Page Menu
Home
GnuPG
Search
Configure Global Search
Log In
Files
F34212218
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Size
27 KB
Subscribers
None
View Options
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 93774fe9..3170a58e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1,135 +1,135 @@
# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
#
# This file is part of Libgcrypt.
#
# Libgcrypt is free software; you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation; either version 2.1 of
# the License, or (at your option) any later version.
#
# Libgcrypt is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; if not, see <https://www.gnu.org/licenses/>.
# SPDX-License-Identifier: LGPL-2.1-or-later
## Process this file with automake to produce Makefile.in
# Note: Please keep these tests in sync with those in testdrv.c.
# We will eventually switch over to the the new driver but as of now
# the driver is only used for cross-compiling.
tests_bin = \
version t-secmem mpitests t-sexp t-convert \
t-mpi-bit t-mpi-point t-lock \
prime basic keygen pubkey hmac hashtest t-kdf keygrip \
- aeswrap random t-kem t-mlkem t-thread-local t-digest
+ aeswrap random t-kem t-mlkem t-thread-local t-fips-service-ind
if USE_RSA
tests_bin += pkcs1v2 t-rsa-pss t-rsa-15 t-rsa-testparm
endif
if USE_DSA
tests_bin += fips186-dsa dsa-rfc6979 t-dsa
endif
if USE_ECC
tests_bin += curves t-ecdsa t-ed25519 t-cv25519 t-x448 t-ed448
endif
tests_bin_last = benchmark bench-slope
tests_sh = basic-disable-all-hwf
tests_sh_last = hashtest-6g hashtest-256g
TESTS = $(tests_bin) $(tests_sh) $(tests_bin_last) $(tests_sh_last)
# Force sequential run of some tests.
bench-slope.log: benchmark.log
hashtest-6g.log: bench-slope.log
hashtest-256g.log: hashtest-6g.log
TESTS_ENVIRONMENT = GCRYPT_IN_REGRESSION_TEST=1
# Need to include ../src in addition to top_srcdir because gcrypt.h is
# a built header.
AM_CPPFLAGS = -I../src -I$(top_srcdir)/src
AM_CFLAGS = $(GPG_ERROR_CFLAGS)
if HAVE_W32_SYSTEM
AM_LDFLAGS = -no-fast-install
else
AM_LDFLAGS = -no-install
endif
standard_ldadd = \
../src/libgcrypt.la \
../compat/libcompat.la
EXTRA_PROGRAMS = testapi pkbench
noinst_PROGRAMS = testdrv $(tests_bin) $(tests_bin_last) \
fipsdrv rsacvt genhashdata gchash
noinst_HEADERS = t-common.h
CLEANFILES = testdrv-build
EXTRA_DIST = README rsa-16k.key \
pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h \
t-ed25519.inp t-ed448.inp t-dsa.inp t-ecdsa.inp t-rsa-15.inp \
t-rsa-pss.inp t-mlkem.inp \
stopwatch.h hashtest-6g.in hashtest-256g.in \
sha3-224.h sha3-256.h sha3-384.h sha3-512.h blake2b.h blake2s.h \
basic-disable-all-hwf.in basic_all_hwfeature_combinations.sh
LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS) @LDADD_FOR_TESTS_KLUDGE@
pkbench_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
prime_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
t_mpi_bit_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
t_secmem_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
testapi_LDADD = $(standard_ldadd) @LDADD_FOR_TESTS_KLUDGE@
t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) @LDADD_FOR_TESTS_KLUDGE@
t_lock_CFLAGS = $(GPG_ERROR_MT_CFLAGS)
testdrv_LDADD = $(LDADD_FOR_TESTS_KLUDGE)
