[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-352-g9ecc269
by Vitezslav Cizek
cvs at cvs.gnupg.org
Fri Mar 18 17:56:27 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 9ecc2690181ba0bb44f66451a7dce2fc19965793 (commit)
via 1a02d741cacc3b57fe3d6ffebd794d53a60c9e97 (commit)
from 0bd8137e68c201b6c2290710e348aaf57efa2b2e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9ecc2690181ba0bb44f66451a7dce2fc19965793
Author: Vitezslav Cizek <vcizek at suse.com>
Date: Fri Mar 18 17:54:36 2016 +0100
tests: Fix testsuite after the FIPS adjustments.
* tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS.
* tests/curves.c (check_get_params): Skip Brainpool curves in FIPS.
* tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys.
(check_ecc_keys): Skip Ed25519 in FIPS mode.
* tests/random.c (main): Don't switch DRBG in FIPS mode.
* tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode.
* tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS.
* tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS.
(main): Skip math tests that use P-192 and Ed25519 in FIPS.
--
Fix the testsuite to make it pass after the FIPS adjustmens.
This consists mostly of disabling the tests that use not approved
curves and algorithms as well as increasing the keysizes.
Signed-off-by: Vitezslav Cizek <vcizek at suse.com>
Additional changes by wk:
- Removed changes already done with commit e40939b. The original
patch had these chnages:
* tests/fips186-dsa.c (main): Merely suggest a future improvement.
* tests/pubkey.c (get_dsa_key_*new): Increase keysizes.
(check_run): Skip tests with small domain in FIPS.
(main): Skip Ed25519 sample key test in FIPS.
Noet that get_dsa_key_fips186_with_seed_new was not changed from
1024 to 3072 but to 2048 bit.
- Return with 77 (skip) from t-ed25519.c in FIPS mode.
- Some code style changes.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/tests/benchmark.c b/tests/benchmark.c
index c748dac..1258b81 100644
--- a/tests/benchmark.c
+++ b/tests/benchmark.c
@@ -1434,6 +1434,12 @@ ecc_bench (int iterations, int print_header)
is_ed25519 = !strcmp (p_sizes[testno], "Ed25519");
is_gost = !strncmp (p_sizes[testno], "gost", 4);
+
+ /* Only P-{224,256,384,521} are allowed in fips mode */
+ if (gcry_fips_mode_active()
+ && (is_ed25519 || is_gost || !strcmp (p_sizes[testno], "192")))
+ continue;
+
if (is_ed25519)
{
p_size = 256;
diff --git a/tests/curves.c b/tests/curves.c
index bec48e9..2732bbd 100644
--- a/tests/curves.c
+++ b/tests/curves.c
@@ -171,6 +171,9 @@ check_get_params (void)
gcry_sexp_release (param);
+ /* Brainpool curves are not supported in fips mode */
+ if (gcry_fips_mode_active())
+ return;
param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve);
if (!param)
diff --git a/tests/keygen.c b/tests/keygen.c
index 7afa76c..dcb59e4 100644
--- a/tests/keygen.c
+++ b/tests/keygen.c
@@ -329,7 +329,7 @@ check_dsa_keys (void)
if (rc && !in_fips_mode)
die ("error generating DSA key: %s\n", gpg_strerror (rc));
else if (!rc && in_fips_mode)
- die ("generating 512 bit DSA key must not work!");
+ die ("generating 1024 bit DSA key must not work!");
if (!i && verbose > 1)
show_sexp ("1024 bit DSA key:\n", key);
gcry_sexp_release (key);
@@ -354,6 +354,60 @@ check_dsa_keys (void)
if (verbose > 1)
show_sexp ("1536 bit DSA key:\n", key);
gcry_sexp_release (key);
+
+ if (verbose)
+ show ("creating 3072 bit DSA key\n");
