From 8d1f8d90b30776383b94dd5231fdfb9423b971b5 Mon Sep 17 00:00:00 2001 From: Michael Graeb Date: Fri, 5 Jul 2024 23:36:17 +0000 Subject: [PATCH] try to turn on fips --- tests/aes256_test.c | 2 ++ tests/der_test.c | 2 ++ tests/ecc_test.c | 28 +++++++++++++++------------- tests/md5_test.c | 10 +++++----- tests/rsa_test.c | 30 ++++++++++++++++-------------- tests/sha1_test.c | 16 ++++++++-------- tests/sha256_hmac_test.c | 10 +++++----- tests/sha256_test.c | 16 ++++++++-------- tests/test_case_helper.h | 37 +++++++++++++++++++++++++++++++++++-- 9 files changed, 96 insertions(+), 55 deletions(-) diff --git a/tests/aes256_test.c b/tests/aes256_test.c index 9be74e43..53875531 100644 --- a/tests/aes256_test.c +++ b/tests/aes256_test.c @@ -6,6 +6,8 @@ #include +#include "test_case_helper.h" + static int s_check_single_block_cbc( struct aws_allocator *allocator, const struct aws_byte_cursor key, diff --git a/tests/der_test.c b/tests/der_test.c index 70cacf24..43170eac 100644 --- a/tests/der_test.c +++ b/tests/der_test.c @@ -8,6 +8,8 @@ #include +#include "test_case_helper.h" + /* clang-format off */ /* note that this int is unsigned, with the high bit set, so needs to be encoded specially */ static uint8_t s_bigint[] = { diff --git a/tests/ecc_test.c b/tests/ecc_test.c index 74417725..c2661119 100644 --- a/tests/ecc_test.c +++ b/tests/ecc_test.c @@ -10,6 +10,8 @@ #include #include +#include "test_case_helper.h" + static int s_test_key_derivation( struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name, @@ -112,7 +114,7 @@ static int s_test_known_signing_value( struct aws_byte_cursor pub_x, struct aws_byte_cursor pub_y) { - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_ecc_key_pair *signing_key = aws_ecc_key_pair_new_from_private_key(allocator, curve_name, &private_key); ASSERT_NOT_NULL(signing_key); @@ -221,7 +223,7 @@ AWS_TEST_CASE(ecdsa_p384_test_known_signing_value, s_ecdsa_p384_test_known_signi static int s_ecdsa_test_invalid_signature_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_ecc_key_pair *key_pair = aws_ecc_key_pair_new_generate_random(allocator, AWS_CAL_ECDSA_P256); ASSERT_NOT_NULL(key_pair); @@ -270,7 +272,7 @@ static int s_ecdsa_test_invalid_signature_fn(struct aws_allocator *allocator, vo AWS_TEST_CASE(ecdsa_test_invalid_signature, s_ecdsa_test_invalid_signature_fn) static int s_test_key_gen(struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name) { - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_ecc_key_pair *key_pair = aws_ecc_key_pair_new_generate_random(allocator, curve_name); @@ -340,7 +342,7 @@ AWS_TEST_CASE(ecdsa_p384_test_key_gen, s_ecdsa_p384_test_key_gen_fn) static int s_test_key_gen_export(struct aws_allocator *allocator, enum aws_ecc_curve_name curve_name) { - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_ecc_key_pair *key_pair = aws_ecc_key_pair_new_generate_random(allocator, curve_name); @@ -440,7 +442,7 @@ static int s_ecdsa_test_import_asn1_key_pair( struct aws_byte_cursor asn1_cur, enum aws_ecc_curve_name expected_curve_name) { - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_ecc_key_pair *imported_key = aws_ecc_key_pair_new_from_asn1(allocator, &asn1_cur); ASSERT_NOT_NULL(imported_key); @@ -531,7 +533,7 @@ AWS_TEST_CASE(ecdsa_p384_test_import_asn1_key_pair, s_ecdsa_p384_test_import_asn static int s_ecdsa_test_import_asn1_key_pair_public_only_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); uint8_t asn1_encoded_full_key_raw[] = { 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x99, 0x16, 0x2a, 0x5b, 0x4e, 0x63, 0x86, 0x4c, 0x5f, 0x8e, 0x37, @@ -606,7 +608,7 @@ AWS_TEST_CASE(ecdsa_test_import_asn1_key_pair_public_only, s_ecdsa_test_import_a static int s_ecdsa_test_import_asn1_key_pair_invalid_fails_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); /* I changed the OID to nonsense */ uint8_t bad_asn1_encoded_full_key_raw[] = { @@ -643,7 +645,7 @@ AWS_TEST_CASE(ecdsa_test_import_asn1_key_pair_invalid_fails, s_ecdsa_test_import static int s_ecdsa_test_signature_format_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); uint8_t asn1_encoded_signature_raw[] = { 0x30, 0x45, 0x02, 0x21, 0x00, 0xd7, 0xc5, 0xb9, 0x9e, 0x0b, 0xb1, 0x1a, 0x1f, 0x32, 0xda, 0x66, 0xe0, 0xff, @@ -751,7 +753,7 @@ static int s_test_key_ref_counting(struct aws_ecc_key_pair *key_pair, enum aws_e static int s_ecc_key_pair_random_ref_count_test(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_ecc_key_pair *key_pair = aws_ecc_key_pair_new_generate_random(allocator, AWS_CAL_ECDSA_P256); ASSERT_NOT_NULL(key_pair); @@ -768,7 +770,7 @@ AWS_TEST_CASE(ecc_key_pair_random_ref_count_test, s_ecc_key_pair_random_ref_coun static int s_ecc_key_pair_public_ref_count_test(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); uint8_t x[] = { 0x1c, 0xcb, 0xe9, 0x1c, 0x07, 0x5f, 0xc7, 0xf4, 0xf0, 0x33, 0xbf, 0xa2, 0x48, 0xdb, 0x8f, 0xcc, @@ -798,7 +800,7 @@ AWS_TEST_CASE(ecc_key_pair_public_ref_count_test, s_ecc_key_pair_public_ref_coun static int s_ecc_key_pair_asn1_ref_count_test(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); uint8_t asn1_encoded_full_key_raw[] = { 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x99, 0x16, 0x2a, 0x5b, 0x4e, 0x63, 0x86, 0x4c, 0x5f, 0x8e, 0x37, @@ -828,7 +830,7 @@ AWS_TEST_CASE(ecc_key_pair_asn1_ref_count_test, s_ecc_key_pair_asn1_ref_count_te static int s_ecc_key_pair_private_ref_count_test(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); uint8_t d[] = { 0xc9, 0x80, 0x68, 0x98, 0xa0, 0x33, 0x49, 0x16, 0xc8, 0x60, 0x74, 0x88, 0x80, 0xa5, 0x41, 0xf0, @@ -992,7 +994,7 @@ static int s_test_key_gen_from_private_fuzz( static int s_ecc_key_gen_from_private_fuzz_test(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); ASSERT_SUCCESS(s_test_key_gen_from_private_fuzz(allocator, AWS_CAL_ECDSA_P256, 1000)); ASSERT_SUCCESS(s_test_key_gen_from_private_fuzz(allocator, AWS_CAL_ECDSA_P384, 1000)); aws_cal_library_clean_up(); diff --git a/tests/md5_test.c b/tests/md5_test.c index a64312d8..4bde78f1 100644 --- a/tests/md5_test.c +++ b/tests/md5_test.c @@ -5,7 +5,7 @@ #include #include -#include +#include "test_case_helper.h" /* * these are the rfc1321 test vectors @@ -241,7 +241,7 @@ AWS_TEST_CASE(md5_rfc1321_test_case_7_truncated, s_md5_rfc1321_test_case_7_trunc static int s_md5_verify_known_collision_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); uint8_t message_1[] = { 0xd1, 0x31, 0xdd, 0x02, 0xc5, 0xe6, 0xee, 0xc4, 0x69, 0x3d, 0x9a, 0x06, 0x98, 0xaf, 0xf9, 0x5c, @@ -312,7 +312,7 @@ AWS_TEST_CASE(md5_verify_known_collision, s_md5_verify_known_collision_fn) static int s_md5_invalid_buffer_size_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("123456789012345678901234567890123456789012345" "67890123456789012345678901234567890"); @@ -333,7 +333,7 @@ AWS_TEST_CASE(md5_invalid_buffer_size, s_md5_invalid_buffer_size_fn) static int s_md5_test_invalid_state_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("123456789012345678901234567890123456789012345" "67890123456789012345678901234567890"); @@ -361,7 +361,7 @@ AWS_TEST_CASE(md5_test_invalid_state, s_md5_test_invalid_state_fn) static int s_md5_test_extra_buffer_space_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("123456789012345678901234567890123456789012345" "67890123456789012345678901234567890"); diff --git a/tests/rsa_test.c b/tests/rsa_test.c index d6a118eb..af645531 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -10,6 +10,8 @@ #include #include +#include "test_case_helper.h" + /* * TODO: Need better test vectors. NIST ones are a pain to use. * For now using manually generated vectors and relying on round tripping. @@ -123,7 +125,7 @@ static int s_rsa_encryption_roundtrip_from_user( static int