2 * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file encryption-decryption.cpp
18 * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
25 #include <unordered_map>
28 #include <dpl/test/test_runner.h>
29 #include <ckm-common.h>
30 #include <ckmc/ckmc-manager.h>
31 #include <ckmc/ckmc-control.h>
32 #include <ckm/ckm-type.h>
33 #include <ckm/ckm-manager.h>
34 #include <encryption-decryption-env.h>
40 const char* PASSWORD = "test-password";
41 const uid_t UID = 5001;
42 const size_t CTR_DEFAULT_LEN = 16*8;
43 const size_t DEFAULT_IV_LEN = 16;
44 const size_t BUF_LEN = 86; // must be less than 1024/8-41 to support RSA OAEP 1024
49 CipherApi g_cipherApi;
51 EncryptionApi* g_api = &g_syncApi;
53 EncryptionError apiEncrypt(ckmc_param_list_h params,
54 const char *key_alias,
56 const ckmc_raw_buffer_s decrypted,
57 ckmc_raw_buffer_s **ppencrypted) {
58 RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
59 return g_api->encrypt(params, key_alias, password, decrypted, ppencrypted);
62 inline CKM::Password _tostring(const char *str)
64 return (str == nullptr) ? Password() : Password(str);
67 inline CKM::Policy _toCkmPolicy(const ckmc_policy_s &policy, PolicyBackend backend)
69 return CKM::Policy(_tostring(policy.password), policy.extractable, backend);
72 EncryptionError apiDecrypt(ckmc_param_list_h params,
73 const char *key_alias,
75 const ckmc_raw_buffer_s encrypted,
76 ckmc_raw_buffer_s **ppdecrypted) {
77 RUNNER_ASSERT_MSG(g_api, "No encryption API is connected");
78 return g_api->decrypt(params, key_alias, password, encrypted, ppdecrypted);
82 template <typename F, typename... Args>
83 void assert_crypto_result(EncryptionError expected, F&& func, Args... args)
85 EncryptionError ret = func(args...);
86 RUNNER_ASSERT_MSG(ret == expected,
87 "Expected: " << static_cast<int>(expected) <<
88 " got: " << static_cast<int>(ret));
91 template <typename F, typename... Args>
92 void assert_crypto_positive(F&& func, Args... args)
94 assert_crypto_result(EncryptionError::SUCCESS, std::move(func), args...);
97 template <typename F, typename... Args>
98 void assert_crypto_invalid_param(F&& func, Args... args)
100 assert_crypto_result(EncryptionError::INVALID_PARAM, std::move(func), args...);
105 EncryptionError expected;
115 void init(const std::string&) {
123 static std::string suffix() { return "_sync"; }
127 void init(const std::string&) {
135 static std::string suffix() { return "_async"; }
139 void init(const std::string&) {
140 g_api = &g_cipherApi;
147 static std::string suffix() { return "_cipher"; }
151 ckmc_algo_type_e type;
155 std::unordered_map<size_t, std::vector<Alias>> g_symKeys;
156 std::unordered_map<size_t, std::vector<KeyAliasPair>> g_asymKeys;
160 PASSWORD_PROTECTED = 1,
165 RawBufferPtr PLAIN_DATA;
166 RawBufferPtr BIG_DATA;
167 ckmc_raw_buffer_s* DEFAULT_IV;
168 ckmc_raw_buffer_s* IV1;
169 ckmc_raw_buffer_s* IV11;
170 ckmc_raw_buffer_s* IV12;
171 ckmc_raw_buffer_s* IV15;
172 ckmc_raw_buffer_s* IV17;
173 ckmc_raw_buffer_s* IV128;
174 ckmc_raw_buffer_s* AAD32;
175 ckmc_raw_buffer_s* AAD64;
177 KeyAliasPair getKey(const Algo& algo, KeyIdx idx)
179 if (algo.type == CKMC_ALGO_RSA_OAEP)
180 return g_asymKeys[algo.keyLen][idx];
183 pair.prv = g_symKeys[algo.keyLen][idx];
188 class EncGroupFixture: public DPL::Test::TestGroup
193 remove_user_data(UID);
194 int ret = ckmc_unlock_user_key(UID, "db-pass");
195 if (ret != CKMC_ERROR_NONE)
196 RUNNER_ERROR_MSG("DB unlock failed: " << CKMCErrorToString(ret));
198 // Policy backend to use in subsequent operations (global for each test case)
200 m_backend = PolicyBackend::FORCE_HARDWARE;
202 m_backend = PolicyBackend::FORCE_SOFTWARE;
206 m_manager = Manager::create();
207 generateSymmetricKeys(128);
208 generateSymmetricKeys(192);
209 generateSymmetricKeys(256);
210 generateRsaKeys(1024);
211 generateRsaKeys(2048);
212 generateRsaKeys(4096);
214 PLAIN_DATA = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
216 ckmc_backend_info_h info;
218 assert_positive(ckmc_get_backend_info, CKMC_BACKEND_TZ, &info);
219 assert_positive(ckmc_backend_get_max_chunk_size, info, &size);
220 BIG_DATA = create_raw_buffer(createRandomBufferCAPI(size));
222 BIG_DATA = create_raw_buffer(createRandomBufferCAPI(500000));
224 DEFAULT_IV = createRandomBufferCAPI(DEFAULT_IV_LEN);
225 IV1 = createRandomBufferCAPI(1);
226 IV11 = createRandomBufferCAPI(11);
227 IV12 = createRandomBufferCAPI(12);
228 IV15 = createRandomBufferCAPI(15);
229 IV17 = createRandomBufferCAPI(17);
230 IV128 = createRandomBufferCAPI(128);
231 AAD32 = createRandomBufferCAPI(32);
232 AAD64 = createRandomBufferCAPI(64);
235 void generateSymmetricKeys(size_t bitLen)
237 for (int i = 0; i < KEY_IDX_MAX; i++)
239 Policy p(Password(), false, m_backend);
240 if (i == PASSWORD_PROTECTED)
241 p.password.assign(PASSWORD);
243 std::string alias = std::string("skey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
244 int ret = m_manager->createKeyAES(bitLen, alias, p);
245 if (ret != CKM_API_SUCCESS)
