Index: b/tests/benchmark.c =================================================================== --- b/tests/benchmark.c +++ b/tests/benchmark.c @@ -1434,6 +1434,11 @@ is_ed25519 = !strcmp (p_sizes[testno], "Ed25519"); is_gost = !strncmp (p_sizes[testno], "gost", 4); + + /* Only P-{224,256,384,521} are allowed in fips mode */ + if (gcry_fips_mode_active() && (is_ed25519 || is_gost || !strcmp (p_sizes[testno], "192"))) + continue; + if (is_ed25519) { p_size = 256; Index: b/tests/curves.c =================================================================== --- b/tests/curves.c +++ b/tests/curves.c @@ -171,6 +171,9 @@ gcry_sexp_release (param); + /* Brainpool curves are not supported in fips mode */ + if (gcry_fips_mode_active()) + return; param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve); if (!param) Index: b/tests/fips186-dsa.c =================================================================== --- b/tests/fips186-dsa.c +++ b/tests/fips186-dsa.c @@ -457,9 +457,9 @@ /* No valuable keys are create, so we can speed up our RNG. */ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); - + /* FIXME: Add a 2048 bit key */ + /* This test has too short key length for FIPS 186-4 */ check_dsa_gen_186_2 (); - return error_count ? 1 : 0; } Index: b/tests/keygen.c =================================================================== --- b/tests/keygen.c +++ b/tests/keygen.c @@ -329,7 +329,7 @@ if (rc && !in_fips_mode) die ("error generating DSA key: %s\n", gpg_strerror (rc)); else if (!rc && in_fips_mode) - die ("generating 512 bit DSA key must not work!"); + die ("generating 1024 bit DSA key must not work!"); if (!i && verbose > 1) show_sexp ("1024 bit DSA key:\n", key); gcry_sexp_release (key); @@ -354,6 +354,60 @@ if (verbose > 1) show_sexp ("1536 bit DSA key:\n", key); gcry_sexp_release (key); + + if (verbose) + show ("creating 3072 bit DSA key\n"); + rc = gcry_sexp_new (&keyparm, + "(genkey\n" + " (dsa\n" + " (nbits 4:3072)\n" + " (qbits 3:256)\n" + " ))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating DSA key: %s\n", gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("3072 bit DSA key:\n", key); + gcry_sexp_release (key); + + if (verbose) + show ("creating 2048/256 bit DSA key\n"); + rc = gcry_sexp_new (&keyparm, + "(genkey\n" + " (dsa\n" + " (nbits 4:2048)\n" + " (qbits 3:256)\n" + " ))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating DSA key: %s\n", gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("2048 bit DSA key:\n", key); + gcry_sexp_release (key); + + if (verbose) + show ("creating 2048/224 bit DSA key\n"); + rc = gcry_sexp_new (&keyparm, + "(genkey\n" + " (dsa\n" + " (nbits 4:2048)\n" + " (qbits 3:224)\n" + " ))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating DSA key: %s\n", gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("2048 bit DSA key:\n", key); + gcry_sexp_release (key); } @@ -405,10 +459,14 @@ { if (verbose) show ("creating ECC key using curve %s\n", curves[testno]); - if (!strcmp (curves[testno], "Ed25519")) + if (!strcmp (curves[testno], "Ed25519")) { + /* Ed25519 isn't allowed in fips mode */ + if (in_fips_mode) + continue; rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve %s)(flags param eddsa)))", curves[testno]); + } else rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve %s)(flags param)))", @@ -459,6 +517,41 @@ " (nocomp): %s\n", gpg_strerror (rc)); + if (verbose) + show ("creating ECC key using curve NIST P-384 for ECDSA\n"); + /* must be specified as nistp384 (one word), + because ecc_generate uses _gcry_sexp_nth_string which takes + the first word of the name and thus libgcrypt can't find it + later in its curves table + */ + rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve nistp384)))"); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating ECC key using curve NIST P-384 for ECDSA: %s\n", + gpg_strerror (rc)); + + if (verbose > 1) + show_sexp ("ECC key:\n", key); + + check_generated_ecc_key (key); + gcry_sexp_release (key); + + if (verbose) + show ("creating ECC key using curve NIST P-384 for ECDSA (nocomp)\n"); + rc = gcry_sexp_build (&keyparm, NULL, + "(genkey(ecc(curve nistp384)(flags nocomp)))"); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating ECC key using curve NIST P-384 for ECDSA" + " (nocomp): %s\n", + gpg_strerror (rc)); + if (verbose > 1) show_sexp ("ECC key:\n", key); Index: b/tests/pubkey.c =================================================================== --- b/tests/pubkey.c +++ b/tests/pubkey.c @@ -483,8 +483,8 @@ rc = gcry_sexp_new (&key_spec, transient_key - ? "(genkey (dsa (nbits 4:1024)(transient-key)))" - : "(genkey (dsa (nbits 4:1024)))", + ? "(genkey (dsa (nbits 4:2048)(transient-key)))" + : "(genkey (dsa (nbits 4:2048)))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gcry_strerror (rc)); @@ -517,7 +517,7 @@ int rc; rc = gcry_sexp_new - (&key_spec, "(genkey (dsa (nbits 4:1024)(use-fips186)))", 0, 1); + (&key_spec, "(genkey (dsa (nbits 4:2048)(use-fips186)))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gcry_strerror (rc)); rc = gcry_pk_genkey (&key, key_spec); @@ -637,7 +637,7 @@ (&key_spec, "(genkey" " (dsa" - " (nbits 4:1024)" + " (nbits 4:3072)" " (use-fips186)" " (transient-key)" " (derive-parms" @@ -742,19 +742,26 @@ gcry_sexp_release (pkey); gcry_sexp_release (skey); - if (verbose) - fprintf (stderr, "Generating DSA key with given domain.