s_rsa_encryption_roundtrip_pkcs1_from_user(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); ASSERT_SUCCESS(s_rsa_encryption_roundtrip_from_user(allocator, AWS_CAL_RSA_ENCRYPTION_PKCS1_5)); @@ -136,7 +138,7 @@ AWS_TEST_CASE(rsa_encryption_roundtrip_pkcs1_from_user, s_rsa_encryption_roundtr static int s_rsa_encryption_roundtrip_oaep_sha256_from_user(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); ASSERT_SUCCESS(s_rsa_encryption_roundtrip_from_user(allocator, AWS_CAL_RSA_ENCRYPTION_OAEP_SHA256)); @@ -149,7 +151,7 @@ AWS_TEST_CASE(rsa_encryption_roundtrip_oaep_sha256_from_user, s_rsa_encryption_r static int s_rsa_encryption_roundtrip_oaep_sha512_from_user(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); ASSERT_SUCCESS(s_rsa_encryption_roundtrip_from_user(allocator, AWS_CAL_RSA_ENCRYPTION_OAEP_SHA512)); @@ -211,7 +213,7 @@ static int s_rsa_verify_signing_pkcs1_sha256(struct aws_allocator *allocator, vo (void)ctx; struct aws_byte_cursor message = aws_byte_cursor_from_c_str(TEST_ENCRYPTION_STRING); - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_buf public_key_buf; ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur( @@ -249,7 +251,7 @@ static int s_rsa_verify_signing_pss_sha256(struct aws_allocator *allocator, void (void)ctx; struct aws_byte_cursor message = aws_byte_cursor_from_c_str(TEST_ENCRYPTION_STRING); - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_buf public_key_buf; ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur( @@ -286,7 +288,7 @@ AWS_TEST_CASE(rsa_verify_signing_pss_sha256, s_rsa_verify_signing_pss_sha256); static int s_rsa_decrypt_pkcs1(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_buf private_key_buf; ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur( @@ -324,7 +326,7 @@ AWS_TEST_CASE(rsa_decrypt_pkcs1, s_rsa_decrypt_pkcs1); static int s_rsa_decrypt_oaep256(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_buf private_key_buf; ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur( @@ -362,7 +364,7 @@ AWS_TEST_CASE(rsa_decrypt_oaep256, s_rsa_decrypt_oaep256); static int s_rsa_decrypt_oaep512(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_buf private_key_buf; ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur( @@ -481,7 +483,7 @@ static int s_rsa_signing_roundtrip_from_user( static int s_rsa_signing_roundtrip_pkcs1_sha256_from_user(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); ASSERT_SUCCESS( s_rsa_signing_roundtrip_from_user(allocator, AWS_CAL_RSA_SIGNATURE_PKCS1_5_SHA256, TEST_RSA_SIGNATURE_PKCS1)); @@ -495,7 +497,7 @@ AWS_TEST_CASE(rsa_signing_roundtrip_pkcs1_sha256_from_user, s_rsa_signing_roundt static int s_rsa_signing_roundtrip_pss_sha256_from_user(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); #if defined(AWS_OS_MACOS) if (__builtin_available(macOS 10.12, *)) { @@ -518,7 +520,7 @@ AWS_TEST_CASE(rsa_signing_roundtrip_pss_sha256_from_user, s_rsa_signing_roundtri static int s_rsa_getters(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_buf private_key_buf; ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur( @@ -615,7 +617,7 @@ static int s_rsa_private_pkcs1_der_parsing(struct aws_allocator *allocator, void 0x6e, 0xc1, 0x19, 0x6a, 0x82, 0xaf, 0xdc, 0xbd, 0x9c, 0x1b, 0x7d, 0x2a, 0xec, 0x8d, 0xd5, 0x59, 0x4d, 0x6f, 0x38, 0x89, 0xa7, 0xe5, 0x1c, 0x29, 0x57}; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_buf private_key_buf; ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur( @@ -665,7 +667,7 @@ static int s_rsa_public_pkcs1_der_parsing(struct aws_allocator *allocator, void static uint8_t e[] = {0x01, 0x00, 0x01}; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_buf public_key_buf; ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur( @@ -694,7 +696,7 @@ static int s_rsa_signing_mismatch_pkcs1_sha256(struct aws_allocator *allocator, (void)ctx; struct aws_byte_cursor message = aws_byte_cursor_from_c_str(TEST_ENCRYPTION_STRING); - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_buf