246 RUNNER_ERROR_MSG("AES key creation failed");
248 g_symKeys[bitLen].push_back(alias);
252 void generateRsaKeys(size_t bitLen)
254 for (int i = 0; i < KEY_IDX_MAX; i++)
256 Policy prvPolicy(Password(), false, m_backend);
257 Policy pubPolicy(Password(), true, m_backend);
258 if (i == PASSWORD_PROTECTED) {
259 prvPolicy.password.assign(PASSWORD);
260 pubPolicy.password.assign(PASSWORD);
264 alias.prv = std::string("akey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
265 alias.pub = std::string("pub") + alias.prv;
266 int ret = m_manager->createKeyPairRSA(bitLen, alias.prv, alias.pub, prvPolicy, pubPolicy);
267 if (ret != CKM_API_SUCCESS)
268 RUNNER_ERROR_MSG("RSA key creation failed");
270 g_asymKeys[bitLen].push_back(alias);
274 void Finish() override
276 for (const auto &entry : g_asymKeys) {
277 for (const auto &keyPair : entry.second) {
278 m_manager->removeAlias(keyPair.prv);
279 m_manager->removeAlias(keyPair.pub);
283 for (const auto &entry : g_symKeys) {
284 for (const auto &key : entry.second) {
285 m_manager->removeAlias(key);
291 ckmc_buffer_free(AAD64);
292 ckmc_buffer_free(AAD32);
293 ckmc_buffer_free(IV128);
294 ckmc_buffer_free(IV17);
295 ckmc_buffer_free(IV15);
296 ckmc_buffer_free(IV12);
297 ckmc_buffer_free(IV11);
298 ckmc_buffer_free(IV1);
299 ckmc_buffer_free(DEFAULT_IV);
301 int ret = ckmc_lock_user_key(UID);
302 if (ret != CKMC_ERROR_NONE)
303 RUNNER_ERROR_MSG("DB lock failed: " << CKMCErrorToString(ret));
304 remove_user_data(UID);
307 ManagerShPtr m_manager;
308 PolicyBackend m_backend;
311 struct EncryptionResult
313 RawBufferPtr encrypted;
319 EncryptionResult encrypt(const Algo& algo,
320 const RawBufferPtr& plain,
321 const char* pass = nullptr)
323 EncryptionResult ret;
324 ckmc_raw_buffer_s* encrypted = nullptr;
325 KeyAliasPair aliases = getKey(algo, pass == nullptr ? PRIMARY : PASSWORD_PROTECTED);
327 ckmc_param_list_h handle = NULL;
328 assert_positive(ckmc_generate_new_params, algo.type, &handle);
329 ret.params = ParamListPtr(handle, ckmc_param_list_free);
330 setParam(ret.params, CKMC_PARAM_ED_IV, DEFAULT_IV);
332 assert_crypto_positive(apiEncrypt,
339 ret.encrypted = create_raw_buffer(encrypted);
340 ret.prvKey = aliases.prv;
341 ret.pubKey = aliases.pub;
345 void testAllAlgorithms(const std::function<void(const Algo& algo)>& test)
347 test( { CKMC_ALGO_AES_CBC, 128 });
348 test( { CKMC_ALGO_AES_CBC, 192 });
349 test( { CKMC_ALGO_AES_CBC, 256 });
350 test( { CKMC_ALGO_AES_GCM, 128 });
351 test( { CKMC_ALGO_AES_GCM, 192 });
352 test( { CKMC_ALGO_AES_GCM, 256 });
353 test( { CKMC_ALGO_AES_CTR, 128 });
354 test( { CKMC_ALGO_AES_CTR, 192 });
355 test( { CKMC_ALGO_AES_CTR, 256 });
356 test( { CKMC_ALGO_AES_CFB, 128 });
357 test( { CKMC_ALGO_AES_CFB, 192 });
358 test( { CKMC_ALGO_AES_CFB, 256 });
360 if (!g_api->symmetricOnly()) {
361 test( { CKMC_ALGO_RSA_OAEP, 1024 });
362 test( { CKMC_ALGO_RSA_OAEP, 2048 });
363 test( { CKMC_ALGO_RSA_OAEP, 4096 });
367 void testNoIvEnc(const Algo& algo)
370 ckmc_raw_buffer_s* encrypted = nullptr;
373 KeyAliasPair aliases = getKey(algo, PRIMARY);
375 // param list with algo type only
376 ParamListPtr params = createParamListPtr();
377 setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type);
378 assert_crypto_invalid_param(apiEncrypt,
386 void testNoIvDec(const Algo& algo)
389 ckmc_raw_buffer_s* decrypted = nullptr;
392 auto ret = encrypt(algo, PLAIN_DATA);
394 // param list with algo type only
395 ParamListPtr params = createParamListPtr();
396 setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type);
397 assert_crypto_invalid_param(apiDecrypt,
401 *ret.encrypted.get(),
405 void testInvalidIvEnc(const Algo& algo)
408 ckmc_raw_buffer_s* encryptedTmp = nullptr;
411 KeyAliasPair aliases = getKey(algo, PRIMARY);
414 ckmc_param_list_h handle = NULL;
415 assert_positive(ckmc_generate_new_params, algo.type, &handle);
416 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
418 // invalid encryption
420 assert_crypto_invalid_param(apiEncrypt,
426 ckmc_buffer_free(encryptedTmp);
427 encryptedTmp = nullptr;
430 setParam(params, CKMC_PARAM_ED_IV, IV15);
432 setParam(params, CKMC_PARAM_ED_IV, IV17);
436 void testInvalidIvDec(const Algo& algo)
439 ckmc_raw_buffer_s* decrypted = nullptr;
442 auto ret = encrypt(algo, PLAIN_DATA);
446 assert_crypto_invalid_param(apiDecrypt,
450 *ret.encrypted.get(),
452 ckmc_buffer_free(decrypted);
457 setParam(ret.params, CKMC_PARAM_ED_IV, IV15);
459 setParam(ret.params, CKMC_PARAM_ED_IV, IV17);
463 void encryptionWithCustomData(const Algo& algo, ckmc_param_name_e name)
466 ckmc_raw_buffer_s* encrypted = nullptr;
467 ckmc_raw_buffer_s* decrypted = nullptr;
470 KeyAliasPair aliases = getKey(algo, PRIMARY);
473 ckmc_param_list_h handle = NULL;
474 assert_positive(ckmc_generate_new_params, algo.type, &handle);
475 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
477 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
480 setParam(params, name, AAD64);
