File libgcrypt-fips_testsuite.patch of Package libgcrypt
Currently only fips186-dsa and t-ed25519 doesn't work.
The fips186-dsa is expecting old FIPS 186-2, and Ed25519 isn't
support in our fips mode.
Index: libgcrypt-1.6.1/tests/keygen.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/keygen.c 2015-05-27 16:46:54.640042100 +0200
+++ libgcrypt-1.6.1/tests/keygen.c 2015-05-27 16:50:25.931543907 +0200
@@ -329,7 +329,7 @@ check_dsa_keys (void)
if (rc && !in_fips_mode)
die ("error generating DSA key: %s\n", gpg_strerror (rc));
else if (!rc && in_fips_mode)
- die ("generating 512 bit DSA key must not work!");
+ die ("generating 1024 bit DSA key must not work!");
if (!i && verbose > 1)
show_sexp ("1024 bit DSA key:\n", key);
gcry_sexp_release (key);
@@ -354,6 +354,77 @@ check_dsa_keys (void)
if (verbose > 1)
show_sexp ("1536 bit DSA key:\n", key);
gcry_sexp_release (key);
+
+ if (verbose)
+ show ("creating 3072 bit DSA key\n");
+ rc = gcry_sexp_new (&keyparm,
+ "(genkey\n"
+ " (dsa\n"
+ " (nbits 4:3072)\n"
+ " (qbits 3:256)\n"
+ " ))", 0, 1);
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating DSA key: %s\n", gpg_strerror (rc));
+ if (verbose > 1)
+ show_sexp ("3072 bit DSA key:\n", key);
+ gcry_sexp_release (key);
+
+ if (verbose)
+ show ("creating 2048/256 bit DSA key\n");
+ rc = gcry_sexp_new (&keyparm,
+ "(genkey\n"
+ " (dsa\n"
+ " (nbits 4:2048)\n"
+ " (qbits 3:256)\n"
+ " ))", 0, 1);
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating DSA key: %s\n", gpg_strerror (rc));
+ if (verbose > 1)
+ show_sexp ("2048 bit DSA key:\n", key);
+ gcry_sexp_release (key);
+
+ if (verbose)
+ show ("creating 2048/224 bit DSA key\n");
+ rc = gcry_sexp_new (&keyparm,
+ "(genkey\n"
+ " (dsa\n"
+ " (nbits 4:2048)\n"
+ " (qbits 3:224)\n"
+ " ))", 0, 1);
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating DSA key: %s\n", gpg_strerror (rc));
+ if (verbose > 1)
+ show_sexp ("2048 bit DSA key:\n", key);
+ gcry_sexp_release (key);
+
+ if (verbose)
+ show ("creating 2048/? bit DSA key\n");
+ rc = gcry_sexp_new (&keyparm,
+ "(genkey\n"
+ " (dsa\n"
+ " (nbits 4:2048)\n"
+ " ))", 0, 1);
+ if (rc)
+ die ("error creating S-expression: %s\n", gpg_strerror (rc));
+ rc = gcry_pk_genkey (&key, keyparm);
+ gcry_sexp_release (keyparm);
+ if (rc)
+ die ("error generating DSA key: %s\n", gpg_strerror (rc));
+ if (verbose > 1)
+ show_sexp ("2048 bit DSA key:\n", key);
+ gcry_sexp_release (key);
}
@@ -405,10 +476,14 @@ check_ecc_keys (void)
{
if (verbose)
show ("creating ECC key using curve %s\n", curves[testno]);
- if (!strcmp (curves[testno], "Ed25519"))
+ if (!strcmp (curves[testno], "Ed25519")) {
+ /* Ed25519 isn't allowed in fips mode */
+ if (in_fips_mode)
+ continue;
rc = gcry_sexp_build (&keyparm, NULL,
"(genkey(ecc(curve %s)(flags param eddsa)))",
curves[testno]);
+ }
else
rc = gcry_sexp_build (&keyparm, NULL,
"(genkey(ecc(curve %s)(flags param)))",
@@ -429,15 +504,21 @@ check_ecc_keys (void)
gcry_sexp_release (key);
}
+
if (verbose)
- show ("creating ECC key using curve Ed25519 for ECDSA\n");
- rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve Ed25519)))");
+ show ("creating ECC key using curve NIST P-384 for ECDSA\n");
+ /* must be specified as nistp384 (one word),
+ because ecc_generate uses _gcry_sexp_nth_string which takes
