You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1012 lines
37 KiB
1012 lines
37 KiB
From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Wed, 26 May 2021 20:03:25 +0300
|
|
Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
|
|
|
|
OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
|
|
explicitly. By default, it will not be loaded and DES methods in tests
|
|
will fail. Nest test blocks under successful initialization.
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
|
|
1 file changed, 182 insertions(+), 168 deletions(-)
|
|
|
|
diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp
|
|
index bcb1c6b..aa68746 100644
|
|
--- a/src/lib/crypto/test/DESTests.cpp
|
|
+++ b/src/lib/crypto/test/DESTests.cpp
|
|
@@ -259,54 +259,58 @@ void DESTests::testCBC()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV));
|
|
+ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+
|
|
+ }
|
|
|
|
// Test 112-bit key
|
|
cipherText = ByteString(testResult[i][j][1]);
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV));
|
|
+ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
+
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
#endif
|
|
|
|
// Test 168-bit key
|
|
@@ -314,27 +318,28 @@ void DESTests::testCBC()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV));
|
|
+ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
@@ -534,54 +539,56 @@ void DESTests::testECB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV));
|
|
+ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
|
|
// Test 112-bit key
|
|
cipherText = ByteString(testResult[i][j][1]);
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV));
|
|
+ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
#endif
|
|
|
|
// Test 168-bit key
|
|
@@ -589,27 +596,28 @@ void DESTests::testECB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV));
|
|
+ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
@@ -809,54 +817,56 @@ void DESTests::testOFB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV));
|
|
+ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
|
|
// Test 112-bit key
|
|
cipherText = ByteString(testResult[i][j][1]);
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV));
|
|
+ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
#endif
|
|
|
|
// Test 168-bit key
|
|
@@ -864,27 +874,28 @@ void DESTests::testOFB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV));
|
|
+ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
@@ -1083,54 +1094,56 @@ void DESTests::testCFB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV));
|
|
+ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
|
|
// Test 112-bit key
|
|
cipherText = ByteString(testResult[i][j][1]);
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV));
|
|
+ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
#endif
|
|
|
|
// Test 168-bit key
|
|
@@ -1138,27 +1151,28 @@ void DESTests::testCFB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV));
|
|
+ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
--
|
|
2.31.1
|
|
|
|
|
|
From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Wed, 26 May 2021 20:09:31 +0300
|
|
Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
src/lib/crypto/test/RSATests.cpp | 11 ++++-------
|
|
1 file changed, 4 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
|
|
index 6af1e19..e583b8b 100644
|
|
--- a/src/lib/crypto/test/RSATests.cpp
|
|
+++ b/src/lib/crypto/test/RSATests.cpp
|
|
@@ -78,7 +78,6 @@ void RSATests::testKeyGeneration()
|
|
|
|
// Key sizes to test
|
|
std::vector<size_t> keySizes;
|
|
- keySizes.push_back(1024);
|
|
#ifndef WITH_FIPS
|
|
keySizes.push_back(1025);
|
|
#endif
|
|
@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration()
|
|
|
|
void RSATests::testSerialisation()
|
|
{
|
|
- // Generate a 1024-bit key-pair for testing
|
|
+ // Generate a 2048-bit key-pair for testing
|
|
AsymmetricKeyPair* kp;
|
|
RSAParameters p;
|
|
|
|
p.setE("010001");
|
|
- p.setBitLength(1024);
|
|
+ p.setBitLength(2048);
|
|
|
|
CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
|
|
CPPUNIT_ASSERT(kp != NULL);
|
|
@@ -204,12 +203,12 @@ void RSATests::testSerialisation()
|
|
|
|
void RSATests::testPKCS8()
|
|
{
|
|
- // Generate a 1024-bit key-pair for testing
|
|
+ // Generate a 2048-bit key-pair for testing
|
|
AsymmetricKeyPair* kp;
|
|
RSAParameters p;
|
|
|
|
p.setE("010001");
|
|
- p.setBitLength(1024);
|
|
+ p.setBitLength(2048);
|
|
|
|
CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
|
|
CPPUNIT_ASSERT(kp != NULL);
|
|
@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying()
|
|
|
|
// Key sizes to test
|
|
std::vector<size_t> keySizes;
|
|
- keySizes.push_back(1024);
|
|
keySizes.push_back(1280);
|
|
keySizes.push_back(2048);
|
|
//keySizes.push_back(4096);
|
|
@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt()
|
|
|
|
// Key sizes to test
|
|
std::vector<size_t> keySizes;
|
|
- keySizes.push_back(1024);
|
|
keySizes.push_back(1280);
|
|
keySizes.push_back(2048);
|
|
//keySizes.push_back(4096);
|
|
--
|
|
2.31.1
|
|
|
|
|
|
From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Wed, 26 May 2021 22:29:22 +0300
|
|
Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes
|
|
|
|
OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL,
|
|
CentOS 9 Stream) might block certain key sizes which causes the tests to
|
|
fail. Skip these tests because we are not going to get the results
|
|
anyway.