483 assert_crypto_positive(apiEncrypt,
489 RawBufferPtr tmpEnc = create_raw_buffer(encrypted);
492 assert_crypto_positive(apiDecrypt,
498 RawBufferPtr tmpDec = create_raw_buffer(decrypted);
501 assert_buffers_equal(PLAIN_DATA.get(), tmpDec.get());
506 setParam(params, name, AAD32);
509 assert_crypto_result(EncryptionError::INVALID_PARAM,
518 void testGcmIvSize(ckmc_raw_buffer_s* iv,
519 const KeyAliasPair& aliases,
520 EncryptionError error = EncryptionError::SUCCESS)
523 RawBufferPtr encrypted;
524 RawBufferPtr decrypted;
525 ckmc_raw_buffer_s* encryptedTmp = nullptr;
526 ckmc_raw_buffer_s* decryptedTmp = nullptr;
529 ckmc_param_list_h handle = NULL;
530 assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle);
531 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
532 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
533 setParam(params, CKMC_PARAM_ED_IV, iv);
536 assert_crypto_result(error,
544 if(error != EncryptionError::SUCCESS)
546 encrypted = create_raw_buffer(encryptedTmp);
549 assert_crypto_positive(apiDecrypt,
555 decrypted = create_raw_buffer(decryptedTmp);
557 assert_buffers_equal(PLAIN_DATA.get(), decrypted.get());
560 void testIntegrity(const Algo& algo)
563 ckmc_raw_buffer_s* decrypted = nullptr;
566 auto ret = encrypt(algo, PLAIN_DATA);
568 // break the encrypted data
569 ret.encrypted->data[BUF_LEN/2]++;
571 // no data integrity check
572 assert_crypto_positive(apiDecrypt,
576 *ret.encrypted.get(),
579 RawBufferPtr tmp = create_raw_buffer(decrypted);
580 assert_buffers_equal(PLAIN_DATA.get(), decrypted, false);
583 void testCtrEncryptionInvalidLength(const Algo& algo)
586 ckmc_raw_buffer_s* encryptedTmp = nullptr;
589 KeyAliasPair aliases = getKey(algo, PRIMARY);
592 ckmc_param_list_h handle = NULL;
593 assert_positive(ckmc_generate_new_params, algo.type, &handle);
594 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
595 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
599 assert_crypto_invalid_param(apiEncrypt,
605 ckmc_buffer_free(encryptedTmp);
606 encryptedTmp = nullptr;
608 // invalid counter size
609 setParam(params, CKMC_PARAM_ED_CTR_LEN, 0ULL);
611 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
615 void testCtrEncryptionValidLength(const Algo& algo)
618 ckmc_raw_buffer_s* encryptedTmp = nullptr;
621 KeyAliasPair aliases = getKey(algo, PRIMARY);
624 ckmc_param_list_h handle = NULL;
625 assert_positive(ckmc_generate_new_params, algo.type, &handle);
626 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
627 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
631 assert_crypto_positive(apiEncrypt,
637 ckmc_buffer_free(encryptedTmp);
638 encryptedTmp = nullptr;
640 // valid counter sizez
641 setParam(params, CKMC_PARAM_ED_CTR_LEN, 1);
643 setParam(params, CKMC_PARAM_ED_CTR_LEN, 4);
645 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
647 setParam(params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
651 void testCtrDecryptionInvalidLength(const Algo& algo)
654 ckmc_raw_buffer_s* decrypted = nullptr;
656 // add AES CTR key & encrypt
657 auto ret = encrypt(algo, PLAIN_DATA);
661 assert_crypto_invalid_param(apiDecrypt,
665 *ret.encrypted.get(),
667 ckmc_buffer_free(decrypted);
670 // invalid counter size
671 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 0ULL);
673 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN+1);
677 void testCtrDecryptionValidLength(const Algo& algo)
680 ckmc_raw_buffer_s* decrypted = nullptr;
682 // add AES CTR key & encrypt
683 auto ret = encrypt(algo, PLAIN_DATA);
687 assert_crypto_positive(apiDecrypt,
691 *ret.encrypted.get(),
693 ckmc_buffer_free(decrypted);
694 RawBufferPtr tmp = create_raw_buffer(decrypted);
695 assert_buffers_equal(PLAIN_DATA.get(), decrypted);
697 // invalid counter size
698 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1);
700 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 4);
702 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN-1);
704 setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, CTR_DEFAULT_LEN);
708 void testGcmEncryptionTagLen(const Algo& algo)
711 ckmc_raw_buffer_s* encryptedTmp = nullptr;
714 KeyAliasPair aliases = getKey(algo, PRIMARY);
717 ckmc_param_list_h handle = NULL;
718 assert_positive(ckmc_generate_new_params, algo.type, &handle);
719 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
720 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
722 std::vector<TagTest> testData = {
723 // illegal tag lengths
724 { -1, EncryptionError::INVALID_PARAM },
725 { 0, EncryptionError::INVALID_PARAM },
726 { 16, EncryptionError::INVALID_PARAM },
727 { 48, EncryptionError::INVALID_PARAM },
728 { 72, EncryptionError::INVALID_PARAM },
729 { 100, EncryptionError::INVALID_PARAM },
730 { 108, EncryptionError::INVALID_PARAM },
731 { 116, EncryptionError::INVALID_PARAM },
732 { 124, EncryptionError::INVALID_PARAM },
733 { 256, EncryptionError::INVALID_PARAM },
735 { 32, EncryptionError::INVALID_PARAM },
736 { 64, EncryptionError::INVALID_PARAM },
