2 * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file encryption-decryption.cpp
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
25 #include <unordered_map>
28 #include <dpl/test/test_runner.h>
29 #include <ckm-common.h>
30 #include <ckmc/ckmc-manager.h>
31 #include <ckmc/ckmc-control.h>
32 #include <ckm/ckm-type.h>
33 #include <ckm/ckm-manager.h>
34 #include <encryption-decryption-env.h>
40 const char* PASSWORD = "test-password";
41 const uid_t UID = 5001;
42 const size_t CTR_DEFAULT_LEN = 16*8;
43 const size_t DEFAULT_IV_LEN = 16;
44 const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024
49 CipherApi g_cipherApi;
51 EncryptionApi* g_api = &g_syncApi;
53 EncryptionError apiEncrypt(ckmc_param_list_h params,
54 const char *key_alias,
56 const ckmc_raw_buffer_s decrypted,
57 ckmc_raw_buffer_s **ppencrypted) {
58 RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
59 return g_api->encrypt(params, key_alias, password, decrypted, ppencrypted);
62 inline CKM::Password _tostring(const char *str)
64 return (str == nullptr) ? Password() : Password(str);
67 inline CKM::Policy _toCkmPolicy(const ckmc_policy_s &policy, PolicyBackend backend)
69 return CKM::Policy(_tostring(policy.password), policy.extractable, backend);
72 EncryptionError apiDecrypt(ckmc_param_list_h params,
73 const char *key_alias,
75 const ckmc_raw_buffer_s encrypted,
76 ckmc_raw_buffer_s **ppdecrypted) {
77 RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
78 return g_api->decrypt(params, key_alias, password, encrypted, ppdecrypted);
82 template <typename F, typename... Args>
83 void assert_crypto_result(EncryptionError expected, F&& func, Args... args)
85 EncryptionError ret = func(args...);
86 RUNNER_ASSERT_MSG(ret == expected,
87 "Expected: " << static_cast<int>(expected) <<
88 " got: " << static_cast<int>(ret));
91 template <typename F, typename... Args>
92 void assert_crypto_positive(F&& func, Args... args)
94 assert_crypto_result(EncryptionError::SUCCESS, std::move(func), args...);
97 template <typename F, typename... Args>
98 void assert_crypto_invalid_param(F&& func, Args... args)
100 assert_crypto_result(EncryptionError::INVALID_PARAM, std::move(func), args...);
105 EncryptionError expected;
115 void init(const std::string&) {
123 static std::string suffix() { return "_sync"; }
127 void init(const std::string&) {
135 static std::string suffix() { return "_async"; }
139 void init(const std::string&) {
140 g_api = &g_cipherApi;
147 static std::string suffix() { return "_cipher"; }
151 ckmc_algo_type_e type;
155 std::unordered_map<size_t, std::vector<Alias>> g_symKeys;
156 std::unordered_map<size_t, std::vector<KeyAliasPair>> g_asymKeys;
160 PASSWORD_PROTECTED = 1,
165 RawBufferPtr PLAIN_DATA;
166 RawBufferPtr BIG_DATA;
167 ckmc_raw_buffer_s* DEFAULT_IV;
168 ckmc_raw_buffer_s* IV1;
169 ckmc_raw_buffer_s* IV11;
170 ckmc_raw_buffer_s* IV12;
171 ckmc_raw_buffer_s* IV15;
172 ckmc_raw_buffer_s* IV17;
173 ckmc_raw_buffer_s* IV128;
174 ckmc_raw_buffer_s* AAD32;
175 ckmc_raw_buffer_s* AAD64;
177 KeyAliasPair getKey(const Algo& algo, KeyIdx idx)
179 if (algo.type == CKMC_ALGO_RSA_OAEP)
180 return g_asymKeys[algo.keyLen][idx];
183 pair.prv = g_symKeys[algo.keyLen][idx];
188 class EncGroupFixture: public DPL::Test::TestGroup
193 remove_user_data(UID);
194 int ret = ckmc_unlock_user_key(UID, "db-pass");
195 if (ret != CKMC_ERROR_NONE)
196 RUNNER_ERROR_MSG("DB unlock failed: " << CKMCErrorToString(ret));
198 // Policy backend to use in subsequent operations (global for each test case)
200 m_backend = PolicyBackend::FORCE_HARDWARE;
202 m_backend = PolicyBackend::FORCE_SOFTWARE;
206 m_manager = Manager::create();
207 generateSymmetricKeys(128);
208 generateSymmetricKeys(192);
209 generateSymmetricKeys(256);
210 generateRsaKeys(1024);
211 generateRsaKeys(2048);
212 generateRsaKeys(4096);
214 PLAIN_DATA = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
216 BIG_DATA = create_raw_buffer(createRandomBufferCAPI(1000));
218 BIG_DATA = create_raw_buffer(createRandomBufferCAPI(500000));
220 DEFAULT_IV = createRandomBufferCAPI(DEFAULT_IV_LEN);
221 IV1 = createRandomBufferCAPI(1);
222 IV11 = createRandomBufferCAPI(11);
223 IV12 = createRandomBufferCAPI(12);
224 IV15 = createRandomBufferCAPI(15);
225 IV17 = createRandomBufferCAPI(17);
226 IV128 = createRandomBufferCAPI(128);
227 AAD32 = createRandomBufferCAPI(32);
228 AAD64 = createRandomBufferCAPI(64);
231 void generateSymmetricKeys(size_t bitLen)
233 for (int i = 0; i < KEY_IDX_MAX; i++)
235 Policy p(Password(), false, m_backend);
236 if (i == PASSWORD_PROTECTED)
237 p.password.assign(PASSWORD);
239 std::string alias = std::string("skey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
240 int ret = m_manager->createKeyAES(bitLen, alias, p);
241 if (ret != CKM_API_SUCCESS)
242 RUNNER_ERROR_MSG("AES key creation failed");
244 g_symKeys[bitLen].push_back(alias);
248 void generateRsaKeys(size_t bitLen)
