CKM: Prepare db & keys once per encryption group

author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Tue, 19 Mar 2019 10:38:27 +0000 (11:38 +0100)

committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>

Thu, 4 Apr 2019 15:03:25 +0000 (15:03 +0000)
author Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Tue, 19 Mar 2019 10:38:27 +0000 (11:38 +0100)
committer Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Thu, 4 Apr 2019 15:03:25 +0000 (15:03 +0000)
diff --git a/src/ckm/unprivileged/encryption-decryption.cpp b/src/ckm/unprivileged/encryption-decryption.cpp

index 76f1c92..d115ae8 100644 (file)
--- a/src/ckm/unprivileged/encryption-decryption.cpp
+++ b/src/ckm/unprivileged/encryption-decryption.cpp
@@ -1,5 +1,5 @@
  /*
- *  Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
   *
   *  Licensed under the Apache License, Version 2.0 (the "License");
   *  you may not use this file except in compliance with the License.
@@ -22,12 +22,12 @@
  
  #include <string>
  #include <vector>
-#include <map>
-#include <sstream>
+#include <unordered_map>
  
  #include <dpl/test/test_runner.h>
  #include <ckm-common.h>
  #include <ckmc/ckmc-manager.h>
+#include <ckmc/ckmc-control.h>
  #include <ckm/ckm-type.h>
  #include <ckm/ckm-manager.h>
  #include <encryption-decryption-env.h>
@@ -127,168 +127,157 @@ struct KeyAliasPair
      Alias pub;
  };
  
-class EncEnv : public RemoveDataEnv<UID> {
-public:
-    EncEnv() : m_dbu(NULL) {}
-    ~EncEnv() { delete m_dbu; }
-
-    void init(const std::string& str) {
-        RemoveDataEnv<UID>::init(str);
-        m_dbu = new ScopedDBUnlock(UID, "db-pass"); // unlock user's database
+struct SyncEnv {
+    void init(const std::string&) {
+        g_api = &g_syncApi;
      }
  
      void finish() {
-        delete m_dbu;
-        m_dbu = NULL;
-        RemoveDataEnv<UID>::finish();
-        g_api = NULL;
-    }
-
-    ScopedDBUnlock* m_dbu;
-};
-
-struct SyncEnv : public EncEnv {
-    void init(const std::string& str) {
-        EncEnv::init(str);
-        g_api = &g_syncApi;
+        g_api = nullptr;
      }
  
      static std::string suffix() { return "_sync"; }
  };
  
-struct AsyncEnv : public EncEnv {
-    void init(const std::string& str) {
-        EncEnv::init(str);
+struct AsyncEnv {
+    void init(const std::string&) {
          g_api = &g_asyncApi;
      }
  
+    void finish() {
+        g_api = nullptr;
+    }
+
      static std::string suffix() { return "_async"; }
  };
  
-struct AlgoBase {
-    ckmc_algo_type_e m_type;
-    size_t m_keyLen;
-
-    AlgoBase(ckmc_algo_type_e type, size_t keyLen) : m_type(type), m_keyLen(keyLen) {}
-
-    virtual KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr) = 0;
+struct Algo {
+    ckmc_algo_type_e type;
+    size_t keyLen;
  };
  
-typedef std::shared_ptr<AlgoBase> AlgoBasePtr;
+std::unordered_map<size_t, std::vector<Alias>> g_symKeys;
+std::unordered_map<size_t, std::vector<KeyAliasPair>> g_asymKeys;
  
-template <typename T>
-AlgoBasePtr createAlgo(ckmc_algo_type_e type, size_t keyLen) {
-    return AlgoBasePtr(new T(type, keyLen));
-}
+enum KeyIdx {
+    PRIMARY = 0,
+    PASSWORD_PROTECTED = 1,
  
-struct AlgoAes : public AlgoBase {
-    AlgoAes(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
-    KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
+    KEY_IDX_MAX
  };
  
-KeyAliasPair AlgoAes::keyGen(const char* pass, const char* suffix)
-{
-    KeyAliasPair aliases;
-    std::ostringstream oss;
-    std::string ownerId = getOwnerIdFromSelf();
-    CharPtr passPtr(nullptr, free);
-    if (pass)
-        passPtr.reset(strdup(pass));
+RawBufferPtr PLAIN_DATA;
+RawBufferPtr BIG_DATA;
+ckmc_raw_buffer_s* DEFAULT_IV;
+ckmc_raw_buffer_s* IV11;
+ckmc_raw_buffer_s* IV12;
+ckmc_raw_buffer_s* IV15;
+ckmc_raw_buffer_s* IV17;
+ckmc_raw_buffer_s* IV128;
+ckmc_raw_buffer_s* AAD32;
+ckmc_raw_buffer_s* AAD64;
  
-    oss << "aes_" << static_cast<int>(m_type) << "_" << m_keyLen << "_key_alias";
-    if (suffix)
-        oss << suffix;
-    aliases.prv = aliasWithLabel(ownerId.c_str(),oss.str().c_str());
-    aliases.pub = aliasWithLabel(ownerId.c_str(), oss.str().c_str());
+void generateSymmetricKeys(ManagerShPtr& manager, size_t bitLen)
+{
+    for (int i = 0; i < KEY_IDX_MAX; i++)
+    {
+        Policy p(Password(), true, g_backend);
+        if (i == PASSWORD_PROTECTED)
+            p.password.assign(PASSWORD);
  
-    ckmc_policy_s policy;
-    policy.extractable = false;
-    policy.password = passPtr.get();
+        std::string alias = std::string("skey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
+        int ret = manager->createKeyAES(bitLen, alias, p);
+        if (ret != CKM_API_SUCCESS)
+            RUNNER_ERROR_MSG("AES key creation failed");
  
-    auto mgr = CKM::Manager::create();
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == mgr->createKeyAES(m_keyLen, Alias(aliases.prv.c_str()),
-                        _toCkmPolicy(policy, g_backend)),
-                        "AES key creation failed");
+        g_symKeys[bitLen].push_back(alias);
+    }
+}
  
-    return aliases;
+void generateRsaKeys(ManagerShPtr& manager, size_t bitLen)
+{
+    for (int i = 0; i < KEY_IDX_MAX; i++)
+    {
+        Policy p(Password(), true, g_backend);
+        if (i == PASSWORD_PROTECTED) {
+            p.password.assign(PASSWORD);
+            //p.extractable = false;
+        }
+
+        KeyAliasPair alias;
+        alias.prv = std::string("akey_") + std::to_string(bitLen) + std::string("_") + std::to_string(i);
+        alias.pub = std::string("pub") + alias.prv;
+        int ret = manager->createKeyPairRSA(bitLen, alias.prv, alias.pub, p);
+        if (ret != CKM_API_SUCCESS)
+            RUNNER_ERROR_MSG("RSA key creation failed");
+
+        g_asymKeys[bitLen].push_back(alias);
+    }
  }
  
-struct AlgoRsa : public AlgoBase {
-    AlgoRsa(ckmc_algo_type_e type, size_t keyLen) : AlgoBase(type, keyLen) {}
-    KeyAliasPair keyGen(const char* pass = nullptr, const char* suffix = nullptr);
-};
+KeyAliasPair getKey(const Algo& algo, KeyIdx idx)
+{
+    if (algo.type == CKMC_ALGO_RSA_OAEP)
+        return g_asymKeys[algo.keyLen][idx];
  