740 { 32, EncryptionError::SUCCESS },
741 { 64, EncryptionError::SUCCESS },
744 { 96, EncryptionError::SUCCESS },
745 { 104, EncryptionError::SUCCESS },
746 { 112, EncryptionError::SUCCESS },
747 { 120, EncryptionError::SUCCESS },
748 { 128, EncryptionError::SUCCESS },
752 for(const auto& it : testData)
754 setParam(params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
755 assert_crypto_result(it.expected,
762 ckmc_buffer_free(encryptedTmp);
763 encryptedTmp = nullptr;
767 void testGcmDecryptionTagLen(const Algo& algo)
770 ckmc_raw_buffer_s* decrypted = nullptr;
772 // add AES GCM key & encrypt
773 auto ret = encrypt(algo, PLAIN_DATA);
775 std::vector<TagTest> testData = {
776 // illegal tag lengths
777 { -1, EncryptionError::INVALID_PARAM },
778 { 0, EncryptionError::INVALID_PARAM },
779 { 16, EncryptionError::INVALID_PARAM },
780 { 48, EncryptionError::INVALID_PARAM },
781 { 72, EncryptionError::INVALID_PARAM },
782 { 100, EncryptionError::INVALID_PARAM },
783 { 108, EncryptionError::INVALID_PARAM },
784 { 116, EncryptionError::INVALID_PARAM },
785 { 124, EncryptionError::INVALID_PARAM },
786 { 256, EncryptionError::INVALID_PARAM },
787 // legal tag lengths but different than the one used for encryption
788 { 32, EncryptionError::INVALID_PARAM },
789 { 64, EncryptionError::INVALID_PARAM },
790 { 96, EncryptionError::INVALID_PARAM },
791 { 104, EncryptionError::INVALID_PARAM },
792 { 112, EncryptionError::INVALID_PARAM },
793 { 120, EncryptionError::INVALID_PARAM },
794 // legal tag length that was actually used for encryption (default)
795 { 128, EncryptionError::SUCCESS },
799 for(const auto& it : testData)
801 setParam(ret.params, CKMC_PARAM_ED_TAG_LEN, it.tagLen);
802 assert_crypto_result(it.expected,
807 *ret.encrypted.get(),
809 ckmc_buffer_free(decrypted);
814 void testGcmWrongTag(const Algo& algo)
817 ckmc_raw_buffer_s* decrypted = nullptr;
819 // encrypt with AES GCM
820 auto ret = encrypt(algo, PLAIN_DATA);
822 // modify tag (last 16B of encrypted message)
823 ret.encrypted->data[ret.encrypted->size-1]++;
825 // EVP_CipherFinal fails because of an authentication error
826 assert_crypto_result(EncryptionError::INVALID_PARAM,
831 *ret.encrypted.get(),
835 void testGcmDifferentIvSizes(const Algo& algo)
838 KeyAliasPair aliases = getKey(algo, PRIMARY);
840 testGcmIvSize(IV1, aliases);
841 testGcmIvSize(IV11, aliases);
842 testGcmIvSize(IV12, aliases);
843 testGcmIvSize(IV17, aliases);
844 testGcmIvSize(IV128, aliases);
847 void testEncryptDecryptBigData(const Algo& algo)
850 ckmc_raw_buffer_s* decrypted = nullptr;
853 auto ret = encrypt(algo, BIG_DATA);
855 assert_positive(apiDecrypt,
859 *ret.encrypted.get(),
861 RawBufferPtr tmp = create_raw_buffer(decrypted);
863 assert_buffers_equal(BIG_DATA.get(), decrypted);
866 void testEncryptDecryptDifferentKeys(const Algo& algo, bool success)
869 ckmc_raw_buffer_s* decrypted = nullptr;
872 auto ret = encrypt(algo, PLAIN_DATA);
874 // get different keys
875 KeyAliasPair differentKeys = getKey(algo, PASSWORD_PROTECTED);
878 // some algorithms don't verify key validity
879 assert_crypto_positive(apiDecrypt,
881 differentKeys.prv.c_str(),
883 *ret.encrypted.get(),
885 RawBufferPtr tmp = create_raw_buffer(decrypted);
887 assert_buffers_equal(PLAIN_DATA.get(), decrypted, false);
889 assert_crypto_result(EncryptionError::INVALID_PARAM,
892 differentKeys.prv.c_str(),
894 *ret.encrypted.get(),
899 void testRsaLongestData(const Algo& algo, size_t dataSize)
902 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
903 ckmc_raw_buffer_s* decrypted = nullptr;
906 auto ret = encrypt(algo, plain);
908 assert_crypto_positive(apiDecrypt,
912 *ret.encrypted.get(),
914 RawBufferPtr tmp = create_raw_buffer(decrypted);
916 assert_buffers_equal(plain.get(), decrypted);
919 void testRsaDataTooLong(const Algo& algo, size_t dataSize)
922 RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
925 EncryptionResult ret;
926 ckmc_raw_buffer_s* encrypted = nullptr;
927 KeyAliasPair aliases = getKey(algo, PRIMARY);
929 ckmc_param_list_h handle = NULL;
930 assert_positive(ckmc_generate_new_params, algo.type, &handle);
931 ret.params = ParamListPtr(handle, ckmc_param_list_free);
932 assert_crypto_result(EncryptionError::INVALID_PARAM,
941 std::pair<Alias, ParamListPtr> defaultGcmCipherSetup()
943 Algo algo = {CKMC_ALGO_AES_GCM, 256};
944 KeyAliasPair aliases = getKey(algo, PRIMARY);
946 ckmc_param_list_h handle = NULL;
947 assert_positive(ckmc_generate_new_params, algo.type, &handle);
948 auto params = ParamListPtr(handle, ckmc_param_list_free);
949 setParam(params, CKMC_PARAM_ED_IV, IV12);
951 return std::make_pair(aliases.prv, params);
954 } // namespace anonymous
956 RUNNER_TEST_GROUP_INIT_ENV(CKM_ENCRYPTION_DECRYPTION, EncGroupFixture);
958 /////////////////////////////////////////
959 // Generic encryption decryption tests
960 /////////////////////////////////////////
962 RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv, CipherEnv)
