::SUCCESS)
518 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
519 RawBufferPtr encrypted;
520 RawBufferPtr decrypted;
521 ckmc_raw_buffer_s* encryptedTmp = nullptr;
522 ckmc_raw_buffer_s* decryptedTmp = nullptr;
525 ckmc_param_list_h handle = NULL;
526 assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle);
527 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
528 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
529 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(size));
532 assert_crypto_result(error,
540 if(error != EncryptionError::SUCCESS)
542 encrypted = create_raw_buffer(encryptedTmp);
545 assert_crypto_positive(apiDecrypt,
551 decrypted = create_raw_buffer(decryptedTmp);
553 assert_buffers_equal(*plain.get(), *decrypted.get());
556 void testIntegrity(Algorithm type)
558 const AlgoBasePtr& algo = g_algorithms.at(type);
561 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
562 ckmc_raw_buffer_s* decrypted = nullptr;
565 auto ret = encrypt(algo, plain);
567 // break the encrypted data
568 ret.encrypted->data[BUF_LEN/2]++;
570 // no data integrity check
571 assert_crypto_positive(apiDecrypt,
575 *ret.encrypted.get(),
578 RawBufferPtr tmp = create_raw_buffer(decrypted);
579 assert_buffers_equal(*plain.get(), *decrypted, false);
582 void testCtrEncryptionInvalidLength(Algorithm type)
584 const AlgoBasePtr& algo = g_algorithms.at(type);
587 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
588 ckmc_raw_buffer_s* encryptedTmp = nullptr;
591 KeyAliasPair aliases = algo->keyGen();
594 ckmc_param_list_h handle = NULL;
595 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
596 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
597 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
601 assert_crypto_invalid_param(apiEncrypt,
607 ckmc_buffer_free(encryptedTmp);
608 encryptedTmp = nullptr;
610 // invalid counter size
611 setParam(params, CKMC_PARAM_ED_CTR_LEN, -1);
613 setParam(params, CKMC_PARAM_ED_CTR_LEN, 0);
615 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
619 void testCtrEncryptionValidLength(Algorithm type)
621 const AlgoBasePtr& algo = g_algorithms.at(type);
624 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
625 ckmc_raw_buffer_s* encryptedTmp = nullptr;
628 KeyAliasPair aliases = algo->keyGen();
631 ckmc_param_list_h handle = NULL;
632 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
633 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
634 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
638 assert_crypto_positive(apiEncrypt,
644 ckmc_buffer_free(encryptedTmp);
645 encryptedTmp = nullptr;
647 // valid counter sizez
648 setParam(params, CKMC_PARAM_ED_CTR_LEN, 1);
650 setParam(params, CKMC_PARAM_ED_CTR_LEN, 4);
652 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
654 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
658 void testCtrDecryptionInvalidLength(Algorithm type)
660 const AlgoBasePtr& algo = g_algorithms.at(type);
663 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
664 ckmc_raw_buffer_s* decrypted = nullptr;
666 // add AES CTR key & encrypt
667 auto ret = encrypt(algo, plain);
671 assert_crypto_invalid_param(apiDecrypt,
675 *ret.encrypted.get(),
677 ckmc_buffer_free(decrypted);
680 // invalid counter size
681 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, -1);
683 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0);
685 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
689 void testCtrDecryptionValidLength(Algorithm type)
691 const AlgoBasePtr& algo = g_algorithms.at(type);
694 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
695 ckmc_raw_buffer_s* decrypted = nullptr;
697 // add AES CTR key & encrypt
698 auto ret = encrypt(algo, plain);
702 assert_crypto_positive(apiDecrypt,
706 *ret.encrypted.get(),
708 ckmc_buffer_free(decrypted);
709 RawBufferPtr tmp = create_raw_buffer(decrypted);
710 assert_buffers_equal(*plain.get(), *decrypted);
712 // invalid counter size
713 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1);
715 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 4);
