| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
* tests/Makefile.am [HAVE_W32_SYSTEM] (AM_LDFLAGS): Conditionalize.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* build-aux/db2any: Update copyright notice.
* cipher/arcfour.c, cipher/blowfish.ccipher/cast5.c: Likewise.
* cipher/crc-armv8-ce.c, cipher/crc-intel-pclmul.c: Likewise.
* cipher/crc-ppc.c, cipher/crc.c, cipher/des.c: Likewise.
* cipher/md2.c, cipher/md4.c, cipher/md5.c: Likewise.
* cipher/primegen.c, cipher/rfc2268.c, cipher/rmd160.c: Likewise.
* cipher/seed.c, cipher/serpent.c, cipher/tiger.c: Likewise.
* cipher/twofish.c: Likewise.
* mpi/alpha/mpih-add1.S, mpi/alpha/mpih-lshift.S: Likewise.
* mpi/alpha/mpih-mul1.S, mpi/alpha/mpih-mul2.S: Likewise.
* mpi/alpha/mpih-mul3.S, mpi/alpha/mpih-rshift.S: Likewise.
* mpi/alpha/mpih-sub1.S, mpi/alpha/udiv-qrnnd.S: Likewise.
* mpi/amd64/mpih-add1.S, mpi/amd64/mpih-lshift.S: Likewise.
* mpi/amd64/mpih-mul1.S, mpi/amd64/mpih-mul2.S: Likewise.
* mpi/amd64/mpih-mul3.S, mpi/amd64/mpih-rshift.S: Likewise.
* mpi/amd64/mpih-sub1.S, mpi/config.links: Likewise.
* mpi/generic/mpih-add1.c, mpi/generic/mpih-lshift.c: Likewise.
* mpi/generic/mpih-mul1.c, mpi/generic/mpih-mul2.c: Likewise.
* mpi/generic/mpih-mul3.c, mpi/generic/mpih-rshift.c: Likewise.
* mpi/generic/mpih-sub1.c, mpi/generic/udiv-w-sdiv.c: Likewise.
* mpi/hppa/mpih-add1.S, mpi/hppa/mpih-lshift.S: Likewise.
* mpi/hppa/mpih-rshift.S, mpi/hppa/mpih-sub1.S: Likewise.
* mpi/hppa/udiv-qrnnd.S, mpi/hppa1.1/mpih-mul1.S: Likewise.
* mpi/hppa1.1/mpih-mul2.S, mpi/hppa1.1/mpih-mul3.S: Likewise.
* mpi/hppa1.1/udiv-qrnnd.S, mpi/i386/mpih-add1.S: Likewise.
* mpi/i386/mpih-lshift.S, mpi/i386/mpih-mul1.S: Likewise.
* mpi/i386/mpih-mul2.S, mpi/i386/mpih-mul3.S: Likewise.
* mpi/i386/mpih-rshift.S, mpi/i386/mpih-sub1.S: Likewise.
* mpi/i386/syntax.h, mpi/longlong.h: Likewise.
* mpi/m68k/mc68020/mpih-mul1.S, mpi/m68k/mc68020/mpih-mul2.S: Likewise.
* mpi/m68k/mc68020/mpih-mul3.S, mpi/m68k/mpih-add1.S: Likewise.
* mpi/m68k/mpih-lshift.S, mpi/m68k/mpih-rshift.S: Likewise.
* mpi/m68k/mpih-sub1.S, mpi/m68k/syntax.h: Likewise.
* mpi/mips3/mpih-add1.S, mpi/mips3/mpih-lshift.S: Likewise.
* mpi/mips3/mpih-mul1.S, mpi/mips3/mpih-mul2.S: Likewise.
* mpi/mips3/mpih-mul3.S, mpi/mips3/mpih-rshift.S: Likewise.
* mpi/mips3/mpih-sub1.S, mpi/mpi-add.c: Likewise.
* mpi/mpi-bit.c, mpi/mpi-cmp.c, mpi/mpi-div.c: Likewise.
* mpi/mpi-gcd.c, mpi/mpi-inline.c, mpi/mpi-inline.h: Likewise.
* mpi/mpi-internal.h, mpi/mpi-mpow.c, mpi/mpi-mul.c: Likewise.
* mpi/mpi-scan.c, mpi/mpih-div.c, mpi/mpih-mul.c: Likewise.
