diff options
| author | Vitezslav Cizek <vcizek@suse.com> | 2015-10-30 15:38:13 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2016-03-18 16:19:06 +0100 |
| commit | c690230af5a66b809f8f6fbab1a6262a5ba078cb (patch) | |
| tree | 54f0767ef1ec226cb7fa55755c81d88cbab11fc3 /tests/benchmark.c | |
| parent | 78cec8b4754fdf774edb2d575000cb3e972e244c (diff) | |
| download | libgcrypt-c690230af5a66b809f8f6fbab1a6262a5ba078cb.tar.gz | |
tests: Fixes for RSA testsuite in FIPS mode
* tests/basic.c (get_keys_new): Generate 2048 bit key.
* tests/benchmark.c (rsa_bench): Skip keys of lengths different
than 2048 and 3072 in FIPS mode.
* tests/keygen.c (check_rsa_keys): Failure if short keys can be
generated in FIPS mode.
(check_dsa_keys): Ditto for DSA keys.
* tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS.
--
Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Additional changes by wk:
- Remove printing of "FAIL" in fail() because this is reserved for
use by the test driver of the Makefile.
- Move setting of IN_FIPS_MODE after gcry_check_version in keygen.c
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'tests/benchmark.c')
| -rw-r--r-- | tests/benchmark.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/tests/benchmark.c b/tests/benchmark.c index b6cd7a89..c748dacf 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -1085,15 +1085,22 @@ rsa_bench (int iterations, int print_header, int no_blinding) gcry_sexp_t data; gcry_sexp_t sig = NULL; int count; + unsigned nbits = p_sizes[testno]; - printf ("RSA %3d bit ", p_sizes[testno]); + printf ("RSA %3d bit ", nbits); fflush (stdout); + if (in_fips_mode && !(nbits == 2048 || nbits == 3072)) + { + puts ("[skipped in fips mode]"); + continue; + } + err = gcry_sexp_build (&key_spec, NULL, gcry_fips_mode_active () ? "(genkey (RSA (nbits %d)))" : "(genkey (RSA (nbits %d)(transient-key)))", - p_sizes[testno]); + nbits); if (err) die ("creating S-expression failed: %s\n", gcry_strerror (err)); @@ -1101,7 +1108,7 @@ rsa_bench (int iterations, int print_header, int no_blinding) err = gcry_pk_genkey (&key_pair, key_spec); if (err) die ("creating %d bit RSA key failed: %s\n", - p_sizes[testno], gcry_strerror (err)); + nbits, gcry_strerror (err)); pub_key = gcry_sexp_find_token (key_pair, "public-key", 0); if (! pub_key) @@ -1116,8 +1123,8 @@ rsa_bench (int iterations, int print_header, int no_blinding) printf (" %s", elapsed_time (1)); fflush (stdout); - x = gcry_mpi_new (p_sizes[testno]); - gcry_mpi_randomize (x, p_sizes[testno]-8, GCRY_WEAK_RANDOM); + x = gcry_mpi_new (nbits); + gcry_mpi_randomize (x, nbits-8, GCRY_WEAK_RANDOM); err = gcry_sexp_build (&data, NULL, "(data (flags raw) (value %m))", x); gcry_mpi_release (x); @@ -1155,8 +1162,8 @@ rsa_bench (int iterations, int print_header, int no_blinding) if (no_blinding) { fflush (stdout); - x = gcry_mpi_new (p_sizes[testno]); - gcry_mpi_randomize (x, p_sizes[testno]-8, GCRY_WEAK_RANDOM); + x = gcry_mpi_new (nbits); + gcry_mpi_randomize (x, nbits-8, GCRY_WEAK_RANDOM); err = gcry_sexp_build (&data, NULL, "(data (flags no-blinding) (value %m))", x); gcry_mpi_release (x); |