]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f5dcbdb)
tests: move FIPS service indicator functions to common file
authorDaiki Ueno <ueno@gnu.org>
Mon, 17 Oct 2022 02:11:43 +0000 (11:11 +0900)
committerDaiki Ueno <ueno@gnu.org>
Mon, 17 Oct 2022 10:16:34 +0000 (19:16 +0900)
Signed-off-by: Daiki Ueno <ueno@gnu.org>
tests/dh-compute.c patch | blob | blame | history
tests/fips-rsa-sizes.c patch | blob | blame | history
tests/fips-test.c patch | blob | blame | history
tests/kdf-api.c patch | blob | blame | history
tests/pkcs12_encode.c patch | blob | blame | history
tests/privkey-keygen.c patch | blob | blame | history
tests/utils.h patch | blob | blame | history

diff --git a/tests/dh-compute.c b/tests/dh-compute.c
index 828fb05e9c1ab652c182c030dd731f2838ebc05f..6c1d5328f6b58e7792aad132632d48c5d9f6ce05 100644 (file)
--- a/tests/dh-compute.c
+++ b/tests/dh-compute.c
@@ -156,34 +156,10 @@ void doit(void)
                { NULL }
        };
 
-#define FIPS_PUSH_CONTEXT() do {                                       \
-       if (gnutls_fips140_mode_enabled()) {                            \
-               ret = gnutls_fips140_push_context(fips_context);        \
-               if (ret < 0) {                                          \
-                       fail("gnutls_fips140_push_context failed\n");   \
-               }                                                       \
-       }                                                               \
-} while (0)
-
-#define FIPS_POP_CONTEXT(state) do {                                   \
-       if (gnutls_fips140_mode_enabled()) {                            \
-               ret = gnutls_fips140_pop_context();                     \
-               if (ret < 0) {                                          \
-                       fail("gnutls_fips140_context_pop failed\n");    \
-               }                                                       \
-               fips_state = gnutls_fips140_get_operation_state(fips_context); \
-               if (fips_state != state) {                              \
-                       fail("operation state is not %d (%d)\n",        \
-                            state, fips_state);                        \
-               }                                                       \
-       }                                                               \
-} while (0)
-
        for (int i = 0; test_data[i].name != NULL; i++) {
                gnutls_datum_t priv_key, pub_key;
                gnutls_dh_params_t dh_params;
                gnutls_fips140_context_t fips_context;
-               gnutls_fips140_operation_state_t fips_state;
                int ret;
 
                if (gnutls_fips140_mode_enabled()) {
@@ -193,24 +169,24 @@ void doit(void)
                        }
                }
 
-               FIPS_PUSH_CONTEXT();
+               fips_push_context(fips_context);
                params(&dh_params, &test_data[i].prime, &test_data[i].q,
                       &test_data[i].generator);
-               FIPS_POP_CONTEXT(GNUTLS_FIPS140_OP_INITIAL);
+               fips_pop_context(fips_context, GNUTLS_FIPS140_OP_INITIAL);
 
                success("%s genkey\n", test_data[i].name);
 
-               FIPS_PUSH_CONTEXT();
+               fips_push_context(fips_context);
                genkey(dh_params, &priv_key, &pub_key);
-               FIPS_POP_CONTEXT(test_data[i].fips_state_genkey);
+               fips_pop_context(fips_context, test_data[i].fips_state_genkey);
 
                success("%s compute_key\n", test_data[i].name);
                
-               FIPS_PUSH_CONTEXT();
+               fips_push_context(fips_context);
                compute_key(test_data[i].name, dh_params, &priv_key,
                            &pub_key, &test_data[i].peer_key,
                            test_data[i].expected_error, NULL, 0);
-               FIPS_POP_CONTEXT(test_data[i].fips_state_compute_key);
+               fips_pop_context(fips_context, test_data[i].fips_state_compute_key);
 
                gnutls_dh_params_deinit(dh_params);
                gnutls_free(priv_key.data);
diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c
index 84b9affabbef085a8e13ed369c1a3085d28450ac..5feb28450360a6f2cbad8eb0243df87482b3efa3 100644 (file)
--- a/tests/fips-rsa-sizes.c
+++ b/tests/fips-rsa-sizes.c
@@ -27,25 +27,6 @@
 #include <gnutls/abstract.h>
 #include <gnutls/x509.h>
 
