diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-01-21 15:49:42 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 08:39:36 +0100 |
commit | b319cf7deb74f74bc9794cd1f3ebbac67b05e8fb (patch) | |
tree | 78b386d418ebe56c6f0912e13b381c71a05d1f5d /tests/fips-test.c | |
parent | 9a3d20bd11734d87f2104e4fc526109bc3e075df (diff) | |
download | gnutls-b319cf7deb74f74bc9794cd1f3ebbac67b05e8fb.tar.gz |
tests: added unit test of gnutls_fips140_set_mode
Also ensure that 512-bit keys cannot be generated
in FIPS140-2 mode
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'tests/fips-test.c')
-rw-r--r-- | tests/fips-test.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/tests/fips-test.c b/tests/fips-test.c index 2d37c0f2f8..23d2318122 100644 --- a/tests/fips-test.c +++ b/tests/fips-test.c @@ -61,12 +61,23 @@ void doit(void) } gnutls_cipher_deinit(ch); + ret = + gnutls_cipher_init(&ch, GNUTLS_CIPHER_ARCFOUR_128, &key, &iv); + if (ret != GNUTLS_E_UNWANTED_ALGORITHM) { + fail("gnutls_cipher_init succeeded for arcfour\n"); + } + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size); if (ret < 0) { fail("gnutls_hmac_init failed\n"); } gnutls_hmac_deinit(mh, NULL); + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_MD5, key.data, key.size); + if (ret != GNUTLS_E_UNWANTED_ALGORITHM) { + fail("gnutls_hmac_init succeeded for md5\n"); + } + ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); if (ret < 0) { fail("gnutls_rnd failed\n"); @@ -84,18 +95,22 @@ void doit(void) } gnutls_privkey_deinit(privkey); - ret = gnutls_x509_privkey_init(&xprivkey); - if (ret < 0) { - fail("gnutls_privkey_init failed\n"); - } - gnutls_x509_privkey_deinit(xprivkey); - ret = gnutls_init(&session, 0); if (ret < 0) { fail("gnutls_init failed\n"); } gnutls_deinit(session); + ret = gnutls_x509_privkey_init(&xprivkey); + if (ret < 0) { + fail("gnutls_privkey_init failed\n"); + } + ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, 512, 0); + if (ret != GNUTLS_E_PK_GENERATION_ERROR) { + fail("gnutls_x509_privkey_generate succeeded (%d) for 512-bit key\n", ret); + } + gnutls_x509_privkey_deinit(xprivkey); + /* Test when FIPS140 is set to error state */ _gnutls_lib_simulate_error(); |