[svn] gcry - r1327 - in trunk: cipher src
svn author wk
cvs at cvs.gnupg.org
Fri Sep 12 16:47:29 CEST 2008
Author: wk
Date: 2008-09-12 16:47:28 +0200 (Fri, 12 Sep 2008)
New Revision: 1327
Modified:
trunk/cipher/ChangeLog
trunk/cipher/cipher.c
trunk/cipher/des.c
trunk/cipher/dsa.c
trunk/cipher/hmac-tests.c
trunk/cipher/md.c
trunk/cipher/pubkey.c
trunk/cipher/rijndael.c
trunk/cipher/rsa.c
trunk/cipher/sha1.c
trunk/cipher/sha256.c
trunk/cipher/sha512.c
trunk/src/ChangeLog
trunk/src/cipher-proto.h
trunk/src/fips.c
trunk/src/g10lib.h
trunk/src/global.c
Log:
Only run required tests during power-up self-test.
Enter error state after a failed key generation tests.
Modified: trunk/cipher/ChangeLog
===================================================================
--- trunk/cipher/ChangeLog 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/ChangeLog 2008-09-12 14:47:28 UTC (rev 1327)
@@ -1,5 +1,41 @@
2008-09-12 Werner Koch <wk at g10code.com>
+ * cipher.c (_gcry_cipher_selftest): Add arg EXTENDED and pass it
+ to the called tests.
+ * md.c (_gcry_md_selftest): Ditto.
+ * pubkey.c (_gcry_pk_selftest): Ditto.
+ * rijndael.c (run_selftests): Add arg EXTENDED and pass it to the
+ called tests.
+ (selftest_fips_128): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftest_fips_192): Add dummy arg EXTENDED.
+ (selftest_fips_256): Ditto.
+ * hmac-tests.c (_gcry_hmac_selftest): Ditto.
+ (run_selftests): Ditto.
+ (selftests_sha1): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftests_sha224, selftests_sha256): Ditto.
+ (selftests_sha384, selftests_sha512): Ditto.
+ * sha1.c (run_selftests): Add arg EXTENDED and pass it to the
+ called test.
+ (selftests_sha1): Add arg EXTENDED and run only one test
+ non-extended mode.
+ * sha256.c (run_selftests): Add arg EXTENDED and pass it to the
+ called tests.
+ (selftests_sha224): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftests_sha256): Ditto.
+ * sha512.c (run_selftests): Add arg EXTENDED and pass it to the
+ called tests.
+ (selftests_sha384): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftests_sha512): Ditto.
+ * des.c (run_selftests): Add arg EXTENDED and pass it to the
+ called test.
+ (selftest_fips): Add dummy arg EXTENDED.
+ * rsa.c (run_selftests): Add dummy arg EXTENDED.
+ * dsa.c (run_selftests): Add dummy arg EXTENDED.
+
* rsa.c (extract_a_from_sexp): New.
(selftest_encr_1024): Check that the ciphertext does not match the
plaintext.
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/src/ChangeLog 2008-09-12 14:47:28 UTC (rev 1327)
@@ -1,3 +1,10 @@
+2008-09-12 Werner Koch <wk at g10code.com>
+
+ * fips.c (_gcry_fips_run_selftests): Add arg EXTENDED.
+ (run_cipher_selftests, run_digest_selftests, run_hmac_selftests)
+ (run_pubkey_selftests): Ditto.
+ * cipher-proto.h (selftest_func_t): Add arg EXTENDED
+
2008-09-11 Werner Koch <wk at g10code.com>
* fips.c: Include string.h.