-#define FIPS_PUSH_CONTEXT() do {                               \
-       ret = gnutls_fips140_push_context(fips_context);        \
-       if (ret < 0) {                                          \
-               fail("gnutls_fips140_push_context failed\n");   \
-       }                                                       \
-} while (0)
-
-#define FIPS_POP_CONTEXT(state) do {                                   \
-       ret = gnutls_fips140_pop_context();                             \
-       if (ret < 0) {                                                  \
-               fail("gnutls_fips140_context_pop failed\n");            \
-       }                                                               \
-       fips_state = gnutls_fips140_get_operation_state(fips_context);  \
-       if (fips_state != GNUTLS_FIPS140_OP_ ## state) {                \
-               fail("operation state is not " # state " (%d)\n",       \
-                    fips_state);                                       \
-       }                                                               \
-} while (0)
-
 
 void generate_successfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey,
                            unsigned int size);
@@ -63,7 +44,6 @@ void generate_successfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey,
        int ret;
        gnutls_x509_privkey_t xprivkey;
        gnutls_fips140_context_t fips_context;
-       gnutls_fips140_operation_state_t fips_state;
        assert(gnutls_fips140_context_init(&fips_context) == 0);
 
        fprintf(stderr, "%d-bit\n", size);
@@ -102,7 +82,6 @@ void generate_unsuccessfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey,
        int ret;
        gnutls_x509_privkey_t xprivkey;
        gnutls_fips140_context_t fips_context;
-       gnutls_fips140_operation_state_t fips_state;
        assert(gnutls_fips140_context_init(&fips_context) == 0);
 
        fprintf(stderr, "%d-bit\n", size);
@@ -156,7 +135,6 @@ void generate_unsuccessfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey,
 void sign_verify_successfully(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey) {
        int ret;
        gnutls_fips140_context_t fips_context;
-       gnutls_fips140_operation_state_t fips_state;
 
        gnutls_datum_t signature;
        gnutls_datum_t plaintext = {
@@ -190,7 +168,6 @@ void sign_verify_unsuccessfully(gnutls_privkey_t privkey,
                                 gnutls_pubkey_t pubkey) {
        int ret;
        gnutls_fips140_context_t fips_context;
-       gnutls_fips140_operation_state_t fips_state;
 
        gnutls_datum_t signature;
        gnutls_datum_t plaintext = {
@@ -225,7 +202,6 @@ void sign_verify_unsuccessfully(gnutls_privkey_t privkey,
 void nosign_verify(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey) {
        int ret;
        gnutls_fips140_context_t fips_context;
-       gnutls_fips140_operation_state_t fips_state;
 
        gnutls_datum_t signature;
        gnutls_datum_t plaintext = {
diff --git a/tests/fips-test.c b/tests/fips-test.c
index f789afb107e2eb8546e9948187abfe76d11d6b4d..b0bae4ef9f133270f98470bfbf89771b12000c45 100644 (file)
--- a/tests/fips-test.c
+++ b/tests/fips-test.c
@@ -12,25 +12,6 @@
 /* This does check the FIPS140 support.
  */
 
-#define FIPS_PUSH_CONTEXT() do {                               \
-       ret = gnutls_fips140_push_context(fips_context);        \
-       if (ret < 0) {                                          \
-               fail("gnutls_fips140_push_context failed\n");   \
-       }                                                       \
-} while (0)
-
-#define FIPS_POP_CONTEXT(state) do {                                   \
-       ret = gnutls_fips140_pop_context();                             \
-       if (ret < 0) {                                                  \
-               fail("gnutls_fips140_context_pop failed\n");            \
-       }                                                               \
-       fips_state = gnutls_fips140_get_operation_state(fips_context);  \
-       if (fips_state != GNUTLS_FIPS140_OP_ ## state) {                \
-               fail("operation state is not " # state " (%d)\n",       \
-                    fips_state);                                       \
-       }                                                               \
-} while (0)
-
 void _gnutls_lib_simulate_error(void);
 
 static void tls_log_func(int level, const char *str)
@@ -40,10 +21,9 @@ static void tls_log_func(int level, const char *str)
 
 static uint8_t key16[16];
 static uint8_t iv16[16];
-uint8_t key_data[64];
-uint8_t iv_data[16];
-gnutls_fips140_context_t fips_context;
-gnutls_fips140_operation_state_t fips_state;
+static uint8_t key_data[64];
+static uint8_t iv_data[16];
+static gnutls_fips140_context_t fips_context;
 