|
|
|
|
There is no way with CPPUNIT to produce a warning only, so we have to
|
|
skip the whole test result.
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++-------------
|
|
1 file changed, 18 insertions(+), 13 deletions(-)
|
|
|
|
diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
|
|
index e583b8b..3b397d2 100644
|
|
--- a/src/lib/crypto/test/RSATests.cpp
|
|
+++ b/src/lib/crypto/test/RSATests.cpp
|
|
@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration()
|
|
p.setE(*e);
|
|
p.setBitLength(*k);
|
|
|
|
- // Generate key-pair
|
|
- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
|
|
+ // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0
|
|
+ if (rsa->generateKeyPair(&kp, &p)) {
|
|
|
|
- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
|
|
- RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
|
|
+ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
|
|
+ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
|
|
|
|
- CPPUNIT_ASSERT(pub->getBitLength() == *k);
|
|
- CPPUNIT_ASSERT(priv->getBitLength() == *k);
|
|
- CPPUNIT_ASSERT(pub->getE() == *e);
|
|
- CPPUNIT_ASSERT(priv->getE() == *e);
|
|
+ CPPUNIT_ASSERT(pub->getBitLength() == *k);
|
|
+ CPPUNIT_ASSERT(priv->getBitLength() == *k);
|
|
+ CPPUNIT_ASSERT(pub->getE() == *e);
|
|
+ CPPUNIT_ASSERT(priv->getE() == *e);
|
|
|
|
- rsa->recycleKeyPair(kp);
|
|
+ rsa->recycleKeyPair(kp);
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying()
|
|
p.setE(*e);
|
|
p.setBitLength(*k);
|
|
|
|
- // Generate key-pair
|
|
- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
|
|
+ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
|
|
+ if (!rsa->generateKeyPair(&kp, &p)) {
|
|
+ continue;
|
|
+ }
|
|
|
|
// Generate some data to sign
|
|
ByteString dataToSign;
|
|
@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt()
|
|
p.setE(*e);
|
|
p.setBitLength(*k);
|
|
|
|
- // Generate key-pair
|
|
- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
|
|
+ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
|
|
+ if (!rsa->generateKeyPair(&kp, &p)) {
|
|
+ continue;
|
|
+ }
|
|
|
|
RNG* rng = CryptoFactory::i()->getRNG();
|
|
|
|
--
|
|
2.31.1
|
|
|
|
|
|
From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Thu, 27 May 2021 15:08:02 +0300
|
|
Subject: [PATCH 4/4] openssl3: skip DES* tests
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
src/lib/test/DeriveTests.cpp | 16 ++-
|
|
src/lib/test/ObjectTests.cpp | 21 ++--
|
|
src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++----------
|
|
3 files changed, 100 insertions(+), 66 deletions(-)
|
|
|
|
diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp
|
|
index 9438ac2..275c399 100644
|
|
--- a/src/lib/test/DeriveTests.cpp
|
|
+++ b/src/lib/test/DeriveTests.cpp
|
|
@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
|
|
0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
|
|
};
|
|
CK_ULONG secLen = 0;
|
|
+ CK_BBOOL oldMechs = CK_FALSE;
|
|
|
|
switch (mechType)
|
|
{
|
|
case CKM_DES_ECB_ENCRYPT_DATA:
|
|
case CKM_DES3_ECB_ENCRYPT_DATA:
|
|
+ oldMechs = CK_TRUE;
|
|
+ /* fall-through */
|
|
case CKM_AES_ECB_ENCRYPT_DATA:
|
|
param1.pData = &data[0];
|
|
param1.ulLen = sizeof(data);
|
|
@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
|
|
break;
|
|
case CKM_DES_CBC_ENCRYPT_DATA:
|
|
case CKM_DES3_CBC_ENCRYPT_DATA:
|
|
+ oldMechs = CK_TRUE;
|
|
memcpy(param2.iv, "12345678", 8);
|
|
param2.pData = &data[0];
|
|
param2.length = sizeof(data);
|
|
@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
|
|
break;
|
|
case CKK_DES:
|
|
mechEncrypt.mechanism = CKM_DES_ECB;
|
|
+ oldMechs = CK_TRUE;
|
|
break;
|
|
case CKK_DES2:
|
|
case CKK_DES3:
|
|
mechEncrypt.mechanism = CKM_DES3_ECB;
|
|
+ oldMechs = CK_TRUE;
|
|
break;
|
|
case CKK_AES:
|
|
mechEncrypt.mechanism = CKM_AES_ECB;
|
|
@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
|
|
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
|
|
&hDerive) );
|
|
}
|
|
- CPPUNIT_ASSERT(rv == CKR_OK);
|
|
+ if (rv != CKR_OK && oldMechs == CK_TRUE) {
|
|
+ // Skip old mechanisms, they don't work under this crypto library
|
|
+ return;
|
|
+ }
|
|
+ CPPUNIT_ASSERT(rv==CKR_OK);
|
|
|
|
// Check that KCV has been set
|
|
CK_ATTRIBUTE checkAttribs[] = {
|
|
@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
|
|
CK_ULONG ulRecoveredTextLen;
|
|
|
|
rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
|
|
+ if (rv != CKR_OK && oldMechs == CK_TRUE) {
|
|
+ // Skip old mechanisms, they don't work under this crypto library
|
|
+ return;
|
|
+ }
|
|