250 for (int i = 0; i < KEY_IDX_MAX; i++)
252 Policy prvPolicy(Password(), false, m_backend);
253 Policy pubPolicy(Password(), true, m_backend);
254 if (i == PASSWORD_PROTECTED) {
255 prvPolicy.password.assign(PASSWORD);
256 pubPolicy.password.assign(PASSWORD);
260 alias.prv = std::string("akey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
261 alias.pub = std::string("pub") + alias.prv;
262 int ret = m_manager->createKeyPairRSA(bitLen, alias.prv, alias.pub, prvPolicy, pubPolicy);
263 if (ret != CKM_API_SUCCESS)
264 RUNNER_ERROR_MSG("RSA key creation failed");
266 g_asymKeys[bitLen].push_back(alias);
270 void Finish() override
272 for (const auto &entry : g_asymKeys) {
273 for (const auto &keyPair : entry.second) {
274 m_manager->removeAlias(keyPair.prv);
275 m_manager->removeAlias(keyPair.pub);
279 for (const auto &entry : g_symKeys) {
280 for (const auto &key : entry.second) {
281 m_manager->removeAlias(key);
287 ckmc_buffer_free(AAD64);
288 ckmc_buffer_free(AAD32);
289 ckmc_buffer_free(IV128);
290 ckmc_buffer_free(IV17);
291 ckmc_buffer_free(IV15);
292 ckmc_buffer_free(IV12);
293 ckmc_buffer_free(IV11);
294 ckmc_buffer_free(IV1);
295 ckmc_buffer_free(DEFAULT_IV);
297 int ret = ckmc_lock_user_key(UID);
298 if (ret != CKMC_ERROR_NONE)
299 RUNNER_ERROR_MSG("DB lock failed: " << CKMCErrorToString(ret));
300 remove_user_data(UID);
303 ManagerShPtr m_manager;
304 PolicyBackend m_backend;
307 struct EncryptionResult
309 RawBufferPtr encrypted;
315 EncryptionResult encrypt(const Algo& algo,
316 const RawBufferPtr& plain,
317 const char* pass = nullptr)
319 EncryptionResult ret;
320 ckmc_raw_buffer_s* encrypted = nullptr;
321 KeyAliasPair aliases = getKey(algo, pass == nullptr ? PRIMARY : PASSWORD_PROTECTED);
323 ckmc_param_list_h handle = NULL;
324 assert_positive(ckmc_generate_new_params, algo.type, &handle);
325 ret.params = ParamListPtr(handle, ckmc_param_list_free);
326 setParam(ret.params, CKMC_PARAM_ED_IV, DEFAULT_IV);
328 assert_crypto_positive(apiEncrypt,
335 ret.encrypted = create_raw_buffer(encrypted);
336 ret.prvKey = aliases.prv;
337 ret.pubKey = aliases.pub;
341 void testAllAlgorithms(const std::function<void(const Algo& algo)>& test)
343 test( { CKMC_ALGO_AES_CBC, 128 });
344 test( { CKMC_ALGO_AES_CBC, 192 });
345 test( { CKMC_ALGO_AES_CBC, 256 });
346 test( { CKMC_ALGO_AES_GCM, 128 });
347 test( { CKMC_ALGO_AES_GCM, 192 });
348 test( { CKMC_ALGO_AES_GCM, 256 });
349 test( { CKMC_ALGO_AES_CTR, 128 });
350 test( { CKMC_ALGO_AES_CTR, 192 });
351 test( { CKMC_ALGO_AES_CTR, 256 });
352 test( { CKMC_ALGO_AES_CFB, 128 });
353 test( { CKMC_ALGO_AES_CFB, 192 });
354 test( { CKMC_ALGO_AES_CFB, 256 });
356 if (!g_api->symmetricOnly()) {
357 test( { CKMC_ALGO_RSA_OAEP, 1024 });
358 test( { CKMC_ALGO_RSA_OAEP, 2048 });
359 test( { CKMC_ALGO_RSA_OAEP, 4096 });
363 void testNoIvEnc(const Algo& algo)
366 ckmc_raw_buffer_s* encrypted = nullptr;
369 KeyAliasPair aliases = getKey(algo, PRIMARY);
371 // param list with algo type only
372 ParamListPtr params = createParamListPtr();
373 setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type);
374 assert_crypto_invalid_param(apiEncrypt,
382 void testNoIvDec(const Algo& algo)
385 ckmc_raw_buffer_s* decrypted = nullptr;
388 auto ret = encrypt(algo, PLAIN_DATA);
390 // param list with algo type only
391 ParamListPtr params = createParamListPtr();
392 setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type);
393 assert_crypto_invalid_param(apiDecrypt,
397 *ret.encrypted.get(),
401 void testInvalidIvEnc(const Algo& algo)
404 ckmc_raw_buffer_s* encryptedTmp = nullptr;
407 KeyAliasPair aliases = getKey(algo, PRIMARY);
410 ckmc_param_list_h handle = NULL;
411 assert_positive(ckmc_generate_new_params, algo.type, &handle);
412 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
414 // invalid encryption
416 assert_crypto_invalid_param(apiEncrypt,
422 ckmc_buffer_free(encryptedTmp);
423 encryptedTmp = nullptr;
426 setParam(params, CKMC_PARAM_ED_IV, IV15);
428 setParam(params, CKMC_PARAM_ED_IV, IV17);
432 void testInvalidIvDec(const Algo& algo)
435 ckmc_raw_buffer_s* decrypted = nullptr;
438 auto ret = encrypt(algo, PLAIN_DATA);
442 assert_crypto_invalid_param(apiDecrypt,
446 *ret.encrypted.get(),
448 ckmc_buffer_free(decrypted);
453 setParam(ret.params, CKMC_PARAM_ED_IV, IV15);
455 setParam(ret.params, CKMC_PARAM_ED_IV, IV17);
459 void encryptionWithCustomData(const Algo& algo, ckmc_param_name_e name)
462 ckmc_raw_buffer_s* encrypted = nullptr;
463 ckmc_raw_buffer_s* decrypted = nullptr;
466 KeyAliasPair aliases = getKey(algo, PRIMARY);
469 ckmc_param_list_h handle = NULL;
470 assert_positive(ckmc_generate_new_params, algo.type, &handle);
471 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
473 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
476 setParam(params, name, AAD64);
479 assert_crypto_positive(apiEncrypt,
485 RawBufferPtr tmpEnc = create_raw_buffer(encrypted);
488 assert_crypto_positive(apiDecrypt,
