File libgcrypt-fips_testsuite.patch of Package libgcrypt.2574

Currently only fips186-dsa and t-ed25519 doesn't work.
The fips186-dsa is expecting old FIPS 186-2, and Ed25519 isn't
support in our fips mode.

Index: libgcrypt-1.6.1/tests/keygen.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/keygen.c	2015-05-27 16:46:54.640042100 +0200
+++ libgcrypt-1.6.1/tests/keygen.c	2015-05-27 16:50:25.931543907 +0200
@@ -329,7 +329,7 @@ check_dsa_keys (void)
       if (rc && !in_fips_mode)
         die ("error generating DSA key: %s\n", gpg_strerror (rc));
       else if (!rc && in_fips_mode)
-        die ("generating 512 bit DSA key must not work!");
+        die ("generating 1024 bit DSA key must not work!");
       if (!i && verbose > 1)
         show_sexp ("1024 bit DSA key:\n", key);
       gcry_sexp_release (key);
@@ -354,6 +354,77 @@ check_dsa_keys (void)
   if (verbose > 1)
     show_sexp ("1536 bit DSA key:\n", key);
   gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating 3072 bit DSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (dsa\n"
+                      "  (nbits 4:3072)\n"
+                      "  (qbits 3:256)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  if (verbose > 1)
+    show_sexp ("3072 bit DSA key:\n", key);
+  gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating 2048/256 bit DSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (dsa\n"
+                      "  (nbits 4:2048)\n"
+                      "  (qbits 3:256)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  if (verbose > 1)
+    show_sexp ("2048 bit DSA key:\n", key);
+  gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating 2048/224 bit DSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (dsa\n"
+                      "  (nbits 4:2048)\n"
+                      "  (qbits 3:224)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  if (verbose > 1)
+    show_sexp ("2048 bit DSA key:\n", key);
+  gcry_sexp_release (key);
+
+  if (verbose)
+    show ("creating 2048/? bit DSA key\n");
+  rc = gcry_sexp_new (&keyparm,
+                      "(genkey\n"
+                      " (dsa\n"
+                      "  (nbits 4:2048)\n"
+                      " ))", 0, 1);
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating DSA key: %s\n", gpg_strerror (rc));
+  if (verbose > 1)
+    show_sexp ("2048 bit DSA key:\n", key);
+  gcry_sexp_release (key);
 }
 
 
@@ -405,10 +476,14 @@ check_ecc_keys (void)
     {
       if (verbose)
         show ("creating ECC key using curve %s\n", curves[testno]);
-      if (!strcmp (curves[testno], "Ed25519"))
+      if (!strcmp (curves[testno], "Ed25519")) {
+        /* Ed25519 isn't allowed in fips mode */
+        if (in_fips_mode)
+          continue;
         rc = gcry_sexp_build (&keyparm, NULL,
                               "(genkey(ecc(curve %s)(flags param eddsa)))",
                               curves[testno]);
+      }
       else
         rc = gcry_sexp_build (&keyparm, NULL,
                               "(genkey(ecc(curve %s)(flags param)))",
@@ -429,15 +504,21 @@ check_ecc_keys (void)
       gcry_sexp_release (key);
     }
 
+
   if (verbose)
-    show ("creating ECC key using curve Ed25519 for ECDSA\n");
-  rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve Ed25519)))");
+    show ("creating ECC key using curve NIST P-384 for ECDSA\n");
+  /* must be specified as nistp384 (one word),
+     because ecc_generate uses _gcry_sexp_nth_string which takes
+     the first word of the name and thus libgcrypt can't find it
+     later in its curves table
+   */
+  rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve nistp384)))");
   if (rc)
     die ("error creating S-expression: %s\n", gpg_strerror (rc));
   rc = gcry_pk_genkey (&key, keyparm);
   gcry_sexp_release (keyparm);
   if (rc)
-    die ("error generating ECC key using curve Ed25519 for ECDSA: %s\n",
+    die ("error generating ECC key using curve NIST P-384 for ECDSA: %s\n",
          gpg_strerror (rc));
 
   if (verbose > 1)
@@ -447,15 +528,15 @@ check_ecc_keys (void)
   gcry_sexp_release (key);
 
