disable crypto self-test

2009-05-15 14:39:42 +02:00 · 2009-05-15 14:39:42 +02:00 · e209c4d820
parent deb73fee10
commit e209c4d820
4 changed files with 69 additions and 11 deletions
--- a/src/pluto/Makefile.am
+++ b/src/pluto/Makefile.am
@ -116,6 +116,11 @@ if USE_SMARTCARD
  AM_CFLAGS += -DSMARTCARD
 endif

+# This compile option activates the crypto self-test
+if USE_SELF_TEST
+  AM_CFLAGS += -DSELF_TEST
+endif
+
 if USE_CAPABILITIES
  pluto_LDADD += -lcap
 endif
--- a/src/pluto/alg/ike_alg_blowfish.c
+++ b/src/pluto/alg/ike_alg_blowfish.c
@ -22,6 +22,7 @@
 #define  BLOWFISH_KEY_MIN_LEN	128
 #define  BLOWFISH_KEY_MAX_LEN	448

+#ifdef SELF_TEST

 /**
 * Blowfish CBC encryption test vectors
@ -98,6 +99,14 @@ static const enc_testvector_t bf_enc_testvectors[] = {
 	{ 0, NULL, NULL, 0, NULL, NULL }
 };

+#define BF_ENC_TESTVECTORS		bf_enc_testvectors
+
+#else
+
+#define BF_ENC_TESTVECTORS		NULL
+
+#endif
+
 struct encrypt_desc encrypt_desc_blowfish =
 {
 	algo_type: IKE_ALG_ENCRYPT,
@ -108,6 +117,6 @@ struct encrypt_desc encrypt_desc_blowfish =
 	keyminlen:		BLOWFISH_KEY_MIN_LEN,
 	keydeflen:		BLOWFISH_KEY_MIN_LEN,
 	keymaxlen:		BLOWFISH_KEY_MAX_LEN,
-	enc_testvectors: bf_enc_testvectors,
+	enc_testvectors: BF_ENC_TESTVECTORS,
 };

--- a/src/pluto/alg/ike_alg_md5_sha1.c
+++ b/src/pluto/alg/ike_alg_md5_sha1.c
@ -19,6 +19,8 @@

 #include "ike_alg.h"

+#ifdef SELF_TEST
+
 /* MD5 hash test vectors
 * from RFC 1321 "MD5 Message-Digest Algorithm"
 * April 1992, R. Rivest, RSA Data Security
@ -251,16 +253,28 @@ static const hmac_testvector_t md5_hmac_testvectors[] = {
 	{ 0, NULL, 0, NULL, NULL }
 };

+#define MD5_HASH_TESTVECTORS		md5_hash_testvectors
+#define MD5_HMAC_TESTVECTORS		md5_hmac_testvectors
+
+#else
+
+#define MD5_HASH_TESTVECTORS		NULL
+#define MD5_HMAC_TESTVECTORS		NULL
+
+#endif
+
 struct hash_desc hash_desc_md5 =
 {       
 	algo_type: IKE_ALG_HASH,
 	algo_id:   OAKLEY_MD5,
 	algo_next: NULL, 
 	hash_digest_size: HASH_SIZE_MD5,
-	hash_testvectors: md5_hash_testvectors,
-	hmac_testvectors: md5_hmac_testvectors,
+	hash_testvectors: MD5_HASH_TESTVECTORS,
+	hmac_testvectors: MD5_HMAC_TESTVECTORS,
 };

+#ifdef SELF_TEST
+
 /* SHA-1 test vectors
 * from "The Secure Hash Algorithm Validation System (SHAVS)"
 * July 22, 2004, Lawrence E. Bassham III, NIST
@ -387,13 +401,23 @@ static const hmac_testvector_t sha1_hmac_testvectors[] = {
 	{ 0, NULL, 0, NULL, NULL }
 };