Modified: trunk/cipher/cipher.c
===================================================================
--- trunk/cipher/cipher.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/cipher.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -1859,7 +1859,7 @@
/* Run the selftests for cipher algorithm ALGO with optional reporting
function REPORT. */
gpg_error_t
-_gcry_cipher_selftest (int algo, selftest_report_func_t report)
+_gcry_cipher_selftest (int algo, int extended, selftest_report_func_t report)
{
gcry_module_t module = NULL;
cipher_extra_spec_t *extraspec = NULL;
@@ -1873,7 +1873,7 @@
extraspec = module->extraspec;
ath_mutex_unlock (&ciphers_registered_lock);
if (extraspec && extraspec->selftest)
- ec = extraspec->selftest (algo, report);
+ ec = extraspec->selftest (algo, extended, report);
else
{
ec = GPG_ERR_CIPHER_ALGO;
Modified: trunk/cipher/des.c
===================================================================
--- trunk/cipher/des.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/des.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -1089,11 +1089,13 @@
/* Selftest for TripleDES. */
static gpg_err_code_t
-selftest_fips (selftest_report_func_t report)
+selftest_fips (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
+ (void)extended; /* No extended tests available. */
+
what = "low-level";
errtxt = selftest ();
if (errtxt)
@@ -1116,14 +1118,14 @@
/* Run a full self-test for ALGO and return 0 on success. */
static gpg_err_code_t
-run_selftests (int algo, selftest_report_func_t report)
+run_selftests (int algo, int extended, selftest_report_func_t report)
{
gpg_err_code_t ec;
switch (algo)
{
case GCRY_CIPHER_3DES:
- ec = selftest_fips (report);
+ ec = selftest_fips (extended, report);
break;
default:
ec = GPG_ERR_CIPHER_ALGO;
Modified: trunk/cipher/dsa.c
===================================================================
--- trunk/cipher/dsa.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/dsa.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -342,6 +342,7 @@
gcry_mpi_release (sk->g); sk->g = NULL;
gcry_mpi_release (sk->y); sk->y = NULL;
gcry_mpi_release (sk->x); sk->x = NULL;
+ fips_signal_error ("self-test after key generation failed");
return GPG_ERR_SELFTEST_FAILED;
}
return 0;
@@ -703,10 +704,12 @@
/* Run a full self-test for ALGO and return 0 on success. */
static gpg_err_code_t
-run_selftests (int algo, selftest_report_func_t report)
+run_selftests (int algo, int extended, selftest_report_func_t report)
{
gpg_err_code_t ec;
+ (void)extended;
+
switch (algo)
{
case GCRY_PK_DSA:
Modified: trunk/cipher/hmac-tests.c
===================================================================
--- trunk/cipher/hmac-tests.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/hmac-tests.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -93,7 +93,7 @@
static gpg_err_code_t
-selftests_sha1 (selftest_report_func_t report)
+selftests_sha1 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
@@ -111,40 +111,42 @@
if (errtxt)
goto failed;
- what = "FIPS-198a, A.2";
- for (i=0, j=0x30; i < 20; i++)
- key[i] = j++;
- errtxt = check_one (GCRY_MD_SHA1,
- "Sample #2", 9,
- key, 20,
- "\x09\x22\xd3\x40\x5f\xaa\x3d\x19\x4f\x82"
- "\xa4\x58\x30\x73\x7d\x5c\xc6\xc7\x5d\x24", 20);
- if (errtxt)
- goto failed;
+ if (extended)
+ {
+ what = "FIPS-198a, A.2";
+ for (i=0, j=0x30; i < 20; i++)
+ key[i] = j++;
+ errtxt = check_one (GCRY_MD_SHA1,
+ "Sample #2", 9,
+ key, 20,
+ "\x09\x22\xd3\x40\x5f\xaa\x3d\x19\x4f\x82"
+ "\xa4\x58\x30\x73\x7d\x5c\xc6\xc7\x5d\x24", 20);
+ if (errtxt)
+ goto failed;
+
+ what = "FIPS-198a, A.3";
+ for (i=0, j=0x50; i < 100; i++)
+ key[i] = j++;
+ errtxt = check_one (GCRY_MD_SHA1,
+ "Sample #3", 9,
+ key, 100,
+ "\xbc\xf4\x1e\xab\x8b\xb2\xd8\x02\xf3\xd0"
+ "\x5c\xaf\x7c\xb0\x92\xec\xf8\xd1\xa3\xaa", 20 );
+ if (errtxt)
+ goto failed;
+
+ what = "FIPS-198a, A.4";
+ for (i=0, j=0x70; i < 49; i++)
+ key[i] = j++;
+ errtxt = check_one (GCRY_MD_SHA1,
+ "Sample #4", 9,
+ key, 49,
+ "\x9e\xa8\x86\xef\xe2\x68\xdb\xec\xce\x42"