   if (verbose)
-    show ("creating ECC key using curve Ed25519 for ECDSA (nocomp)\n");
+    show ("creating ECC key using curve NIST P-384 for ECDSA (nocomp)\n");
   rc = gcry_sexp_build (&keyparm, NULL,
-                        "(genkey(ecc(curve Ed25519)(flags nocomp)))");
+                        "(genkey(ecc(curve nistp384)(flags nocomp)))");
   if (rc)
     die ("error creating S-expression: %s\n", gpg_strerror (rc));
   rc = gcry_pk_genkey (&key, keyparm);
   gcry_sexp_release (keyparm);
   if (rc)
-    die ("error generating ECC key using curve Ed25519 for ECDSA"
+    die ("error generating ECC key using curve NIST P-384 for ECDSA"
          " (nocomp): %s\n",
          gpg_strerror (rc));
 
Index: libgcrypt-1.6.1/tests/pubkey.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/pubkey.c	2015-05-27 16:46:54.640042100 +0200
+++ libgcrypt-1.6.1/tests/pubkey.c	2015-05-28 13:49:46.497537668 +0200
@@ -483,8 +483,8 @@ get_dsa_key_new (gcry_sexp_t *pkey, gcry
 
   rc = gcry_sexp_new (&key_spec,
                       transient_key
-                      ? "(genkey (dsa (nbits 4:1024)(transient-key)))"
-                      : "(genkey (dsa (nbits 4:1024)))",
+                      ? "(genkey (dsa (nbits 4:2048)(transient-key)))"
+                      : "(genkey (dsa (nbits 4:2048)))",
                       0, 1);
   if (rc)
     die ("error creating S-expression: %s\n", gcry_strerror (rc));
@@ -517,7 +517,7 @@ get_dsa_key_fips186_new (gcry_sexp_t *pk
   int rc;
 
   rc = gcry_sexp_new
-    (&key_spec, "(genkey (dsa (nbits 4:1024)(use-fips186)))",  0, 1);
+    (&key_spec, "(genkey (dsa (nbits 4:2048)(use-fips186)))",  0, 1);
   if (rc)
     die ("error creating S-expression: %s\n", gcry_strerror (rc));
   rc = gcry_pk_genkey (&key, key_spec);
@@ -637,7 +637,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
     (&key_spec,
      "(genkey"
      "  (dsa"
-     "    (nbits 4:1024)"
+     "    (nbits 4:3072)"
      "    (use-fips186)"
      "    (transient-key)"
      "    (derive-parms"
@@ -742,19 +742,26 @@ check_run (void)
   gcry_sexp_release (pkey);
   gcry_sexp_release (skey);
 
-  if (verbose)
-    fprintf (stderr, "Generating DSA key with given domain.\n");
-  get_dsa_key_with_domain_new (&pkey, &skey);
-  /* Fixme:  Add a check function for DSA keys.  */
-  gcry_sexp_release (pkey);
-  gcry_sexp_release (skey);
+  /* The given domain contains too short q for generate_fips186 */
+  if (!gcry_fips_mode_active())
+    {
+      if (verbose)
+        fprintf (stderr, "Generating DSA key with given domain.\n");
+      get_dsa_key_with_domain_new (&pkey, &skey);
+      /* Fixme:  Add a check function for DSA keys.  */
+      gcry_sexp_release (pkey);
+      gcry_sexp_release (skey);
+    }
 
+/* FIXME*/
+/* The given domain contains too short q for generate_fips186 */
+/*
   if (verbose)
     fprintf (stderr, "Generating DSA key with given domain (FIPS 186).\n");
   get_dsa_key_fips186_with_domain_new (&pkey, &skey);
-  /* Fixme:  Add a check function for DSA keys.  */
   gcry_sexp_release (pkey);
   gcry_sexp_release (skey);
+*/
 
   if (verbose)
     fprintf (stderr, "Generating DSA key with given seed (FIPS 186).\n");
@@ -1240,7 +1247,8 @@ main (int argc, char **argv)
     check_x931_derived_key (i);
 
   check_ecc_sample_key ();
-  check_ed25519ecdsa_sample_key ();
+  if (!gcry_fips_mode_active ())
+    check_ed25519ecdsa_sample_key ();
 
   return !!error_count;
 }
Index: libgcrypt-1.6.1/tests/random.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/random.c	2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/random.c	2015-05-27 16:46:54.674042503 +0200
@@ -559,8 +559,10 @@ main (int argc, char **argv)
   signal (SIGPIPE, SIG_IGN);
 #endif
 