public_key_buf; ASSERT_SUCCESS(s_byte_buf_decoded_from_base64_cur( diff --git a/tests/sha1_test.c b/tests/sha1_test.c index ffe08e10..1858440e 100644 --- a/tests/sha1_test.c +++ b/tests/sha1_test.c @@ -6,7 +6,7 @@ #include #include -#include +#include "test_case_helper.h" /* * these are the NIST test vectors, as compiled here: * https://www.di-mgt.com.au/sha_testvectors.html @@ -78,7 +78,7 @@ AWS_TEST_CASE(sha1_nist_test_case_4, s_sha1_nist_test_case_4_fn) static int s_sha1_nist_test_case_5_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_hash *hash = aws_sha1_new(allocator); ASSERT_NOT_NULL(hash); @@ -112,7 +112,7 @@ AWS_TEST_CASE(sha1_nist_test_case_5, s_sha1_nist_test_case_5_fn) static int s_sha1_nist_test_case_5_truncated_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_hash *hash = aws_sha1_new(allocator); ASSERT_NOT_NULL(hash); @@ -144,7 +144,7 @@ AWS_TEST_CASE(sha1_nist_test_case_5_truncated, s_sha1_nist_test_case_5_truncated static int s_sha1_nist_test_case_6_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_hash *hash = aws_sha1_new(allocator); ASSERT_NOT_NULL(hash); @@ -180,7 +180,7 @@ AWS_TEST_CASE(sha1_nist_test_case_6, s_sha1_nist_test_case_6_fn) static int s_sha1_test_invalid_buffer_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghij" "klmghijklmnhijklmnoijklmnopjklmnopqklm" @@ -201,7 +201,7 @@ AWS_TEST_CASE(sha1_test_invalid_buffer, s_sha1_test_invalid_buffer_fn) static int s_sha1_test_oneshot_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghij" "klmghijklmnhijklmnoijklmnopjklmnopqklm" @@ -228,7 +228,7 @@ AWS_TEST_CASE(sha1_test_oneshot, s_sha1_test_oneshot_fn) static int s_sha1_test_invalid_state_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghij" "klmghijklmnhijklmnoijklmnopjklmnopqklm" @@ -257,7 +257,7 @@ AWS_TEST_CASE(sha1_test_invalid_state, s_sha1_test_invalid_state_fn) static int s_sha1_test_extra_buffer_space_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("123456789012345678901234567890123456789012345" "67890123456789012345678901234567890"); diff --git a/tests/sha256_hmac_test.c b/tests/sha256_hmac_test.c index 0e4e272e..6dfdcfdc 100644 --- a/tests/sha256_hmac_test.c +++ b/tests/sha256_hmac_test.c @@ -6,7 +6,7 @@ #include #include -#include +#include "test_case_helper.h" /* * these are the rfc4231 test vectors, as compiled here: @@ -212,7 +212,7 @@ AWS_TEST_CASE(sha256_hmac_rfc4231_test_case_7, s_sha256_hmac_rfc4231_test_case_7 static int s_sha256_hmac_test_oneshot_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); uint8_t secret[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, @@ -253,7 +253,7 @@ AWS_TEST_CASE(sha256_hmac_test_oneshot, s_sha256_hmac_test_oneshot_fn) static int s_sha256_hmac_test_invalid_buffer_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); uint8_t secret[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, @@ -288,7 +288,7 @@ AWS_TEST_CASE(sha256_hmac_test_invalid_buffer, s_sha256_hmac_test_invalid_buffer static int s_sha256_hmac_test_invalid_state_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); uint8_t secret[] = { 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, @@ -330,7 +330,7 @@ AWS_TEST_CASE(sha256_hmac_test_invalid_state, s_sha256_hmac_test_invalid_state_f static int s_sha256_hmac_test_extra_buffer_space_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); uint8_t secret[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, diff --git a/tests/sha256_test.c b/tests/sha256_test.c index 3bc67097..c0ed6ede 100644 --- a/tests/sha256_test.c +++ b/tests/sha256_test.c @@ -6,7 +6,7 @@ #include #include -#include +#include "test_case_helper.h" /* * these are the NIST test vectors, as compiled here: * https://www.di-mgt.com.au/sha_testvectors.html @@ -78,7 +78,7 @@ AWS_TEST_CASE(sha256_nist_test_case_4, s_sha256_nist_test_case_4_fn) static int