-KeyAliasPair AlgoRsa::keyGen(const char* pass, const char* suffix)
+    KeyAliasPair pair;
+    pair.prv = g_symKeys[algo.keyLen][idx];
+    pair.pub = pair.prv;
+    return pair;
+}
+
+class EncGroupFixture: public DPL::Test::TestGroup
  {
-    std::ostringstream oss_prv, oss_pub;
-    oss_prv << "rsa_oaep_prv_alias_" << m_keyLen;
-    oss_pub << "rsa_oaep_pub_alias_" << m_keyLen;
-    if (suffix) {
-        oss_prv << suffix;
-        oss_pub << suffix;
+public:
+    void Init() override
+    {
+        remove_user_data(UID);
+        int ret = ckmc_unlock_user_key(UID, "db-pass");
+        if (ret != CKMC_ERROR_NONE)
+            RUNNER_ERROR_MSG("DB unlock failed: " << CKMCErrorToString(ret));
+
+        // generate keys
+        auto manager = Manager::create();
+        generateSymmetricKeys(manager, 128);
+        generateSymmetricKeys(manager, 192);
+        generateSymmetricKeys(manager, 256);
+        generateRsaKeys(manager, 1024);
+        generateRsaKeys(manager, 2048);
+        generateRsaKeys(manager, 4096);
+
+        PLAIN_DATA = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
+        BIG_DATA = create_raw_buffer(createRandomBufferCAPI(5000000));
+        DEFAULT_IV = createRandomBufferCAPI(DEFAULT_IV_LEN);
+        IV11 = createRandomBufferCAPI(11);
+        IV12 = createRandomBufferCAPI(12);
+        IV15 = createRandomBufferCAPI(15);
+        IV17 = createRandomBufferCAPI(17);
+        IV128 = createRandomBufferCAPI(128);
+        AAD32 = createRandomBufferCAPI(32);
+        AAD64 = createRandomBufferCAPI(64);
      }
-    KeyAliasPair aliases = {
-            aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_prv.str().c_str()),
-            aliasWithLabel(getOwnerIdFromSelf().c_str(), oss_pub.str().c_str())
-    };
-    CharPtr passPtr(nullptr, free);
-    if (pass)
-        passPtr.reset(strdup(pass));
-
-    ckmc_policy_s policyPrv;
-    policyPrv.password = passPtr.get();
-    policyPrv.extractable = 0;
-
-    ckmc_policy_s policyPub;
-    policyPub.password = passPtr.get();
-    policyPub.extractable = 0;
-
-    auto mgr = CKM::Manager::create();
-
-    RUNNER_ASSERT_MSG(CKM_API_SUCCESS == mgr->createKeyPairRSA(static_cast<int>(m_keyLen),
-                                                CKM::Alias(aliases.prv.c_str()),
-                                                CKM::Alias(aliases.pub.c_str()),
-                                                _toCkmPolicy(policyPrv, g_backend),
-                                                _toCkmPolicy(policyPub, g_backend)), "RSA key pair generation failed" );
-    return aliases;
-}
-
-enum Algorithm {
-    AES_CBC_128,
-    AES_CBC_192,
-    AES_CBC_256,
-    AES_GCM_128,
-    AES_GCM_192,
-    AES_GCM_256,
-    AES_CTR_128,
-    AES_CTR_192,
-    AES_CTR_256,
-    AES_CFB_128,
-    AES_CFB_192,
-    AES_CFB_256,
-    RSA_OAEP_1024,
-    RSA_OAEP_2048,
-    RSA_OAEP_4096,
-};
  
-std::map<Algorithm, AlgoBasePtr> g_algorithms = {
-        { AES_CBC_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 128) },
-        { AES_CBC_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 192) },
-        { AES_CBC_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CBC, 256) },
-        { AES_GCM_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 128) },
-        { AES_GCM_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 192) },
-        { AES_GCM_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_GCM, 256) },
-        { AES_CTR_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 128) },
-        { AES_CTR_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 192) },
-        { AES_CTR_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CTR, 256) },
-        { AES_CFB_128, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 128) },
-        { AES_CFB_192, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 192) },
-        { AES_CFB_256, createAlgo<AlgoAes>(CKMC_ALGO_AES_CFB, 256) },
-        { RSA_OAEP_1024, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 1024) },
-        { RSA_OAEP_2048, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 2048) },
-        { RSA_OAEP_4096, createAlgo<AlgoRsa>(CKMC_ALGO_RSA_OAEP, 4096) },
+    void Finish() override
+    {
+        BIG_DATA.reset();
+        PLAIN_DATA.reset();
+        ckmc_buffer_free(AAD64);
+        ckmc_buffer_free(AAD32);
+        ckmc_buffer_free(IV128);
+        ckmc_buffer_free(IV17);
+        ckmc_buffer_free(IV15);
+        ckmc_buffer_free(IV12);
+        ckmc_buffer_free(IV11);
+        ckmc_buffer_free(DEFAULT_IV);
+
+        int ret = ckmc_lock_user_key(UID);
+        if (ret != CKMC_ERROR_NONE)
+            RUNNER_ERROR_MSG("DB lock failed: " << CKMCErrorToString(ret));
+        remove_user_data(UID);
+    }
  };
  
+
  void setParam(ParamListPtr& params, ckmc_param_name_e name, ckmc_raw_buffer_s* buffer)
  {
      int ret = ckmc_param_list_set_buffer(params.get(), name, buffer);
@@ -311,18 +300,18 @@ struct EncryptionResult
      Alias pubKey;
  };
  
-EncryptionResult encrypt(const AlgoBasePtr& algo,
+EncryptionResult encrypt(const Algo& algo,
                           const RawBufferPtr& plain,
                           const char* pass = nullptr)
  {
      EncryptionResult ret;
      ckmc_raw_buffer_s* encrypted = nullptr;
-    KeyAliasPair aliases = algo->keyGen(pass);
+    KeyAliasPair aliases = getKey(algo, pass == nullptr ? PRIMARY : PASSWORD_PROTECTED);
  
      ckmc_param_list_h handle = NULL;
-    assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+    assert_positive(ckmc_generate_new_params, algo.type, &handle);
      ret.params = ParamListPtr(handle, ckmc_param_list_free);
-    setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+    setParam(ret.params, CKMC_PARAM_ED_IV, DEFAULT_IV);
  
      assert_crypto_positive(apiEncrypt,
                             ret.params.get(),
@@ -338,48 +327,55 @@ EncryptionResult encrypt(const AlgoBasePtr& algo,
  }
  
  void testAllAlgorithms(
-        const std::function<void(const AlgoBasePtr& algo)>& test)
+        const std::function<void(const Algo& algo)>& test)
+{
+    test( { CKMC_ALGO_AES_CBC, 128 });
+    test( { CKMC_ALGO_AES_CBC, 192 });
+    test( { CKMC_ALGO_AES_CBC, 256 });
+    test( { CKMC_ALGO_AES_GCM, 128 });
+    test( { CKMC_ALGO_AES_GCM, 192 });
+    test( { CKMC_ALGO_AES_GCM, 256 });
+    test( { CKMC_ALGO_AES_CTR, 128 });
+    test( { CKMC_ALGO_AES_CTR, 192 });
+    test( { CKMC_ALGO_AES_CTR, 256 });
+    test( { CKMC_ALGO_AES_CFB, 128 });
+    test( { CKMC_ALGO_AES_CFB, 192 });
+    test( { CKMC_ALGO_AES_CFB, 256 });
+    test( { CKMC_ALGO_RSA_OAEP, 1024 });
+    test( { CKMC_ALGO_RSA_OAEP, 2048 });
+    test( { CKMC_ALGO_RSA_OAEP, 4096 });
+}
+
+void testNoIvEnc(const Algo& algo)
  {
-    for(const auto& it : g_algorithms)
-        test(it.second);
-}
-
-void testNoIvEnc(Algorithm type)
-{
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* encrypted = nullptr;
  