+ the first word of the name and thus libgcrypt can't find it
+ later in its curves table
+ */
+ rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve nistp384)))");
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
- die ("error generating ECC key using curve Ed25519 for ECDSA: %s\n",
+ die ("error generating ECC key using curve NIST P-384 for ECDSA: %s\n",
gpg_strerror (rc));
if (verbose > 1)
@@ -447,15 +528,15 @@ check_ecc_keys (void)
gcry_sexp_release (key);
if (verbose)
- show ("creating ECC key using curve Ed25519 for ECDSA (nocomp)\n");
+ show ("creating ECC key using curve NIST P-384 for ECDSA (nocomp)\n");
rc = gcry_sexp_build (&keyparm, NULL,
- "(genkey(ecc(curve Ed25519)(flags nocomp)))");
+ "(genkey(ecc(curve nistp384)(flags nocomp)))");
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
- die ("error generating ECC key using curve Ed25519 for ECDSA"
+ die ("error generating ECC key using curve NIST P-384 for ECDSA"
" (nocomp): %s\n",
gpg_strerror (rc));
Index: libgcrypt-1.6.1/tests/pubkey.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/pubkey.c 2015-05-27 16:46:54.640042100 +0200
+++ libgcrypt-1.6.1/tests/pubkey.c 2015-05-28 13:49:46.497537668 +0200
@@ -483,8 +483,8 @@ get_dsa_key_new (gcry_sexp_t *pkey, gcry
rc = gcry_sexp_new (&key_spec,
transient_key
- ? "(genkey (dsa (nbits 4:1024)(transient-key)))"
- : "(genkey (dsa (nbits 4:1024)))",
+ ? "(genkey (dsa (nbits 4:2048)(transient-key)))"
+ : "(genkey (dsa (nbits 4:2048)))",
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
@@ -517,7 +517,7 @@ get_dsa_key_fips186_new (gcry_sexp_t *pk
int rc;
rc = gcry_sexp_new
- (&key_spec, "(genkey (dsa (nbits 4:1024)(use-fips186)))", 0, 1);
+ (&key_spec, "(genkey (dsa (nbits 4:2048)(use-fips186)))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
rc = gcry_pk_genkey (&key, key_spec);
@@ -637,7 +637,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
(&key_spec,
"(genkey"
" (dsa"
- " (nbits 4:1024)"
+ " (nbits 4:3072)"
" (use-fips186)"
" (transient-key)"
" (derive-parms"
@@ -742,19 +742,26 @@ check_run (void)
gcry_sexp_release (pkey);
gcry_sexp_release (skey);
- if (verbose)
- fprintf (stderr, "Generating DSA key with given domain.\n");
- get_dsa_key_with_domain_new (&pkey, &skey);
- /* Fixme: Add a check function for DSA keys. */
- gcry_sexp_release (pkey);
- gcry_sexp_release (skey);
+ /* The given domain contains too short q for generate_fips186 */
+ if (!gcry_fips_mode_active())
+ {
+ if (verbose)
+ fprintf (stderr, "Generating DSA key with given domain.\n");
+ get_dsa_key_with_domain_new (&pkey, &skey);
+ /* Fixme: Add a check function for DSA keys. */
+ gcry_sexp_release (pkey);
+ gcry_sexp_release (skey);
+ }
+/* FIXME*/
+/* The given domain contains too short q for generate_fips186 */
+/*
if (verbose)
fprintf (stderr, "Generating DSA key with given domain (FIPS 186).\n");
get_dsa_key_fips186_with_domain_new (&pkey, &skey);
- /* Fixme: Add a check function for DSA keys. */
gcry_sexp_release (pkey);
gcry_sexp_release (skey);
+*/
if (verbose)
fprintf (stderr, "Generating DSA key with given seed (FIPS 186).\n");
@@ -1240,7 +1247,8 @@ main (int argc, char **argv)
check_x931_derived_key (i);
check_ecc_sample_key ();
- check_ed25519ecdsa_sample_key ();
+ if (!gcry_fips_mode_active ())
+ check_ed25519ecdsa_sample_key ();
return !!error_count;
}