* mpi/pa7100/mpih-lshift.S, mpi/pa7100/mpih-rshift.S: Likewise.
* mpi/power/mpih-add1.S, mpi/power/mpih-lshift.S: Likewise.
* mpi/power/mpih-mul1.S, mpi/power/mpih-mul2.S: Likewise.
* mpi/power/mpih-mul3.S, mpi/power/mpih-rshift.S: Likewise.
* mpi/power/mpih-sub1.S, mpi/powerpc32/mpih-add1.S: Likewise.
* mpi/powerpc32/mpih-lshift.S, mpi/powerpc32/mpih-mul1.S: Likewise.
* mpi/powerpc32/mpih-mul2.S, mpi/powerpc32/mpih-mul3.S: Likewise.
* mpi/powerpc32/mpih-rshift.S, mpi/powerpc32/mpih-sub1.S: Likewise.
* mpi/powerpc32/syntax.h, mpi/sparc32/mpih-add1.S: Likewise.
* mpi/sparc32/mpih-lshift.S, mpi/sparc32/mpih-rshift.S: Likewise.
* mpi/sparc32/udiv.S, mpi/sparc32v8/mpih-mul1.S: Likewise.
* mpi/sparc32v8/mpih-mul2.S, mpi/sparc32v8/mpih-mul3.S: Likewise.
* mpi/supersparc/udiv.S: Likewise.
* random/random.h, random/rndegd.c: Likewise.
* src/cipher.h, src/libgcrypt.def, src/libgcrypt.vers: Likewise.
* src/missing-string.c, src/mpi.h, src/secmem.h: Likewise.
* src/stdmem.h, src/types.h: Likewise.
* tests/aeswrap.c, tests/curves.c, tests/hmac.c: Likewise.
* tests/keygrip.c, tests/prime.c, tests/random.c: Likewise.
* tests/t-kdf.c, tests/testapi.c: Likewise.
--
GnuPG-bug-id: 6271
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* acinclude.m4: Use URL and add SPDX identifier.
* m4/noexecstack.m4: Likewise.
* Makefile.am: Likewise.
* doc/Makefile.am: Likewise.
* mpi/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/bench-slope.c (MPI_START_SIZE, MPI_END_SIZE, MPI_STEP_SIZE)
(MPI_NUM_STEPS, bench_mpi_test, mpi_test_names, bench_mpi_mode)
(bench_mpi_hd, bench_mpi_init, bench_mpi_fre, bench_mpi_do_bench)
(mpi_ops, mpi_modes, mpi_bench_one, _mpi_bench, mpi_match_test)
(mpi_bench): New.
(print_help): Add mention of 'mpi'.
(main): Add "mpi" tests.
--
Patch adds MPI operation benchmarking for bench-slope:
$ tests/bench-slope --cpu-mhz auto mpi
MPI:
| nanosecs/byte mebibytes/sec cycles/byte auto Mhz
add | 0.054 ns/B 17580 MiB/s 0.298 c/B 5500
sub | 0.083 ns/B 11432 MiB/s 0.459 c/B 5500
rshift3 | 0.033 ns/B 28862 MiB/s 0.182 c/B 5499
lshift3 | 0.093 ns/B 10256 MiB/s 0.511 c/B 5500
rshift65 | 0.096 ns/B 9888 MiB/s 0.530 c/B 5500
lshift65 | 0.093 ns/B 10228 MiB/s 0.513 c/B 5500
mul4 | 0.074 ns/B 12825 MiB/s 0.409 c/B 5500
mul8 | 0.072 ns/B 13313 MiB/s 0.394 c/B 5500
mul16 | 0.148 ns/B 6450 MiB/s 0.813 c/B 5500
mul32 | 0.299 ns/B 3191 MiB/s 1.64 c/B 5500
div4 | 0.458 ns/B 2080 MiB/s 2.52 c/B 5500
div8 | 0.458 ns/B 2084 MiB/s 2.52 c/B 5500
div16 | 0.602 ns/B 1584 MiB/s 3.31 c/B 5500
div32 | 0.926 ns/B 1030 MiB/s 5.09 c/B 5500
mod4 | 0.443 ns/B 2151 MiB/s 2.44 c/B 5500
mod8 | 0.443 ns/B 2152 MiB/s 2.44 c/B 5500
mod16 | 0.600 ns/B 1590 MiB/s 3.30 c/B 5500
mod32 | 0.924 ns/B 1032 MiB/s 5.08 c/B 5500
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_digests): Check the FIPS indicators.