+ "\x0c\x75\x24\xdf\x32\xe0\x75\x1a\x2a\x26", 20 );
+ if (errtxt)
+ goto failed;
+ }
- what = "FIPS-198a, A.3";
- for (i=0, j=0x50; i < 100; i++)
- key[i] = j++;
- errtxt = check_one (GCRY_MD_SHA1,
- "Sample #3", 9,
- key, 100,
- "\xbc\xf4\x1e\xab\x8b\xb2\xd8\x02\xf3\xd0"
- "\x5c\xaf\x7c\xb0\x92\xec\xf8\xd1\xa3\xaa", 20 );
- if (errtxt)
- goto failed;
-
- what = "FIPS-198a, A.4";
- for (i=0, j=0x70; i < 49; i++)
- key[i] = j++;
- errtxt = check_one (GCRY_MD_SHA1,
- "Sample #4", 9,
- key, 49,
- "\x9e\xa8\x86\xef\xe2\x68\xdb\xec\xce\x42"
- "\x0c\x75\x24\xdf\x32\xe0\x75\x1a\x2a\x26", 20 );
- if (errtxt)
- goto failed;
-
-
return 0; /* Succeeded. */
failed:
@@ -156,7 +158,7 @@
static gpg_err_code_t
-selftests_sha224 (selftest_report_func_t report)
+selftests_sha224 (int extended, selftest_report_func_t report)
{
static struct
{
@@ -256,6 +258,8 @@
tv[tvidx].expect, DIM (tv[tvidx].expect) );
if (errtxt)
goto failed;
+ if (!extended)
+ break;
}
return 0; /* Succeeded. */
@@ -268,7 +272,7 @@
static gpg_err_code_t
-selftests_sha256 (selftest_report_func_t report)
+selftests_sha256 (int extended, selftest_report_func_t report)
{
static struct
{
@@ -395,6 +399,9 @@
goto failed;
}
_gcry_hmac256_release (hmachd);
+
+ if (!extended)
+ break;
}
return 0; /* Succeeded. */
@@ -407,7 +414,7 @@
static gpg_err_code_t
-selftests_sha384 (selftest_report_func_t report)
+selftests_sha384 (int extended, selftest_report_func_t report)
{
static struct
{
@@ -519,6 +526,8 @@
tv[tvidx].expect, DIM (tv[tvidx].expect) );
if (errtxt)
goto failed;
+ if (!extended)
+ break;
}
return 0; /* Succeeded. */
@@ -531,7 +540,7 @@
static gpg_err_code_t
-selftests_sha512 (selftest_report_func_t report)
+selftests_sha512 (int extended, selftest_report_func_t report)
{
static struct
{
@@ -655,6 +664,8 @@
tv[tvidx].expect, DIM (tv[tvidx].expect) );
if (errtxt)
goto failed;
+ if (!extended)
+ break;
}
return 0; /* Succeeded. */
@@ -669,26 +680,26 @@
/* Run a full self-test for ALGO and return 0 on success. */
static gpg_err_code_t
-run_selftests (int algo, selftest_report_func_t report)
+run_selftests (int algo, int extended, selftest_report_func_t report)
{
gpg_err_code_t ec;
switch (algo)
{
case GCRY_MD_SHA1:
- ec = selftests_sha1 (report);
+ ec = selftests_sha1 (extended, report);
break;
case GCRY_MD_SHA224:
- ec = selftests_sha224 (report);
+ ec = selftests_sha224 (extended, report);
break;
case GCRY_MD_SHA256:
- ec = selftests_sha256 (report);
+ ec = selftests_sha256 (extended, report);
break;
case GCRY_MD_SHA384:
- ec = selftests_sha384 (report);
+ ec = selftests_sha384 (extended, report);
break;
case GCRY_MD_SHA512:
- ec = selftests_sha512 (report);
+ ec = selftests_sha512 (extended, report);
break;
default:
ec = GPG_ERR_DIGEST_ALGO;
@@ -703,13 +714,13 @@
/* Run the selftests for HMAC with digest algorithm ALGO with optional
reporting function REPORT. */
gpg_error_t
-_gcry_hmac_selftest (int algo, selftest_report_func_t report)
+_gcry_hmac_selftest (int algo, int extended, selftest_report_func_t report)
{
gcry_err_code_t ec = 0;
if (!gcry_md_test_algo (algo))
{
- ec = run_selftests (algo, report);
+ ec = run_selftests (algo, extended, report);
}
else
{
Modified: trunk/cipher/md.c
===================================================================
--- trunk/cipher/md.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/md.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -1305,7 +1305,7 @@
/* Run the selftests for digest algorithm ALGO with optional reporting
function REPORT. */
gpg_error_t
-_gcry_md_selftest (int algo, selftest_report_func_t report)
+_gcry_md_selftest (int algo, int extended, selftest_report_func_t report)
{
gcry_module_t module = NULL;
cipher_extra_spec_t *extraspec = NULL;
@@ -1319,7 +1319,7 @@
extraspec = module->extraspec;
ath_mutex_unlock (&digests_registered_lock);
if (extraspec && extraspec->selftest)
- ec = extraspec->selftest (algo, report);
+ ec = extraspec->selftest (algo, extended, report);
else
{
ec = GPG_ERR_DIGEST_ALGO;