717 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
719 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
723 void testGcmEncryptionTagLen(Algorithm type)
725 const AlgoBasePtr& algo = g_algorithms.at(type);
728 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
729 ckmc_raw_buffer_s* encryptedTmp = nullptr;
732 KeyAliasPair aliases = algo->keyGen();
735 ckmc_param_list_h handle = NULL;
736 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
737 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
738 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
740 std::vector<TagTest> testData = {
741 // illegal tag lengths
742 { -1, EncryptionError::INVALID_PARAM },
743 { 0, EncryptionError::INVALID_PARAM },
744 { 16, EncryptionError::INVALID_PARAM },
745 { 48, EncryptionError::INVALID_PARAM },
746 { 72, EncryptionError::INVALID_PARAM },
747 { 100, EncryptionError::INVALID_PARAM },
748 { 108, EncryptionError::INVALID_PARAM },
749 { 116, EncryptionError::INVALID_PARAM },
750 { 124, EncryptionError::INVALID_PARAM },
751 { 256, EncryptionError::INVALID_PARAM },
753 { 32, EncryptionError::SUCCESS },
754 { 64, EncryptionError::SUCCESS },
755 { 96, EncryptionError::SUCCESS },
756 { 104, EncryptionError::SUCCESS },
757 { 112, EncryptionError::SUCCESS },
758 { 120, EncryptionError::SUCCESS },
759 { 128, EncryptionError::SUCCESS },
763 for(const auto& it : testData)
765 setParam(params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
766 assert_crypto_result(it.expected,
773 ckmc_buffer_free(encryptedTmp);
774 encryptedTmp = nullptr;
778 void testGcmDecryptionTagLen(Algorithm type)
780 const AlgoBasePtr& algo = g_algorithms.at(type);
783 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
784 ckmc_raw_buffer_s* decrypted = nullptr;
786 // add AES GCM key & encrypt
787 auto ret = encrypt(algo, plain);
789 std::vector<TagTest> testData = {
790 // illegal tag lengths
791 { -1, EncryptionError::INVALID_PARAM },
792 { 0, EncryptionError::INVALID_PARAM },
793 { 16, EncryptionError::INVALID_PARAM },
794 { 48, EncryptionError::INVALID_PARAM },
795 { 72, EncryptionError::INVALID_PARAM },
796 { 100, EncryptionError::INVALID_PARAM },
797 { 108, EncryptionError::INVALID_PARAM },
798 { 116, EncryptionError::INVALID_PARAM },
799 { 124, EncryptionError::INVALID_PARAM },
800 { 256, EncryptionError::INVALID_PARAM },
801 // legal tag lengths but different than the one used for encryption
802 { 32, EncryptionError::INVALID_PARAM },
803 { 64, EncryptionError::INVALID_PARAM },
804 { 96, EncryptionError::INVALID_PARAM },
805 { 104, EncryptionError::INVALID_PARAM },
806 { 112, EncryptionError::INVALID_PARAM },
807 { 120, EncryptionError::INVALID_PARAM },
808 // legal tag length that was actually used for encryption (default)
809 { 128, EncryptionError::SUCCESS },
813 for(const auto& it : testData)
815 setParam(ret.params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
816 assert_crypto_result(it.expected,
821 *ret.encrypted.get(),
823 ckmc_buffer_free(decrypted);
828 void testGcmWrongTag(Algorithm type)
830 const AlgoBasePtr& algo = g_algorithms.at(type);
833 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
834 ckmc_raw_buffer_s* decrypted = nullptr;
836 // encrypt with AES GCM
837 auto ret = encrypt(algo, plain);
839 // modify tag (last 16B of encrypted message)
840 ret.encrypted->data[ret.encrypted->size-1]++;
842 // EVP_CipherFinal fails because of an authentication error
843 assert_crypto_result(EncryptionError::INVALID_PARAM,
848 *ret.encrypted.get(),
852 void testGcmDifferentIvSizes(Algorithm type)
854 const AlgoBasePtr& algo = g_algorithms.at(type);
857 KeyAliasPair aliases = algo->keyGen();
859 testGcmIvSize(11, aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest
860 testGcmIvSize(12, aliases);
861 testGcmIvSize(17, aliases);
862 testGcmIvSize(128, aliases);
865 void testEncryptDecryptBigData(Algorithm type)
867 const AlgoBasePtr& algo = g_algorithms.at(type);
870 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(5000000));
871 ckmc_raw_buffer_s* decrypted = nullptr;
874 auto ret = encrypt(algo, plain);
