diff options
| author | Dániel Szoboszlay <[email protected]> | 2014-05-06 17:45:48 +0200 |
|---|---|---|
| committer | Magnus Henoch <[email protected]> | 2016-09-28 15:09:42 +0100 |
| commit | 01222faf161cf656062144d01d0f93146215736b (patch) | |
| tree | b192e5b14bb96627038f70463ed6119ff6506cc9 /lib/crypto/test/blowfish_SUITE.erl | |
| parent | 0a1feff48388c8430f5eebd1531f769605601fab (diff) | |
| download | otp-01222faf161cf656062144d01d0f93146215736b.tar.gz otp-01222faf161cf656062144d01d0f93146215736b.tar.bz2 otp-01222faf161cf656062144d01d0f93146215736b.zip | |
Update test suites with FIPS mode support
Every algorithm is now tested in both FIPS and non-FIPS modes (when
crypto is compiled with FIPS support). In FIPS mode non-FIPS
algorithms are disabled and the tests verify that they crash with
notsup error as expected.
In FIPS mode RSA and EC algorithms don't work if the key sizes are
below a minimum required value - which happened to be the case with
most keys used in the tests. These tests were changed to use longer
keys (even in non-FIPS mode for simplicity).
Conflicts:
lib/crypto/test/crypto_SUITE.erl
Diffstat (limited to 'lib/crypto/test/blowfish_SUITE.erl')
| -rw-r--r-- | lib/crypto/test/blowfish_SUITE.erl | 72 |
1 files changed, 70 insertions, 2 deletions
diff --git a/lib/crypto/test/blowfish_SUITE.erl b/lib/crypto/test/blowfish_SUITE.erl index d7c50dc6de..c45aae6916 100644 --- a/lib/crypto/test/blowfish_SUITE.erl +++ b/lib/crypto/test/blowfish_SUITE.erl @@ -107,11 +107,33 @@ end_per_testcase(_TestCase, Config) -> suite() -> [{ct_hooks,[ts_install_cth]}]. all() -> -[ecb, cbc, cfb64, ofb64]. +[{group, fips}, + {group, non_fips}]. groups() -> - []. + [{fips, [], [no_ecb, no_cbc, no_cfb64, no_ofb64]}, + {non_fips, [], [ecb, cbc, cfb64, ofb64]}]. +init_per_group(fips, Config) -> + case crypto:info_fips() of + enabled -> + Config; + not_enabled -> + true = crypto:enable_fips_mode(true), + enabled = crypto:info_fips(), + Config; + not_supported -> + {skip, "FIPS mode not supported"} + end; +init_per_group(non_fips, Config) -> + case crypto:info_fips() of + enabled -> + true = crypto:enable_fips_mode(false), + not_enabled = crypto:info_fips(), + Config; + _NotEnabled -> + Config + end; init_per_group(_GroupName, Config) -> Config. @@ -196,8 +218,54 @@ ofb64(Config) when is_list(Config) -> to_bin("E73214A2822139CA62B343CC5B65587310DD908D0C241B2263C2CF80DA"), ok. +no_ecb(doc) -> + "Test that ECB mode is disabled"; +no_ecb(suite) -> + []; +no_ecb(Config) when is_list(Config) -> + notsup(fun crypto:blowfish_ecb_encrypt/2, + [to_bin("0000000000000000"), + to_bin("FFFFFFFFFFFFFFFF")]). + +no_cbc(doc) -> + "Test that CBC mode is disabled"; +no_cbc(suite) -> + []; +no_cbc(Config) when is_list(Config) -> + notsup(fun crypto:blowfish_cbc_encrypt/3, + [?KEY, ?IVEC, ?DATA_PADDED]). + +no_cfb64(doc) -> + "Test that CFB64 mode is disabled"; +no_cfb64(suite) -> + []; +no_cfb64(Config) when is_list(Config) -> + notsup(fun crypto:blowfish_cfb64_encrypt/3, + [?KEY, ?IVEC, ?DATA]), + ok. + +no_ofb64(doc) -> + "Test that OFB64 mode is disabled"; +no_ofb64(suite) -> + []; +no_ofb64(Config) when is_list(Config) -> + notsup(fun crypto:blowfish_ofb64_encrypt/3, + [?KEY, ?IVEC, ?DATA]). + %% Helper functions +%% Assert function fails with notsup error +notsup(Fun, Args) -> + ok = try + {error, {return, apply(Fun, Args)}} + catch + error:notsup -> + ok; + Class:Error -> + {error, {Class, Error}} + end. + + %% Convert a hexadecimal string to a binary. -spec(to_bin(L::string()) -> binary()). to_bin(L) -> |