From f68f596c1188a7b2ff7417ffb21a85bd031aba75 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 19 Mar 2019 11:38:27 +0100 Subject: [PATCH] CKM: Prepare db & keys once per encryption group Database initialzation & cleanup (unlock, data removal) are only performed once per encryption decryption test group. Key generation in encryption decryption test group takes a lot of time. Initialize the keys once for the group and reuse them. Change-Id: Ibde172b4c3cfe4382c43302034aa1ee52d1355f6 --- src/ckm/unprivileged/encryption-decryption.cpp | 852 ++++++++++++------------- 1 file changed, 392 insertions(+), 460 deletions(-) diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp index 76f1c92..d115ae8 100644 --- a/src/ckm/unprivileged/encryption-decryption.cpp +++ b/src/ckm/unprivileged/encryption-decryption.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,12 +22,12 @@ #include #include -#include -#include +#include #include #include #include +#include #include #include #include @@ -127,168 +127,157 @@ struct KeyAliasPair Alias pub; }; -class EncEnv : public RemoveDataEnv { -public: - EncEnv() : m_dbu(NULL) {} - ~EncEnv() { delete m_dbu; } - - void init(const std::string& str) { - RemoveDataEnv::init(str); - m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database +struct SyncEnv { + void init(const std::string&) { + g_api = &g_syncApi; } void finish() { - delete m_dbu; - m_dbu = NULL; - RemoveDataEnv::finish(); - g_api = NULL; - } - - ScopedDBUnlock* m_dbu; -}; - -struct SyncEnv : public EncEnv { - void init(const std::string& str) { - EncEnv::init(str); - g_api = &g_syncApi; + g_api = nullptr; } static std::string suffix() { return "_sync"; } }; -struct AsyncEnv : public EncEnv { - void init(const std::string& str) { - EncEnv::init(str); +struct AsyncEnv { + void init(const std::string&) { g_api = &g_asyncApi; } + void finish() { + g_api = nullptr; + } + static std::string suffix() { return "_async"; } }; -struct AlgoBase { - ckmc_algo_type_e m_type; - size_t m_keyLen; - - AlgoBase(ckmc_algo_type_e type, size_t keyLen) : m_type(type), m_keyLen(keyLen) {} - - virtual KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr) = 0; +struct Algo { + ckmc_algo_type_e type; + size_t keyLen; }; -typedef std::shared_ptr AlgoBasePtr; +std::unordered_map> g_symKeys; +std::unordered_map> g_asymKeys; -template -AlgoBasePtr createAlgo(ckmc_algo_type_e type, size_t keyLen) { - return AlgoBasePtr(new T(type, keyLen)); -} +enum KeyIdx { + PRIMARY = 0, + PASSWORD_PROTECTED = 1, -struct AlgoAes : public AlgoBase { - AlgoAes(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {} - KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr); + KEY_IDX_MAX }; -KeyAliasPair AlgoAes::keyGen(const char* pass, const char* suffix) -{ - KeyAliasPair aliases; - std::ostringstream oss; - std::string ownerId = getOwnerIdFromSelf(); - CharPtr passPtr(nullptr, free); - if (pass) - passPtr.reset(strdup(pass)); +RawBufferPtr PLAIN_DATA; +RawBufferPtr BIG_DATA; +ckmc_raw_buffer_s* DEFAULT_IV; +ckmc_raw_buffer_s* IV11; +ckmc_raw_buffer_s* IV12; +ckmc_raw_buffer_s* IV15; +ckmc_raw_buffer_s* IV17; +ckmc_raw_buffer_s* IV128; +ckmc_raw_buffer_s* AAD32; +ckmc_raw_buffer_s* AAD64; - oss << "aes_" << static_cast(m_type) << "_" << m_keyLen << "_key_alias"; - if (suffix) - oss << suffix; - aliases.prv = aliasWithLabel(ownerId.c_str(),oss.str().c_str()); - aliases.pub = aliasWithLabel(ownerId.c_str(), oss.str().c_str()); +void generateSymmetricKeys(ManagerShPtr& manager, size_t bitLen) +{ + for (int i = 0; i < KEY_IDX_MAX; i++) + { + Policy p(Password(), true, g_backend); + if (i == PASSWORD_PROTECTED) + p.password.assign(PASSWORD); - ckmc_policy_s policy; - policy.extractable = false; - policy.password = passPtr.get(); + std::string alias = std::string("skey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i); + int ret = manager->createKeyAES(bitLen, alias, p); + if (ret != CKM_API_SUCCESS) + RUNNER_ERROR_MSG("AES key creation failed"); - auto mgr = CKM::Manager::create(); - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == mgr->createKeyAES(m_keyLen, Alias(aliases.prv.c_str()), - _toCkmPolicy(policy, g_backend)), - "AES key creation failed"); + g_symKeys[bitLen].push_back(alias); + } +} - return aliases; +void generateRsaKeys(ManagerShPtr& manager, size_t bitLen) +{ + for (int i = 0; i < KEY_IDX_MAX; i++) + { + Policy p(Password(), true, g_backend); + if (i == PASSWORD_PROTECTED) { + p.password.assign(PASSWORD); + //p.extractable = false; + } + + KeyAliasPair alias; + alias.prv = std::string("akey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i); + alias.pub = std::string("pub") + alias.prv; + int ret = manager->createKeyPairRSA(bitLen, alias.prv, alias.pub, p); + if (ret != CKM_API_SUCCESS) + RUNNER_ERROR_MSG("RSA key creation failed"); + + g_asymKeys[bitLen].push_back(alias); + } } -struct AlgoRsa : public AlgoBase { - AlgoRsa(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {} - KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr); -}; +KeyAliasPair getKey(const Algo& algo, KeyIdx idx) +{ + if (algo.type == CKMC_ALGO_RSA_OAEP) + return g_asymKeys[algo.keyLen][idx]; -KeyAliasPair AlgoRsa::keyGen(const char* pass, const char* suffix) + KeyAliasPair pair; + pair.prv = g_symKeys[algo.keyLen][idx]; + pair.pub = pair.prv; + return pair; +} + +class EncGroupFixture: public DPL::Test::TestGroup { - std::ostringstream oss_prv, oss_pub; - oss_prv << "rsa_oaep_prv_alias_" << m_keyLen; - oss_pub << "rsa_oaep_pub_alias_" << m_keyLen; - if (suffix) { - oss_prv << suffix; - oss_pub << suffix; +public: + void Init() override + { + remove_user_data(UID); + int ret = ckmc_unlock_user_key(UID, "db-pass"); + if (ret != CKMC_ERROR_NONE) + RUNNER_ERROR_MSG("DB unlock failed: " << CKMCErrorToString(ret)); + + // generate keys + auto manager = Manager::create(); + generateSymmetricKeys(manager, 128); + generateSymmetricKeys(manager, 192); + generateSymmetricKeys(manager, 256); + generateRsaKeys(manager, 1024); + generateRsaKeys(manager, 2048); + generateRsaKeys(manager, 4096); + + PLAIN_DATA = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); + BIG_DATA = create_raw_buffer(createRandomBufferCAPI(5000000)); + DEFAULT_IV = createRandomBufferCAPI(DEFAULT_IV_LEN); + IV11 = createRandomBufferCAPI(11); + IV12 = createRandomBufferCAPI(12); + IV15 = createRandomBufferCAPI(15); + IV17 = createRandomBufferCAPI(17); + IV128 = createRandomBufferCAPI(128); + AAD32 = createRandomBufferCAPI(32); + AAD64 = createRandomBufferCAPI(64); } - KeyAliasPair aliases = { - aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_prv.str().c_str()), - aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_pub.str().c_str()) - }; - CharPtr passPtr(nullptr, free); - if (pass) - passPtr.reset(strdup(pass)); - - ckmc_policy_s policyPrv; - policyPrv.password = passPtr.get(); - policyPrv.extractable = 0; - - ckmc_policy_s policyPub; - policyPub.password = passPtr.get(); - policyPub.extractable = 0; - - auto mgr = CKM::Manager::create(); - - RUNNER_ASSERT_MSG(CKM_API_SUCCESS == mgr->createKeyPairRSA(static_cast(m_keyLen), - CKM::Alias(aliases.prv.c_str()), - CKM::Alias(aliases.pub.c_str()), - _toCkmPolicy(policyPrv, g_backend), - _toCkmPolicy(policyPub, g_backend)), "RSA key pair generation failed" ); - return aliases; -} - -enum Algorithm { - AES_CBC_128, - AES_CBC_192, - AES_CBC_256, - AES_GCM_128, - AES_GCM_192, - AES_GCM_256, - AES_CTR_128, - AES_CTR_192, - AES_CTR_256, - AES_CFB_128, - AES_CFB_192, - AES_CFB_256, - RSA_OAEP_1024, - RSA_OAEP_2048, - RSA_OAEP_4096, -}; -std::map g_algorithms = { - { AES_CBC_128, createAlgo(CKMC_ALGO_AES_CBC, 128) }, - { AES_CBC_192, createAlgo(CKMC_ALGO_AES_CBC, 192) }, - { AES_CBC_256, createAlgo(CKMC_ALGO_AES_CBC, 256) }, - { AES_GCM_128, createAlgo(CKMC_ALGO_AES_GCM, 128) }, - { AES_GCM_192, createAlgo(CKMC_ALGO_AES_GCM, 192) }, - { AES_GCM_256, createAlgo(CKMC_ALGO_AES_GCM, 256) }, - { AES_CTR_128, createAlgo(CKMC_ALGO_AES_CTR, 128) }, - { AES_CTR_192, createAlgo(CKMC_ALGO_AES_CTR, 192) }, - { AES_CTR_256, createAlgo(CKMC_ALGO_AES_CTR, 256) }, - { AES_CFB_128, createAlgo(CKMC_ALGO_AES_CFB, 128) }, - { AES_CFB_192, createAlgo(CKMC_ALGO_AES_CFB, 192) }, - { AES_CFB_256, createAlgo(CKMC_ALGO_AES_CFB, 256) }, - { RSA_OAEP_1024, createAlgo(CKMC_ALGO_RSA_OAEP, 1024) }, - { RSA_OAEP_2048, createAlgo(CKMC_ALGO_RSA_OAEP, 2048) }, - { RSA_OAEP_4096, createAlgo(CKMC_ALGO_RSA_OAEP, 4096) }, + void Finish() override + { + BIG_DATA.reset(); + PLAIN_DATA.reset(); + ckmc_buffer_free(AAD64); + ckmc_buffer_free(AAD32); + ckmc_buffer_free(IV128); + ckmc_buffer_free(IV17); + ckmc_buffer_free(IV15); + ckmc_buffer_free(IV12); + ckmc_buffer_free(IV11); + ckmc_buffer_free(DEFAULT_IV); + + int ret = ckmc_lock_user_key(UID); + if (ret != CKMC_ERROR_NONE) + RUNNER_ERROR_MSG("DB lock failed: " << CKMCErrorToString(ret)); + remove_user_data(UID); + } }; + void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer) { int ret = ckmc_param_list_set_buffer(params.get(), name, buffer); @@ -311,18 +300,18 @@ struct EncryptionResult Alias pubKey; }; -EncryptionResult encrypt(const AlgoBasePtr& algo, +EncryptionResult encrypt(const Algo& algo, const RawBufferPtr& plain, const char* pass = nullptr) { EncryptionResult ret; ckmc_raw_buffer_s* encrypted = nullptr; - KeyAliasPair aliases = algo->keyGen(pass); + KeyAliasPair aliases = getKey(algo, pass == nullptr ? PRIMARY : PASSWORD_PROTECTED); ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ret.params = ParamListPtr(handle, ckmc_param_list_free); - setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); + setParam(ret.params, CKMC_PARAM_ED_IV, DEFAULT_IV); assert_crypto_positive(apiEncrypt, ret.params.get(), @@ -338,48 +327,55 @@ EncryptionResult encrypt(const AlgoBasePtr& algo, } void testAllAlgorithms( - const std::function& test) + const std::function& test) +{ + test( { CKMC_ALGO_AES_CBC, 128 }); + test( { CKMC_ALGO_AES_CBC, 192 }); + test( { CKMC_ALGO_AES_CBC, 256 }); + test( { CKMC_ALGO_AES_GCM, 128 }); + test( { CKMC_ALGO_AES_GCM, 192 }); + test( { CKMC_ALGO_AES_GCM, 256 }); + test( { CKMC_ALGO_AES_CTR, 128 }); + test( { CKMC_ALGO_AES_CTR, 192 }); + test( { CKMC_ALGO_AES_CTR, 256 }); + test( { CKMC_ALGO_AES_CFB, 128 }); + test( { CKMC_ALGO_AES_CFB, 192 }); + test( { CKMC_ALGO_AES_CFB, 256 }); + test( { CKMC_ALGO_RSA_OAEP, 1024 }); + test( { CKMC_ALGO_RSA_OAEP, 2048 }); + test( { CKMC_ALGO_RSA_OAEP, 4096 }); +} + +void testNoIvEnc(const Algo& algo) { - for(const auto& it : g_algorithms) - test(it.second); -} - -void testNoIvEnc(Algorithm type) -{ - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* encrypted = nullptr; // add key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); // param list with algo type only ParamListPtr params = createParamListPtr(); - setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type); + setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type); assert_crypto_invalid_param(apiEncrypt, params.get(), aliases.pub.c_str(), nullptr, - *plain.get(), + *PLAIN_DATA.get(), &encrypted); } -void testNoIvDec(Algorithm type) +void testNoIvDec(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // encrypt; - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); // param list with algo type only ParamListPtr params = createParamListPtr(); - setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type); + setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type); assert_crypto_invalid_param(apiDecrypt, params.get(), ret.prvKey.c_str(), @@ -388,20 +384,17 @@ void testNoIvDec(Algorithm type) &decrypted); } -void testInvalidIvEnc(Algorithm type) +void testInvalidIvEnc(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* encryptedTmp = nullptr; // add key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); // setup params ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); // invalid encryption @@ -410,28 +403,25 @@ void testInvalidIvEnc(Algorithm type) params.get(), aliases.pub.c_str(), nullptr, - *plain.get(), + *PLAIN_DATA.get(), &encryptedTmp); ckmc_buffer_free(encryptedTmp); encryptedTmp = nullptr; }; // invalid iv size - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1)); + setParam(params, CKMC_PARAM_ED_IV, IV15); test(); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1)); + setParam(params, CKMC_PARAM_ED_IV, IV17); test(); }; -void testInvalidIvDec(Algorithm type) +void testInvalidIvDec(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // valid encryption - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); // decryption auto test2 = [&](){ @@ -446,40 +436,37 @@ void testInvalidIvDec(Algorithm type) }; // invalid iv size - setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1)); + setParam(ret.params, CKMC_PARAM_ED_IV, IV15); test2(); - setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1)); + setParam(ret.params, CKMC_PARAM_ED_IV, IV17); test2(); }; -void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name) +void encryptionWithCustomData(const Algo& algo, ckmc_param_name_e name) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* encrypted = nullptr; ckmc_raw_buffer_s* decrypted = nullptr; // add key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); // setup params ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); + setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV); // set AAD - setParam(params, name, createRandomBufferCAPI(64)); + setParam(params, name, AAD64); // encrypt assert_crypto_positive(apiEncrypt, params.get(), aliases.pub.c_str(), nullptr, - *plain.get(), + *PLAIN_DATA.get(), &encrypted); RawBufferPtr tmpEnc = create_raw_buffer(encrypted); @@ -493,12 +480,12 @@ void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name) RawBufferPtr tmpDec = create_raw_buffer(decrypted); // check - assert_buffers_equal(*plain.get(), *tmpDec.get()); + assert_buffers_equal(*PLAIN_DATA.get(), *tmpDec.get()); tmpDec.reset(); decrypted = nullptr; // set wrong AAD - setParam(params, name, createRandomBufferCAPI(32)); + setParam(params, name, AAD32); // decrypt assert_crypto_result(EncryptionError::INVALID_PARAM, @@ -510,12 +497,11 @@ void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name) &decrypted); } -void testGcmIvSize(size_t size, +void testGcmIvSize(ckmc_raw_buffer_s* iv, const KeyAliasPair& aliases, EncryptionError error = EncryptionError::SUCCESS) { // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); RawBufferPtr encrypted; RawBufferPtr decrypted; ckmc_raw_buffer_s* encryptedTmp = nullptr; @@ -525,8 +511,8 @@ void testGcmIvSize(size_t size, ckmc_param_list_h handle = NULL; assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(size)); + setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV); + setParam(params, CKMC_PARAM_ED_IV, iv); // encryption assert_crypto_result(error, @@ -534,7 +520,7 @@ void testGcmIvSize(size_t size, params.get(), aliases.pub.c_str(), nullptr, - *plain.get(), + *PLAIN_DATA.get(), &encryptedTmp); if(error != EncryptionError::SUCCESS) @@ -550,19 +536,16 @@ void testGcmIvSize(size_t size, &decryptedTmp); decrypted = create_raw_buffer(decryptedTmp); - assert_buffers_equal(*plain.get(), *decrypted.get()); + assert_buffers_equal(*PLAIN_DATA.get(), *decrypted.get()); } -void testIntegrity(Algorithm type) +void testIntegrity(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // encrypt - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); // break the encrypted data ret.encrypted->data[BUF_LEN/2]++; @@ -576,25 +559,22 @@ void testIntegrity(Algorithm type) &decrypted); RawBufferPtr tmp = create_raw_buffer(decrypted); - assert_buffers_equal(*plain.get(), *decrypted, false); + assert_buffers_equal(*PLAIN_DATA.get(), *decrypted, false); } -void testCtrEncryptionInvalidLength(Algorithm type) +void testCtrEncryptionInvalidLength(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* encryptedTmp = nullptr; // add AES CTR key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); // setup params ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); + setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV); // encryption auto test = [&](){ @@ -602,7 +582,7 @@ void testCtrEncryptionInvalidLength(Algorithm