876 assert_positive(apiDecrypt,
880 *ret.encrypted.get(),
882 RawBufferPtr tmp = create_raw_buffer(decrypted);
884 assert_buffers_equal(*plain.get(), *decrypted);
887 void testEncryptDecryptDifferentKeys(Algorithm type, bool success)
889 const AlgoBasePtr& algo = g_algorithms.at(type);
891 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
892 ckmc_raw_buffer_s* decrypted = nullptr;
895 auto ret = encrypt(algo, plain);
898 KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong");
901 // some algorithms don't verify key validity
902 assert_crypto_positive(apiDecrypt,
904 differentKeys.prv.c_str(),
906 *ret.encrypted.get(),
908 RawBufferPtr tmp = create_raw_buffer(decrypted);
910 assert_buffers_equal(*plain.get(), *decrypted, false);
912 assert_crypto_result(EncryptionError::INVALID_PARAM,
915 differentKeys.prv.c_str(),
917 *ret.encrypted.get(),
921 // Cleanup before testing next algorithm. Ignore results because not all keys are present
922 ckmc_remove_alias(ret.prvKey.c_str());
923 ckmc_remove_alias(ret.pubKey.c_str());
924 ckmc_remove_alias(differentKeys.prv.c_str());
925 ckmc_remove_alias(differentKeys.pub.c_str());
928 void testRsaLongestData(Algorithm type, size_t dataSize)
930 const AlgoBasePtr& algo = g_algorithms.at(type);
932 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
933 ckmc_raw_buffer_s* decrypted = nullptr;
936 auto ret = encrypt(algo, plain);
938 assert_crypto_positive(apiDecrypt,
942 *ret.encrypted.get(),
944 RawBufferPtr tmp = create_raw_buffer(decrypted);
946 assert_buffers_equal(*plain.get(), *decrypted);
949 void testRsaDataTooLong(Algorithm type, size_t dataSize)
951 const AlgoBasePtr& algo = g_algorithms.at(type);
953 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
956 EncryptionResult ret;
957 ckmc_raw_buffer_s* encrypted = nullptr;
958 KeyAliasPair aliases = algo->keyGen();
960 ckmc_param_list_h handle = NULL;
961 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
962 ret.params = ParamListPtr(handle, ckmc_param_list_free);
963 assert_crypto_result(EncryptionError::INVALID_PARAM,
972 } // namespace anonymous
975 RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION);
977 /////////////////////////////////////////
978 // Generic encryption decryption tests
979 /////////////////////////////////////////
981 RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv)
983 testAllAlgorithms([](const AlgoBasePtr& algo){
985 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
986 ckmc_raw_buffer_s* encrypted = nullptr;
989 KeyAliasPair aliases = algo->keyGen();
992 assert_crypto_invalid_param(apiEncrypt,
1000 ParamListPtr params = createParamListPtr();
1001 assert_crypto_invalid_param(apiEncrypt,
1003 aliases.pub.c_str(),
1010 RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv)
1012 testAllAlgorithms([](const AlgoBasePtr& algo){
1014 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1015 ckmc_raw_buffer_s* encrypted = nullptr;
1018 ckmc_param_list_h handle = NULL;
1019 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
1020 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1021 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1023 assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
1026 "non-existing-key-alias",
1033 RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv)
1035 testAllAlgorithms([](const AlgoBasePtr& algo){
1037 ckmc_raw_buffer_s plain = { nullptr, 0 };
1038 ckmc_raw_buffer_s* encrypted = nullptr;
1041 KeyAliasPair aliases = algo->keyGen();
1044 ckmc_param_list_h handle = NULL;
1045 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
1046 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1047 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1049 assert_crypto_invalid_param(apiEncrypt,
1051 aliases.pub.c_str(),
1058 RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv)
1060 testAllAlgorithms([](const AlgoBasePtr& algo){
1062 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1063 ckmc_raw_buffer_s** encrypted = nullptr;
1066 KeyAliasPair aliases = algo->keyGen();
1069 ckmc_param_list_h handle = NULL;