Modified: trunk/cipher/pubkey.c
===================================================================
--- trunk/cipher/pubkey.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/pubkey.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -2714,7 +2714,7 @@
/* Run the selftests for pubkey algorithm ALGO with optional reporting
function REPORT. */
gpg_error_t
-_gcry_pk_selftest (int algo, selftest_report_func_t report)
+_gcry_pk_selftest (int algo, int extended, selftest_report_func_t report)
{
gcry_module_t module = NULL;
pk_extra_spec_t *extraspec = NULL;
@@ -2728,7 +2728,7 @@
extraspec = module->extraspec;
ath_mutex_unlock (&pubkeys_registered_lock);
if (extraspec && extraspec->selftest)
- ec = extraspec->selftest (algo, report);
+ ec = extraspec->selftest (algo, extended, report);
else
{
ec = GPG_ERR_PUBKEY_ALGO;
Modified: trunk/cipher/rijndael.c
===================================================================
--- trunk/cipher/rijndael.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/rijndael.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -1046,7 +1046,7 @@
/* Complete selftest for AES-128 with all modes and driver code. */
static gpg_err_code_t
-selftest_fips_128 (selftest_report_func_t report)
+selftest_fips_128 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
@@ -1056,17 +1056,19 @@
if (errtxt)
goto failed;
- what = "cfb";
- errtxt = selftest_fips_128_38a (GCRY_CIPHER_MODE_CFB);
- if (errtxt)
- goto failed;
+ if (extended)
+ {
+ what = "cfb";
+ errtxt = selftest_fips_128_38a (GCRY_CIPHER_MODE_CFB);
+ if (errtxt)
+ goto failed;
+
+ what = "ofb";
+ errtxt = selftest_fips_128_38a (GCRY_CIPHER_MODE_OFB);
+ if (errtxt)
+ goto failed;
+ }
- what = "ofb";
- errtxt = selftest_fips_128_38a (GCRY_CIPHER_MODE_OFB);
- if (errtxt)
- goto failed;
-
-
return 0; /* Succeeded. */
failed:
@@ -1075,21 +1077,21 @@
return GPG_ERR_SELFTEST_FAILED;
}
-/* Complete selftest for AES-192 with all modes and driver code. */
+/* Complete selftest for AES-192. */
static gpg_err_code_t
-selftest_fips_192 (selftest_report_func_t report)
+selftest_fips_192 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
+ (void)extended; /* No extended tests available. */
+
what = "low-level";
errtxt = selftest_basic_192 ();
if (errtxt)
goto failed;
-
-
return 0; /* Succeeded. */
failed:
@@ -1099,13 +1101,15 @@
}
-/* Complete selftest for AES-256 with all modes and driver code. */
+/* Complete selftest for AES-256. */
static gpg_err_code_t
-selftest_fips_256 (selftest_report_func_t report)
+selftest_fips_256 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
+ (void)extended; /* No extended tests available. */
+
what = "low-level";
errtxt = selftest_basic_256 ();
if (errtxt)
@@ -1123,20 +1127,20 @@
/* Run a full self-test for ALGO and return 0 on success. */
static gpg_err_code_t
-run_selftests (int algo, selftest_report_func_t report)
+run_selftests (int algo, int extended, selftest_report_func_t report)
{
gpg_err_code_t ec;
switch (algo)
{
case GCRY_CIPHER_AES128:
- ec = selftest_fips_128 (report);
+ ec = selftest_fips_128 (extended, report);
break;
case GCRY_CIPHER_AES192:
- ec = selftest_fips_192 (report);
+ ec = selftest_fips_192 (extended, report);
break;
case GCRY_CIPHER_AES256:
- ec = selftest_fips_256 (report);
+ ec = selftest_fips_256 (extended, report);
break;
default:
ec = GPG_ERR_CIPHER_ALGO;
Modified: trunk/cipher/rsa.c
===================================================================
--- trunk/cipher/rsa.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/rsa.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -316,6 +316,7 @@
gcry_mpi_release (sk->q); sk->q = NULL;
gcry_mpi_release (sk->d); sk->d = NULL;
gcry_mpi_release (sk->u); sk->u = NULL;
+ fips_signal_error ("self-test after key generation failed");
return GPG_ERR_SELFTEST_FAILED;
}
@@ -1038,10 +1039,12 @@
/* Run a full self-test for ALGO and return 0 on success. */
static gpg_err_code_t
-run_selftests (int algo, selftest_report_func_t report)
