689 lines
22 KiB
Diff
689 lines
22 KiB
Diff
From dac3ac92ade67612657120335934d784edf49dbb Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Wed, 26 May 2021 20:03:25 +0300
|
|
Subject: [PATCH 1/3] openssl 3.0: Run DES tests only if OpenSSL allows it
|
|
|
|
OpenSSL 3.0 moves DES into a legacy provider which has to be loaded
|
|
explicitly. By default, it will not be loaded and DES methods in tests
|
|
will fail. Nest test blocks under successful initialization.
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++---------------
|
|
1 file changed, 182 insertions(+), 168 deletions(-)
|
|
|
|
diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp
|
|
index bcb1c6b..aa68746 100644
|
|
--- a/src/lib/crypto/test/DESTests.cpp
|
|
+++ b/src/lib/crypto/test/DESTests.cpp
|
|
@@ -259,54 +259,58 @@ void DESTests::testCBC()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV));
|
|
+ if (des->encryptInit(&desKey56, SymMode::CBC, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+
|
|
+ }
|
|
|
|
// Test 112-bit key
|
|
cipherText = ByteString(testResult[i][j][1]);
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV));
|
|
+ if (des->encryptInit(&desKey112, SymMode::CBC, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
+
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
#endif
|
|
|
|
// Test 168-bit key
|
|
@@ -314,27 +318,28 @@ void DESTests::testCBC()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV));
|
|
+ if (des->encryptInit(&desKey168, SymMode::CBC, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
@@ -534,54 +539,56 @@ void DESTests::testECB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV));
|
|
+ if (des->encryptInit(&desKey56, SymMode::ECB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
|
|
// Test 112-bit key
|
|
cipherText = ByteString(testResult[i][j][1]);
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV));
|
|
+ if (des->encryptInit(&desKey112, SymMode::ECB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
#endif
|
|
|
|
// Test 168-bit key
|
|
@@ -589,27 +596,28 @@ void DESTests::testECB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV));
|
|
+ if (des->encryptInit(&desKey168, SymMode::ECB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
@@ -809,54 +817,56 @@ void DESTests::testOFB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV));
|
|
+ if (des->encryptInit(&desKey56, SymMode::OFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
|
|
// Test 112-bit key
|
|
cipherText = ByteString(testResult[i][j][1]);
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV));
|
|
+ if (des->encryptInit(&desKey112, SymMode::OFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
#endif
|
|
|
|
// Test 168-bit key
|
|
@@ -864,27 +874,28 @@ void DESTests::testOFB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV));
|
|
+ if (des->encryptInit(&desKey168, SymMode::OFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
@@ -1083,54 +1094,56 @@ void DESTests::testCFB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV));
|
|
+ if (des->encryptInit(&desKey56, SymMode::CFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
|
|
// Test 112-bit key
|
|
cipherText = ByteString(testResult[i][j][1]);
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV));
|
|
+ if (des->encryptInit(&desKey112, SymMode::CFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
#endif
|
|
|
|
// Test 168-bit key
|
|
@@ -1138,27 +1151,28 @@ void DESTests::testCFB()
|
|
|
|
// Now, do the same thing using our DES implementation
|
|
shsmCipherText.wipe();
|
|
- CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV));
|
|
+ if (des->encryptInit(&desKey168, SymMode::CFB, IV)) {
|
|
|
|
- CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
- shsmCipherText += OB;
|
|
+ CPPUNIT_ASSERT(des->encryptFinal(OB));
|
|
+ shsmCipherText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
+ CPPUNIT_ASSERT(shsmCipherText == cipherText);
|
|
|
|
- // Check that we can get the plain text
|
|
- shsmPlainText.wipe();
|
|
- CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
|
|
+ // Check that we can get the plain text
|
|
+ shsmPlainText.wipe();
|
|
+ CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV));
|
|
|
|
- CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
- shsmPlainText += OB;
|
|
+ CPPUNIT_ASSERT(des->decryptFinal(OB));
|
|
+ shsmPlainText += OB;
|
|
|
|
- CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ CPPUNIT_ASSERT(shsmPlainText == plainText);
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
--
|
|
2.31.1
|
|
|
|
|
|
From d8d38bd2e9b24f200c96682d1bd0967444f064ed Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Wed, 26 May 2021 20:09:31 +0300