(check_mac): Ditto.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
| |
* tests/bench-slope.c (warm_up_cpu): Skip in regression tests.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (CLUTTER_VECTOR_REGISTER_AMD64)
(CLUTTER_VECTOR_REGISTER_I386): Set only if __SSE2__ defined.
(clutter_vector_registers) [CLUTTER_VECTOR_REGISTER_AMD64]: Remove
__SSE2__ check for "xmm" clobbers.
(clutter_vector_registers) [CLUTTER_VECTOR_REGISTER_I386]: Likewise.
--
Force __SSE2__ check as buggy compiler might not define __SSE2__ but
still attempt to use XMM registers.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (clutter_vector_registers): Pass data pointers through
single register for CLUTTER_VECTOR_REGISTER_AMD64 and
CLUTTER_VECTOR_REGISTER_I386 as compiler might attempt to allocate
separate pointer register for each "m" operator.
--
Reported-by: Julian Kirsch <mail@kirschju.re>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'aria.c'.
* cipher/aria.c: New.
* cipher/cipher.c (cipher_list, cipher_list_algo301): Add ARIA cipher
specs.
* cipher/mac-cmac.c (map_mac_algo_to_cipher): Add GCRY_MAC_CMAC_ARIA.
(_gcry_mac_type_spec_cmac_aria): New.
* cipher/mac-gmac.c (map_mac_algo_to_cipher): Add GCRY_MAC_GMAC_ARIA.
(_gcry_mac_type_spec_gmac_aria): New.
* cipher/mac-internal.h (_gcry_mac_type_spec_cmac_aria)
(_gcry_mac_type_spec_gmac_aria)
(_gcry_mac_type_spec_poly1305mac_aria): New.
* cipher/mac-poly1305.c (poly1305mac_open): Add GCRY_MAC_GMAC_ARIA.
(_gcry_mac_type_spec_poly1305mac_aria): New.
* cipher/mac.c (mac_list, mac_list_algo201, mac_list_algo401)
(mac_list_algo501): Add ARIA MAC specs.
* configure.ac (available_ciphers): Add 'aria'.
(GCRYPT_CIPHERS): Add 'aria.lo'.
(USE_ARIA): New.
* doc/gcrypt.texi: Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192,
GCRY_CIPHER_ARIA256, GCRY_MAC_CMAC_ARIA, GCRY_MAC_GMAC_ARIA and
GCRY_MAC_POLY1305_ARIA.
* src/cipher.h (_gcry_cipher_spec_aria128, _gcry_cipher_spec_aria192)
(_gcry_cipher_spec_aria256): New.
* src/gcrypt.h.in (gcry_cipher_algos): Add GCRY_CIPHER_ARIA128,
GCRY_CIPHER_ARIA192 and GCRY_CIPHER_ARIA256.
(gcry_mac_algos): GCRY_MAC_CMAC_ARIA, GCRY_MAC_GMAC_ARIA and
GCRY_MAC_POLY1305_ARIA.
* tests/basic.c (check_ecb_cipher, check_ctr_cipher)
(check_cfb_cipher, check_ocb_cipher) [USE_ARIA]: Add ARIA test-vectors.
(check_ciphers) [USE_ARIA]: Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192
and GCRY_CIPHER_ARIA256.
(main): Also run 'check_bulk_cipher_modes' for 'cipher_modes_only'-mode.
* tests/bench-slope.c (bench_mac_init): Add GCRY_MAC_POLY1305_ARIA
setiv-handling.
* tests/benchmark.c (mac_bench): Likewise.
--
This patch adds ARIA block cipher for libgcrypt. This implementation
is based on work by Taehee Yoo, with following notable changes:
- Integration to libgcrypt, use of bithelp.h and bufhelp.h helper
functions where possible.
- Added lookup table prefetching as is done in AES, GCM and SM4
implementations.
- Changed `get_u8` to return `u32` as returning `byte` caused
sub-optimal code generation with gcc-12/x86-64 (zero extending
from 8-bit to 32-bit register, followed by extraneous sign
extending from 32-bit to 64-bit register).
- Changed 'aria_crypt' loop structure a bit for tiny performance
increase (~1% seen with gcc-12/x86-64/zen4).