      // add key
-    KeyAliasPair aliases = algo->keyGen();
+    KeyAliasPair aliases = getKey(algo, PRIMARY);
  
      // param list with algo type only
      ParamListPtr params = createParamListPtr();
-    setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
+    setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type);
      assert_crypto_invalid_param(apiEncrypt,
                                  params.get(),
                                  aliases.pub.c_str(),
                                  nullptr,
-                                *plain.get(),
+                                *PLAIN_DATA.get(),
                                  &encrypted);
  }
  
-void testNoIvDec(Algorithm type)
+void testNoIvDec(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* decrypted = nullptr;
  
      // encrypt;
-    auto ret = encrypt(algo, plain);
+    auto ret = encrypt(algo, PLAIN_DATA);
  
      // param list with algo type only
      ParamListPtr params = createParamListPtr();
-    setParam(params, CKMC_PARAM_ALGO_TYPE, algo->m_type);
+    setParam(params, CKMC_PARAM_ALGO_TYPE, algo.type);
      assert_crypto_invalid_param(apiDecrypt,
                                  params.get(),
                                  ret.prvKey.c_str(),
@@ -388,20 +384,17 @@ void testNoIvDec(Algorithm type)
                                  &decrypted);
  }
  
-void testInvalidIvEnc(Algorithm type)
+void testInvalidIvEnc(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* encryptedTmp = nullptr;
  
      // add key
-    KeyAliasPair aliases = algo->keyGen();
+    KeyAliasPair aliases = getKey(algo, PRIMARY);
  
      // setup params
      ckmc_param_list_h handle = NULL;
-    assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+    assert_positive(ckmc_generate_new_params, algo.type, &handle);
      ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
  
      // invalid encryption
@@ -410,28 +403,25 @@ void testInvalidIvEnc(Algorithm type)
                                      params.get(),
                                      aliases.pub.c_str(),
                                      nullptr,
-                                    *plain.get(),
+                                    *PLAIN_DATA.get(),
                                      &encryptedTmp);
          ckmc_buffer_free(encryptedTmp);
          encryptedTmp = nullptr;
      };
      // invalid iv size
-    setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
+    setParam(params, CKMC_PARAM_ED_IV, IV15);
      test();
-    setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
+    setParam(params, CKMC_PARAM_ED_IV, IV17);
      test();
  };
  
-void testInvalidIvDec(Algorithm type)
+void testInvalidIvDec(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* decrypted = nullptr;
  
      // valid encryption
-    auto ret = encrypt(algo, plain);
+    auto ret = encrypt(algo, PLAIN_DATA);
  
      // decryption
      auto test2 = [&](){
@@ -446,40 +436,37 @@ void testInvalidIvDec(Algorithm type)
      };
  
      // invalid iv size
-    setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN-1));
+    setParam(ret.params, CKMC_PARAM_ED_IV, IV15);
      test2();
-    setParam(ret.params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN+1));
+    setParam(ret.params, CKMC_PARAM_ED_IV, IV17);
      test2();
  };
  
-void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name)
+void encryptionWithCustomData(const Algo& algo, ckmc_param_name_e name)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* encrypted = nullptr;
      ckmc_raw_buffer_s* decrypted = nullptr;
  
      // add key
-    KeyAliasPair aliases = algo->keyGen();
+    KeyAliasPair aliases = getKey(algo, PRIMARY);
  
      // setup params
      ckmc_param_list_h handle = NULL;
-    assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+    assert_positive(ckmc_generate_new_params, algo.type, &handle);
      ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
  
-    setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+    setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
  
      // set AAD
-    setParam(params, name, createRandomBufferCAPI(64));
+    setParam(params, name, AAD64);
  
      // encrypt
      assert_crypto_positive(apiEncrypt,
                             params.get(),
                             aliases.pub.c_str(),
                             nullptr,
-                           *plain.get(),
+                           *PLAIN_DATA.get(),
                             &encrypted);
      RawBufferPtr tmpEnc = create_raw_buffer(encrypted);
  
@@ -493,12 +480,12 @@ void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name)
      RawBufferPtr tmpDec = create_raw_buffer(decrypted);
  
      // check
-    assert_buffers_equal(*plain.get(), *tmpDec.get());
+    assert_buffers_equal(*PLAIN_DATA.get(), *tmpDec.get());
      tmpDec.reset();
      decrypted = nullptr;
  
      // set wrong AAD
-    setParam(params, name, createRandomBufferCAPI(32));
+    setParam(params, name, AAD32);
  
      // decrypt
      assert_crypto_result(EncryptionError::INVALID_PARAM,
@@ -510,12 +497,11 @@ void encryptionWithCustomData(Algorithm type, ckmc_param_name_e name)
                           &decrypted);
  }
  
-void testGcmIvSize(size_t size,
+void testGcmIvSize(ckmc_raw_buffer_s* iv,
                     const KeyAliasPair& aliases,
                     EncryptionError error = EncryptionError::SUCCESS)
  {
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      RawBufferPtr encrypted;
      RawBufferPtr decrypted;
      ckmc_raw_buffer_s* encryptedTmp = nullptr;
@@ -525,8 +511,8 @@ void testGcmIvSize(size_t size,
      ckmc_param_list_h handle = NULL;
      assert_positive(ckmc_generate_new_params, CKMC_ALGO_AES_GCM, &handle);
      ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-    setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
-    setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(size));
+    setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
+    setParam(params, CKMC_PARAM_ED_IV, iv);
  
      // encryption
      assert_crypto_result(error,
@@ -534,7 +520,7 @@ void testGcmIvSize(size_t size,
                           params.get(),
                           aliases.pub.c_str(),
                           nullptr,
-                         *plain.get(),
+                         *PLAIN_DATA.get(),
                           &encryptedTmp);
  
      if(error != EncryptionError::SUCCESS)
@@ -550,19 +536,16 @@ void testGcmIvSize(size_t size,
                             &decryptedTmp);
      decrypted = create_raw_buffer(decryptedTmp);
  
-    assert_buffers_equal(*plain.get(), *decrypted.get());
+    assert_buffers_equal(*PLAIN_DATA.get(), *decrypted.get());
  }
  
-void testIntegrity(Algorithm type)
+void testIntegrity(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* decrypted = nullptr;
  
      // encrypt
-    auto ret = encrypt(algo, plain);
+    auto ret = encrypt(algo, PLAIN_DATA);
  