# Build a version of the test driver for the build platform.
testdrv-build: testdrv.c
$(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $(LDFLAGS_FOR_BUILD) \
$(CPPFLAGS_FOR_BUILD) -DTESTDRV_EXEEXT=\"$(EXEEXT)\" \
-o $@ $(srcdir)/testdrv.c
if HAVE_W32_SYSTEM
xtestsuite_libs = ../src/.libs/libgcrypt-20.dll \
$(prefix)/bin/libgpg-error*-0.dll
xtestsuite_driver = .libs/testdrv.exe
t_kdf_LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS) @LDADD_FOR_TESTS_KLUDGE@
t_kdf_CFLAGS = $(GPG_ERROR_CFLAGS)
else
xtestsuite_libs = ../src/.libs/libgcrypt.so*
xtestsuite_driver = testdrv
t_kdf_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) @LDADD_FOR_TESTS_KLUDGE@
t_kdf_CFLAGS = $(GPG_ERROR_MT_CFLAGS)
endif
# xcheck uses our new testdrv instead of the automake test runner.
.PHONY: xcheck xtestsuite
xcheck: testdrv$(EXEEXT)
srcdir=$(srcdir) ./testdrv$(EXEEXT) --verbose
# Make a tarballs with all the tests.
xtestsuite: testdrv$(EXEEXT) testdrv-build $(TESTS)
+(set -e; \
name="$(PACKAGE_TARNAME)-tests-$(PACKAGE_VERSION)";\
xname="$$name/$(host)" ;\
rm -rf $$name; mkdir $$name ; mkdir $$xname ;\
cp -L $(xtestsuite_driver) \
$$(srcdir=$(srcdir) ./testdrv-build --files|sort|uniq) $$xname/ ;\
cp -P $(xtestsuite_libs) $$xname/ ;\
touch $$xname/libgcrypt-standalone-tests ;\
$(AMTAR) czf "$(PACKAGE_TARNAME)-tests-$(PACKAGE_VERSION)".tar.gz \
$$name ;\
)
diff --git a/tests/t-digest.c b/tests/t-fips-service-ind.c
similarity index 99%
rename from tests/t-digest.c
rename to tests/t-fips-service-ind.c
index e2b1ce32..31c1fc72 100644
--- a/tests/t-digest.c
+++ b/tests/t-fips-service-ind.c
@@ -1,632 +1,632 @@
-/* t-digest.c - MD regression tests
+/* t-fips-service-ind.c - FIPS service indicator regression tests
* Copyright (C) 2024 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
* SPDX-License-Identifier: LGPL-2.1+
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
-#define PGM "t-digest"
+#define PGM "t-fips-service-ind"
#include "t-common.h"
static int in_fips_mode;
/* Mingw requires us to include windows.h after winsock2.h which is
included by gcrypt.h. */
#ifdef _WIN32
# include <windows.h>
#endif
/* Check gcry_mac_open, gcry_mac_write, gcry_mac_write, gcry_mac_read,
gcry_mac_close API. */
static void
check_mac_o_w_r_c (void)
{
static struct {
int algo;
const char *data;
int datalen;
const char *key;
int keylen;
const char *expect;
int expect_failure;
unsigned int flags;
} tv[] = {
#if USE_MD5
{ GCRY_MAC_HMAC_MD5, "hmac input abc", 14, "hmac key input", 14,
"\x0d\x72\xd0\x60\xaf\x34\xf2\xca\x33\x58\xa9\xcc\xd3\x5a\xac\xb5", 1 },
{ GCRY_MAC_HMAC_MD5, "hmac input abc", 14, "hmac key input", 14,
"\x0d\x72\xd0\x60\xaf\x34\xf2\xca\x33\x58\xa9\xcc\xd3\x5a\xac\xb5", 1,
GCRY_MAC_FLAG_REJECT_NON_FIPS },
#endif
#if USE_SHA1
