/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <string>
#include <vector>
-#include <map>
-#include <sstream>
+#include <unordered_map>
+#include <thread>
#include <dpl/test/test_runner.h>
#include <ckm-common.h>
#include <ckmc/ckmc-manager.h>
+#include <ckmc/ckmc-control.h>
#include <ckm/ckm-type.h>
+#include <ckm/ckm-manager.h>
#include <encryption-decryption-env.h>
using namespace CKM;
// Environment
SyncApi g_syncApi;
AsyncApi g_asyncApi;
+CipherApi g_cipherApi;
EncryptionApi* g_api = &g_syncApi;
return g_api->encrypt(params, key_alias, password, decrypted, ppencrypted);
}
+inline CKM::Password _tostring(const char *str)
+{
+ return (str == nullptr) ? Password() : Password(str);
+}
+
+inline CKM::Policy _toCkmPolicy(const ckmc_policy_s &policy, PolicyBackend backend)
+{
+ return CKM::Policy(_tostring(policy.password), policy.extractable, backend);
+}
+
EncryptionError apiDecrypt(ckmc_param_list_h params,
const char *key_alias,
const char *password,
return g_api->decrypt(params, key_alias, password, encrypted, ppdecrypted);
}
+
template <typename F, typename... Args>
void assert_crypto_result(EncryptionError expected, F&& func, Args... args)
{
Alias pub;
};
-class EncEnv : public RemoveDataEnv<UID> {
-public:
- EncEnv() : m_dbu(NULL) {}
- ~EncEnv() { delete m_dbu; }
-
- void init(const std::string& str) {
- RemoveDataEnv<UID>::init(str);
- m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database
+struct SyncEnv {
+ void init(const std::string&) {
+ g_api = &g_syncApi;
}
void finish() {
- delete m_dbu;
- m_dbu = NULL;
- RemoveDataEnv<UID>::finish();
- g_api = NULL;
- }
-
- ScopedDBUnlock* m_dbu;
-};
-
-struct SyncEnv : public EncEnv {
- void init(const std::string& str) {
- EncEnv::init(str);
- g_api = &g_syncApi;
+ g_api = nullptr;
}
static std::string suffix() { return "_sync"; }
};
-struct AsyncEnv : public EncEnv {
- void init(const std::string& str) {
- EncEnv::init(str);
+struct AsyncEnv {
+ void init(const std::string&) {
g_api = &g_asyncApi;
}
+ void finish() {
+ g_api = nullptr;
+ }
+
static std::string suffix() { return "_async"; }
};
-struct AlgoBase {
- ckmc_algo_type_e m_type;
- size_t m_keyLen;
+struct CipherEnv {
+ void init(const std::string&) {
+ g_api = &g_cipherApi;
+ }
+
+ void finish() {
+ g_api = nullptr;
+ }
- AlgoBase(ckmc_algo_type_e type, size_t keyLen) : m_type(type), m_keyLen(keyLen) {}
+ static std::string suffix() { return "_cipher"; }
+};
- virtual KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr) = 0;
+struct Algo {
+ ckmc_algo_type_e type;
+ size_t keyLen;
};
-typedef std::shared_ptr<AlgoBase> AlgoBasePtr;
+std::unordered_map<size_t, std::vector<Alias>> g_symKeys;
+std::unordered_map<size_t, std::vector<KeyAliasPair>> g_asymKeys;
-template <typename T>
-AlgoBasePtr createAlgo(ckmc_algo_type_e type, size_t keyLen) {
- return AlgoBasePtr(new T(type, keyLen));
-}
+enum KeyIdx {
+ PRIMARY = 0,
+ PASSWORD_PROTECTED = 1,
-struct AlgoAes : public AlgoBase {
- AlgoAes(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
- KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
+ KEY_IDX_MAX
};
-KeyAliasPair AlgoAes::keyGen(const char* pass, const char* suffix)
-{
- KeyAliasPair aliases;
- std::ostringstream oss;
- std::string ownerId = getOwnerIdFromSelf();
- CharPtr passPtr(nullptr, free);
- if (pass)
- passPtr.reset(strdup(pass));
-
- oss << "aes_" << static_cast<int>(m_type) << "_" << m_keyLen << "_key_alias";
- if (suffix)
- oss << suffix;
- aliases.prv = aliasWithLabel(ownerId.c_str(),oss.str().c_str());
- aliases.pub = aliasWithLabel(ownerId.c_str(), oss.str().c_str());
+RawBufferPtr PLAIN_DATA;
+RawBufferPtr BIG_DATA;
+ckmc_raw_buffer_s* DEFAULT_IV;
+ckmc_raw_buffer_s* IV1;
+ckmc_raw_buffer_s* IV11;
+ckmc_raw_buffer_s* IV12;
+ckmc_raw_buffer_s* IV15;
+ckmc_raw_buffer_s* IV17;
+ckmc_raw_buffer_s* IV128;
+ckmc_raw_buffer_s* AAD32;
+ckmc_raw_buffer_s* AAD64;
- ckmc_policy_s policy;
- policy.extractable = false;
- policy.password = passPtr.get();
+KeyAliasPair getKey(const Algo& algo, KeyIdx idx)
+{
+ if (algo.type == CKMC_ALGO_RSA_OAEP)
+ return g_asymKeys[algo.keyLen][idx];
- assert_positive(ckmc_create_key_aes, m_keyLen, aliases.prv.c_str(), policy);
- return aliases;
+ KeyAliasPair pair;
+ pair.prv = g_symKeys[algo.keyLen][idx];
+ pair.pub = pair.prv;
+ return pair;
}
-struct AlgoRsa : public AlgoBase {
- AlgoRsa(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
- KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
-};
-
-KeyAliasPair AlgoRsa::keyGen(const char* pass, const char* suffix)
+class EncGroupFixture: public DPL::Test::TestGroup
{
- std::ostringstream oss_prv, oss_pub;
- oss_prv << "rsa_oaep_prv_alias_" << m_keyLen;
- oss_pub << "rsa_oaep_pub_alias_" << m_keyLen;
- if (suffix) {
- oss_prv << suffix;
- oss_pub << suffix;
+public:
+ void Init() override
+ {
+ remove_user_data(UID);
+ int ret = ckmc_unlock_user_key(UID, "db-pass");
+ if (ret != CKMC_ERROR_NONE)
+ RUNNER_ERROR_MSG("DB unlock failed: " << CKMCErrorToString(ret));
+
+ // Policy backend to use in subsequent operations (global for each test case)
+#ifdef TZ_BACKEND
+ m_backend = PolicyBackend::FORCE_HARDWARE;
+#else
+ m_backend = PolicyBackend::FORCE_SOFTWARE;
+#endif
+
+ // generate keys
+ m_manager = Manager::create();
+ generateSymmetricKeys(128);
+ generateSymmetricKeys(192);
+ generateSymmetricKeys(256);
+ generateRsaKeys(1024);
+ generateRsaKeys(2048);
+ generateRsaKeys(4096);
+
+ PLAIN_DATA = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
+#ifdef TZ_BACKEND
+ ckmc_backend_info_h info;
+ size_t size;
+ assert_positive(ckmc_get_backend_info, CKMC_BACKEND_TZ, &info);
+ assert_positive(ckmc_backend_get_max_chunk_size, info, &size);
+ BIG_DATA = create_raw_buffer(createRandomBufferCAPI(size));
+#else
+ BIG_DATA = create_raw_buffer(createRandomBufferCAPI(500000));
+#endif
+ DEFAULT_IV = createRandomBufferCAPI(DEFAULT_IV_LEN);
+ IV1 = createRandomBufferCAPI(1);
+ IV11 = createRandomBufferCAPI(11);
+ IV12 = createRandomBufferCAPI(12);
+ IV15 = createRandomBufferCAPI(15);
+ IV17 = createRandomBufferCAPI(17);
+ IV128 = createRandomBufferCAPI(128);
+ AAD32 = createRandomBufferCAPI(32);
+ AAD64 = createRandomBufferCAPI(64);
}
- KeyAliasPair aliases = {
- aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_prv.str().c_str()),
- aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_pub.str().c_str())
- };
- CharPtr passPtr(nullptr, free);
- if (pass)
- passPtr.reset(strdup(pass));
-
- ckmc_policy_s policyPrv;
- policyPrv.password = passPtr.get();
- policyPrv.extractable = 0;
-
- ckmc_policy_s policyPub;
- policyPub.password = passPtr.get();
- policyPub.extractable = 0;
-
- assert_positive(ckmc_create_key_pair_rsa,
- m_keyLen,
- aliases.prv.c_str(),
- aliases.pub.c_str(),
- policyPrv,
- policyPub);
- return aliases;
-}
-
-enum Algorithm {
- AES_CBC_128,
- AES_CBC_192,
- AES_CBC_256,
- AES_GCM_128,
- AES_GCM_192,
- AES_GCM_256,
- AES_CTR_128,
- AES_CTR_192,
- AES_CTR_256,
- AES_CFB_128,
- AES_CFB_192,
- AES_CFB_256,
- RSA_OAEP_1024,
- RSA_OAEP_2048,
- RSA_OAEP_4096,
-};
-std::map<Algorithm, AlgoBasePtr> g_algorithms = {
- { AES_CBC_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 128) },
- { AES_CBC_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 192) },
- { AES_CBC_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 256) },
- { AES_GCM_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 128) },
- { AES_GCM_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 192) },
- { AES_GCM_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 256) },
- { AES_CTR_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 128) },
- { AES_CTR_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 192) },
- { AES_CTR_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 256) },
- { AES_CFB_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 128) },
- { AES_CFB_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 192) },
- { AES_CFB_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 256) },
- { RSA_OAEP_1024, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 1024) },
- { RSA_OAEP_2048, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 2048) },
- { RSA_OAEP_4096, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 4096) },
-};
+ void generateSymmetricKeys(size_t bitLen)
+ {
+ for (int i = 0; i < KEY_IDX_MAX; i++)
+ {
+ Policy p(Password(), false, m_backend);
+ if (i == PASSWORD_PROTECTED)
+ p.password.assign(PASSWORD);
+
+ std::string alias = std::string("skey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
+ int ret = m_manager->createKeyAES(bitLen, alias, p);
+ if (ret != CKM_API_SUCCESS)
+ RUNNER_ERROR_MSG("AES key creation failed");
+
+ g_symKeys[bitLen].push_back(alias);
+ }
+ }
-void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer)
-{
- int ret = ckmc_param_list_set_buffer(params.get(), name, buffer);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
- "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
-}
+ void generateRsaKeys(size_t bitLen)
+ {
+ for (int i = 0; i < KEY_IDX_MAX; i++)
+ {
+ Policy prvPolicy(Password(), false, m_backend);
+ Policy pubPolicy(Password(), true, m_backend);
+ if (i == PASSWORD_PROTECTED) {
+ prvPolicy.password.assign(PASSWORD);
+ pubPolicy.password.assign(PASSWORD);
+ }
+
+ KeyAliasPair alias;
+ alias.prv = std::string("akey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
+ alias.pub = std::string("pub") + alias.prv;
+ int ret = m_manager->createKeyPairRSA(bitLen, alias.prv, alias.pub, prvPolicy, pubPolicy);
+ if (ret != CKM_API_SUCCESS)
+ RUNNER_ERROR_MSG("RSA key creation failed");
+
+ g_asymKeys[bitLen].push_back(alias);
+ }
+ }
-void setParam(ParamListPtr& params, ckmc_param_name_e name, int integer)
-{
- int ret = ckmc_param_list_set_integer(params.get(), name, integer);
- RUNNER_ASSERT_MSG(ret == CKMC_ERROR_NONE,
- "Failed to set param " << name << " error: " << CKMCErrorToString(ret));
-}
+ void Finish() override
+ {
+ for (const auto &entry : g_asymKeys) {
+ for (const auto &keyPair : entry.second) {
+ m_manager->removeAlias(keyPair.prv);
+ m_manager->removeAlias(keyPair.pub);
+ }
+ }
+
+ for (const auto &entry : g_symKeys) {
+ for (const auto &key : entry.second) {
+ m_manager->removeAlias(key);
+ }
+ }
+
+ BIG_DATA.reset();
+ PLAIN_DATA.reset();
+ ckmc_buffer_free(AAD64);
+ ckmc_buffer_free(AAD32);
+ ckmc_buffer_free(IV128);
+ ckmc_buffer_free(IV17);
+ ckmc_buffer_free(IV15);
+ ckmc_buffer_free(IV12);
+ ckmc_buffer_free(IV11);
+ ckmc_buffer_free(IV1);
+ ckmc_buffer_free(DEFAULT_IV);
+
+ int ret = ckmc_lock_user_key(UID);
+ if (ret != CKMC_ERROR_NONE)
+ RUNNER_ERROR_MSG("DB lock failed: " << CKMCErrorToString(ret));
+ remove_user_data(UID);
+ }
+private:
+ ManagerShPtr m_manager;
+ PolicyBackend m_backend;
+};
struct EncryptionResult
{
Alias pubKey;
};
-EncryptionResult encrypt(const AlgoBasePtr& algo,
+EncryptionResult encrypt(const Algo& algo,
const RawBufferPtr& plain,
const char* pass = nullptr)
{
EncryptionResult ret;
ckmc_raw_buffer_s* encrypted = nullptr;
- KeyAliasPair aliases = algo->keyGen(pass);
+ KeyAliasPair aliases = getKey(algo, pass == nullptr ? PRIMARY : PASSWORD_PROTECTED);
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ret.params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+ setParam(ret.params, CKMC_PARAM_ED_IV, DEFAULT_IV);
assert_crypto_positive(apiEncrypt,
ret.params.get(),
return ret;
}
-void testAllAlgorithms(
- const std::function<void(const AlgoBasePtr& algo)>& test)
-{
- for(const auto& it : g_algorithms)
- test(it.second);
+void testAllAlgorithms(const std::function<void(const Algo& algo)>& test)
+{
+ test( { CKMC_ALGO_AES_CBC, 128 });
+ test( { CKMC_ALGO_AES_CBC, 192 });
+ test( { CKMC_ALGO_AES_CBC, 256 });
+ test( { CKMC_ALGO_AES_GCM, 128 });
+ test( { CKMC_ALGO_AES_GCM, 192 });
+ test( { CKMC_ALGO_AES_GCM, 256 });
+ test( { CKMC_ALGO_AES_CTR, 128 });
+ test( { CKMC_ALGO_AES_CTR, 192 });
+ test( { CKMC_ALGO_AES_CTR, 256 });
+ test( { CKMC_ALGO_AES_CFB, 128 });
+ test( { CKMC_ALGO_AES_CFB, 192 });
+ test( { CKMC_ALGO_AES_CFB, 256 });
+
+ if (!g_api->symmetricOnly()) {
+ test( { CKMC_ALGO_RSA_OAEP, 1024 });
+ test( { CKMC_ALGO_RSA_OAEP, 2048 });
+ test( { CKMC_ALGO_RSA_OAEP, 4096 });
+ }
}
-void testNoIvEnc(Algorithm type)
+void testNoIvEnc(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* encrypted = nullptr;
// add key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// param list with algo type only
ParamListPtr params = createParamListPtr();
- setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
+ setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type);
assert_crypto_invalid_param(apiEncrypt,
params.get(),
aliases.pub.c_str(),
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
&encrypted);
}
-void testNoIvDec(Algorithm type)
+void testNoIvDec(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// encrypt;
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
// param list with algo type only
ParamListPtr params = createParamListPtr();
- setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
+ setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type);
assert_crypto_invalid_param(apiDecrypt,
params.get(),
ret.prvKey.c_str(),
&decrypted);
}
-void testInvalidIvEnc(Algorithm type)
+void testInvalidIvEnc(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* encryptedTmp = nullptr;
// add key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// setup params
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
// invalid encryption
params.get(),
aliases.pub.c_str(),
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
&encryptedTmp);
ckmc_buffer_free(encryptedTmp);
encryptedTmp = nullptr;
};
// invalid iv size
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
+ setParam(params, CKMC_PARAM_ED_IV, IV15);
test();
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
+ setParam(params, CKMC_PARAM_ED_IV, IV17);
test();
};
-void testInvalidIvDec(Algorithm type)
+void testInvalidIvDec(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// valid encryption
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
// decryption
auto test2 = [&](){
};
// invalid iv size
- setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
+ setParam(ret.params, CKMC_PARAM_ED_IV, IV15);
test2();
- setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
+ setParam(ret.params, CKMC_PARAM_ED_IV, IV17);
test2();
};
-void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name)
+void encryptionWithCustomData(const Algo& algo, ckmc_param_name_e name)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* encrypted = nullptr;
ckmc_raw_buffer_s* decrypted = nullptr;
// add key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// setup params
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
// set AAD
- setParam(params, name, createRandomBufferCAPI(64));
+ setParam(params, name, AAD64);
// encrypt
assert_crypto_positive(apiEncrypt,
params.get(),
aliases.pub.c_str(),
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
&encrypted);
RawBufferPtr tmpEnc = create_raw_buffer(encrypted);
RawBufferPtr tmpDec = create_raw_buffer(decrypted);
// check
- assert_buffers_equal(*plain.get(), *tmpDec.get());
+ assert_buffers_equal(PLAIN_DATA.get(), tmpDec.get());
tmpDec.reset();
decrypted = nullptr;
// set wrong AAD
- setParam(params, name, createRandomBufferCAPI(32));
+ setParam(params, name, AAD32);
// decrypt
- assert_crypto_result(EncryptionError::SERVER_ERROR,
+ assert_crypto_result(EncryptionError::INVALID_PARAM,
apiDecrypt,
params.get(),
aliases.prv.c_str(),
&decrypted);
}
-void testGcmIvSize(size_t size,
+void testGcmIvSize(ckmc_raw_buffer_s* iv,
const KeyAliasPair& aliases,
EncryptionError error = EncryptionError::SUCCESS)
{
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
RawBufferPtr encrypted;
RawBufferPtr decrypted;
ckmc_raw_buffer_s* encryptedTmp = nullptr;
ckmc_param_list_h handle = NULL;
assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(size));
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
+ setParam(params, CKMC_PARAM_ED_IV, iv);
// encryption
assert_crypto_result(error,
params.get(),
aliases.pub.c_str(),
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
&encryptedTmp);
if(error != EncryptionError::SUCCESS)
&decryptedTmp);
decrypted = create_raw_buffer(decryptedTmp);
- assert_buffers_equal(*plain.get(), *decrypted.get());
+ assert_buffers_equal(PLAIN_DATA.get(), decrypted.get());
}
-void testIntegrity(Algorithm type)
+void testIntegrity(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// encrypt
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
// break the encrypted data
ret.encrypted->data[BUF_LEN/2]++;
&decrypted);
RawBufferPtr tmp = create_raw_buffer(decrypted);
- assert_buffers_equal(*plain.get(), *decrypted, false);
+ assert_buffers_equal(PLAIN_DATA.get(), decrypted, false);
}
-void testCtrEncryptionInvalidLength(Algorithm type)
+void testCtrEncryptionInvalidLength(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* encryptedTmp = nullptr;
// add AES CTR key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// setup params
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
// encryption
auto test = [&](){
params.get(),
aliases.pub.c_str(),
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
&encryptedTmp);
ckmc_buffer_free(encryptedTmp);
encryptedTmp = nullptr;
};
// invalid counter size
- setParam(params, CKMC_PARAM_ED_CTR_LEN, -1);
- test();
- setParam(params, CKMC_PARAM_ED_CTR_LEN, 0);
+ setParam(params, CKMC_PARAM_ED_CTR_LEN, 0ULL);
test();
setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
test();
}
-void testCtrEncryptionValidLength(Algorithm type)
+void testCtrEncryptionValidLength(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* encryptedTmp = nullptr;
// add AES CTR key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// setup params
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
// encryption
auto test = [&](){
params.get(),
aliases.pub.c_str(),
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
&encryptedTmp);
ckmc_buffer_free(encryptedTmp);
encryptedTmp = nullptr;
test();
}
-void testCtrDecryptionInvalidLength(Algorithm type)
+void testCtrDecryptionInvalidLength(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// add AES CTR key & encrypt
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
// decryption
auto test = [&](){
decrypted = nullptr;
};
// invalid counter size
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, -1);
- test();
- setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0);
+ setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0ULL);
test();
setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
test();
}
