[PATCH] tests: Test gcry_pk_hash_sign w/explicit hash algo
Clemens Lang
cllang at redhat.com
Wed Jul 6 16:55:59 CEST 2022
* tests/t-ecdsa.c (one_test_sexp): Re-run signature operation with hash
algorithm explicitly specified in data_tmpl as documented in the
manpage.
--
The code path to decode the explicit hash algorithm specification in
data_tmpl was previously not covered by tests. Verifying with
a data_tmpl that contains the hash algorithm as string currently fails
and should be enabled later. See also https://dev.gnupg.org/T6066.
Signed-off-by: Clemens Lang <cllang at redhat.com>
---
tests/t-ecdsa.c | 27 ++++++++++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/tests/t-ecdsa.c b/tests/t-ecdsa.c
index fa0a2ef9..725fcb4f 100644
--- a/tests/t-ecdsa.c
+++ b/tests/t-ecdsa.c
@@ -225,10 +225,11 @@ one_test_sexp (const char *curvename, const char *sha_alg,
gcry_ctx_t ctx = NULL;
int md_algo;
const char *data_tmpl;
+ char data_tmpl2[256];
gcry_md_hd_t hd = NULL;
gcry_sexp_t s_pk = NULL;
gcry_sexp_t s_sk = NULL;
- gcry_sexp_t s_sig= NULL;
+ gcry_sexp_t s_sig = NULL, s_sig2 = NULL;
gcry_sexp_t s_tmp, s_tmp2;
unsigned char *out_r = NULL;
unsigned char *out_s = NULL;
@@ -373,6 +374,21 @@ one_test_sexp (const char *curvename, const char *sha_alg,
goto leave;
}
+ if (snprintf (data_tmpl2, sizeof(data_tmpl2),
+ "(data(flags raw)(hash %s %%b)(label %%b))",
+ gcry_md_algo_name(md_algo)) >= sizeof(data_tmpl2))
+ {
+ fail ("snprintf out of bounds");
+ goto leave;
+ }
+ err = gcry_pk_hash_sign (&s_sig2, data_tmpl2, s_sk, hd, ctx);
+ if (err)
+ {
+ fail ("gcry_pk_hash_sign with explicit hash algorithm %s failed: %s",
+ gcry_md_algo_name (md_algo), gpg_strerror (err));
+ goto leave;
+ }
+
out_r_len = out_s_len = 0;
out_s = out_r = NULL;
s_tmp2 = NULL;
@@ -470,11 +486,20 @@ one_test_sexp (const char *curvename, const char *sha_alg,
if (err)
fail ("gcry_pk_hash_verify failed for test: %s",
gpg_strerror (err));
+
+ /* TODO Verifying with data_tmpl2 crashes because gcry_pk_hash_verify()
+ * does not support specifying the hash algorithm explicitly. See
+ * https://dev.gnupg.org/T6066, which tracks this problem. */
+ err = gcry_pk_hash_verify (s_sig2, data_tmpl, s_pk, hd, ctx);
+ if (err)
+ fail ("gcry_pk_hash_verify with explicit hash algorithm %s failed: %s",
+ gcry_md_algo_name (md_algo), gpg_strerror (err));
}
leave:
gcry_ctx_release (ctx);
gcry_sexp_release (s_sig);
+ gcry_sexp_release (s_sig2);
gcry_sexp_release (s_sk);
gcry_sexp_release (s_pk);
if (hd)
--
2.35.3
More information about the Gcrypt-devel
mailing list