Benchmark on AMD Ryzen 9 7900X (x86-64):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 3.99 ns/B 239.1 MiB/s 22.43 c/B 5625
ECB dec | 4.00 ns/B 238.4 MiB/s 22.50 c/B 5625
Benchmark on AMD Ryzen 9 7900X (win32):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 4.57 ns/B 208.7 MiB/s 25.31 c/B 5538
ECB dec | 4.66 ns/B 204.8 MiB/s 25.39 c/B 5453
Benchmark on ARM Cortex-A53 (aarch64):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 74.69 ns/B 12.77 MiB/s 48.40 c/B 647.9
ECB dec | 74.99 ns/B 12.72 MiB/s 48.58 c/B 647.9
Cc: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher.c (cipher_list_algo301): Remove comma at the end
of last entry.
* cipher/mac-gmac.c (map_mac_algo_to_cipher): Add SM4.
(_gcry_mac_type_spec_gmac_sm4): New.
* cipher/max-internal.h (_gcry_mac_type_spec_gmac_sm4)
(_gcry_mac_type_spec_poly1305mac_sm4): New.
* cipher/mac-poly1305.c (poly1305mac_open): Add SM4.
(_gcry_mac_type_spec_poly1305mac_sm4): New.
* cipher/mac.c (mac_list, mac_list_algo401, mac_list_algo501): Add
GMAC-SM4 and Poly1304-SM4.
(mac_list_algo101): Remove comma at the end of last entry.
* cipher/md.c (digest_list_algo301): Remove comma at the end of
last entry.
* doc/gcrypt.texi: Add GCRY_MAC_GMAC_SM4 and GCRY_MAC_POLY1305_SM4.
* src/gcrypt.h.in (GCRY_MAC_GMAC_SM4, GCRY_MAC_POLY1305_SM4): New.
* tests/bench-slope.c (bench_mac_init): Setup IV for
GCRY_MAC_POLY1305_SM4.
* tests/benchmark.c (mac_bench): Likewise.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (rsa_generate): Do not accept use-x931 or derive-parms
in FIPS mode.
* tests/pubkey.c (get_keys_x931_new): Expect failure in FIPS mode.
(check_run): Skip checking X9.31 keys in FIPS mode.
* doc/gcrypt.texi: Document "test-parms" and clarify some cases around
the X9.31 keygen.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa-common.c (_gcry_rsa_pss_encode): Prevent usage of large
salt lengths
(_gcry_rsa_pss_verify): Ditto.
* tests/basic.c (check_pubkey_sign): Check longer salt length fails in
FIPS mode
* tests/t-rsa-pss.c (one_test_sexp): Fix function name in error message
|
|
|
|
| |
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
| |
This reverts commit f736f3c70182d9c948f9105eb769c47c5578df35. The pubkey
encryption has already separate explicit FIPS service indicator.
|
|
|
|
|
| |
This reverts commit 249ca431ef881d510b90a5d3db9cd8507c4d697b. The pubkey
encryption has already separate explicit FIPS service indicator.
|
|
|
|
|
|
|
|
|
| |
* tests/t-kdf.c (check_pbkdf2): Add test vector with short dklen and
verify it fails in FIPS mode
--
GnuPG-bug-id: 6219
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
| |
* tests/hashtest.c (run_longtest): Avoid memory leak on error
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
| |
* cipher/t-rsa-testparm.c (check_rsa_testparm): Define parameters as
void.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
| |
* cipher/benchmark.c (ccm_aead_init): Avoid VLA in stack array.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
| |
* tests/bench-slope.c (bench_set_cipher_key): New.
(bench_encrypt_init, bench_xts_encrypt_init): Use
'bench_set_cipher_key' to remove VLA usage.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* .gitignore: Add 'tests/hashtest-6g'.
* configure.ac: Add 'tests/hashtest-6g'.
* tests/Makefile: Add 'hashtest-6g'.
* tests/hashtest-6g.in: New.
* tests/hashtest-256g.in: Add SHA3-512 to algos.
* tests/hashtest.c (use_hugeblock): New.
(testvectors): Add 256 GiB test vectors for BLAKE2S, BLAKE2B and
whirlpool; Add 6 GiB test vectors for SHA1, SHA256, SHA512, SHA3, SM3,
BLAKE2S, BLAKE2B, WHIRLPOOL, CRC32 and CRC24.
(run_longtest); Use huge 5 GiB pattern block when requested.
(main): Add '--hugeblock' and '--disable-hwf' options.