      // break the encrypted data
      ret.encrypted->data[BUF_LEN/2]++;
@@ -576,25 +559,22 @@ void testIntegrity(Algorithm type)
                             &decrypted);
  
      RawBufferPtr tmp = create_raw_buffer(decrypted);
-    assert_buffers_equal(*plain.get(), *decrypted, false);
+    assert_buffers_equal(*PLAIN_DATA.get(), *decrypted, false);
  }
  
-void testCtrEncryptionInvalidLength(Algorithm type)
+void testCtrEncryptionInvalidLength(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* encryptedTmp = nullptr;
  
      // add AES CTR key
-    KeyAliasPair aliases = algo->keyGen();
+    KeyAliasPair aliases = getKey(algo, PRIMARY);
  
      // setup params
      ckmc_param_list_h handle = NULL;
-    assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+    assert_positive(ckmc_generate_new_params, algo.type, &handle);
      ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-    setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+    setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
  
      // encryption
      auto test = [&](){
@@ -602,7 +582,7 @@ void testCtrEncryptionInvalidLength(Algorithm type)
                                      params.get(),
                                      aliases.pub.c_str(),
                                      nullptr,
-                                    *plain.get(),
+                                    *PLAIN_DATA.get(),
                                      &encryptedTmp);
          ckmc_buffer_free(encryptedTmp);
          encryptedTmp = nullptr;
@@ -616,22 +596,19 @@ void testCtrEncryptionInvalidLength(Algorithm type)
      test();
  }
  
-void testCtrEncryptionValidLength(Algorithm type)
+void testCtrEncryptionValidLength(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* encryptedTmp = nullptr;
  
      // add AES CTR key
-    KeyAliasPair aliases = algo->keyGen();
+    KeyAliasPair aliases = getKey(algo, PRIMARY);
  
      // setup params
      ckmc_param_list_h handle = NULL;
-    assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+    assert_positive(ckmc_generate_new_params, algo.type, &handle);
      ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-    setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+    setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
  
      // encryption
      auto test = [&](){
@@ -639,7 +616,7 @@ void testCtrEncryptionValidLength(Algorithm type)
                                 params.get(),
                                 aliases.pub.c_str(),
                                 nullptr,
-                               *plain.get(),
+                               *PLAIN_DATA.get(),
                                 &encryptedTmp);
          ckmc_buffer_free(encryptedTmp);
          encryptedTmp = nullptr;
@@ -655,16 +632,13 @@ void testCtrEncryptionValidLength(Algorithm type)
      test();
  }
  
-void testCtrDecryptionInvalidLength(Algorithm type)
+void testCtrDecryptionInvalidLength(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* decrypted = nullptr;
  
      // add AES CTR key & encrypt
-    auto ret = encrypt(algo, plain);
+    auto ret = encrypt(algo, PLAIN_DATA);
  
      // decryption
      auto test = [&](){
@@ -686,16 +660,13 @@ void testCtrDecryptionInvalidLength(Algorithm type)
      test();
  }
  
-void testCtrDecryptionValidLength(Algorithm type)
+void testCtrDecryptionValidLength(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* decrypted = nullptr;
  
      // add AES CTR key & encrypt
-    auto ret = encrypt(algo, plain);
+    auto ret = encrypt(algo, PLAIN_DATA);
  
      // decryption
      auto test = [&](){
@@ -707,7 +678,7 @@ void testCtrDecryptionValidLength(Algorithm type)
                                 &decrypted);
          ckmc_buffer_free(decrypted);
          RawBufferPtr tmp = create_raw_buffer(decrypted);
-        assert_buffers_equal(*plain.get(), *decrypted);
+        assert_buffers_equal(*PLAIN_DATA.get(), *decrypted);
      };
      // invalid counter size
      setParam(ret.params, CKMC_PARAM_ED_CTR_LEN, 1);
@@ -720,22 +691,19 @@ void testCtrDecryptionValidLength(Algorithm type)
      test();
  }
  
-void testGcmEncryptionTagLen(Algorithm type)
+void testGcmEncryptionTagLen(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* encryptedTmp = nullptr;
  
      // add AES GCM key
-    KeyAliasPair aliases = algo->keyGen();
+    KeyAliasPair aliases = getKey(algo, PRIMARY);
  
      // setup params
      ckmc_param_list_h handle = NULL;
-    assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+    assert_positive(ckmc_generate_new_params, algo.type, &handle);
      ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-    setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+    setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
  
      std::vector<TagTest> testData = {
              // illegal tag lengths
@@ -768,23 +736,20 @@ void testGcmEncryptionTagLen(Algorithm type)
                               params.get(),
                               aliases.pub.c_str(),
                               nullptr,
-                             *plain.get(),
+                             *PLAIN_DATA.get(),
                               &encryptedTmp);
          ckmc_buffer_free(encryptedTmp);
          encryptedTmp = nullptr;
      }
  }
  
-void testGcmDecryptionTagLen(Algorithm type)
+void testGcmDecryptionTagLen(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* decrypted = nullptr;
  
      // add AES GCM key & encrypt
-    auto ret = encrypt(algo, plain);
+    auto ret = encrypt(algo, PLAIN_DATA);
  
      std::vector<TagTest> testData = {
              // illegal tag lengths
@@ -825,16 +790,13 @@ void testGcmDecryptionTagLen(Algorithm type)
      }
  }
  
-void testGcmWrongTag(Algorithm type)
+void testGcmWrongTag(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* decrypted = nullptr;
  
      // encrypt with AES GCM
-    auto ret = encrypt(algo, plain);
+    auto ret = encrypt(algo, PLAIN_DATA);
  
      // modify tag (last 16B of encrypted message)
      ret.encrypted->data[ret.encrypted->size-1]++;
@@ -849,29 +811,24 @@ void testGcmWrongTag(Algorithm type)
                           &decrypted);
  }
  
-void testGcmDifferentIvSizes(Algorithm type)
+void testGcmDifferentIvSizes(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // add AES GCM key
-    KeyAliasPair aliases = algo->keyGen();
+    KeyAliasPair aliases = getKey(algo, PRIMARY);
  
-    testGcmIvSize(11,  aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest
-    testGcmIvSize(12,  aliases);
-    testGcmIvSize(17,  aliases);
-    testGcmIvSize(128, aliases);
+    testGcmIvSize(IV11,  aliases, EncryptionError::SERVER_ERROR); // 12B is the smallest
+    testGcmIvSize(IV12,  aliases);
+    testGcmIvSize(IV17,  aliases);
+    testGcmIvSize(IV128, aliases);
  }
  
-void testEncryptDecryptBigData(Algorithm type)
+void testEncryptDecryptBigData(const Algo& algo)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
-
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(5000000));
      ckmc_raw_buffer_s* decrypted = nullptr;
  
      // encrypt
-    auto ret = encrypt(algo, plain);
+    auto ret = encrypt(algo, BIG_DATA);
  
      assert_positive(apiDecrypt,
                      ret.params.get(),
@@ -881,53 +838,44 @@ void testEncryptDecryptBigData(Algorithm type)
                      &decrypted);
      RawBufferPtr tmp = create_raw_buffer(decrypted);
  
-    assert_buffers_equal(*plain.get(), *decrypted);
+    assert_buffers_equal(*BIG_DATA.get(), *decrypted);
  }
  
