From e4e1a6f27d4e8ff777de97e03859ba38ce0446d3 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 29 Nov 2024 16:18:12 +0200 Subject: [PATCH 1/5] Add OpenSSL3 CI target Signed-off-by: Alexander Bokovoy --- .github/workflows/ci.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7b682239..34cea5a6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,6 +32,29 @@ jobs: run: | make check || (find . -name test-suite.log -exec cat {} \; && false) + linux_openssl3: + name: Linux (openssl 3) + runs-on: ubuntu-latest # for OpenSSL 3 + strategy: + fail-fast: false + matrix: + include: + - backend: openssl + steps: + - uses: actions/checkout@v4 + - name: Prepare + run: | + sudo apt update -qq + sudo apt install libcppunit-dev p11-kit + - name: Build + run: | + ./autogen.sh + ./configure --with-crypto-backend=${{ matrix.backend }} + make + - name: Test + run: | + make check || (find . -name test-suite.log -exec cat {} \; && false) + macos: name: macOS (${{ matrix.backend }}) runs-on: macos-14 From 638a74dc4be2f0555f9f3840af23b4c78a92aaf3 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 26 May 2021 20:03:25 +0300 Subject: [PATCH 2/5] openssl 3.0: Run DES tests only if OpenSSL allows it OpenSSL 3.0 moves DES into a legacy provider which has to be loaded explicitly. By default, it will not be loaded and DES methods in tests will fail. Nest test blocks under successful initialization. Signed-off-by: Alexander Bokovoy --- src/lib/crypto/test/DESTests.cpp | 350 ++++++++++++++++--------------- 1 file changed, 182 insertions(+), 168 deletions(-) diff --git a/src/lib/crypto/test/DESTests.cpp b/src/lib/crypto/test/DESTests.cpp index bcb1c6bf..aa68746a 100644 --- a/src/lib/crypto/test/DESTests.cpp +++ b/src/lib/crypto/test/DESTests.cpp @@ -259,54 +259,58 @@ void DESTests::testCBC() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CBC, IV)); + if (des->encryptInit(&desKey56, SymMode::CBC, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CBC, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CBC, IV)); + if (des->encryptInit(&desKey112, SymMode::CBC, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CBC, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; + + CPPUNIT_ASSERT(shsmPlainText == plainText); + } - CPPUNIT_ASSERT(shsmPlainText == plainText); #endif // Test 168-bit key @@ -314,27 +318,28 @@ void DESTests::testCBC() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CBC, IV)); + if (des->encryptInit(&desKey168, SymMode::CBC, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CBC, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } @@ -534,54 +539,56 @@ void DESTests::testECB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::ECB, IV)); + if (des->encryptInit(&desKey56, SymMode::ECB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::ECB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::ECB, IV)); + if (des->encryptInit(&desKey112, SymMode::ECB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::ECB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } #endif // Test 168-bit key @@ -589,27 +596,28 @@ void DESTests::testECB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::ECB, IV)); + if (des->encryptInit(&desKey168, SymMode::ECB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::ECB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } @@ -809,54 +817,56 @@ void DESTests::testOFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::OFB, IV)); + if (des->encryptInit(&desKey56, SymMode::OFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::OFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::OFB, IV)); + if (des->encryptInit(&desKey112, SymMode::OFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::OFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } #endif // Test 168-bit key @@ -864,27 +874,28 @@ void DESTests::testOFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::OFB, IV)); + if (des->encryptInit(&desKey168, SymMode::OFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::OFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } @@ -1083,54 +1094,56 @@ void DESTests::testCFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey56, SymMode::CFB, IV)); + if (des->encryptInit(&desKey56, SymMode::CFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey56, SymMode::CFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } // Test 112-bit key cipherText = ByteString(testResult[i][j][1]); // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey112, SymMode::CFB, IV)); + if (des->encryptInit(&desKey112, SymMode::CFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey112, SymMode::CFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } #endif // Test 168-bit key @@ -1138,27 +1151,28 @@ void DESTests::testCFB() // Now, do the same thing using our DES implementation shsmCipherText.wipe(); - CPPUNIT_ASSERT(des->encryptInit(&desKey168, SymMode::CFB, IV)); + if (des->encryptInit(&desKey168, SymMode::CFB, IV)) { - CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptUpdate(plainText, OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(des->encryptFinal(OB)); - shsmCipherText += OB; + CPPUNIT_ASSERT(des->encryptFinal(OB)); + shsmCipherText += OB; - CPPUNIT_ASSERT(shsmCipherText == cipherText); + CPPUNIT_ASSERT(shsmCipherText == cipherText); - // Check that we can get the plain text - shsmPlainText.wipe(); - CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); + // Check that we can get the plain text + shsmPlainText.wipe(); + CPPUNIT_ASSERT(des->decryptInit(&desKey168, SymMode::CFB, IV)); - CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptUpdate(shsmCipherText, OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(des->decryptFinal(OB)); - shsmPlainText += OB; + CPPUNIT_ASSERT(des->decryptFinal(OB)); + shsmPlainText += OB; - CPPUNIT_ASSERT(shsmPlainText == plainText); + CPPUNIT_ASSERT(shsmPlainText == plainText); + } } } } From 50c0c22dc120ebc21090938409a6992871457345 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 26 May 2021 20:09:31 +0300 Subject: [PATCH 3/5] openssl 3.0: use 2048 instead of 1024 bit for RSA tests Signed-off-by: Alexander Bokovoy --- src/lib/crypto/test/RSATests.cpp | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp index 6af1e19f..e583b8b5 100644 --- a/src/lib/crypto/test/RSATests.cpp +++ b/src/lib/crypto/test/RSATests.cpp @@ -78,7 +78,6 @@ void RSATests::testKeyGeneration() // Key sizes to test std::vector keySizes; - keySizes.push_back(1024); #ifndef WITH_FIPS keySizes.push_back(1025); #endif @@ -111,12 +110,12 @@ void RSATests::testKeyGeneration() void RSATests::testSerialisation() { - // Generate a 1024-bit key-pair for testing + // Generate a 2048-bit key-pair for testing AsymmetricKeyPair* kp; RSAParameters p; p.setE("010001"); - p.setBitLength(1024); + p.setBitLength(2048); CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); CPPUNIT_ASSERT(kp != NULL); @@ -204,12 +203,12 @@ void RSATests::testSerialisation() void RSATests::testPKCS8() { - // Generate a 1024-bit key-pair for testing + // Generate a 2048-bit key-pair for testing AsymmetricKeyPair* kp; RSAParameters p; p.setE("010001"); - p.setBitLength(1024); + p.setBitLength(2048); CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); CPPUNIT_ASSERT(kp != NULL); @@ -253,7 +252,6 @@ void RSATests::testSigningVerifying() // Key sizes to test std::vector keySizes; - keySizes.push_back(1024); keySizes.push_back(1280); keySizes.push_back(2048); //keySizes.push_back(4096); @@ -611,7 +609,6 @@ void RSATests::testEncryptDecrypt() // Key sizes to test std::vector keySizes; - keySizes.push_back(1024); keySizes.push_back(1280); keySizes.push_back(2048); //keySizes.push_back(4096); From ca755937639e41f7bae9c4b82e7a9b5c328bbf61 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 26 May 2021 22:29:22 +0300 Subject: [PATCH 4/5] openssl 3.0: Skip tests with unsupported key sizes OpenSSL 3.0 on systems with systemd-wide crypto policy (Fedora, RHEL, CentOS 9 Stream) might block certain key sizes which causes the tests to fail. Skip these tests because we are not going to get the results anyway. There is no way with CPPUNIT to produce a warning only, so we have to skip the whole test result. Signed-off-by: Alexander Bokovoy --- src/lib/crypto/test/RSATests.cpp | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/src/lib/crypto/test/RSATests.cpp b/src/lib/crypto/test/RSATests.cpp index e583b8b5..3b397d24 