fips: only run the first test vector for each symmetric algorithm

FIPS 140-3 doesn't require to run multiple test vectors for a single
algorithm, and one of the test vector for PBKDF2, with an 80000
iteration count is known to be too costly.  Therefore, this patch
changes gnutls_*_self_test to pick only the first test from the test
vectors, unless GNUTLS_SELF_TEST_FLAG_ALL is specified.  The existing
test vectors have been reviewed and modified for the first element to
use the sane parameters, namely: aes128_gcm_vectors to use non-zero
key and non-empty AAD, aes256_gcm_vectors to use non-empty AAD, and
pbkdf2_sha256_vectors to use iteration count greater than 1.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c
index d93ed906aaabeea35bd1f5d4073c6271007507b6..e43c476291ad055cda15825215fba2bc6934a4df 100644 (file)
--- a/lib/crypto-selftests.c
+++ b/lib/crypto-selftests.c
@@ -34,8 +34,6 @@
 #define STR(tag, tag_size, val) \
        .tag = (uint8_t *)val, .tag_size = (sizeof(val) - 1)
 
-#define V(x) (x), (sizeof(x) / sizeof(x[0]))
-
 /* This does check the AES and SHA implementation against test vectors.
  * This should not run under valgrind in order to use the native
  * cpu instructions (AES-NI or padlock).
@@ -92,6 +90,18 @@ const struct cipher_aead_vectors_st chacha_poly1305_vectors[] = {
 };
 
 const struct cipher_aead_vectors_st aes128_gcm_vectors[] = {
+       { .compat_apis = 1,
+         STR(key, key_size,
+             "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"),
+         .auth = (void *)"\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef\xab\xad\xda\xd2",
+         .auth_size = 20,
+         STR(plaintext, plaintext_size,
+             "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39"),
+         .ciphertext =
+                 (void *)"\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91",
+         STR(iv, iv_size, "\xca\xfe\xba\xbe\xfa\xce\xdb\xad\xde\xca\xf8\x88"),
+         .tag_size = 16,
+         .tag = (void *)"\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47" },
        { .compat_apis = 1,
          STR(key, key_size,
              "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"),
@@ -114,19 +124,7 @@ const struct cipher_aead_vectors_st aes128_gcm_vectors[] = {
                  (void *)"\x03\x88\xda\xce\x60\xb6\xa3\x92\xf3\x28\xc2\xb9\x71\xb2\xfe\x78",
          STR(iv, iv_size, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"),
          .tag_size = 16,
-         .tag = (void *)"\xab\x6e\x47\xd4\x2c\xec\x13\xbd\xf5\x3a\x67\xb2\x12\x57\xbd\xdf" },
-       { .compat_apis = 1,
-         STR(key, key_size,
-             "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"),
-         .auth = (void *)"\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef\xab\xad\xda\xd2",
-         .auth_size = 20,
-         STR(plaintext, plaintext_size,
-             "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39"),
-         .ciphertext =
-                 (void *)"\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91",
-         STR(iv, iv_size, "\xca\xfe\xba\xbe\xfa\xce\xdb\xad\xde\xca\xf8\x88"),
-         .tag_size = 16,
-         .tag = (void *)"\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47" }
+         .tag = (void *)"\xab\x6e\x47\xd4\x2c\xec\x13\xbd\xf5\x3a\x67\xb2\x12\x57\xbd\xdf" }
 };
 
 const struct cipher_aead_vectors_st aes192_gcm_vectors[] = {
@@ -149,15 +147,15 @@ const struct cipher_aead_vectors_st aes256_gcm_vectors[] = {
        { .compat_apis = 1,
          STR(key, key_size,
              "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"),
-         .auth = NULL,
-         .auth_size = 0,
+         .auth = (void *)"\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef\xab\xad\xda\xd2",
+         .auth_size = 20,
          STR(plaintext, plaintext_size,
              "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55"),
          .ciphertext =
                  (uint8_t *)"\x52\x2d\xc1\xf0\x99\x56\x7d\x07\xf4\x7f\x37\xa3\x2a\x84\x42\x7d\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9\x75\x98\xa2\xbd\x25\x55\xd1\xaa\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d\xa7\xb0\x8b\x10\x56\x82\x88\x38\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x89\x80\x15\xad",
          STR(iv, iv_size, "\xca\xfe\xba\xbe\xfa\xce\xdb\xad\xde\xca\xf8\x88"),
          .tag_size = 16,
-         .tag = (void *)"\xb0\x94\xda\xc5\xd9\x34\x71\xbd\xec\x1a\x50\x22\x70\xe3\xcc\x6c" },
+         .tag = (void *)"\x2d\xf7\xcd\x67\x5b\x4f\x09\x16\x3b\x41\xeb\xf9\x80\xa7\xf6\x38" },
 
 };
 
@@ -2777,12 +2775,17 @@ static int test_mac(gnutls_mac_algorithm_t mac,
        return 0;
 }
 
-#define CHECK(x, func, vectors)                                        \
-       do {                                                           \
-               ret = func(x, V(vectors), flags);                      \
-               if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) { \
-                       return ret;                                    \
-               }                                                      \
+#define CHECK(x, func, vectors)                                          \
+       do {                                                             \
+               if (flags & GNUTLS_SELF_TEST_FLAG_ALL)                   \
+                       ret = func(x, vectors,                           \
+                                  sizeof(vectors) / sizeof(vectors[0]), \
+                                  flags);                               \
+               else                                                     \
+                       ret = func(x, vectors, 1, flags);                \
+               if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) {   \
+                       return ret;                                      \
+               }                                                        \
        } while (0)
 
 #define CASE(x, func, vectors) \
@@ -3239,6 +3242,19 @@ struct pbkdf2_vectors_st {
 };
 
 const struct pbkdf2_vectors_st pbkdf2_sha256_vectors[] = {
+       /* Variant of "RFC 7914: 11. Test Vectors for PBKDF2 with
+        * HMAC-SHA-256", with iteration count > 1. */
+       {
+               STR(key, key_size, "passwd"),
+               STR(salt, salt_size, "salt"),
+               .iter_count = 5,
+               STR(output, output_size,
+                   "\x30\x45\xb7\x24\xca\xae\x56\x44\x64\xb8\x76\xde\x85\xf0"
+                   "\x8f\xad\x41\x4e\xff\x2f\x7b\xb9\x11\x07\x47\xe5\xe6\xfa"
+                   "\x1c\x30\xd3\x21\x9f\x29\x87\x0c\x5a\x47\x07\x26\x5a\x7f"
+                   "\x9b\x94\x0b\xe6\xcd\x6a\xc5\x27\xab\x8f\x1e\x9e\x9e\x7e"
+                   "\xd2\x7c\x4c\xdc\xac\x45\x41\x9d"),
+       },
        /* RFC 7914: 11. Test Vectors for PBKDF2 with HMAC-SHA-256 */
        {
                STR(key, key_size, "passwd"),