1070 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
1071 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1072 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1074 assert_crypto_invalid_param(apiEncrypt,
1076 aliases.pub.c_str(),
1083 RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv)
1085 testAllAlgorithms([](const AlgoBasePtr& algo){
1087 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1088 ckmc_raw_buffer_s* decrypted = nullptr;
1091 auto ret = encrypt(algo, plain);
1094 assert_crypto_invalid_param(apiDecrypt,
1098 *ret.encrypted.get(),
1102 ParamListPtr params = createParamListPtr();
1103 assert_crypto_invalid_param(apiDecrypt,
1107 *ret.encrypted.get(),
1112 RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv)
1114 testAllAlgorithms([](const AlgoBasePtr& algo){
1116 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1117 ckmc_raw_buffer_s* decrypted = nullptr;
1120 auto ret = encrypt(algo, plain);
1123 assert_positive(ckmc_remove_alias, ret.prvKey.c_str());
1126 assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
1131 *ret.encrypted.get(),
1136 RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv)
1138 testAllAlgorithms([](const AlgoBasePtr& algo){
1140 ckmc_raw_buffer_s encrypted = { nullptr, 0 };
1141 ckmc_raw_buffer_s* decrypted = nullptr;
1144 KeyAliasPair aliases = algo->keyGen();
1147 ckmc_param_list_h handle = NULL;
1148 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
1149 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1150 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1152 assert_crypto_invalid_param(apiDecrypt,
1154 aliases.prv.c_str(),
1161 RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv)
1163 testAllAlgorithms([](const AlgoBasePtr& algo){
1165 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1166 ckmc_raw_buffer_s** decrypted = nullptr;
1169 auto ret = encrypt(algo, plain);
1171 assert_crypto_invalid_param(apiDecrypt,
1175 *ret.encrypted.get(),
1180 RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv)
1182 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1183 testEncryptDecryptDifferentKeys(AES_CBC_128, false);
1184 testEncryptDecryptDifferentKeys(AES_CBC_192, false);
1185 testEncryptDecryptDifferentKeys(AES_CBC_256, false);
1186 testEncryptDecryptDifferentKeys(AES_GCM_128, false);
1187 testEncryptDecryptDifferentKeys(AES_GCM_192, false);
1188 testEncryptDecryptDifferentKeys(AES_GCM_256, false);
1189 testEncryptDecryptDifferentKeys(AES_CTR_128, true);
1190 testEncryptDecryptDifferentKeys(AES_CTR_192, true);
1191 testEncryptDecryptDifferentKeys(AES_CTR_256, true);
1192 testEncryptDecryptDifferentKeys(AES_CFB_128, true);
1193 testEncryptDecryptDifferentKeys(AES_CFB_192, true);
1194 testEncryptDecryptDifferentKeys(AES_CFB_256, true);
1195 testEncryptDecryptDifferentKeys(RSA_OAEP_1024, false);
1196 testEncryptDecryptDifferentKeys(RSA_OAEP_2048, false);
1197 testEncryptDecryptDifferentKeys(RSA_OAEP_4096, false);
1200 RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv)
1202 testAllAlgorithms([](const AlgoBasePtr& algo){
1204 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1205 ckmc_raw_buffer_s* decrypted = nullptr;
1208 auto ret = encrypt(algo, plain);
1210 assert_crypto_positive(apiDecrypt,
1214 *ret.encrypted.get(),
1216 RawBufferPtr tmp = create_raw_buffer(decrypted);
1218 assert_buffers_equal(*plain.get(), *decrypted);
1222 RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv)
1224 testAllAlgorithms([](const AlgoBasePtr& algo){
1226 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1227 ckmc_raw_buffer_s* decrypted = nullptr;
1230 auto ret = encrypt(algo, plain, PASSWORD);
1233 assert_crypto_result(EncryptionError::AUTH_FAILED,
1238 *ret.encrypted.get(),
1242 assert_crypto_positive(apiDecrypt,
1246 *ret.encrypted.get(),
1248 RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion
1250 assert_buffers_equal(*plain.get(), *decrypted);
1254 // long test split into smaller ones
1255 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_128, SyncEnv, AsyncEnv)