100644 --- a/src/lib/crypto/test/RSATests.cpp +++ b/src/lib/crypto/test/RSATests.cpp @@ -92,18 +92,19 @@ void RSATests::testKeyGeneration() p.setE(*e); p.setBitLength(*k); - // Generate key-pair - CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + // Generate key-pair but skip test if key size is unsupported in OpenSSL 3.0.0 + if (rsa->generateKeyPair(&kp, &p)) { - RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); - RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); + RSAPublicKey* pub = (RSAPublicKey*) kp->getPublicKey(); + RSAPrivateKey* priv = (RSAPrivateKey*) kp->getPrivateKey(); - CPPUNIT_ASSERT(pub->getBitLength() == *k); - CPPUNIT_ASSERT(priv->getBitLength() == *k); - CPPUNIT_ASSERT(pub->getE() == *e); - CPPUNIT_ASSERT(priv->getE() == *e); + CPPUNIT_ASSERT(pub->getBitLength() == *k); + CPPUNIT_ASSERT(priv->getBitLength() == *k); + CPPUNIT_ASSERT(pub->getE() == *e); + CPPUNIT_ASSERT(priv->getE() == *e); - rsa->recycleKeyPair(kp); + rsa->recycleKeyPair(kp); + } } } } @@ -291,8 +292,10 @@ void RSATests::testSigningVerifying() p.setE(*e); p.setBitLength(*k); - // Generate key-pair - CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 + if (!rsa->generateKeyPair(&kp, &p)) { + continue; + } // Generate some data to sign ByteString dataToSign; @@ -626,8 +629,10 @@ void RSATests::testEncryptDecrypt() p.setE(*e); p.setBitLength(*k); - // Generate key-pair - CPPUNIT_ASSERT(rsa->generateKeyPair(&kp, &p)); + // Generate key-pair but skip those that unsupported in OpenSSL 3.0.0 + if (!rsa->generateKeyPair(&kp, &p)) { + continue; + } RNG* rng = CryptoFactory::i()->getRNG(); From 8d8b7272f2804a9eff7c17039b5e80bf179d44ac Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Thu, 27 May 2021 15:08:02 +0300 Subject: [PATCH 5/5] openssl3: skip DES* tests Signed-off-by: Alexander Bokovoy --- src/lib/test/DeriveTests.cpp | 16 ++- src/lib/test/ObjectTests.cpp | 21 ++-- src/lib/test/SymmetricAlgorithmTests.cpp | 134 ++++++++++++++--------- 3 files changed, 109 insertions(+), 62 deletions(-) diff --git a/src/lib/test/DeriveTests.cpp b/src/lib/test/DeriveTests.cpp index 9438ac23..275c3999 100644 --- a/src/lib/test/DeriveTests.cpp +++ b/src/lib/test/DeriveTests.cpp @@ -666,11 +666,14 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32 }; CK_ULONG secLen = 0; + CK_BBOOL oldMechs = CK_FALSE; switch (mechType) { case CKM_DES_ECB_ENCRYPT_DATA: case CKM_DES3_ECB_ENCRYPT_DATA: + oldMechs = CK_TRUE; + /* fall-through */ case CKM_AES_ECB_ENCRYPT_DATA: param1.pData = &data[0]; param1.ulLen = sizeof(data); @@ -679,6 +682,7 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C break; case CKM_DES_CBC_ENCRYPT_DATA: case CKM_DES3_CBC_ENCRYPT_DATA: + oldMechs = CK_TRUE; memcpy(param2.iv, "12345678", 8); param2.pData = &data[0]; param2.length = sizeof(data); @@ -703,10 +707,12 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C break; case CKK_DES: mechEncrypt.mechanism = CKM_DES_ECB; + oldMechs = CK_TRUE; break; case CKK_DES2: case CKK_DES3: mechEncrypt.mechanism = CKM_DES3_ECB; + oldMechs = CK_TRUE; break; case CKK_AES: mechEncrypt.mechanism = CKM_AES_ECB; @@ -743,7 +749,11 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C keyAttribs, sizeof(keyAttribs)/sizeof(CK_ATTRIBUTE) - 1, &hDerive) ); } - CPPUNIT_ASSERT(rv == CKR_OK); + if (rv != CKR_OK && oldMechs == CK_TRUE) { + // Skip old mechanisms, they don't work under this crypto library + return; + } + CPPUNIT_ASSERT(rv==CKR_OK); // Check that KCV has been set CK_ATTRIBUTE checkAttribs[] = { @@ -764,6 +774,10 @@ void DeriveTests::symDerive(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, C CK_ULONG ulRecoveredTextLen; rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,&mechEncrypt,hDerive) ); + if (rv != CKR_OK && oldMechs == CK_TRUE) { + // Skip old mechanisms, they don't work under this crypto library + return; + } CPPUNIT_ASSERT(rv==CKR_OK); ulCipherTextLen = sizeof(cipherText); diff --git a/src/lib/test/ObjectTests.cpp b/src/lib/test/ObjectTests.cpp index d851d1ee..ca152d68 100644 --- a/src/lib/test/ObjectTests.cpp +++ b/src/lib/test/ObjectTests.cpp @@ -2417,8 +2417,10 @@ void ObjectTests::testCreateSecretKey() CPPUNIT_ASSERT(rv == CKR_OK); rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); - CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); + // If DES key is not supported, skip it + if (attribKCV[0].ulValueLen == 3) { + CPPUNIT_ASSERT(memcmp(pCheckValue, desKCV, 3) == 0); + } rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); @@ -2428,9 +2430,12 @@ void ObjectTests::testCreateSecretKey() rv = CRYPTOKI_F_PTR( C_CreateObject(hSession, attribs, sizeof(attribs)/sizeof(CK_ATTRIBUTE), &hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); - CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); - CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); + // If DES2 key is not supported, skip it + if (rv == CKR_OK) { + if (attribKCV[0].ulValueLen == 3) { + CPPUNIT_ASSERT(memcmp(pCheckValue, des2KCV, 3) == 0); + } + } rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); @@ -2441,8 +2446,10 @@ void ObjectTests::testCreateSecretKey() CPPUNIT_ASSERT(rv == CKR_OK); rv = CRYPTOKI_F_PTR( C_GetAttributeValue(hSession, hObject, attribKCV, 1) ); CPPUNIT_ASSERT(rv == CKR_OK); - CPPUNIT_ASSERT(attribKCV[0].ulValueLen == 3); - CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); + // If DES3 key is not supported, skip it + if (attribKCV[0].ulValueLen == 3) { + CPPUNIT_ASSERT(memcmp(pCheckValue, des3KCV, 3) == 0); + } rv = CRYPTOKI_F_PTR( C_DestroyObject(hSession,hObject) ); CPPUNIT_ASSERT(rv == CKR_OK); } diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp index c7b9e208..5257c44a 100644 --- a/src/lib/test/SymmetricAlgorithmTests.cpp +++ b/src/lib/test/SymmetricAlgorithmTests.cpp @@ -847,6 +847,8 @@ void SymmetricAlgorithmTests::encryptDecrypt( std::vector vEncryptedData; std::vector vEncryptedDataParted; PartSize partSize(blockSize, &vData); + CK_BBOOL oldMechs = CK_FALSE; + CK_RV rv = CKR_OK; CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_GenerateRandom(hSession, (CK_BYTE_PTR)&vData.front(), messageSize) ) ); @@ -856,8 +858,25 @@ void SymmetricAlgorithmTests::encryptDecrypt( pMechanism->ulParameterLen = blockSize; } + switch (pMechanism->mechanism) + { + case CKM_DES_CBC: + case CKM_DES_CBC_PAD: + case CKM_DES3_CBC: + case CKM_DES3_CBC_PAD: + case CKM_DES_ECB: + case CKM_DES3_ECB: + oldMechs = CK_TRUE; + /* fall-through */ + break; + default: + break; + } + // Single-part encryption - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); + rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); + CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); + if (oldMechs == CK_FALSE) { CK_ULONG ulEncryptedDataLen; const CK_RV rv( CRYPTOKI_F_PTR( C_Encrypt(hSession,(CK_BYTE_PTR)&vData.front(),messageSize,NULL_PTR,&ulEncryptedDataLen) ) ); @@ -873,40 +892,43 @@ void SymmetricAlgorithmTests::encryptDecrypt( } // Multi-part encryption - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ) ); + rv = CRYPTOKI_F_PTR( C_EncryptInit(hSession,pMechanism,hKey) ); + CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); CK_ULONG lPartLen = 0; - for ( std::vector::const_iterator i(vData.begin()); i0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); - vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); - } - { - CK_ULONG ulLastEncryptedPartLen; - const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); - if ( isSizeOK ) { - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); + if (oldMechs == CK_FALSE) { + for ( std::vector::const_iterator i(vData.begin()); i0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); - vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); - } else { - CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); - vEncryptedDataParted = vData; + const CK_BYTE_PTR pEncryptedPart( ulEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptUpdate(hSession,(CK_BYTE_PTR)&(*i),lPartLen,pEncryptedPart,&ulEncryptedPartLen) ) ); + vEncryptedDataParted.resize(oldSize+ulEncryptedPartLen); + { + CK_ULONG ulLastEncryptedPartLen; + const CK_RV rv( CRYPTOKI_F_PTR( C_EncryptFinal(hSession,NULL_PTR,&ulLastEncryptedPartLen) ) ); + if ( isSizeOK ) { + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, rv ); + const size_t oldSize( vEncryptedDataParted.size() ); + CK_BYTE dummy; + vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); + const