From: Pawel Kowalski Date: Thu, 26 Oct 2017 11:10:33 +0000 (+0200) Subject: Adjust tests to use more detailed error codes X-Git-Tag: security-manager_5.5_testing~9^2~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=93f72052bc238528d2c71141108deb656054df8d;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git Adjust tests to use more detailed error codes There was no distinction between different types of errors returned by OpenSSL functions in the CKM. After improvement, in some cases, INVALID_PARAM is returned instead of generic SERVER_ERROR. Some tests concerning decryption and encryption had to be adjusted. Change-Id: I23aee248aa4fbcfe02f878c629c9b8595642e2da --- diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp index 006370b6..76f1c92e 100644 --- a/src/ckm/unprivileged/encryption-decryption.cpp +++ b/src/ckm/unprivileged/encryption-decryption.cpp @@ -501,7 +501,7 @@ void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name) setParam(params, name, createRandomBufferCAPI(32)); // decrypt - assert_crypto_result(EncryptionError::SERVER_ERROR, + assert_crypto_result(EncryptionError::INVALID_PARAM, apiDecrypt, params.get(), aliases.prv.c_str(), @@ -798,13 +798,13 @@ void testGcmDecryptionTagLen(Algorithm type) { 116, EncryptionError::INVALID_PARAM }, { 124, EncryptionError::INVALID_PARAM }, { 256, EncryptionError::INVALID_PARAM }, - // legal tag lengths (EVP_CipherFinal fails but we can't get the error code) - { 32, EncryptionError::SERVER_ERROR }, - { 64, EncryptionError::SERVER_ERROR }, - { 96, EncryptionError::SERVER_ERROR }, - { 104, EncryptionError::SERVER_ERROR }, - { 112, EncryptionError::SERVER_ERROR }, - { 120, EncryptionError::SERVER_ERROR }, + // legal tag lengths but different than the one used for encryption + { 32, EncryptionError::INVALID_PARAM }, + { 64, EncryptionError::INVALID_PARAM }, + { 96, EncryptionError::INVALID_PARAM }, + { 104, EncryptionError::INVALID_PARAM }, + { 112, EncryptionError::INVALID_PARAM }, + { 120, EncryptionError::INVALID_PARAM }, // legal tag length that was actually used for encryption (default) { 128, EncryptionError::SUCCESS }, }; @@ -839,8 +839,8 @@ void testGcmWrongTag(Algorithm type) // modify tag (last 16B of encrypted message) ret.encrypted->data[ret.encrypted->size-1]++; - // EVP_CipherFinal fails but we can't get error code - assert_crypto_result(EncryptionError::SERVER_ERROR, + // EVP_CipherFinal fails because of an authentication error + assert_crypto_result(EncryptionError::INVALID_PARAM, apiDecrypt, ret.params.get(), ret.prvKey.c_str(), @@ -897,7 +897,6 @@ void testEncryptDecryptDifferentKeys(Algorithm type, bool success) // add different key KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong"); - if (success) { // some algorithms don't verify key validity assert_crypto_positive(apiDecrypt, @@ -910,15 +909,14 @@ void testEncryptDecryptDifferentKeys(Algorithm type, bool success) assert_buffers_equal(*plain.get(), *decrypted, false); } else { - // different key should not be accepted - assert_crypto_result(EncryptionError::SERVER_ERROR, + assert_crypto_result(EncryptionError::INVALID_PARAM, apiDecrypt, ret.params.get(), differentKeys.prv.c_str(), nullptr, *ret.encrypted.get(), &decrypted); - } + } // Cleanup before testing next algorithm. Ignore results because not all keys are present ckmc_remove_alias(ret.prvKey.c_str()); @@ -962,7 +960,7 @@ void testRsaDataTooLong(Algorithm type, size_t dataSize) ckmc_param_list_h handle = NULL; assert_positive(ckmc_generate_new_params, algo->m_type, &handle); ret.params = ParamListPtr(handle, ckmc_param_list_free); - assert_crypto_result(EncryptionError::SERVER_ERROR, + assert_crypto_result(EncryptionError::INVALID_PARAM, apiEncrypt, ret.params.get(), aliases.pub.c_str(),