964 testAllAlgorithms([](const Algo& algo){
966 ckmc_raw_buffer_s* encrypted = nullptr;
969 KeyAliasPair aliases = getKey(algo, PRIMARY);
972 assert_crypto_invalid_param(apiEncrypt,
980 ParamListPtr params = createParamListPtr();
981 assert_crypto_invalid_param(apiEncrypt,
990 RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv, CipherEnv)
992 testAllAlgorithms([](const Algo& algo){
994 ckmc_raw_buffer_s* encrypted = nullptr;
997 ckmc_param_list_h handle = NULL;
998 assert_positive(ckmc_generate_new_params, algo.type, &handle);
999 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1000 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1002 assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
1005 "non-existing-key-alias",
1012 RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv)
1014 testAllAlgorithms([](const Algo& algo){
1016 ckmc_raw_buffer_s plain = { nullptr, 0 };
1017 ckmc_raw_buffer_s* encrypted = nullptr;
1020 KeyAliasPair aliases = getKey(algo, PRIMARY);
1023 ckmc_param_list_h handle = NULL;
1024 assert_positive(ckmc_generate_new_params, algo.type, &handle);
1025 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1026 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1028 assert_crypto_invalid_param(apiEncrypt,
1030 aliases.pub.c_str(),
1037 RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv)
1039 testAllAlgorithms([](const Algo& algo){
1041 ckmc_raw_buffer_s** encrypted = nullptr;
1044 KeyAliasPair aliases = getKey(algo, PRIMARY);
1047 ckmc_param_list_h handle = NULL;
1048 assert_positive(ckmc_generate_new_params, algo.type, &handle);
1049 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1050 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1052 assert_crypto_invalid_param(apiEncrypt,
1054 aliases.pub.c_str(),
1061 RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv, CipherEnv)
1063 testAllAlgorithms([](const Algo& algo){
1065 ckmc_raw_buffer_s* decrypted = nullptr;
1068 auto ret = encrypt(algo, PLAIN_DATA);
1071 assert_crypto_invalid_param(apiDecrypt,
1075 *ret.encrypted.get(),
1079 ParamListPtr params = createParamListPtr();
1080 assert_crypto_invalid_param(apiDecrypt,
1084 *ret.encrypted.get(),
1089 RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv, CipherEnv)
1091 testAllAlgorithms([](const Algo& algo){
1093 ckmc_raw_buffer_s* decrypted = nullptr;
1096 auto ret = encrypt(algo, PLAIN_DATA);
1099 assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
1104 *ret.encrypted.get(),
1109 RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv)
1111 testAllAlgorithms([](const Algo& algo){
1113 ckmc_raw_buffer_s encrypted = { nullptr, 0 };
1114 ckmc_raw_buffer_s* decrypted = nullptr;
1117 KeyAliasPair aliases = getKey(algo, PRIMARY);
1120 ckmc_param_list_h handle = NULL;
1121 assert_positive(ckmc_generate_new_params, algo.type, &handle);
1122 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1123 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1125 assert_crypto_invalid_param(apiDecrypt,
1127 aliases.prv.c_str(),
1134 RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv)
1136 testAllAlgorithms([](const Algo& algo){
1138 ckmc_raw_buffer_s** decrypted = nullptr;
1141 auto ret = encrypt(algo, PLAIN_DATA);
1143 assert_crypto_invalid_param(apiDecrypt,
1147 *ret.encrypted.get(),
1152 RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv, CipherEnv)
1154 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 128}, false);
1155 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 192}, false);
1156 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 256}, false);
1157 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 128}, true);
1158 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 192}, true);
1159 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 256}, true);
1160 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 128}, true);
1161 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 192}, true);
1162 testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 256}, true);
1164 if (!g_api->symmetricOnly()) {
1165 testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 1024}, false);
1166 testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 2048}, false);
1167 testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 4096}, false);
1171 RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv, CipherEnv)
1173 testAllAlgorithms([](const Algo& algo){
1175 ckmc_raw_buffer_s* decrypted = nullptr;
1178 auto ret = encrypt(algo, PLAIN_DATA);
1180 assert_crypto_positive(apiDecrypt,
1184 *ret.encrypted.get(),
1186 RawBufferPtr tmp = create_raw_buffer(decrypted);
1188 assert_buffers_equal(PLAIN_DATA.get(), decrypted);
1192 RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv, CipherEnv)
1194 testAllAlgorithms([](const Algo& algo){
1196 ckmc_raw_buffer_s* decrypted = nullptr;
1199 auto ret = encrypt(algo, PLAIN_DATA, PASSWORD);
1202 assert_crypto_result(EncryptionError::AUTH_FAILED,