+ rc = gcry_sexp_new (&keyparm,
+ "(genkey\n"
+ " (dsa\n"
+ " (nbits 4:3072)\n"
+ " (qbits 3:256)\n"
+ " ))", 0, 1);
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating DSA key: %s\n", gpg_strerror (rc));
+ if (verbose > 1)
+ show_sexp ("3072 bit DSA key:\n", key);
+ gcry_sexp_release (key);
+
+ if (verbose)
+ show ("creating 2048/256 bit DSA key\n");
+ rc = gcry_sexp_new (&keyparm,
+ "(genkey\n"
+ " (dsa\n"
+ " (nbits 4:2048)\n"
+ " (qbits 3:256)\n"
+ " ))", 0, 1);
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating DSA key: %s\n", gpg_strerror (rc));
+ if (verbose > 1)
+ show_sexp ("2048 bit DSA key:\n", key);
+ gcry_sexp_release (key);
+
+ if (verbose)
+ show ("creating 2048/224 bit DSA key\n");
+ rc = gcry_sexp_new (&keyparm,
+ "(genkey\n"
+ " (dsa\n"
+ " (nbits 4:2048)\n"
+ " (qbits 3:224)\n"
+ " ))", 0, 1);
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating DSA key: %s\n", gpg_strerror (rc));
+ if (verbose > 1)
+ show_sexp ("2048 bit DSA key:\n", key);
+ gcry_sexp_release (key);
}
@@ -406,9 +460,14 @@ check_ecc_keys (void)
if (verbose)
show ("creating ECC key using curve %s\n", curves[testno]);
if (!strcmp (curves[testno], "Ed25519"))
- rc = gcry_sexp_build (&keyparm, NULL,
- "(genkey(ecc(curve %s)(flags param eddsa)))",
- curves[testno]);
+ {
+ /* Ed25519 isn't allowed in fips mode */
+ if (in_fips_mode)
+ continue;
+ rc = gcry_sexp_build (&keyparm, NULL,
+ "(genkey(ecc(curve %s)(flags param eddsa)))",
+ curves[testno]);
+ }
else
rc = gcry_sexp_build (&keyparm, NULL,
"(genkey(ecc(curve %s)(flags param)))",
@@ -459,6 +518,40 @@ check_ecc_keys (void)
" (nocomp): %s\n",
gpg_strerror (rc));
+ if (verbose)
+ show ("creating ECC key using curve NIST P-384 for ECDSA\n");
+
+ /* Must be specified as nistp384 (one word), because ecc_generate
+ * uses _gcry_sexp_nth_string which takes the first word of the name
+ * and thus libgcrypt can't find it later in its curves table. */
+ rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve nistp384)))");
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating ECC key using curve NIST P-384 for ECDSA: %s\n",
+ gpg_strerror (rc));
+
+ if (verbose > 1)
+ show_sexp ("ECC key:\n", key);
+
+ check_generated_ecc_key (key);
+ gcry_sexp_release (key);
+
+ if (verbose)
+ show ("creating ECC key using curve NIST P-384 for ECDSA (nocomp)\n");
+ rc = gcry_sexp_build (&keyparm, NULL,
+ "(genkey(ecc(curve nistp384)(flags nocomp)))");
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating ECC key using curve NIST P-384 for ECDSA"
+ " (nocomp): %s\n",
+ gpg_strerror (rc));
+
if (verbose > 1)
show_sexp ("ECC key:\n", key);
diff --git a/tests/pubkey.c b/tests/pubkey.c
index 5ed6ca1..b691913 100644
--- a/tests/pubkey.c
+++ b/tests/pubkey.c
@@ -483,8 +483,8 @@ get_dsa_key_new (gcry_sexp_t *pkey, gcry_sexp_t *skey, int transient_key)
rc = gcry_sexp_new (&key_spec,
transient_key
- ? "(genkey (dsa (nbits 4:1024)(transient-key)))"
- : "(genkey (dsa (nbits 4:1024)))",
+ ? "(genkey (dsa (nbits 4:2048)(transient-key)))"
+ : "(genkey (dsa (nbits 4:2048)))",
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
@@ -1243,7 +1243,8 @@ main (int argc, char **argv)
check_x931_derived_key (i);
check_ecc_sample_key ();
- check_ed25519ecdsa_sample_key ();
+ if (!gcry_fips_mode_active ())
+ check_ed25519ecdsa_sample_key ();
return !!error_count;
}