 static const gnutls_datum_t data = { .data = (unsigned char *)"foo", 3 };
 static const uint8_t rsa2342_sha1_sig_data[] = {
@@ -276,6 +256,7 @@ test_ciphers(void)
 void doit(void)
 {
        int ret;
+       gnutls_fips140_operation_state_t fips_state;
        unsigned int mode;
        gnutls_cipher_hd_t ch;
        gnutls_hmac_hd_t mh;
diff --git a/tests/kdf-api.c b/tests/kdf-api.c
index 97245020052362f7a5ed2e40d260a0db75fb58fc..a28ce82a6224eec5e7f8287885b046ae5078221f 100644 (file)
--- a/tests/kdf-api.c
+++ b/tests/kdf-api.c
@@ -33,30 +33,7 @@
 #define MAX_BUF 1024
 
 static gnutls_fips140_context_t fips_context;
-static gnutls_fips140_operation_state_t fips_state;
-
-#define FIPS_PUSH_CONTEXT() do {                                       \
-       if (gnutls_fips140_mode_enabled()) {                            \
-               ret = gnutls_fips140_push_context(fips_context);        \
-               if (ret < 0) {                                          \
-                       fail("gnutls_fips140_push_context failed\n");   \
-               }                                                       \
-       }                                                               \
-} while (0)
-
-#define FIPS_POP_CONTEXT(state) do {                                   \
-       if (gnutls_fips140_mode_enabled()) {                            \
-               ret = gnutls_fips140_pop_context();                     \
-               if (ret < 0) {                                          \
-                       fail("gnutls_fips140_context_pop failed\n");    \
-               }                                                       \
-               fips_state = gnutls_fips140_get_operation_state(fips_context); \
-               if (fips_state != GNUTLS_FIPS140_OP_ ## state) {        \
-                       fail("operation state is not " # state " (%d)\n", \
-                            fips_state);                               \
-               }                                                       \
-       }                                                               \
-} while (0)
+
 
 static void
 test_hkdf(gnutls_mac_algorithm_t mac,
@@ -74,7 +51,6 @@ test_hkdf(gnutls_mac_algorithm_t mac,
        gnutls_datum_t prk;
        gnutls_datum_t okm;
        uint8_t buf[MAX_BUF];
-       int ret;
 
        success("HKDF test with %s\n", gnutls_mac_get_name(mac));
 
@@ -144,7 +120,6 @@ test_pbkdf2(gnutls_mac_algorithm_t mac,
        gnutls_datum_t salt;
        gnutls_datum_t okm;
        uint8_t buf[MAX_BUF];
-       int ret;
 
        success("PBKDF2 test with %s\n", gnutls_mac_get_name(mac));
 
diff --git a/tests/pkcs12_encode.c b/tests/pkcs12_encode.c
index ea39f3d69e93226d53f22433e27163bb752222c0..dc55daccdebd2195a99cab0d26a136d5ee601686 100644 (file)
--- a/tests/pkcs12_encode.c
+++ b/tests/pkcs12_encode.c
@@ -70,29 +70,6 @@ static void tls_log_func(int level, const char *str)
        fprintf(stderr, "|<%d>| %s", level, str);
 }
 