{ GCRY_MAC_HMAC_SHA1, "hmac input abc", 14, "hmac key input", 14,
"\xc9\x62\x9d\x16\x0f\xc2\xc4\xcd\x38\xac\x3a\x00\xdc\x29\x61\x03"
"\x69\x50\xd7\x3a" },
#endif
{ GCRY_MAC_HMAC_SHA256, "hmac input abc", 14, "hmac key input", 14,
"\x6a\xda\x4d\xd5\xf3\xa7\x32\x9d\xd2\x55\xc0\x7f\xe6\x0a\x93\xb8"
"\x7a\x6e\x76\x68\x46\x34\x67\xf9\xc2\x29\xb8\x24\x2e\xc8\xe3\xb4" },
{ GCRY_MAC_HMAC_SHA384, "hmac input abc", 14, "hmac key input", 14,
"\xc6\x59\x14\x4a\xac\x4d\xd5\x62\x09\x2c\xbd\x5e\xbf\x41\x94\xf9"
"\xa4\x78\x18\x46\xfa\xd6\xd1\x12\x90\x4f\x65\xd4\xe8\x44\xcc\xcc"
"\x3d\xcc\xf3\xe4\x27\xd8\xf0\xff\x01\xe8\x70\xcd\xfb\xfa\x24\x45" },
{ GCRY_MAC_HMAC_SHA512, "hmac input abc", 14, "hmac key input", 14,
"\xfa\x77\x49\x49\x24\x3d\x7e\x03\x1b\x0e\xd1\xfc\x20\x81\xcf\x95"
"\x81\x21\xa4\x4f\x3b\xe5\x69\x9a\xe6\x67\x27\x10\xbc\x62\xc7\xb3"
"\xb3\xcf\x2b\x1e\xda\x20\x48\x25\xc5\x6a\x52\xc7\xc9\xd9\x77\xf6"
"\xf6\x49\x9d\x70\xe6\x04\x33\xab\x6a\xdf\x7e\x9f\xf4\xd1\x59\x6e" },
{ GCRY_MAC_HMAC_SHA3_256, "hmac input abc", 14, "hmac key input", 14,
"\x2b\xe9\x02\x92\xc2\x37\xbe\x91\x06\xbf\x9c\x8e\x7b\xa3\xf2\xfc"
"\x68\x10\x8a\x71\xd5\xc7\x84\x3c\x0b\xdd\x7d\x1e\xdf\xa5\xf6\xa7" },
{ GCRY_MAC_HMAC_SHA3_384, "hmac input abc", 14, "hmac key input", 14,
"\x9f\x6b\x9f\x49\x95\x57\xed\x33\xb1\xe7\x22\x2f\xda\x40\x68\xb0"
"\x28\xd2\xdb\x6f\x73\x3c\x2e\x2b\x29\x51\x64\x53\xc4\xc5\x63\x8a"
"\x98\xca\x78\x1a\xe7\x1b\x7d\xf6\xbf\xf3\x6a\xf3\x2a\x0e\xa0\x5b" },
{ GCRY_MAC_HMAC_SHA3_512, "hmac input abc", 14, "hmac key input", 14,
"\xf3\x19\x70\x54\x25\xdf\x0f\xde\x09\xe9\xea\x3b\x34\x67\x14\x32"
"\xe6\xe2\x58\x9d\x76\x38\xa4\xbd\x90\x35\x4c\x07\x7c\xa3\xdb\x23"
"\x3c\x78\x0c\x45\xee\x8e\x39\xd5\x81\xd8\x5c\x13\x20\x40\xba\x34"
"\xd0\x0b\x75\x31\x38\x4b\xe7\x74\x87\xa9\xc5\x68\x7f\xbc\x19\xa1" }
#if USE_RMD160
,
{ GCRY_MAC_HMAC_RMD160, "hmac input abc", 14, "hmac key input", 14,
"\xf2\x45\x5c\x7e\x48\x1a\xbb\xe5\xe8\xec\x40\xa4\x1b\x89\x26\x2b"
"\xdc\xa1\x79\x59", 1 }
#endif
};
int tvidx;
unsigned char mac[64];
int expectlen;
gpg_error_t err;
size_t buflen;
for (tvidx=0; tvidx < DIM(tv); tvidx++)
{
gpg_err_code_t ec;
gcry_mac_hd_t h;
if (verbose)
fprintf (stderr, "checking gcry_mac_open test %d\n",
tvidx);
expectlen = gcry_mac_get_algo_maclen (tv[tvidx].algo);
assert (expectlen != 0);
assert (expectlen <= DIM (mac));
err = gcry_mac_open (&h, tv[tvidx].algo, tv[tvidx].flags, NULL);
if (err)
{
if (in_fips_mode && (tv[tvidx].flags & GCRY_MAC_FLAG_REJECT_NON_FIPS)
&& tv[tvidx].expect_failure)
/* Here, an error is expected */
;
else
fail ("gcry_mac_open test %d unexpectedly failed: %s\n",
tvidx, gpg_strerror (err));
continue;
}
else
{
if (in_fips_mode && (tv[tvidx].flags & GCRY_MAC_FLAG_REJECT_NON_FIPS)
&& tv[tvidx].expect_failure)