+run_selftests (int algo, int extended, selftest_report_func_t report)
{
gpg_err_code_t ec;
+ (void)extended;
+
switch (algo)
{
case GCRY_PK_RSA:
Modified: trunk/cipher/sha1.c
===================================================================
--- trunk/cipher/sha1.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/sha1.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -381,7 +381,7 @@
static gpg_err_code_t
-selftests_sha1 (selftest_report_func_t report)
+selftests_sha1 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
@@ -395,24 +395,27 @@
if (errtxt)
goto failed;
- what = "long string";
- errtxt = _gcry_hash_selftest_check_one
- (GCRY_MD_SHA1, 0,
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
- "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE"
- "\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1", 20);
- if (errtxt)
- goto failed;
+ if (extended)
+ {
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA1, 0,
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
+ "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE"
+ "\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1", 20);
+ if (errtxt)
+ goto failed;
+
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA1, 1,
+ NULL, 0,
+ "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E"
+ "\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F", 20);
+ if (errtxt)
+ goto failed;
+ }
- what = "one million \"a\"";
- errtxt = _gcry_hash_selftest_check_one
- (GCRY_MD_SHA1, 1,
- NULL, 0,
- "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E"
- "\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F", 20);
- if (errtxt)
- goto failed;
-
return 0; /* Succeeded. */
failed:
@@ -424,14 +427,14 @@
/* Run a full self-test for ALGO and return 0 on success. */
static gpg_err_code_t
-run_selftests (int algo, selftest_report_func_t report)
+run_selftests (int algo, int extended, selftest_report_func_t report)
{
gpg_err_code_t ec;
switch (algo)
{
case GCRY_MD_SHA1:
- ec = selftests_sha1 (report);
+ ec = selftests_sha1 (extended, report);
break;
default:
ec = GPG_ERR_DIGEST_ALGO;
Modified: trunk/cipher/sha256.c
===================================================================
--- trunk/cipher/sha256.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/sha256.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -321,7 +321,7 @@
static gpg_err_code_t
-selftests_sha224 (selftest_report_func_t report)
+selftests_sha224 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
@@ -335,24 +335,27 @@
if (errtxt)
goto failed;
- what = "long string";
- errtxt = _gcry_hash_selftest_check_one
- (GCRY_MD_SHA224, 0,
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
- "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50"
- "\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25", 28);
- if (errtxt)
- goto failed;
+ if (extended)
+ {
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA224, 0,
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
+ "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50"
+ "\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25", 28);
+ if (errtxt)
+ goto failed;
+
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA224, 1,
+ NULL, 0,
+ "\x20\x79\x46\x55\x98\x0c\x91\xd8\xbb\xb4\xc1\xea\x97\x61\x8a\x4b"
+ "\xf0\x3f\x42\x58\x19\x48\xb2\xee\x4e\xe7\xad\x67", 28);
+ if (errtxt)
+ goto failed;
+ }
- what = "one million \"a\"";
- errtxt = _gcry_hash_selftest_check_one
- (GCRY_MD_SHA224, 1,
- NULL, 0,
- "\x20\x79\x46\x55\x98\x0c\x91\xd8\xbb\xb4\xc1\xea\x97\x61\x8a\x4b"
- "\xf0\x3f\x42\x58\x19\x48\xb2\xee\x4e\xe7\xad\x67", 28);
- if (errtxt)
- goto failed;
-
return 0; /* Succeeded. */
failed:
@@ -362,7 +365,7 @@
}
static gpg_err_code_t
-selftests_sha256 (selftest_report_func_t report)
+selftests_sha256 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
@@ -376,24 +379,29 @@
if (errtxt)
goto failed;
- what = "long string";
- errtxt = _gcry_hash_selftest_check_one
- (GCRY_MD_SHA256, 0,
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