1207 *ret.encrypted.get(),
1211 assert_crypto_positive(apiDecrypt,
1215 *ret.encrypted.get(),
1217 RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion
1219 assert_buffers_equal(PLAIN_DATA.get(), decrypted);
1223 // long test split into smaller ones
1224 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_128, SyncEnv, AsyncEnv, CipherEnv)
1226 testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 128});
1229 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_192, SyncEnv, AsyncEnv, CipherEnv)
1231 testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 192});
1234 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_256, SyncEnv, AsyncEnv, CipherEnv)
1236 testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 256});
1239 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_128, SyncEnv, AsyncEnv, CipherEnv)
1241 testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 128});
1244 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_192, SyncEnv, AsyncEnv, CipherEnv)
1246 testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 192});
1249 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_256, SyncEnv, AsyncEnv, CipherEnv)
1251 testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 256});
1254 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_128, SyncEnv, AsyncEnv, CipherEnv)
1256 testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 128});
1259 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_192, SyncEnv, AsyncEnv, CipherEnv)
1261 testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 192});
1264 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_256, SyncEnv, AsyncEnv, CipherEnv)
1266 testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 256});
1269 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_128, SyncEnv, AsyncEnv, CipherEnv)
1271 testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 128});
1274 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_192, SyncEnv, AsyncEnv, CipherEnv)
1276 testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 192});
1279 RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_256, SyncEnv, AsyncEnv, CipherEnv)
1281 testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 256});
1284 /////////////////////////////////////////
1285 // Algorithm specific tests
1286 /////////////////////////////////////////
1288 RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv, CipherEnv)
1290 testNoIvEnc({CKMC_ALGO_AES_CTR, 128});
1291 testNoIvEnc({CKMC_ALGO_AES_CTR, 192});
1292 testNoIvEnc({CKMC_ALGO_AES_CTR, 256});
1293 testNoIvEnc({CKMC_ALGO_AES_CBC, 128});
1294 testNoIvEnc({CKMC_ALGO_AES_CBC, 192});
1295 testNoIvEnc({CKMC_ALGO_AES_CBC, 256});
1296 testNoIvEnc({CKMC_ALGO_AES_CFB, 128});
1297 testNoIvEnc({CKMC_ALGO_AES_CFB, 192});
1298 testNoIvEnc({CKMC_ALGO_AES_CFB, 256});
1299 testNoIvEnc({CKMC_ALGO_AES_GCM, 128});
1300 testNoIvEnc({CKMC_ALGO_AES_GCM, 192});
1301 testNoIvEnc({CKMC_ALGO_AES_GCM, 256});
1304 RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv, CipherEnv)
1306 testInvalidIvEnc({CKMC_ALGO_AES_CTR, 128});
1307 testInvalidIvEnc({CKMC_ALGO_AES_CTR, 192});
1308 testInvalidIvEnc({CKMC_ALGO_AES_CTR, 256});
1309 testInvalidIvEnc({CKMC_ALGO_AES_CBC, 128});
1310 testInvalidIvEnc({CKMC_ALGO_AES_CBC, 192});
1311 testInvalidIvEnc({CKMC_ALGO_AES_CBC, 256});
1312 testInvalidIvEnc({CKMC_ALGO_AES_CFB, 128});
1313 testInvalidIvEnc({CKMC_ALGO_AES_CFB, 192});
1314 testInvalidIvEnc({CKMC_ALGO_AES_CFB, 256});
1317 RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv, CipherEnv)
1319 testNoIvDec({CKMC_ALGO_AES_CTR, 128});
1320 testNoIvDec({CKMC_ALGO_AES_CTR, 192});
1321 testNoIvDec({CKMC_ALGO_AES_CTR, 256});
1322 testNoIvDec({CKMC_ALGO_AES_CBC, 128});
1323 testNoIvDec({CKMC_ALGO_AES_CBC, 192});
1324 testNoIvDec({CKMC_ALGO_AES_CBC, 256});
1325 testNoIvDec({CKMC_ALGO_AES_CFB, 128});
1326 testNoIvDec({CKMC_ALGO_AES_CFB, 192});
1327 testNoIvDec({CKMC_ALGO_AES_CFB, 256});
1328 testNoIvDec({CKMC_ALGO_AES_GCM, 128});
1329 testNoIvDec({CKMC_ALGO_AES_GCM, 192});
1330 testNoIvDec({CKMC_ALGO_AES_GCM, 256});
1333 RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv, CipherEnv)
1335 testInvalidIvDec({CKMC_ALGO_AES_CTR, 128});
1336 testInvalidIvDec({CKMC_ALGO_AES_CTR, 192});
1337 testInvalidIvDec({CKMC_ALGO_AES_CTR, 256});
1338 testInvalidIvDec({CKMC_ALGO_AES_CBC, 128});
1339 testInvalidIvDec({CKMC_ALGO_AES_CBC, 192});
1340 testInvalidIvDec({CKMC_ALGO_AES_CBC, 256});
1341 testInvalidIvDec({CKMC_ALGO_AES_CFB, 128});
1342 testInvalidIvDec({CKMC_ALGO_AES_CFB, 192});
1343 testInvalidIvDec({CKMC_ALGO_AES_CFB, 256});
1346 RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv, CipherEnv)
1348 testIntegrity({CKMC_ALGO_AES_CTR, 128});
1349 testIntegrity({CKMC_ALGO_AES_CTR, 192});
1350 testIntegrity({CKMC_ALGO_AES_CTR, 256});
1351 testIntegrity({CKMC_ALGO_AES_CBC, 128});
1352 testIntegrity({CKMC_ALGO_AES_CBC, 192});
1353 testIntegrity({CKMC_ALGO_AES_CBC, 256});
1354 testIntegrity({CKMC_ALGO_AES_CFB, 128});
