diff options
author | Jakub Jelen <jjelen@redhat.com> | 2019-05-29 17:45:30 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-13 16:29:32 +0200 |
commit | c7c3c16fc8bfecacff8629b7d64f4778d85cd55f (patch) | |
tree | 4f483434dc4cedd6ca3a73915308112cae8d3798 | |
parent | bfafdab0356aab222984f99dc4d0101a1a87640e (diff) | |
download | libssh-c7c3c16fc8bfecacff8629b7d64f4778d85cd55f.tar.gz libssh-c7c3c16fc8bfecacff8629b7d64f4778d85cd55f.tar.xz libssh-c7c3c16fc8bfecacff8629b7d64f4778d85cd55f.zip |
tests: There is no 8B block cipher in FIPS Mode
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | tests/client/torture_rekey.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/tests/client/torture_rekey.c b/tests/client/torture_rekey.c index 16cc46f8..44d68e1d 100644 --- a/tests/client/torture_rekey.c +++ b/tests/client/torture_rekey.c @@ -107,10 +107,18 @@ static void torture_rekey_default(void **state) int rc; struct ssh_crypto_struct *c = NULL; - /* Define preferred ciphers: (out) C->S has 8B block, (in) S->C has 16B block */ - rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_CIPHERS_C_S, - "chacha20-poly1305@openssh.com"); + /* Define preferred ciphers: */ + if (ssh_fips_mode()) { + /* We do not have any FIPS allowed cipher with different block size */ + rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_CIPHERS_C_S, + "aes128-gcm@openssh.com"); + } else { + /* (out) C->S has 8B block */ + rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_CIPHERS_C_S, + "chacha20-poly1305@openssh.com"); + } assert_ssh_return_code(s->ssh.session, rc); + /* (in) S->C has 16B block */ rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_CIPHERS_S_C, "aes128-cbc"); assert_ssh_return_code(s->ssh.session, rc); @@ -123,9 +131,15 @@ static void torture_rekey_default(void **state) /* For S->C (in) we have 16B block => 2**(L/4) blocks */ assert_int_equal(c->in_cipher->max_blocks, (uint64_t)1 << (2 * c->in_cipher->blocksize)); - /* The C->S (out) we have 8B block => 1 GB limit */ - assert_int_equal(c->out_cipher->max_blocks, - ((uint64_t)1 << 30) / c->out_cipher->blocksize); + if (ssh_fips_mode()) { + /* We do not have any FIPS allowed cipher with different block size */ + assert_int_equal(c->in_cipher->max_blocks, + (uint64_t)1 << (2 * c->in_cipher->blocksize)); + } else { + /* The C->S (out) we have 8B block => 1 GB limit */ + assert_int_equal(c->out_cipher->max_blocks, + ((uint64_t)1 << 30) / c->out_cipher->blocksize); + } ssh_disconnect(s->ssh.session); } |