\n"); - get_dsa_key_with_domain_new (&pkey, &skey); - /* Fixme: Add a check function for DSA keys. */ - gcry_sexp_release (pkey); - gcry_sexp_release (skey); + /* The given domain contains too short q for generate_fips186 */ + if (!gcry_fips_mode_active()) + { + if (verbose) + fprintf (stderr, "Generating DSA key with given domain.\n"); + get_dsa_key_with_domain_new (&pkey, &skey); + /* Fixme: Add a check function for DSA keys. */ + gcry_sexp_release (pkey); + gcry_sexp_release (skey); + } + /* The given domain contains too short q for generate_fips186 */ + /* if (verbose) fprintf (stderr, "Generating DSA key with given domain (FIPS 186).\n"); get_dsa_key_fips186_with_domain_new (&pkey, &skey); - /* Fixme: Add a check function for DSA keys. */ + / * Fixme: Add a check function for DSA keys. * / gcry_sexp_release (pkey); gcry_sexp_release (skey); + */ if (verbose) fprintf (stderr, "Generating DSA key with given seed (FIPS 186).\n"); @@ -1240,7 +1247,8 @@ check_x931_derived_key (i); check_ecc_sample_key (); - check_ed25519ecdsa_sample_key (); + if (!gcry_fips_mode_active ()) + check_ed25519ecdsa_sample_key (); return !!error_count; } Index: b/tests/random.c =================================================================== --- b/tests/random.c +++ b/tests/random.c @@ -562,8 +562,10 @@ signal (SIGPIPE, SIG_IGN); #endif + /* don't switch rng in fips mode */ if (early_rng) - check_early_rng_type_switching (); + if (!gcry_fips_mode_active()) + check_early_rng_type_switching (); gcry_control (GCRYCTL_DISABLE_SECMEM, 0); if (!gcry_check_version (GCRYPT_VERSION)) @@ -582,7 +584,9 @@ check_nonce_forking (); check_close_random_device (); } - check_rng_type_switching (); + /* don't switch rng in fips mode */ + if (!gcry_fips_mode_active()) + check_rng_type_switching (); if (!in_recursion) run_all_rng_tests (program); Index: b/tests/t-ed25519.c =================================================================== --- b/tests/t-ed25519.c +++ b/tests/t-ed25519.c @@ -548,6 +548,10 @@ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + /* Ed25519 isn't supported in fips mode */ + if (gcry_fips_mode_active()) + return 0; + start_timer (); check_ed25519 (fname); stop_timer (); Index: b/tests/t-kdf.c =================================================================== --- b/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -888,6 +888,10 @@ { if (tv[tvidx].disabled) continue; + /* MD5 isn't supported in fips mode */ + if (gcry_fips_mode_active() && + tv[tvidx].hashalgo == GCRY_MD_MD5) + continue; if (verbose) fprintf (stderr, "checking S2K test vector %d\n", tvidx); assert (tv[tvidx].dklen <= sizeof outbuf); Index: b/tests/t-mpi-point.c =================================================================== --- b/tests/t-mpi-point.c +++ b/tests/t-mpi-point.c @@ -540,6 +540,17 @@ show ("checking standard curves\n"); for (idx=0; test_curve[idx].desc; idx++) { + /* P-192 and Ed25519 are not supported in fips mode */ + if (gcry_fips_mode_active()) + { + if (!strcmp(test_curve[idx].desc, "NIST P-192") || + !strcmp(test_curve[idx].desc, "Ed25519")) + { + show("skipping %s in fips mode\n", test_curve[idx].desc ); + continue; + } + } + gcry_ctx_release (ctx); err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc); if (err) @@ -635,6 +646,10 @@ gcry_sexp_release (sexp); } + /* Skipping Ed25519 if in FIPS mode (it isn't supported) */ + if (gcry_fips_mode_active()) + goto cleanup; + show ("checking sample public key (Ed25519)\n"); q = hex2mpi (sample_ed25519_q); gcry_sexp_release (keyparam); @@ -722,6 +737,7 @@ } +cleanup: gcry_ctx_release (ctx); gcry_sexp_release (keyparam); } @@ -1101,8 +1117,12 @@ context_alloc (); context_param (); basic_ec_math (); - basic_ec_math_simplified (); - twistededwards_math (); + + /* the tests are for P-192 and ed25519 which are not supported in FIPS mode */ + if (!gcry_fips_mode_active()) { + basic_ec_math_simplified (); + twistededwards_math (); + } show ("All tests completed. Errors: %d\n", error_count); return error_count ? 1 : 0;