* tests/testdrv.c: Add 'hashtest-6g'; Add SHA3 to 'hashtest-256g'.
--
GnuPG-bug-id: 6217
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rsa.c (rsa_generate): Skip PCT is test-parms were specified.
* tests/t-rsa-testparm.c: Add test for this functionality
* tests/Makefile.am: Add test to build system
--
ACVP testing uses the test-parms option to specify p and q to be checked
for primality. When test-parms is specified, generate_fips() always
returns keys with p=q=0. These keys then fail the pairwise consistency
test, because they cannot be used to successfully sign a message and
verify the signature.
Skip the PCT when test-parms is specified.
Add a regression test to check that this functionality continues to work
in the future.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_pubkey_crypt): Expect the OAEP padding encryption
to fail in FIPS mode
* tests/pkcs1v2.c (check_oaep): Expect the OAEP tests to fail in FIPS
mode
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf.c (_gcry_kdf_open) allow empty password for Argon2.
--
This patch fixes libcryptsetup requirement to support empty
passwords for PBKDF (and passes Argon2 test vectors there now).
Signed-off-by: Milan Broz <gmazyland@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
* tests/t-kdf.c: Restructure KDF test vectors to allow easy addition
new vectors. Also remove some ugly C code like goto again.
--
Signed-off-by: Milan Broz <gmazyland@gmail.com>
[jk: fixed commit changelog cipher/kdf.c -> tests/t-kdf.c]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_gcm_siv_cipher): Do not run test vectors that
are known to fail when compiled without support for SM4 or CAMELLIA.
--
Fixes test execution when configured --enable-ciphers excluding sm4 or
camellia.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_gcm_siv_cipher): Add 'flags' for test vectors
and set FLAG_NOFIPS for SM4 and CAMELLIA128 test vectors; Add FIPS check
for test vectors; Change printing "aes-gcm-siv" on fail messages to
"algo %d GCM-SIV".
--
Patch fixes tests/basic failing with "LIBGCRYPT_FORCE_FIPS_MODE=1".
Reported-by: Clemens Lang <cllang@redhat.com>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/bulkhelp.h (bulk_ctr32le_enc_128): New.
* cipher/camellia-glue.c (_gcry_camellia_ctr32le_enc): New.
(camellia_setkey): Setup `bulk_ops->ctr32le_enc` if any AVX2
implementation is available.
* cipher/sm4.c (_gcry_sm4_ctr32le_enc): New.
(sm4_setkey): Setup `bulk_ops->ctr32le_enc`.
* tests/basic.c (check_gcm_siv_cipher): Add large bulk encryption
test vectors for SM4 and CAMELLIA128.
--
On Intel tigerlake, SM4-GCM-SIV encryption performance is now
1.69 cycles/byte (was 32.9 c/B). CAMELLIA128-GCM-SIV encryption
is now 1.38 cycles/byte (was 21.2 c/B).
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey.c (_gcry_pk_verify_md): Implement support of explicit
hash.
* tests/t-ecdsa.c (one_test_sexp): Use explicit hash.
--
GnuPG-bug-id: 6066
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/t-kdf.c (check_fips_indicators): Add test for gcry_control
(GCRYCTL_FIPS_SERVICE_INDICATOR_KDF).
--
Add a tests that checks that gcry_control(GCRYCTL_FIPS_SERVICE_INDICATOR_KDF)
works correctly, does not return unexpected values, and returns that
only PBKDF2 is approved at the moment.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/t-ecdsa.c (one_test_sexp): Re-run signature operation with hash
algorithm explicitly specified in data_tmpl as documented in the
manpage.
--
The code path to decode the explicit hash algorithm specification in
data_tmpl was previously not covered by tests. Verifying with
a data_tmpl that contains the hash algorithm as string currently fails
and should be enabled later. See also https://dev.gnupg.org/T6066.
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher.c (_gcry_cipher_ctl): Add handling for
'PRIV_CIPHERCTL_GET_COUNTER'.
* src/gcrypt-testapi.h (PRIV_CIPHERCTL_GET_COUNTER): New.
* tests/basic.c (cipher_cbc_bulk_test, cipher_cfb_bulk_test): Restore
IV checks by reading current IV from CBC/CFB cipher handle using
PRIV_CIPHERCTL_GET_INPUT_VECTOR.