/* This case, an error is expected, but we observed success */
fail ("gcry_mac_open test %d unexpectedly succeeded\n", tvidx);
}
ec = gcry_get_fips_service_indicator ();
if (ec == GPG_ERR_INV_OP)
{
/* libgcrypt is old, no support of the FIPS service indicator. */
fail ("gcry_mac_open test %d unexpectedly failed to check the FIPS service indicator.\n",
tvidx);
continue;
}
if (in_fips_mode && !tv[tvidx].expect_failure && ec)
{
/* Success with the FIPS service indicator == 0 expected, but != 0. */
fail ("gcry_mac_open test %d unexpectedly set the indicator in FIPS mode.\n",
tvidx);
continue;
}
else if (in_fips_mode && tv[tvidx].expect_failure && !ec)
{
/* Success with the FIPS service indicator != 0 expected, but == 0. */
fail ("gcry_mac_open test %d unexpectedly cleared the indicator in FIPS mode.\n",
tvidx);
continue;
}
err = gcry_mac_setkey (h, tv[tvidx].key, tv[tvidx].keylen);
if (err)
{
fail ("gcry_mac_setkey test %d unexpectedly failed: %s\n",
tvidx, gpg_strerror (err));
gcry_mac_close (h);
continue;
}
err = gcry_mac_write (h, tv[tvidx].data, tv[tvidx].datalen);
if (err)
{
fail ("gcry_mac_write test %d unexpectedly failed: %s\n",
tvidx, gpg_strerror (err));
gcry_mac_close (h);
continue;
}
buflen = expectlen;
err = gcry_mac_read (h, mac, &buflen);
if (err || buflen != expectlen)
{
fail ("gcry_mac_read test %d unexpectedly failed: %s\n",
tvidx, gpg_strerror (err));
gcry_mac_close (h);
continue;
}
if (memcmp (mac, tv[tvidx].expect, expectlen))
{
int i;
fail ("gcry_mac_open test %d failed: mismatch\n", tvidx);
fputs ("got:", stderr);
for (i=0; i < expectlen; i++)
fprintf (stderr, " %02x", mac[i]);
putc ('\n', stderr);
}
gcry_mac_close (h);
}
}
/* Check gcry_md_open, gcry_md_write, gcry_md_write, gcry_md_read,
gcry_md_close API. */
static void
check_md_o_w_r_c (void)
{
static struct {
int algo;
const char *data;
int datalen;
const char *expect;
int expect_failure;
unsigned int flags;
} tv[] = {
#if USE_MD5
{ GCRY_MD_MD5, "abc", 3,
"\x90\x01\x50\x98\x3C\xD2\x4F\xB0\xD6\x96\x3F\x7D\x28\xE1\x7F\x72", 1 },
{ GCRY_MD_MD5, "abc", 3,
"\x90\x01\x50\x98\x3C\xD2\x4F\xB0\xD6\x96\x3F\x7D\x28\xE1\x7F\x72", 1,
GCRY_MD_FLAG_REJECT_NON_FIPS },
#endif
#if USE_SHA1
{ GCRY_MD_SHA1, "abc", 3,
"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
"\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" },
#endif
{ GCRY_MD_SHA256, "abc", 3,
"\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"
"\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad" },
{ GCRY_MD_SHA384, "abc", 3,
"\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
"\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
"\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34\xc8\x25\xa7" },
{ GCRY_MD_SHA512, "abc", 3,
"\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31"