-void testEncryptDecryptDifferentKeys(Algorithm type, bool success)
+void testEncryptDecryptDifferentKeys(const Algo& algo, bool success)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
      // prepare buffers
-    RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
      ckmc_raw_buffer_s* decrypted = nullptr;
  
      // encrypt
-    auto ret = encrypt(algo, plain);
+    auto ret = encrypt(algo, PLAIN_DATA);
  
-    // add different key
-    KeyAliasPair differentKeys = algo->keyGen(nullptr, "_wrong");
+    // get different keys
+    KeyAliasPair differentKeys = getKey(algo, PASSWORD_PROTECTED);
  
      if (success) {
          // some algorithms don't verify key validity
          assert_crypto_positive(apiDecrypt,
                                 ret.params.get(),
                                 differentKeys.prv.c_str(),
-                               nullptr,
+                               PASSWORD,
                                 *ret.encrypted.get(),
                                 &decrypted);
          RawBufferPtr tmp = create_raw_buffer(decrypted);
  
-        assert_buffers_equal(*plain.get(), *decrypted, false);
+        assert_buffers_equal(*PLAIN_DATA.get(), *decrypted, false);
      } else {
-               assert_crypto_result(EncryptionError::INVALID_PARAM,
+        assert_crypto_result(EncryptionError::INVALID_PARAM,
                               apiDecrypt,
                               ret.params.get(),
                               differentKeys.prv.c_str(),
-                             nullptr,
+                             PASSWORD,
                               *ret.encrypted.get(),
                               &decrypted);
-       }
-
-    // Cleanup before testing next algorithm. Ignore results because not all keys are present
-    ckmc_remove_alias(ret.prvKey.c_str());
-    ckmc_remove_alias(ret.pubKey.c_str());
-    ckmc_remove_alias(differentKeys.prv.c_str());
-    ckmc_remove_alias(differentKeys.pub.c_str());
+    }
  }
  
-void testRsaLongestData(Algorithm type, size_t dataSize)
+void testRsaLongestData(const Algo& algo, size_t dataSize)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
      // prepare buffers
      RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
      ckmc_raw_buffer_s* decrypted = nullptr;
@@ -946,19 +894,18 @@ void testRsaLongestData(Algorithm type, size_t dataSize)
      assert_buffers_equal(*plain.get(), *decrypted);
  }
  
-void testRsaDataTooLong(Algorithm type, size_t dataSize)
+void testRsaDataTooLong(const Algo& algo, size_t dataSize)
  {
-    const AlgoBasePtr& algo = g_algorithms.at(type);
      // prepare buffers
      RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(dataSize));
  
      // encrypt
      EncryptionResult ret;
      ckmc_raw_buffer_s* encrypted = nullptr;
-    KeyAliasPair aliases = algo->keyGen();
+    KeyAliasPair aliases = getKey(algo, PRIMARY);
  
      ckmc_param_list_h handle = NULL;
-    assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+    assert_positive(ckmc_generate_new_params, algo.type, &handle);
      ret.params = ParamListPtr(handle, ckmc_param_list_free);
      assert_crypto_result(EncryptionError::INVALID_PARAM,
                           apiEncrypt,
@@ -971,8 +918,7 @@ void testRsaDataTooLong(Algorithm type, size_t dataSize)
  
  } // namespace anonymous
  
-
-RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION);
+RUNNER_TEST_GROUP_INIT_ENV(CKM_ENCRYPTION_DECRYPTION, EncGroupFixture);
  
  /////////////////////////////////////////
  // Generic encryption decryption tests
@@ -980,20 +926,19 @@ RUNNER_TEST_GROUP_INIT(CKM_ENCRYPTION_DECRYPTION);
  
  RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
-        RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
          ckmc_raw_buffer_s* encrypted = nullptr;
  
          // add key
-        KeyAliasPair aliases = algo->keyGen();
+        KeyAliasPair aliases = getKey(algo, PRIMARY);
  
          // null param list
          assert_crypto_invalid_param(apiEncrypt,
                                      nullptr,
                                      aliases.pub.c_str(),
                                      nullptr,
-                                    *plain.get(),
+                                    *PLAIN_DATA.get(),
                                      &encrypted);
  
          // empty param list
@@ -1002,49 +947,48 @@ RUNNER_TEST_MULTIPLE(TED_0010_encrypt_invalid_param_list, SyncEnv, AsyncEnv)
                                      params.get(),
                                      aliases.pub.c_str(),
                                      nullptr,
-                                    *plain.get(),
+                                    *PLAIN_DATA.get(),
                                      &encrypted);
      });
  }
  
  RUNNER_TEST_MULTIPLE(TED_0020_encrypt_missing_key, SyncEnv, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
-        RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
          ckmc_raw_buffer_s* encrypted = nullptr;
  
          // setup params
          ckmc_param_list_h handle = NULL;
-        assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+        assert_positive(ckmc_generate_new_params, algo.type, &handle);
          ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-        setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+        setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
  
          assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
                               apiEncrypt,
                               params.get(),
                               "non-existing-key-alias",
                               nullptr,
-                             *plain.get(),
+                             *PLAIN_DATA.get(),
                               &encrypted);
      });
  }
  
  RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
          ckmc_raw_buffer_s plain = { nullptr, 0 };
          ckmc_raw_buffer_s* encrypted = nullptr;
  
          // add key
-        KeyAliasPair aliases = algo->keyGen();
+        KeyAliasPair aliases = getKey(algo, PRIMARY);
  
          // setup params
          ckmc_param_list_h handle = NULL;
-        assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+        assert_positive(ckmc_generate_new_params, algo.type, &handle);
          ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-        setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+        setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
  
          assert_crypto_invalid_param(apiEncrypt,
                                      params.get(),
@@ -1057,38 +1001,36 @@ RUNNER_TEST_MULTIPLE(TED_0030_encrypt_no_plain_text, SyncEnv, AsyncEnv)
  
  RUNNER_TEST_MULTIPLE(TED_0040_encrypt_no_output_buffer, SyncEnv, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
-        RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
          ckmc_raw_buffer_s** encrypted = nullptr;
  
          // add key
-        KeyAliasPair aliases = algo->keyGen();
+        KeyAliasPair aliases = getKey(algo, PRIMARY);
  
          // setup params
          ckmc_param_list_h handle = NULL;
-        assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+        assert_positive(ckmc_generate_new_params, algo.type, &handle);
          ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-        setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+        setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
  
          assert_crypto_invalid_param(apiEncrypt,
                                      params.get(),
                                      aliases.pub.c_str(),
                                      nullptr,
-                                    *plain.get(),
+                                    *PLAIN_DATA.get(),
                                      encrypted);
      });
  }
  
  RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
-        RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
          ckmc_raw_buffer_s* decrypted = nullptr;
  
          // encrypt;
-        auto ret = encrypt(algo, plain);
+        auto ret = encrypt(algo, PLAIN_DATA);
  
          // null param list
          assert_crypto_invalid_param(apiDecrypt,
@@ -1111,22 +1053,18 @@ RUNNER_TEST_MULTIPLE(TED_0110_decrypt_invalid_param_list, SyncEnv, AsyncEnv)
  
  RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
-        RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
          ckmc_raw_buffer_s* decrypted = nullptr;
  