type) params.get(), aliases.pub.c_str(), nullptr, - *plain.get(), + *PLAIN_DATA.get(), &encryptedTmp); ckmc_buffer_free(encryptedTmp); encryptedTmp = nullptr; @@ -616,22 +596,19 @@ void testCtrEncryptionInvalidLength(Algorithm type) test(); } -void testCtrEncryptionValidLength(Algorithm type) +void testCtrEncryptionValidLength(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* encryptedTmp = nullptr; // add AES CTR key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); // setup params ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); + setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV); // encryption auto test = [&](){ @@ -639,7 +616,7 @@ void testCtrEncryptionValidLength(Algorithm type) params.get(), aliases.pub.c_str(), nullptr, - *plain.get(), + *PLAIN_DATA.get(), &encryptedTmp); ckmc_buffer_free(encryptedTmp); encryptedTmp = nullptr; @@ -655,16 +632,13 @@ void testCtrEncryptionValidLength(Algorithm type) test(); } -void testCtrDecryptionInvalidLength(Algorithm type) +void testCtrDecryptionInvalidLength(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // add AES CTR key & encrypt - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); // decryption auto test = [&](){ @@ -686,16 +660,13 @@ void testCtrDecryptionInvalidLength(Algorithm type) test(); } -void testCtrDecryptionValidLength(Algorithm type) +void testCtrDecryptionValidLength(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // add AES CTR key & encrypt - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); // decryption auto test = [&](){ @@ -707,7 +678,7 @@ void testCtrDecryptionValidLength(Algorithm type) &decrypted); ckmc_buffer_free(decrypted); RawBufferPtr tmp = create_raw_buffer(decrypted); - assert_buffers_equal(*plain.get(), *decrypted); + assert_buffers_equal(*PLAIN_DATA.get(), *decrypted); }; // invalid counter size setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1); @@ -720,22 +691,19 @@ void testCtrDecryptionValidLength(Algorithm type) test(); } -void testGcmEncryptionTagLen(Algorithm type) +void testGcmEncryptionTagLen(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* encryptedTmp = nullptr; // add AES GCM key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); // setup params ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); + setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV); std::vector testData = { // illegal tag lengths @@ -768,23 +736,20 @@ void testGcmEncryptionTagLen(Algorithm type) params.get(), aliases.pub.c_str(), nullptr, - *plain.get(), + *PLAIN_DATA.get(), &encryptedTmp); ckmc_buffer_free(encryptedTmp); encryptedTmp = nullptr; } } -void testGcmDecryptionTagLen(Algorithm type) +void testGcmDecryptionTagLen(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // add AES GCM key & encrypt - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); std::vector testData = { // illegal tag lengths @@ -825,16 +790,13 @@ void testGcmDecryptionTagLen(Algorithm type) } } -void testGcmWrongTag(Algorithm type) +void testGcmWrongTag(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // encrypt with AES GCM - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); // modify tag (last 16B of encrypted message) ret.encrypted->data[ret.encrypted->size-1]++; @@ -849,29 +811,24 @@ void testGcmWrongTag(Algorithm type) &decrypted); } -void testGcmDifferentIvSizes(Algorithm type) +void testGcmDifferentIvSizes(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // add AES GCM key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); - testGcmIvSize(11, aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest - testGcmIvSize(12, aliases); - testGcmIvSize(17, aliases); - testGcmIvSize(128, aliases); + testGcmIvSize(IV11, aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest + testGcmIvSize(IV12, aliases); + testGcmIvSize(IV17, aliases); + testGcmIvSize(IV128, aliases); } -void testEncryptDecryptBigData(Algorithm type) +void testEncryptDecryptBigData(const Algo& algo) { - const AlgoBasePtr& algo = g_algorithms.at(type); - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(5000000)); ckmc_raw_buffer_s* decrypted = nullptr; // encrypt - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, BIG_DATA); assert_positive(apiDecrypt, ret.params.get(), @@ -881,53 +838,44 @@ void testEncryptDecryptBigData(Algorithm type) &decrypted); RawBufferPtr tmp = create_raw_buffer(decrypted); - assert_buffers_equal(*plain.get(), *decrypted); + assert_buffers_equal(*BIG_DATA.get(), *decrypted); } -void testEncryptDecryptDifferentKeys(Algorithm type, bool success) +void testEncryptDecryptDifferentKeys(const Algo& algo, bool success) { - const AlgoBasePtr& algo = g_algorithms.at(type); // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // encrypt - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); - // add different key - KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong"); + // get different keys + KeyAliasPair differentKeys = getKey(algo, PASSWORD_PROTECTED); if (success) { // some algorithms don't verify key validity assert_crypto_positive(apiDecrypt, ret.params.get(), differentKeys.prv.c_str(), - nullptr, + PASSWORD, *ret.encrypted.get(), &decrypted); RawBufferPtr tmp = create_raw_buffer(decrypted); - assert_buffers_equal(*plain.get(), *decrypted, false); + assert_buffers_equal(*PLAIN_DATA.get(), *decrypted, false); } else { - assert_crypto_result(EncryptionError::INVALID_PARAM, + assert_crypto_result(EncryptionError::INVALID_PARAM, apiDecrypt, ret.params.get(), differentKeys.prv.c_str(), - nullptr, + PASSWORD, *ret.encrypted.get(), &decrypted); - } - - // Cleanup before testing next algorithm. Ignore results because not all keys are present - ckmc_remove_alias(ret.prvKey.c_str()); - ckmc_remove_alias(ret.pubKey.c_str()); - ckmc_remove_alias(differentKeys.prv.c_str()); - ckmc_remove_alias(differentKeys.pub.c_str()); + } } -void testRsaLongestData(Algorithm type, size_t dataSize) +void testRsaLongestData(const Algo& algo, size_t dataSize) { - const AlgoBasePtr& algo = g_algorithms.at(type); // prepare buffers RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize)); ckmc_raw_buffer_s* decrypted = nullptr; @@ -946,19 +894,18 @@ void testRsaLongestData(Algorithm type, size_t dataSize) assert_buffers_equal(*plain.get(), *decrypted); } -void testRsaDataTooLong(Algorithm type, size_t dataSize) +void testRsaDataTooLong(const Algo& algo, size_t dataSize) { - const AlgoBasePtr& algo = g_algorithms.at(type); // prepare buffers RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize)); // encrypt EncryptionResult ret; ckmc_raw_buffer_s* encrypted = nullptr; - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ret.params = ParamListPtr(handle, ckmc_param_list_free); assert_crypto_result(EncryptionError::INVALID_PARAM, apiEncrypt, @@ -971,8 +918,7 @@ void testRsaDataTooLong(Algorithm type, size_t dataSize) } // namespace anonymous - -RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION); +RUNNER_TEST_GROUP_INIT_ENV(CKM_ENCRYPTION_DECRYPTION, EncGroupFixture); ///////////////////////////////////////// // Generic encryption decryption tests @@ -980,20 +926,19 @@ RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION); RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* encrypted = nullptr; // add key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); // null param list assert_crypto_invalid_param(apiEncrypt, nullptr, aliases.pub.c_str(), nullptr, - *plain.get(), + *PLAIN_DATA.get(), &encrypted); // empty param list @@ -1002,49 +947,48 @@ RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv) params.get(), aliases.pub.c_str(), nullptr, - *plain.get(), + *PLAIN_DATA.get(), &encrypted); }); } RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* encrypted = nullptr; // setup params ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); + setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV); assert_crypto_result(EncryptionError::ALIAS_UNKNOWN, apiEncrypt, params.get(), "non-existing-key-alias", nullptr, - *plain.get(), + *PLAIN_DATA.get(), &encrypted); }); } RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers ckmc_raw_buffer_s plain = { nullptr, 0 }; ckmc_raw_buffer_s* encrypted = nullptr; // add key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); // setup params ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); + setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV); assert_crypto_invalid_param(apiEncrypt, params.get(), @@ -1057,38 +1001,36 @@ RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv) RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s** encrypted = nullptr; // add key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); // setup params ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); + setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV); assert_crypto_invalid_param(apiEncrypt, params.get(), aliases.pub.c_str(), nullptr, - *plain.get(), + *PLAIN_DATA.get(), encrypted); }); } RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // encrypt; - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); // null param list assert_crypto_invalid_param(apiDecrypt, @@ -1111,22 +1053,18 @@ RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv) RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // encrypt - auto ret = encrypt(algo, plain); - - // remove key - assert_positive(ckmc_remove_alias, ret.prvKey.c_str()); + auto ret = encrypt(algo, PLAIN_DATA); // try to decrypt assert_crypto_result(EncryptionError::ALIAS_UNKNOWN, apiDecrypt, ret.params.get(), - ret.prvKey.c_str(), + "non-existent-key", nullptr, *ret.encrypted.get(), &decrypted); @@ -1135,19 +1073,19 @@ RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv) RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers ckmc_raw_buffer_s encrypted = { nullptr, 0 }; ckmc_raw_buffer_s* decrypted = nullptr; // add key - KeyAliasPair aliases = algo->keyGen(); + KeyAliasPair aliases = getKey(algo, PRIMARY); // setup params ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); + setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV); assert_crypto_invalid_param(apiDecrypt, params.get(), @@ -1160,13 +1098,12 @@ RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv) RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s** decrypted = nullptr; // encrypt - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); assert_crypto_invalid_param(apiDecrypt, ret.params.get(), @@ -1180,32 +1117,31 @@ RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv) RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptDifferentKeys(AES_CBC_128, false); - testEncryptDecryptDifferentKeys(AES_CBC_192, false); - testEncryptDecryptDifferentKeys(AES_CBC_256, false); - testEncryptDecryptDifferentKeys(AES_GCM_128, false); - testEncryptDecryptDifferentKeys(AES_GCM_192, false); - testEncryptDecryptDifferentKeys(AES_GCM_256, false); - testEncryptDecryptDifferentKeys(AES_CTR_128, true); - testEncryptDecryptDifferentKeys(AES_CTR_192, true); - testEncryptDecryptDifferentKeys(AES_CTR_256, true); - testEncryptDecryptDifferentKeys(AES_CFB_128, true); - testEncryptDecryptDifferentKeys(AES_CFB_192, true); - testEncryptDecryptDifferentKeys(AES_CFB_256, true); - testEncryptDecryptDifferentKeys(RSA_OAEP_1024, false); - testEncryptDecryptDifferentKeys(RSA_OAEP_2048, false); - testEncryptDecryptDifferentKeys(RSA_OAEP_4096, false); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CBC, 128}, false); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CBC, 192}, false); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CBC, 256}, false); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 128}, false); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 192}, false); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 256}, false); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 128}, true); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 192}, true); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 256}, true); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 128}, true); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 192}, true); + testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 256}, true); + testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 1024}, false); + testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 2048}, false); + testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 4096}, false); } RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // encrypt - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); assert_crypto_positive(apiDecrypt, ret.params.get(), @@ -1215,19 +1151,18 @@ RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv) &decrypted); RawBufferPtr tmp = create_raw_buffer(decrypted); - assert_buffers_equal(*plain.get(), *decrypted); + assert_buffers_equal(*PLAIN_DATA.get(), *decrypted); }); } RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); ckmc_raw_buffer_s* decrypted = nullptr; // encrypt - auto ret = encrypt(algo, plain, PASSWORD); + auto ret = encrypt(algo, PLAIN_DATA, PASSWORD); // wrong password assert_crypto_result(EncryptionError::AUTH_FAILED, @@ -1247,81 +1182,81 @@ RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv) &decrypted); RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion - assert_buffers_equal(*plain.get(), *decrypted); + assert_buffers_equal(*PLAIN_DATA.get(), *decrypted); }); } // long test split into smaller ones -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_128, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_128, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_CBC_128); + testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 128}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_192, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_192, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_CBC_192); + testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 192}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_256, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_256, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_CBC_256); + testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 256}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_128, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_128, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_GCM_128); + testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 128}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_192, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_192, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_GCM_192); + testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 192}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_256, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_256, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_GCM_256); + testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 256}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_128, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_128, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_CTR_128); + testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 128}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_192, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_192, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_CTR_192); + testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 192}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_256, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_256, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_CTR_256); + testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 256}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_128, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_128, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_CFB_128); + testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 128}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_192, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_192, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_CFB_192); + testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 