494 RawBufferPtr tmpDec = create_raw_buffer(decrypted);
497 assert_buffers_equal(PLAIN_DATA.get(), tmpDec.get());
502 setParam(params, name, AAD32);
505 assert_crypto_result(EncryptionError::INVALID_PARAM,
514 void testGcmIvSize(ckmc_raw_buffer_s* iv,
515 const KeyAliasPair& aliases,
516 EncryptionError error = EncryptionError::SUCCESS)
519 RawBufferPtr encrypted;
520 RawBufferPtr decrypted;
521 ckmc_raw_buffer_s* encryptedTmp = nullptr;
522 ckmc_raw_buffer_s* decryptedTmp = nullptr;
525 ckmc_param_list_h handle = NULL;
526 assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle);
527 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
528 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
529 setParam(params, CKMC_PARAM_ED_IV, iv);
532 assert_crypto_result(error,
540 if(error != EncryptionError::SUCCESS)
542 encrypted = create_raw_buffer(encryptedTmp);
545 assert_crypto_positive(apiDecrypt,
551 decrypted = create_raw_buffer(decryptedTmp);
553 assert_buffers_equal(PLAIN_DATA.get(), decrypted.get());
556 void testIntegrity(const Algo& algo)
559 ckmc_raw_buffer_s* decrypted = nullptr;
562 auto ret = encrypt(algo, PLAIN_DATA);
564 // break the encrypted data
565 ret.encrypted->data[BUF_LEN/2]++;
567 // no data integrity check
568 assert_crypto_positive(apiDecrypt,
572 *ret.encrypted.get(),
575 RawBufferPtr tmp = create_raw_buffer(decrypted);
576 assert_buffers_equal(PLAIN_DATA.get(), decrypted, false);
579 void testCtrEncryptionInvalidLength(const Algo& algo)
582 ckmc_raw_buffer_s* encryptedTmp = nullptr;
585 KeyAliasPair aliases = getKey(algo, PRIMARY);
588 ckmc_param_list_h handle = NULL;
589 assert_positive(ckmc_generate_new_params, algo.type, &handle);
590 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
591 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
595 assert_crypto_invalid_param(apiEncrypt,
601 ckmc_buffer_free(encryptedTmp);
602 encryptedTmp = nullptr;
604 // invalid counter size
605 setParam(params, CKMC_PARAM_ED_CTR_LEN, 0ULL);
607 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
611 void testCtrEncryptionValidLength(const Algo& algo)
614 ckmc_raw_buffer_s* encryptedTmp = nullptr;
617 KeyAliasPair aliases = getKey(algo, PRIMARY);
620 ckmc_param_list_h handle = NULL;
621 assert_positive(ckmc_generate_new_params, algo.type, &handle);
622 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
623 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
627 assert_crypto_positive(apiEncrypt,
633 ckmc_buffer_free(encryptedTmp);
634 encryptedTmp = nullptr;
636 // valid counter sizez
637 setParam(params, CKMC_PARAM_ED_CTR_LEN, 1);
639 setParam(params, CKMC_PARAM_ED_CTR_LEN, 4);
641 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
643 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
647 void testCtrDecryptionInvalidLength(const Algo& algo)
650 ckmc_raw_buffer_s* decrypted = nullptr;
652 // add AES CTR key & encrypt
653 auto ret = encrypt(algo, PLAIN_DATA);
657 assert_crypto_invalid_param(apiDecrypt,
661 *ret.encrypted.get(),
663 ckmc_buffer_free(decrypted);
666 // invalid counter size
667 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0ULL);
669 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
673 void testCtrDecryptionValidLength(const Algo& algo)
676 ckmc_raw_buffer_s* decrypted = nullptr;
678 // add AES CTR key & encrypt
679 auto ret = encrypt(algo, PLAIN_DATA);
683 assert_crypto_positive(apiDecrypt,
687 *ret.encrypted.get(),
689 ckmc_buffer_free(decrypted);
690 RawBufferPtr tmp = create_raw_buffer(decrypted);
691 assert_buffers_equal(PLAIN_DATA.get(), decrypted);
693 // invalid counter size
694 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1);
696 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 4);
698 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
700 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
704 void testGcmEncryptionTagLen(const Algo& algo)
707 ckmc_raw_buffer_s* encryptedTmp = nullptr;
710 KeyAliasPair aliases = getKey(algo, PRIMARY);
713 ckmc_param_list_h handle = NULL;
714 assert_positive(ckmc_generate_new_params, algo.type, &handle);
715 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
716 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
718 std::vector<TagTest> testData = {
719 // illegal tag lengths
720 { -1, EncryptionError::INVALID_PARAM },
721 { 0, EncryptionError::INVALID_PARAM },
722 { 16, EncryptionError::INVALID_PARAM },
723 { 48, EncryptionError::INVALID_PARAM },
724 { 72, EncryptionError::INVALID_PARAM },
725 { 100, EncryptionError::INVALID_PARAM },
726 { 108, EncryptionError::INVALID_PARAM },
727 { 116, EncryptionError::INVALID_PARAM },
728 { 124, EncryptionError::INVALID_PARAM },
729 { 256, EncryptionError::INVALID_PARAM },
731 { 32, EncryptionError::INVALID_PARAM },
732 { 64, EncryptionError::INVALID_PARAM },
736 { 32, EncryptionError::SUCCESS },
737 { 64, EncryptionError::SUCCESS },
740 { 96, EncryptionError::SUCCESS },