          // encrypt
-        auto ret = encrypt(algo, plain);
-
-        // remove key
-        assert_positive(ckmc_remove_alias, ret.prvKey.c_str());
+        auto ret = encrypt(algo, PLAIN_DATA);
  
          // try to decrypt
          assert_crypto_result(EncryptionError::ALIAS_UNKNOWN,
                               apiDecrypt,
                               ret.params.get(),
-                             ret.prvKey.c_str(),
+                             "non-existent-key",
                               nullptr,
                               *ret.encrypted.get(),
                               &decrypted);
@@ -1135,19 +1073,19 @@ RUNNER_TEST_MULTIPLE(TED_0120_decrypt_missing_key, SyncEnv, AsyncEnv)
  
  RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
          ckmc_raw_buffer_s encrypted = { nullptr, 0 };
          ckmc_raw_buffer_s* decrypted = nullptr;
  
          // add key
-        KeyAliasPair aliases = algo->keyGen();
+        KeyAliasPair aliases = getKey(algo, PRIMARY);
  
          // setup params
          ckmc_param_list_h handle = NULL;
-        assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+        assert_positive(ckmc_generate_new_params, algo.type, &handle);
          ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-        setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+        setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
  
          assert_crypto_invalid_param(apiDecrypt,
                                      params.get(),
@@ -1160,13 +1098,12 @@ RUNNER_TEST_MULTIPLE(TED_0130_decrypt_no_encrypted_text, SyncEnv, AsyncEnv)
  
  RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
-        RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
          ckmc_raw_buffer_s** decrypted = nullptr;
  
          // encrypt
-        auto ret = encrypt(algo, plain);
+        auto ret = encrypt(algo, PLAIN_DATA);
  
          assert_crypto_invalid_param(apiDecrypt,
                                      ret.params.get(),
@@ -1180,32 +1117,31 @@ RUNNER_TEST_MULTIPLE(TED_0140_decrypt_no_output_buffer, SyncEnv, AsyncEnv)
  RUNNER_TEST_MULTIPLE(TED_0200_encrypt_decrypt_different_keys, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptDifferentKeys(AES_CBC_128, false);
-    testEncryptDecryptDifferentKeys(AES_CBC_192, false);
-    testEncryptDecryptDifferentKeys(AES_CBC_256, false);
-    testEncryptDecryptDifferentKeys(AES_GCM_128, false);
-    testEncryptDecryptDifferentKeys(AES_GCM_192, false);
-    testEncryptDecryptDifferentKeys(AES_GCM_256, false);
-    testEncryptDecryptDifferentKeys(AES_CTR_128, true);
-    testEncryptDecryptDifferentKeys(AES_CTR_192, true);
-    testEncryptDecryptDifferentKeys(AES_CTR_256, true);
-    testEncryptDecryptDifferentKeys(AES_CFB_128, true);
-    testEncryptDecryptDifferentKeys(AES_CFB_192, true);
-    testEncryptDecryptDifferentKeys(AES_CFB_256, true);
-    testEncryptDecryptDifferentKeys(RSA_OAEP_1024, false);
-    testEncryptDecryptDifferentKeys(RSA_OAEP_2048, false);
-    testEncryptDecryptDifferentKeys(RSA_OAEP_4096, false);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CBC, 128}, false);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CBC, 192}, false);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CBC, 256}, false);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 128}, false);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 192}, false);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_GCM, 256}, false);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 128}, true);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 192}, true);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CTR, 256}, true);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 128}, true);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 192}, true);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_AES_CFB, 256}, true);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 1024}, false);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 2048}, false);
+    testEncryptDecryptDifferentKeys({CKMC_ALGO_RSA_OAEP, 4096}, false);
  }
  
  RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
-        RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
          ckmc_raw_buffer_s* decrypted = nullptr;
  
          // encrypt
-        auto ret = encrypt(algo, plain);
+        auto ret = encrypt(algo, PLAIN_DATA);
  
          assert_crypto_positive(apiDecrypt,
                                 ret.params.get(),
@@ -1215,19 +1151,18 @@ RUNNER_TEST_MULTIPLE(TED_0300_encrypt_decrypt, SyncEnv, AsyncEnv)
                                 &decrypted);
          RawBufferPtr tmp = create_raw_buffer(decrypted);
  
-        assert_buffers_equal(*plain.get(), *decrypted);
+        assert_buffers_equal(*PLAIN_DATA.get(), *decrypted);
      });
  }
  
  RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
-        RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
          ckmc_raw_buffer_s* decrypted = nullptr;
  
          // encrypt
-        auto ret = encrypt(algo, plain, PASSWORD);
+        auto ret = encrypt(algo, PLAIN_DATA, PASSWORD);
  
          // wrong password
          assert_crypto_result(EncryptionError::AUTH_FAILED,
@@ -1247,81 +1182,81 @@ RUNNER_TEST_MULTIPLE(TED_0310_encrypt_decrypt_password, SyncEnv, AsyncEnv)
                                 &decrypted);
          RawBufferPtr tmp = create_raw_buffer(decrypted); // guarantees deletion
  
-        assert_buffers_equal(*plain.get(), *decrypted);
+        assert_buffers_equal(*PLAIN_DATA.get(), *decrypted);
      });
  }
  
  // long test split into smaller ones
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_128, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_128, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_CBC_128);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 128});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_192, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_192, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_CBC_192);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 192});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cbc_256, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CBC_256, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_CBC_256);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_CBC, 256});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_128, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_128, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_GCM_128);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 128});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_192, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_192, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_GCM_192);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 192});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_gcm_256, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_GCM_256, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_GCM_256);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_GCM, 256});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_128, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_128, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_CTR_128);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 128});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_192, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_192, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_CTR_192);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 192});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_ctr_256, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CTR_256, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_CTR_256);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_CTR, 256});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_128, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_128, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_CFB_128);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 128});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_192, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_192, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_CFB_192);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 192});
  }
  
-RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, AsyncEnv)
+RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_AES_CFB_256, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testEncryptDecryptBigData(AES_CFB_256);
+    testEncryptDecryptBigData({CKMC_ALGO_AES_CFB, 256});
  }
  
  /////////////////////////////////////////
@@ -1330,183 +1265,183 @@ RUNNER_TEST_MULTIPLE(TED_0400_encrypt_decrypt_big_data_aes_cfb_256, SyncEnv, Asy
  