1257 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1258 testEncryptDecryptBigData(AES_CBC_128);
1261 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_192, SyncEnv, AsyncEnv)
1263 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1264 testEncryptDecryptBigData(AES_CBC_192);
1267 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_256, SyncEnv, AsyncEnv)
1269 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1270 testEncryptDecryptBigData(AES_CBC_256);
1273 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_128, SyncEnv, AsyncEnv)
1275 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1276 testEncryptDecryptBigData(AES_GCM_128);
1279 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_192, SyncEnv, AsyncEnv)
1281 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1282 testEncryptDecryptBigData(AES_GCM_192);
1285 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_256, SyncEnv, AsyncEnv)
1287 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1288 testEncryptDecryptBigData(AES_GCM_256);
1291 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_128, SyncEnv, AsyncEnv)
1293 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1294 testEncryptDecryptBigData(AES_CTR_128);
1297 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_192, SyncEnv, AsyncEnv)
1299 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1300 testEncryptDecryptBigData(AES_CTR_192);
1303 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_256, SyncEnv, AsyncEnv)
1305 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1306 testEncryptDecryptBigData(AES_CTR_256);
1309 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_128, SyncEnv, AsyncEnv)
1311 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1312 testEncryptDecryptBigData(AES_CFB_128);
1315 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_192, SyncEnv, AsyncEnv)
1317 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1318 testEncryptDecryptBigData(AES_CFB_192);
1321 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, AsyncEnv)
1323 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1324 testEncryptDecryptBigData(AES_CFB_256);
1327 /////////////////////////////////////////
1328 // Algorithm specific tests
1329 /////////////////////////////////////////
1331 RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv)
1333 testNoIvEnc(AES_CTR_128);
1334 testNoIvEnc(AES_CTR_192);
1335 testNoIvEnc(AES_CTR_256);
1336 testNoIvEnc(AES_CBC_128);
1337 testNoIvEnc(AES_CBC_192);
1338 testNoIvEnc(AES_CBC_256);
1339 testNoIvEnc(AES_CFB_128);
1340 testNoIvEnc(AES_CFB_192);
1341 testNoIvEnc(AES_CFB_256);
1342 testNoIvEnc(AES_GCM_128);
1343 testNoIvEnc(AES_GCM_192);
1344 testNoIvEnc(AES_GCM_256);
1347 RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv)
1349 testInvalidIvEnc(AES_CTR_128);
1350 testInvalidIvEnc(AES_CTR_192);
1351 testInvalidIvEnc(AES_CTR_256);
1352 testInvalidIvEnc(AES_CBC_128);
1353 testInvalidIvEnc(AES_CBC_192);
1354 testInvalidIvEnc(AES_CBC_256);
1355 testInvalidIvEnc(AES_CFB_128);
1356 testInvalidIvEnc(AES_CFB_192);
1357 testInvalidIvEnc(AES_CFB_256);
1360 RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv)
1362 testNoIvDec(AES_CTR_128);
1363 testNoIvDec(AES_CTR_192);
1364 testNoIvDec(AES_CTR_256);
1365 testNoIvDec(AES_CBC_128);
1366 testNoIvDec(AES_CBC_192);
1367 testNoIvDec(AES_CBC_256);
1368 testNoIvDec(AES_CFB_128);
1369 testNoIvDec(AES_CFB_192);
1370 testNoIvDec(AES_CFB_256);
1371 testNoIvDec(AES_GCM_128);
1372 testNoIvDec(AES_GCM_192);
1373 testNoIvDec(AES_GCM_256);
1376 RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv)
1378 testInvalidIvDec(AES_CTR_128);
1379 testInvalidIvDec(AES_CTR_192);
1380 testInvalidIvDec(AES_CTR_256);
1381 testInvalidIvDec(AES_CBC_128);
1382 testInvalidIvDec(AES_CBC_192);
1383 testInvalidIvDec(AES_CBC_256);
1384 testInvalidIvDec(AES_CFB_128);
1385 testInvalidIvDec(AES_CFB_192);
1386 testInvalidIvDec(AES_CFB_256);
1389 RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv)
1391 testIntegrity(AES_CTR_128);
1392 testIntegrity(AES_CTR_192);
1393 testIntegrity(AES_CTR_256);
1394 testIntegrity(AES_CBC_128);
