rpms
/
softhsm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix tests against OpenSSL 3.0 

Update tests to skip DES-like and RSA keys with lengths not supported by
OpenSSL 3.0

- Resolves: rhbz#1964838

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Alexander Bokovoy 2021-05-27 16:45:45 +03:00
parent 66209a4892
commit f72a8752b4
1 changed files with 328 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

334
softhsm-openssl3-tests.patch
View File

@ -1,7 +1,7 @@
From dac3ac92ade67612657120335934d784edf49dbb Mon Sep 17 00:00:00 2001 From 643f061e6fbe04552a2c49bd00528e61a9a77064 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com> From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 26 May 2021 20:03:25 +0300 Date: Wed, 26 May 2021 20:03:25 +0300
Subject: [PATCH 1/3] openssl 3.0: Run DES tests only if OpenSSL allows it Subject: [PATCH 1/4] openssl 3.0: Run DES tests only if OpenSSL allows it
OpenSSL 3.0 moves DES into a legacy provider which has to be loaded OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
explicitly. By default, it will not be loaded and DES methods in tests explicitly. By default, it will not be loaded and DES methods in tests
@ -534,10 +534,10 @@ index bcb1c6b..aa68746 100644
2.31.1 2.31.1
From d8d38bd2e9b24f200c96682d1bd0967444f064ed Mon Sep 17 00:00:00 2001 From 4e368d1b1d835b169d3b9f44e064813d132f3da6 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com> From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 26 May 2021 20:09:31 +0300 Date: Wed, 26 May 2021 20:09:31 +0300
Subject: [PATCH 2/3] openssl 3.0: use 2048 instead of 1024 bit for RSA tests Subject: [PATCH 2/4] openssl 3.0: use 2048 instead of 1024 bit for RSA tests
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
--- ---
@ -606,10 +606,10 @@ index 6af1e19..e583b8b 100644
2.31.1 2.31.1
From 6a35c45aeae805b238cb18652a78419b1e43ad5c Mon Sep 17 00:00:00 2001 From d8b6ebb67244f6fb4d2c8f72ae2b8bef5ca96bed Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com> From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 26 May 2021 22:29:22 +0300 Date: Wed, 26 May 2021 22:29:22 +0300
Subject: [PATCH 3/3] openssl 3.0: Skip tests with unsupported key sizes Subject: [PATCH 3/4] openssl 3.0: Skip tests with unsupported key sizes
OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL, OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL,
CentOS 9 Stream) might block certain key sizes which causes the tests to CentOS 9 Stream) might block certain key sizes which causes the tests to
@ -686,3 +686,325 @@ index e583b8b..3b397d2 100644
-- --
2.31.1 2.31.1
From 496fe2c8f5d4e7bdb99bd7f61bbcae0cd1f4a93b Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Thu, 27 May 2021 15:08:02 +0300
Subject: [PATCH 4/4] openssl3: skip DES* tests
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
src/lib/test/DeriveTests.cpp | 16 ++-
src/lib/test/ObjectTests.cpp | 21 ++--
src/lib/test/SymmetricAlgorithmTests.cpp | 128 +++++++++++++----------
3 files changed, 99 insertions(+), 66 deletions(-)
diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp
index 9438ac2..275c399 100644
--- a/src/lib/test/DeriveTests.cpp
+++ b/src/lib/test/DeriveTests.cpp
@@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32
};
CK_ULONG secLen = 0;
+ CK_BBOOL oldMechs = CK_FALSE;
switch (mechType)
{
case CKM_DES_ECB_ENCRYPT_DATA:
case CKM_DES3_ECB_ENCRYPT_DATA:
+ oldMechs = CK_TRUE;
+ /* fall-through */
case CKM_AES_ECB_ENCRYPT_DATA:
param1.pData = &data[0];
param1.ulLen = sizeof(data);
@@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
break;
case CKM_DES_CBC_ENCRYPT_DATA:
case CKM_DES3_CBC_ENCRYPT_DATA:
+ oldMechs = CK_TRUE;
memcpy(param2.iv, "12345678", 8);
param2.pData = &data[0];
param2.length = sizeof(data);
@@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
break;
case CKK_DES:
mechEncrypt.mechanism = CKM_DES_ECB;
+ oldMechs = CK_TRUE;
break;
case CKK_DES2:
case CKK_DES3:
mechEncrypt.mechanism = CKM_DES3_ECB;
+ oldMechs = CK_TRUE;
break;
case CKK_AES:
mechEncrypt.mechanism = CKM_AES_ECB;
@@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1,
&hDerive) );
}
- CPPUNIT_ASSERT(rv == CKR_OK);
+ if (rv != CKR_OK && oldMechs == CK_TRUE) {
+ // Skip old mechanisms, they don't work under this crypto library
+ return;
+ }
+ CPPUNIT_ASSERT(rv==CKR_OK);
// Check that KCV has been set
CK_ATTRIBUTE checkAttribs[] = {
@@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C
CK_ULONG ulRecoveredTextLen;
rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) );
+ if (rv != CKR_OK && oldMechs == CK_TRUE) {
+ // Skip old mechanisms, they don't work under this crypto library
+ return;
+ }
CPPUNIT_ASSERT(rv==CKR_OK);
ulCipherTextLen = sizeof(cipherText);
diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp
index 9491ce1..4ffc1c8 100644
--- a/src/lib/test/ObjectTests.cpp
+++ b/src/lib/test/ObjectTests.cpp
@@ -2370,8 +2370,10 @@ void ObjectTests::testCreateSecretKey()
CPPUNIT_ASSERT(rv == CKR_OK);
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
CPPUNIT_ASSERT(rv == CKR_OK);
- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
- CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
+ // If DES key is not supported, skip it
+ if (attribKCV[0].ulValueLen == 3) {
+ CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0);
+ }
rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
CPPUNIT_ASSERT(rv == CKR_OK);
@@ -2381,9 +2383,12 @@ void ObjectTests::testCreateSecretKey()
rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) );
CPPUNIT_ASSERT(rv == CKR_OK);
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
- CPPUNIT_ASSERT(rv == CKR_OK);
- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
- CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
+ // If DES2 key is not supported, skip it
+ if (rv == CKR_OK) {
+ if (attribKCV[0].ulValueLen == 3) {
+ CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0);
+ }
+ }
rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
CPPUNIT_ASSERT(rv == CKR_OK);
@@ -2394,8 +2399,10 @@ void ObjectTests::testCreateSecretKey()
CPPUNIT_ASSERT(rv == CKR_OK);
rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) );
CPPUNIT_ASSERT(rv == CKR_OK);
- CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3);
- CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
+ // If DES3 key is not supported, skip it
+ if (attribKCV[0].ulValueLen == 3) {
+ CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0);
+ }
rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) );
CPPUNIT_ASSERT(rv == CKR_OK);
}
diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp
index b24caaf..850b732 100644
--- a/src/lib/test/SymmetricAlgorithmTests.cpp
+++ b/src/lib/test/SymmetricAlgorithmTests.cpp
@@ -195,6 +195,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
std::vector<CK_BYTE> vEncryptedData;
std::vector<CK_BYTE> vEncryptedDataParted;
PartSize partSize(blockSize, &vData);
+ CK_BBOOL oldMechs = CK_FALSE;
+ CK_RV rv = CKR_OK;
CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) );
@@ -231,6 +233,8 @@ void SymmetricAlgorithmTests::encryptDecrypt(
{
case CKM_DES_CBC:
case CKM_DES_CBC_PAD:
+ oldMechs = CK_TRUE;
+ /* fall-through */
case CKM_DES3_CBC:
case CKM_DES3_CBC_PAD:
case CKM_AES_CBC:
@@ -246,12 +250,17 @@ void SymmetricAlgorithmTests::encryptDecrypt(
pMechanism->pParameter = &gcmParams;
pMechanism->ulParameterLen = sizeof(gcmParams);
break;
+ case CKM_DES_ECB:
+ oldMechs = CK_TRUE;
+ break;
default:
break;
}
// Single-part encryption
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
+ if (oldMechs == CK_FALSE)
{
CK_ULONG ulEncryptedDataLen;
const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) );
@@ -267,40 +276,42 @@ void SymmetricAlgorithmTests::encryptDecrypt(
}
// Multi-part encryption
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) );
-
- for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
- const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
- CK_ULONG ulEncryptedPartLen;
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
- const size_t oldSize( vEncryptedDataParted.size() );
- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
- CK_BYTE dummy;
- const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
- vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
- }
- {
- CK_ULONG ulLastEncryptedPartLen;
- const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
- if ( isSizeOK ) {
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
+ rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) );
+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
+ if (oldMechs == CK_FALSE) {