192}); } -RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, AsyncEnv) +RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_256, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testEncryptDecryptBigData(AES_CFB_256); + testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 256}); } ///////////////////////////////////////// @@ -1330,183 +1265,183 @@ RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, Asy RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv) { - testNoIvEnc(AES_CTR_128); - testNoIvEnc(AES_CTR_192); - testNoIvEnc(AES_CTR_256); - testNoIvEnc(AES_CBC_128); - testNoIvEnc(AES_CBC_192); - testNoIvEnc(AES_CBC_256); - testNoIvEnc(AES_CFB_128); - testNoIvEnc(AES_CFB_192); - testNoIvEnc(AES_CFB_256); - testNoIvEnc(AES_GCM_128); - testNoIvEnc(AES_GCM_192); - testNoIvEnc(AES_GCM_256); + testNoIvEnc({CKMC_ALGO_AES_CTR, 128}); + testNoIvEnc({CKMC_ALGO_AES_CTR, 192}); + testNoIvEnc({CKMC_ALGO_AES_CTR, 256}); + testNoIvEnc({CKMC_ALGO_AES_CBC, 128}); + testNoIvEnc({CKMC_ALGO_AES_CBC, 192}); + testNoIvEnc({CKMC_ALGO_AES_CBC, 256}); + testNoIvEnc({CKMC_ALGO_AES_CFB, 128}); + testNoIvEnc({CKMC_ALGO_AES_CFB, 192}); + testNoIvEnc({CKMC_ALGO_AES_CFB, 256}); + testNoIvEnc({CKMC_ALGO_AES_GCM, 128}); + testNoIvEnc({CKMC_ALGO_AES_GCM, 192}); + testNoIvEnc({CKMC_ALGO_AES_GCM, 256}); } RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv) { - testInvalidIvEnc(AES_CTR_128); - testInvalidIvEnc(AES_CTR_192); - testInvalidIvEnc(AES_CTR_256); - testInvalidIvEnc(AES_CBC_128); - testInvalidIvEnc(AES_CBC_192); - testInvalidIvEnc(AES_CBC_256); - testInvalidIvEnc(AES_CFB_128); - testInvalidIvEnc(AES_CFB_192); - testInvalidIvEnc(AES_CFB_256); + testInvalidIvEnc({CKMC_ALGO_AES_CTR, 128}); + testInvalidIvEnc({CKMC_ALGO_AES_CTR, 192}); + testInvalidIvEnc({CKMC_ALGO_AES_CTR, 256}); + testInvalidIvEnc({CKMC_ALGO_AES_CBC, 128}); + testInvalidIvEnc({CKMC_ALGO_AES_CBC, 192}); + testInvalidIvEnc({CKMC_ALGO_AES_CBC, 256}); + testInvalidIvEnc({CKMC_ALGO_AES_CFB, 128}); + testInvalidIvEnc({CKMC_ALGO_AES_CFB, 192}); + testInvalidIvEnc({CKMC_ALGO_AES_CFB, 256}); } RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv) { - testNoIvDec(AES_CTR_128); - testNoIvDec(AES_CTR_192); - testNoIvDec(AES_CTR_256); - testNoIvDec(AES_CBC_128); - testNoIvDec(AES_CBC_192); - testNoIvDec(AES_CBC_256); - testNoIvDec(AES_CFB_128); - testNoIvDec(AES_CFB_192); - testNoIvDec(AES_CFB_256); - testNoIvDec(AES_GCM_128); - testNoIvDec(AES_GCM_192); - testNoIvDec(AES_GCM_256); + testNoIvDec({CKMC_ALGO_AES_CTR, 128}); + testNoIvDec({CKMC_ALGO_AES_CTR, 192}); + testNoIvDec({CKMC_ALGO_AES_CTR, 256}); + testNoIvDec({CKMC_ALGO_AES_CBC, 128}); + testNoIvDec({CKMC_ALGO_AES_CBC, 192}); + testNoIvDec({CKMC_ALGO_AES_CBC, 256}); + testNoIvDec({CKMC_ALGO_AES_CFB, 128}); + testNoIvDec({CKMC_ALGO_AES_CFB, 192}); + testNoIvDec({CKMC_ALGO_AES_CFB, 256}); + testNoIvDec({CKMC_ALGO_AES_GCM, 128}); + testNoIvDec({CKMC_ALGO_AES_GCM, 192}); + testNoIvDec({CKMC_ALGO_AES_GCM, 256}); } RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv) { - testInvalidIvDec(AES_CTR_128); - testInvalidIvDec(AES_CTR_192); - testInvalidIvDec(AES_CTR_256); - testInvalidIvDec(AES_CBC_128); - testInvalidIvDec(AES_CBC_192); - testInvalidIvDec(AES_CBC_256); - testInvalidIvDec(AES_CFB_128); - testInvalidIvDec(AES_CFB_192); - testInvalidIvDec(AES_CFB_256); + testInvalidIvDec({CKMC_ALGO_AES_CTR, 128}); + testInvalidIvDec({CKMC_ALGO_AES_CTR, 192}); + testInvalidIvDec({CKMC_ALGO_AES_CTR, 256}); + testInvalidIvDec({CKMC_ALGO_AES_CBC, 128}); + testInvalidIvDec({CKMC_ALGO_AES_CBC, 192}); + testInvalidIvDec({CKMC_ALGO_AES_CBC, 256}); + testInvalidIvDec({CKMC_ALGO_AES_CFB, 128}); + testInvalidIvDec({CKMC_ALGO_AES_CFB, 192}); + testInvalidIvDec({CKMC_ALGO_AES_CFB, 256}); } RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv) { - testIntegrity(AES_CTR_128); - testIntegrity(AES_CTR_192); - testIntegrity(AES_CTR_256); - testIntegrity(AES_CBC_128); - testIntegrity(AES_CBC_192); - testIntegrity(AES_CBC_256); - testIntegrity(AES_CFB_128); - testIntegrity(AES_CFB_192); - testIntegrity(AES_CFB_256); + testIntegrity({CKMC_ALGO_AES_CTR, 128}); + testIntegrity({CKMC_ALGO_AES_CTR, 192}); + testIntegrity({CKMC_ALGO_AES_CTR, 256}); + testIntegrity({CKMC_ALGO_AES_CBC, 128}); + testIntegrity({CKMC_ALGO_AES_CBC, 192}); + testIntegrity({CKMC_ALGO_AES_CBC, 256}); + testIntegrity({CKMC_ALGO_AES_CFB, 128}); + testIntegrity({CKMC_ALGO_AES_CFB, 192}); + testIntegrity({CKMC_ALGO_AES_CFB, 256}); } RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv) { - testCtrEncryptionInvalidLength(AES_CTR_128); - testCtrEncryptionInvalidLength(AES_CTR_192); - testCtrEncryptionInvalidLength(AES_CTR_256); + testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 128}); + testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 192}); + testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 256}); } RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv) { RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length"); - testCtrEncryptionValidLength(AES_CTR_128); - testCtrEncryptionValidLength(AES_CTR_192); - testCtrEncryptionValidLength(AES_CTR_256); + testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 128}); + testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 192}); + testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 