Adjust tests to use more detailed error codes

There was no distinction between different types of errors returned
by OpenSSL functions in the CKM. After improvement, in some cases,
INVALID_PARAM is returned instead of generic SERVER_ERROR. Some tests
concerning decryption and encryption had to be adjusted.

Change-Id: I23aee248aa4fbcfe02f878c629c9b8595642e2da

diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp
index 006370b..76f1c92 100644 (file)
--- a/src/ckm/unprivileged/encryption-decryption.cpp
+++ b/src/ckm/unprivileged/encryption-decryption.cpp
@@ -501,7 +501,7 @@ void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name)
     setParam(params, name, createRandomBufferCAPI(32));
 
     // decrypt
-    assert_crypto_result(EncryptionError::SERVER_ERROR,
+    assert_crypto_result(EncryptionError::INVALID_PARAM,
                          apiDecrypt,
                          params.get(),
                          aliases.prv.c_str(),
@@ -798,13 +798,13 @@ void testGcmDecryptionTagLen(Algorithm type)
             { 116,  EncryptionError::INVALID_PARAM },
             { 124,  EncryptionError::INVALID_PARAM },
             { 256,  EncryptionError::INVALID_PARAM },
-            // legal tag lengths (EVP_CipherFinal fails but we can't get the error code)
-            { 32,   EncryptionError::SERVER_ERROR },
-            { 64,   EncryptionError::SERVER_ERROR },
-            { 96,   EncryptionError::SERVER_ERROR },
-            { 104,  EncryptionError::SERVER_ERROR },
-            { 112,  EncryptionError::SERVER_ERROR },
-            { 120,  EncryptionError::SERVER_ERROR },
+            // legal tag lengths but different than the one used for encryption
+            { 32,   EncryptionError::INVALID_PARAM },
+            { 64,   EncryptionError::INVALID_PARAM },
+            { 96,   EncryptionError::INVALID_PARAM },
+            { 104,  EncryptionError::INVALID_PARAM },
+            { 112,  EncryptionError::INVALID_PARAM },
+            { 120,  EncryptionError::INVALID_PARAM },
             // legal tag length that was actually used for encryption (default)
             { 128,  EncryptionError::SUCCESS },
     };
@@ -839,8 +839,8 @@ void testGcmWrongTag(Algorithm type)
     // modify tag (last 16B of encrypted message)
     ret.encrypted->data[ret.encrypted->size-1]++;
 
-    // EVP_CipherFinal fails but we can't get error code
-    assert_crypto_result(EncryptionError::SERVER_ERROR,
+    // EVP_CipherFinal fails because of an authentication error
+    assert_crypto_result(EncryptionError::INVALID_PARAM,
                          apiDecrypt,
                          ret.params.get(),
                          ret.prvKey.c_str(),
@@ -897,7 +897,6 @@ void testEncryptDecryptDifferentKeys(Algorithm type, bool success)
     // add different key
     KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong");
 
-
     if (success) {
         // some algorithms don't verify key validity
         assert_crypto_positive(apiDecrypt,
@@ -910,15 +909,14 @@ void testEncryptDecryptDifferentKeys(Algorithm type, bool success)
 
         assert_buffers_equal(*plain.get(), *decrypted, false);
     } else {
-        // different key should not be accepted
-        assert_crypto_result(EncryptionError::SERVER_ERROR,
+               assert_crypto_result(EncryptionError::INVALID_PARAM,
                              apiDecrypt,
                              ret.params.get(),
                              differentKeys.prv.c_str(),
                              nullptr,
                              *ret.encrypted.get(),
                              &decrypted);
-    }
+       }
 
     // Cleanup before testing next algorithm. Ignore results because not all keys are present
     ckmc_remove_alias(ret.prvKey.c_str());
@@ -962,7 +960,7 @@ void testRsaDataTooLong(Algorithm type, size_t dataSize)
     ckmc_param_list_h handle = NULL;
     assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
     ret.params = ParamListPtr(handle, ckmc_param_list_free);
-    assert_crypto_result(EncryptionError::SERVER_ERROR,
+    assert_crypto_result(EncryptionError::INVALID_PARAM,
                          apiEncrypt,
                          ret.params.get(),
                          aliases.pub.c_str(),