disable crypto self-test
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 15 May 2009 12:39:42 +0000 (14:39 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 15 May 2009 12:39:42 +0000 (14:39 +0200)
src/pluto/Makefile.am
src/pluto/alg/ike_alg_blowfish.c
src/pluto/alg/ike_alg_md5_sha1.c
src/pluto/alg/ike_alg_sha2.c

index c61fdd9..d8f4e10 100644 (file)
@@ -116,6 +116,11 @@ if USE_SMARTCARD
   AM_CFLAGS += -DSMARTCARD
 endif
 
+# This compile option activates the crypto self-test
+if USE_SELF_TEST
+  AM_CFLAGS += -DSELF_TEST
+endif
+
 if USE_CAPABILITIES
   pluto_LDADD += -lcap
 endif
index ad30ce4..e18d28a 100644 (file)
@@ -22,6 +22,7 @@
 #define  BLOWFISH_KEY_MIN_LEN  128
 #define  BLOWFISH_KEY_MAX_LEN  448
 
+#ifdef SELF_TEST
 
 /**
  * Blowfish CBC encryption test vectors
@@ -98,6 +99,14 @@ static const enc_testvector_t bf_enc_testvectors[] = {
        { 0, NULL, NULL, 0, NULL, NULL }
 };
 
+#define BF_ENC_TESTVECTORS             bf_enc_testvectors
+
+#else
+
+#define BF_ENC_TESTVECTORS             NULL
+
+#endif
+
 struct encrypt_desc encrypt_desc_blowfish =
 {
        algo_type: IKE_ALG_ENCRYPT,
@@ -108,6 +117,6 @@ struct encrypt_desc encrypt_desc_blowfish =
        keyminlen:              BLOWFISH_KEY_MIN_LEN,
        keydeflen:              BLOWFISH_KEY_MIN_LEN,
        keymaxlen:              BLOWFISH_KEY_MAX_LEN,
-       enc_testvectors: bf_enc_testvectors,
+       enc_testvectors: BF_ENC_TESTVECTORS,
 };
 
index 6e4c28d..3a8c489 100644 (file)
@@ -19,6 +19,8 @@
 
 #include "ike_alg.h"
 
+#ifdef SELF_TEST
+
 /* MD5 hash test vectors
  * from RFC 1321 "MD5 Message-Digest Algorithm"
  * April 1992, R. Rivest, RSA Data Security
@@ -251,16 +253,28 @@ static const hmac_testvector_t md5_hmac_testvectors[] = {
        { 0, NULL, 0, NULL, NULL }
 };
 
+#define MD5_HASH_TESTVECTORS           md5_hash_testvectors
+#define MD5_HMAC_TESTVECTORS           md5_hmac_testvectors
+
+#else
+
+#define MD5_HASH_TESTVECTORS           NULL
+#define MD5_HMAC_TESTVECTORS           NULL
+
+#endif
+
 struct hash_desc hash_desc_md5 =
 {       
        algo_type: IKE_ALG_HASH,
        algo_id:   OAKLEY_MD5,
        algo_next: NULL, 
        hash_digest_size: HASH_SIZE_MD5,
-       hash_testvectors: md5_hash_testvectors,
-       hmac_testvectors: md5_hmac_testvectors,
+       hash_testvectors: MD5_HASH_TESTVECTORS,
+       hmac_testvectors: MD5_HMAC_TESTVECTORS,
 };
 
+#ifdef SELF_TEST
+
 /* SHA-1 test vectors
  * from "The Secure Hash Algorithm Validation System (SHAVS)"
  * July 22, 2004, Lawrence E. Bassham III, NIST
@@ -387,13 +401,23 @@ static const hmac_testvector_t sha1_hmac_testvectors[] = {
        { 0, NULL, 0, NULL, NULL }
 };
 