  RUNNER_TEST_MULTIPLE(TED_1005_no_iv_enc, SyncEnv, AsyncEnv)
  {
-    testNoIvEnc(AES_CTR_128);
-    testNoIvEnc(AES_CTR_192);
-    testNoIvEnc(AES_CTR_256);
-    testNoIvEnc(AES_CBC_128);
-    testNoIvEnc(AES_CBC_192);
-    testNoIvEnc(AES_CBC_256);
-    testNoIvEnc(AES_CFB_128);
-    testNoIvEnc(AES_CFB_192);
-    testNoIvEnc(AES_CFB_256);
-    testNoIvEnc(AES_GCM_128);
-    testNoIvEnc(AES_GCM_192);
-    testNoIvEnc(AES_GCM_256);
+    testNoIvEnc({CKMC_ALGO_AES_CTR, 128});
+    testNoIvEnc({CKMC_ALGO_AES_CTR, 192});
+    testNoIvEnc({CKMC_ALGO_AES_CTR, 256});
+    testNoIvEnc({CKMC_ALGO_AES_CBC, 128});
+    testNoIvEnc({CKMC_ALGO_AES_CBC, 192});
+    testNoIvEnc({CKMC_ALGO_AES_CBC, 256});
+    testNoIvEnc({CKMC_ALGO_AES_CFB, 128});
+    testNoIvEnc({CKMC_ALGO_AES_CFB, 192});
+    testNoIvEnc({CKMC_ALGO_AES_CFB, 256});
+    testNoIvEnc({CKMC_ALGO_AES_GCM, 128});
+    testNoIvEnc({CKMC_ALGO_AES_GCM, 192});
+    testNoIvEnc({CKMC_ALGO_AES_GCM, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1010_invalid_iv_enc, SyncEnv, AsyncEnv)
  {
-    testInvalidIvEnc(AES_CTR_128);
-    testInvalidIvEnc(AES_CTR_192);
-    testInvalidIvEnc(AES_CTR_256);
-    testInvalidIvEnc(AES_CBC_128);
-    testInvalidIvEnc(AES_CBC_192);
-    testInvalidIvEnc(AES_CBC_256);
-    testInvalidIvEnc(AES_CFB_128);
-    testInvalidIvEnc(AES_CFB_192);
-    testInvalidIvEnc(AES_CFB_256);
+    testInvalidIvEnc({CKMC_ALGO_AES_CTR, 128});
+    testInvalidIvEnc({CKMC_ALGO_AES_CTR, 192});
+    testInvalidIvEnc({CKMC_ALGO_AES_CTR, 256});
+    testInvalidIvEnc({CKMC_ALGO_AES_CBC, 128});
+    testInvalidIvEnc({CKMC_ALGO_AES_CBC, 192});
+    testInvalidIvEnc({CKMC_ALGO_AES_CBC, 256});
+    testInvalidIvEnc({CKMC_ALGO_AES_CFB, 128});
+    testInvalidIvEnc({CKMC_ALGO_AES_CFB, 192});
+    testInvalidIvEnc({CKMC_ALGO_AES_CFB, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1015_no_iv_dec, SyncEnv, AsyncEnv)
  {
-    testNoIvDec(AES_CTR_128);
-    testNoIvDec(AES_CTR_192);
-    testNoIvDec(AES_CTR_256);
-    testNoIvDec(AES_CBC_128);
-    testNoIvDec(AES_CBC_192);
-    testNoIvDec(AES_CBC_256);
-    testNoIvDec(AES_CFB_128);
-    testNoIvDec(AES_CFB_192);
-    testNoIvDec(AES_CFB_256);
-    testNoIvDec(AES_GCM_128);
-    testNoIvDec(AES_GCM_192);
-    testNoIvDec(AES_GCM_256);
+    testNoIvDec({CKMC_ALGO_AES_CTR, 128});
+    testNoIvDec({CKMC_ALGO_AES_CTR, 192});
+    testNoIvDec({CKMC_ALGO_AES_CTR, 256});
+    testNoIvDec({CKMC_ALGO_AES_CBC, 128});
+    testNoIvDec({CKMC_ALGO_AES_CBC, 192});
+    testNoIvDec({CKMC_ALGO_AES_CBC, 256});
+    testNoIvDec({CKMC_ALGO_AES_CFB, 128});
+    testNoIvDec({CKMC_ALGO_AES_CFB, 192});
+    testNoIvDec({CKMC_ALGO_AES_CFB, 256});
+    testNoIvDec({CKMC_ALGO_AES_GCM, 128});
+    testNoIvDec({CKMC_ALGO_AES_GCM, 192});
+    testNoIvDec({CKMC_ALGO_AES_GCM, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1020_invalid_iv_dec, SyncEnv, AsyncEnv)
  {
-    testInvalidIvDec(AES_CTR_128);
-    testInvalidIvDec(AES_CTR_192);
-    testInvalidIvDec(AES_CTR_256);
-    testInvalidIvDec(AES_CBC_128);
-    testInvalidIvDec(AES_CBC_192);
-    testInvalidIvDec(AES_CBC_256);
-    testInvalidIvDec(AES_CFB_128);
-    testInvalidIvDec(AES_CFB_192);
-    testInvalidIvDec(AES_CFB_256);
+    testInvalidIvDec({CKMC_ALGO_AES_CTR, 128});
+    testInvalidIvDec({CKMC_ALGO_AES_CTR, 192});
+    testInvalidIvDec({CKMC_ALGO_AES_CTR, 256});
+    testInvalidIvDec({CKMC_ALGO_AES_CBC, 128});
+    testInvalidIvDec({CKMC_ALGO_AES_CBC, 192});
+    testInvalidIvDec({CKMC_ALGO_AES_CBC, 256});
+    testInvalidIvDec({CKMC_ALGO_AES_CFB, 128});
+    testInvalidIvDec({CKMC_ALGO_AES_CFB, 192});
+    testInvalidIvDec({CKMC_ALGO_AES_CFB, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1050_data_integrity, SyncEnv, AsyncEnv)
  {
-    testIntegrity(AES_CTR_128);
-    testIntegrity(AES_CTR_192);
-    testIntegrity(AES_CTR_256);
-    testIntegrity(AES_CBC_128);
-    testIntegrity(AES_CBC_192);
-    testIntegrity(AES_CBC_256);
-    testIntegrity(AES_CFB_128);
-    testIntegrity(AES_CFB_192);
-    testIntegrity(AES_CFB_256);
+    testIntegrity({CKMC_ALGO_AES_CTR, 128});
+    testIntegrity({CKMC_ALGO_AES_CTR, 192});
+    testIntegrity({CKMC_ALGO_AES_CTR, 256});
+    testIntegrity({CKMC_ALGO_AES_CBC, 128});
+    testIntegrity({CKMC_ALGO_AES_CBC, 192});
+    testIntegrity({CKMC_ALGO_AES_CBC, 256});
+    testIntegrity({CKMC_ALGO_AES_CFB, 128});
+    testIntegrity({CKMC_ALGO_AES_CFB, 192});
+    testIntegrity({CKMC_ALGO_AES_CFB, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1100_ctr_encryption_invalid_length, SyncEnv, AsyncEnv)
  {
-    testCtrEncryptionInvalidLength(AES_CTR_128);
-    testCtrEncryptionInvalidLength(AES_CTR_192);
-    testCtrEncryptionInvalidLength(AES_CTR_256);
+    testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 128});
+    testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 192});
+    testCtrEncryptionInvalidLength({CKMC_ALGO_AES_CTR, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1105_ctr_encryption_valid_length, SyncEnv, AsyncEnv)
  {
      RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
-    testCtrEncryptionValidLength(AES_CTR_128);
-    testCtrEncryptionValidLength(AES_CTR_192);
-    testCtrEncryptionValidLength(AES_CTR_256);
+    testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 128});
+    testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 192});
+    testCtrEncryptionValidLength({CKMC_ALGO_AES_CTR, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1110_ctr_decryption_invalid_length, SyncEnv, AsyncEnv)
  {
-    testCtrDecryptionInvalidLength(AES_CTR_128);
-    testCtrDecryptionInvalidLength(AES_CTR_192);
-    testCtrDecryptionInvalidLength(AES_CTR_256);
+    testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 128});
+    testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 192});
+    testCtrDecryptionInvalidLength({CKMC_ALGO_AES_CTR, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1115_ctr_decryption_valid_length, SyncEnv, AsyncEnv)
  {
      RUNNER_IGNORED_MSG("Openssl supports only 128-bit AES CTR length");
-    testCtrDecryptionValidLength(AES_CTR_128);
-    testCtrDecryptionValidLength(AES_CTR_192);
-    testCtrDecryptionValidLength(AES_CTR_256);
+    testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 128});
+    testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 192});
+    testCtrDecryptionValidLength({CKMC_ALGO_AES_CTR, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1200_gcm_encryption_tag_len, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testGcmEncryptionTagLen(AES_GCM_128);
-    testGcmEncryptionTagLen(AES_GCM_192);
-    testGcmEncryptionTagLen(AES_GCM_256);
+    testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 128});
+    testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 192});
+    testGcmEncryptionTagLen({CKMC_ALGO_AES_GCM, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1210_gcm_decryption_tag_len, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testGcmDecryptionTagLen(AES_GCM_128);
-    testGcmDecryptionTagLen(AES_GCM_192);
-    testGcmDecryptionTagLen(AES_GCM_256);
+    testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 128});
+    testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 192});
+    testGcmDecryptionTagLen({CKMC_ALGO_AES_GCM, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1230_gcm_wrong_tag, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    testGcmWrongTag(AES_GCM_128);
-    testGcmWrongTag(AES_GCM_192);
-    testGcmWrongTag(AES_GCM_256);
+    testGcmWrongTag({CKMC_ALGO_AES_GCM, 128});
+    testGcmWrongTag({CKMC_ALGO_AES_GCM, 192});
+    testGcmWrongTag({CKMC_ALGO_AES_GCM, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1240_gcm_different_iv_sizes, SyncEnv, AsyncEnv)
  {
-    testGcmDifferentIvSizes(AES_GCM_128);
-    testGcmDifferentIvSizes(AES_GCM_192);
-    testGcmDifferentIvSizes(AES_GCM_256);
+    testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 128});
+    testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 192});
+    testGcmDifferentIvSizes({CKMC_ALGO_AES_GCM, 256});
  }
  