1395 testIntegrity(AES_CBC_192);
1396 testIntegrity(AES_CBC_256);
1397 testIntegrity(AES_CFB_128);
1398 testIntegrity(AES_CFB_192);
1399 testIntegrity(AES_CFB_256);
1402 RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv)
1404 testCtrEncryptionInvalidLength(AES_CTR_128);
1405 testCtrEncryptionInvalidLength(AES_CTR_192);
1406 testCtrEncryptionInvalidLength(AES_CTR_256);
1409 RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv)
1411 RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1412 testCtrEncryptionValidLength(AES_CTR_128);
1413 testCtrEncryptionValidLength(AES_CTR_192);
1414 testCtrEncryptionValidLength(AES_CTR_256);
1417 RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv)
1419 testCtrDecryptionInvalidLength(AES_CTR_128);
1420 testCtrDecryptionInvalidLength(AES_CTR_192);
1421 testCtrDecryptionInvalidLength(AES_CTR_256);
1424 RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv)
1426 RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1427 testCtrDecryptionValidLength(AES_CTR_128);
1428 testCtrDecryptionValidLength(AES_CTR_192);
1429 testCtrDecryptionValidLength(AES_CTR_256);
1432 RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv)
1434 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1435 testGcmEncryptionTagLen(AES_GCM_128);
1436 testGcmEncryptionTagLen(AES_GCM_192);
1437 testGcmEncryptionTagLen(AES_GCM_256);
1440 RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv)
1442 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1443 testGcmDecryptionTagLen(AES_GCM_128);
1444 testGcmDecryptionTagLen(AES_GCM_192);
1445 testGcmDecryptionTagLen(AES_GCM_256);
1448 RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv)
1450 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1451 testGcmWrongTag(AES_GCM_128);
1452 testGcmWrongTag(AES_GCM_192);
1453 testGcmWrongTag(AES_GCM_256);
1456 RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv)
1458 testGcmDifferentIvSizes(AES_GCM_128);
1459 testGcmDifferentIvSizes(AES_GCM_192);
1460 testGcmDifferentIvSizes(AES_GCM_256);
1463 RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv)
1465 testBackend b(PolicyBackend::FORCE_SOFTWARE);
1466 encryptionWithCustomData(AES_GCM_128, CKMC_PARAM_ED_AAD);
1467 encryptionWithCustomData(AES_GCM_192, CKMC_PARAM_ED_AAD);
1468 encryptionWithCustomData(AES_GCM_256, CKMC_PARAM_ED_AAD);
1471 RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv)
1473 RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
1474 encryptionWithCustomData(RSA_OAEP_1024, CKMC_PARAM_ED_LABEL);
1475 encryptionWithCustomData(RSA_OAEP_2048, CKMC_PARAM_ED_LABEL);
1476 encryptionWithCustomData(RSA_OAEP_4096, CKMC_PARAM_ED_LABEL);
1479 RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv)
1481 testRsaLongestData(RSA_OAEP_1024, 86);
1482 testRsaLongestData(RSA_OAEP_2048, 214);
1483 testRsaLongestData(RSA_OAEP_4096, 470);
1486 RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv)
1488 testRsaDataTooLong(RSA_OAEP_1024, 87);
1489 testRsaDataTooLong(RSA_OAEP_2048, 215);
1490 testRsaDataTooLong(RSA_OAEP_4096, 471);
1493 /////////////////////////////////////////
1494 // Asynchronous only tests
1495 /////////////////////////////////////////
1496 RUNNER_TEST(TED_2000_enc_no_observer_async, EncEnv)
1498 testAllAlgorithms([](const AlgoBasePtr& algo){
1500 RawBuffer plain = createRandomBuffer(BUF_LEN);
1503 KeyAliasPair aliases = algo->keyGen(nullptr);
1506 ckmc_param_list_h handle = NULL;
1507 assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
1508 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1509 setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
1512 test_no_observer(&ManagerAsync::encrypt,
1513 *reinterpret_cast<CryptoAlgorithm*>(params.get()),
1520 RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv)
1522 testAllAlgorithms([](const AlgoBasePtr& algo){
1524 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
1527 auto ret = encrypt(algo, plain);
1528 RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size);
1531 test_no_observer(&ManagerAsync::decrypt,
1532 *reinterpret_cast<CryptoAlgorithm*>(ret.params.get()),