Index: libgcrypt-1.6.1/tests/random.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/random.c 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/random.c 2015-05-27 16:46:54.674042503 +0200
@@ -559,8 +559,10 @@ main (int argc, char **argv)
signal (SIGPIPE, SIG_IGN);
#endif
+ /* don't switch rng in fips mode */
if (early_rng)
- check_early_rng_type_switching ();
+ if (!gcry_fips_mode_active())
+ check_early_rng_type_switching ();
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
if (!gcry_check_version (GCRYPT_VERSION))
@@ -579,7 +581,9 @@ main (int argc, char **argv)
check_nonce_forking ();
check_close_random_device ();
}
- check_rng_type_switching ();
+ /* don't switch rng in fips mode */
+ if (!gcry_fips_mode_active())
+ check_rng_type_switching ();
if (!in_recursion)
run_all_rng_tests (program);
Index: libgcrypt-1.6.1/tests/t-mpi-point.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/t-mpi-point.c 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/tests/t-mpi-point.c 2015-05-28 13:55:03.836130203 +0200
@@ -543,6 +543,17 @@ context_param (void)
show ("checking standard curves\n");
for (idx=0; test_curve[idx].desc; idx++)
{
+ /* P-192 and Ed25519 are not supported in fips mode */
+ if (!strcmp(test_curve[idx].desc, "NIST P-192") ||
+ !strcmp(test_curve[idx].desc, "Ed25519"))
+ {
+ show("skipping %s\n", test_curve[idx].desc );
+ continue;
+ }
+else {
+ show("testing %s\n", test_curve[idx].desc );
+
+}
gcry_ctx_release (ctx);
err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc);
if (err)
@@ -656,8 +667,15 @@ context_param (void)
gcry_ctx_release (ctx);
err = gcry_mpi_ec_new (&ctx, keyparam, NULL);
if (err)
- fail ("gcry_mpi_ec_new failed for sample public key: %s\n",
- gpg_strerror (err));
+ {
+ if (!gcry_fips_mode_active())
+ fail ("gcry_mpi_ec_new failed for sample public key: %s\n",
+ gpg_strerror (err));
+ else
+ {
+ show ("Skipping ed25519 in fips mode.\n");
+ }
+ }
else
{
gcry_sexp_t sexp;
@@ -1102,8 +1120,12 @@ main (int argc, char **argv)
context_alloc ();
context_param ();
basic_ec_math ();
- basic_ec_math_simplified ();
- twistededwards_math ();
+
+ /* the tests are for P-192 and ed25519 which are not supported in FIPS mode */
+ if (!gcry_fips_mode_active()) {
+ basic_ec_math_simplified ();
+ twistededwards_math ();
+ }
show ("All tests completed. Errors: %d\n", error_count);
return error_count ? 1 : 0;
Index: libgcrypt-1.6.1/tests/t-kdf.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/t-kdf.c 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/t-kdf.c 2015-05-27 16:46:54.675042515 +0200
@@ -834,6 +834,10 @@ check_openpgp (void)
{
if (tv[tvidx].disabled)
continue;
+ /* MD5 and SHA1 not supported in fips mode */
+ if (gcry_fips_mode_active() &&
+ tv[tvidx].hashalgo == GCRY_MD_MD5)
+ continue;
if (verbose)
fprintf (stderr, "checking S2K test vector %d\n", tvidx);
assert (tv[tvidx].dklen <= sizeof outbuf);
Index: libgcrypt-1.6.1/tests/dsa-rfc6979.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/dsa-rfc6979.c 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/dsa-rfc6979.c 2015-05-27 16:46:54.675042515 +0200
@@ -210,16 +210,6 @@ check_dsa_rfc6979 (void)
" ))"
},
{
- "ECDSA, 192 bits (prime field)",
- "(private-key"
- " (ecdsa"
- " (curve \"NIST P-192\")"
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