  RUNNER_TEST_MULTIPLE(TED_1250_gcm_aad, SyncEnv, AsyncEnv)
  {
      testBackend b(PolicyBackend::FORCE_SOFTWARE);
-    encryptionWithCustomData(AES_GCM_128, CKMC_PARAM_ED_AAD);
-    encryptionWithCustomData(AES_GCM_192, CKMC_PARAM_ED_AAD);
-    encryptionWithCustomData(AES_GCM_256, CKMC_PARAM_ED_AAD);
+    encryptionWithCustomData({CKMC_ALGO_AES_GCM, 128}, CKMC_PARAM_ED_AAD);
+    encryptionWithCustomData({CKMC_ALGO_AES_GCM, 192}, CKMC_PARAM_ED_AAD);
+    encryptionWithCustomData({CKMC_ALGO_AES_GCM, 256}, CKMC_PARAM_ED_AAD);
  }
  
  RUNNER_TEST_MULTIPLE(TED_1300_rsa_label, SyncEnv, AsyncEnv)
  {
      RUNNER_IGNORED_MSG("RSA-OAEP labels are not supported in openssl");
-    encryptionWithCustomData(RSA_OAEP_1024, CKMC_PARAM_ED_LABEL);
-    encryptionWithCustomData(RSA_OAEP_2048, CKMC_PARAM_ED_LABEL);
-    encryptionWithCustomData(RSA_OAEP_4096, CKMC_PARAM_ED_LABEL);
+    encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 1024}, CKMC_PARAM_ED_LABEL);
+    encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 2048}, CKMC_PARAM_ED_LABEL);
+    encryptionWithCustomData({CKMC_ALGO_RSA_OAEP, 4096}, CKMC_PARAM_ED_LABEL);
  }
  
  RUNNER_TEST_MULTIPLE(TED_1330_rsa_longest_data, SyncEnv, AsyncEnv)
  {
-    testRsaLongestData(RSA_OAEP_1024, 86);
-    testRsaLongestData(RSA_OAEP_2048, 214);
-    testRsaLongestData(RSA_OAEP_4096, 470);
+    testRsaLongestData({CKMC_ALGO_RSA_OAEP, 1024}, 86);
+    testRsaLongestData({CKMC_ALGO_RSA_OAEP, 2048}, 214);
+    testRsaLongestData({CKMC_ALGO_RSA_OAEP, 4096}, 470);
  }
  
  RUNNER_TEST_MULTIPLE(TED_1350_rsa_data_too_long, SyncEnv, AsyncEnv)
  {
-    testRsaDataTooLong(RSA_OAEP_1024, 87);
-    testRsaDataTooLong(RSA_OAEP_2048, 215);
-    testRsaDataTooLong(RSA_OAEP_4096, 471);
+    testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 1024}, 87);
+    testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 2048}, 215);
+    testRsaDataTooLong({CKMC_ALGO_RSA_OAEP, 4096}, 471);
  }
  
  /////////////////////////////////////////
  // Asynchronous only tests
  /////////////////////////////////////////
-RUNNER_TEST(TED_2000_enc_no_observer_async, EncEnv)
+RUNNER_TEST(TED_2000_enc_no_observer_async, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
+    testAllAlgorithms([](const Algo& algo){
          // prepare buffers
          RawBuffer plain = createRandomBuffer(BUF_LEN);
  
          // keys
-        KeyAliasPair aliases = algo->keyGen(nullptr);
+        KeyAliasPair aliases = getKey(algo, PRIMARY);
  
          // params
          ckmc_param_list_h handle = NULL;
-        assert_positive(ckmc_generate_new_params, algo->m_type, &handle);
+        assert_positive(ckmc_generate_new_params, algo.type, &handle);
          ParamListPtr params = ParamListPtr(handle, ckmc_param_list_free);
-        setParam(params, CKMC_PARAM_ED_IV, createRandomBufferCAPI(DEFAULT_IV_LEN));
+        setParam(params, CKMC_PARAM_ED_IV, DEFAULT_IV);
  
          // encrypt
          test_no_observer(&ManagerAsync::encrypt,
@@ -1519,12 +1454,9 @@ RUNNER_TEST(TED_2000_enc_no_observer_async, EncEnv)
  
  RUNNER_TEST(TED_2010_dec_no_observer_async, AsyncEnv)
  {
-    testAllAlgorithms([](const AlgoBasePtr& algo){
-        // prepare buffers
-        RawBufferPtr plain = create_raw_buffer(createRandomBufferCAPI(BUF_LEN));
-
+    testAllAlgorithms([](const Algo& algo){
          // encrypt
-        auto ret = encrypt(algo, plain);
+        auto ret = encrypt(algo, PLAIN_DATA);
          RawBuffer encrypted(ret.encrypted->data, ret.encrypted->data + ret.encrypted->size);
  
          // decrypt
author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Tue, 19 Mar 2019 10:38:27 +0000 (11:38 +0100)
committer	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Thu, 4 Apr 2019 15:03:25 +0000 (15:03 +0000)