"\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A"
"\x21\x92\x99\x2A\x27\x4F\xC1\xA8\x36\xBA\x3C\x23\xA3\xFE\xEB\xBD"
"\x45\x4D\x44\x23\x64\x3C\xE8\x0E\x2A\x9A\xC9\x4F\xA5\x4C\xA4\x9F" },
{ GCRY_MD_SHA3_256, "abc", 3,
"\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90\xbd"
"\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43\x15\x32" },
{ GCRY_MD_SHA3_384, "abc", 3,
"\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad\x8d"
"\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2"
"\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28\x37\x6d\x25" },
{ GCRY_MD_SHA3_512, "abc", 3,
"\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09\x6e"
"\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2\x71\x2e"
"\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47\xe3\x93\x40"
"\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27\x4e\xec\x53\xf0" }
#if USE_RMD160
,
{ GCRY_MD_RMD160, "abc", 3,
"\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04"
"\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc", 1 }
#endif
};
int tvidx;
unsigned char *hash;
int expectlen;
gpg_error_t err;
for (tvidx=0; tvidx < DIM(tv); tvidx++)
{
gpg_err_code_t ec;
gcry_md_hd_t h;
if (verbose)
fprintf (stderr, "checking gcry_md_open test %d\n",
tvidx);
expectlen = gcry_md_get_algo_dlen (tv[tvidx].algo);
assert (expectlen != 0);
err = gcry_md_open (&h, tv[tvidx].algo, tv[tvidx].flags);
if (err)
{
if (in_fips_mode && (tv[tvidx].flags & GCRY_MD_FLAG_REJECT_NON_FIPS)
&& tv[tvidx].expect_failure)
/* Here, an error is expected */
;
else
fail ("gcry_md_open test %d unexpectedly failed: %s\n",
tvidx, gpg_strerror (err));
continue;
}
else
{
if (in_fips_mode && (tv[tvidx].flags & GCRY_MD_FLAG_REJECT_NON_FIPS)
&& tv[tvidx].expect_failure)
/* This case, an error is expected, but we observed success */
fail ("gcry_md_open test %d unexpectedly succeeded\n", tvidx);
}
ec = gcry_get_fips_service_indicator ();
if (ec == GPG_ERR_INV_OP)
{
/* libgcrypt is old, no support of the FIPS service indicator. */
fail ("gcry_md_open test %d unexpectedly failed to check the FIPS service indicator.\n",
tvidx);
continue;
}
if (in_fips_mode && !tv[tvidx].expect_failure && ec)
{
/* Success with the FIPS service indicator == 0 expected, but != 0. */
fail ("gcry_md_open test %d unexpectedly set the indicator in FIPS mode.\n",
tvidx);
continue;
}
else if (in_fips_mode && tv[tvidx].expect_failure && !ec)
{
/* Success with the FIPS service indicator != 0 expected, but == 0. */
fail ("gcry_md_open test %d unexpectedly cleared the indicator in FIPS mode.\n",
tvidx);
continue;
}
gcry_md_write (h, tv[tvidx].data, tv[tvidx].datalen);
hash = gcry_md_read (h, tv[tvidx].algo);
if (memcmp (hash, tv[tvidx].expect, expectlen))
{
int i;
fail ("gcry_md_open test %d failed: mismatch\n", tvidx);