diff --git a/tests/random.c b/tests/random.c
index 2a4b698..3c08726 100644
--- a/tests/random.c
+++ b/tests/random.c
@@ -647,7 +647,11 @@ main (int argc, char **argv)
#endif
if (early_rng)
- check_early_rng_type_switching ();
+ {
+ /* Don't switch RNG in fips mode. */
+ if (!gcry_fips_mode_active())
+ check_early_rng_type_switching ();
+ }
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
if (!gcry_check_version (GCRYPT_VERSION))
@@ -670,7 +674,10 @@ main (int argc, char **argv)
to its high requirement for entropy. */
if (!getenv ("GCRYPT_IN_REGRESSION_TEST"))
check_drbg_reinit ();
- check_rng_type_switching ();
+
+ /* Don't switch RNG in fips mode. */
+ if (!gcry_fips_mode_active())
+ check_rng_type_switching ();
if (!in_recursion)
run_all_rng_tests (program);
diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c
index 38e154d..d63c145 100644
--- a/tests/t-ed25519.c
+++ b/tests/t-ed25519.c
@@ -548,6 +548,10 @@ main (int argc, char **argv)
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ /* Ed25519 isn't supported in fips mode */
+ if (gcry_fips_mode_active())
+ return 77;
+
start_timer ();
check_ed25519 (fname);
stop_timer ();
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index 18c8357..bf31c83 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -888,6 +888,10 @@ check_openpgp (void)
{
if (tv[tvidx].disabled)
continue;
+ /* MD5 isn't supported in fips mode */
+ if (gcry_fips_mode_active()
+ && tv[tvidx].hashalgo == GCRY_MD_MD5)
+ continue;
if (verbose)
fprintf (stderr, "checking S2K test vector %d\n", tvidx);
assert (tv[tvidx].dklen <= sizeof outbuf);
diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c
index d72cd27..55c6b66 100644
--- a/tests/t-mpi-point.c
+++ b/tests/t-mpi-point.c
@@ -540,6 +540,17 @@ context_param (void)
show ("checking standard curves\n");
for (idx=0; test_curve[idx].desc; idx++)
{
+ /* P-192 and Ed25519 are not supported in fips mode */
+ if (gcry_fips_mode_active())
+ {
+ if (!strcmp(test_curve[idx].desc, "NIST P-192")
+ || !strcmp(test_curve[idx].desc, "Ed25519"))
+ {
+ show("skipping %s in fips mode\n", test_curve[idx].desc );
+ continue;
+ }
+ }
+
gcry_ctx_release (ctx);
err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc);
if (err)
@@ -635,6 +646,10 @@ context_param (void)
gcry_sexp_release (sexp);
}
+ /* Skipping Ed25519 if in FIPS mode (it isn't supported) */
+ if (gcry_fips_mode_active())
+ goto cleanup;
+
show ("checking sample public key (Ed25519)\n");
q = hex2mpi (sample_ed25519_q);
gcry_sexp_release (keyparam);
@@ -722,6 +737,7 @@ context_param (void)
}
+ cleanup:
gcry_ctx_release (ctx);
gcry_sexp_release (keyparam);
}
@@ -1101,8 +1117,14 @@ main (int argc, char **argv)
context_alloc ();
context_param ();
basic_ec_math ();
- basic_ec_math_simplified ();
- twistededwards_math ();
+
+ /* The tests are for P-192 and ed25519 which are not supported in
+ FIPS mode. */
+ if (!gcry_fips_mode_active())
+ {
+ basic_ec_math_simplified ();
+ twistededwards_math ();
+ }
show ("All tests completed. Errors: %d\n", error_count);
return error_count ? 1 : 0;
commit 1a02d741cacc3b57fe3d6ffebd794d53a60c9e97
Author: Vitezslav Cizek <vcizek at suse.com>
Date: Fri Oct 30 17:36:03 2015 +0100
tests: Add new --pss option to fipsdrv
* tests/fipsdrv.c (run_rsa_sign, run_rsa_verify): Set salt-length
to 0 for PSS.
--
Add new --pss option to fipsdrv to specify RSA-PSS signature encoding.