|
|
Subject: [PATCH 2/3] openssl 3.0: use 2048 instead of 1024 bit for RSA tests
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
src/lib/crypto/test/RSATests.cpp | 11 ++++-------
|
|
1 file changed, 4 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
|
|
index 6af1e19..e583b8b 100644
|
|
--- a/src/lib/crypto/test/RSATests.cpp
|
|
+++ b/src/lib/crypto/test/RSATests.cpp
|
|
@@ -78,7 +78,6 @@ void RSATests::testKeyGeneration()
|
|
|
|
// Key sizes to test
|
|
std::vector<size_t> keySizes;
|
|
- keySizes.push_back(1024);
|
|
#ifndef WITH_FIPS
|
|
keySizes.push_back(1025);
|
|
#endif
|
|
@@ -111,12 +110,12 @@ void RSATests::testKeyGeneration()
|
|
|
|
void RSATests::testSerialisation()
|
|
{
|
|
- // Generate a 1024-bit key-pair for testing
|
|
+ // Generate a 2048-bit key-pair for testing
|
|
AsymmetricKeyPair* kp;
|
|
RSAParameters p;
|
|
|
|
p.setE("010001");
|
|
- p.setBitLength(1024);
|
|
+ p.setBitLength(2048);
|
|
|
|
CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
|
|
CPPUNIT_ASSERT(kp != NULL);
|
|
@@ -204,12 +203,12 @@ void RSATests::testSerialisation()
|
|
|
|
void RSATests::testPKCS8()
|
|
{
|
|
- // Generate a 1024-bit key-pair for testing
|
|
+ // Generate a 2048-bit key-pair for testing
|
|
AsymmetricKeyPair* kp;
|
|
RSAParameters p;
|
|
|
|
p.setE("010001");
|
|
- p.setBitLength(1024);
|
|
+ p.setBitLength(2048);
|
|
|
|
CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
|
|
CPPUNIT_ASSERT(kp != NULL);
|
|
@@ -253,7 +252,6 @@ void RSATests::testSigningVerifying()
|
|
|
|
// Key sizes to test
|
|
std::vector<size_t> keySizes;
|
|
- keySizes.push_back(1024);
|
|
keySizes.push_back(1280);
|
|
keySizes.push_back(2048);
|
|
//keySizes.push_back(4096);
|
|
@@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt()
|
|
|
|
// Key sizes to test
|
|
std::vector<size_t> keySizes;
|
|
- keySizes.push_back(1024);
|
|
keySizes.push_back(1280);
|
|
keySizes.push_back(2048);
|
|
//keySizes.push_back(4096);
|
|
--
|
|
2.31.1
|
|
|
|
|
|
From 6a35c45aeae805b238cb18652a78419b1e43ad5c Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Wed, 26 May 2021 22:29:22 +0300
|
|
Subject: [PATCH 3/3] openssl 3.0: Skip tests with unsupported key sizes
|
|
|
|
OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL,
|
|
CentOS 9 Stream) might block certain key sizes which causes the tests to
|
|
fail. Skip these tests because we are not going to get the results
|
|
anyway.
|
|
|
|
There is no way with CPPUNIT to produce a warning only, so we have to
|
|
skip the whole test result.
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++-------------
|
|
1 file changed, 18 insertions(+), 13 deletions(-)
|
|
|
|
diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp
|
|
index e583b8b..3b397d2 100644
|
|
--- a/src/lib/crypto/test/RSATests.cpp
|
|
+++ b/src/lib/crypto/test/RSATests.cpp
|
|
@@ -92,18 +92,19 @@ void RSATests::testKeyGeneration()
|
|
p.setE(*e);
|
|
p.setBitLength(*k);
|
|
|
|
- // Generate key-pair
|
|
- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
|
|
+ // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0
|
|
+ if (rsa->generateKeyPair(&kp, &p)) {
|
|
|
|
- RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
|
|
- RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
|
|
+ RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey();
|
|
+ RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey();
|
|
|
|
- CPPUNIT_ASSERT(pub->getBitLength() == *k);
|
|
- CPPUNIT_ASSERT(priv->getBitLength() == *k);
|
|
- CPPUNIT_ASSERT(pub->getE() == *e);
|
|
- CPPUNIT_ASSERT(priv->getE() == *e);
|
|
+ CPPUNIT_ASSERT(pub->getBitLength() == *k);
|
|
+ CPPUNIT_ASSERT(priv->getBitLength() == *k);
|
|
+ CPPUNIT_ASSERT(pub->getE() == *e);
|
|
+ CPPUNIT_ASSERT(priv->getE() == *e);
|
|
|
|
- rsa->recycleKeyPair(kp);
|
|
+ rsa->recycleKeyPair(kp);
|
|
+ }
|
|
}
|
|
}
|
|
}
|
|
@@ -291,8 +292,10 @@ void RSATests::testSigningVerifying()
|
|
p.setE(*e);
|
|
p.setBitLength(*k);
|
|
|
|
- // Generate key-pair
|
|
- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
|
|
+ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
|
|
+ if (!rsa->generateKeyPair(&kp, &p)) {
|
|
+ continue;
|
|
+ }
|
|
|
|
// Generate some data to sign
|
|
ByteString dataToSign;
|
|
@@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt()
|
|
p.setE(*e);
|
|
p.setBitLength(*k);
|
|
|
|
- // Generate key-pair
|
|
- CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p));
|
|
+ // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0
|
|
+ if (!rsa->generateKeyPair(&kp, &p)) {
|
|
+ continue;
|
|
+ }
|
|
|
|
RNG* rng = CryptoFactory::i()->getRNG();
|
|
|
|
--
|
|
2.31.1
|
|
|