fputs ("got:", stderr);
for (i=0; i < expectlen; i++)
fprintf (stderr, " %02x", hash[i]);
putc ('\n', stderr);
}
gcry_md_close (h);
}
}
static void
check_hash_buffer (void)
{
static struct {
int algo;
const char *data;
int datalen;
const char *expect;
int expect_failure;
} tv[] = {
#if USE_MD5
{ GCRY_MD_MD5, "abc", 3,
"\x90\x01\x50\x98\x3C\xD2\x4F\xB0\xD6\x96\x3F\x7D\x28\xE1\x7F\x72", 1 },
#endif
#if USE_SHA1
{ GCRY_MD_SHA1, "abc", 3,
"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
"\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" },
#endif
{ GCRY_MD_SHA256, "abc", 3,
"\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"
"\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad" },
{ GCRY_MD_SHA384, "abc", 3,
"\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
"\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
"\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34\xc8\x25\xa7" },
{ GCRY_MD_SHA512, "abc", 3,
"\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31"
"\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A"
"\x21\x92\x99\x2A\x27\x4F\xC1\xA8\x36\xBA\x3C\x23\xA3\xFE\xEB\xBD"
"\x45\x4D\x44\x23\x64\x3C\xE8\x0E\x2A\x9A\xC9\x4F\xA5\x4C\xA4\x9F" },
{ GCRY_MD_SHA3_256, "abc", 3,
"\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90\xbd"
"\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43\x15\x32" },
{ GCRY_MD_SHA3_384, "abc", 3,
"\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad\x8d"
"\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2"
"\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28\x37\x6d\x25" },
{ GCRY_MD_SHA3_512, "abc", 3,
"\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09\x6e"
"\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2\x71\x2e"
"\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47\xe3\x93\x40"
"\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27\x4e\xec\x53\xf0" }
#if USE_RMD160
,
{ GCRY_MD_RMD160, "abc", 3,
"\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04"
"\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc", 1 }
#endif
};
int tvidx;
unsigned char hash[64];
int expectlen;
for (tvidx=0; tvidx < DIM(tv); tvidx++)
{
gpg_err_code_t ec;
if (verbose)
fprintf (stderr, "checking gcry_md_hash_buffer test %d\n",
tvidx);
expectlen = gcry_md_get_algo_dlen (tv[tvidx].algo);
assert (expectlen != 0);
assert (expectlen <= sizeof hash);
gcry_md_hash_buffer (tv[tvidx].algo, hash,
tv[tvidx].data, tv[tvidx].datalen);
ec = gcry_get_fips_service_indicator ();
if (ec == GPG_ERR_INV_OP)
{
/* libgcrypt is old, no support of the FIPS service indicator. */
fail ("gcry_md_hash_buffer test %d unexpectedly failed to check the FIPS service indicator.\n",
tvidx);
continue;
}
if (in_fips_mode && !tv[tvidx].expect_failure && ec)