CPPUNIT_ASSERT(rv==CKR_OK);
|
|
|
|
ulCipherTextLen = sizeof(cipherText);
|
|
diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp
|
|
index 9491ce1..4ffc1c8 100644
|
|
--- a/src/lib/test/ObjectTests.cpp
|
|
+++ b/src/lib/test/ObjectTests.cpp
|
|
@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey()
|
|
CPPUNIT_ASSERT(rv == CKR_OK);
|
|
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
|
|
CPPUNIT_ASSERT(rv == CKR_OK);
|
|
- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
|
|
- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
|
|
+ // If DES key is not supported, skip it
|
|
+ if (attribKCV[0].ulValueLen == 3) {
|
|
+ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
|
|
+ }
|
|
rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
|
|
CPPUNIT_ASSERT(rv == CKR_OK);
|
|
|
|
@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey()
|
|
rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
|
|
CPPUNIT_ASSERT(rv == CKR_OK);
|
|
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
|
|
- CPPUNIT_ASSERT(rv == CKR_OK);
|
|
- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
|
|
- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
|
|
+ // If DES2 key is not supported, skip it
|
|
+ if (rv == CKR_OK) {
|
|
+ if (attribKCV[0].ulValueLen == 3) {
|
|
+ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
|
|
+ }
|
|
+ }
|
|
rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
|
|
CPPUNIT_ASSERT(rv == CKR_OK);
|
|
|
|
@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey()
|
|
CPPUNIT_ASSERT(rv == CKR_OK);
|
|
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
|
|
CPPUNIT_ASSERT(rv == CKR_OK);
|
|
- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
|
|
- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
|
|
+ // If DES3 key is not supported, skip it
|
|
+ if (attribKCV[0].ulValueLen == 3) {
|
|
+ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
|
|
+ }
|
|
rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
|
|
CPPUNIT_ASSERT(rv == CKR_OK);
|
|
}
|
|
diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
|
|
index b24caaf..1994563 100644
|
|
--- a/src/lib/test/SymmetricAlgorithmTests.cpp
|
|
+++ b/src/lib/test/SymmetricAlgorithmTests.cpp
|
|
@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
|
|
std::vector<CK_BYTE> vEncryptedData;
|
|
std::vector<CK_BYTE> vEncryptedDataParted;
|
|
PartSize partSize(blockSize, &vData);
|
|
+ CK_BBOOL oldMechs = CK_FALSE;
|
|
+ CK_RV rv = CKR_OK;
|
|
|
|
CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
|
|
|
|
@@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
|
|
case CKM_DES_CBC_PAD:
|
|
case CKM_DES3_CBC:
|
|
case CKM_DES3_CBC_PAD:
|
|
+ oldMechs = CK_TRUE;
|
|
+ /* fall-through */
|
|
case CKM_AES_CBC:
|
|
case CKM_AES_CBC_PAD:
|
|
pMechanism->pParameter = (CK_VOID_PTR)&vData.front();
|
|
@@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt(
|
|
pMechanism->pParameter = &gcmParams;
|
|
pMechanism->ulParameterLen = sizeof(gcmParams);
|
|
break;
|
|
+ case CKM_DES_ECB:
|
|
+ case CKM_DES3_ECB:
|
|
+ oldMechs = CK_TRUE;
|
|
+ break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
// Single-part encryption
|
|
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
|
|
+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
|
|
+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
|
|
+ if (oldMechs == CK_FALSE)
|
|
{
|
|
CK_ULONG ulEncryptedDataLen;
|
|
const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) );
|
|
@@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt(
|
|
}
|
|
|
|
// Multi-part encryption
|
|
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
|
|
-
|
|
- for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
|
|
- const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
|
|
- CK_ULONG ulEncryptedPartLen;
|
|
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
|
|
- const size_t oldSize( vEncryptedDataParted.size() );
|
|
- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
|
|
- CK_BYTE dummy;
|
|
- const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
|
|
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
|
|
- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
|
|
- }
|
|
- {
|
|
- CK_ULONG ulLastEncryptedPartLen;
|
|
- const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
|
|
- if ( isSizeOK ) {
|
|
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
|
|
+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
|
|
+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
|
|
+ if (oldMechs == CK_FALSE) {
|