-void testCtrDecryptionValidLength(Algorithm type)
+void testCtrDecryptionValidLength(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// add AES CTR key & encrypt
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
// decryption
auto test = [&](){
&decrypted);
ckmc_buffer_free(decrypted);
RawBufferPtr tmp = create_raw_buffer(decrypted);
- assert_buffers_equal(*plain.get(), *decrypted);
+ assert_buffers_equal(PLAIN_DATA.get(), decrypted);
};
// invalid counter size
setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1);
test();
}
-void testGcmEncryptionTagLen(Algorithm type)
+void testGcmEncryptionTagLen(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* encryptedTmp = nullptr;
// add AES GCM key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// setup params
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
std::vector<TagTest> testData = {
// illegal tag lengths
{ 116, EncryptionError::INVALID_PARAM },
{ 124, EncryptionError::INVALID_PARAM },
{ 256, EncryptionError::INVALID_PARAM },
+#ifdef TZ_BACKEND
+ { 32, EncryptionError::INVALID_PARAM },
+ { 64, EncryptionError::INVALID_PARAM },
+ // legal tag lengths
+#else
// legal tag lengths
{ 32, EncryptionError::SUCCESS },
{ 64, EncryptionError::SUCCESS },
+#endif
+
{ 96, EncryptionError::SUCCESS },
{ 104, EncryptionError::SUCCESS },
{ 112, EncryptionError::SUCCESS },
params.get(),
aliases.pub.c_str(),
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
&encryptedTmp);
ckmc_buffer_free(encryptedTmp);
encryptedTmp = nullptr;
}
}
-void testGcmDecryptionTagLen(Algorithm type)
+void testGcmDecryptionTagLen(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// add AES GCM key & encrypt
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
std::vector<TagTest> testData = {
// illegal tag lengths
{ 116, EncryptionError::INVALID_PARAM },
{ 124, EncryptionError::INVALID_PARAM },
{ 256, EncryptionError::INVALID_PARAM },
- // legal tag lengths (EVP_CipherFinal fails but we can't get the error code)
- { 32, EncryptionError::SERVER_ERROR },
- { 64, EncryptionError::SERVER_ERROR },
- { 96, EncryptionError::SERVER_ERROR },
- { 104, EncryptionError::SERVER_ERROR },
- { 112, EncryptionError::SERVER_ERROR },
- { 120, EncryptionError::SERVER_ERROR },
+ // legal tag lengths but different than the one used for encryption
+ { 32, EncryptionError::INVALID_PARAM },
+ { 64, EncryptionError::INVALID_PARAM },
+ { 96, EncryptionError::INVALID_PARAM },
+ { 104, EncryptionError::INVALID_PARAM },
+ { 112, EncryptionError::INVALID_PARAM },
+ { 120, EncryptionError::INVALID_PARAM },
// legal tag length that was actually used for encryption (default)
{ 128, EncryptionError::SUCCESS },
};
}
}
-void testGcmWrongTag(Algorithm type)
+void testGcmWrongTag(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// encrypt with AES GCM
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
// modify tag (last 16B of encrypted message)
ret.encrypted->data[ret.encrypted->size-1]++;
- // EVP_CipherFinal fails but we can't get error code
- assert_crypto_result(EncryptionError::SERVER_ERROR,
+ // EVP_CipherFinal fails because of an authentication error
+ assert_crypto_result(EncryptionError::INVALID_PARAM,
apiDecrypt,
ret.params.get(),
ret.prvKey.c_str(),
&decrypted);
}
-void testGcmDifferentIvSizes(Algorithm type)
+void testGcmDifferentIvSizes(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// add AES GCM key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
- testGcmIvSize(11, aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest
- testGcmIvSize(12, aliases);
- testGcmIvSize(17, aliases);
- testGcmIvSize(128, aliases);
+ testGcmIvSize(IV1, aliases);
+ testGcmIvSize(IV11, aliases);
+ testGcmIvSize(IV12, aliases);
+ testGcmIvSize(IV17, aliases);
+ testGcmIvSize(IV128, aliases);
}
-void testEncryptDecryptBigData(Algorithm type)
+void testEncryptDecryptBigData(const Algo& algo)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
-
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(5000000));
ckmc_raw_buffer_s* decrypted = nullptr;
// encrypt
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, BIG_DATA);
assert_positive(apiDecrypt,
ret.params.get(),
&decrypted);
RawBufferPtr tmp = create_raw_buffer(decrypted);
- assert_buffers_equal(*plain.get(), *decrypted);
+ assert_buffers_equal(BIG_DATA.get(), decrypted);
}
-void testEncryptDecryptDifferentKeys(Algorithm type, bool success)
+void testEncryptDecryptDifferentKeys(const Algo& algo, bool success)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// encrypt
- auto ret = encrypt(algo, plain);
-
- // add different key
- KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong");
+ auto ret = encrypt(algo, PLAIN_DATA);
+ // get different keys
+ KeyAliasPair differentKeys = getKey(algo, PASSWORD_PROTECTED);
if (success) {
// some algorithms don't verify key validity
assert_crypto_positive(apiDecrypt,
ret.params.get(),
differentKeys.prv.c_str(),
- nullptr,
+ PASSWORD,
*ret.encrypted.get(),
&decrypted);
RawBufferPtr tmp = create_raw_buffer(decrypted);
- assert_buffers_equal(*plain.get(), *decrypted, false);
+ assert_buffers_equal(PLAIN_DATA.get(), decrypted, false);
} else {
- // different key should not be accepted
- assert_crypto_result(EncryptionError::SERVER_ERROR,
+ assert_crypto_result(EncryptionError::INVALID_PARAM,
apiDecrypt,
ret.params.get(),
differentKeys.prv.c_str(),
- nullptr,
+ PASSWORD,
*ret.encrypted.get(),
&decrypted);
}
-
- // Cleanup before testing next algorithm. Ignore results because not all keys are present
- ckmc_remove_alias(ret.prvKey.c_str());
- ckmc_remove_alias(ret.pubKey.c_str());
- ckmc_remove_alias(differentKeys.prv.c_str());
- ckmc_remove_alias(differentKeys.pub.c_str());
}
-void testRsaLongestData(Algorithm type, size_t dataSize)
+void testRsaLongestData(const Algo& algo, size_t dataSize)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
// prepare buffers
RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
ckmc_raw_buffer_s* decrypted = nullptr;
&decrypted);
RawBufferPtr tmp = create_raw_buffer(decrypted);
- assert_buffers_equal(*plain.get(), *decrypted);
+ assert_buffers_equal(plain.get(), decrypted);
}
-void testRsaDataTooLong(Algorithm type, size_t dataSize)