256}); } RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv) { - testCtrDecryptionInvalidLength(AES_CTR_128); - testCtrDecryptionInvalidLength(AES_CTR_192); - testCtrDecryptionInvalidLength(AES_CTR_256); + testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 128}); + testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 192}); + testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 256}); } RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv) { RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length"); - testCtrDecryptionValidLength(AES_CTR_128); - testCtrDecryptionValidLength(AES_CTR_192); - testCtrDecryptionValidLength(AES_CTR_256); + testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 128}); + testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 192}); + testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 256}); } RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testGcmEncryptionTagLen(AES_GCM_128); - testGcmEncryptionTagLen(AES_GCM_192); - testGcmEncryptionTagLen(AES_GCM_256); + testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 128}); + testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 192}); + testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 256}); } RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testGcmDecryptionTagLen(AES_GCM_128); - testGcmDecryptionTagLen(AES_GCM_192); - testGcmDecryptionTagLen(AES_GCM_256); + testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 128}); + testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 192}); + testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 256}); } RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - testGcmWrongTag(AES_GCM_128); - testGcmWrongTag(AES_GCM_192); - testGcmWrongTag(AES_GCM_256); + testGcmWrongTag({CKMC_ALGO_AES_GCM, 128}); + testGcmWrongTag({CKMC_ALGO_AES_GCM, 192}); + testGcmWrongTag({CKMC_ALGO_AES_GCM, 256}); } RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv) { - testGcmDifferentIvSizes(AES_GCM_128); - testGcmDifferentIvSizes(AES_GCM_192); - testGcmDifferentIvSizes(AES_GCM_256); + testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 128}); + testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 192}); + testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 256}); } RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv) { testBackend b(PolicyBackend::FORCE_SOFTWARE); - encryptionWithCustomData(AES_GCM_128, CKMC_PARAM_ED_AAD); - encryptionWithCustomData(AES_GCM_192, CKMC_PARAM_ED_AAD); - encryptionWithCustomData(AES_GCM_256, CKMC_PARAM_ED_AAD); + encryptionWithCustomData({CKMC_ALGO_AES_GCM, 128}, CKMC_PARAM_ED_AAD); + encryptionWithCustomData({CKMC_ALGO_AES_GCM, 192}, CKMC_PARAM_ED_AAD); + encryptionWithCustomData({CKMC_ALGO_AES_GCM, 256}, CKMC_PARAM_ED_AAD); } RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv) { RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl"); - encryptionWithCustomData(RSA_OAEP_1024, CKMC_PARAM_ED_LABEL); - encryptionWithCustomData(RSA_OAEP_2048, CKMC_PARAM_ED_LABEL); - encryptionWithCustomData(RSA_OAEP_4096, CKMC_PARAM_ED_LABEL); + encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 1024}, CKMC_PARAM_ED_LABEL); + encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 2048}, CKMC_PARAM_ED_LABEL); + encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 4096}, CKMC_PARAM_ED_LABEL); } RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv) { - testRsaLongestData(RSA_OAEP_1024, 86); - testRsaLongestData(RSA_OAEP_2048, 214); - testRsaLongestData(RSA_OAEP_4096, 470); + testRsaLongestData({CKMC_ALGO_RSA_OAEP, 1024}, 86); + testRsaLongestData({CKMC_ALGO_RSA_OAEP, 2048}, 214); + testRsaLongestData({CKMC_ALGO_RSA_OAEP, 4096}, 470); } RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv) { - testRsaDataTooLong(RSA_OAEP_1024, 87); - testRsaDataTooLong(RSA_OAEP_2048, 215); - testRsaDataTooLong(RSA_OAEP_4096, 471); + testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 1024}, 87); + testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 2048}, 215); + testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 4096}, 471); } ///////////////////////////////////////// // Asynchronous only tests ///////////////////////////////////////// -RUNNER_TEST(TED_2000_enc_no_observer_async, EncEnv) +RUNNER_TEST(TED_2000_enc_no_observer_async, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ + testAllAlgorithms([](const Algo& algo){ // prepare buffers RawBuffer plain = createRandomBuffer(BUF_LEN); // keys - KeyAliasPair aliases = algo->keyGen(nullptr); + KeyAliasPair aliases = getKey(algo, PRIMARY); // params ckmc_param_list_h handle = NULL; - assert_positive(ckmc_generate_new_params, algo->m_type, &handle); + assert_positive(ckmc_generate_new_params, algo.type, &handle); ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free); - setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN)); + setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV); // encrypt test_no_observer(&ManagerAsync::encrypt, @@ -1519,12 +1454,9 @@ RUNNER_TEST(TED_2000_enc_no_observer_async, EncEnv) RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv) { - testAllAlgorithms([](const AlgoBasePtr& algo){ - // prepare buffers - RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN)); - + testAllAlgorithms([](const Algo& algo){ // encrypt - auto ret = encrypt(algo, plain); + auto ret = encrypt(algo, PLAIN_DATA); RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size); // decrypt -- 2.7.4