Page MenuHome GnuPG

fips: Check library integrity before running selftests
Open, NormalPublic

Description

The FIPS 140-3 requires to run only the HMAC-SHA256 self-test before checking for integrity of the library and running the rest of selftests.

In previous discussions, you suggested that this will require some changes to FSM, but I think all of this can be handled inside of _gcry_fips_run_selftests(). See the attached patch with the proposed solution.

Related Objects

Event Timeline

gniibe triaged this task as Normal priority.EditedThu, Oct 14, 9:53 AM

OK, let us start discussion by applying the patch first.

I have wondered if introducing another state in FSM would be needed, because:

  • testing by call of _gcry_mac_selftest multiple times is OK? (Once for ENABLE_HMAC_BINARY_CHECK and another from run_mac_selftests.)
  • It would be good if we call _gcry_md_selftest with GCRY_MD_SHA256 in run_hmac_sha256_selftests. I mean, a dependency chain.
  • same argument for call of _gcry_md_selftest multiple times.

OK, let us start discussion by applying the patch first.

I have wondered if introducing another state in FSM would be needed, because:

I think we do not need to complicate the FSM with this as both the integrity and selftest are at this moment in the same step.

  • testing by call of _gcry_mac_selftest multiple times is OK? (Once for ENABLE_HMAC_BINARY_CHECK and another from run_mac_selftests.

Its probably ok, but certainly useless wasting of time. It might make sense to remove the sha256 and hmac-sha256 selftest from the run_mac_selftests when we build with ENABLE_HMAC_BINARY_CHECK.

  • It would be good if we call _gcry_md_selftest with GCRY_MD_SHA256 in run_hmac_sha256_selftests. I mean, a dependency chain.

That is a good point. Adding the selftest for GCRY_MD_SHA256 to the run_hmac_sha256_selftests() sounds like a good idea.

  • same argument for call of _gcry_md_selftest multiple times.

Right.

I drafted the changes in the following patch:

It should cover the above points for running all the selftest in FIPS mode as well as manually invoking selftests from gcry_control (just in slightly different order).