From 8f331999f5906f2f8fdd350ee647865984831c9b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 14 Apr 2011 16:38:20 +0000 Subject: [PATCH] Report each cipher used with CMAC tests. Only add one error to error queue if a specific test type fails. --- fips/cmac/fips_cmac_selftest.c | 58 ++++++++++++++++++++++++---------- fips/fips_test_suite.c | 9 +++++- fips/hmac/fips_hmac_selftest.c | 5 +-- 3 files changed, 52 insertions(+), 20 deletions(-) diff --git a/fips/cmac/fips_cmac_selftest.c b/fips/cmac/fips_cmac_selftest.c index 2550bc636..b30729730 100644 --- a/fips/cmac/fips_cmac_selftest.c +++ b/fips/cmac/fips_cmac_selftest.c @@ -114,39 +114,63 @@ int FIPS_selftest_cmac() const EVP_CIPHER *cipher; CMAC_CTX *ctx = CMAC_CTX_new(); const CMAC_KAT *t; - int do_corrupt = 0, rv = 0; - - if (!fips_post_started(FIPS_TEST_CMAC, 0, 0)) - return 1; - if (!fips_post_corrupt(FIPS_TEST_CMAC, 0, NULL)) + int subid, rv = 1; for(n=0,t=vector; nalg)(); - CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0); - CMAC_Update(ctx, t->msg, t->msgsize/8); - if (do_corrupt) - CMAC_Update(ctx, t->msg, 1); - CMAC_Final(ctx, out, &outlen); + subid = M_EVP_CIPHER_nid(cipher); + if (!fips_post_started(FIPS_TEST_CMAC, subid, 0)) + continue; + if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0)) + { + rv = -1; + goto err; + } + if (!CMAC_Update(ctx, t->msg, t->msgsize/8)) + { + rv = -1; + goto err; + } + + if (!fips_post_corrupt(FIPS_TEST_CMAC, subid, NULL)) + { + if (!CMAC_Update(ctx, t->msg, 1)) + { + rv = -1; + goto err; + } + } + if (!CMAC_Final(ctx, out, &outlen)) + { + rv = -1; + goto err; + } CMAC_CTX_cleanup(ctx); if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8)) { - FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); - goto err; + fips_post_failed(FIPS_TEST_CMAC, subid, NULL); + rv = 0; } + else if (!fips_post_success(FIPS_TEST_CMAC, subid, NULL)) + { + rv = 0; + goto err; + } } - rv = 1; err: CMAC_CTX_free(ctx); - if (rv == 0) + if (rv == -1) { - fips_post_failed(FIPS_TEST_CMAC, 0, NULL); - return 0; + fips_post_failed(FIPS_TEST_CMAC, subid, NULL); + rv = 0; } + if (!rv) + FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); - return fips_post_success(FIPS_TEST_CMAC, 0, NULL); + return rv; } #endif diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index c14ecb305..6b2cdc7bf 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -682,7 +682,11 @@ POST_ID id_list[] = { {EVP_PKEY_RSA, "RSA"}, {EVP_PKEY_DSA, "DSA"}, {EVP_PKEY_EC, "ECDSA"}, + {NID_aes_128_cbc, "AES-128-CBC"}, + {NID_aes_192_cbc, "AES-192-CBC"}, + {NID_aes_256_cbc, "AES-256-CBC"}, {NID_aes_128_ecb, "AES-128-ECB"}, + {NID_des_ede3_cbc, "DES-EDE3-CBC"}, {NID_des_ede3_ecb, "DES-EDE3-ECB"}, {0, NULL} }; @@ -696,7 +700,7 @@ static const char *lookup_id(int id) if (n->id == id) return n->name; } - sprintf(out, "ID=%d\n", id); + sprintf(out, "ID=%d", id); return out; } @@ -741,6 +745,7 @@ static int post_cb(int op, int id, int subid, void *ex) case FIPS_TEST_CMAC: idstr = "CMAC"; + exstr = lookup_id(subid); break; case FIPS_TEST_GCM: @@ -873,6 +878,8 @@ int main(int argc,char **argv) fail_id = FIPS_TEST_DIGEST; } else if (!strcmp(argv[1], "hmac")) { fail_id = FIPS_TEST_HMAC; + } else if (!strcmp(argv[1], "cmac")) { + fail_id = FIPS_TEST_CMAC; } else if (!strcmp(argv[1], "drbg")) { FIPS_corrupt_drbg(); } else if (!strcmp(argv[1], "rng")) { diff --git a/fips/hmac/fips_hmac_selftest.c b/fips/hmac/fips_hmac_selftest.c index 34ac2472d..c95e73f34 100644 --- a/fips/hmac/fips_hmac_selftest.c +++ b/fips/hmac/fips_hmac_selftest.c @@ -156,11 +156,10 @@ int FIPS_selftest_hmac() if(memcmp(out,t->kaval,outlen)) { - FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); fips_post_failed(FIPS_TEST_HMAC, subid, NULL); rv = 0; } - if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL)) + else if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL)) goto err; } @@ -171,6 +170,8 @@ int FIPS_selftest_hmac() fips_post_failed(FIPS_TEST_HMAC, subid, NULL); rv = 0; } + if (!rv) + FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); return rv; } #endif