File libgcrypt-FIPS-SLI-Extend-tests-t-digest-to-test-hmac-too.patch of Package libgcrypt.38414
From 41cbcc0f0e786364972a4df213eff1b0ae362a40 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 10 Dec 2024 15:58:50 +0900
Subject: [PATCH 07/24] tests: Extend tests/t-digest to test hmac too.
* tests/t-digest.c (check_hash_buffer): Rename.
(check_hash_buffers): New.
(main): Call check_hash_buffer and check_hash_buffers.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
---
tests/t-digest.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 131 insertions(+), 2 deletions(-)
diff --git a/tests/t-digest.c b/tests/t-digest.c
index e9fd9c2d..a6179f57 100644
--- a/tests/t-digest.c
+++ b/tests/t-digest.c
@@ -39,7 +39,7 @@ static int in_fips_mode;
#endif
static void
-check_digests (void)
+check_hash_buffer (void)
{
static struct {
int algo;
@@ -144,6 +144,134 @@ check_digests (void)
}
}
+static void
+check_hash_buffers (void)
+{
+ static struct {
+ int algo;
+ const char *data;
+ int datalen;
+ const char *key;
+ int keylen;
+ const char *expect;
+ int expect_failure;
+ } tv[] = {
+#undef ENABLE_THIS_AFTER_T6376_CHANGE_REVISED
+#if USE_MD5 && defined(ENABLE_THIS_AFTER_T6376_CHANGE_REVISED)
+ { GCRY_MD_MD5, "abc", 3,
+ "key", 3,
+ "\xd2\xfe\x98\x06\x3f\x87\x6b\x03\x19\x3a\xfb\x49\xb4\x97\x95\x91", 1 },
+#endif
+#if USE_SHA1
+ { GCRY_MD_SHA1, "abc", 3,
+ "key", 3,
+ "\x4f\xd0\xb2\x15\x27\x6e\xf1\x2f\x2b\x3e"
+ "\x4c\x8e\xca\xc2\x81\x14\x98\xb6\x56\xfc" },
+#endif
+ { GCRY_MD_SHA256, "abc", 3,
+ "key", 3,
+ "\x9c\x19\x6e\x32\xdc\x01\x75\xf8\x6f\x4b\x1c\xb8\x92\x89\xd6\x61"
+ "\x9d\xe6\xbe\xe6\x99\xe4\xc3\x78\xe6\x83\x09\xed\x97\xa1\xa6\xab" },
+ { GCRY_MD_SHA384, "abc", 3,
+ "key", 3,
+ "\x30\xdd\xb9\xc8\xf3\x47\xcf\xfb\xfb\x44\xe5\x19\xd8\x14\xf0\x74"
+ "\xcf\x40\x47\xa5\x5d\x6f\x56\x33\x24\xf1\xc6\xa3\x39\x20\xe5\xed"
+ "\xfb\x2a\x34\xba\xc6\x0b\xdc\x96\xcd\x33\xa9\x56\x23\xd7\xd6\x38" },
+ { GCRY_MD_SHA512, "abc", 3,
+ "key", 3,
+ "\x39\x26\xa2\x07\xc8\xc4\x2b\x0c\x41\x79\x2c\xbd\x3e\x1a\x1a\xaa"
+ "\xf5\xf7\xa2\x57\x04\xf6\x2d\xfc\x93\x9c\x49\x87\xdd\x7c\xe0\x60"
+ "\x00\x9c\x5b\xb1\xc2\x44\x73\x55\xb3\x21\x6f\x10\xb5\x37\xe9\xaf"
+ "\xa7\xb6\x4a\x4e\x53\x91\xb0\xd6\x31\x17\x2d\x07\x93\x9e\x08\x7a" },
+ { GCRY_MD_SHA3_256, "abc", 3,
+ "key", 3,
+ "\x09\xb6\xdb\xab\x8d\x11\x79\x5c\xa7\xc8\xd8\x2f\x1c\xf9\x16\x82"
+ "\x01\x3c\x7c\xb9\x80\xab\xbb\x25\x47\x3b\xe4\xae\x7f\x7b\x56\x83" },
+ { GCRY_MD_SHA3_384, "abc", 3,
+ "key", 3,
+ "\x94\xf2\xaa\x7a\xe7\xc4\xb7\xb8\xfa\x4c\x61\x2f\xdb\x42\x2b\x33"
+ "\x43\x81\x1b\x13\xc8\x88\x82\x57\x90\x4f\x54\x39\x95\xcd\xbc\xba"