+void testRsaDataTooLong(const Algo& algo, size_t dataSize)
{
- const AlgoBasePtr& algo = g_algorithms.at(type);
// prepare buffers
RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
// encrypt
EncryptionResult ret;
ckmc_raw_buffer_s* encrypted = nullptr;
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ret.params = ParamListPtr(handle, ckmc_param_list_free);
- assert_crypto_result(EncryptionError::SERVER_ERROR,
+ assert_crypto_result(EncryptionError::INVALID_PARAM,
apiEncrypt,
ret.params.get(),
aliases.pub.c_str(),
&encrypted);
}
-} // namespace anonymous
+std::pair<Alias, ParamListPtr> defaultGcmCipherSetup()
+{
+ Algo algo = {CKMC_ALGO_AES_GCM, 256};
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
+ ckmc_param_list_h handle = NULL;
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
+ auto params = ParamListPtr(handle, ckmc_param_list_free);
+ setParam(params, CKMC_PARAM_ED_IV, IV12);
+
+ return std::make_pair(aliases.prv, params);
+}
+
+} // namespace anonymous
-RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION);
+RUNNER_TEST_GROUP_INIT_ENV(CKM_ENCRYPTION_DECRYPTION, EncGroupFixture);
/////////////////////////////////////////
// Generic encryption decryption tests
/////////////////////////////////////////
-RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv, CipherEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* encrypted = nullptr;
// add key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// null param list
assert_crypto_invalid_param(apiEncrypt,
nullptr,
aliases.pub.c_str(),
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
&encrypted);
// empty param list
params.get(),
aliases.pub.c_str(),
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
&encrypted);
});
}
-RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv, CipherEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* encrypted = nullptr;
// setup params
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
apiEncrypt,
params.get(),
"non-existing-key-alias",
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
&encrypted);
});
}
RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
ckmc_raw_buffer_s plain = { nullptr, 0 };
ckmc_raw_buffer_s* encrypted = nullptr;
// add key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// setup params
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
assert_crypto_invalid_param(apiEncrypt,
params.get(),
RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s** encrypted = nullptr;
// add key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// setup params
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
assert_crypto_invalid_param(apiEncrypt,
params.get(),
aliases.pub.c_str(),
nullptr,
- *plain.get(),
+ *PLAIN_DATA.get(),
encrypted);
});
}
-RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv, CipherEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// encrypt;
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
// null param list
assert_crypto_invalid_param(apiDecrypt,
});
}
-RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv, CipherEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// encrypt
- auto ret = encrypt(algo, plain);
-
- // remove key
- assert_positive(ckmc_remove_alias, ret.prvKey.c_str());
+ auto ret = encrypt(algo, PLAIN_DATA);
// try to decrypt
assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
apiDecrypt,
ret.params.get(),
- ret.prvKey.c_str(),
+ "non-existent-key",
nullptr,
*ret.encrypted.get(),
&decrypted);
RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
ckmc_raw_buffer_s encrypted = { nullptr, 0 };
ckmc_raw_buffer_s* decrypted = nullptr;
// add key
- KeyAliasPair aliases = algo->keyGen();
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// setup params
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
assert_crypto_invalid_param(apiDecrypt,
params.get(),
RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s** decrypted = nullptr;
// encrypt
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
assert_crypto_invalid_param(apiDecrypt,
ret.params.get(),
});
}
-RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptDifferentKeys(AES_CBC_128, false);
- testEncryptDecryptDifferentKeys(AES_CBC_192, false);
- testEncryptDecryptDifferentKeys(AES_CBC_256, false);
- testEncryptDecryptDifferentKeys(AES_GCM_128, false);
- testEncryptDecryptDifferentKeys(AES_GCM_192, false);
- testEncryptDecryptDifferentKeys(AES_GCM_256, false);
- testEncryptDecryptDifferentKeys(AES_CTR_128, true);
- testEncryptDecryptDifferentKeys(AES_CTR_192, true);
- testEncryptDecryptDifferentKeys(AES_CTR_256, true);
- testEncryptDecryptDifferentKeys(AES_CFB_128, true);
- testEncryptDecryptDifferentKeys(AES_CFB_192, true);
- testEncryptDecryptDifferentKeys(AES_CFB_256, true);
- testEncryptDecryptDifferentKeys(RSA_OAEP_1024, false);
- testEncryptDecryptDifferentKeys(RSA_OAEP_2048, false);
- testEncryptDecryptDifferentKeys(RSA_OAEP_4096, false);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 128}, false);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 192}, false);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 256}, false);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 128}, true);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 192}, true);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 256}, true);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 128}, true);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 192}, true);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 256}, true);
+
+ if (!g_api->symmetricOnly()) {
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 1024}, false);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 2048}, false);
+ testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 4096}, false);
+ }
}
-RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv, CipherEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// encrypt
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
assert_crypto_positive(apiDecrypt,
ret.params.get(),
&decrypted);
RawBufferPtr tmp = create_raw_buffer(decrypted);
- assert_buffers_equal(*plain.get(), *decrypted);
+ assert_buffers_equal(PLAIN_DATA.get(), decrypted);
});
}
-RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv, CipherEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
