[PATCH] tests: Test gcry_pk_hash_sign w/explicit hash algo

Clemens Lang cllang at redhat.com
Wed Jul 6 16:55:59 CEST 2022


 * tests/t-ecdsa.c (one_test_sexp): Re-run signature operation with hash
   algorithm explicitly specified in data_tmpl as documented in the
   manpage.

--

The code path to decode the explicit hash algorithm specification in
data_tmpl was previously not covered by tests. Verifying with
a data_tmpl that contains the hash algorithm as string currently fails
and should be enabled later. See also https://dev.gnupg.org/T6066.

Signed-off-by: Clemens Lang <cllang at redhat.com>
---
 tests/t-ecdsa.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/tests/t-ecdsa.c b/tests/t-ecdsa.c
index fa0a2ef9..725fcb4f 100644
--- a/tests/t-ecdsa.c
+++ b/tests/t-ecdsa.c
@@ -225,10 +225,11 @@ one_test_sexp (const char *curvename, const char *sha_alg,
   gcry_ctx_t ctx = NULL;
   int md_algo;
   const char *data_tmpl;
+  char data_tmpl2[256];
   gcry_md_hd_t hd = NULL;
   gcry_sexp_t s_pk = NULL;
   gcry_sexp_t s_sk = NULL;
-  gcry_sexp_t s_sig= NULL;
+  gcry_sexp_t s_sig = NULL, s_sig2 = NULL;
   gcry_sexp_t s_tmp, s_tmp2;
   unsigned char *out_r = NULL;
   unsigned char *out_s = NULL;
@@ -373,6 +374,21 @@ one_test_sexp (const char *curvename, const char *sha_alg,
       goto leave;
     }
 
+  if (snprintf (data_tmpl2, sizeof(data_tmpl2),
+                "(data(flags raw)(hash %s %%b)(label %%b))",
+                gcry_md_algo_name(md_algo)) >= sizeof(data_tmpl2))
+    {
+      fail ("snprintf out of bounds");
+      goto leave;
+    }
+  err = gcry_pk_hash_sign (&s_sig2, data_tmpl2, s_sk, hd, ctx);
+  if (err)
+    {
+      fail ("gcry_pk_hash_sign with explicit hash algorithm %s failed: %s",
+            gcry_md_algo_name (md_algo), gpg_strerror (err));
+      goto leave;
+    }
+
   out_r_len = out_s_len = 0;
   out_s = out_r = NULL;
   s_tmp2 = NULL;
@@ -470,11 +486,20 @@ one_test_sexp (const char *curvename, const char *sha_alg,
       if (err)
         fail ("gcry_pk_hash_verify failed for test: %s",
               gpg_strerror (err));
+
+      /* TODO Verifying with data_tmpl2 crashes because gcry_pk_hash_verify()
+       * does not support specifying the hash algorithm explicitly. See
+       * https://dev.gnupg.org/T6066, which tracks this problem. */
+      err = gcry_pk_hash_verify (s_sig2, data_tmpl, s_pk, hd, ctx);
+      if (err)
+        fail ("gcry_pk_hash_verify with explicit hash algorithm %s failed: %s",
+              gcry_md_algo_name (md_algo), gpg_strerror (err));
     }
 
  leave:
   gcry_ctx_release (ctx);
   gcry_sexp_release (s_sig);
+  gcry_sexp_release (s_sig2);
   gcry_sexp_release (s_sk);
   gcry_sexp_release (s_pk);
   if (hd)
-- 
2.35.3




More information about the Gcrypt-devel mailing list