s_sha256_nist_test_case_5_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_hash *hash = aws_sha256_new(allocator); ASSERT_NOT_NULL(hash); @@ -112,7 +112,7 @@ AWS_TEST_CASE(sha256_nist_test_case_5, s_sha256_nist_test_case_5_fn) static int s_sha256_nist_test_case_5_truncated_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_hash *hash = aws_sha256_new(allocator); ASSERT_NOT_NULL(hash); @@ -160,7 +160,7 @@ AWS_TEST_CASE(sha256_nist_test_case_5_truncated, s_sha256_nist_test_case_5_trunc static int s_sha256_nist_test_case_6_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_hash *hash = aws_sha256_new(allocator); ASSERT_NOT_NULL(hash); @@ -196,7 +196,7 @@ AWS_TEST_CASE(sha256_nist_test_case_6, s_sha256_nist_test_case_6_fn) static int s_sha256_test_invalid_buffer_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghij" "klmghijklmnhijklmnoijklmnopjklmnopqklm" @@ -217,7 +217,7 @@ AWS_TEST_CASE(sha256_test_invalid_buffer, s_sha256_test_invalid_buffer_fn) static int s_sha256_test_oneshot_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghij" "klmghijklmnhijklmnoijklmnopjklmnopqklm" @@ -244,7 +244,7 @@ AWS_TEST_CASE(sha256_test_oneshot, s_sha256_test_oneshot_fn) static int s_sha256_test_invalid_state_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghij" "klmghijklmnhijklmnoijklmnopjklmnopqklm" @@ -274,7 +274,7 @@ AWS_TEST_CASE(sha256_test_invalid_state, s_sha256_test_invalid_state_fn) static int s_sha256_test_extra_buffer_space_fn(struct aws_allocator *allocator, void *ctx) { (void)ctx; - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); struct aws_byte_cursor input = aws_byte_cursor_from_c_str("123456789012345678901234567890123456789012345" "67890123456789012345678901234567890"); diff --git a/tests/test_case_helper.h b/tests/test_case_helper.h index e177ae28..54488133 100644 --- a/tests/test_case_helper.h +++ b/tests/test_case_helper.h @@ -1,3 +1,5 @@ +#ifndef AWS_CAL_TEST_CASE_HELPER_H +#define AWS_CAL_TEST_CASE_HELPER_H /** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. @@ -5,6 +7,35 @@ #include #include #include +#include +#include + +#if !defined(BYO_CRYPTO) && !defined(AWS_OS_APPLE) && !defined(AWS_OS_WINDOWS) +# include +#endif + +/** + * If $AWS_TEST_FIPS env-var is set, turn on FIPS mode. + * Then do normal aws_cal_library_init() + */ +static inline void aws_cal_library_test_init(struct aws_allocator *allocator) { + struct aws_string *key_AWS_TEST_FIPS = aws_string_new_from_c_str(allocator, "AWS_TEST_FIPS"); + struct aws_string *val_AWS_TEST_FIPS = NULL; + aws_get_environment_value(allocator, key_AWS_TEST_FIPS, &val_AWS_TEST_FIPS); + bool is_fips_desired = val_AWS_TEST_FIPS != NULL; + aws_string_destroy(key_AWS_TEST_FIPS); + aws_string_destroy(val_AWS_TEST_FIPS); + + if (is_fips_desired) { +#if defined(OPENSSL_IS_AWSLC) + AWS_FATAL_ASSERT(FIPS_mode_set(1) == 1 && "FIPS_mode_set(1) must succeed"); +#else + AWS_FATAL_ASSERT(!fips_desired && "AWS_TEST_FIPS is currently only supported with AWS-LC"); +#endif + } + + aws_cal_library_init(allocator); +} static inline int s_verify_hmac_test_case( struct aws_allocator *allocator, @@ -13,7 +44,7 @@ static inline int s_verify_hmac_test_case( struct aws_byte_cursor *expected, aws_hmac_new_fn *new_fn) { - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); /* test all possible segmentation lengths from 1 byte at a time to the entire * input. Using a do-while so that we still do 1 pass on 0-length input */ @@ -53,7 +84,7 @@ static inline int s_verify_hash_test_case( struct aws_byte_cursor *expected, aws_hash_new_fn *new_fn) { - aws_cal_library_init(allocator); + aws_cal_library_test_init(allocator); /* test all possible segmentation lengths from 1 byte at a time to the entire * input. Using a do-while so that we still do 1 pass on 0-length input */ @@ -86,3 +117,5 @@ static inline int s_verify_hash_test_case( return AWS_OP_SUCCESS; } + +#endif /*AWS_CAL_TEST_CASE_HELPER_H*/