741 { 104, EncryptionError::SUCCESS },
742 { 112, EncryptionError::SUCCESS },
743 { 120, EncryptionError::SUCCESS },
744 { 128, EncryptionError::SUCCESS },
748 for(const auto& it : testData)
750 setParam(params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
751 assert_crypto_result(it.expected,
758 ckmc_buffer_free(encryptedTmp);
759 encryptedTmp = nullptr;
763 void testGcmDecryptionTagLen(const Algo& algo)
766 ckmc_raw_buffer_s* decrypted = nullptr;
768 // add AES GCM key & encrypt
769 auto ret = encrypt(algo, PLAIN_DATA);
771 std::vector<TagTest> testData = {
772 // illegal tag lengths
773 { -1, EncryptionError::INVALID_PARAM },
774 { 0, EncryptionError::INVALID_PARAM },
775 { 16, EncryptionError::INVALID_PARAM },
776 { 48, EncryptionError::INVALID_PARAM },
777 { 72, EncryptionError::INVALID_PARAM },
778 { 100, EncryptionError::INVALID_PARAM },
779 { 108, EncryptionError::INVALID_PARAM },
780 { 116, EncryptionError::INVALID_PARAM },
781 { 124, EncryptionError::INVALID_PARAM },
782 { 256, EncryptionError::INVALID_PARAM },
783 // legal tag lengths but different than the one used for encryption
784 { 32, EncryptionError::INVALID_PARAM },
785 { 64, EncryptionError::INVALID_PARAM },
786 { 96, EncryptionError::INVALID_PARAM },
787 { 104, EncryptionError::INVALID_PARAM },
788 { 112, EncryptionError::INVALID_PARAM },
789 { 120, EncryptionError::INVALID_PARAM },
790 // legal tag length that was actually used for encryption (default)
791 { 128, EncryptionError::SUCCESS },
795 for(const auto& it : testData)
797 setParam(ret.params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
798 assert_crypto_result(it.expected,
803 *ret.encrypted.get(),
805 ckmc_buffer_free(decrypted);
810 void testGcmWrongTag(const Algo& algo)
813 ckmc_raw_buffer_s* decrypted = nullptr;
815 // encrypt with AES GCM
816 auto ret = encrypt(algo, PLAIN_DATA);
818 // modify tag (last 16B of encrypted message)
819 ret.encrypted->data[ret.encrypted->size-1]++;
821 // EVP_CipherFinal fails because of an authentication error
822 assert_crypto_result(EncryptionError::INVALID_PARAM,
827 *ret.encrypted.get(),
831 void testGcmDifferentIvSizes(const Algo& algo)
834 KeyAliasPair aliases = getKey(algo, PRIMARY);
836 testGcmIvSize(IV1, aliases);
837 testGcmIvSize(IV11, aliases);
838 testGcmIvSize(IV12, aliases);
839 testGcmIvSize(IV17, aliases);
840 testGcmIvSize(IV128, aliases);
843 void testEncryptDecryptBigData(const Algo& algo)
846 ckmc_raw_buffer_s* decrypted = nullptr;
849 auto ret = encrypt(algo, BIG_DATA);
851 assert_positive(apiDecrypt,
855 *ret.encrypted.get(),
857 RawBufferPtr tmp = create_raw_buffer(decrypted);
859 assert_buffers_equal(BIG_DATA.get(), decrypted);
862 void testEncryptDecryptDifferentKeys(const Algo& algo, bool success)
865 ckmc_raw_buffer_s* decrypted = nullptr;
868 auto ret = encrypt(algo, PLAIN_DATA);
870 // get different keys
871 KeyAliasPair differentKeys = getKey(algo, PASSWORD_PROTECTED);
874 // some algorithms don't verify key validity
875 assert_crypto_positive(apiDecrypt,
877 differentKeys.prv.c_str(),
879 *ret.encrypted.get(),
881 RawBufferPtr tmp = create_raw_buffer(decrypted);
883 assert_buffers_equal(PLAIN_DATA.get(), decrypted, false);
885 assert_crypto_result(EncryptionError::INVALID_PARAM,
888 differentKeys.prv.c_str(),
890 *ret.encrypted.get(),
895 void testRsaLongestData(const Algo& algo, size_t dataSize)
898 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
899 ckmc_raw_buffer_s* decrypted = nullptr;
902 auto ret = encrypt(algo, plain);
904 assert_crypto_positive(apiDecrypt,
908 *ret.encrypted.get(),
910 RawBufferPtr tmp = create_raw_buffer(decrypted);
912 assert_buffers_equal(plain.get(), decrypted);
915 void testRsaDataTooLong(const Algo& algo, size_t dataSize)
918 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
921 EncryptionResult ret;
922 ckmc_raw_buffer_s* encrypted = nullptr;
923 KeyAliasPair aliases = getKey(algo, PRIMARY);
925 ckmc_param_list_h handle = NULL;
926 assert_positive(ckmc_generate_new_params, algo.type, &handle);
927 ret.params = ParamListPtr(handle, ckmc_param_list_free);
928 assert_crypto_result(EncryptionError::INVALID_PARAM,
937 std::pair<Alias, ParamListPtr> defaultGcmCipherSetup()
939 Algo algo = {CKMC_ALGO_AES_GCM, 256};
940 KeyAliasPair aliases = getKey(algo, PRIMARY);
942 ckmc_param_list_h handle = NULL;
943 assert_positive(ckmc_generate_new_params, algo.type, &handle);
944 auto params = ParamListPtr(handle, ckmc_param_list_free);
945 setParam(params, CKMC_PARAM_ED_IV, IV12);
947 return std::make_pair(aliases.prv, params);
950 } // namespace anonymous
952 RUNNER_TEST_GROUP_INIT_ENV(CKM_ENCRYPTION_DECRYPTION, EncGroupFixture);
954 /////////////////////////////////////////
955 // Generic encryption decryption tests
956 /////////////////////////////////////////
958 RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv, CipherEnv)
960 testAllAlgorithms([](const Algo& algo){
