diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2021-08-16 12:41:11 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2021-08-16 12:41:11 +0900 |
commit | 44c7c41af21c668826280abfee1257853020ba2d (patch) | |
tree | 2a46caefb39eca37750129a1e4e1842a06e6dad5 /tests/keygrip.c | |
parent | acc1598ea891180660d1a531823a1b5385e7f4e6 (diff) | |
download | libgcrypt-44c7c41af21c668826280abfee1257853020ba2d.tar.gz |
tests: Skip tests when FIPS for keygrip computations.
* tests/keygrip.c (check): Skip non-FIPS curves when FIPS.
(main): Check if FIPS is enabled.
--
GnuPG-bug-id: 5520
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'tests/keygrip.c')
-rw-r--r-- | tests/keygrip.c | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/tests/keygrip.c b/tests/keygrip.c index cfccc06e..49bd71bc 100644 --- a/tests/keygrip.c +++ b/tests/keygrip.c @@ -33,6 +33,9 @@ static int repetitions; +/* Whether fips mode was active at startup. */ +static int in_fips_mode; + static void @@ -54,6 +57,7 @@ static struct int algo; const char *key; const unsigned char grip[20]; + int skip_when_fips; } key_grips[] = { { @@ -155,7 +159,8 @@ static struct /* */"436DD11A1756AFE56CD93408410FCDA9" /* */"BA95024EB613BD481A14FCFEC27A448A#)))", "\x52\xBA\xD4\xB4\xA3\x2D\x32\xA1\xDD\x06" - "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4" + "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4", + 1 }, { /* Compressed form of above. */ GCRY_PK_ECC, @@ -165,7 +170,8 @@ static struct " (q #022ECD8679930BE2DB4AD42B8600BA3F80" /* */"2D4D539BFF2F69B83EC9B7BBAA7F3406#)))", "\x52\xBA\xD4\xB4\xA3\x2D\x32\xA1\xDD\x06" - "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4" + "\x5E\x99\x0B\xF1\xAB\xC1\x13\x3D\x84\xD4", + 1 }, { GCRY_PK_ECC, @@ -177,7 +183,8 @@ static struct /* */"9EBBA41915313417BA54218EB0569C59" /* */"0B156C76DBCAB6E84575E6EF68CE7B87#)))", "\x99\x38\x6A\x82\x41\x96\x29\x9C\x89\x74" - "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F" + "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F", + 1 }, { /* Compressed form of above. */ GCRY_PK_ECC, @@ -187,7 +194,8 @@ static struct " (q #035B784CA008EE64AB3D85017EE0D2BE87" /* */"558762C7300E0C8E06B1F9AF7C031458#)))", "\x99\x38\x6A\x82\x41\x96\x29\x9C\x89\x74" - "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F" + "\xD6\xE1\xBF\x43\xAC\x9B\x9A\x12\xE7\x3F", + 1 }, { /* Ed25519 standard */ GCRY_PK_ECC, @@ -199,7 +207,8 @@ static struct " 47BD24842905C049257673B3F5249524E0A41FAA17B25B818D0F97E625F1A1D0#)" " ))", "\x0C\xCA\xB2\xFD\x48\x9A\x33\x40\x2C\xE8" - "\xE0\x4A\x1F\xB2\x45\xEA\x80\x3D\x0A\xF1" + "\xE0\x4A\x1F\xB2\x45\xEA\x80\x3D\x0A\xF1", + 1 }, { /* Ed25519+EdDSA */ GCRY_PK_ECC, @@ -209,7 +218,8 @@ static struct " (q #773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)" " ))", "\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70" - "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47" + "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47", + 1 }, { /* Ed25519+EdDSA (with compression prefix) */ GCRY_PK_ECC, @@ -220,7 +230,8 @@ static struct " 773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)" " ))", "\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70" - "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47" + "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47", + 1 }, { /* Ed25519+EdDSA (same but uncompressed)*/ GCRY_PK_ECC, @@ -232,7 +243,8 @@ static struct " 5bb7c29018ece0f46b01f2960e99041a5779afe7e2292b65f9d51f8c84723e77#)" " ))", "\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70" - "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47" + "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47", + 1 }, { /* Cv25519 */ GCRY_PK_ECC, @@ -243,7 +255,8 @@ static struct " 918C1733127F6BF2646FAE3D081A18AE77111C903B906310B077505EFFF12740#)" " ))", "\x0F\x89\xA5\x65\xD3\xEA\x18\x7C\xE8\x39" - "\x33\x23\x98\xF5\xD4\x80\x67\x7D\xF4\x9C" + "\x33\x23\x98\xF5\xD4\x80\x67\x7D\xF4\x9C", + 1 }, { /* Random key */ GCRY_PK_RSA, @@ -280,6 +293,9 @@ check (void) for (i = 0; i < (sizeof (key_grips) / sizeof (*key_grips)); i++) { + if (in_fips_mode && key_grips[i].skip_when_fips) + continue; + if (gcry_pk_test_algo (key_grips[i].algo)) { if (verbose) @@ -379,6 +395,9 @@ main (int argc, char **argv) if (debug) xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u, 0)); + if (gcry_fips_mode_active ()) + in_fips_mode = 1; + check (); return 0; |