CK_BYTE_PTR pLastEncryptedPart( ulLastEncryptedPartLen>0 ? &vEncryptedDataParted.at(oldSize) : &dummy ); + CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_EncryptFinal(hSession,pLastEncryptedPart,&ulLastEncryptedPartLen) ) ); + vEncryptedDataParted.resize(oldSize+ulLastEncryptedPartLen); + } else { + CPPUNIT_ASSERT_EQUAL_MESSAGE("C_EncryptFinal should fail with C_CKR_DATA_LEN_RANGE", (CK_RV)CKR_DATA_LEN_RANGE, rv); + vEncryptedDataParted = vData; + } + } } } // Single-part decryption - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) ); - - { + rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); + CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); + if (oldMechs == CK_FALSE) { CK_ULONG ulDataLen; const CK_RV rv( CRYPTOKI_F_PTR( C_Decrypt(hSession,&vEncryptedData.front(),vEncryptedData.size(),NULL_PTR,&ulDataLen) ) ); if ( isSizeOK ) { @@ -921,8 +943,9 @@ void SymmetricAlgorithmTests::encryptDecrypt( } // Multi-part decryption - CPPUNIT_ASSERT_EQUAL( (CK_RV)CKR_OK, CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ) ); - { + rv = CRYPTOKI_F_PTR( C_DecryptInit(hSession,pMechanism,hKey) ); + CPPUNIT_ASSERT_EQUAL( (CK_BBOOL) CK_FALSE, (CK_BBOOL) ((rv != CKR_OK) && (oldMechs == CK_FALSE)) ); + if (oldMechs == CK_FALSE) { std::vector vDecryptedData; CK_BYTE dummy; CK_ULONG ulPartLen = 0; @@ -1707,44 +1730,47 @@ void SymmetricAlgorithmTests::testDesEncryptDecrypt() // Generate all combinations of session/token keys. rv = generateDesKey(hSessionRW,IN_SESSION,IS_PUBLIC,hKey); - CPPUNIT_ASSERT(rv == CKR_OK); - encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); - encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); - encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt({CKM_DES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt({CKM_DES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); - encryptDecrypt({CKM_DES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt({CKM_DES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + if (rv == CKR_OK) { + encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); + encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); + encryptDecrypt({CKM_DES_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt({CKM_DES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt({CKM_DES_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + encryptDecrypt({CKM_DES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt({CKM_DES_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + } CK_OBJECT_HANDLE hKey2 = CK_INVALID_HANDLE; // Generate all combinations of session/token keys. rv = generateDes2Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey2); - CPPUNIT_ASSERT(rv == CKR_OK); - encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1); - encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1); - encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); - encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + if (rv == CKR_OK) { + encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST-1); + encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1); + encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey2,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + } #endif CK_OBJECT_HANDLE hKey3 = CK_INVALID_HANDLE; // Generate all combinations of session/token keys. rv = generateDes3Key(hSessionRW,IN_SESSION,IS_PUBLIC,hKey3); - CPPUNIT_ASSERT(rv == CKR_OK); - encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1); - encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1); - encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); - encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); - encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + if (rv == CKR_OK) { + encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST-1); + encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1); + encryptDecrypt({CKM_DES3_CBC_PAD,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt({CKM_DES3_CBC,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST); + encryptDecrypt({CKM_DES3_ECB,NULL_PTR,0},blockSize,hSessionRO,hKey3,blockSize*NR_OF_BLOCKS_IN_TEST+1, false); + } } void SymmetricAlgorithmTests::testDesWrapUnwrap()