From 96cc0088baa6bba5eb018897dd9bd095a5ac70db Mon Sep 17 00:00:00 2001
From: Magnus Henoch <magnus@erlang-solutions.com>
Date: Mon, 12 Sep 2016 17:00:26 +0100
Subject: Use proper test data for FIPS mode negative tests

block_crypt_nif does some sanity tests on its arguments before trying
to initialise the cipher.  This made some of the tests in crypto_SUITE
fail, since they were expecting notsup, not badarg.  Fix this by
passing the same test data as for the positive tests.
---
 lib/crypto/test/crypto_SUITE.erl | 33 ++++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 02b25ce62f..ab4aa76b93 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -159,7 +159,7 @@ groups() ->
      {no_blowfish_cfb64, [], [no_support, no_block]},
      {no_blowfish_ofb64, [], [no_support, no_block]},
      {no_aes_ige256, [], [no_support, no_block]},
-     {no_chacha20_poly1305, [], [no_support, no_block]},
+     {no_chacha20_poly1305, [], [no_support, no_aead]},
      {no_rc2_cbc, [], [no_support, no_block]},
      {no_rc4, [], [no_support, no_stream]}
     ].
@@ -222,7 +222,8 @@ init_per_group(GroupName, Config) ->
         "no_" ++ TypeStr ->
             %% Negated test case: check the algorithm is not supported
             %% (e.g. due to FIPS mode limitations)
-            [{type, list_to_atom(TypeStr)} | Config];
+            TypeAtom = list_to_atom(TypeStr),
+            [{type, TypeAtom} | group_config(TypeAtom, Config)];
         _Other ->
             %% Regular test case: skip if the algorithm is not supported
             case is_supported(GroupName) of
@@ -340,19 +341,29 @@ block(Config) when is_list(Config) ->
 no_block() ->
      [{doc, "Test disabled block ciphers"}].
 no_block(Config) when is_list(Config) ->
-    Type = ?config(type, Config),
-    Args = case Type of
-               des_ecb ->
-                   [Type, <<"Key">>, <<"Hi There">>];
-               blowfish_ecb ->
-                   [Type, <<"Key">>, <<"Hi There">>];
-               _ ->
-                   [Type, <<"Key">>, <<"Ivec">>, <<"Hi There">>]
-           end,
+    Blocks = proplists:get_value(block, Config),
+    Args = case Blocks of
+	       [{_Type, _Key, _PlainText} = A | _] ->
+		   tuple_to_list(A);
+	       [{_Type, _Key, _IV, _PlainText} = A | _] ->
+		   tuple_to_list(A);
+	       [{Type, Key, IV, PlainText, _CipherText} | _] ->
+		   [Type, Key, IV, PlainText]
+	   end,
     N = length(Args),
     notsup(fun crypto:block_encrypt/N, Args),
     notsup(fun crypto:block_decrypt/N, Args).
 %%--------------------------------------------------------------------
+no_aead() ->
+     [{doc, "Test disabled aead ciphers"}].
+no_aead(Config) when is_list(Config) ->
+    [{Type, Key, PlainText, Nonce, AAD, CipherText, CipherTag} | _] =
+	proplists:get_value(aead, Config),
+    EncryptArgs = [Type, Key, Nonce, {AAD, PlainText}],
+    DecryptArgs = [Type, Key, Nonce, {AAD, CipherText, CipherTag}],
+    notsup(fun crypto:block_encrypt/4, EncryptArgs),
+    notsup(fun crypto:block_decrypt/4, DecryptArgs).
+%%--------------------------------------------------------------------
 stream() ->
       [{doc, "Test stream ciphers"}].
 stream(Config) when is_list(Config) ->
-- 
cgit v1.2.3