+  /* don't switch rng in fips mode */
   if (early_rng)
-    check_early_rng_type_switching ();
+    if (!gcry_fips_mode_active())
+      check_early_rng_type_switching ();
 
   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
   if (!gcry_check_version (GCRYPT_VERSION))
@@ -579,7 +581,9 @@ main (int argc, char **argv)
       check_nonce_forking ();
       check_close_random_device ();
     }
-  check_rng_type_switching ();
+  /* don't switch rng in fips mode */
+  if (!gcry_fips_mode_active())
+    check_rng_type_switching ();
 
   if (!in_recursion)
     run_all_rng_tests (program);
Index: libgcrypt-1.6.1/tests/t-mpi-point.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/t-mpi-point.c	2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/tests/t-mpi-point.c	2015-05-28 13:55:03.836130203 +0200
@@ -543,6 +543,17 @@ context_param (void)
   show ("checking standard curves\n");
   for (idx=0; test_curve[idx].desc; idx++)
     {
+      /* P-192 and Ed25519 are not supported in fips mode */
+      if (!strcmp(test_curve[idx].desc, "NIST P-192") ||
+          !strcmp(test_curve[idx].desc, "Ed25519"))
+        {
+	  show("skipping %s\n", test_curve[idx].desc );
+          continue;
+        }
+else {
+	  show("testing %s\n", test_curve[idx].desc );
+
+}
       gcry_ctx_release (ctx);
       err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc);
       if (err)
@@ -656,8 +667,15 @@ context_param (void)
   gcry_ctx_release (ctx);
   err = gcry_mpi_ec_new (&ctx, keyparam, NULL);
   if (err)
-    fail ("gcry_mpi_ec_new failed for sample public key: %s\n",
-          gpg_strerror (err));
+    {
+      if (!gcry_fips_mode_active())
+      fail ("gcry_mpi_ec_new failed for sample public key: %s\n",
+            gpg_strerror (err));
+      else
+        {
+          show ("Skipping ed25519 in fips mode.\n");
+        }
+    }
   else
     {
       gcry_sexp_t sexp;
@@ -1102,8 +1120,12 @@ main (int argc, char **argv)
   context_alloc ();
   context_param ();
   basic_ec_math ();
-  basic_ec_math_simplified ();
-  twistededwards_math ();
+
+  /* the tests are for P-192 and ed25519 which are not supported in FIPS mode */
+  if (!gcry_fips_mode_active()) {
+    basic_ec_math_simplified ();
+    twistededwards_math ();
+  }
 