+#define SHA1_HASH_TESTVECTORS		sha1_hash_testvectors
+#define SHA1_HMAC_TESTVECTORS		sha1_hmac_testvectors
+
+#else
+
+#define SHA1_HASH_TESTVECTORS		NULL
+#define SHA1_HMAC_TESTVECTORS		NULL
+
+#endif
+
 struct hash_desc hash_desc_sha1 =
 {       
 	algo_type: IKE_ALG_HASH,
 	algo_id:   OAKLEY_SHA,
 	algo_next: NULL, 
 	hash_digest_size: HASH_SIZE_SHA1,
-	hash_testvectors: sha1_hash_testvectors,
-	hmac_testvectors: sha1_hmac_testvectors
+	hash_testvectors: SHA1_HASH_TESTVECTORS,
+	hmac_testvectors: SHA1_HMAC_TESTVECTORS
 };

--- a/src/pluto/alg/ike_alg_sha2.c
+++ b/src/pluto/alg/ike_alg_sha2.c
@ -19,6 +19,8 @@

 #include "ike_alg.h"

+#ifdef SELF_TEST
+
 /* SHA-256 hash test vectors
 * from "The Secure Hash Algorithm Validation System (SHAVS)"
 * July 22, 2004, Lawrence E. Bassham III, NIST
@ -555,13 +557,31 @@ static const hmac_testvector_t sha512_hmac_testvectors[] = {
    { 0, NULL, 0, NULL, NULL }
 };

+#define SHA256_HASH_TESTVECTORS		sha256_hash_testvectors
+#define SHA256_HMAC_TESTVECTORS		sha256_hmac_testvectors
+#define SHA384_HASH_TESTVECTORS		sha384_hash_testvectors
+#define SHA384_HMAC_TESTVECTORS		sha384_hmac_testvectors
+#define SHA512_HASH_TESTVECTORS		sha512_hash_testvectors
+#define SHA512_HMAC_TESTVECTORS		sha512_hmac_testvectors
+
+#else
+
+#define SHA256_HASH_TESTVECTORS		NULL
+#define SHA256_HMAC_TESTVECTORS		NULL
+#define SHA384_HASH_TESTVECTORS		NULL
+#define SHA384_HMAC_TESTVECTORS		NULL
+#define SHA512_HASH_TESTVECTORS		NULL
+#define SHA512_HMAC_TESTVECTORS		NULL
+
+#endif
+
 struct hash_desc hash_desc_sha2_256 = {
 	algo_type: IKE_ALG_HASH,
 	algo_id:   OAKLEY_SHA2_256,
 	algo_next: NULL,
 	hash_digest_size: HASH_SIZE_SHA256,
-	hash_testvectors: sha256_hash_testvectors,
-	hmac_testvectors: sha256_hmac_testvectors
+	hash_testvectors: SHA256_HASH_TESTVECTORS,
+	hmac_testvectors: SHA256_HMAC_TESTVECTORS
 };

 struct hash_desc hash_desc_sha2_384 = {
@ -569,8 +589,8 @@ struct hash_desc hash_desc_sha2_384 = {
 	algo_id:   OAKLEY_SHA2_384,
 	algo_next: NULL,
 	hash_digest_size: HASH_SIZE_SHA384,
-	hash_testvectors: sha384_hash_testvectors,
-	hmac_testvectors: sha384_hmac_testvectors
+	hash_testvectors: SHA384_HASH_TESTVECTORS,
+	hmac_testvectors: SHA384_HMAC_TESTVECTORS
 };

 struct hash_desc hash_desc_sha2_512 = {
@ -578,7 +598,7 @@ struct hash_desc hash_desc_sha2_512 = {
 	algo_id:   OAKLEY_SHA2_512,
 	algo_next: NULL,
 	hash_digest_size: HASH_SIZE_SHA512,
-	hash_testvectors: sha512_hash_testvectors,
-	hmac_testvectors: sha512_hmac_testvectors
+	hash_testvectors: SHA512_HASH_TESTVECTORS,
+	hmac_testvectors: SHA512_HMAC_TESTVECTORS
 };