+ for ( std::vector<CK_BYTE>::const_iterator i(vData.begin()); i<vData.end(); i+=partSize.getCurrent() ) {
+ const CK_ULONG lPartLen( i+partSize.getNext()<vData.end() ? partSize.getCurrent() : vData.end()-i );
+ CK_ULONG ulEncryptedPartLen;
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,NULL_PTR,&ulEncryptedPartLen) ) );
const size_t oldSize( vEncryptedDataParted.size() );
+ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
CK_BYTE dummy;
- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
- const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
- vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
- } else {
- CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
- vEncryptedDataParted = vData;
+ const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) );
+ vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen);
+ }
+ {
+ CK_ULONG ulLastEncryptedPartLen;
+ const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) );
+ if ( isSizeOK ) {
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv );
+ const size_t oldSize( vEncryptedDataParted.size() );
+ CK_BYTE dummy;
+ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+ const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy );
+ CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) );
+ vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen);
+ } else {
+ CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv);
+ vEncryptedDataParted = vData;
+ }
}
}
// Single-part decryption
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
-
- {
+ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
+ if (oldMechs == CK_FALSE) {
CK_ULONG ulDataLen;
const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) );
if ( isSizeOK ) {
@@ -315,8 +326,9 @@ void SymmetricAlgorithmTests::encryptDecrypt(
}
// Multi-part decryption
- CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) );
- {
+ rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) );
+ CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) );
+ if (oldMechs == CK_FALSE) {
std::vector<CK_BYTE> vDecryptedData;
CK_BYTE dummy;
for ( std::vector<CK_BYTE>::iterator i(vEncryptedDataParted.begin()); i<vEncryptedDataParted.end(); i+=partSize.getCurrent()) {
@@ -977,44 +989,44 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt()
// Generate all combinations of session/token keys.
rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey);
- CPPUNIT_ASSERT(rv == CKR_OK);
-
- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
- encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
- encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
- encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+ if (rv == CKR_OK) {
+ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+ encryptDecrypt(CKM_DES_CBC_PAD,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+ encryptDecrypt(CKM_DES_CBC,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST);
+ encryptDecrypt(CKM_DES_ECB,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+ }
CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE;
// Generate all combinations of session/token keys.
rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2);
- CPPUNIT_ASSERT(rv == CKR_OK);
-
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+ if (rv == CKR_OK) {
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST);
+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+ }
#endif
CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE;
// Generate all combinations of session/token keys.
rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3);
- CPPUNIT_ASSERT(rv == CKR_OK);
-
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
- encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
- encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
- encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+ if (rv == CKR_OK) {
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1);
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1);
+ encryptDecrypt(CKM_DES3_CBC_PAD,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+ encryptDecrypt(CKM_DES3_CBC,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST);
+ encryptDecrypt(CKM_DES3_ECB,blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false);
+ }
}
void SymmetricAlgorithmTests::testNullTemplate()
--
2.31.1