962 ckmc_raw_buffer_s* encrypted = nullptr;
965 KeyAliasPair aliases = getKey(algo, PRIMARY);
968 assert_crypto_invalid_param(apiEncrypt,
976 ParamListPtr params = createParamListPtr();
977 assert_crypto_invalid_param(apiEncrypt,
986 RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv, CipherEnv)
988 testAllAlgorithms([](const Algo& algo){
990 ckmc_raw_buffer_s* encrypted = nullptr;
993 ckmc_param_list_h handle = NULL;
994 assert_positive(ckmc_generate_new_params, algo.type, &handle);
995 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
996 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
998 assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
1001 "non-existing-key-alias",
1008 RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv)
1010 testAllAlgorithms([](const Algo& algo){
1012 ckmc_raw_buffer_s plain = { nullptr, 0 };
1013 ckmc_raw_buffer_s* encrypted = nullptr;
1016 KeyAliasPair aliases = getKey(algo, PRIMARY);
1019 ckmc_param_list_h handle = NULL;
1020 assert_positive(ckmc_generate_new_params, algo.type, &handle);
1021 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1022 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1024 assert_crypto_invalid_param(apiEncrypt,
1026 aliases.pub.c_str(),
1033 RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv)
1035 testAllAlgorithms([](const Algo& algo){
1037 ckmc_raw_buffer_s** encrypted = nullptr;
1040 KeyAliasPair aliases = getKey(algo, PRIMARY);
1043 ckmc_param_list_h handle = NULL;
1044 assert_positive(ckmc_generate_new_params, algo.type, &handle);
1045 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1046 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1048 assert_crypto_invalid_param(apiEncrypt,
1050 aliases.pub.c_str(),
1057 RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv, CipherEnv)
1059 testAllAlgorithms([](const Algo& algo){
1061 ckmc_raw_buffer_s* decrypted = nullptr;
1064 auto ret = encrypt(algo, PLAIN_DATA);
1067 assert_crypto_invalid_param(apiDecrypt,
1071 *ret.encrypted.get(),
1075 ParamListPtr params = createParamListPtr();
1076 assert_crypto_invalid_param(apiDecrypt,
1080 *ret.encrypted.get(),
1085 RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv, CipherEnv)
1087 testAllAlgorithms([](const Algo& algo){
1089 ckmc_raw_buffer_s* decrypted = nullptr;
1092 auto ret = encrypt(algo, PLAIN_DATA);
1095 assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
1100 *ret.encrypted.get(),
1105 RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv)
1107 testAllAlgorithms([](const Algo& algo){
1109 ckmc_raw_buffer_s encrypted = { nullptr, 0 };
1110 ckmc_raw_buffer_s* decrypted = nullptr;
1113 KeyAliasPair aliases = getKey(algo, PRIMARY);
1116 ckmc_param_list_h handle = NULL;
1117 assert_positive(ckmc_generate_new_params, algo.type, &handle);
1118 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1119 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1121 assert_crypto_invalid_param(apiDecrypt,
1123 aliases.prv.c_str(),
1130 RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv)
1132 testAllAlgorithms([](const Algo& algo){
1134 ckmc_raw_buffer_s** decrypted = nullptr;
1137 auto ret = encrypt(algo, PLAIN_DATA);
1139 assert_crypto_invalid_param(apiDecrypt,
1143 *ret.encrypted.get(),
1148 RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv, CipherEnv)
1150 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 128}, false);
1151 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 192}, false);
1152 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 256}, false);
1153 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 128}, true);
1154 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 192}, true);
1155 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 256}, true);
1156 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 128}, true);
1157 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 192}, true);
1158 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 256}, true);
1160 if (!g_api->symmetricOnly()) {
1161 testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 1024}, false);
1162 testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 2048}, false);
1163 testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 4096}, false);
1167 RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv, CipherEnv)
1169 testAllAlgorithms([](const Algo& algo){
1171 ckmc_raw_buffer_s* decrypted = nullptr;
1174 auto ret = encrypt(algo, PLAIN_DATA);
1176 assert_crypto_positive(apiDecrypt,
1180 *ret.encrypted.get(),
1182 RawBufferPtr tmp = create_raw_buffer(decrypted);
1184 assert_buffers_equal(PLAIN_DATA.get(), decrypted);
1188 RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv, CipherEnv)
1190 testAllAlgorithms([](const Algo& algo){
1192 ckmc_raw_buffer_s* decrypted = nullptr;
1195 auto ret = encrypt(algo, PLAIN_DATA, PASSWORD);
1198 assert_crypto_result(EncryptionError::AUTH_FAILED,
1203 *ret.encrypted.get(),
1207 assert_crypto_positive(apiDecrypt,