+ "\x5e\x49\xf1\x0f\x8e\xd6\xf7\xb9\xdd\xc1\xb3\x0b\x38\x28\x81\x5c" },
+ { GCRY_MD_SHA3_512, "abc", 3,
+ "key", 3,
+ "\x08\x5e\x4e\x83\x50\x3f\x40\xb8\x2f\xef\x38\x43\x8b\xc4\x90\x5a"
+ "\x55\xdb\xaa\x8c\x88\x78\x09\x7a\x89\x9d\xb0\xb5\x7c\xe7\xda\x57"
+ "\xa3\x68\x25\x1c\x34\x47\x4f\x60\xb3\xeb\xac\xb3\x9b\x2e\xda\xca"
+ "\x4b\x29\x04\x56\x41\x1c\x76\xec\x7a\xb6\x19\x44\xcf\xe2\x28\x8e" }
+#if USE_RMD160
+ ,
+ { GCRY_MD_RMD160, "abc", 3,
+ "key", 3,
+ "\x67\xfd\xce\x73\x8e\xbf\xc7\x37\x2b\xcd"
+ "\x38\xf0\x3c\x02\x3b\x57\x46\x72\x4d\x18", 1 }
+#endif
+ };
+ int tvidx;
+ unsigned char hash[64];
+ int expectlen;
+ gcry_buffer_t iov[2];
+ gpg_error_t err;
+
+ for (tvidx=0; tvidx < DIM(tv); tvidx++)
+ {
+ gpg_err_code_t ec;
+
+ if (verbose)
+ fprintf (stderr, "checking gcry_md_hash_buffers test %d\n",
+ tvidx);
+
+ expectlen = gcry_md_get_algo_dlen (tv[tvidx].algo);
+ assert (expectlen != 0);
+ assert (expectlen <= sizeof hash);
+ memset (iov, 0, sizeof iov);
+ iov[0].data = (void *)tv[tvidx].key;
+ iov[0].len = tv[tvidx].keylen;
+ iov[1].data = (void *)tv[tvidx].data;
+ iov[1].len = tv[tvidx].datalen;
+ err = gcry_md_hash_buffers (tv[tvidx].algo, GCRY_MD_FLAG_HMAC, hash,
+ iov, 2);
+ if (err)
+ {
+ fail ("gcry_md_hash_buffers test %d unexpectedly failed\n", tvidx);
+ continue;
+ }
+
+ ec = gcry_get_fips_service_indicator ();
+ if (ec == GPG_ERR_INV_OP)
+ {
+ /* libgcrypt is old, no support of the FIPS service indicator. */
+ fail ("gcry_md_hash_buffers test %d unexpectedly failed to check the FIPS service indicator.\n",
+ tvidx);
+ continue;
+ }
+
+ if (in_fips_mode && !tv[tvidx].expect_failure && ec)
+ {
+ /* Success with the FIPS service indicator == 0 expected, but != 0. */
+ fail ("gcry_md_hash_buffers test %d unexpectedly set the indicator in FIPS mode.\n",
+ tvidx);
+ continue;
+ }
+ else if (in_fips_mode && tv[tvidx].expect_failure && !ec)
+ {
+ /* Success with the FIPS service indicator != 0 expected, but == 0. */
+ fail ("gcry_md_hash_buffers test %d unexpectedly cleared the indicator in FIPS mode.\n",
+ tvidx);
+ continue;
+ }
+
+ if (memcmp (hash, tv[tvidx].expect, expectlen))
+ {
+ int i;
+
+ fail ("gcry_md_hash_buffers test %d failed: mismatch\n", tvidx);
+ fputs ("got:", stderr);
+ for (i=0; i < expectlen; i++)
+ fprintf (stderr, " %02x", hash[i]);
+ putc ('\n', stderr);
+ }
+ }
+}
int
main (int argc, char **argv)
@@ -198,7 +326,8 @@ main (int argc, char **argv)
if (debug)
xgcry_control ((GCRYCTL_SET_DEBUG_FLAGS, 1u , 0));
- check_digests ();
+ check_hash_buffer ();
+ check_hash_buffers ();
return !!error_count;
}