- " ))"
- },
- {
"ECDSA, 224 bits (prime field)",
"(private-key"
" (ecdsa"
@@ -442,86 +432,6 @@ check_dsa_rfc6979 (void)
"89EC4BB1400ECCFF8E7D9AA515CD1DE7803F2DAFF09693EE7FD1353E90A68307",
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
},
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"sample\"",
- "sha1", "sample",
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"sample\"",
- "sha224", "sample",
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"sample\"",
- "sha256", "sample",
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"sample\"",
- "sha384", "sample",
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"sample\"",
- "sha512", "sample",
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-1, message = \"test\"",
- "sha1", "test",
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-224, message = \"test\"",
- "sha224", "test",
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-256, message = \"test\"",
- "sha256", "test",
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-384, message = \"test\"",
- "sha384", "test",
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
- },
- {
- "ECDSA, 192 bits (prime field)",
- "With SHA-512, message = \"test\"",
- "sha512", "test",
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
- },
Index: libgcrypt-1.6.1/tests/benchmark.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/benchmark.c 2015-05-27 16:46:54.640042100 +0200
+++ libgcrypt-1.6.1/tests/benchmark.c 2015-05-27 16:46:54.675042515 +0200
@@ -1120,6 +1120,11 @@ ecc_bench (int iterations, int print_hea
is_ed25519 = !strcmp (p_sizes[testno], "Ed25519");
is_gost = !strncmp (p_sizes[testno], "gost", 4);
+
+ /* Only P-{224,256,384,521} allowed in fips mode */
+ if (gcry_fips_mode_active() && (is_ed25519 || is_gost || !strcmp (p_sizes[testno], "192")))
+ continue;
+
if (is_ed25519)
{
p_size = 256;
Index: libgcrypt-1.6.1/tests/curves.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/curves.c 2014-01-29 10:48:38.000000000 +0100
+++ libgcrypt-1.6.1/tests/curves.c 2015-05-27 16:46:54.675042515 +0200
@@ -169,6 +169,9 @@ check_get_params (void)
gcry_sexp_release (param);
+ /* Brainpool curves not supported in fips mode */
+ if (gcry_fips_mode_active())
+ return;
param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve);
if (!param)
Index: libgcrypt-1.6.1/tests/fips186-dsa.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/fips186-dsa.c 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/fips186-dsa.c 2015-05-27 16:46:54.675042515 +0200
@@ -458,7 +458,9 @@ main (int argc, char **argv)
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
- check_dsa_gen_186_2 ();
+ /* This test has too short key length for FIPS 186-4 */
+ if (!gcry_fips_mode_active())
+ check_dsa_gen_186_2 ();
return error_count ? 1 : 0;
Index: libgcrypt-1.6.1/tests/t-ed25519.c
===================================================================
--- libgcrypt-1.6.1.orig/tests/t-ed25519.c 2013-12-16 18:44:32.000000000 +0100
+++ libgcrypt-1.6.1/tests/t-ed25519.c 2015-05-27 16:46:54.675042515 +0200
@@ -548,6 +548,10 @@ main (int argc, char **argv)
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ /* Ed25519 isn't supported in fips mode */
+ if (gcry_fips_mode_active())
+ return 0;
+
start_timer ();
check_ed25519 (fname);
stop_timer ();