1211 *ret.encrypted.get(),
1213 RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion
1215 assert_buffers_equal(PLAIN_DATA.get(), decrypted);
1219 // long test split into smaller ones
1220 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_128, SyncEnv, AsyncEnv, CipherEnv)
1222 testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 128});
1225 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_192, SyncEnv, AsyncEnv, CipherEnv)
1227 testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 192});
1230 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_256, SyncEnv, AsyncEnv, CipherEnv)
1232 testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 256});
1235 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_128, SyncEnv, AsyncEnv, CipherEnv)
1237 testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 128});
1240 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_192, SyncEnv, AsyncEnv, CipherEnv)
1242 testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 192});
1245 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_256, SyncEnv, AsyncEnv, CipherEnv)
1247 testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 256});
1250 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_128, SyncEnv, AsyncEnv, CipherEnv)
1252 testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 128});
1255 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_192, SyncEnv, AsyncEnv, CipherEnv)
1257 testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 192});
1260 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_256, SyncEnv, AsyncEnv, CipherEnv)
1262 testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 256});
1265 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_128, SyncEnv, AsyncEnv, CipherEnv)
1267 testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 128});
1270 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_192, SyncEnv, AsyncEnv, CipherEnv)
1272 testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 192});
1275 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_256, SyncEnv, AsyncEnv, CipherEnv)
1277 testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 256});
1280 /////////////////////////////////////////
1281 // Algorithm specific tests
1282 /////////////////////////////////////////
1284 RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv, CipherEnv)
1286 testNoIvEnc({CKMC_ALGO_AES_CTR, 128});
1287 testNoIvEnc({CKMC_ALGO_AES_CTR, 192});
1288 testNoIvEnc({CKMC_ALGO_AES_CTR, 256});
1289 testNoIvEnc({CKMC_ALGO_AES_CBC, 128});
1290 testNoIvEnc({CKMC_ALGO_AES_CBC, 192});
1291 testNoIvEnc({CKMC_ALGO_AES_CBC, 256});
1292 testNoIvEnc({CKMC_ALGO_AES_CFB, 128});
1293 testNoIvEnc({CKMC_ALGO_AES_CFB, 192});
1294 testNoIvEnc({CKMC_ALGO_AES_CFB, 256});
1295 testNoIvEnc({CKMC_ALGO_AES_GCM, 128});
1296 testNoIvEnc({CKMC_ALGO_AES_GCM, 192});
1297 testNoIvEnc({CKMC_ALGO_AES_GCM, 256});
1300 RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv, CipherEnv)
1302 testInvalidIvEnc({CKMC_ALGO_AES_CTR, 128});
1303 testInvalidIvEnc({CKMC_ALGO_AES_CTR, 192});
1304 testInvalidIvEnc({CKMC_ALGO_AES_CTR, 256});
1305 testInvalidIvEnc({CKMC_ALGO_AES_CBC, 128});
1306 testInvalidIvEnc({CKMC_ALGO_AES_CBC, 192});
1307 testInvalidIvEnc({CKMC_ALGO_AES_CBC, 256});
1308 testInvalidIvEnc({CKMC_ALGO_AES_CFB, 128});
1309 testInvalidIvEnc({CKMC_ALGO_AES_CFB, 192});
1310 testInvalidIvEnc({CKMC_ALGO_AES_CFB, 256});
1313 RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv, CipherEnv)
1315 testNoIvDec({CKMC_ALGO_AES_CTR, 128});
1316 testNoIvDec({CKMC_ALGO_AES_CTR, 192});
1317 testNoIvDec({CKMC_ALGO_AES_CTR, 256});
1318 testNoIvDec({CKMC_ALGO_AES_CBC, 128});
1319 testNoIvDec({CKMC_ALGO_AES_CBC, 192});
1320 testNoIvDec({CKMC_ALGO_AES_CBC, 256});
1321 testNoIvDec({CKMC_ALGO_AES_CFB, 128});
1322 testNoIvDec({CKMC_ALGO_AES_CFB, 192});
1323 testNoIvDec({CKMC_ALGO_AES_CFB, 256});
1324 testNoIvDec({CKMC_ALGO_AES_GCM, 128});
1325 testNoIvDec({CKMC_ALGO_AES_GCM, 192});
1326 testNoIvDec({CKMC_ALGO_AES_GCM, 256});
1329 RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv, CipherEnv)
1331 testInvalidIvDec({CKMC_ALGO_AES_CTR, 128});
1332 testInvalidIvDec({CKMC_ALGO_AES_CTR, 192});
1333 testInvalidIvDec({CKMC_ALGO_AES_CTR, 256});
1334 testInvalidIvDec({CKMC_ALGO_AES_CBC, 128});
1335 testInvalidIvDec({CKMC_ALGO_AES_CBC, 192});
1336 testInvalidIvDec({CKMC_ALGO_AES_CBC, 256});
1337 testInvalidIvDec({CKMC_ALGO_AES_CFB, 128});
1338 testInvalidIvDec({CKMC_ALGO_AES_CFB, 192});
1339 testInvalidIvDec({CKMC_ALGO_AES_CFB, 256});
1342 RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv, CipherEnv)
1344 testIntegrity({CKMC_ALGO_AES_CTR, 128});
1345 testIntegrity({CKMC_ALGO_AES_CTR, 192});
1346 testIntegrity({CKMC_ALGO_AES_CTR, 256});
1347 testIntegrity({CKMC_ALGO_AES_CBC, 128});
1348 testIntegrity({CKMC_ALGO_AES_CBC, 192});
1349 testIntegrity({CKMC_ALGO_AES_CBC, 256});
1350 testIntegrity({CKMC_ALGO_AES_CFB, 128});