1355 testIntegrity({CKMC_ALGO_AES_CFB, 192});
1356 testIntegrity({CKMC_ALGO_AES_CFB, 256});
1359 RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv, CipherEnv)
1361 testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 128});
1362 testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 192});
1363 testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 256});
1366 RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv, CipherEnv)
1368 RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1369 testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 128});
1370 testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 192});
1371 testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 256});
1374 RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv, CipherEnv)
1376 testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 128});
1377 testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 192});
1378 testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 256});
1381 RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv, CipherEnv)
1383 RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
1384 testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 128});
1385 testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 192});
1386 testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 256});
1389 RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv, CipherEnv)
1391 testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 128});
1392 testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 192});
1393 testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 256});
1396 RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv, CipherEnv)
1398 testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 128});
1399 testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 192});
1400 testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 256});
1403 RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv, CipherEnv)
1405 testGcmWrongTag({CKMC_ALGO_AES_GCM, 128});
1406 testGcmWrongTag({CKMC_ALGO_AES_GCM, 192});
1407 testGcmWrongTag({CKMC_ALGO_AES_GCM, 256});
1410 RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv, CipherEnv)
1412 testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 128});
1413 testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 192});
1414 testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 256});
1417 RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv, CipherEnv)
1419 encryptionWithCustomData({CKMC_ALGO_AES_GCM, 128}, CKMC_PARAM_ED_AAD);
1420 encryptionWithCustomData({CKMC_ALGO_AES_GCM, 192}, CKMC_PARAM_ED_AAD);
1421 encryptionWithCustomData({CKMC_ALGO_AES_GCM, 256}, CKMC_PARAM_ED_AAD);
1424 RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv)
1426 RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
1427 encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 1024}, CKMC_PARAM_ED_LABEL);
1428 encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 2048}, CKMC_PARAM_ED_LABEL);
1429 encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 4096}, CKMC_PARAM_ED_LABEL);
1432 RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv)
1434 testRsaLongestData({CKMC_ALGO_RSA_OAEP, 1024}, 86);
1435 testRsaLongestData({CKMC_ALGO_RSA_OAEP, 2048}, 214);
1436 testRsaLongestData({CKMC_ALGO_RSA_OAEP, 4096}, 470);
1439 RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv)
1441 testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 1024}, 87);
1442 testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 2048}, 215);
1443 testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 4096}, 471);
1446 /////////////////////////////////////////
1447 // Asynchronous only tests
1448 /////////////////////////////////////////
1449 RUNNER_TEST(TED_2000_enc_no_observer_async, AsyncEnv)
1451 testAllAlgorithms([](const Algo& algo){
1453 RawBuffer plain = createRandomBuffer(BUF_LEN);
1456 KeyAliasPair aliases = getKey(algo, PRIMARY);
1459 ckmc_param_list_h handle = NULL;
1460 assert_positive(ckmc_generate_new_params, algo.type, &handle);
1461 ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
1462 setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
1465 test_no_observer(&ManagerAsync::encrypt,
1466 *reinterpret_cast<CryptoAlgorithm*>(params.get()),
1473 RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv)
1475 testAllAlgorithms([](const Algo& algo){
1477 auto ret = encrypt(algo, PLAIN_DATA);
1478 RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size);
1481 test_no_observer(&ManagerAsync::decrypt,
1482 *reinterpret_cast<CryptoAlgorithm*>(ret.params.get()),
1489 /////////////////////////////////////////
1490 // Mulithreaded test for synchronous API
1491 /////////////////////////////////////////
1492 RUNNER_TEST_MULTIPLE(TED_3000_multiple_threads, SyncEnv, CipherEnv)
1494 std::vector<std::thread> threads;
1495 threads.reserve(10);
1496 for(unsigned i = 0; i < 10;++i)
