};
};
-// Validates as true if parameter value is equal or greater than Min
-template <typename T, T Min>
-struct GreaterOrEqual {
-public:
- static bool Check(const T &value)
- {
- return value >= Min;
- }
-
- static void Why(std::ostringstream &os)
- {
- os << "is smaller than " << static_cast<int>(Min);
- }
-};
-
template <typename T>
struct Unsupported {
static bool Check(const T &)
ThrowErr(Exc::Crypto::InternalError, "Wrong key size! Expected: ",
EVP_CIPHER_key_length(type), " Get: ", key.size());
- bool gcm = (EVP_CIPHER_mode(type) == EVP_CIPH_GCM_MODE);
- int iv_len = EVP_CIPHER_iv_length(type);
+ if (static_cast<int>(iv.size()) < EVP_CIPHER_iv_length(type))
+ ThrowErr(Exc::Crypto::InternalError, "Wrong iv size! Expected: ",
+ EVP_CIPHER_iv_length(type), " Get: ", iv.size());
- OPENSSL_ERROR_HANDLE(EVP_CipherInit_ex(m_ctx, type, NULL, NULL, NULL, encryption ? 1 : 0));
-
- if (gcm) {
- if (iv.empty())
- ThrowErr(Exc::Crypto::InternalError, "Empty iv provided!");
-
- OPENSSL_ERROR_HANDLE(
- EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, iv.size(), NULL));
- } else {
- if (static_cast<int>(iv.size()) != iv_len)
- ThrowErr(Exc::Crypto::InternalError, "Wrong iv size! Expected: ", iv_len, " Got: ",
- iv.size());
- }
-
- OPENSSL_ERROR_HANDLE(
- EVP_CipherInit_ex(m_ctx, NULL, NULL, key.data(), iv.data(), encryption ? 1 : 0));
+ OPENSSL_ERROR_HANDLE(EVP_CipherInit_ex(m_ctx, type, NULL, key.data(), iv.data(),
+ encryption ? 1 : 0));
EVP_CIPHER_CTX_set_padding(m_ctx, 1);
}
typedef ParamCheck<ParamName::ED_IV,
RawBuffer,
true,
- GreaterOrEqual<size_t, 1>,
- BufferSizeGetter> GcmIvCheck;
+ DefaultValidator<RawBuffer>> GcmIvCheck;
typedef ParamCheck<ParamName::ED_TAG_LEN,
int,
BOOST_REQUIRE_NO_THROW(logic.removeKey(TEST_CLIENT));
BOOST_REQUIRE_NO_THROW(logic.pushKey(TEST_CLIENT, TEST_KEY));
+ // short IV
+ row.iv = RawBuffer(4);
+ BOOST_REQUIRE_THROW(logic.encryptRow(row), Exc::InternalError);
+ row.iv.clear();
+
// correct encryption
DB::Row encryptedRow;
BOOST_REQUIRE_NO_THROW(encryptedRow = logic.encryptRow(row));
ca.setParam(ParamName::ALGO_TYPE, AlgoType::AES_GCM);
ca.setParam(ParamName::ED_AAD, createRandom(42));
encryptDecrypt();
- ca.setParam(ParamName::ED_IV, createRandom(11));
- encryptDecrypt();
- ca.setParam(ParamName::ED_IV, createRandom(1));
- encryptDecrypt();
- ca.setParam(ParamName::ED_IV, createRandom(99));
- encryptDecrypt();
}
NEGATIVE_TEST_CASE(symmetricEncryptDecrypt)
// no iv
BOOST_REQUIRE_THROW(key->encrypt(ca, data), Exc::Crypto::InputParam);
+ // short iv
+ ca.setParam(ParamName::ED_IV, RawBuffer(1));
+ BOOST_REQUIRE_THROW(key->encrypt(ca, data), Exc::Crypto::InternalError);
ca.setParam(ParamName::ED_IV, iv);
// short key
// no iv
BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam);
+ // short iv
+ ca2.setParam(ParamName::ED_IV, RawBuffer(1));
+ BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InternalError);
ca2.setParam(ParamName::ED_IV, iv);
// short key
projects / platform / core / security / key-manager.git / commitdiff