1351 testIntegrity({CKMC_ALGO_AES_CFB, 192});
1352 testIntegrity({CKMC_ALGO_AES_CFB, 256});
1355 RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv, CipherEnv)
1357 testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 128});
1358 testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 192});
1359 testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 256});
1362 RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv, CipherEnv)
1364 RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1365 testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 128});
1366 testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 192});
1367 testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 256});
1370 RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv, CipherEnv)
1372 testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 128});
1373 testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 192});
1374 testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 256});
1377 RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv, CipherEnv)
1379 RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1380 testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 128});
1381 testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 192});
1382 testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 256});
1385 RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv, CipherEnv)
1387 testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 128});
1388 testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 192});
1389 testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 256});
1392 RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv, CipherEnv)
1394 testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 128});
1395 testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 192});
1396 testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 256});
1399 RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv, CipherEnv)
1401 testGcmWrongTag({CKMC_ALGO_AES_GCM, 128});
1402 testGcmWrongTag({CKMC_ALGO_AES_GCM, 192});
1403 testGcmWrongTag({CKMC_ALGO_AES_GCM, 256});
1406 RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv, CipherEnv)
1408 testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 128});
1409 testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 192});
1410 testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 256});
1413 RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv, CipherEnv)
1415 encryptionWithCustomData({CKMC_ALGO_AES_GCM, 128}, CKMC_PARAM_ED_AAD);
1416 encryptionWithCustomData({CKMC_ALGO_AES_GCM, 192}, CKMC_PARAM_ED_AAD);
1417 encryptionWithCustomData({CKMC_ALGO_AES_GCM, 256}, CKMC_PARAM_ED_AAD);
1420 RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv)
1422 RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
1423 encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 1024}, CKMC_PARAM_ED_LABEL);
1424 encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 2048}, CKMC_PARAM_ED_LABEL);
1425 encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 4096}, CKMC_PARAM_ED_LABEL);
1428 RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv)
1430 testRsaLongestData({CKMC_ALGO_RSA_OAEP, 1024}, 86);
1431 testRsaLongestData({CKMC_ALGO_RSA_OAEP, 2048}, 214);
1432 testRsaLongestData({CKMC_ALGO_RSA_OAEP, 4096}, 470);
1435 RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv)
1437 testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 1024}, 87);
1438 testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 2048}, 215);
1439 testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 4096}, 471);
1442 /////////////////////////////////////////
1443 // Asynchronous only tests
1444 /////////////////////////////////////////
1445 RUNNER_TEST(TED_2000_enc_no_observer_async, AsyncEnv)
1447 testAllAlgorithms([](const Algo& algo){
1449 RawBuffer plain = createRandomBuffer(BUF_LEN);
1452 KeyAliasPair aliases = getKey(algo, PRIMARY);
1455 ckmc_param_list_h handle = NULL;
1456 assert_positive(ckmc_generate_new_params, algo.type, &handle);
1457 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1458 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1461 test_no_observer(&ManagerAsync::encrypt,
1462 *reinterpret_cast<CryptoAlgorithm*>(params.get()),
1469 RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv)
1471 testAllAlgorithms([](const Algo& algo){
1473 auto ret = encrypt(algo, PLAIN_DATA);
1474 RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size);
1477 test_no_observer(&ManagerAsync::decrypt,
1478 *reinterpret_cast<CryptoAlgorithm*>(ret.params.get()),
1485 /////////////////////////////////////////
1486 // Mulithreaded test for synchronous API
1487 /////////////////////////////////////////
1488 RUNNER_TEST_MULTIPLE(TED_3000_multiple_threads, SyncEnv, CipherEnv)
1490 std::vector<std::thread> threads;
1491 threads.reserve(10);
1492 for(unsigned i = 0; i < 10;++i)
