diff options
| -rw-r--r-- | tests/ChangeLog | 8 | ||||
| -rwxr-xr-x | tests/cavs_driver.pl | 12 | ||||
| -rwxr-xr-x | tests/cavs_tests.sh | 19 | ||||
| -rw-r--r-- | tests/fipsdrv.c | 29 |
4 files changed, 48 insertions, 20 deletions
diff --git a/tests/ChangeLog b/tests/ChangeLog index 2eb61fd1..231bf26b 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,11 @@ +2008-10-27 Werner Koch <wk@g10code.com> + + * fipsdrv.c (run_encrypt_decrypt): Make IV_BUFFER optional. + (main): Ditto. + * cavs_driver.pl: Remove the --no-fips flags. + (libgcrypt_encdec($$$$$)): Make IV optional. + (libgcrypt_state_cipher($$$$$)): Ditto. + 2008-10-24 Werner Koch <wk@g10code.com> * benchmark.c (md_bench): Do not test MD5 in fips mode. diff --git a/tests/cavs_driver.pl b/tests/cavs_driver.pl index 8556a81d..4cb9474a 100755 --- a/tests/cavs_driver.pl +++ b/tests/cavs_driver.pl @@ -289,7 +289,9 @@ sub libgcrypt_encdec($$$$$) { my $enc = (shift) ? "encrypt" : "decrypt"; my $data=shift; - my $program="fipsdrv --no-fips --key $key --iv $iv --algo $cipher $enc"; + $iv = "--iv $iv" if ($iv); + + my $program="fipsdrv --key $key $iv --algo $cipher $enc"; return pipe_through_program($data,$program); } @@ -333,7 +335,7 @@ sub libgcrypt_hash($$) { my $pt = shift; my $hashalgo = shift; - my $program = "fipsdrv --no-fips --algo $hashalgo digest"; + my $program = "fipsdrv --algo $hashalgo digest"; die "ARCFOUR not available for hashes" if $opt{'R'}; return pipe_through_program($pt, $program); @@ -346,7 +348,9 @@ sub libgcrypt_state_cipher($$$$$) { my $key = shift; my $iv = shift; - my $program="fipsdrv --no-fips --binary --key ".bin2hex($key)." --iv ".bin2hex($iv)." --algo '$cipher' --chunk '$bufsize' $enc"; + $iv = "--iv $iv" if ($iv); + + my $program="fipsdrv --binary --key ".bin2hex($key)." $iv ".bin2hex($iv)." --algo '$cipher' --chunk '$bufsize' $enc"; return $program; } @@ -364,7 +368,7 @@ sub libgcrypt_hmac($$$$) { my $msg = shift; my $hashtype = shift; - my $program = "fipsdrv --no-fips --key $key --algo $hashtype hmac-sha"; + my $program = "fipsdrv --key $key --algo $hashtype hmac-sha"; return pipe_through_program($msg, $program); } diff --git a/tests/cavs_tests.sh b/tests/cavs_tests.sh index 6ba2b085..7351af6b 100755 --- a/tests/cavs_tests.sh +++ b/tests/cavs_tests.sh @@ -55,12 +55,14 @@ function run_one_test () { [ -f "$rspfile" ] && rm "$rspfile" if ./cavs_driver.pl -I libgcrypt "$reqfile"; then - echo "failed test: $reqfile" >&2 - : >"$errors_seen_file" - elif [ -f "$tmprspfile" ]; then - mv "$tmprspfile" "$rspfile" - else - echo "failed test: $reqfile" >&2 + if [ -f "$tmprspfile" ]; then + mv "$tmprspfile" "$rspfile" + else + echo "failed test: $reqfile" >&2 + : >"$errors_seen_file" + fi + else + echo "failed test: $reqfile rc=$?" >&2 : >"$errors_seen_file" fi } @@ -72,7 +74,7 @@ DATE=$(date +%Y%m%d) ARCH=$(arch || echo unknown) result_file="CAVS_results-$ARCH-$DATE.zip" -for f in fipsdrv fipsrngdrv cavs_driver.pl; do +for f in fipsdrv cavs_driver.pl; do if [ ! -f "./$f" ]; then echo "required program \"$f\" missing in current directory" >&2 exit 2 @@ -110,6 +112,9 @@ fi find cavs -type f -name "*.req" | while read f ; do echo "Running test file $f" >&2 run_one_test "$f" + if [ -f "$errors_seen_file" ]; then + break; + fi done if [ -f "$errors_seen_file" ]; then diff --git a/tests/fipsdrv.c b/tests/fipsdrv.c index 1d5efbf9..054ad71d 100644 --- a/tests/fipsdrv.c +++ b/tests/fipsdrv.c @@ -867,10 +867,13 @@ run_encrypt_decrypt (int encrypt_mode, die ("gcry_cipher_setkey failed with keylen %u: %s\n", (unsigned int)key_buflen, gpg_strerror (err)); - err = gcry_cipher_setiv (hd, iv_buffer, iv_buflen); - if (err) - die ("gcry_cipher_setiv failed with ivlen %u: %s\n", - (unsigned int)iv_buflen, gpg_strerror (err)); + if (iv_buffer) + { + err = gcry_cipher_setiv (hd, iv_buffer, iv_buflen); + if (err) + die ("gcry_cipher_setiv failed with ivlen %u: %s\n", + (unsigned int)iv_buflen, gpg_strerror (err)); + } inbuf = data? NULL : gcry_xmalloc (datalen); outbuflen = datalen; @@ -1508,11 +1511,19 @@ main (int argc, char **argv) cipher_algo = map_openssl_cipher_name (algo_string, &cipher_mode); if (!cipher_algo) die ("cipher algorithm `%s' is not supported\n", algo_string); - if (!iv_string) - die ("option --iv is required in this mode\n"); - iv_buffer = hex2buffer (iv_string, &iv_buflen); - if (!iv_buffer) - die ("invalid value for IV\n"); + if (cipher_mode != GCRY_CIPHER_MODE_ECB) + { + if (!iv_string) + die ("option --iv is required in this mode\n"); + iv_buffer = hex2buffer (iv_string, &iv_buflen); + if (!iv_buffer) + die ("invalid value for IV\n"); + } + else + { + iv_buffer = NULL; + iv_buflen = 0; + } if (!key_string) die ("option --key is required in this mode\n"); key_buffer = hex2buffer (key_string, &key_buflen); |