The FIPS 140-3 requires to run only the HMAC-SHA256 self-test before checking for integrity of the library and running the rest of selftests.
In previous discussions, you suggested that this will require some changes to FSM, but I think all of this can be handled inside of _gcry_fips_run_selftests(). See the attached patch with the proposed solution.
| rC libgcrypt | |||
| rCd45db4ad16fe fips: Improve selftests invocation. | |||
| rCd2c68849d19b fips: Verify library integrity before running selftests. | |||
OK, let us start discussion by applying the patch first.
I have wondered if introducing another state in FSM would be needed, because:
I think we do not need to complicate the FSM with this as both the integrity and selftest are at this moment in the same step.
- testing by call of _gcry_mac_selftest multiple times is OK? (Once for ENABLE_HMAC_BINARY_CHECK and another from run_mac_selftests.
Its probably ok, but certainly useless wasting of time. It might make sense to remove the sha256 and hmac-sha256 selftest from the run_mac_selftests when we build with ENABLE_HMAC_BINARY_CHECK.
- It would be good if we call _gcry_md_selftest with GCRY_MD_SHA256 in run_hmac_sha256_selftests. I mean, a dependency chain.
That is a good point. Adding the selftest for GCRY_MD_SHA256 to the run_hmac_sha256_selftests() sounds like a good idea.
- same argument for call of _gcry_md_selftest multiple times.
Right.
I drafted the changes in the following patch:
It should cover the above points for running all the selftest in FIPS mode as well as manually invoking selftests from gcry_control (just in slightly different order).