1493 threads.emplace_back([]{ testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 256}); });
1494 for (auto& thread : threads)
1498 /////////////////////////////////////////
1500 /////////////////////////////////////////
1501 RUNNER_TEST(TED_4000_cipher_missing_arguments)
1503 ckmc_raw_buffer_s* encrypted = nullptr;
1505 auto [alias, params] = defaultGcmCipherSetup();
1507 ckmc_cipher_ctx_h ctx = nullptr;
1508 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1509 auto ctxPtr = create_cipher_ctx(ctx);
1512 assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1514 // missing arguments
1515 assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, nullptr);
1516 assert_invalid_param(ckmc_cipher_update, nullptr, *PLAIN_DATA.get(), &encrypted);
1517 assert_invalid_param(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), nullptr);
1518 assert_invalid_param(ckmc_cipher_finalize, nullptr, nullptr, &encrypted);
1519 assert_invalid_param(ckmc_cipher_finalize, nullptr, nullptr, nullptr);
1522 RUNNER_TEST(TED_4010_cipher_reinitialize_without_aad)
1524 auto [alias, params] = defaultGcmCipherSetup();
1526 ckmc_cipher_ctx_h ctx = nullptr;
1527 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1528 auto ctxPtr = create_cipher_ctx(ctx);
1531 assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1534 RUNNER_TEST(TED_4020_cipher_tag_during_encryption)
1536 ckmc_raw_buffer_s* encrypted = nullptr;
1538 auto [alias, params] = defaultGcmCipherSetup();
1540 ckmc_cipher_ctx_h ctx = nullptr;
1541 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1542 auto ctxPtr = create_cipher_ctx(ctx);
1544 // tag input during encryption
1545 assert_invalid_param(ckmc_cipher_finalize, ctx, PLAIN_DATA.get(), &encrypted);
1548 RUNNER_TEST(TED_4030_cipher_wrong_order)
1550 ckmc_raw_buffer_s* encrypted = nullptr;
1552 auto [alias, params] = defaultGcmCipherSetup();
1554 ckmc_cipher_ctx_h ctx = nullptr;
1555 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1556 auto ctxPtr = create_cipher_ctx(ctx);
1558 assert_positive(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), &encrypted);
1559 ckmc_buffer_free(encrypted);
1561 // initialize after update
1562 setParam(params, CKMC_PARAM_ED_AAD, AAD32);
1563 assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, nullptr);
1565 assert_positive(ckmc_cipher_finalize, ctx, nullptr, &encrypted);
1566 ckmc_buffer_free(encrypted);
1568 // initialize after finalize
1569 assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, nullptr);
1571 // update after finalize
1572 assert_invalid_param(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), &encrypted);
1575 RUNNER_TEST(TED_4040_cipher_gcm_aad_and_tag)
1577 ckmc_raw_buffer_s* encrypted = nullptr;
1579 auto [alias, params] = defaultGcmCipherSetup();
1580 setParam(params, CKMC_PARAM_ED_AAD, AAD32);
1582 ckmc_cipher_ctx_h ctx = nullptr;
1585 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1586 auto ctxPtr = create_cipher_ctx(ctx);
1588 // 2 more AAD chunks
1589 setParam(params, CKMC_PARAM_ED_AAD, AAD64);
1590 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1591 setParam(params, CKMC_PARAM_ED_AAD, AAD32);
1592 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1594 ckmc_raw_buffer_s* tag = nullptr;
1596 assert_positive(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), &encrypted);
1597 auto encryptedPtr = create_raw_buffer(encrypted);
1598 assert_positive(ckmc_cipher_finalize, ctx, nullptr, &tag);
1603 ckmc_raw_buffer_s* decrypted = nullptr;
1604 ckmc_raw_buffer_s* empty = nullptr;
1606 // decrypt with invalid AAD
1607 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1608 ctxPtr = create_cipher_ctx(ctx);
1610 assert_positive(ckmc_cipher_update, ctx, *encrypted, &decrypted);
1611 ckmc_buffer_free(decrypted);
1612 assert_invalid_param(ckmc_cipher_finalize, ctx, tag, &empty);
1617 // decrypt without TAG
1618 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1619 ctxPtr = create_cipher_ctx(ctx);
1620 setParam(params, CKMC_PARAM_ED_AAD, AAD64);
1621 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1622 setParam(params, CKMC_PARAM_ED_AAD, AAD32);
1623 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1625 assert_positive(ckmc_cipher_update, ctx, *encrypted, &decrypted);
1626 ckmc_buffer_free(decrypted);
1627 assert_invalid_param(ckmc_cipher_finalize, ctx, nullptr, &empty);
1633 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1634 ctxPtr = create_cipher_ctx(ctx);
1635 setParam(params, CKMC_PARAM_ED_AAD, AAD64);
1636 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1637 setParam(params, CKMC_PARAM_ED_AAD, AAD32);
1638 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1640 assert_positive(ckmc_cipher_update, ctx, *encrypted, &decrypted);
1641 auto decryptedPtr = create_raw_buffer(decrypted);
1642 assert_positive(ckmc_cipher_finalize, ctx, tag, &empty);
1644 RUNNER_ASSERT(empty == nullptr);
1646 assert_buffers_equal(PLAIN_DATA.get(), decrypted);