- "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39"
- "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1", 32);
- if (errtxt)
- goto failed;
+ if (extended)
+ {
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA256, 0,
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
+ "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39"
+ "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
+ 32);
+ if (errtxt)
+ goto failed;
+
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA256, 1,
+ NULL, 0,
+ "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67"
+ "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0",
+ 32);
+ if (errtxt)
+ goto failed;
+ }
- what = "one million \"a\"";
- errtxt = _gcry_hash_selftest_check_one
- (GCRY_MD_SHA256, 1,
- NULL, 0,
- "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67"
- "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0", 32);
- if (errtxt)
- goto failed;
-
return 0; /* Succeeded. */
failed:
@@ -405,17 +413,17 @@
/* Run a full self-test for ALGO and return 0 on success. */
static gpg_err_code_t
-run_selftests (int algo, selftest_report_func_t report)
+run_selftests (int algo, int extended, selftest_report_func_t report)
{
gpg_err_code_t ec;
switch (algo)
{
case GCRY_MD_SHA224:
- ec = selftests_sha224 (report);
+ ec = selftests_sha224 (extended, report);
break;
case GCRY_MD_SHA256:
- ec = selftests_sha256 (report);
+ ec = selftests_sha256 (extended, report);
break;
default:
ec = GPG_ERR_DIGEST_ALGO;
Modified: trunk/cipher/sha512.c
===================================================================
--- trunk/cipher/sha512.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/cipher/sha512.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -368,7 +368,7 @@
static gpg_err_code_t
-selftests_sha384 (selftest_report_func_t report)
+selftests_sha384 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
@@ -383,26 +383,31 @@
if (errtxt)
goto failed;
- what = "long string";
- errtxt = _gcry_hash_selftest_check_one
- (GCRY_MD_SHA384, 0,
- "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
- "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112,
- "\x09\x33\x0C\x33\xF7\x11\x47\xE8\x3D\x19\x2F\xC7\x82\xCD\x1B\x47"
- "\x53\x11\x1B\x17\x3B\x3B\x05\xD2\x2F\xA0\x80\x86\xE3\xB0\xF7\x12"
- "\xFC\xC7\xC7\x1A\x55\x7E\x2D\xB9\x66\xC3\xE9\xFA\x91\x74\x60\x39", 48);
- if (errtxt)
- goto failed;
+ if (extended)
+ {
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA384, 0,
+ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112,
+ "\x09\x33\x0C\x33\xF7\x11\x47\xE8\x3D\x19\x2F\xC7\x82\xCD\x1B\x47"
+ "\x53\x11\x1B\x17\x3B\x3B\x05\xD2\x2F\xA0\x80\x86\xE3\xB0\xF7\x12"
+ "\xFC\xC7\xC7\x1A\x55\x7E\x2D\xB9\x66\xC3\xE9\xFA\x91\x74\x60\x39",
+ 48);
+ if (errtxt)
+ goto failed;
- what = "one million \"a\"";
- errtxt = _gcry_hash_selftest_check_one
- (GCRY_MD_SHA384, 1,
- NULL, 0,
- "\x9D\x0E\x18\x09\x71\x64\x74\xCB\x08\x6E\x83\x4E\x31\x0A\x4A\x1C"
- "\xED\x14\x9E\x9C\x00\xF2\x48\x52\x79\x72\xCE\xC5\x70\x4C\x2A\x5B"
- "\x07\xB8\xB3\xDC\x38\xEC\xC4\xEB\xAE\x97\xDD\xD8\x7F\x3D\x89\x85", 48);
- if (errtxt)
- goto failed;
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA384, 1,
+ NULL, 0,
+ "\x9D\x0E\x18\x09\x71\x64\x74\xCB\x08\x6E\x83\x4E\x31\x0A\x4A\x1C"
+ "\xED\x14\x9E\x9C\x00\xF2\x48\x52\x79\x72\xCE\xC5\x70\x4C\x2A\x5B"
+ "\x07\xB8\xB3\xDC\x38\xEC\xC4\xEB\xAE\x97\xDD\xD8\x7F\x3D\x89\x85",
+ 48);
+ if (errtxt)
+ goto failed;
+ }
return 0; /* Succeeded. */
@@ -413,7 +418,7 @@
}
static gpg_err_code_t
-selftests_sha512 (selftest_report_func_t report)
+selftests_sha512 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
@@ -429,29 +434,34 @@
if (errtxt)
goto failed;
- what = "long string";
- errtxt = _gcry_hash_selftest_check_one
- (GCRY_MD_SHA512, 0,
- "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
- "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112,
- "\x8E\x95\x9B\x75\xDA\xE3\x13\xDA\x8C\xF4\xF7\x28\x14\xFC\x14\x3F"
- "\x8F\x77\x79\xC6\xEB\x9F\x7F\xA1\x72\x99\xAE\xAD\xB6\x88\x90\x18"