1497 threads.emplace_back([]{ testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 256}); });
1498 for (auto& thread : threads)
1502 /////////////////////////////////////////
1504 /////////////////////////////////////////
1505 RUNNER_TEST(TED_4000_cipher_missing_arguments)
1507 ckmc_raw_buffer_s* encrypted = nullptr;
1509 auto [alias, params] = defaultGcmCipherSetup();
1511 ckmc_cipher_ctx_h ctx = nullptr;
1512 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1513 auto ctxPtr = create_cipher_ctx(ctx);
1516 assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1518 // missing arguments
1519 assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, nullptr);
1520 assert_invalid_param(ckmc_cipher_update, nullptr, *PLAIN_DATA.get(), &encrypted);
1521 assert_invalid_param(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), nullptr);
1522 assert_invalid_param(ckmc_cipher_finalize, nullptr, nullptr, &encrypted);
1523 assert_invalid_param(ckmc_cipher_finalize, nullptr, nullptr, nullptr);
1526 RUNNER_TEST(TED_4010_cipher_reinitialize_without_aad)
1528 auto [alias, params] = defaultGcmCipherSetup();
1530 ckmc_cipher_ctx_h ctx = nullptr;
1531 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1532 auto ctxPtr = create_cipher_ctx(ctx);
1535 assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1538 RUNNER_TEST(TED_4020_cipher_tag_during_encryption)
1540 ckmc_raw_buffer_s* encrypted = nullptr;
1542 auto [alias, params] = defaultGcmCipherSetup();
1544 ckmc_cipher_ctx_h ctx = nullptr;
1545 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1546 auto ctxPtr = create_cipher_ctx(ctx);
1548 // tag input during encryption
1549 assert_invalid_param(ckmc_cipher_finalize, ctx, PLAIN_DATA.get(), &encrypted);
1552 RUNNER_TEST(TED_4030_cipher_wrong_order)
1554 ckmc_raw_buffer_s* encrypted = nullptr;
1556 auto [alias, params] = defaultGcmCipherSetup();
1558 ckmc_cipher_ctx_h ctx = nullptr;
1559 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1560 auto ctxPtr = create_cipher_ctx(ctx);
1562 assert_positive(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), &encrypted);
1563 ckmc_buffer_free(encrypted);
1565 // initialize after update
1566 setParam(params, CKMC_PARAM_ED_AAD, AAD32);
1567 assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, nullptr);
1569 assert_positive(ckmc_cipher_finalize, ctx, nullptr, &encrypted);
1570 ckmc_buffer_free(encrypted);
1572 // initialize after finalize
1573 assert_invalid_param(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, nullptr);
1575 // update after finalize
1576 assert_invalid_param(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), &encrypted);
1579 RUNNER_TEST(TED_4040_cipher_gcm_aad_and_tag)
1581 ckmc_raw_buffer_s* encrypted = nullptr;
1583 auto [alias, params] = defaultGcmCipherSetup();
1584 setParam(params, CKMC_PARAM_ED_AAD, AAD32);
1586 ckmc_cipher_ctx_h ctx = nullptr;
1589 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1590 auto ctxPtr = create_cipher_ctx(ctx);
1592 // 2 more AAD chunks
1593 setParam(params, CKMC_PARAM_ED_AAD, AAD64);
1594 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1595 setParam(params, CKMC_PARAM_ED_AAD, AAD32);
1596 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, true, &ctx);
1598 ckmc_raw_buffer_s* tag = nullptr;
1600 assert_positive(ckmc_cipher_update, ctx, *PLAIN_DATA.get(), &encrypted);
1601 auto encryptedPtr = create_raw_buffer(encrypted);
1602 assert_positive(ckmc_cipher_finalize, ctx, nullptr, &tag);
1607 ckmc_raw_buffer_s* decrypted = nullptr;
1608 ckmc_raw_buffer_s* empty = nullptr;
1610 // decrypt with invalid AAD
1611 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1612 ctxPtr = create_cipher_ctx(ctx);
1614 assert_positive(ckmc_cipher_update, ctx, *encrypted, &decrypted);
1615 ckmc_buffer_free(decrypted);
1616 assert_invalid_param(ckmc_cipher_finalize, ctx, tag, &empty);
1621 // decrypt without TAG
1622 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1623 ctxPtr = create_cipher_ctx(ctx);
1624 setParam(params, CKMC_PARAM_ED_AAD, AAD64);
1625 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1626 setParam(params, CKMC_PARAM_ED_AAD, AAD32);
1627 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1629 assert_positive(ckmc_cipher_update, ctx, *encrypted, &decrypted);
1630 ckmc_buffer_free(decrypted);
1631 assert_invalid_param(ckmc_cipher_finalize, ctx, nullptr, &empty);
1637 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1638 ctxPtr = create_cipher_ctx(ctx);
1639 setParam(params, CKMC_PARAM_ED_AAD, AAD64);
1640 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1641 setParam(params, CKMC_PARAM_ED_AAD, AAD32);
1642 assert_positive(ckmc_cipher_initialize, params.get(), alias.c_str(), nullptr, false, &ctx);
1644 assert_positive(ckmc_cipher_update, ctx, *encrypted, &decrypted);
1645 auto decryptedPtr = create_raw_buffer(decrypted);
1646 assert_positive(ckmc_cipher_finalize, ctx, tag, &empty);
1648 RUNNER_ASSERT(empty == nullptr);
1650 assert_buffers_equal(PLAIN_DATA.get(), decrypted);