|
+ for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
|
|
+ const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
|
|
+ CK_ULONG ulEncryptedPartLen;
|
|
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
|
|
const size_t oldSize( vEncryptedDataParted.size() );
|
|
+ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
|
|
CK_BYTE dummy;
|
|
- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
|
|
- const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
|
|
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
|
|
- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
|
|
- } else {
|
|
- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
|
|
- vEncryptedDataParted = vData;
|
|
+ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
|
|
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
|
|
+ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
|
|
+ }
|
|
+ {
|
|
+ CK_ULONG ulLastEncryptedPartLen;
|
|
+ const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
|
|
+ if ( isSizeOK ) {
|
|
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
|
|
+ const size_t oldSize( vEncryptedDataParted.size() );
|
|
+ CK_BYTE dummy;
|
|
+ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
|
|
+ const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
|
|
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
|
|
+ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
|
|
+ } else {
|
|
+ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
|
|
+ vEncryptedDataParted = vData;
|
|
+ }
|
|
}
|
|
}
|
|
|
|
// Single-part decryption
|
|
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
|
|
-
|
|
- {
|
|
+ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
|
|
+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
|
|
+ if (oldMechs == CK_FALSE) {
|
|
CK_ULONG ulDataLen;
|
|
const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) );
|
|
if ( isSizeOK ) {
|
|
@@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt(
|
|
}
|
|
|
|
// Multi-part decryption
|
|
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
|
|
- {
|
|
+ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
|
|
+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
|
|
+ if (oldMechs == CK_FALSE) {
|
|
std::vector<CK_BYTE> vDecryptedData;
|
|
CK_BYTE dummy;
|
|
for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) {
|
|
@@ -977,44 +990,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
|
|
|
|
// Generate all combinations of session/token keys.
|
|
rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
|
|
- CPPUNIT_ASSERT(rv == CKR_OK);
|
|
-
|
|
- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
|
|
- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
|
|
- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
+ if (rv == CKR_OK) {
|
|
+ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
|
|
+ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
|
|
+ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
+ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
+ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
+ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
+ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
+ }
|
|
|
|
CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
|
|
|
|
// Generate all combinations of session/token keys.
|
|
rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
|
|
- CPPUNIT_ASSERT(rv == CKR_OK);
|
|
-
|
|
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
|
|
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
|
|
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
+ if (rv == CKR_OK) {
|
|
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
|
|
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
|
|
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
+ }
|
|
#endif
|
|
|
|
CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
|
|
|
|
// Generate all combinations of session/token keys.
|
|
rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
|
|
- CPPUNIT_ASSERT(rv == CKR_OK);
|
|
-
|
|
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
|
|
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
|
|
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
+ if (rv == CKR_OK) {
|
|
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
|
|
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
|
|
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
|
|
+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
|
|
+ }
|
|
}
|
|
|
|
void SymmetricAlgorithmTests::testNullTemplate()
|
|
--
|
|
2.31.1
|
|
|