{
/* Success with the FIPS service indicator == 0 expected, but != 0. */
fail ("gcry_md_hash_buffer test %d unexpectedly set the indicator in FIPS mode.\n",
tvidx);
continue;
}
else if (in_fips_mode && tv[tvidx].expect_failure && !ec)
{
/* Success with the FIPS service indicator != 0 expected, but == 0. */
fail ("gcry_md_hash_buffer test %d unexpectedly cleared the indicator in FIPS mode.\n",
tvidx);
continue;
}
if (memcmp (hash, tv[tvidx].expect, expectlen))
{
int i;
fail ("gcry_md_hash_buffer test %d failed: mismatch\n", tvidx);
fputs ("got:", stderr);
for (i=0; i < expectlen; i++)
fprintf (stderr, " %02x", hash[i]);
putc ('\n', stderr);
}
}
}
static void
check_hash_buffers (void)
{
static struct {
int algo;
const char *data;
int datalen;
const char *key;
int keylen;
const char *expect;
int expect_failure;
} tv[] = {
#if USE_MD5
{ GCRY_MD_MD5, "abc", 3,
"key", 3,
"\xd2\xfe\x98\x06\x3f\x87\x6b\x03\x19\x3a\xfb\x49\xb4\x97\x95\x91", 1 },
#endif
#if USE_SHA1
{ GCRY_MD_SHA1, "abc", 3,
"key", 3,
"\x4f\xd0\xb2\x15\x27\x6e\xf1\x2f\x2b\x3e"
"\x4c\x8e\xca\xc2\x81\x14\x98\xb6\x56\xfc" },
#endif
{ GCRY_MD_SHA256, "abc", 3,
"key", 3,
"\x9c\x19\x6e\x32\xdc\x01\x75\xf8\x6f\x4b\x1c\xb8\x92\x89\xd6\x61"
"\x9d\xe6\xbe\xe6\x99\xe4\xc3\x78\xe6\x83\x09\xed\x97\xa1\xa6\xab" },
{ GCRY_MD_SHA384, "abc", 3,
"key", 3,
"\x30\xdd\xb9\xc8\xf3\x47\xcf\xfb\xfb\x44\xe5\x19\xd8\x14\xf0\x74"
"\xcf\x40\x47\xa5\x5d\x6f\x56\x33\x24\xf1\xc6\xa3\x39\x20\xe5\xed"
"\xfb\x2a\x34\xba\xc6\x0b\xdc\x96\xcd\x33\xa9\x56\x23\xd7\xd6\x38" },
{ GCRY_MD_SHA512, "abc", 3,
"key", 3,
"\x39\x26\xa2\x07\xc8\xc4\x2b\x0c\x41\x79\x2c\xbd\x3e\x1a\x1a\xaa"
"\xf5\xf7\xa2\x57\x04\xf6\x2d\xfc\x93\x9c\x49\x87\xdd\x7c\xe0\x60"
"\x00\x9c\x5b\xb1\xc2\x44\x73\x55\xb3\x21\x6f\x10\xb5\x37\xe9\xaf"
"\xa7\xb6\x4a\x4e\x53\x91\xb0\xd6\x31\x17\x2d\x07\x93\x9e\x08\x7a" },
{ GCRY_MD_SHA3_256, "abc", 3,
"key", 3,
"\x09\xb6\xdb\xab\x8d\x11\x79\x5c\xa7\xc8\xd8\x2f\x1c\xf9\x16\x82"
"\x01\x3c\x7c\xb9\x80\xab\xbb\x25\x47\x3b\xe4\xae\x7f\x7b\x56\x83" },
{ GCRY_MD_SHA3_384, "abc", 3,
"key", 3,
"\x94\xf2\xaa\x7a\xe7\xc4\xb7\xb8\xfa\x4c\x61\x2f\xdb\x42\x2b\x33"
"\x43\x81\x1b\x13\xc8\x88\x82\x57\x90\x4f\x54\x39\x95\xcd\xbc\xba"
"\x5e\x49\xf1\x0f\x8e\xd6\xf7\xb9\xdd\xc1\xb3\x0b\x38\x28\x81\x5c" },
{ GCRY_MD_SHA3_512, "abc", 3,
"key", 3,
"\x08\x5e\x4e\x83\x50\x3f\x40\xb8\x2f\xef\x38\x43\x8b\xc4\x90\x5a"
"\x55\xdb\xaa\x8c\x88\x78\x09\x7a\x89\x9d\xb0\xb5\x7c\xe7\xda\x57"
"\xa3\x68\x25\x1c\x34\x47\x4f\x60\xb3\xeb\xac\xb3\x9b\x2e\xda\xca"
"\x4b\x29\x04\x56\x41\x1c\x76\xec\x7a\xb6\x19\x44\xcf\xe2\x28\x8e" }
#if USE_RMD160
,
{ GCRY_MD_RMD160, "abc", 3,
"key", 3,
"\x67\xfd\xce\x73\x8e\xbf\xc7\x37\x2b\xcd"
"\x38\xf0\x3c\x02\x3b\x57\x46\x72\x4d\x18", 1 }
#endif
};
int tvidx;
unsigned char hash[64];
int expectlen;