ckmc_raw_buffer_s* decrypted = nullptr;
// encrypt
- auto ret = encrypt(algo, plain, PASSWORD);
+ auto ret = encrypt(algo, PLAIN_DATA, PASSWORD);
// wrong password
assert_crypto_result(EncryptionError::AUTH_FAILED,
&decrypted);
RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion
- assert_buffers_equal(*plain.get(), *decrypted);
+ assert_buffers_equal(PLAIN_DATA.get(), decrypted);
});
}
// long test split into smaller ones
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_128, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_128, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_CBC_128);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 128});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_192, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_192, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_CBC_192);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 192});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_256, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_256, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_CBC_256);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 256});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_128, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_128, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_GCM_128);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 128});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_192, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_192, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_GCM_192);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 192});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_256, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_256, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_GCM_256);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 256});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_128, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_128, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_CTR_128);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 128});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_192, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_192, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_CTR_192);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 192});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_256, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_256, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_CTR_256);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 256});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_128, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_128, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_CFB_128);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 128});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_192, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_192, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_CFB_192);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 192});
}
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_256, SyncEnv, AsyncEnv, CipherEnv)
{
- testEncryptDecryptBigData(AES_CFB_256);
+ testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 256});
}
/////////////////////////////////////////
// Algorithm specific tests
/////////////////////////////////////////
-RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv, CipherEnv)
{
- testNoIvEnc(AES_CTR_128);
- testNoIvEnc(AES_CTR_192);
- testNoIvEnc(AES_CTR_256);
- testNoIvEnc(AES_CBC_128);
- testNoIvEnc(AES_CBC_192);
- testNoIvEnc(AES_CBC_256);
- testNoIvEnc(AES_CFB_128);
- testNoIvEnc(AES_CFB_192);
- testNoIvEnc(AES_CFB_256);
- testNoIvEnc(AES_GCM_128);
- testNoIvEnc(AES_GCM_192);
- testNoIvEnc(AES_GCM_256);
+ testNoIvEnc({CKMC_ALGO_AES_CTR, 128});
+ testNoIvEnc({CKMC_ALGO_AES_CTR, 192});
+ testNoIvEnc({CKMC_ALGO_AES_CTR, 256});
+ testNoIvEnc({CKMC_ALGO_AES_CBC, 128});
+ testNoIvEnc({CKMC_ALGO_AES_CBC, 192});
+ testNoIvEnc({CKMC_ALGO_AES_CBC, 256});
+ testNoIvEnc({CKMC_ALGO_AES_CFB, 128});
+ testNoIvEnc({CKMC_ALGO_AES_CFB, 192});
+ testNoIvEnc({CKMC_ALGO_AES_CFB, 256});
+ testNoIvEnc({CKMC_ALGO_AES_GCM, 128});
+ testNoIvEnc({CKMC_ALGO_AES_GCM, 192});
+ testNoIvEnc({CKMC_ALGO_AES_GCM, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv, CipherEnv)
{
- testInvalidIvEnc(AES_CTR_128);
- testInvalidIvEnc(AES_CTR_192);
- testInvalidIvEnc(AES_CTR_256);
- testInvalidIvEnc(AES_CBC_128);
- testInvalidIvEnc(AES_CBC_192);
- testInvalidIvEnc(AES_CBC_256);
- testInvalidIvEnc(AES_CFB_128);
- testInvalidIvEnc(AES_CFB_192);
- testInvalidIvEnc(AES_CFB_256);
+ testInvalidIvEnc({CKMC_ALGO_AES_CTR, 128});
+ testInvalidIvEnc({CKMC_ALGO_AES_CTR, 192});
+ testInvalidIvEnc({CKMC_ALGO_AES_CTR, 256});
+ testInvalidIvEnc({CKMC_ALGO_AES_CBC, 128});
+ testInvalidIvEnc({CKMC_ALGO_AES_CBC, 192});
+ testInvalidIvEnc({CKMC_ALGO_AES_CBC, 256});
+ testInvalidIvEnc({CKMC_ALGO_AES_CFB, 128});
+ testInvalidIvEnc({CKMC_ALGO_AES_CFB, 192});
+ testInvalidIvEnc({CKMC_ALGO_AES_CFB, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv, CipherEnv)
{
- testNoIvDec(AES_CTR_128);
- testNoIvDec(AES_CTR_192);
- testNoIvDec(AES_CTR_256);
- testNoIvDec(AES_CBC_128);
- testNoIvDec(AES_CBC_192);
- testNoIvDec(AES_CBC_256);
- testNoIvDec(AES_CFB_128);
- testNoIvDec(AES_CFB_192);
- testNoIvDec(AES_CFB_256);
- testNoIvDec(AES_GCM_128);
- testNoIvDec(AES_GCM_192);
- testNoIvDec(AES_GCM_256);
+ testNoIvDec({CKMC_ALGO_AES_CTR, 128});
+ testNoIvDec({CKMC_ALGO_AES_CTR, 192});
+ testNoIvDec({CKMC_ALGO_AES_CTR, 256});
+ testNoIvDec({CKMC_ALGO_AES_CBC, 128});
+ testNoIvDec({CKMC_ALGO_AES_CBC, 192});
+ testNoIvDec({CKMC_ALGO_AES_CBC, 256});
+ testNoIvDec({CKMC_ALGO_AES_CFB, 128});
+ testNoIvDec({CKMC_ALGO_AES_CFB, 192});
+ testNoIvDec({CKMC_ALGO_AES_CFB, 256});
+ testNoIvDec({CKMC_ALGO_AES_GCM, 128});
+ testNoIvDec({CKMC_ALGO_AES_GCM, 192});
+ testNoIvDec({CKMC_ALGO_AES_GCM, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv, CipherEnv)
{
- testInvalidIvDec(AES_CTR_128);
- testInvalidIvDec(AES_CTR_192);
- testInvalidIvDec(AES_CTR_256);
- testInvalidIvDec(AES_CBC_128);
- testInvalidIvDec(AES_CBC_192);