(cipher_ctr_bulk_test): Restore counter checks by reading current
counter from CTR cipher handle using PRIV_CIPHERCTL_GET_COUNTER.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_pubkey): Skip non-FIPS tests in FIPS mode, fixes
a logic error previously introduced in e9698002.
--
e96980022e5ec079c9d4e3492eb6a1131c68e0f2 did change the behavior of
tests/basic.c to actually run non-FIPS tests in FIPS mode because the
'continue' statement was moved into the else block.
This fails when libgcrypt is configured, for example, without support
for RSA.
GnuPG-bug-id: 6048
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Define AM_CONDITIONALs for USE_DSA, USE_RSA,
USE_ELGAMAL, USE_ECC so Makefiles can depend on them.
* tests/Makefile.am: Skip tests that test only one public key algorithm
if that algorithm is disabled.
--
Skip building and running tests that are specific for a public key
algorithm if that algorithm was disabled using the
--enable-pubkey-ciphers configure option.
GnuPG-bug-id: 6048
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/keygen.c (show_mpi, check_rsa_keys, check_elg_keys,
check_dsa_keys, check_generated_ecc_key, check_ecc_keys): Skip tests
if the required public key algorithm is not available.
--
When libgcrypt is configured with a non-default --enable-pubkey-ciphers
option, some of the keygen tests cannot be run because the algorithms
are not supported. Disable those using preprocessor macros.
GnuPG-bug-id: 6048
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/benchmark.c (cipher_bench, rsa_bench, elg_bench, dsa_bench,
ecc_bench): Do not run benchmarks for PK algorithms that are not
supported in the current build.
--
When libgcrypt is configured with a non-default --enable-pubkey-ciphers
option, some of the benchmarks cannot be run because the algorithms are
not supported. Disable those using preprocessor macros, but add explicit
uses of the function parameters to avoid compiler warnings.
GnuPG-bug-id: 6048
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_pubkey): Skip tests if the required public key
algorithm is not available.
--
When libgcrypt is configured with a non-default --enable-pubkey-ciphers
option (e.g., without RSA), some of the tests cannot be run because the
algorithms are not supported. Check for unsupported algorithms using
gcry_pk_test_algo and print a message if they are not available.
GnuPG-bug-id: 6048
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/pubkey.c (check_run, main): Skip tests for unavailable
algorithms.
--
When libgcrypt is configured with a non-default --enable-pubkey-ciphers
option, some of the tests cannot be run because the algorithms are not
supported. Skip unsupported tests using preprocessor macros in this
case.
GnuPG-bug-id: 6048
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/t-kdf.c (check_openpgp, check_pbkdf2): Test digest availability.
--
Skip tests that would fail if libgcrypt is compiled with an
--enable-digests option that does not include the required digest
algorithms for the test vectors.
GnuPG-bug-id: 6048
Signed-off-by: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/md.c (prepare_macpads): Move the check to...
* src/visibility.c (gcry_mac_setkey): ... here.
* tests/t-kdf.c (check_hkdf): No failure is expected.
--
GnuPG-bug-id: 6039
Fixes-commit: 76aad97dd312e83f2f9b8d086553f2b72ab6546f
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
| |
* tests/t-kdf.c (check_hkdf): Check if shorter salts are rejected
correctly when FIPS mode.
--
Fixes-commit: fbddfb964f0b1c1ec131194b2273c3f834041c84
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_KDF_HKDF): New.
* cipher/kdf.c (hkdf_open, hkdf_compute, hkdf_final, hkdf_close): New.
(_gcry_kdf_open, _gcry_kdf_compute, _gcry_kdf_final, _gcry_kdf_close):
Handle GCRY_KDF_HKDF.
* tests/t-kdf.c (check_hkdf): New. Test vectors from RFC5869.
(main): Call check_hkdf.
--
GnuPG-bug-id: 5964
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_KDF_ONESTEP_KDF_MAC): New.
* cipher/kdf.c (onestep_kdf_mac_open, onestep_kdf_mac_compute): New.
(onestep_kdf_mac_final, onestep_kdf_mac_close): New.
(_gcry_kdf_open, _gcry_kdf_compute, _gcry_kdf_final, _gcry_kdf_close):
Add support for GCRY_KDF_ONESTEP_KDF_MAC.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_KDF_ONESTEP_KDF): New.
* cipher/kdf.c (onestep_kdf_open, onestep_kdf_compute): New.
(onestep_kdf_final): New.