gcry_buffer_t iov[2];
gpg_error_t err;
for (tvidx=0; tvidx < DIM(tv); tvidx++)
{
gpg_err_code_t ec;
if (verbose)
fprintf (stderr, "checking gcry_md_hash_buffers test %d\n",
tvidx);
expectlen = gcry_md_get_algo_dlen (tv[tvidx].algo);
assert (expectlen != 0);
assert (expectlen <= sizeof hash);
memset (iov, 0, sizeof iov);
iov[0].data = (void *)tv[tvidx].key;
iov[0].len = tv[tvidx].keylen;
iov[1].data = (void *)tv[tvidx].data;
iov[1].len = tv[tvidx].datalen;
err = gcry_md_hash_buffers (tv[tvidx].algo, GCRY_MD_FLAG_HMAC, hash,
iov, 2);
if (err)
{
fail ("gcry_md_hash_buffers test %d unexpectedly failed\n", tvidx);
continue;
}
ec = gcry_get_fips_service_indicator ();
if (ec == GPG_ERR_INV_OP)
{
/* libgcrypt is old, no support of the FIPS service indicator. */
fail ("gcry_md_hash_buffers test %d unexpectedly failed to check the FIPS service indicator.\n",
tvidx);
continue;
}
if (in_fips_mode && !tv[tvidx].expect_failure && ec)
{
/* Success with the FIPS service indicator == 0 expected, but != 0. */
fail ("gcry_md_hash_buffers test %d unexpectedly set the indicator in FIPS mode.\n",
tvidx);
continue;
}
else if (in_fips_mode && tv[tvidx].expect_failure && !ec)
{
/* Success with the FIPS service indicator != 0 expected, but == 0. */
fail ("gcry_md_hash_buffers test %d unexpectedly cleared the indicator in FIPS mode.\n",
tvidx);
continue;
}
if (memcmp (hash, tv[tvidx].expect, expectlen))
{
int i;
fail ("gcry_md_hash_buffers test %d failed: mismatch\n", tvidx);
fputs ("got:", stderr);
for (i=0; i < expectlen; i++)
fprintf (stderr, " %02x", hash[i]);
putc ('\n', stderr);
}
}
}
int
main (int argc, char **argv)
{
int last_argc = -1;
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc)
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--help"))
{
fputs ("usage: " PGM " [options]\n"
"Options:\n"
" --verbose print timings etc.\n"
" --debug flyswatter\n",
stdout);
exit (0);
}
else if (!strcmp (*argv, "--verbose"))
{
verbose++;
argc--; argv++;
}
else if (!strcmp (*argv, "--debug"))
{
verbose += 2;
debug++;
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
die ("unknown option '%s'", *argv);
}
if (!gcry_check_version (GCRYPT_VERSION))
die ("version mismatch\n");
if (gcry_fips_mode_active ())
in_fips_mode = 1;
if (!in_fips_mode)
xgcry_control ((GCRYCTL_DISABLE_SECMEM, 0));
xgcry_control ((GCRYCTL_INITIALIZATION_FINISHED, 0));
if (debug)
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u , 0));
check_hash_buffer ();
check_hash_buffers ();
check_md_o_w_r_c ();
check_mac_o_w_r_c ();
return !!error_count;
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Fri, Dec 19, 3:49 AM (5 h, 29 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
8c/0a/c78b92dc15ecf4471d4a58d9f2aa
Attached To
rC libgcrypt
Event Timeline
Log In to Comment