Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:redwil:15.4
softhsm
softhsm-openssl3-tests.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File softhsm-openssl3-tests.patch of Package softhsm
From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <abokovoy@redhat.com> Date: Wed, 26 May 2021 20:03:25 +0300 Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it OpenSSL 3.0 moves DES into a legacy provider which has to be loaded explicitly. By default, it will not be loaded and DES methods in tests will fail. Nest test blocks under successful initialization. Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> --- src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++--------------- 1 file changed, 182 insertions(+), 168 deletions(-) diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp index bcb1c6b..aa68746 100644 --- a/src/lib/crypto/test/DESTests.cpp +++ b/src/lib/crypto/test/DESTests.cpp @@ -259,54 +259,58 @@ void DESTests::testCBC() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV)); + if (des->encryptInit(&desKey56, SymMode::CBC, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV)); + if (des->encryptInit(&desKey112, SymMode::CBC, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; + + CPPUNIT_ASSERT(shsmPlainText == plainText); + } - CPPUNIT_ASSERT(shsmPlainText == plainText); #endif // Test 168-bit key @@ -314,27 +318,28 @@ void DESTests::testCBC() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV)); + if (des->encryptInit(&desKey168, SymMode::CBC, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } @@ -534,54 +539,56 @@ void DESTests::testECB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV)); + if (des->encryptInit(&desKey56, SymMode::ECB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV)); + if (des->encryptInit(&desKey112, SymMode::ECB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } #endif // Test 168-bit key @@ -589,27 +596,28 @@ void DESTests::testECB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV)); + if (des->encryptInit(&desKey168, SymMode::ECB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } @@ -809,54 +817,56 @@ void DESTests::testOFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV)); + if (des->encryptInit(&desKey56, SymMode::OFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV)); + if (des->encryptInit(&desKey112, SymMode::OFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } #endif // Test 168-bit key @@ -864,27 +874,28 @@ void DESTests::testOFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV)); + if (des->encryptInit(&desKey168, SymMode::OFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } @@ -1083,54 +1094,56 @@ void DESTests::testCFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV)); + if (des->encryptInit(&desKey56, SymMode::CFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV)); + if (des->encryptInit(&desKey112, SymMode::CFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } #endif // Test 168-bit key @@ -1138,27 +1151,28 @@ void DESTests::testCFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV)); + if (des->encryptInit(&desKey168, SymMode::CFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } -- 2.31.1 From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <abokovoy@redhat.com> Date: Wed, 26 May 2021 20:09:31 +0300 Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> --- src/lib/crypto/test/RSATests.cpp | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp index 6af1e19..e583b8b 100644 --- a/src/lib/crypto/test/RSATests.cpp +++ b/src/lib/crypto/test/RSATests.cpp @@ -78,7 +78,6 @@ void RSATests::testKeyGeneration() // Key sizes to test std::vector<size_t> keySizes; - keySizes.push_back(1024); #ifndef WITH_FIPS keySizes.push_back(1025); #endif @@ -111,12 +110,12 @@ void RSATests::testKeyGeneration() void RSATests::testSerialisation() { - // Generate a 1024-bit key-pair for testing + // Generate a 2048-bit key-pair for testing AsymmetricKeyPair* kp; RSAParameters p; p.setE("010001"); - p.setBitLength(1024); + p.setBitLength(2048); CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); CPPUNIT_ASSERT(kp != NULL); @@ -204,12 +203,12 @@ void RSATests::testSerialisation() void RSATests::testPKCS8() { - // Generate a 1024-bit key-pair for testing + // Generate a 2048-bit key-pair for testing AsymmetricKeyPair* kp; RSAParameters p; p.setE("010001"); - p.setBitLength(1024); + p.setBitLength(2048); CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); CPPUNIT_ASSERT(kp != NULL); @@ -253,7 +252,6 @@ void RSATests::testSigningVerifying() // Key sizes to test std::vector<size_t> keySizes; - keySizes.push_back(1024); keySizes.push_back(1280); keySizes.push_back(2048); //keySizes.push_back(4096); @@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt() // Key sizes to test std::vector<size_t> keySizes; - keySizes.push_back(1024); keySizes.push_back(1280); keySizes.push_back(2048); //keySizes.push_back(4096); -- 2.31.1 From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <abokovoy@redhat.com> Date: Wed, 26 May 2021 22:29:22 +0300 Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL, CentOS 9 Stream) might block certain key sizes which causes the tests to fail. Skip these tests because we are not going to get the results anyway. There is no way with CPPUNIT to produce a warning only, so we have to skip the whole test result. Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> --- src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp index e583b8b..3b397d2 100644 --- a/src/lib/crypto/test/RSATests.cpp +++ b/src/lib/crypto/test/RSATests.cpp @@ -92,18 +92,19 @@ void RSATests::testKeyGeneration() p.setE(*e); p.setBitLength(*k); - // Generate key-pair - CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0 + if (rsa->generateKeyPair(&kp, &p)) { - RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); - RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); + RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); + RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); - CPPUNIT_ASSERT(pub->getBitLength() == *k); - CPPUNIT_ASSERT(priv->getBitLength() == *k); - CPPUNIT_ASSERT(pub->getE() == *e); - CPPUNIT_ASSERT(priv->getE() == *e); + CPPUNIT_ASSERT(pub->getBitLength() == *k); + CPPUNIT_ASSERT(priv->getBitLength() == *k); + CPPUNIT_ASSERT(pub->getE() == *e); + CPPUNIT_ASSERT(priv->getE() == *e); - rsa->recycleKeyPair(kp); + rsa->recycleKeyPair(kp); + } } } } @@ -291,8 +292,10 @@ void RSATests::testSigningVerifying() p.setE(*e); p.setBitLength(*k); - // Generate key-pair - CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 + if (!rsa->generateKeyPair(&kp, &p)) { + continue; + } // Generate some data to sign ByteString dataToSign; @@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt() p.setE(*e); p.setBitLength(*k); - // Generate key-pair - CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 + if (!rsa->generateKeyPair(&kp, &p)) { + continue; + } RNG* rng = CryptoFactory::i()->getRNG(); -- 2.31.1 From ca037b327fc77b8a7078c63118f507a157d3c913 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <abokovoy@redhat.com> Date: Thu, 27 May 2021 15:08:02 +0300 Subject: [PATCH 4/4] openssl3: skip DES* tests Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> --- src/lib/test/DeriveTests.cpp | 16 ++- src/lib/test/ObjectTests.cpp | 21 ++-- src/lib/test/SymmetricAlgorithmTests.cpp | 129 +++++++++++++---------- 3 files changed, 100 insertions(+), 66 deletions(-) diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp index 9438ac2..275c399 100644 --- a/src/lib/test/DeriveTests.cpp +++ b/src/lib/test/DeriveTests.cpp @@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32 }; CK_ULONG secLen = 0; + CK_BBOOL oldMechs = CK_FALSE; switch (mechType) { case CKM_DES_ECB_ENCRYPT_DATA: case CKM_DES3_ECB_ENCRYPT_DATA: + oldMechs = CK_TRUE; + /* fall-through */ case CKM_AES_ECB_ENCRYPT_DATA: param1.pData = &data[0]; param1.ulLen = sizeof(data); @@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C break; case CKM_DES_CBC_ENCRYPT_DATA: case CKM_DES3_CBC_ENCRYPT_DATA: + oldMechs = CK_TRUE; memcpy(param2.iv, "12345678", 8); param2.pData = &data[0]; param2.length = sizeof(data); @@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C break; case CKK_DES: mechEncrypt.mechanism = CKM_DES_ECB; + oldMechs = CK_TRUE; break; case CKK_DES2: case CKK_DES3: mechEncrypt.mechanism = CKM_DES3_ECB; + oldMechs = CK_TRUE; break; case CKK_AES: mechEncrypt.mechanism = CKM_AES_ECB; @@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1, &hDerive) ); } - CPPUNIT_ASSERT(rv == CKR_OK); + if (rv != CKR_OK && oldMechs == CK_TRUE) { + // Skip old mechanisms, they don't work under this crypto library + return; + } + CPPUNIT_ASSERT(rv==CKR_OK); // Check that KCV has been set CK_ATTRIBUTE checkAttribs[] = { @@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C CK_ULONG ulRecoveredTextLen; rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) ); + if (rv != CKR_OK && oldMechs == CK_TRUE) { + // Skip old mechanisms, they don't work under this crypto library + return; + } CPPUNIT_ASSERT(rv==CKR_OK); ulCipherTextLen = sizeof(cipherText); diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp index 9491ce1..4ffc1c8 100644 --- a/src/lib/test/ObjectTests.cpp +++ b/src/lib/test/ObjectTests.cpp @@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey() CPPUNIT_ASSERT(rv == CKR_OK); rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); - CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); + // If DES key is not supported, skip it + if (attribKCV[0].ulValueLen == 3) { + CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); + } rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); @@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey() rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); - CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); - CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); + // If DES2 key is not supported, skip it + if (rv == CKR_OK) { + if (attribKCV[0].ulValueLen == 3) { + CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); + } + } rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); @@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey() CPPUNIT_ASSERT(rv == CKR_OK); rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); - CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); + // If DES3 key is not supported, skip it + if (attribKCV[0].ulValueLen == 3) { + CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); + } rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); } diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp index b24caaf..1994563 100644 --- a/src/lib/test/SymmetricAlgorithmTests.cpp +++ b/src/lib/test/SymmetricAlgorithmTests.cpp @@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt( std::vector<CK_BYTE> vEncryptedData; std::vector<CK_BYTE> vEncryptedDataParted; PartSize partSize(blockSize, &vData); + CK_BBOOL oldMechs = CK_FALSE; + CK_RV rv = CKR_OK; CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) ); @@ -233,6 +235,8 @@ void SymmetricAlgorithmTests::encryptDecrypt( case CKM_DES_CBC_PAD: case CKM_DES3_CBC: case CKM_DES3_CBC_PAD: + oldMechs = CK_TRUE; + /* fall-through */ case CKM_AES_CBC: case CKM_AES_CBC_PAD: pMechanism->pParameter = (CK_VOID_PTR)&vData.front(); @@ -246,12 +250,18 @@ void SymmetricAlgorithmTests::encryptDecrypt( pMechanism->pParameter = &gcmParams; pMechanism->ulParameterLen = sizeof(gcmParams); break; + case CKM_DES_ECB: + case CKM_DES3_ECB: + oldMechs = CK_TRUE; + break; default: break; } // Single-part encryption - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); + rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); + CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); + if (oldMechs == CK_FALSE) { CK_ULONG ulEncryptedDataLen; const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) ); @@ -267,40 +277,42 @@ void SymmetricAlgorithmTests::encryptDecrypt( } // Multi-part encryption - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); - - for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) { - const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i ); - CK_ULONG ulEncryptedPartLen; - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) ); - const size_t oldSize( vEncryptedDataParted.size() ); - vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); - CK_BYTE dummy; - const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); - vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); - } - { - CK_ULONG ulLastEncryptedPartLen; - const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); - if ( isSizeOK ) { - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); + rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); + CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); + if (oldMechs == CK_FALSE) { + for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) { + const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i ); + CK_ULONG ulEncryptedPartLen; + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) ); const size_t oldSize( vEncryptedDataParted.size() ); + vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); CK_BYTE dummy; - vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); - const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); - vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); - } else { - CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); - vEncryptedDataParted = vData; + const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); + vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); + } + { + CK_ULONG ulLastEncryptedPartLen; + const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); + if ( isSizeOK ) { + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); + const size_t oldSize( vEncryptedDataParted.size() ); + CK_BYTE dummy; + vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); + const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); + vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); + } else { + CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); + vEncryptedDataParted = vData; + } } } // Single-part decryption - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) ); - - { + rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); + CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); + if (oldMechs == CK_FALSE) { CK_ULONG ulDataLen; const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) ); if ( isSizeOK ) { @@ -315,8 +327,9 @@ void SymmetricAlgorithmTests::encryptDecrypt( } // Multi-part decryption - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) ); - { + rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); + CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); + if (oldMechs == CK_FALSE) { std::vector<CK_BYTE> vDecryptedData; CK_BYTE dummy; for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) { @@ -977,44 +990,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt() // Generate all combinations of session/token keys. rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey); - CPPUNIT_ASSERT(rv == CKR_OK); - - encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); - encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); - encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); - encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + if (rv == CKR_OK) { + encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); + encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); + encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + } CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE; // Generate all combinations of session/token keys. rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2); - CPPUNIT_ASSERT(rv == CKR_OK); - - encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1); - encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1); - encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); - encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + if (rv == CKR_OK) { + encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1); + encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1); + encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + } #endif CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE; // Generate all combinations of session/token keys. rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3); - CPPUNIT_ASSERT(rv == CKR_OK); - - encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1); - encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1); - encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); - encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + if (rv == CKR_OK) { + encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1); + encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1); + encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + } } void SymmetricAlgorithmTests::testNullTemplate() -- 2.31.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor