kdf: Add selftest.

* src/cipher-proto.h (_gcry_kdf_selftest): New. * cipher/kdf.c (check_one, selftest_pbkdf2): New. (_gcry_kdf_selftest): New. * src/fips.c (run_kdf_selftests): New. (_gcry_fips_run_selftests): Call run_kdf_selftests. -- Original work was libgcrypt-1.8.5-kdf-selftest.patch from Red Hat. API style of check_one function follows the one in mac-hmac.c and mac-cmac.c, which originates cipher/hmac-tests.c of libgcrypt 1.8 (copyrighted by Free Software Foundation, Inc., in 2008). Covering the test vectors of original work, as an initial merge, I include test vectors from tests/t-kdf.c, since PBKDF2 is defined in RFC-6070 with those vectors. Simo Sorce addressed about SHA1 deprecation. I marked the test vectors with USE_SHA1. GnuPG-bug-id: 5182 Co-authored-by: Tomáš Mráz <tm@t8m.info> Suggested-by: Simo Sorce <simo@redhat.com> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2021-01-15 14:26:12 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2021-01-15 14:26:12 +0900
commit: 7a0da24925361a3109474d0e433511467a9e35d1 (patch)
tree: b27219e47e112ec4092fbece5b63a2bd09c4f9d0 /src
parent: 385a89e35b0b95f15b4c6e4d5482b1fc6906f7c5 (diff)
download: libgcrypt-7a0da24925361a3109474d0e433511467a9e35d1.tar.gz
2 files changed, 28 insertions, 0 deletions
diff --git a/src/cipher-proto.h b/src/cipher-proto.h
index ece5322d..bb16d48d 100644
--- a/src/cipher-proto.h
+++ b/src/cipher-proto.h
@@ -269,6 +269,8 @@ gcry_error_t _gcry_pk_selftest (int algo, int extended,
                                 selftest_report_func_t report);
 gcry_error_t _gcry_mac_selftest (int algo, int extended,
                                  selftest_report_func_t report);
+gcry_error_t _gcry_kdf_selftest (int algo, int extended,
+                                 selftest_report_func_t report);
 
 gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
 
diff --git a/src/fips.c b/src/fips.c
index 202e5871..2facc450 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -527,6 +527,29 @@ run_mac_selftests (int extended)
   return anyerr;
 }
 
+/* Run self-tests for all KDF algorithms.  Return 0 on success. */
+static int
+run_kdf_selftests (int extended)
+{
+  static int algos[] =
+    {
+      GCRY_KDF_PBKDF2,
+      0
+    };
+  int idx;
+  gpg_error_t err;
+  int anyerr = 0;
+
+  for (idx=0; algos[idx]; idx++)
+    {
+      err = _gcry_kdf_selftest (algos[idx], extended, reporter);
+      reporter ("kdf", algos[idx], NULL, err? gpg_strerror (err):NULL);
+      if (err)
+        anyerr = 1;
+    }
+  return anyerr;
+}
+
 
 /* Run self-tests for all required public key algorithms.  Return 0 on
    success. */
@@ -683,6 +706,9 @@ _gcry_fips_run_selftests (int extended)
   if (run_mac_selftests (extended))
     goto leave;
 
+  if (run_kdf_selftests (extended))
+    goto leave;
+
   /* Run random tests before the pubkey tests because the latter
      require random.  */
   if (run_random_selftests ())
author	NIIBE Yutaka <gniibe@fsij.org>	2021-01-15 14:26:12 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2021-01-15 14:26:12 +0900
commit	7a0da24925361a3109474d0e433511467a9e35d1 (patch)
tree	b27219e47e112ec4092fbece5b63a2bd09c4f9d0 /src
parent	385a89e35b0b95f15b4c6e4d5482b1fc6906f7c5 (diff)
download	libgcrypt-7a0da24925361a3109474d0e433511467a9e35d1.tar.gz