   show ("All tests completed. Errors: %d\n", error_count);
   return error_count ? 1 : 0;
Index: libgcrypt-1.6.1/tests/t-kdf.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/t-kdf.c	2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/t-kdf.c	2015-05-27 16:46:54.675042515 +0200
@@ -834,6 +834,10 @@ check_openpgp (void)
     {
       if (tv[tvidx].disabled)
         continue;
+      /* MD5 and SHA1 not supported in fips mode */
+      if (gcry_fips_mode_active() &&
+          tv[tvidx].hashalgo == GCRY_MD_MD5)
+        continue;
       if (verbose)
         fprintf (stderr, "checking S2K test vector %d\n", tvidx);
       assert (tv[tvidx].dklen <= sizeof outbuf);
Index: libgcrypt-1.6.1/tests/dsa-rfc6979.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/dsa-rfc6979.c	2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/dsa-rfc6979.c	2015-05-27 16:46:54.675042515 +0200
@@ -210,16 +210,6 @@ check_dsa_rfc6979 (void)
       " ))"
     },
     {
-      "ECDSA, 192 bits (prime field)",
-      "(private-key"
-      " (ecdsa"
-      " (curve \"NIST P-192\")"
-      " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
-      "       3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
-      " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
-      " ))"
-    },
-    {
       "ECDSA, 224 bits (prime field)",
       "(private-key"
       " (ecdsa"
@@ -442,86 +432,6 @@ check_dsa_rfc6979 (void)
       "89EC4BB1400ECCFF8E7D9AA515CD1DE7803F2DAFF09693EE7FD1353E90A68307",
       "C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
     },
-    {
-      "ECDSA, 192 bits (prime field)",
-      "With SHA-1, message = \"sample\"",
-      "sha1", "sample",
-      "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
-      "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
-      "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
-    },
-    {
-      "ECDSA, 192 bits (prime field)",
-      "With SHA-224, message = \"sample\"",
-      "sha224", "sample",
-      "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
-      "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
-      "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
-    },
-    {
-      "ECDSA, 192 bits (prime field)",
-      "With SHA-256, message = \"sample\"",
-      "sha256", "sample",
-      "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
-      "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
-      "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
-    },
-    {
-      "ECDSA, 192 bits (prime field)",
-      "With SHA-384, message = \"sample\"",
-      "sha384", "sample",
-      "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
-      "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
-      "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
-    },
-    {
-      "ECDSA, 192 bits (prime field)",
-      "With SHA-512, message = \"sample\"",
-      "sha512", "sample",
-      "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
-      "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
-      "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
-    },
-    {
-      "ECDSA, 192 bits (prime field)",
-      "With SHA-1, message = \"test\"",
-      "sha1", "test",
-      "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
-      "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
-      "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
-    },
-    {
-      "ECDSA, 192 bits (prime field)",
-      "With SHA-224, message = \"test\"",
-      "sha224", "test",
-      "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
-      "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
-      "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
-    },
-    {
-      "ECDSA, 192 bits (prime field)",
-      "With SHA-256, message = \"test\"",
-      "sha256", "test",
-      "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
-      "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
-      "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
-    },
-    {
-      "ECDSA, 192 bits (prime field)",
-      "With SHA-384, message = \"test\"",
-      "sha384", "test",
-      "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
-      "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
-      "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
-    },
-    {
-      "ECDSA, 192 bits (prime field)",
-      "With SHA-512, message = \"test\"",
-      "sha512", "test",
-      "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
-      "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
-      "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
-    },
 
 
 
Index: libgcrypt-1.6.1/tests/benchmark.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/benchmark.c	2015-05-27 16:46:54.640042100 +0200
+++ libgcrypt-1.6.1/tests/benchmark.c	2015-05-27 16:46:54.675042515 +0200
@@ -1120,6 +1120,11 @@ ecc_bench (int iterations, int print_hea
 
       is_ed25519 = !strcmp (p_sizes[testno], "Ed25519");
       is_gost = !strncmp (p_sizes[testno], "gost", 4);
+
+      /* Only P-{224,256,384,521} allowed in fips mode */
+      if (gcry_fips_mode_active() && (is_ed25519 || is_gost || !strcmp (p_sizes[testno], "192")))
+         continue;
+
       if (is_ed25519)
         {
           p_size = 256;
Index: libgcrypt-1.6.1/tests/curves.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/curves.c	2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/tests/curves.c	2015-05-27 16:46:54.675042515 +0200
@@ -169,6 +169,9 @@ check_get_params (void)
 
   gcry_sexp_release (param);
 
+  /* Brainpool curves not supported in fips mode */
+  if (gcry_fips_mode_active())
+    return;
 
   param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve);
   if (!param)
Index: libgcrypt-1.6.1/tests/fips186-dsa.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/fips186-dsa.c	2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/fips186-dsa.c	2015-05-27 16:46:54.675042515 +0200
@@ -458,7 +458,9 @@ main (int argc, char **argv)
   gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
 
 
-  check_dsa_gen_186_2 ();
+  /* This test has too short key length for FIPS 186-4 */
+  if (!gcry_fips_mode_active())
+    check_dsa_gen_186_2 ();
 
 
   return error_count ? 1 : 0;
Index: libgcrypt-1.6.1/tests/t-ed25519.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/t-ed25519.c	2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/t-ed25519.c	2015-05-27 16:46:54.675042515 +0200
@@ -548,6 +548,10 @@ main (int argc, char **argv)
   gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
 
+  /* Ed25519 isn't supported in fips mode */
+  if (gcry_fips_mode_active())
+    return 0;
+
   start_timer ();
   check_ed25519 (fname);
   stop_timer ();