(_gcry_kdf_open, _gcry_kdf_compute, _gcry_kdf_final): Add
GCRY_KDF_ONESTEP_KDF support.
* tests/t-kdf.c (check_onestep_kdf): Add the test.
(main): Call check_onestep_kdf.
--
GnuPG-bug-id: 5964
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
| |
--
* tests/basic.c (check_ocb_cipher_checksum): Check the right value for
errors
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/aeswrap.c (check_one_with_padding): Free hd on error paths
* tests/basic.c (check_ccm_cipher): Free context on error paths
(check_ocb_cipher_checksum): Ditto.
(do_check_xts_cipher): Ditto.
(check_gost28147_cipher_basic): Ditto.
* tests/bench-slope.c (bench_ecc_init): Free memory on invalid input.
* tests/t-cv25519.c (test_it): Free memory on error path
* tests/t-dsa.c (hex2buffer): Free memory on error path
* tests/t-ecdsa.c (hex2buffer): Free memory on error path
(one_test_sexp): Cleanup memory on exit
* tests/t-mpi-point.c (check_ec_mul): Free memory on error
(check_ec_mul_reduction): Ditto
* tests/t-rsa-15.c (hex2buffer): Ditto
* tests/t-rsa-pss.c (hex2buffer): Ditto
* tests/t-x448.c (test_it): Free memory on error path
* tests/testdrv.c (my_spawn): Free memory on error paths
--
GnuPG-bug-id: 5973
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Remove 'cipher-selftest.c' and 'cipher-selftest.h'.
* cipher/cipher-selftest.c: Remove (refactor these tests to
tests/basic.c).
* cipher/cipher-selftest.h: Remove.
* cipher/blowfish.c (selftest_ctr, selftest_cbc, selftest_cfb): Remove.
(selftest): Remove CTR/CBC/CFB bulk self-tests.
* cipher/camellia-glue.c (selftest_ctr_128, selftest_cbc_128)
(selftest_cfb_128): Remove.
(selftest): Remove CTR/CBC/CFB bulk self-tests.
* cipher/cast5.c (selftest_ctr, selftest_cbc, selftest_cfb): Remove.
(selftest): Remove CTR/CBC/CFB bulk self-tests.
* cipher/des.c (bulk_selftest_setkey, selftest_ctr, selftest_cbc)
(selftest_cfb): Remove.
(selftest): Remove CTR/CBC/CFB bulk self-tests.
* cipher/rijndael.c (selftest_basic_128, selftest_basic_192)
(selftest_basic_256): Allocate context from stack instead of heap and
handle alignment manually.
(selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Remove.
(selftest): Remove CTR/CBC/CFB bulk self-tests.
* cipher/serpent.c (selftest_ctr_128, selftest_cbc_128)
(selftest_cfb_128): Remove.
(selftest): Remove CTR/CBC/CFB bulk self-tests.
* cipher/sm4.c (selftest_ctr_128, selftest_cbc_128)
(selftest_cfb_128): Remove.
(selftest): Remove CTR/CBC/CFB bulk self-tests.
* cipher/twofish.c (selftest_ctr, selftest_cbc, selftest_cfb): Remove.
(selftest): Remove CTR/CBC/CFB bulk self-tests.
* tests/basic.c (buf_xor, cipher_cbc_bulk_test, buf_xor_2dst)
(cipher_cfb_bulk_test, cipher_ctr_bulk_test): New.
(check_ciphers): Run cipher_cbc_bulk_test(), cipher_cfb_bulk_test() and
cipher_ctr_bulk_test() for block ciphers.
---
CBC/CFB/CTR bulk self-tests are quite computationally heavy and
slow down use cases where application opens cipher context once,
does processing and exits. Better place for these tests is in
`tests/basic`.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_one_cipher_core): Add 'split_mode' parameter and
handling for split_mode==1.
(check_one_cipher): Use split_mode==0 for existing check_one_cipher_core
calls; Add new large buffer check with split_mode==1.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (check_pubkey_crypt): Expect RSA PKCS #1.5 encryption to
fail in FIPS mode. Expect failure when wrong padding is selected
* tests/pkcs1v2.c (check_v15crypt): Expect RSA PKCS #1.5 encryption to
fail in FIPS mode
--
GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
* tests/basic.c (global): New flag FLAG_SPECIAL
(check_pubkey_crypt): Change to use bitfield flags
--
GnuPG-bug-id: 5918
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|