Signed-off-by: Vitezslav Cizek <vcizek at suse.com>
Added by wk:
- Help string for --pss
- Check that only --pss or --pkcs1 is given.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/tests/fipsdrv.c b/tests/fipsdrv.c
index bcc56d1..49253cb 100644
--- a/tests/fipsdrv.c
+++ b/tests/fipsdrv.c
@@ -1583,7 +1583,7 @@ run_rsa_gen (int keysize, int pubexp)
encoded KEYFILE and the hash algorithm HASHALGO. */
static void
run_rsa_sign (const void *data, size_t datalen,
- int hashalgo, int pkcs1, const char *keyfile)
+ int hashalgo, int pkcs1, int pss, const char *keyfile)
{
gpg_error_t err;
@@ -1607,6 +1607,20 @@ run_rsa_sign (const void *data, size_t datalen,
gcry_md_algo_name (hashalgo),
(int)hashsize, hash);
}
+ else if (pss)
+ {
+ unsigned char hash[64];
+ unsigned int hashsize;
+
+ hashsize = gcry_md_get_algo_dlen (hashalgo);
+ if (!hashsize || hashsize > sizeof hash)
+ die ("digest too long for buffer or unknown hash algorithm\n");
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags pss)(salt-length #00#)(hash %s %b))",
+ gcry_md_algo_name (hashalgo),
+ (int)hashsize, hash);
+ }
else
{
gcry_mpi_t tmp;
@@ -1674,7 +1688,7 @@ run_rsa_sign (const void *data, size_t datalen,
binary signature in SIGFILE. */
static void
run_rsa_verify (const void *data, size_t datalen, int hashalgo, int pkcs1,
- const char *keyfile, const char *sigfile)
+ int pss, const char *keyfile, const char *sigfile)
{
gpg_error_t err;
@@ -1694,6 +1708,20 @@ run_rsa_verify (const void *data, size_t datalen, int hashalgo, int pkcs1,
gcry_md_algo_name (hashalgo),
(int)hashsize, hash);
}
+ else if (pss)
+ {
+ unsigned char hash[64];
+ unsigned int hashsize;
+
+ hashsize = gcry_md_get_algo_dlen (hashalgo);
+ if (!hashsize || hashsize > sizeof hash)
+ die ("digest too long for buffer or unknown hash algorithm\n");
+ gcry_md_hash_buffer (hashalgo, hash, data, datalen);
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags pss)(salt-length #00#)(hash %s %b))",
+ gcry_md_algo_name (hashalgo),
+ (int)hashsize, hash);
+ }
else
{
gcry_mpi_t tmp;
@@ -2285,6 +2313,7 @@ usage (int show_help)
" --signature NAME Take signature from file NAME\n"
" --chunk N Read in chunks of N bytes (implies --binary)\n"
" --pkcs1 Use PKCS#1 encoding\n"
+ " --pss Use PSS encoding with a zero length salt\n"
" --mct-server Run a monte carlo test server\n"
" --loop Enable random loop mode\n"
" --progress Print pogress indicators\n"
@@ -2302,6 +2331,7 @@ main (int argc, char **argv)
int no_fips = 0;
int progress = 0;
int use_pkcs1 = 0;
+ int use_pss = 0;
const char *mode_string;
const char *curve_string = NULL;
const char *key_string = NULL;
@@ -2432,6 +2462,11 @@ main (int argc, char **argv)
use_pkcs1 = 1;
argc--; argv++;
}
+ else if (!strcmp (*argv, "--pss"))
+ {
+ use_pss = 1;
+ argc--; argv++;
+ }
else if (!strcmp (*argv, "--mct-server"))
{
mct_server = 1;
@@ -2446,8 +2481,12 @@ main (int argc, char **argv)
if (!argc || argc > 2)
usage (0);
+
mode_string = *argv;
+ if (use_pkcs1 && use_pss)
+ die ("Only one of --pkcs or --pss may be given\n");
+
if (!strcmp (mode_string, "rsa-derive"))
binary_input = 1;
@@ -2718,7 +2757,7 @@ main (int argc, char **argv)
if (!data)
die ("no data available (do not use --chunk)\n");
- run_rsa_sign (data, datalen, algo, use_pkcs1, key_string);
+ run_rsa_sign (data, datalen, algo, use_pkcs1, use_pss, key_string);
}
else if (!strcmp (mode_string, "rsa-verify"))
@@ -2741,7 +2780,7 @@ main (int argc, char **argv)
if (access (signature_string, R_OK))
die ("option --signature needs to specify an existing file\n");
- run_rsa_verify (data, datalen, algo, use_pkcs1, key_string,
+ run_rsa_verify (data, datalen, algo, use_pkcs1, use_pss, key_string,
signature_string);
}
-----------------------------------------------------------------------
Summary of changes:
tests/benchmark.c | 6 ++++
tests/curves.c | 3 ++
tests/fipsdrv.c | 47 +++++++++++++++++++++---
tests/keygen.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++++---
tests/pubkey.c | 7 ++--
tests/random.c | 11 ++++--
tests/t-ed25519.c | 4 +++
tests/t-kdf.c | 4 +++
tests/t-mpi-point.c | 26 ++++++++++++--
9 files changed, 194 insertions(+), 15 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits
More information about the Gcrypt-devel
mailing list