- "\x50\x1D\x28\x9E\x49\x00\xF7\xE4\x33\x1B\x99\xDE\xC4\xB5\x43\x3A"
- "\xC7\xD3\x29\xEE\xB6\xDD\x26\x54\x5E\x96\xE5\x5B\x87\x4B\xE9\x09", 64);
- if (errtxt)
- goto failed;
+ if (extended)
+ {
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA512, 0,
+ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112,
+ "\x8E\x95\x9B\x75\xDA\xE3\x13\xDA\x8C\xF4\xF7\x28\x14\xFC\x14\x3F"
+ "\x8F\x77\x79\xC6\xEB\x9F\x7F\xA1\x72\x99\xAE\xAD\xB6\x88\x90\x18"
+ "\x50\x1D\x28\x9E\x49\x00\xF7\xE4\x33\x1B\x99\xDE\xC4\xB5\x43\x3A"
+ "\xC7\xD3\x29\xEE\xB6\xDD\x26\x54\x5E\x96\xE5\x5B\x87\x4B\xE9\x09",
+ 64);
+ if (errtxt)
+ goto failed;
+
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA512, 1,
+ NULL, 0,
+ "\xE7\x18\x48\x3D\x0C\xE7\x69\x64\x4E\x2E\x42\xC7\xBC\x15\xB4\x63"
+ "\x8E\x1F\x98\xB1\x3B\x20\x44\x28\x56\x32\xA8\x03\xAF\xA9\x73\xEB"
+ "\xDE\x0F\xF2\x44\x87\x7E\xA6\x0A\x4C\xB0\x43\x2C\xE5\x77\xC3\x1B"
+ "\xEB\x00\x9C\x5C\x2C\x49\xAA\x2E\x4E\xAD\xB2\x17\xAD\x8C\xC0\x9B",
+ 64);
+ if (errtxt)
+ goto failed;
+ }
- what = "one million \"a\"";
- errtxt = _gcry_hash_selftest_check_one
- (GCRY_MD_SHA512, 1,
- NULL, 0,
- "\xE7\x18\x48\x3D\x0C\xE7\x69\x64\x4E\x2E\x42\xC7\xBC\x15\xB4\x63"
- "\x8E\x1F\x98\xB1\x3B\x20\x44\x28\x56\x32\xA8\x03\xAF\xA9\x73\xEB"
- "\xDE\x0F\xF2\x44\x87\x7E\xA6\x0A\x4C\xB0\x43\x2C\xE5\x77\xC3\x1B"
- "\xEB\x00\x9C\x5C\x2C\x49\xAA\x2E\x4E\xAD\xB2\x17\xAD\x8C\xC0\x9B", 64);
- if (errtxt)
- goto failed;
-
return 0; /* Succeeded. */
failed:
@@ -463,17 +473,17 @@
/* Run a full self-test for ALGO and return 0 on success. */
static gpg_err_code_t
-run_selftests (int algo, selftest_report_func_t report)
+run_selftests (int algo, int extended, selftest_report_func_t report)
{
gpg_err_code_t ec;
switch (algo)
{
case GCRY_MD_SHA384:
- ec = selftests_sha384 (report);
+ ec = selftests_sha384 (extended, report);
break;
case GCRY_MD_SHA512:
- ec = selftests_sha512 (report);
+ ec = selftests_sha512 (extended, report);
break;
default:
ec = GPG_ERR_DIGEST_ALGO;
Modified: trunk/src/cipher-proto.h
===================================================================
--- trunk/src/cipher-proto.h 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/src/cipher-proto.h 2008-09-12 14:47:28 UTC (rev 1327)
@@ -36,7 +36,7 @@
/* Definition of the selftest functions. */
typedef gpg_err_code_t (*selftest_func_t)
- (int algo, selftest_report_func_t report);
+ (int algo, int extended, selftest_report_func_t report);
/* An extended type of the generate function. */
@@ -90,10 +90,14 @@
gcry_module_t *module);
/* The selftest functions. */
-gcry_error_t _gcry_cipher_selftest (int algo, selftest_report_func_t report);
-gcry_error_t _gcry_md_selftest (int algo, selftest_report_func_t report);
-gcry_error_t _gcry_pk_selftest (int algo, selftest_report_func_t report);
-gcry_error_t _gcry_hmac_selftest (int algo, selftest_report_func_t report);
+gcry_error_t _gcry_cipher_selftest (int algo, int extended,
+ selftest_report_func_t report);
+gcry_error_t _gcry_md_selftest (int algo, int extended,
+ selftest_report_func_t report);
+gcry_error_t _gcry_pk_selftest (int algo, int extended,
+ selftest_report_func_t report);
+gcry_error_t _gcry_hmac_selftest (int algo, int extended,
+ selftest_report_func_t report);
gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
Modified: trunk/src/fips.c
===================================================================
--- trunk/src/fips.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/src/fips.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -269,7 +269,7 @@
performed by severeal threads; that is no problem because
our FSM make sure that we won't oversee any error. */
unlock_fsm ();
- _gcry_fips_run_selftests ();
+ _gcry_fips_run_selftests (0);
lock_fsm ();
}
@@ -340,7 +340,7 @@
/* Run self-tests for all required cipher algorithms. Return 0 on
success. */
static int
-run_cipher_selftests (void)
+run_cipher_selftests (int extended)
{
static int algos[] =
{
@@ -356,7 +356,7 @@
for (idx=0; algos[idx]; idx++)
{