+#define SHA1_HASH_TESTVECTORS          sha1_hash_testvectors
+#define SHA1_HMAC_TESTVECTORS          sha1_hmac_testvectors
+
+#else
+
+#define SHA1_HASH_TESTVECTORS          NULL
+#define SHA1_HMAC_TESTVECTORS          NULL
+
+#endif
+
 struct hash_desc hash_desc_sha1 =
 {       
        algo_type: IKE_ALG_HASH,
        algo_id:   OAKLEY_SHA,
        algo_next: NULL, 
        hash_digest_size: HASH_SIZE_SHA1,
-       hash_testvectors: sha1_hash_testvectors,
-       hmac_testvectors: sha1_hmac_testvectors
+       hash_testvectors: SHA1_HASH_TESTVECTORS,
+       hmac_testvectors: SHA1_HMAC_TESTVECTORS
 };
 
index a9c2565..601c97e 100644 (file)
@@ -19,6 +19,8 @@
 
 #include "ike_alg.h"
 
+#ifdef SELF_TEST
+
 /* SHA-256 hash test vectors
  * from "The Secure Hash Algorithm Validation System (SHAVS)"
  * July 22, 2004, Lawrence E. Bassham III, NIST
@@ -555,13 +557,31 @@ static const hmac_testvector_t sha512_hmac_testvectors[] = {
     { 0, NULL, 0, NULL, NULL }
 };
 
+#define SHA256_HASH_TESTVECTORS                sha256_hash_testvectors
+#define SHA256_HMAC_TESTVECTORS                sha256_hmac_testvectors
+#define SHA384_HASH_TESTVECTORS                sha384_hash_testvectors
+#define SHA384_HMAC_TESTVECTORS                sha384_hmac_testvectors
+#define SHA512_HASH_TESTVECTORS                sha512_hash_testvectors
+#define SHA512_HMAC_TESTVECTORS                sha512_hmac_testvectors
+
+#else
+
+#define SHA256_HASH_TESTVECTORS                NULL
+#define SHA256_HMAC_TESTVECTORS                NULL
+#define SHA384_HASH_TESTVECTORS                NULL
+#define SHA384_HMAC_TESTVECTORS                NULL
+#define SHA512_HASH_TESTVECTORS                NULL
+#define SHA512_HMAC_TESTVECTORS                NULL
+
+#endif
+
 struct hash_desc hash_desc_sha2_256 = {
        algo_type: IKE_ALG_HASH,
        algo_id:   OAKLEY_SHA2_256,
        algo_next: NULL,
        hash_digest_size: HASH_SIZE_SHA256,
-       hash_testvectors: sha256_hash_testvectors,
-       hmac_testvectors: sha256_hmac_testvectors
+       hash_testvectors: SHA256_HASH_TESTVECTORS,
+       hmac_testvectors: SHA256_HMAC_TESTVECTORS
 };
 
 struct hash_desc hash_desc_sha2_384 = {
@@ -569,8 +589,8 @@ struct hash_desc hash_desc_sha2_384 = {
        algo_id:   OAKLEY_SHA2_384,
        algo_next: NULL,
        hash_digest_size: HASH_SIZE_SHA384,
-       hash_testvectors: sha384_hash_testvectors,
-       hmac_testvectors: sha384_hmac_testvectors
+       hash_testvectors: SHA384_HASH_TESTVECTORS,
+       hmac_testvectors: SHA384_HMAC_TESTVECTORS
 };
 
 struct hash_desc hash_desc_sha2_512 = {
@@ -578,7 +598,7 @@ struct hash_desc hash_desc_sha2_512 = {
        algo_id:   OAKLEY_SHA2_512,
        algo_next: NULL,
        hash_digest_size: HASH_SIZE_SHA512,
-       hash_testvectors: sha512_hash_testvectors,
-       hmac_testvectors: sha512_hmac_testvectors
+       hash_testvectors: SHA512_HASH_TESTVECTORS,
+       hmac_testvectors: SHA512_HMAC_TESTVECTORS
 };