-#define FIPS_PUSH_CONTEXT() do {                                       \
-       if (gnutls_fips140_mode_enabled()) {                            \
-               ret = gnutls_fips140_push_context(fips_context);        \
-               if (ret < 0) {                                          \
-                       fail("gnutls_fips140_push_context failed\n");   \
-               }                                                       \
-       }                                                               \
-} while (0)
-
-#define FIPS_POP_CONTEXT(state) do {                                   \
-       if (gnutls_fips140_mode_enabled()) {                            \
-               ret = gnutls_fips140_pop_context();                     \
-               if (ret < 0) {                                          \
-                       fail("gnutls_fips140_context_pop failed\n");    \
-               }                                                       \
-               fips_state = gnutls_fips140_get_operation_state(fips_context); \
-               if (fips_state != GNUTLS_FIPS140_OP_ ## state) {        \
-                       fail("operation state is not " # state " (%d)\n", \
-                            fips_state);                               \
-               }                                                       \
-       }                                                               \
-} while (0)
-
 void doit(void)
 {
        gnutls_pkcs12_t pkcs12;
@@ -106,7 +83,6 @@ void doit(void)
        size_t size;
        unsigned i;
        gnutls_fips140_context_t fips_context;
-       gnutls_fips140_operation_state_t fips_state;
        size_t n_tests = 0;
        struct tests {
                const char *name;
diff --git a/tests/privkey-keygen.c b/tests/privkey-keygen.c
index 2766afee08976cecc1fc17a1d00d0ad23e28a847..2531906d7127acd2d89c8df04e587a65bac8cba8 100644 (file)
--- a/tests/privkey-keygen.c
+++ b/tests/privkey-keygen.c
@@ -119,30 +119,6 @@ void doit(void)
        gnutls_x509_privkey_t pkey, dst;
        int ret, algorithm, i;
        gnutls_fips140_context_t fips_context;
-       gnutls_fips140_operation_state_t fips_state;
-
-#define FIPS_PUSH_CONTEXT() do {                                       \
-       if (gnutls_fips140_mode_enabled()) {                            \
-               ret = gnutls_fips140_push_context(fips_context);        \
-               if (ret < 0) {                                          \
-                       fail("gnutls_fips140_push_context failed\n");   \
-               }                                                       \
-       }                                                               \
-} while (0)
-
-#define FIPS_POP_CONTEXT(state) do {                                   \
-       if (gnutls_fips140_mode_enabled()) {                            \
-               ret = gnutls_fips140_pop_context();                     \
-               if (ret < 0) {                                          \
-                       fail("gnutls_fips140_context_pop failed\n");    \
-               }                                                       \
-               fips_state = gnutls_fips140_get_operation_state(fips_context); \
-               if (fips_state != GNUTLS_FIPS140_OP_ ## state) {        \
-                       fail("operation state is not " # state " (%d)\n", \
-                            fips_state);                               \
-               }                                                       \
-       }                                                               \
-} while (0)
 
        ret = global_init();
        if (ret < 0)
diff --git a/tests/utils.h b/tests/utils.h
index d3a2ba8d16b7ec9987b57e3662ddd0a3ec2655af..4433a070576de4f1e106817a9456472743d188c1 100644 (file)
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -210,4 +210,62 @@ inline static unsigned int get_dtls_retransmit_timeout(void) {
        return (unsigned int) ul;
 }
 
+static inline const char *
+fips_operation_state_to_string(gnutls_fips140_operation_state_t state)
+{
+       switch (state) {
+       case GNUTLS_FIPS140_OP_INITIAL:
+               return "INITIAL";
+       case GNUTLS_FIPS140_OP_APPROVED:
+               return "APPROVED";
+       case GNUTLS_FIPS140_OP_NOT_APPROVED:
+               return "NOT_APPROVED";
+       case GNUTLS_FIPS140_OP_ERROR:
+               return "ERROR";
+       default:
+               /*NOTREACHED*/
+               assert(0);
+               return NULL;
+       }
+}
+
+static inline void
+fips_push_context(gnutls_fips140_context_t context)
+{
+       if (gnutls_fips140_mode_enabled()) {
+               int ret;
+
+               ret = gnutls_fips140_push_context(context);
+               if (ret < 0) {
+                       fail("gnutls_fips140_push_context failed\n");
+               }
+       }
+}
+
+static inline void
+fips_pop_context(gnutls_fips140_context_t context,
+                gnutls_fips140_operation_state_t expected_state)
+{
+       gnutls_fips140_operation_state_t state;
+
+       if (gnutls_fips140_mode_enabled()) {
+               int ret;
+
+               ret = gnutls_fips140_pop_context();
+               if (ret < 0) {
+                       fail("gnutls_fips140_context_pop failed\n");
+               }
+               state = gnutls_fips140_get_operation_state(context);
+               if (state != expected_state) {
+                       fail("operation state is not %s (%s)\n",
+                            fips_operation_state_to_string(expected_state),
+                            fips_operation_state_to_string(state));
+               }
+       }
+}
+
+/* To use those convenient macros, define fips_context variable. */
+#define FIPS_PUSH_CONTEXT() fips_push_context(fips_context)
+#define FIPS_POP_CONTEXT(state) fips_pop_context(fips_context, GNUTLS_FIPS140_OP_ ## state)
+
 #endif /* GNUTLS_TESTS_UTILS_H */
Mirror of https://gitlab.com/gnutls/gnutls.git