- err = _gcry_cipher_selftest (algos[idx], reporter);
+ err = _gcry_cipher_selftest (algos[idx], extended, reporter);
reporter ("cipher", algos[idx], NULL,
err? gpg_strerror (err):NULL);
if (err)
@@ -369,7 +369,7 @@
/* Run self-tests for all required hash algorithms. Return 0 on
success. */
static int
-run_digest_selftests (void)
+run_digest_selftests (int extended)
{
static int algos[] =
{
@@ -386,7 +386,7 @@
for (idx=0; algos[idx]; idx++)
{
- err = _gcry_md_selftest (algos[idx], reporter);
+ err = _gcry_md_selftest (algos[idx], extended, reporter);
reporter ("digest", algos[idx], NULL,
err? gpg_strerror (err):NULL);
if (err)
@@ -398,7 +398,7 @@
/* Run self-tests for all HMAC algorithms. Return 0 on success. */
static int
-run_hmac_selftests (void)
+run_hmac_selftests (int extended)
{
static int algos[] =
{
@@ -415,7 +415,7 @@
for (idx=0; algos[idx]; idx++)
{
- err = _gcry_hmac_selftest (algos[idx], reporter);
+ err = _gcry_hmac_selftest (algos[idx], extended, reporter);
reporter ("hmac", algos[idx], NULL,
err? gpg_strerror (err):NULL);
if (err)
@@ -428,7 +428,7 @@
/* Run self-tests for all required public key algorithms. Return 0 on
success. */
static int
-run_pubkey_selftests (void)
+run_pubkey_selftests (int extended)
{
static int algos[] =
{
@@ -443,7 +443,7 @@
for (idx=0; algos[idx]; idx++)
{
- err = _gcry_pk_selftest (algos[idx], reporter);
+ err = _gcry_pk_selftest (algos[idx], extended, reporter);
reporter ("pubkey", algos[idx], NULL,
err? gpg_strerror (err):NULL);
if (err)
@@ -550,9 +550,10 @@
}
-/* Run the self-tests. */
+/* Run the self-tests. If EXTENDED is true, extended versions of the
+ selftest are run, that is more tests than required by FIPS. */
gpg_err_code_t
-_gcry_fips_run_selftests (void)
+_gcry_fips_run_selftests (int extended)
{
enum module_states result = STATE_ERROR;
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
@@ -560,13 +561,13 @@
if (fips_mode ())
fips_new_state (STATE_SELFTEST);
- if (run_cipher_selftests ())
+ if (run_cipher_selftests (extended))
goto leave;
- if (run_digest_selftests ())
+ if (run_digest_selftests (extended))
goto leave;
- if (run_hmac_selftests ())
+ if (run_hmac_selftests (extended))
goto leave;
/* Run random tests before the pubkey tests because the latter
@@ -574,7 +575,7 @@
if (run_random_selftests ())
goto leave;
- if (run_pubkey_selftests ())
+ if (run_pubkey_selftests (extended))
goto leave;
/* Now check the integrity of the binary. We do this this after
Modified: trunk/src/g10lib.h
===================================================================
--- trunk/src/g10lib.h 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/src/g10lib.h 2008-09-12 14:47:28 UTC (rev 1327)
@@ -316,7 +316,7 @@
int _gcry_fips_test_operational (void);
int _gcry_fips_test_error_or_operational (void);
-gpg_err_code_t _gcry_fips_run_selftests (void);
+gpg_err_code_t _gcry_fips_run_selftests (int extended);
void _gcry_fips_noreturn (void);
#define fips_noreturn() (_gcry_fips_noreturn ())
Modified: trunk/src/global.c
===================================================================
--- trunk/src/global.c 2008-09-12 12:33:28 UTC (rev 1326)
+++ trunk/src/global.c 2008-09-12 14:47:28 UTC (rev 1327)
@@ -469,17 +469,19 @@
run a selftest. If not we use the is_operational call to
force us into operational state if possible. */
if (_gcry_fips_test_error_or_operational ())
- _gcry_fips_run_selftests ();
+ _gcry_fips_run_selftests (1);
if (_gcry_fips_is_operational ())
err = GPG_ERR_GENERAL; /* Used as TRUE value */
}
break;
case GCRYCTL_SELFTEST:
- /* Run a selftest. This works in fips mode as weel as in
- standard mode. Returns 0 on success or an error code. */
+ /* Run a selftest. This works in fips mode as well as in
+ standard mode. In contrast to the power-up tests, we use an
+ extended version ofthe selftests. Returns 0 on success or an
+ error code. */
global_init ();
- err = _gcry_fips_run_selftests ();
+ err = _gcry_fips_run_selftests (1);
break;
default:
More information about the Gnupg-commits
mailing list