- testInvalidIvDec(AES_CBC_256);
- testInvalidIvDec(AES_CFB_128);
- testInvalidIvDec(AES_CFB_192);
- testInvalidIvDec(AES_CFB_256);
+ testInvalidIvDec({CKMC_ALGO_AES_CTR, 128});
+ testInvalidIvDec({CKMC_ALGO_AES_CTR, 192});
+ testInvalidIvDec({CKMC_ALGO_AES_CTR, 256});
+ testInvalidIvDec({CKMC_ALGO_AES_CBC, 128});
+ testInvalidIvDec({CKMC_ALGO_AES_CBC, 192});
+ testInvalidIvDec({CKMC_ALGO_AES_CBC, 256});
+ testInvalidIvDec({CKMC_ALGO_AES_CFB, 128});
+ testInvalidIvDec({CKMC_ALGO_AES_CFB, 192});
+ testInvalidIvDec({CKMC_ALGO_AES_CFB, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv, CipherEnv)
{
- testIntegrity(AES_CTR_128);
- testIntegrity(AES_CTR_192);
- testIntegrity(AES_CTR_256);
- testIntegrity(AES_CBC_128);
- testIntegrity(AES_CBC_192);
- testIntegrity(AES_CBC_256);
- testIntegrity(AES_CFB_128);
- testIntegrity(AES_CFB_192);
- testIntegrity(AES_CFB_256);
+ testIntegrity({CKMC_ALGO_AES_CTR, 128});
+ testIntegrity({CKMC_ALGO_AES_CTR, 192});
+ testIntegrity({CKMC_ALGO_AES_CTR, 256});
+ testIntegrity({CKMC_ALGO_AES_CBC, 128});
+ testIntegrity({CKMC_ALGO_AES_CBC, 192});
+ testIntegrity({CKMC_ALGO_AES_CBC, 256});
+ testIntegrity({CKMC_ALGO_AES_CFB, 128});
+ testIntegrity({CKMC_ALGO_AES_CFB, 192});
+ testIntegrity({CKMC_ALGO_AES_CFB, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv, CipherEnv)
{
- testCtrEncryptionInvalidLength(AES_CTR_128);
- testCtrEncryptionInvalidLength(AES_CTR_192);
- testCtrEncryptionInvalidLength(AES_CTR_256);
+ testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 128});
+ testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 192});
+ testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv, CipherEnv)
{
RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
- testCtrEncryptionValidLength(AES_CTR_128);
- testCtrEncryptionValidLength(AES_CTR_192);
- testCtrEncryptionValidLength(AES_CTR_256);
+ testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 128});
+ testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 192});
+ testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv, CipherEnv)
{
- testCtrDecryptionInvalidLength(AES_CTR_128);
- testCtrDecryptionInvalidLength(AES_CTR_192);
- testCtrDecryptionInvalidLength(AES_CTR_256);
+ testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 128});
+ testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 192});
+ testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv, CipherEnv)
{
RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
- testCtrDecryptionValidLength(AES_CTR_128);
- testCtrDecryptionValidLength(AES_CTR_192);
- testCtrDecryptionValidLength(AES_CTR_256);
+ testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 128});
+ testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 192});
+ testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv, CipherEnv)
{
- testGcmEncryptionTagLen(AES_GCM_128);
- testGcmEncryptionTagLen(AES_GCM_192);
- testGcmEncryptionTagLen(AES_GCM_256);
+ testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 128});
+ testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 192});
+ testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv, CipherEnv)
{
- testGcmDecryptionTagLen(AES_GCM_128);
- testGcmDecryptionTagLen(AES_GCM_192);
- testGcmDecryptionTagLen(AES_GCM_256);
+ testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 128});
+ testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 192});
+ testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv, CipherEnv)
{
- testGcmWrongTag(AES_GCM_128);
- testGcmWrongTag(AES_GCM_192);
- testGcmWrongTag(AES_GCM_256);
+ testGcmWrongTag({CKMC_ALGO_AES_GCM, 128});
+ testGcmWrongTag({CKMC_ALGO_AES_GCM, 192});
+ testGcmWrongTag({CKMC_ALGO_AES_GCM, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv, CipherEnv)
{
- testGcmDifferentIvSizes(AES_GCM_128);
- testGcmDifferentIvSizes(AES_GCM_192);
- testGcmDifferentIvSizes(AES_GCM_256);
+ testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 128});
+ testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 192});
+ testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 256});
}
-RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv, CipherEnv)
{
- encryptionWithCustomData(AES_GCM_128, CKMC_PARAM_ED_AAD);
- encryptionWithCustomData(AES_GCM_192, CKMC_PARAM_ED_AAD);
- encryptionWithCustomData(AES_GCM_256, CKMC_PARAM_ED_AAD);
+ encryptionWithCustomData({CKMC_ALGO_AES_GCM, 128}, CKMC_PARAM_ED_AAD);
+ encryptionWithCustomData({CKMC_ALGO_AES_GCM, 192}, CKMC_PARAM_ED_AAD);
+ encryptionWithCustomData({CKMC_ALGO_AES_GCM, 256}, CKMC_PARAM_ED_AAD);
}
RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv)
{
RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
- encryptionWithCustomData(RSA_OAEP_1024, CKMC_PARAM_ED_LABEL);
- encryptionWithCustomData(RSA_OAEP_2048, CKMC_PARAM_ED_LABEL);
- encryptionWithCustomData(RSA_OAEP_4096, CKMC_PARAM_ED_LABEL);
+ encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 1024}, CKMC_PARAM_ED_LABEL);
+ encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 2048}, CKMC_PARAM_ED_LABEL);
+ encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 4096}, CKMC_PARAM_ED_LABEL);
}
RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv)
{
- testRsaLongestData(RSA_OAEP_1024, 86);
- testRsaLongestData(RSA_OAEP_2048, 214);
- testRsaLongestData(RSA_OAEP_4096, 470);
+ testRsaLongestData({CKMC_ALGO_RSA_OAEP, 1024}, 86);
+ testRsaLongestData({CKMC_ALGO_RSA_OAEP, 2048}, 214);
+ testRsaLongestData({CKMC_ALGO_RSA_OAEP, 4096}, 470);
}
RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv)
{
- testRsaDataTooLong(RSA_OAEP_1024, 87);
- testRsaDataTooLong(RSA_OAEP_2048, 215);
- testRsaDataTooLong(RSA_OAEP_4096, 471);
+ testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 1024}, 87);
+ testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 2048}, 215);
+ testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 4096}, 471);
}
/////////////////////////////////////////
// Asynchronous only tests
/////////////////////////////////////////
-RUNNER_TEST(TED_2000_enc_no_observer_async, EncEnv)
+RUNNER_TEST(TED_2000_enc_no_observer_async, AsyncEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
+ testAllAlgorithms([](const Algo& algo){
// prepare buffers
