projects / platform / core / test / security-tests.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 748aede)
CKM: Disable non-GCM tests in TZ cipher API 07/295707/1
authorKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Wed, 12 Jul 2023 13:43:36 +0000 (15:43 +0200)
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Wed, 12 Jul 2023 13:45:21 +0000 (15:45 +0200)
Currently TZ backend cipher API does not support other encryption modes
beside GCM.

Change-Id: I0fad8ba60b3081af0601f07ac92f724cc88f2fc0

src/ckm/unprivileged/encryption-decryption-env.h patch | blob | history
src/ckm/unprivileged/encryption-decryption.cpp patch | blob | history

diff --git a/src/ckm/unprivileged/encryption-decryption-env.h b/src/ckm/unprivileged/encryption-decryption-env.h
index ac564f319e006e1ebf2d8b9f684396c5d1d5301e..64c221213ffbdc88572e72b52a80fa3e23a5510f 100644 (file)
--- a/src/ckm/unprivileged/encryption-decryption-env.h
+++ b/src/ckm/unprivileged/encryption-decryption-env.h
@@ -53,6 +53,7 @@ struct EncryptionApi
                                     ckmc_raw_buffer_s **ppdecrypted) = 0;
 
     virtual bool symmetricOnly() const { return false; }
+    virtual bool gcmOnly() const { return false; }
 
     virtual ~EncryptionApi() {}
 };
@@ -140,6 +141,10 @@ public:
 
     bool symmetricOnly() const override { return true; }
 
+#ifdef TZ_BACKEND
+    bool gcmOnly() const override { return true; }
+#endif
+
 private:
     int crypt(ckmc_cipher_ctx_h ctx, unsigned char *ptr, size_t left, CKM::RawBuffer& output);
     EncryptionError ckmcError2Result(int error);
diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp
index d8b98b3a0c367976da127c236d4ea06c2cd6d679..9327777bfbed60e791f46a860e740f2e8fd7bc09 100644 (file)
--- a/src/ckm/unprivileged/encryption-decryption.cpp
+++ b/src/ckm/unprivileged/encryption-decryption.cpp
@@ -344,12 +344,16 @@ EncryptionResult encrypt(const Algo& algo,
 
 void testAllAlgorithms(const std::function<void(const Algo& algo)>& test)
 {
-    test( { CKMC_ALGO_AES_CBC, 128 });
-    test( { CKMC_ALGO_AES_CBC, 192 });
-    test( { CKMC_ALGO_AES_CBC, 256 });
     test( { CKMC_ALGO_AES_GCM, 128 });
     test( { CKMC_ALGO_AES_GCM, 192 });
     test( { CKMC_ALGO_AES_GCM, 256 });
+
+    if (g_api->gcmOnly())
+        return;
+
+    test( { CKMC_ALGO_AES_CBC, 128 });
+    test( { CKMC_ALGO_AES_CBC, 192 });
+    test( { CKMC_ALGO_AES_CBC, 256 });
     test( { CKMC_ALGO_AES_CTR, 128 });
     test( { CKMC_ALGO_AES_CTR, 192 });
     test( { CKMC_ALGO_AES_CTR, 256 });
@@ -357,11 +361,12 @@ void testAllAlgorithms(const std::function<void(const Algo& algo)>& test)
     test( { CKMC_ALGO_AES_CFB, 192 });
     test( { CKMC_ALGO_AES_CFB, 256 });
 
-    if (!g_api->symmetricOnly()) {
-        test( { CKMC_ALGO_RSA_OAEP, 1024 });
-        test( { CKMC_ALGO_RSA_OAEP, 2048 });
-        test( { CKMC_ALGO_RSA_OAEP, 4096 });
-    }
+    if (g_api->symmetricOnly())
+        return;
+
+    test( { CKMC_ALGO_RSA_OAEP, 1024 });
+    test( { CKMC_ALGO_RSA_OAEP, 2048 });
+    test( { CKMC_ALGO_RSA_OAEP, 4096 });
 }
 
 void testNoIvEnc(const Algo& algo)
Domain: Security / Uncategorized;