diff options
Diffstat (limited to 'tests/privkey-keygen.c')
-rw-r--r-- | tests/privkey-keygen.c | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/tests/privkey-keygen.c b/tests/privkey-keygen.c index 565beccb20..cac530fc43 100644 --- a/tests/privkey-keygen.c +++ b/tests/privkey-keygen.c @@ -49,7 +49,7 @@ static int sec_param[MAX_TRIES] = static void tls_log_func(int level, const char *str) { - fprintf(stderr, "%s |<%d>| %s", "crq_key_id", level, str); + fprintf(stderr, "%s |<%d>| %s", "privkey-keygen", level, str); } const gnutls_datum_t raw_data = { @@ -102,10 +102,47 @@ static void sign_verify_data(gnutls_pk_algorithm_t algorithm, gnutls_x509_privke gnutls_free(signature.data); } +static unsigned int +is_approved_pk_algo(gnutls_pk_algorithm_t algo) { + switch (algo) { + case GNUTLS_PK_RSA: + case GNUTLS_PK_RSA_PSS: + case GNUTLS_PK_EC: + return 1; + default: + return 0; + } +} + void doit(void) { gnutls_x509_privkey_t pkey, dst; int ret, algorithm, i; + gnutls_fips140_context_t fips_context; + gnutls_fips140_operation_state_t fips_state; + +#define FIPS_PUSH_CONTEXT() do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_push_context(fips_context); \ + if (ret < 0) { \ + fail("gnutls_fips140_push_context failed\n"); \ + } \ + } \ +} while (0) + +#define FIPS_POP_CONTEXT(state) do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_pop_context(); \ + if (ret < 0) { \ + fail("gnutls_fips140_context_pop failed\n"); \ + } \ + fips_state = gnutls_fips140_get_operation_state(fips_context); \ + if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \ + fail("operation state is not " # state " (%d)\n", \ + fips_state); \ + } \ + } \ +} while (0) ret = global_init(); if (ret < 0) @@ -115,6 +152,11 @@ void doit(void) if (debug) gnutls_global_set_log_level(4711); + ret = gnutls_fips140_context_init(&fips_context); + if (ret < 0) { + fail("Cannot initialize FIPS context\n"); + } + for (i = 0; i < MAX_TRIES; i++) { for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_MAX; algorithm++) { @@ -150,6 +192,7 @@ void doit(void) ret); } + FIPS_PUSH_CONTEXT(); ret = gnutls_x509_privkey_generate(pkey, algorithm, gnutls_sec_param_to_pk_bits @@ -164,6 +207,11 @@ void doit(void) gnutls_pk_algorithm_get_name (algorithm), ret); } + if (is_approved_pk_algo(algorithm)) { + FIPS_POP_CONTEXT(APPROVED); + } else { + FIPS_POP_CONTEXT(NOT_APPROVED); + } ret = gnutls_x509_privkey_verify_params(pkey); if (ret < 0) { @@ -181,8 +229,21 @@ void doit(void) fail("gnutls_x509_privkey_generate after cpy (%s): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm), gnutls_strerror(ret), ret); } + FIPS_PUSH_CONTEXT(); sign_verify_data(algorithm, pkey); + if (is_approved_pk_algo(algorithm)) { + FIPS_POP_CONTEXT(APPROVED); + } else { + FIPS_POP_CONTEXT(NOT_APPROVED); + } + + FIPS_PUSH_CONTEXT(); sign_verify_data(algorithm, dst); + if (is_approved_pk_algo(algorithm)) { + FIPS_POP_CONTEXT(APPROVED); + } else { + FIPS_POP_CONTEXT(NOT_APPROVED); + } gnutls_x509_privkey_deinit(pkey); gnutls_x509_privkey_deinit(dst); |