RawBuffer plain = createRandomBuffer(BUF_LEN);
// keys
- KeyAliasPair aliases = algo->keyGen(nullptr);
+ KeyAliasPair aliases = getKey(algo, PRIMARY);
// params
ckmc_param_list_h handle = NULL;
- assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+ assert_positive(ckmc_generate_new_params, algo.type, &handle);
ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
- setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+ setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
// encrypt
test_no_observer(&ManagerAsync::encrypt,
RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv)
{
- testAllAlgorithms([](const AlgoBasePtr& algo){
- // prepare buffers
- RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
-
+ testAllAlgorithms([](const Algo& algo){
// encrypt
- auto ret = encrypt(algo, plain);
+ auto ret = encrypt(algo, PLAIN_DATA);
RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size);
// decrypt
encrypted);
});
}
+
+/////////////////////////////////////////
+// Mulithreaded test for synchronous API
+/////////////////////////////////////////
+RUNNER_TEST_MULTIPLE(TED_3000_multiple_threads, SyncEnv, CipherEnv)
+{
+ std::vector<std::thread> threads;
+ threads.reserve(10);
+ for(unsigned i = 0; i < 10;++i)
+ threads.emplace_back([]{ testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 256}); });
+ for (auto& thread : threads)
+ thread.join();
+}
+
+/////////////////////////////////////////
+// Cipher API only
+/////////////////////////////////////////
+RUNNER_TEST(TED_4000_cipher_missing_arguments)
+{
+ ckmc_raw_buffer_s* encrypted = nullptr;
+
+ auto [alias, params] = defaultGcmCipherSetup();
+
+ ckmc_cipher_ctx_h ctx = nullptr;
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
+ auto ctxPtr = create_cipher_ctx(ctx);
+
+ // no AAD
+ assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
+
+ // missing arguments
+ assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, nullptr);
+ assert_invalid_param(ckmc_cipher_update, nullptr, *PLAIN_DATA.get(), &encrypted);
+ assert_invalid_param(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), nullptr);
+ assert_invalid_param(ckmc_cipher_finalize, nullptr, nullptr, &encrypted);
+ assert_invalid_param(ckmc_cipher_finalize, nullptr, nullptr, nullptr);
+}
+
+RUNNER_TEST(TED_4010_cipher_reinitialize_without_aad)
+{
+ auto [alias, params] = defaultGcmCipherSetup();
+
+ ckmc_cipher_ctx_h ctx = nullptr;
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
+ auto ctxPtr = create_cipher_ctx(ctx);
+
+ // no AAD
+ assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
+}
+
+RUNNER_TEST(TED_4020_cipher_tag_during_encryption)
+{
+ ckmc_raw_buffer_s* encrypted = nullptr;
+
+ auto [alias, params] = defaultGcmCipherSetup();
+
+ ckmc_cipher_ctx_h ctx = nullptr;
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
+ auto ctxPtr = create_cipher_ctx(ctx);
+
+ // tag input during encryption
+ assert_invalid_param(ckmc_cipher_finalize, ctx, PLAIN_DATA.get(), &encrypted);
+}
+
+RUNNER_TEST(TED_4030_cipher_wrong_order)
+{
+ ckmc_raw_buffer_s* encrypted = nullptr;
+
+ auto [alias, params] = defaultGcmCipherSetup();
+
+ ckmc_cipher_ctx_h ctx = nullptr;
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
+ auto ctxPtr = create_cipher_ctx(ctx);
+
+ assert_positive(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), &encrypted);
+ ckmc_buffer_free(encrypted);
+
+ // initialize after update
+ setParam(params, CKMC_PARAM_ED_AAD, AAD32);
+ assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, nullptr);
+
+ assert_positive(ckmc_cipher_finalize, ctx, nullptr, &encrypted);
+ ckmc_buffer_free(encrypted);
+
+ // initialize after finalize
+ assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, nullptr);
+
+ // update after finalize
+ assert_invalid_param(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), &encrypted);
+}
+
+RUNNER_TEST(TED_4040_cipher_gcm_aad_and_tag)
+{
+ ckmc_raw_buffer_s* encrypted = nullptr;
+
+ auto [alias, params] = defaultGcmCipherSetup();
+ setParam(params, CKMC_PARAM_ED_AAD, AAD32);
+
+ ckmc_cipher_ctx_h ctx = nullptr;
+
+ // encrypt
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
+ auto ctxPtr = create_cipher_ctx(ctx);
+
+ // 2 more AAD chunks
+ setParam(params, CKMC_PARAM_ED_AAD, AAD64);
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
+ setParam(params, CKMC_PARAM_ED_AAD, AAD32);
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
+
+ ckmc_raw_buffer_s* tag = nullptr;
+
+ assert_positive(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), &encrypted);
+ auto encryptedPtr = create_raw_buffer(encrypted);
+ assert_positive(ckmc_cipher_finalize, ctx, nullptr, &tag);
+
+ ctxPtr.reset();
+ ctx = nullptr;
+
+ ckmc_raw_buffer_s* decrypted = nullptr;
+ ckmc_raw_buffer_s* empty = nullptr;
+
+ // decrypt with invalid AAD
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
+ ctxPtr = create_cipher_ctx(ctx);
+
+ assert_positive(ckmc_cipher_update, ctx, *encrypted, &decrypted);
+ ckmc_buffer_free(decrypted);
+ assert_invalid_param(ckmc_cipher_finalize, ctx, tag, &empty);
+
+ ctxPtr.reset();
+ ctx = nullptr;
+
+ // decrypt without TAG
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
+ ctxPtr = create_cipher_ctx(ctx);
+ setParam(params, CKMC_PARAM_ED_AAD, AAD64);
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
+ setParam(params, CKMC_PARAM_ED_AAD, AAD32);
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
+
+ assert_positive(ckmc_cipher_update, ctx, *encrypted, &decrypted);
+ ckmc_buffer_free(decrypted);
+ assert_invalid_param(ckmc_cipher_finalize, ctx, nullptr, &empty);
+
+ ctxPtr.reset();
+ ctx = nullptr;
+
+ // correct decrypt
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
+ ctxPtr = create_cipher_ctx(ctx);
+ setParam(params, CKMC_PARAM_ED_AAD, AAD64);
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
+ setParam(params, CKMC_PARAM_ED_AAD, AAD32);
+ assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
+
+ assert_positive(ckmc_cipher_update, ctx, *encrypted, &decrypted);
+ auto decryptedPtr = create_raw_buffer(decrypted);
+ assert_positive(ckmc_cipher_finalize, ctx, tag, &empty);
+
+ RUNNER_ASSERT(empty == nullptr);
+
+ assert_buffers_equal(PLAIN_DATA.get(), decrypted);
+}